What is Traefik — Cloud Native Reverse Proxy & Load Balancer?

Traefik is an open-source edge router that auto-discovers services, handles HTTPS certificates, and routes traffic — designed for Docker, Kubernetes, and microservices.

Is Traefik — Cloud Native Reverse Proxy & Load Balancer free to use?

Yes. Traefik — Cloud Native Reverse Proxy & Load Balancer is freely available on TokRepo. Check the Source & Thanks section on the asset page for the specific open-source license.

How do I install Traefik — Cloud Native Reverse Proxy & Load Balancer?

Visit the asset page on TokRepo and click "Copy for agent" to get the installation instructions. Most assets can be installed with a single command.

Traefik — Cloud Native Reverse Proxy & Load Balancer

What Traefik Does

Auto-Discovery: Automatically detect Docker containers, Kubernetes services, and configure routes
Automatic HTTPS: Request and renew Let's Encrypt certificates without manual intervention
Load Balancing: Round-robin, weighted, and sticky session load balancing across backends
Middleware: Chain middleware for auth, rate limiting, headers, compression, circuit breaker
Multi-Protocol: HTTP, HTTPS, TCP, UDP, gRPC, and WebSocket routing
Hot Reload: Configuration changes apply instantly without restart or dropped connections
Dashboard: Real-time monitoring dashboard with route and service visualization
Metrics: Built-in Prometheus, DataDog, and InfluxDB metrics export

Architecture

Internet
    │
┌───┴───────────┐
│   Traefik     │
│  Entry Points │ ← :80, :443
│  Routers      │ ← Host/Path matching
│  Middleware    │ ← Auth, Rate Limit, Headers
│  Services     │ ← Load Balanced Backends
└───┬───────────┘
    │
┌───┴───────────────────────┐
│  Docker / Kubernetes      │
│  ┌─────┐ ┌─────┐ ┌─────┐ │
│  │App 1│ │App 2│ │App 3│ │
│  └─────┘ └─────┘ └─────┘ │
└───────────────────────────┘

Docker Setup

Docker Compose with Auto-Discovery

services:
  traefik:
    image: traefik:latest
    command:
      - "--api.dashboard=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
      - "--certificatesresolvers.letsencrypt.acme.tlschallenge=true"
      - "--certificatesresolvers.letsencrypt.acme.email=admin@yourdomain.com"
      - "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - letsencrypt:/letsencrypt
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.dashboard.rule=Host(`traefik.yourdomain.com`)"
      - "traefik.http.routers.dashboard.service=api@internal"
      - "traefik.http.routers.dashboard.tls.certresolver=letsencrypt"

  # Example: Auto-discovered web app
  myapp:
    image: nginx:alpine
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.myapp.rule=Host(`app.yourdomain.com`)"
      - "traefik.http.routers.myapp.tls.certresolver=letsencrypt"

volumes:
  letsencrypt:

How Auto-Discovery Works

Simply add Docker labels to your containers:

labels:
  - "traefik.enable=true"
  - "traefik.http.routers.myapp.rule=Host(`app.example.com`)"
  - "traefik.http.routers.myapp.tls.certresolver=letsencrypt"
  - "traefik.http.services.myapp.loadbalancer.server.port=8080"

Traefik watches Docker events, sees new containers, and automatically:

Creates a route based on labels
Requests a TLS certificate from Let's Encrypt
Starts forwarding traffic — zero downtime

Key Features

Middleware Stack

labels:
  # Basic auth
  - "traefik.http.middlewares.auth.basicauth.users=admin:$$apr1$$..."

  # Rate limiting
  - "traefik.http.middlewares.ratelimit.ratelimit.average=100"
  - "traefik.http.middlewares.ratelimit.ratelimit.burst=50"

  # IP whitelist
  - "traefik.http.middlewares.ipallow.ipallowlist.sourcerange=192.168.1.0/24"

  # Compress responses
  - "traefik.http.middlewares.compress.compress=true"

  # Chain middlewares
  - "traefik.http.routers.myapp.middlewares=auth,ratelimit,compress"

Provider Support

Provider	Auto-Discovery
Docker	Labels
Kubernetes	Ingress / CRD
Docker Swarm	Labels
Consul Catalog	Tags
File	Static config
ECS	AWS tasks

Traefik vs Alternatives

Feature	Traefik	Nginx	Caddy	HAProxy
Auto-discovery	Yes	No	No	No
Auto HTTPS	Let's Encrypt	Certbot addon	Built-in	No
Hot reload	Yes	nginx -s reload	Yes	Yes
Docker native	Yes	Manual	Manual	Manual
K8s Ingress	Yes	Ingress Controller	Ingress	Ingress
Dashboard	Built-in	Paid (Plus)	No	Stats page
Config style	Labels/YAML	Config files	Caddyfile	Config files

FAQ

Q: Traefik or Nginx? A: If you use Docker/Kubernetes and frequently add new services, Traefik's auto-discovery is a killer feature. If you manage a handful of static sites, Nginx is simpler and more direct. Performance is comparable.

Q: What's different between Traefik v2 and v3? A: v3 adds HTTP/3 (QUIC), native OpenTelemetry integration, WASM plugins, and SPIFFE identity integration. Migrating from v2 requires some config syntax adjustments but is overall smooth.

Q: Suitable for high-traffic production? A: Yes. Traefik handles tens of thousands of requests per second in many production environments. Its performance is in the same ballpark as Nginx and HAProxy, with native Prometheus metrics for easy monitoring.

Traefik — Cloud Native Reverse Proxy & Load Balancer

What Traefik Does

Architecture

Docker Setup

Docker Compose with Auto-Discovery

How Auto-Discovery Works

Key Features

Middleware Stack

Provider Support

Traefik vs Alternatives

FAQ

Fuente y agradecimientos

Discusión

Activos relacionados

Unkey — Open-Source API Key Management Platform

Flagsmith — Open-Source Feature Flags and Remote Config

OpenStatus — Open-Source Monitoring and Status Page Platform