Traefik guide

What Traefik does in production

Traefik sits at the edge of your stack, terminates HTTP/HTTPS, and routes requests to containers or pods. Its main difference from nginx or HAProxy is dynamic configuration: when you deploy a new container with the right labels, or apply a Kubernetes IngressRoute, Traefik picks it up without a manual reload. TLS certificates from Let's Encrypt can be obtained and renewed automatically via built-in ACME support.

How a request is handled

The typical workflow:

1. Entrypoint — client connects to an entrypoint (e.g. web on :80, websecure on :443)
2. Router match — Traefik matches Host, Path, headers, or other rules to a router
3. Middleware chain — optional middleware runs (auth, rate limit, redirect, strip prefix)
4. Service — router forwards to a service (load balancer to backends)
5. Backend — request reaches the container/pod IP and port discovered from Docker or Kubernetes

Static vs dynamic configuration

• Static — traefik.yml / traefik.toml: entrypoints, providers, ACME, dashboard, logging (requires restart to change)
• Dynamic — routers, services, middlewares from providers: Docker labels, Kubernetes CRDs, files in dynamic/

Configuration providers

• Docker — traefik.enable=true plus router/service labels on containers
• Kubernetes — Ingress, IngressRoute (Traefik CRD), or Gateway API resources
• File — YAML/TOML in a watched directory for GitOps-style routes

Key concepts to know

• Entrypoints — named listeners (web, websecure)
• Routers — tie rules to services; define TLS and middleware
• Services — define backend targets and load-balancing
• Middlewares — reusable request/response transforms
• ACME / Let's Encrypt — certificatesResolvers in static config for automatic TLS
• Dashboard — web UI and API (often on port 8080; protect in production)

Traefik vs nginx / Caddy

nginx and Caddy excel with file-based config. Traefik shines when backends change frequently — microservices on Docker Swarm/Kubernetes where routing is declared alongside each deployment. See also the SSL lab for certificate fundamentals and Kubernetes scenarios for ingress patterns.

Learning resources

• Traefik documentation — doc.traefik.io/traefik (official docs)
• Routing overview — doc.traefik.io — routing (entrypoints, routers, services)
• Docker provider — doc.traefik.io — Docker (label reference)
• Kubernetes IngressRoute — doc.traefik.io — Kubernetes CRD