Traefik is an open source reverse proxy that auto-discovers service routing configuration from Docker labels, Kubernetes ingress rules, and other orchestration metadata, so teams stop maintaining Nginx config files by hand for every new service they deploy.
The Problem
Nginx and HAProxy are powerful but require manual configuration updates every time a new service is deployed, a domain changes, or a certificate renews. In containerized environments where services start and stop dynamically, keeping proxy config synchronized with running containers is a manual process that breaks under deployment pressure. Wildcard SSL certificates must be renewed and reloaded separately; a missed renewal brings down HTTPS for every service behind the proxy.
How Traefik Solves It
Traefik watches the Docker socket or Kubernetes API and updates its routing rules automatically as containers start and stop. Adding a new service requires labeling the container rather than editing a config file. Let's Encrypt certificate provisioning and renewal runs automatically for every domain Traefik routes. The web dashboard shows every router, middleware, and service in real time. MIT licensed; runs as a Docker container with a single YAML config.
Key Features
- Automatic service discovery from Docker, Kubernetes, Consul, and other providers
- Let's Encrypt SSL certificate provisioning and automatic renewal per domain
- HTTP, TCP, and UDP routing with middleware for rate limiting, authentication, and retries
- Real-time web dashboard showing all routers, services, middleware, and health status
- Weighted load balancing and circuit breaker patterns built into the routing layer
- gRPC, WebSocket, and HTTP/2 support without additional configuration
Self-Hosting
Traefik runs as a Docker container alongside your other services. Add a single YAML configuration file pointing it at your Docker socket or Kubernetes API, then label each service container with routing rules. Let's Encrypt certificate provisioning is automatic with no additional setup.
License
MIT. Free to use, modify, and distribute for personal or commercial use without restriction. Traefik Labs offers commercial add-ons (Traefik Hub, Traefik Enterprise) separately; the core proxy is MIT.
Who It's For
Traefik is best for DevOps and platform engineering teams running containerized services on Docker or Kubernetes who want a reverse proxy that stays synchronized with their infrastructure automatically. It suits teams that have outgrown manually maintained Nginx configs and want certificate management handled without a separate certbot cron job.
Compared to Nginx
Unlike Nginx, Traefik reads routing configuration from container labels and Kubernetes annotations directly. There are no config files to edit, no reload commands to run, and no certificate renewal scripts to maintain. New services route through the proxy as soon as their container starts.
