vellis/wiki
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
e7b0b6c1be42b42bec25d944ef3299cf5c769d58
wiki/Catalogue-Self-Hosted/apps/app-traefik.md
T
vellis bda02d587f Initial vault setup
2026-06-09 18:40:21 +02:00

184 lines
5.4 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
---
title: Traefik
created: 2026-06-06
updated: 2026-06-06
type: app
tags: [catalogue, reverse-proxy, cloud-native, go, docker, auto-hebergement]
confidence: high
contested: false
sources: [https://selfh.st/apps/?tag=Reverse+Proxy, https://traefik.io/]
---
# 🚦 Traefik
> **Reverse proxy cloud-native** : détecte automatiquement vos services Docker et génère les certs Let's Encrypt. Le standard pour les stacks Docker.
## 📋 Informations Générales
| Champ | Valeur |
| :--- | :--- |
| **Site web** | [traefik.io](https://traefik.io/) |
| **GitHub** | [traefik/traefik](https://github.com/traefik/traefik) |
| **License** | MIT |
| **Langage** | Go |
| **Étoiles GitHub** | 64k ⭐ |
| **Dernière MAJ** | 2026-06-05 |
| **Catégorie** | [[cat-reverse-proxy|Reverse Proxy]] |
## 📝 Description
**Traefik** est le **reverse proxy de référence pour les environnements Docker/Kubernetes**. Ses forces :
-**Auto-discovery** des services via Docker labels ou K8s
-**Let's Encrypt automatique** (HTTP-01 ou DNS-01 challenge)
-**Dashboard web** intégré
-**API REST** pour introspection
-**Hot reload** : pas besoin de redémarrer pour changer la config
-**Multi-providers** : Docker, K8s, file, Consul, etcd...
-**Middlewares** : auth, rate-limit, headers, compression...
**Différence avec Caddy** : Caddy = config statique (Caddyfile). Traefik = config dynamique via Docker (ajouter un service = ajouter des labels, c'est tout).
## 🚀 Installation
### Option 1 : Docker Compose (recommandé)
```yaml
# docker-compose.yml
version: '3.8'
services:
traefik:
image: traefik:v3.0
container_name: traefik
restart: unless-stopped
command:
- "--api.dashboard=true"
- "--providers.docker=true"
- "--providers.docker.exposedbydefault=false"
- "--entrypoints.web.address=:80"
- "--entrypoints.web.http.redirections.entryPoint.to=websecure"
- "--entrypoints.web.http.redirections.entryPoint.scheme=https"
- "--entrypoints.websecure.address=:443"
- "--certificatesresolvers.letsencrypt.acme.email=you@example.com"
- "--certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json"
- "--certificatesresolvers.letsencrypt.acme.tlschallenge=true"
ports:
- "80:80"
- "443:443"
- "8080:8080" # Dashboard
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- letsencrypt:/letsencrypt
networks:
- proxy
# Exemple : un service qui sera auto-découvert
whoami:
image: traefik/whoami
container_name: whoami
networks:
- proxy
labels:
- "traefik.enable=true"
- "traefik.http.routers.whoami.rule=Host(`whoami.example.com`)"
- "traefik.http.routers.whoami.entrypoints=websecure"
- "traefik.http.routers.whoami.tls.certresolver=letsencrypt"
networks:
proxy:
name: proxy
volumes:
letsencrypt:
```
> ⚡ **Pas besoin de recharger Traefik** ! Le service `whoami` est détecté automatiquement.
### Option 2 : Fichier de config statique
```yaml
# traefik.yml
api:
dashboard: true
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
exposedByDefault: false
entryPoints:
web:
address: ":80"
http:
redirections:
entrypoint:
to: websecure
scheme: https
websecure:
address: ":443"
certificatesResolvers:
letsencrypt:
acme:
email: you@example.com
storage: /letsencrypt/acme.json
tlsChallenge: true
```
## ⚙️ Configuration Initiale
1. **Déployer Traefik** (Docker Compose ci-dessus)
2. **Pour chaque service** que vous voulez exposer :
```yaml
labels:
- "traefik.enable=true"
- "traefik.http.routers.MONAPP.rule=Host(`monapp.example.com`)"
- "traefik.http.routers.MONAPP.entrypoints=websecure"
- "traefik.http.routers.MONAPP.tls.certresolver=letsencrypt"
```
3. **Accéder au dashboard** : `http://IP_DU_SERVEUR:8080`
## 🔄 Alternatives
### Open Source
- [[app-caddy]] — Plus simple pour config statique
- [[app-nginx-proxy-manager]] — GUI complète
- [[app-haproxy]] — Pour load balancing pur
- [[app-pangolin]] — Tunneling + proxy
### Comparaison (voir aussi [[comparatif-reverse-proxy]])
| Critère | Traefik | Caddy | Nginx Proxy Manager |
| :--- | :--- | :--- | :--- |
| Auto-discovery | ✅ | ❌ | ⚠️ Partiel |
| Let's Encrypt | ✅ | ✅ | ✅ |
| GUI | Dashboard | ❌ | ✅ Complète |
| Config | Labels/YAML | Caddyfile | GUI + fichiers |
| Public cible | DevOps | Débutants | Débutants |
| Performance | ⭐⭐⭐⭐ | ⭐⭐⭐⭐ | ⭐⭐⭐ |
### Propriétaires (ce que Traefik remplace)
- **Cloudflare Pro** (avec Workers)
- **AWS ALB** (Elastic Load Balancing)
- **F5 BIG-IP** (load balancer enterprise)
## 🔐 Sécurité
- **Let's Encrypt** : renouvellement automatique
- **HTTP → HTTPS** redirection automatique
- **Rate limiting middleware**
- **IP Whitelisting middleware**
- **Basic Auth, Digest Auth** intégrés
## 📚 Ressources
- [Documentation officielle](https://doc.traefik.io/traefik/)
- [Docker provider](https://doc.traefik.io/traefik/providers/docker/)
- [Lets Encrypt](https://doc.traefik.io/traefik/https/acme/)
## Pages Liées
- [[cat-reverse-proxy]] — Catégorie Reverse Proxy
- [[app-caddy]] — Concurrent
- [[recettes-docker-compose]] — Templates Traefik
- [[comparatif-reverse-proxy]] — Comparaison détaillée
- [[securisation-home-lab]] — Sécurité
Reference in New Issue View Git Blame Copy Permalink