🚦 Traefik

Traefik acts as the reverse proxy and dynamic router in the production environment. This document covers core concepts, configuration patterns, and diagnostic procedures.

---

🧩 Core Concepts

• Router — decides which service handles an incoming request
• Service — backend target (e.g., a Docker container)
• Middleware — request/response modifiers (redirects, headers, rate limits)
• EntryPoint — exposed port (e.g., :80, :443)

Routers match requests → apply middleware → forward to services.

---

🔐 HTTPS Router Example

labels:
  - "traefik.enable=true"
  - "traefik.http.routers.app.rule=Host(`app.example.com`)"
  - "traefik.http.routers.app.entrypoints=websecure"
  - "traefik.http.routers.app.tls.certresolver=le"

Notes:

• websecure typically maps to port :443
• certresolver=le enables automatic Let's Encrypt certificates
• Host rules support multiple domains and wildcards

---

🛠️ Diagnostics & Debugging

🔍 Checking Router Health

docker exec -it traefik sh
traefik healthcheck

📜 Logs

docker logs -f traefik

Useful for:

• ACME/Let's Encrypt errors
• Router registration issues
• Network connectivity problems

📊 Dashboard

Enable in Traefik configuration:

api:
  dashboard: true

Then access:

https://your-domain.com/dashboard/

(Requires a router + authentication middleware in production.)

---

🚨 Common Issues & Solutions

Problem	Cause	Solution
404 from Traefik	Router not created	Check rule= label
TLS not working	Missing certresolver	Add tls.certresolver=le
Router cannot reach container	Missing network	Add networks: - traefik-net
Wrong service port	Incorrect loadbalancer port	Set traefik.http.services.<name>.loadbalancer.server.port=
ACME rate limits	Too many cert requests	Reuse certificates, check domain spelling

---

📘 Additional Topics

• Traefik networking
• Traefik middlewares
• Traefik + Docker Compose integration
• Troubleshooting ACME errors