2.0 KiB
2.0 KiB
title, description, tags, category, created, updated
| title | description | tags | category | created | updated | |||
|---|---|---|---|---|---|---|---|---|
| Traefik | Tool overview for Traefik as a modern reverse proxy and dynamic ingress controller |
|
tools | 2026-03-14 | 2026-03-14 |
Traefik
Summary
Traefik is a reverse proxy and ingress tool designed for dynamic environments. It is especially popular in containerized setups because it can discover services from providers such as Docker and build routes from metadata.
Why it matters
When services are created or moved frequently, static proxy configuration becomes a maintenance burden. Traefik reduces manual route management by linking service discovery with ingress configuration.
Core concepts
- EntryPoints as listening ports or addresses
- Routers for request matching
- Services for upstream destinations
- Middlewares for auth, redirects, headers, and rate controls
- Providers such as Docker or file-based configuration
Practical usage
Traefik commonly fits into infrastructure as:
Client -> Traefik entrypoint -> router -> middleware -> service backend
Typical uses:
- Reverse proxying containerized services
- Automatic route generation from Docker labels
- Central TLS termination for a container platform
Best practices
- Keep provider metadata minimal and standardized
- Separate public and internal entrypoints where trust boundaries differ
- Review middleware behavior as part of security policy
- Monitor certificate and routing health
Pitfalls
- Hiding important routing logic in inconsistent labels across stacks
- Exposing internal services accidentally through default provider behavior
- Letting Docker label sprawl become the only source of ingress documentation
- Assuming dynamic config removes the need for change review