Skip to content

Traefik Role

Modern HTTP reverse proxy and load balancer with automatic service discovery and Let's Encrypt integration.

Features

  • Rootless Podman deployment
  • Automatic service discovery
  • Let's Encrypt integration
  • Dynamic configuration
  • Built-in dashboard
  • Metrics and monitoring

Quick Start

./manage-svc.sh traefik prepare
./manage-svc.sh traefik deploy
./svc-exec.sh traefik verify

Configuration

Key Variables

traefik_state: present
traefik_data_dir: "~/traefik-data"
traefik_http_port: 8080    # 80 if privileged
traefik_https_port: 8443   # 443 if privileged
traefik_dashboard_port: 9999
traefik_dashboard_enabled: true
traefik_enable_ssl: true
traefik_acme_email: "your@email.com"

Ports

  • HTTP: 8080 (or 80 with privileges)
  • HTTPS: 8443 (or 443 with privileges)
  • Dashboard: 9999

Usage

Dashboard Access

Open http://localhost:9999/dashboard/

Configuration

Traefik watches for Podman container labels:

labels:
  - "traefik.enable=true"
  - "traefik.http.routers.myapp.rule=Host(`myapp.example.com`)"
  - "traefik.http.services.myapp.loadbalancer.server.port=8080"

Dynamic Routing

Route requests based on: - Host headers - Path prefixes - Request headers - Query parameters

API Debugging

Router Information

# List all routers
curl http://localhost:9999/api/http/routers | jq .

# Specific router
curl http://localhost:9999/api/http/routers/your-router@docker | jq .

Service Information

# List services
curl http://localhost:9999/api/http/services | jq .

Health Check

curl http://localhost:9999/api/health

Use Cases

  • Reverse proxy testing
  • SSL/TLS termination testing
  • Multi-service routing
  • Load balancing testing
  • Microservices gateway testing
  • Let's Encrypt automation testing

Let's Encrypt Integration

Automatic Certificates

traefik_enable_ssl: true
traefik_acme_email: "admin@example.com"
traefik_acme_storage: "{{ traefik_data_dir }}/acme.json"

Traefik automatically: - Requests certificates from Let's Encrypt - Renews certificates before expiration - Handles ACME challenges

Troubleshooting

Certificate Issues

Check ACME logs: 

podman logs traefik-svc | grep acme

Verify ACME storage: 

ls -l ~/traefik-data/acme.json

Routing Not Working

  1. Check router configuration: 

    curl http://localhost:9999/api/http/routers | jq .

  2. Verify service is discovered

  3. Check container labels
  4. Review Traefik logs

Port Binding Issues

For ports < 1024, need privileged mode or:

# Allow binding to privileged ports
sudo setcap 'cap_net_bind_service=+ep' /usr/bin/podman

Or use high ports (8080, 8443) and forward via iptables.

Service Management

# Status
systemctl --user status traefik-pod

# Logs
podman logs traefik-svc

# Reload config
systemctl --user restart traefik-pod

Removal

# Keep data (certificates)
./manage-svc.sh traefik remove

# Delete all
./manage-svc.sh traefik remove -e traefik_delete_data=true

License

MIT

Author

Created by jackaltx and Claude.