docker.recipes

Traefik + Cert Manager + Dashboard

intermediate

Modern reverse proxy with automatic HTTPS.

Overview

Traefik is a cloud-native edge router and HTTP reverse proxy that revolutionized service discovery with its automatic configuration capabilities. Born from the need to simplify microservices networking, Traefik eliminates the traditional pain points of manual load balancer configuration by dynamically discovering services from Docker containers, Kubernetes clusters, and other orchestrators. Unlike traditional reverse proxies that require static configuration files, Traefik reads service metadata directly from your infrastructure and automatically routes traffic accordingly. This stack combines Traefik's automatic service discovery with integrated Let's Encrypt certificate management and a real-time monitoring dashboard. The Traefik instance automatically detects new Docker containers through Docker socket access, provisions SSL certificates via ACME HTTP challenges, and provides instant visibility into traffic patterns through its built-in web interface. The whoami service demonstrates Traefik's label-based routing system, showing how containers can self-register their routing rules through Docker labels. This configuration is ideal for developers and DevOps teams managing multiple web applications who want automatic HTTPS without certificate management overhead. The combination of service discovery, certificate automation, and traffic monitoring makes this stack particularly valuable for dynamic environments where services frequently start, stop, or scale. Organizations running microservices, development platforms, or multi-tenant applications benefit from Traefik's ability to handle routing complexity while maintaining security through automatic certificate renewal.

Key Features

  • Automatic Docker container discovery through label-based service registration
  • Integrated Let's Encrypt ACME certificate provisioning with HTTP challenge validation
  • Real-time traffic monitoring dashboard with request metrics and backend health status
  • Dynamic routing configuration without service restarts or manual configuration reloads
  • HTTP to HTTPS automatic redirect capability for enhanced security
  • Multi-protocol support including HTTP/2, WebSocket, and gRPC traffic handling
  • Built-in load balancing with health checks for container-based services
  • Middleware system for authentication, rate limiting, and request transformation

Common Use Cases

  • 1Development teams running multiple web applications requiring individual SSL certificates
  • 2Staging environments where services dynamically scale up and down based on testing needs
  • 3Small to medium businesses hosting multiple client websites on a single server
  • 4Microservices architectures requiring intelligent traffic routing between container services
  • 5Home lab enthusiasts managing self-hosted applications with professional-grade reverse proxy
  • 6Agencies managing multiple client applications requiring separate domains and certificates
  • 7DevOps teams implementing blue-green deployments with traffic switching capabilities

Prerequisites

  • Docker Engine 20.10+ with Docker Compose v2 support
  • Minimum 512MB RAM available for Traefik instance and certificate management
  • Public domain name with DNS A records pointing to your server for certificate validation
  • Ports 80, 443, and 8080 available and not conflicting with existing services
  • Valid email address for Let's Encrypt certificate registration and notifications
  • Basic understanding of Docker labels and container networking concepts

For development & testing. Review security settings, change default credentials, and test thoroughly before production use. See Terms

docker-compose.yml

docker-compose.yml
1services: 
2  traefik: 
3    image: traefik:latest
4    command: 
5      - --api.dashboard=true
6      - --api.insecure=true
7      - --providers.docker=true
8      - --providers.docker.exposedbydefault=false
9      - --entrypoints.web.address=:80
10      - --entrypoints.websecure.address=:443
11      - --certificatesresolvers.letsencrypt.acme.email=${ACME_EMAIL}
12      - --certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json
13      - --certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web
14      - --log.level=INFO
15      - --accesslog=true
16    volumes: 
17      - /var/run/docker.sock:/var/run/docker.sock:ro
18      - traefik-letsencrypt:/letsencrypt
19    ports: 
20      - "80:80"
21      - "443:443"
22      - "8080:8080"
23    networks: 
24      - traefik-network
25    restart: unless-stopped
26
27  whoami: 
28    image: traefik/whoami
29    labels: 
30      - traefik.enable=true
31      - traefik.http.routers.whoami.rule=Host(`whoami.localhost`)
32      - traefik.http.routers.whoami.entrypoints=web
33    networks: 
34      - traefik-network
35    restart: unless-stopped
36
37volumes: 
38  traefik-letsencrypt: 
39
40networks: 
41  traefik-network: 
42    driver: bridge

.env Template

.env
1# Traefik
2ACME_EMAIL=admin@example.com
3
4# Dashboard at http://localhost:8080
5# Use labels on containers for routing

Usage Notes

  1. 1Dashboard at http://localhost:8080
  2. 2Add labels to containers
  3. 3Automatic HTTPS via Let's Encrypt
  4. 4Docker provider auto-discovery
  5. 5HTTP to HTTPS redirect available

Individual Services(2 services)

Copy individual services to mix and match with your existing compose files.

traefik
traefik:
  image: traefik:latest
  command:
    - "--api.dashboard=true"
    - "--api.insecure=true"
    - "--providers.docker=true"
    - "--providers.docker.exposedbydefault=false"
    - "--entrypoints.web.address=:80"
    - "--entrypoints.websecure.address=:443"
    - "--certificatesresolvers.letsencrypt.acme.email=${ACME_EMAIL}"
    - "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"
    - "--certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web"
    - "--log.level=INFO"
    - "--accesslog=true"
  volumes:
    - /var/run/docker.sock:/var/run/docker.sock:ro
    - traefik-letsencrypt:/letsencrypt
  ports:
    - "80:80"
    - "443:443"
    - "8080:8080"
  networks:
    - traefik-network
  restart: unless-stopped
whoami
whoami:
  image: traefik/whoami
  labels:
    - traefik.enable=true
    - traefik.http.routers.whoami.rule=Host(`whoami.localhost`)
    - traefik.http.routers.whoami.entrypoints=web
  networks:
    - traefik-network
  restart: unless-stopped

Quick Start

terminal
1# 1. Create the compose file
2cat > docker-compose.yml << 'EOF'
3services:
4  traefik:
5    image: traefik:latest
6    command:
7      - --api.dashboard=true
8      - --api.insecure=true
9      - --providers.docker=true
10      - --providers.docker.exposedbydefault=false
11      - --entrypoints.web.address=:80
12      - --entrypoints.websecure.address=:443
13      - --certificatesresolvers.letsencrypt.acme.email=${ACME_EMAIL}
14      - --certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json
15      - --certificatesresolvers.letsencrypt.acme.httpchallenge.entrypoint=web
16      - --log.level=INFO
17      - --accesslog=true
18    volumes:
19      - /var/run/docker.sock:/var/run/docker.sock:ro
20      - traefik-letsencrypt:/letsencrypt
21    ports:
22      - "80:80"
23      - "443:443"
24      - "8080:8080"
25    networks:
26      - traefik-network
27    restart: unless-stopped
28
29  whoami:
30    image: traefik/whoami
31    labels:
32      - traefik.enable=true
33      - traefik.http.routers.whoami.rule=Host(`whoami.localhost`)
34      - traefik.http.routers.whoami.entrypoints=web
35    networks:
36      - traefik-network
37    restart: unless-stopped
38
39volumes:
40  traefik-letsencrypt:
41
42networks:
43  traefik-network:
44    driver: bridge
45EOF
46
47# 2. Create the .env file
48cat > .env << 'EOF'
49# Traefik
50ACME_EMAIL=admin@example.com
51
52# Dashboard at http://localhost:8080
53# Use labels on containers for routing
54EOF
55
56# 3. Start the services
57docker compose up -d
58
59# 4. View logs
60docker compose logs -f

One-Liner

Run this command to download and set up the recipe in one step:

terminal
1curl -fsSL https://docker.recipes/api/recipes/traefik-complete/run | bash

Troubleshooting

  • Certificate generation fails with 'no such host' error: Verify DNS A record points to server and port 80 is accessible from internet
  • Dashboard shows 404 for services: Check that target containers have 'traefik.enable=true' label and are on the same Docker network
  • Let's Encrypt rate limit exceeded: Use staging server during testing by adding '--certificatesresolvers.letsencrypt.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory'
  • Services not auto-discovered: Ensure Docker socket mount is present and Traefik container has access to /var/run/docker.sock
  • SSL certificate not applying: Verify ACME_EMAIL environment variable is set and certificate resolver name matches in service labels
  • Dashboard inaccessible on port 8080: Check for port conflicts and ensure '--api.insecure=true' flag is present in Traefik command

Community Notes

Loading...
Loading notes...

Download Recipe Kit

Get all files in a ready-to-deploy package

Includes docker-compose.yml, .env template, README, and license

Components

traefikwhoami

Tags

#traefik#reverse-proxy#https#letsencrypt#load-balancer

Category

Web Servers & Reverse Proxies

Related Recipes

Ad Space