Traefik with docker-compose

What is Traefik and how does it work?

Traefik is a tool that can be used to manage and route traffic and requests in a modern, cloud-native environment. Traefik is one of the most popular tools for managing and routing traffic in today’s environments, and it’s easy to see why. Many organizations that use microservices and containers rely on Traefik to manage their traffic. 

It’s designed to work well with containers and orchestration systems, and it supports a wide range of service discovery providers, such as docker, consul, and kubernetes. This means that Traefik automatically finds new services and routes traffic to them, without having to manually configure them. 

The Traefik platform includes core reverse proxy as well as load balancing capabilities. It also supports SSL termination and health checks, as well as circuit breakers and it also has a web dashboard that monitors and manages your infrastructure. 

Traefik’s core features are highly configurable, but you can also add custom functionality with its powerful plugin system.

Traefik acts as a reverse proxy server that sits between a client request and the backend service that processes that request. It checks incoming requests and uses a set of routing rules to determine how to route those requests to the backend service.

When a request arrives at Traefik, it first inspects it and extracts information from the request, such as the request URL, the request headers, etc. The information is then used to decide which backend service should handle the request.

Traefik’s routing rules are based on various parameters, including the hostname of the incoming request, the path to the request, and the header values.

Once Traefik decides which backend service to forward the request to, it forwards that request to the backend service and forwards the response to your client.

One of the main advantages of using Traefik over other services is that it automatically detects and routes traffic to the backend services without any manual configuration. For example, if a new service is added or removed from Traefik, the traffic to the backend service will automatically be routed to that service.

Another advantage is that Traefik supports a variety of service discovery providers, such as Docker


The overall conclusion is that Traefik offers a powerful and adaptable tool that offers a broad range of features for traffic and request management in today’s cloud-native infrastructures. Automatically discovering and routing traffic to the backend services makes Traefik an attractive choice for enterprises using microservices and containers.

Getting Started


You need to have docker installed on your computer. If you don't have it jet follow the instructions from the docker docs.

Create a Docker network

Traefik needs a external network to communicate to your other Docker containers. To do this, open a terminal and execute the following command:

docker network create traefik_net

Create a configuration file for Traefik

The first thing you need to do is to create a Traefik configuration file. This file will tell Traefik how to route traffic. To do this, create a new traefik.yml file and add the following:

## traefik.yml

 checkNewVersion: true
 sendAnonymousUsage: false

 level: "INFO"

 filePath: "/logs/access.log"
 bufferingSize: 100 # Configuring a buffer of 100 lines
   statusCodes: "204-299,400"

 insecure: true
 dashboard: true

   address: ":80"
         to: websecure
   address: ":443"
       - secureHeaders@file

   endpoint: "unix:///var/run/docker.sock"
   exposedByDefault: false
   watch: true
   directory: “/etc/traefik/dynamic_conf”

In this configuration file we created two access points to listen.

1) web ( Port 80 HTTP ) with a redirect to the entry point websecure

2) websecure ( Port 443 HTTPS ) where we access a middleware with secureHeaders


If you don't want to use SSL do not add the redirect so remove the http: part from the web entry point.

Create your .crt and .key file ( optional )

For testing or your local development area you can create self signed certificates with:

openssl req -x509 \
           -sha256 -days 356 \
           -nodes \
           -newkey rsa:2048 \
           -keyout YOUR_KEY_FILE.key -out YOUR_CERT_FILE.crt

Create your TLS configuration file

To use your traefik over ssl you need to add a cert to resolve and add this to tls.yml.

## tls.yml

       sslRedirect: true
       forceSTSHeader: true
       stsIncludeSubdomains: true
       stsPreload: true
       stsSeconds: 31536000

       certFile: /tls/YOUR_CERT_FILE.crt
       keyFile: /tls/YOUR_KEY_FILE.key 
   - certFile: /tls/YOUR_CERT_FILE.crt
     keyFile: /tls/YOUR_KEY_FILE.key

Create your docker-compose.yml

If you don't use SSL use as entrypoint web not websecure.

## docker-compose.yml

version: "3.8"
    name: "traefik_net"
    external: true
    image: "traefik:latest"
    container_name: "demo_traefik"  
    hostname: "demo"
    network_mode: "host"
    restart: "unless-stopped"
      - "./traefik.yml:/traefik.yml:ro"
      - "/var/run/docker.sock:/var/run/docker.sock:ro"
      - "./tls.yml:/etc/traefik/dynamic_conf/conf.yml:ro"
      - "./tls-data:/tls:ro"
      - "traefik.enable=true"
      - ""
      # HTTPS Routers
      - "traefik.http.routers.demo_traefik.rule=Host(`traefik.localhost`)"
      - ""
      - "traefik.http.routers.demo_traefik.tls=true"
      - "traefik.http.routers.demo_traefik.entrypoints=websecure"

Start your docker-compse.yml

Now you can start your service with:

docker compose up -d

now you can access the traefik dashbord at https://trafik.localhost or http://traefik.localhost.

you can find the example on my git server.