Host-wide Traefik Container Pattern π
Host-based Traefik pattern provides centralized HTTPS termination and routing for services on a single host without requiring Docker socket access.
Key Components
- Shared Docker proxy network for service connectivity
- File-based configuration in /srv/traefik/conf.d/
- Per-service configuration files
- Automatic Letβs Encrypt certificate management
- HTTP to HTTPS redirection
Directory Structure
/srv/traefik/βββ docker-compose.yaml # Traefik compose configurationβββ traefik.yaml # Main Traefik configurationβββ conf.d/ # Service configurations βββ {hostname}.yaml # Per-service routing rulesUsage
- Create the proxy network:
docker network create proxy- Add service to proxy network in compose.yml:
networks: proxy: external: true- Configure routing in
/srv/traefik/conf.d/{hostname}.yaml:
http: routers: myservice: entrypoints: websecure rule: Host(`service.domain.com`) service: myservice services: myservice: loadBalancer: servers: - url: http://container_name:portSecurity Features
- No Docker socket access required
- File-based configuration
- Automatic HTTPS
- Network isolation via proxy network
- TLS certificate management
For detailed setup instructions see the Docker/Podman Compose Service Pattern documentation.