Halo sobat isiotak, sudah lama saya bersemadi di Pulau Little Saint James. Kali ini saya akan membagikan cara mudah setup Softether VPN dengan Docker dan akan diintegrasikan dengan Traefik.
Saya sarankan, jika sobat isiotak di sini belum tahu apa itu Traefik? Bagaimana cara setup-nya? dan ingin tahu fungsinya? Bisa lihat blog-nya Bli Bagus terlebih dahulu.
https://www.isiotak.com/archives/migrasi-dari-nginx-proxy-manager-ke-traefik
Oke, lanjut ke proses setup-nya...
Docker Compose Softether
Hal pertama yang saya lakukan adalah membuat custom file Docker compose Softether. Berikut ini tampilannya
cat << EOF > softether-compose.yaml
services:
softether:
image: softethervpn/vpnserver:latest
container_name: "softether"
cap_add:
- NET_ADMIN
restart: unless-stopped
volumes:
- "/etc/localtime:/etc/localtime:ro"
- "/etc/timezone:/etc/timezone:ro"
- "./data:/mnt"
- "/var/log/softether/server_log:/var/log/softether/server_log"
- "/var/log/softether/packet_log:/var/log/softether/packet_log"
- "/var/log/softether/security_log:/var/log/softether/security_log"
networks:
- proxy
labels:
- "traefik.enable=true"
- "traefik.tcp.routers.softether.entrypoints=vpn"
- "traefik.tcp.routers.softether.rule=HostSNI(`softether.local.domain.tld`)"
- "traefik.tcp.routers.softether.tls=true"
- "traefik.tcp.routers.softether.tls.passthrough=true"
- "traefik.tcp.routers.softether.service=softether"
- "traefik.tcp.services.softether.loadbalancer.server.port=5443"
networks:
proxy:
external: true
EOFFungsi dari parameter-parameter yang digunakan
Ini penjelasan dari beberapa parameter yang digunakan pada file docker compose softether:
cap_add: - NET_ADMIN
Berfungsi untuk memberikan privileges kepada kontainer untuk melakukan berbagai operasi terkait network di dalam Node tempat kontainer itu berada.
Atribut
volumes:
Jadi ada beberapa setingan yang kurang sesuai jika sobat isiotak mengikuti/menyalin dari template yang disediakan Softether baik itu dari GitHub atau dari Docker Hub. Kenapa kurang sesuai? Karena dari masing-masing path, contohnya server_log akan kosong, yang harusnya terdapat file log untuk monitoring. Sesuaikan docker compose-nya seperti yang saya buat.
networks: - proxy
Pastikan untuk menggunakan network yang sama dengan kontainer Traefik.
Tambahkan
labels:
Konfigurasi Traefik
Tambahkan entryPoints untuk VPN Softether ke dalam file statis Traefik, biasanya bernama traefik.yaml. Sesuaikan port-nya seperti yang ada di dalam compose Softether.
entryPoints:
web:
address: ":80"
http:
redirections:
entryPoint:
to: websecure
scheme: https
permanent: true
websecure:
address: ":443"
http:
tls: {}
### Contohnya seperti yang ada di bawah ini:
vpn:
address: ":5443"Setelah itu, tambahkan juga port Softether ke dalam compose Traefik. Contohnya seperti di bawah ini:
ports:
- "80:80"
- "443:443"
- "5443:5443"Compose UP!
Let's go... kita up kan kontainer Softether-nya! Pada proses ini saya menyarankan untuk sekalian reload kontainer Traefik-nya.
sudo docker compose -f softether-compose.yaml up -dsudo docker compose -f traefik-compose.yaml up -dPantau kontainer-nya sampai up
docker ps --format "table {{.Names}}\t{{.Status}}"Dekripsi Key dan Cert
Pastikan Traefik berhasil generate SSL cert dan key untuk domain softether.local.domain.tld. Karena nanti akan digunakan untuk setup VPN.
grep softether.local.domain.tld traefik/certs/acme.json -A5Jika SSL cert dan key dari domain softether.local.domain.tld ada, dekripsikan dengan command di bawah ini
DOMAIN="softether.local.domain.tld"cat ~/traefik/certs/acme.json | jq -r ".. | .Certificates? | arrays[]? | select(.domain.main == \"$DOMAIN\") | .key" | base64 -d > ~/softether/data/example.keycat ~/traefik/certs/acme.json | jq -r ".. | .Certificates? | arrays[]? | select(.domain.main == \"$DOMAIN\") | .certificate" | base64 -d > ~/softether/data/example.crtSetup VPN Softether
Lanjut untuk setup VPN Softether-nya. Masuk ke dalam kontainer Softether.
docker exec -it softether shSetelah masuk ke dalam shell kontainer Softether, jalankan perintah vpncmd untuk melakukan pengecekan dan setup.
/usr/local/bin# vpncmdTahap pengecekan
By using vpncmd program, the following can be achieved.
1. Management of VPN Server or VPN Bridge
2. Management of VPN Client
3. Use of VPN Tools (certificate creation and Network Traffic Speed Test Tool)
### Pilih no.3
Select 1, 2 or 3: 3Jika VPS sobat isiotak tidak terdapat kendala apa pun, output dari pengecekannya akan terlihat seperti di bawah ini:
VPN Tools> Check
Check command - Check whether SoftEther VPN Operation is Possible
---------------------------------------------------
SoftEther VPN Operation Environment Check Tool
Developer Edition
Copyright (c) SoftEther VPN Project.
All Rights Reserved.
If this operation environment check tool is run on a system and that system passes, it is most likely that SoftEther VPN software can operate on that system. This check may take a while. Please wait...
Checking 'Kernel System'...
Pass
Checking 'Memory Operation System'...
Pass
Checking 'ANSI / Unicode string processing system'...
Pass
Checking 'File system'...
Pass
Checking 'Thread processing system'...
Pass
Checking 'Network system'...
Pass
All checks passed. It is most likely that SoftEther VPN Server / Bridge can operate normally on this system.
The command completed successfully.
VPN Tools> quitTahap setup VPN
Jalankan perintah vpncmd lagi
/usr/local/bin# vpncmdSetelah itu pilih no.1
By using vpncmd program, the following can be achieved.
1. Management of VPN Server or VPN Bridge
2. Management of VPN Client
3. Use of VPN Tools (certificate creation and Network Traffic Speed Test Tool)
Select 1, 2 or 3: 1Untuk langkah selanjutnya, klik enter pada prompt Hostname of IP Address of Destination
If nothing is input and the Enter key is pressed, the connection will be made to the port number 443 of localhost (this computer).
Hostname of IP Address of Destination: [ENTER]Klik enter lagi pada saat prompt Specify Virtual Hub Name muncul
If connecting to the server by Virtual Hub Admin Mode, please input the Virtual Hub name.
If connecting by server admin mode, please press Enter without inputting anything.
Specify Virtual Hub Name: [ENTER]
Connection has been established with VPN Server "localhost" (port 443).Setelah itu buat password untuk akses administrator
VPN Server> ServerPasswordSetJika sobat isiotak bingung terkait perintah yang akan dieksekusi, sobat bisa kirim tanda tanya (?) terlebih dahulu atau bisa ditambahkan setelah perintah (sebagai manual). Contohnya:
VPN Server> serverpass?
ServerPasswordSet command - Set VPN Server Administrator Password
Help for command "ServerPasswordSet"
Purpose:
Set VPN Server Administrator Password
Description:
This sets the VPN Server administrator password. You can specify the password as a parameter. If the password is not specified, a prompt will be displayed to input the password
and password confirmation. If you include the password as a parameter, this password will be displayed momentarily on the screen, which poses a risk. We recommend that whenever
possible, avoid specifying this parameter and input the password using the password prompt.
To execute this command, you must have VPN Server administrator privileges.
Usage:
ServerPasswordSet [password]
Parameters:
password - This specifies a new password setting.Buat Virtual Hub untuk VPN server
VPN Server> hubcreate SSTP
HubCreate command - Create New Virtual Hub
Please enter the password. To cancel press the Ctrl+D key.
Password: ********
Confirm input: ********Cek jika Hub berhasil dibuat
VPN Server> hublist
HubList command - Get List of Virtual Hubs
Item |Value
------------------+-------------------
Virtual Hub Name |DEFAULT
Status |Online
Type |Standalone
Users |0
Groups |0
Sessions |0
MAC Tables |0
IP Tables |0
Num Logins |0
Last Login |2026-03-31 10:44:27
Last Communication|2026-03-31 10:44:27
Transfer Bytes |0
Transfer Packets |0
------------------+-------------------
Virtual Hub Name |SSTP
Status |Online
Type |Standalone
Users |0
Groups |0
Sessions |0
MAC Tables |0
IP Tables |0
Num Logins |0
Last Login |2026-03-31 10:51:12
Last Communication|2026-03-31 10:51:12
Transfer Bytes |0
Transfer Packets |0Karena yang akan dipakai Hub SSTP, hapus Hub DEFAULT
VPN Server> hubdelete DEFAULTAktifkan Virtual NAT dan DHCP Server (SecureNat Function) pada Virtual Hub SSTP
VPN Server> hub SSTP
VPN Server/SSTP> SecureNatEnableKonfigurasi user untuk VPN client. Sehingga client bisa terhubung ke Virtual Hub SSTP dengan login autentikasi dari user
VPN Server/SSTP> UserCreate userone
UserCreate command - Create User
Assigned Group Name: [ENTER]
User Full Name: [ENTER]
User Description: [ENTER]VPN Server/SSTP> Userpasswordset userone
UserPasswordSet command - Set Password Authentication for User Auth Type and Set Password
Please enter the password. To cancel press the Ctrl+D key.
Password: ********
Confirm input: ********VPN Server/SSTP> userlist
UserList command - Get List of Users
Item |Value
----------------+-----------------------
User Name |userone
Full Name |
Group Name |-
Description |
Auth Method |Password Authentication
Num Logins |0
Last Login |(None)
Expiration Date |No Expiration
Transfer Bytes |0
Transfer Packets|0Setelah itu, tambahkan SSL cert dan key ke dalam VPN Softether. VPN memerlukan SSL cert untuk mengamankan alias membuat koneksi secure antara clients dan server.
VPN Server/SSTP> hub
VPN Server> ServerCertSet /LOADCERT:/mnt/example.crt /LOADKEY:/mnt/example.key Pastikan protokol SSTP sudah aktif
VPN Server> hub SSTP
VPN Server/SSTP> protooptionsget SSTP
ProtoOptionsGet command - Lists the options for the specified protocol
Name |Type |Value|Description
-------+-------+-----+-----------
Enabled|Boolean|True |Jika belum aktif, jalankan perintah di bawah ini
VPN Server/SSTP> ProtoOptionsSet SSTP /NAME:Enabled /VALUE:TrueTambahkan port
5443ke dalam TCP listeners registered
VPN Server> listenercreate 5443
VPN Server> listenerenable 5443
VPN Server> listenerlist
ListenerList command - Get List of TCP Listeners
Port Number|Status
-----------+---------
TCP 5443 |ListeningCek jika Virtual Hub sudah menerima lalu lintas paket
VPN Server/SSTP> statusget
StatusGet command - Get Current Status of Virtual Hub
Item |Value
-----------------------------+-------------------
Virtual Hub Name |SSTP
Status |Online
Type |Standalone
SecureNAT |Enabled
Sessions |1
Access Lists |0
Users |2
Groups |0
MAC Tables |1
IP Tables |1
Num Logins |1
Last Login |2026-03-27 18:46:19
Last Communication |2026-03-31 04:40:08
Created at |2026-03-26 05:21:22
Outgoing Unicast Packets |87,509 packets
Outgoing Unicast Total Size |5,245,451 bytes
Outgoing Broadcast Packets |132 packets
Outgoing Broadcast Total Size|13,478 bytes
Incoming Unicast Packets |87,927 packets
Incoming Unicast Total Size |5,321,355 bytes
Incoming Broadcast Packets |168,910 packets
Incoming Broadcast Total Size|10,297,574 bytesPastikan port tersebut sudah diizinkan oleh firewall (jika ada)
sudo ufw status
Status: active
To Action From
-- ------ ----
80 ALLOW Anywhere
443 ALLOW Anywhere
5443 ALLOW Anywhere
80 (v6) ALLOW Anywhere (v6)
443 (v6) ALLOW Anywhere (v6)
5443 (v6) ALLOW Anywhere (v6) Selamat! VPN sudah bisa digunakan untuk mengakses website atau konten yang dibatasi/diblokir di wilayah tertentu.