Skip to content

Traefik

Traefik logo

Overview

Field Value
Purpose Route HTTP/HTTPS traffic and manage TLS
Business function Entry point for published web services
Owner IT Operations
Criticality Critical
Image traefik:v3.7.0

Architecture

flowchart LR
    Client --> PF["pfSense"]
    PF --> T["Traefik :80/:443"]
    T --> AP["aproxy network"]
    AP --> Services

Traefik reads Docker labels through the mounted Docker socket and routes to containers on aproxy.

Installation

Docker Compose project traefik at /root/traefik/docker-compose.yml.

Configuration

Item Path/value
Static config /root/traefik/data/traefik.yml
Dynamic config /root/traefik/data/conf.d
Certificates /root/traefik/data/certs
Logs /root/traefik/data/logs
Ports Host TCP 80 and 443
Restart policy unless-stopped

The .env file includes EMAIL, API_KEY, and TRAEFIK_HOME; values are secret and must not be committed.

Operational Procedures

cd /root/traefik
docker compose config
docker compose logs --tail=200 traefik
docker compose restart traefik
docker compose pull traefik
docker compose up -d traefik

Back up data/traefik.yml, data/conf.d, and data/certs before changes. After an update, test one internal and one public route plus certificate validity.

Troubleshooting

  • 404: router rule or service label did not match.
  • 502/504: backend is unhealthy, unreachable, or on the wrong network.
  • Certificate error: inspect ACME logs, DNS, firewall forwarding, and certificate-store permissions.
  • No routes: verify Docker socket access and providers.docker configuration.

References

  • Runtime mounts, image, and network captured June 9, 2026