PickYourTechPickYourTech home
Traefik logo

Traefik

Dynamic reverse proxy and load balancer for cloud-native microservices

Reverse Proxies & Load Balancers

Traefik automatically discovers services from Docker, Kubernetes, Swarm, ECS and other registries, configuring routes, TLS via Let's Encrypt, and load-balancing without manual restarts.

Traefik banner

Overview

Overview

Traefik is a modern HTTP reverse proxy and load balancer designed for cloud‑native environments. It watches the APIs of Docker, Swarm, Kubernetes, ECS, Consul, Etcd and other registries, generating routes on‑the‑fly so developers never edit routing tables manually. The proxy updates its configuration without restarts, keeping services reachable even as containers are added, removed or scaled.

Capabilities

Built‑in TLS automation uses Let’s Encrypt (including wildcard certificates) to secure traffic instantly. Traefik supports multiple load‑balancing algorithms, circuit breakers, retries, HTTP/2, gRPC and WebSockets. Observability is covered through metrics exporters for Prometheus, Datadog, StatsD, InfluxDB and a clean web UI that shows routers, services and middleware in real time. Deployment is simple: a single binary or the official Docker image can be started with a minimal static file, while optional labels let you fine‑tune routing when needed.

Highlights

Zero‑downtime configuration updates from supported orchestrators
Automatic HTTPS with Let’s Encrypt, including wildcard support
Rich observability via Prometheus, Datadog, StatsD, and built‑in metrics
Single‑binary deployment with optional Docker image

Pros

  • Dynamic service discovery eliminates manual routing
  • Built‑in TLS automation simplifies security
  • Supports many backends (Docker, Kubernetes, ECS, file)
  • Lightweight single binary and Docker image

Considerations

  • Complexity may increase with large numbers of routes
  • Advanced features require understanding of labels/annotations
  • Migration between major versions can involve breaking changes
  • Limited GUI functionality compared to full‑featured commercial proxies

Managed products teams compare with

When teams consider Traefik, these hosted platforms usually appear on the same shortlist.

AWS Elastic Load Balancing logo

AWS Elastic Load Balancing

Managed load balancer service that automatically distributes incoming traffic across multiple targets to improve availability

Azure Load Balancer logo

Azure Load Balancer

Fully managed layer-4 load balancing service for distributing network traffic across multiple VMs or services in Azure

Fastly Load Balancing logo

Fastly Load Balancing

Edge load balancing with real-time health checks and failover.

Looking for a hosted option? These are the services engineering teams benchmark against before choosing open source.

Fit guide

Great for

  • Teams running container orchestrators needing auto‑configured ingress
  • Developers who want fast, zero‑downtime deployments
  • Organizations that prefer native TLS automation
  • Projects that value a single‑binary, cloud‑native proxy

Not ideal when

  • Environments requiring deep custom UI dashboards
  • Legacy monolithic apps without service discovery
  • Scenarios demanding extensive enterprise support contracts
  • Use cases needing proprietary protocol extensions not yet supported

How teams use it

Kubernetes microservice exposure

Automatically creates Ingress routes and TLS certificates for services as they are deployed, removing manual Ingress configuration.

Docker Swarm stack rollout

Traefik reads Docker labels to route traffic to new containers instantly, supporting zero‑downtime updates.

Edge TLS termination for SaaS

Let’s Encrypt integration provides wildcard certificates, securing all sub‑domains without manual certificate management.

Metrics collection for monitoring

Exports request and health metrics to Prometheus, enabling real‑time alerting and performance dashboards.

Tech snapshot

Go91%
TypeScript8%
JavaScript1%
Shell1%
Makefile1%
HTML1%

Tags

kuberneteszookeepermicroservicegomesosetcdtraefikletsencryptmarathonconsulload-balancergolangreverse-proxydocker

Frequently asked questions

Do I need to write configuration files?

Traefik can run with zero static config; it discovers services via the orchestrator and builds routes dynamically, though optional static config is supported.

How does Traefik obtain TLS certificates?

It uses the ACME protocol with Let’s Encrypt; you can enable automatic certificate issuance and renewal, including wildcard domains.

Can I use Traefik with my existing load balancer?

Yes, Traefik can run as a sidecar or upstream proxy; you can also configure it to forward traffic to another load balancer.

Is there a GUI to view routes?

Traefik provides a built‑in web UI that displays current routers, services, and middleware in real time.

Which platforms are officially supported?

Docker, Docker Swarm, Kubernetes, Amazon ECS, Consul, Etcd, Rancher v2, and file‑based configuration are supported.

Project at a glance

Active
Visit siteView repo
Stars
61,177
Watchers
61,177
Forks
5,785
LicenseMIT
Repo age10 years old
Last commityesterday
Primary languageGo

Last synced 12 hours ago