Caddy vs Traefik: Which Reverse Proxy for Your Docker Stack?

I've written about Traefik before, and it's my go-to reverse proxy for Docker deployments. But Caddy has been gaining ground rapidly, and after running it for over a year on a separate project, I can say they're both excellent choices — with different strengths. Traefik is built for Docker-native environments. It auto-discovers containers, configures routing via labels, and integrates deeply with container orchestration. It's powerful but has a learning curve. Caddy is built for simplicity. Its configuration file (Caddyfile) is possibly the most readable config format in all of DevOps. Automatic HTTPS is truly automatic — no cert resolver configuration, no ACME setup, it just works. This comparison is based on running both in real deployments, not benchmarks or feature checklists.

Configuration simplicity: A complete Caddy reverse proxy config for three services looks like this:

1# Caddyfile - that's it, really
2nextcloud.example.com {
3    reverse_proxy nextcloud:80
4}
5
6grafana.example.com {
7    reverse_proxy grafana:3000
8}
9
10gitea.example.com {
11    reverse_proxy gitea:3000
12}

That Caddyfile is the entire configuration. No cert resolvers, no entrypoints, no middleware declarations. Caddy automatically provisions SSL certificates for every domain, redirects HTTP to HTTPS, and handles renewals. This is Caddy's killer feature — HTTPS that requires zero thought. Caddy also has excellent defaults: HTTP/2 and HTTP/3 are enabled automatically, security headers are sensible out of the box, and the default TLS configuration scores an A+ on SSL Labs. For Docker Compose deployments, Caddy works great with a bind-mounted Caddyfile. When you add a new service, add a block to the Caddyfile and restart Caddy.

Docker-native service discovery: Traefik watches the Docker socket and automatically creates routes when containers start or stop. You never edit Traefik's configuration directly — you add labels to your service containers. This means adding a new service requires zero changes to the proxy configuration. Middleware ecosystem: Traefik has a rich set of middleware — rate limiting, circuit breakers, retry logic, request mirroring, weighted load balancing — all configurable via Docker labels. Caddy has plugins for similar features but they require rebuilding the Caddy binary. Dashboard: Traefik's built-in dashboard shows all routers, services, and middleware in a clean UI. Caddy has an admin API but no built-in dashboard.

Use Caddy if: You value simplicity above all else, you have a small to medium number of services (under 15), you don't change services frequently, and you want the easiest possible HTTPS setup. Use Traefik if: You frequently add and remove services, you need advanced middleware, you run a larger service fleet, or you want fully automated configuration via Docker labels. For a typical home lab with 10-20 services that rarely change, Caddy is the simpler choice. For a dynamic environment where containers come and go frequently, Traefik's auto-discovery is worth the extra complexity. Both are available in our web-servers recipes with complete Docker Compose configurations, including examples for common middleware patterns and multi-service routing.