# Traefik — Cloud Native Reverse Proxy & Load Balancer > Traefik is an open-source edge router that auto-discovers services, handles HTTPS certificates, and routes traffic — designed for Docker, Kubernetes, and microservices. ## Install Save the content below to `.claude/skills/` or append to your `CLAUDE.md`: ## Quick Use ```bash docker run -d --name traefik -p 80:80 -p 443:443 -p 8080:8080 -v /var/run/docker.sock:/var/run/docker.sock traefik:latest --api.insecure=true --providers.docker=true --entrypoints.web.address=:80 --entrypoints.websecure.address=:443 ``` Open `http://localhost:8080` — view the Traefik dashboard with auto-discovered services. ## Intro **Traefik** is an open-source cloud-native reverse proxy and load balancer designed for modern infrastructure. Unlike traditional reverse proxies (Nginx, HAProxy) that require manual configuration, Traefik automatically discovers services from Docker, Kubernetes, and other orchestrators — and configures routing, load balancing, and HTTPS certificates without restart. With 62.6K+ GitHub stars and MIT license, Traefik is the most popular modern reverse proxy, handling billions of requests daily across production environments worldwide. ## What Traefik Does - **Auto-Discovery**: Automatically detect Docker containers, Kubernetes services, and configure routes - **Automatic HTTPS**: Request and renew Let's Encrypt certificates without manual intervention - **Load Balancing**: Round-robin, weighted, and sticky session load balancing across backends - **Middleware**: Chain middleware for auth, rate limiting, headers, compression, circuit breaker - **Multi-Protocol**: HTTP, HTTPS, TCP, UDP, gRPC, and WebSocket routing - **Hot Reload**: Configuration changes apply instantly without restart or dropped connections - **Dashboard**: Real-time monitoring dashboard with route and service visualization - **Metrics**: Built-in Prometheus, DataDog, and InfluxDB metrics export ## Architecture ``` Internet │ ┌───┴───────────┐ │ Traefik │ │ Entry Points │ ← :80, :443 │ Routers │ ← Host/Path matching │ Middleware │ ← Auth, Rate Limit, Headers │ Services │ ← Load Balanced Backends └───┬───────────┘ │ ┌───┴───────────────────────┐ │ Docker / Kubernetes │ │ ┌─────┐ ┌─────┐ ┌─────┐ │ │ │App 1│ │App 2│ │App 3│ │ │ └─────┘ └─────┘ └─────┘ │ └───────────────────────────┘ ``` ## Docker Setup ### Docker Compose with Auto-Discovery ```yaml services: traefik: image: traefik:latest command: - "--api.dashboard=true" - "--providers.docker=true" - "--providers.docker.exposedbydefault=false" - "--entrypoints.web.address=:80" - "--entrypoints.websecure.address=:443" - "--certificatesresolvers.letsencrypt.acme.tlschallenge=true" - "--certificatesresolvers.letsencrypt.acme.email=admin@yourdomain.com" - "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json" ports: - "80:80" - "443:443" volumes: - /var/run/docker.sock:/var/run/docker.sock:ro - letsencrypt:/letsencrypt labels: - "traefik.enable=true" - "traefik.http.routers.dashboard.rule=Host(`traefik.yourdomain.com`)" - "traefik.http.routers.dashboard.service=api@internal" - "traefik.http.routers.dashboard.tls.certresolver=letsencrypt" # Example: Auto-discovered web app myapp: image: nginx:alpine labels: - "traefik.enable=true" - "traefik.http.routers.myapp.rule=Host(`app.yourdomain.com`)" - "traefik.http.routers.myapp.tls.certresolver=letsencrypt" volumes: letsencrypt: ``` ### How Auto-Discovery Works Simply add Docker labels to your containers: ```yaml labels: - "traefik.enable=true" - "traefik.http.routers.myapp.rule=Host(`app.example.com`)" - "traefik.http.routers.myapp.tls.certresolver=letsencrypt" - "traefik.http.services.myapp.loadbalancer.server.port=8080" ``` Traefik watches Docker events, sees new containers, and automatically: 1. Creates a route based on labels 2. Requests a TLS certificate from Let's Encrypt 3. Starts forwarding traffic — zero downtime ## Key Features ### Middleware Stack ```yaml labels: # Basic auth - "traefik.http.middlewares.auth.basicauth.users=admin:$$apr1$$..." # Rate limiting - "traefik.http.middlewares.ratelimit.ratelimit.average=100" - "traefik.http.middlewares.ratelimit.ratelimit.burst=50" # IP whitelist - "traefik.http.middlewares.ipallow.ipallowlist.sourcerange=192.168.1.0/24" # Compress responses - "traefik.http.middlewares.compress.compress=true" # Chain middlewares - "traefik.http.routers.myapp.middlewares=auth,ratelimit,compress" ``` ### Provider Support | Provider | Auto-Discovery | |----------|---------------| | Docker | Labels | | Kubernetes | Ingress / CRD | | Docker Swarm | Labels | | Consul Catalog | Tags | | File | Static config | | ECS | AWS tasks | ## Traefik vs Alternatives | Feature | Traefik | Nginx | Caddy | HAProxy | |---------|---------|-------|-------|---------| | Auto-discovery | Yes | No | No | No | | Auto HTTPS | Let's Encrypt | Certbot addon | Built-in | No | | Hot reload | Yes | nginx -s reload | Yes | Yes | | Docker native | Yes | Manual | Manual | Manual | | K8s Ingress | Yes | Ingress Controller | Ingress | Ingress | | Dashboard | Built-in | Paid (Plus) | No | Stats page | | Config style | Labels/YAML | Config files | Caddyfile | Config files | ## FAQ **Q: Traefik or Nginx?** A: If you use Docker/Kubernetes and frequently add new services, Traefik's auto-discovery is a killer feature. If you manage a handful of static sites, Nginx is simpler and more direct. Performance is comparable. **Q: What's different between Traefik v2 and v3?** A: v3 adds HTTP/3 (QUIC), native OpenTelemetry integration, WASM plugins, and SPIFFE identity integration. Migrating from v2 requires some config syntax adjustments but is overall smooth. **Q: Suitable for high-traffic production?** A: Yes. Traefik handles tens of thousands of requests per second in many production environments. Its performance is in the same ballpark as Nginx and HAProxy, with native Prometheus metrics for easy monitoring. ## Source & Thanks - GitHub: [traefik/traefik](https://github.com/traefik/traefik) — 62.6K+ ⭐ | MIT - Website: [traefik.io](https://traefik.io) --- Source: https://tokrepo.com/en/workflows/traefik-cloud-native-reverse-proxy-load-balancer-e8afc2f9 Author: Script Depot