Keywords
Traefik is a Cloud Native Application Proxy. This zone has some general information and links, including some trouble-shooting tips.
Whilst learning how to configure it takes some patience, it is very powerful and flexible and has an excellent separation of concerns between entry points, middleware, routing, and services (targets of routing).
Rather than trying to massage full web servers such as Apache or nginx into acting as a reverse proxy, Traefik offers a dedicated solution, and it plays particularly nicely with Docker. It also has support for Let's Encrypt (ACME) certificates for TLS (secure HTTPS) built-in, which save a lot of time and fuss. And it has an excellent web-based dashboard that you can optionally expose.
Simply put, if you only wish to expose a simple Dockerized app to the web safely and reliably, you don't need a full web server, just use Traefik.
Installation is easy, in fact may you not need to install it as a command line app at all, you can just pull it as a Docker image and it works in parallel with Docker.
Want a quick and easy HTTP Basic Auth in front of an existing app? No worries with Traefik; simply activate the basicauth middleware, add an htpasswd hash, and assign it to chosen router (actually if you using a docker-compose.yml there are some tricks, see the GOTCHAS below).
You can choose to use the additional Traefik config files (YAML or older TOML), but for most situations you can get away with doing everything in one place in a single docker-compose.yml file using "commands" and "labels", along with deploying the Docker-based service you wish to reverse proxy.
It has by default 'web' 80 and a 'websecure' 443 entrypoints (as well as the special 'traefix' endpoint using internally), which you can use directly, or you can easily add your own endpoint with a specific port.
Some getting started TIPs
In addition to the main Traefik docs, it is highly recommend that you also look at the Best Practice guides and examples from Traefik expert bluepuma77, they may save you a lot of time, and have some good downloadable examples you can adapt.
Some GOTCHAs
If you are working with Docker, DO create your own 'proxy' network and assign both the 'traefik' service and your Docker app service to both be on that same network. See this example.
If you are using just docker-compose.yml (specifically) and you want to assign an htpasswd password hash to a basicauth you must escape every $ as $$.
If you are just using HTTP (initially for testing) automatic redirection from HTTP to HTTPS in browsers (especially Chrome and Safari) may throw you off during testing, it might leave you thinking that Traefik is not behaving as it should. There are countless forum links on how to override this behaviour in various versions of Chrome and Safari, and your mileage with the recommendations varies. Easiest is to use Opera and wget or curl when testing against insecure HTTP.
If, instead of using the default 8080 Dashboard/API port with api.insecure=true, you want to assign the dashboard to 443 entrypoint 'websecure' and use a specific path you must declare the path for both '/api' (no trailing backslash) and '/dashboard' (no trailing backslash), and you must use PathPrefix not just Path in your router rule because it has special handling:
- traefik.http.routers.mydashboard.rule=Host(`example.com`) && (PathPrefix(`/dashboard`) || PathPrefix(`/api`))