Traefik primer
A zero-friction reverse proxy that reads your infrastructure from Docker labels, Kubernetes annotations, or a static file — no config sprawl, no reloads.
Why Traefik
Traefik auto-discovers services and issues Let's Encrypt certificates on the fly. You define routing rules as labels on your containers, and Traefik wires everything together without touching a monolithic config file. It ships with built-in middleware for rate limiting, header manipulation, and circuit breaking — all declarative.
EntryPoints, Routers, and Middleware
An entryPoint is a port Traefik listens on (e.g. 80, 443). A router matches incoming requests by host, path, or headers and hands them to a service. Middleware sits between the router and service — add headers, strip prefixes, enforce rate limits, or inject authentication.
TLS at the edge
Traefik's ACME integration handles certificate ordering and renewal automatically. Define a certificate resolver once, attach it to a router with a single label, and every domain gets HTTPS with zero manual intervention. Wildcard certificates are supported via DNS-01 challenges.
Observability
Traefik exposes metrics, access logs, and tracing out of the box. Point it at Prometheus, Grafana, or your OpenTelemetry collector and you get per-service latency, status codes, and retry counts without instrumenting application code.