What is Traefik — Cloud Native Reverse Proxy & Load Balancer?

Traefik is an open-source edge router that auto-discovers services, handles HTTPS certificates, and routes traffic — designed for Docker, Kubernetes, and microservices.

Is Traefik — Cloud Native Reverse Proxy & Load Balancer free to use?

Yes. Traefik — Cloud Native Reverse Proxy & Load Balancer is freely available on TokRepo. Check the Source & Thanks section on the asset page for the specific open-source license.

How do I install Traefik — Cloud Native Reverse Proxy & Load Balancer?

Visit the asset page on TokRepo and click "Copy for agent" to get the installation instructions. Most assets can be installed with a single command.

Traefik — Cloud Native Reverse Proxy & Load Balancer

What Traefik Does

Auto-Discovery: Automatically detect Docker containers, Kubernetes services, and configure routes
Automatic HTTPS: Request and renew Let's Encrypt certificates without manual intervention
Load Balancing: Round-robin, weighted, and sticky session load balancing across backends
Middleware: Chain middleware for auth, rate limiting, headers, compression, circuit breaker
Multi-Protocol: HTTP, HTTPS, TCP, UDP, gRPC, and WebSocket routing
Hot Reload: Configuration changes apply instantly without restart or dropped connections
Dashboard: Real-time monitoring dashboard with route and service visualization
Metrics: Built-in Prometheus, DataDog, and InfluxDB metrics export

Architecture

Internet
    │
┌───┴───────────┐
│   Traefik     │
│  Entry Points │ ← :80, :443
│  Routers      │ ← Host/Path matching
│  Middleware    │ ← Auth, Rate Limit, Headers
│  Services     │ ← Load Balanced Backends
└───┬───────────┘
    │
┌───┴───────────────────────┐
│  Docker / Kubernetes      │
│  ┌─────┐ ┌─────┐ ┌─────┐ │
│  │App 1│ │App 2│ │App 3│ │
│  └─────┘ └─────┘ └─────┘ │
└───────────────────────────┘

Docker Setup

Docker Compose with Auto-Discovery

services:
  traefik:
    image: traefik:latest
    command:
      - "--api.dashboard=true"
      - "--providers.docker=true"
      - "--providers.docker.exposedbydefault=false"
      - "--entrypoints.web.address=:80"
      - "--entrypoints.websecure.address=:443"
      - "--certificatesresolvers.letsencrypt.acme.tlschallenge=true"
      - "--certificatesresolvers.letsencrypt.acme.email=admin@yourdomain.com"
      - "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - letsencrypt:/letsencrypt
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.dashboard.rule=Host(`traefik.yourdomain.com`)"
      - "traefik.http.routers.dashboard.service=api@internal"
      - "traefik.http.routers.dashboard.tls.certresolver=letsencrypt"

  # Example: Auto-discovered web app
  myapp:
    image: nginx:alpine
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.myapp.rule=Host(`app.yourdomain.com`)"
      - "traefik.http.routers.myapp.tls.certresolver=letsencrypt"

volumes:
  letsencrypt:

How Auto-Discovery Works

Simply add Docker labels to your containers:

labels:
  - "traefik.enable=true"
  - "traefik.http.routers.myapp.rule=Host(`app.example.com`)"
  - "traefik.http.routers.myapp.tls.certresolver=letsencrypt"
  - "traefik.http.services.myapp.loadbalancer.server.port=8080"

Traefik watches Docker events, sees new containers, and automatically:

Creates a route based on labels
Requests a TLS certificate from Let's Encrypt
Starts forwarding traffic — zero downtime

Key Features

Middleware Stack

labels:
  # Basic auth
  - "traefik.http.middlewares.auth.basicauth.users=admin:$$apr1$$..."

  # Rate limiting
  - "traefik.http.middlewares.ratelimit.ratelimit.average=100"
  - "traefik.http.middlewares.ratelimit.ratelimit.burst=50"

  # IP whitelist
  - "traefik.http.middlewares.ipallow.ipallowlist.sourcerange=192.168.1.0/24"

  # Compress responses
  - "traefik.http.middlewares.compress.compress=true"

  # Chain middlewares
  - "traefik.http.routers.myapp.middlewares=auth,ratelimit,compress"

Provider Support

Provider	Auto-Discovery
Docker	Labels
Kubernetes	Ingress / CRD
Docker Swarm	Labels
Consul Catalog	Tags
File	Static config
ECS	AWS tasks

Traefik vs Alternatives

Feature	Traefik	Nginx	Caddy	HAProxy
Auto-discovery	Yes	No	No	No
Auto HTTPS	Let's Encrypt	Certbot addon	Built-in	No
Hot reload	Yes	nginx -s reload	Yes	Yes
Docker native	Yes	Manual	Manual	Manual
K8s Ingress	Yes	Ingress Controller	Ingress	Ingress
Dashboard	Built-in	Paid (Plus)	No	Stats page
Config style	Labels/YAML	Config files	Caddyfile	Config files

常见问题

Q: Traefik 和 Nginx 选哪个？ A: 如果你用 Docker/Kubernetes 并且经常添加新服务，Traefik 的自动发现是杀手级功能。如果你管理少量静态站点，Nginx 更简单直接。性能方面两者差距不大。

Q: Traefik v2 和 v3 有什么区别？ A: v3 增加了 HTTP/3 (QUIC) 支持、OpenTelemetry 原生集成、WASM 插件、和 SPIFFE 身份集成。从 v2 迁移需要调整部分配置语法但整体平滑。

Q: 适合高流量生产环境吗？ A: 适合。Traefik 在大量生产环境中处理每秒数万请求。性能与 Nginx 和 HAProxy 在同一数量级，原生 Prometheus 指标便于监控。

来源与致谢

GitHub: traefik/traefik — 62.6K+ ⭐ | MIT
官网: traefik.io