DEV Community

Alex Spinov
Alex Spinov

Posted on

Traefik Has a Free API: Cloud-Native Reverse Proxy That Configures Itself

#traefik #reverseproxy #docker #kubernetes

Traefik is a reverse proxy and load balancer that automatically discovers services from Docker, Kubernetes, and other orchestrators. It has a built-in dashboard and REST API for monitoring and configuration.

Why Traefik?

  • Auto-discovery — detects services from Docker labels, K8s Ingress
  • Automatic HTTPS — Let's Encrypt built-in
  • Dashboard — real-time monitoring UI
  • REST API — query routers, services, middlewares
  • Middleware — rate limiting, auth, headers, circuit breakers

Quick Start (Docker) 

# docker-compose.yml
version: '3'
services:
  traefik:
    image: traefik:v3.0
    command:
      - --api.dashboard=true
      - --api.insecure=true
      - --providers.docker=true
      - --entrypoints.web.address=:80
    ports:
      - "80:80"
      - "8080:8080"  # Dashboard
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock

  whoami:
    image: traefik/whoami
    labels:
      - "traefik.http.routers.whoami.rule=Host(`whoami.localhost`)"
Enter fullscreen mode Exit fullscreen mode 
docker compose up -d
# Dashboard: http://localhost:8080
# Service: http://whoami.localhost
Enter fullscreen mode Exit fullscreen mode

REST API 

# API overview
curl http://localhost:8080/api/overview | python3 -m json.tool

# List all HTTP routers
curl http://localhost:8080/api/http/routers

# Get specific router
curl http://localhost:8080/api/http/routers/whoami@docker

# List all services
curl http://localhost:8080/api/http/services

# List middlewares
curl http://localhost:8080/api/http/middlewares

# Entrypoints
curl http://localhost:8080/api/entrypoints

# Health check
curl http://localhost:8080/ping
Enter fullscreen mode Exit fullscreen mode

Docker Labels (Auto-Config) 

services:
  myapp:
    image: myapp:latest
    labels:
      # Basic routing
      - "traefik.http.routers.myapp.rule=Host(`app.example.com`)"
      - "traefik.http.routers.myapp.entrypoints=websecure"
      - "traefik.http.routers.myapp.tls.certresolver=letsencrypt"

      # Rate limiting middleware
      - "traefik.http.middlewares.ratelimit.ratelimit.average=100"
      - "traefik.http.middlewares.ratelimit.ratelimit.burst=50"
      - "traefik.http.routers.myapp.middlewares=ratelimit"

      # Load balancer
      - "traefik.http.services.myapp.loadbalancer.server.port=3000"
      - "traefik.http.services.myapp.loadbalancer.healthCheck.path=/health"
      - "traefik.http.services.myapp.loadbalancer.healthCheck.interval=10s"
Enter fullscreen mode Exit fullscreen mode

Kubernetes IngressRoute 

apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
  name: myapp
spec:
  entryPoints:
    - websecure
  routes:
    - match: Host(`app.example.com`)
      kind: Rule
      services:
        - name: myapp
          port: 80
      middlewares:
        - name: rate-limit
  tls:
    certResolver: letsencrypt
Enter fullscreen mode Exit fullscreen mode

Key Middlewares

Middleware Purpose
RateLimit Limit requests per second
BasicAuth HTTP basic authentication
Headers Add/modify HTTP headers
Compress gzip/brotli compression
CircuitBreaker Protect overloaded services
Retry Automatic retry on failure
StripPrefix Remove URL prefix
RedirectScheme HTTP → HTTPS redirect

Resources

Need infrastructure automation or data pipelines? Check my Apify tools or email spinov001@gmail.com.

Top comments (0)