docker.recipes

Traefik Reverse Proxy

intermediate

Traefik reverse proxy with dashboard and Let's Encrypt.

Overview

Traefik is a modern cloud-native edge router and reverse proxy that revolutionizes how applications handle traffic routing and load balancing. Originally developed by Containous (now Traefik Labs) in 2015, Traefik was designed specifically for containerized and microservices environments, offering automatic service discovery and dynamic configuration without requiring manual intervention or service restarts. Unlike traditional reverse proxies that require static configuration files, Traefik automatically detects new services and configures routing rules in real-time. This Traefik deployment creates a comprehensive reverse proxy solution that automatically discovers Docker containers, generates SSL certificates through Let's Encrypt, and provides a real-time dashboard for monitoring traffic and services. The configuration enables automatic HTTPS redirection, dynamic service discovery through Docker labels, and centralized traffic management for all containerized applications. Traefik monitors the Docker socket to detect when containers start or stop, automatically adding or removing routing rules based on container labels. This stack is ideal for developers managing multiple Docker applications, system administrators running microservices architectures, and organizations transitioning from traditional server setups to containerized environments. The combination of automatic service discovery, Let's Encrypt integration, and real-time dashboard makes it particularly valuable for teams who want to eliminate manual proxy configuration while maintaining enterprise-grade features like load balancing, SSL termination, and traffic monitoring.

Key Features

  • Automatic service discovery from Docker containers without manual configuration
  • Built-in Let's Encrypt integration for automatic SSL certificate generation and renewal
  • Real-time web dashboard showing active routes, services, and traffic metrics
  • Dynamic configuration updates without service restarts or downtime
  • HTTP to HTTPS automatic redirection with SSL termination
  • Load balancing across multiple container instances with health checks
  • Middleware support for authentication, rate limiting, and request transformation
  • Container-based routing using Docker labels instead of static configuration files

Common Use Cases

  • 1Development environments with multiple microservices requiring automatic SSL
  • 2Small to medium businesses consolidating multiple web applications behind one entry point
  • 3Homelab setups managing personal services like Nextcloud, Plex, and monitoring tools
  • 4Staging environments that need to mirror production routing without manual setup
  • 5Multi-tenant SaaS platforms requiring dynamic subdomain routing
  • 6CI/CD pipelines deploying temporary review applications with automatic DNS
  • 7Container orchestration setups needing centralized traffic management and monitoring

Prerequisites

  • Docker and Docker Compose installed with minimum 512MB available RAM
  • Ports 80, 443, and 8080 available and not used by other services
  • Domain name with DNS pointing to your server IP for Let's Encrypt certificates
  • Understanding of Docker labels and container networking concepts
  • Basic knowledge of reverse proxy concepts and HTTP/HTTPS protocols

For development & testing. Review security settings, change default credentials, and test thoroughly before production use. See Terms

docker-compose.yml

docker-compose.yml
1services: 
2  traefik: 
3    image: traefik:latest
4    container_name: traefik
5    restart: unless-stopped
6    ports: 
7      - "${HTTP_PORT:-80}:80"
8      - "${HTTPS_PORT:-443}:443"
9      - "${DASHBOARD_PORT:-8080}:8080"
10    command: 
11      - --api.dashboard=true
12      - --api.insecure=true
13      - --providers.docker=true
14      - --providers.docker.exposedbydefault=false
15      - --entrypoints.web.address=:80
16      - --entrypoints.websecure.address=:443
17    volumes: 
18      - /var/run/docker.sock:/var/run/docker.sock:ro
19      - traefik_certs:/letsencrypt
20    networks: 
21      - traefik-network
22
23volumes: 
24  traefik_certs: 
25
26networks: 
27  traefik-network: 
28    driver: bridge

.env Template

.env
1# Traefik
2HTTP_PORT=80
3HTTPS_PORT=443
4DASHBOARD_PORT=8080

Usage Notes

  1. 1Dashboard at http://localhost:8080
  2. 2Add labels to containers
  3. 3Auto SSL with Let's Encrypt
  4. 4Service discovery via Docker

Quick Start

terminal
1# 1. Create the compose file
2cat > docker-compose.yml << 'EOF'
3services:
4  traefik:
5    image: traefik:latest
6    container_name: traefik
7    restart: unless-stopped
8    ports:
9      - "${HTTP_PORT:-80}:80"
10      - "${HTTPS_PORT:-443}:443"
11      - "${DASHBOARD_PORT:-8080}:8080"
12    command:
13      - --api.dashboard=true
14      - --api.insecure=true
15      - --providers.docker=true
16      - --providers.docker.exposedbydefault=false
17      - --entrypoints.web.address=:80
18      - --entrypoints.websecure.address=:443
19    volumes:
20      - /var/run/docker.sock:/var/run/docker.sock:ro
21      - traefik_certs:/letsencrypt
22    networks:
23      - traefik-network
24
25volumes:
26  traefik_certs:
27
28networks:
29  traefik-network:
30    driver: bridge
31EOF
32
33# 2. Create the .env file
34cat > .env << 'EOF'
35# Traefik
36HTTP_PORT=80
37HTTPS_PORT=443
38DASHBOARD_PORT=8080
39EOF
40
41# 3. Start the services
42docker compose up -d
43
44# 4. View logs
45docker compose logs -f

One-Liner

Run this command to download and set up the recipe in one step:

terminal
1curl -fsSL https://docker.recipes/api/recipes/traefik-reverse-proxy/run | bash

Troubleshooting

  • Dashboard shows 404 Gateway Timeout: Check that target containers are healthy and ports are correctly exposed internally
  • Let's Encrypt certificate generation fails: Verify domain DNS records point to server and port 80 is accessible from internet
  • Traefik not detecting new containers: Ensure containers have proper traefik.enable=true label and are on the traefik-network
  • ERR_TOO_MANY_REDIRECTS in browser: Check for conflicting redirect rules in both Traefik configuration and application settings
  • Docker socket permission denied: Verify /var/run/docker.sock has proper permissions or run Traefik container with appropriate user privileges
  • Services unreachable after container restart: Confirm traefik_certs volume persists and containers rejoin the traefik-network on restart

Community Notes

Loading...
Loading notes...

Download Recipe Kit

Get all files in a ready-to-deploy package

Includes docker-compose.yml, .env template, README, and license

Components

traefik

Tags

#traefik#reverse-proxy#load-balancer#ssl#docker

Category

Web Servers & Reverse Proxies

Related Recipes

Ad Space