Traefik and Let's Encrypt integration¶
Traefik is a modern reverse proxy and load balancer often used within [[Docker]] environments to dynamically manage routing to containerized services^[400-devops-03-containerization-traefik.md]. A key feature of Traefik is its ability to integrate with Let's Encrypt to automatically provision and renew SSL/TLS certificates, securing services with HTTPS without manual intervention^[400-devops-03-containerization-traefik.md].
Configuration via Docker Labels¶
Traefik configuration is primarily handled by attaching labels to Docker containers^[400-devops-03-containerization-traefik.md]. These labels define how the proxy routes traffic and handles network connections.
Common labels include specifying the Docker network (traefik.docker.network), enabling the proxy for a specific container (traefik.enable), and defining the frontend rule such as the host domain (e.g., traefik.basic.frontend.rule=Host:example.com)^[400-devops-03-containerization-traefik.md]. Additionally, labels can set the target port (traefik.basic.port) and protocol (traefik.basic.protocol) to ensure correct traffic forwarding^[400-devops-03-containerization-traefik.md].
labels:
- "[Traefik](<./traefik.md>).docker.network=web"
- "[Traefik](<./traefik.md>).enable=true"
- "[Traefik](<./traefik.md>).basic.frontend.rule=Host:domain2.com"
- "[Traefik](<./traefik.md>).basic.port=8080"
- "[Traefik](<./traefik.md>).basic.protocol=http"
Automated SSL with Let's Encrypt¶
By leveraging Let's Encrypt, Traefik can automate the lifecycle of X.509 certificates^[400-devops-03-containerization-traefik.md]. This integration eliminates the need to manually generate or purchase certificates, as Traefik handles the challenge-response process required for domain validation and automatically renews certificates before they expire^[400-devops-03-containerization-traefik.md].
Related Concepts¶
- [[Docker]]
- [[Reverse Proxy]]
- SSL/TLS
Sources¶
- 400-devops-03-containerization-traefik.md