docker.recipes

Traefik Reverse Proxy

intermediate

Modern reverse proxy and load balancer with automatic HTTPS, native Docker integration, and dynamic configuration.

Overview

Traefik is a modern, cloud-native edge router and reverse proxy that revolutionizes how applications handle traffic routing and load balancing. Originally developed by Containous (now Traefik Labs) in 2015, Traefik was designed from the ground up to work with containerized environments and microservices architectures. Unlike traditional reverse proxies that require manual configuration files, Traefik automatically discovers services through Docker labels, Kubernetes annotations, or other service discovery mechanisms, making it particularly valuable in dynamic environments where services scale up and down frequently. This Traefik deployment creates a centralized entry point for all your containerized applications, automatically handling routing rules, load balancing, and SSL certificate management. The configuration establishes both HTTP (port 80) and HTTPS (port 443) entry points while exposing Traefik's built-in dashboard on port 8080 for real-time monitoring. By mounting the Docker socket, Traefik can monitor container events and automatically update routing rules when new services are deployed or removed, eliminating the need for manual configuration updates or service restarts. This stack is ideal for developers running multiple applications on a single Docker host, DevOps teams managing microservices architectures, and homelab enthusiasts who want professional-grade traffic management without complex configuration overhead. The combination of automatic service discovery, integrated Let's Encrypt support, and zero-downtime configuration updates makes Traefik particularly valuable for environments where applications are frequently deployed, updated, or scaled, providing enterprise-level traffic management capabilities with minimal operational complexity.

Key Features

  • Automatic service discovery through Docker labels without manual configuration file updates
  • Built-in Let's Encrypt integration for automatic SSL certificate provisioning and renewal
  • Real-time dashboard with traffic metrics, active routes, and service health monitoring
  • Dynamic configuration updates without container restarts or service interruptions
  • Advanced middleware support for authentication, rate limiting, request/response modification, and circuit breakers
  • Native Docker socket integration for instant detection of container lifecycle events
  • Multi-protocol support including HTTP/HTTPS, TCP, UDP, gRPC, and WebSocket routing
  • Canary deployment and traffic splitting capabilities for gradual application rollouts

Common Use Cases

  • 1Multi-application Docker host requiring centralized traffic routing and SSL termination
  • 2Development environment with frequently changing microservices requiring automatic route updates
  • 3Homelab setup hosting multiple web applications with custom domain routing
  • 4Small to medium business running containerized applications with automatic HTTPS requirements
  • 5CI/CD pipeline environments where applications are deployed and torn down regularly
  • 6Multi-tenant SaaS platforms requiring subdomain-based routing and SSL certificate management
  • 7Docker Swarm clusters needing intelligent load balancing across service replicas

Prerequisites

  • Docker Engine 20.10+ with Docker Compose V2 support
  • Minimum 512MB available RAM for Traefik container and traffic processing
  • Ports 80, 443, and 8080 available and not bound to other services
  • Basic understanding of Docker labels and container networking concepts
  • Domain names pointing to your server's IP address for proper routing (if using custom domains)
  • Root or sudo access for binding to privileged ports 80 and 443

For development & testing. Review security settings, change default credentials, and test thoroughly before production use. See Terms

docker-compose.yml

docker-compose.yml
1services: 
2  traefik: 
3    image: traefik:v3.0
4    container_name: traefik
5    restart: unless-stopped
6    command: 
7      - "--api.dashboard=true"
8      - "--providers.docker=true"
9      - "--providers.docker.exposedbydefault=false"
10      - "--entrypoints.web.address=:80"
11      - "--entrypoints.websecure.address=:443"
12    ports: 
13      - "80:80"
14      - "443:443"
15      - "8080:8080"
16    volumes: 
17      - /var/run/docker.sock:/var/run/docker.sock:ro
18      - traefik_certs:/letsencrypt
19    networks: 
20      - traefik-network
21
22volumes: 
23  traefik_certs: 
24
25networks: 
26  traefik-network: 
27    driver: bridge

.env Template

.env
1# Traefik dashboard credentials
2TRAEFIK_DASHBOARD_USER=admin
3TRAEFIK_DASHBOARD_PASSWORD=changeme

Usage Notes

  1. 1Docs: https://doc.traefik.io/traefik/
  2. 2Dashboard at http://localhost:8080/dashboard/ (trailing slash required)
  3. 3Route containers with labels: traefik.enable=true, traefik.http.routers.myapp.rule=Host(`app.example.com`)
  4. 4For HTTPS: add --certificatesresolvers.letsencrypt.acme.email=you@example.com
  5. 5Middleware for auth, rate limiting, headers - all via labels
  6. 6Best practice: create traefik.yml for static config, use labels for dynamic

Quick Start

terminal
1# 1. Create the compose file
2cat > docker-compose.yml << 'EOF'
3services:
4  traefik:
5    image: traefik:v3.0
6    container_name: traefik
7    restart: unless-stopped
8    command:
9      - "--api.dashboard=true"
10      - "--providers.docker=true"
11      - "--providers.docker.exposedbydefault=false"
12      - "--entrypoints.web.address=:80"
13      - "--entrypoints.websecure.address=:443"
14    ports:
15      - "80:80"
16      - "443:443"
17      - "8080:8080"
18    volumes:
19      - /var/run/docker.sock:/var/run/docker.sock:ro
20      - traefik_certs:/letsencrypt
21    networks:
22      - traefik-network
23
24volumes:
25  traefik_certs:
26
27networks:
28  traefik-network:
29    driver: bridge
30EOF
31
32# 2. Create the .env file
33cat > .env << 'EOF'
34# Traefik dashboard credentials
35TRAEFIK_DASHBOARD_USER=admin
36TRAEFIK_DASHBOARD_PASSWORD=changeme
37EOF
38
39# 3. Start the services
40docker compose up -d
41
42# 4. View logs
43docker compose logs -f

One-Liner

Run this command to download and set up the recipe in one step:

terminal
1curl -fsSL https://docker.recipes/api/recipes/traefik-proxy/run | bash

Troubleshooting

  • Dashboard shows 404 error: Ensure you access http://localhost:8080/dashboard/ with trailing slash
  • Services not appearing in dashboard: Add traefik.enable=true label to your application containers
  • Permission denied accessing Docker socket: Ensure the Docker socket mount has proper read permissions (:ro flag)
  • Certificate generation failing: Add ACME email configuration with --certificatesresolvers.letsencrypt.acme.email flag
  • Routes not updating automatically: Verify providers.docker.exposedbydefault=false is set and containers have explicit Traefik labels
  • Port binding conflicts on startup: Check that no other services are using ports 80, 443, or 8080 before starting Traefik

Community Notes

Loading...
Loading notes...

Download Recipe Kit

Get all files in a ready-to-deploy package

Includes docker-compose.yml, .env template, README, and license

Components

traefik

Tags

#traefik#reverse-proxy#load-balancer#https#letsencrypt#kubernetes

Category

Web Servers & Reverse Proxies

Related Recipes

Ad Space