Traefik Proxy

Description / name	Input element
Your domain name

Overview

Traefik Proxy is an open-source, dynamic reverse proxy and load balancer designed for modern, distributed, and microservices architectures.

Manual

Releases

Community

---

Deployment

Saltbox dependency.

sb install traefik

Usage

Visit https://dash.iYOUR_DOMAIN_NAMEi.

Role Defaults

Variables can be customized using the Inventory. (1)

1. Example override

   traefik_name: "custom_value"
   

   Avoid overriding variables ending in _default

   When overriding variables that end in _default (like traefik_docker_envs_default), you replace the entire default configuration. Future updates that add new default values will not be applied to your setup, potentially breaking functionality.

   Instead, use the corresponding _custom variable (like traefik_docker_envs_custom) to add your changes. Custom values are merged with defaults, ensuring you receive updates.

BasicsConfigWebLoggingGlobal Override Options

traefik_name

# Type: string
traefik_name: traefik

traefik_trusted_ips

# Type: string
traefik_trusted_ips: ""

traefik_plugin_cloudflarewarp_enabled

# Type: bool (true/false)
traefik_plugin_cloudflarewarp_enabled: true

traefik_file_watch

# Type: string
traefik_file_watch: "true"

traefik_x_robots

# Type: string
traefik_x_robots: "none,noarchive,nosnippet,notranslate,noimageindex"

traefik_http3

# HTTP3 can cause issues with some apps
# Type: bool (true/false)
traefik_http3: false

traefik_tailscale_enabled

# Type: bool (true/false)
traefik_tailscale_enabled: false

traefik_entrypoint_web_port

# traefik_tailscale_bind_ip: "" # Set to override the WAN IP port binding when server is not connected directly to the Internet.
# traefik_tailscale_bind_ipv6: "" # Same but IPv6
# Type: string
traefik_entrypoint_web_port: "80"

traefik_entrypoint_web_readtimeout

# Type: string
traefik_entrypoint_web_readtimeout: "600"

traefik_entrypoint_web_writetimeout

# Type: string
traefik_entrypoint_web_writetimeout: "0"

traefik_entrypoint_web_idletimeout

# Type: string
traefik_entrypoint_web_idletimeout: "180"

traefik_entrypoint_web_request_maxheaderbytes

# Type: string
traefik_entrypoint_web_request_maxheaderbytes: "1048576"

traefik_entrypoint_websecure_port

# Type: string
traefik_entrypoint_websecure_port: "443"

traefik_entrypoint_websecure_readtimeout

# Type: string
traefik_entrypoint_websecure_readtimeout: "600"

traefik_entrypoint_websecure_writetimeout

# Type: string
traefik_entrypoint_websecure_writetimeout: "0"

traefik_entrypoint_websecure_idletimeout

# Type: string
traefik_entrypoint_websecure_idletimeout: "180"

traefik_entrypoint_websecure_request_maxheaderbytes

# Type: string
traefik_entrypoint_websecure_request_maxheaderbytes: "1048576"

traefik_entrypoint_custom

# Type: dict
traefik_entrypoint_custom: {}

traefik_dns_resolvers

# Format is as follows (address can be empty string "" to bind on every interface):
# Type options are tcp, udp or both.
# traefik_entrypoint_custom:
# tcp-entrypoint:
# address: "IP"
# port: "81"
# tls: false
# type: tcp
# tcp-and-udp-entrypoint-with-tls:
# address: "IP"
# port: "444"
# tls: true
# type: both
# Type: string
traefik_dns_resolvers: "1.1.1.1:53,1.0.0.1:53"

traefik_disable_propagation_check

# Type: bool (true/false)
traefik_disable_propagation_check: false

traefik_enable_http_validation

# Type: string
traefik_enable_http_validation: "{{ traefik_http or (traefik.cert.http_validation | bool) }}"

traefik_enable_zerossl

# Type: bool (true/false)
traefik_enable_zerossl: true

traefik_crowdsec_ban_filepath

# Path is internal to the container, so a host path of /opt/traefik/ban.html becomes /etc/traefik/ban.html
# Type: string
traefik_crowdsec_ban_filepath: "/etc/traefik/ban.html"

traefik_sanitize_path

# Entrypoint Path Sanitization Settings
# Type: bool (true/false)
traefik_sanitize_path: true

traefik_encoded_allow_slash

# Entrypoint Encoded characters settings (applied to all entrypoints)
# Type: bool (true/false)
traefik_encoded_allow_slash: true

traefik_encoded_allow_backslash

# Type: bool (true/false)
traefik_encoded_allow_backslash: true

traefik_encoded_allow_null

# Type: bool (true/false)
traefik_encoded_allow_null: true

traefik_encoded_allow_semicolon

# Type: bool (true/false)
traefik_encoded_allow_semicolon: true

traefik_encoded_allow_percent

# Type: bool (true/false)
traefik_encoded_allow_percent: true

traefik_encoded_allow_question_mark

# Type: bool (true/false)
traefik_encoded_allow_question_mark: true

traefik_encoded_allow_hash

# Type: bool (true/false)
traefik_encoded_allow_hash: true

traefik_role_web_subdomain

# Type: string
traefik_role_web_subdomain: "{{ traefik.subdomains.dash }}"

traefik_role_web_domain

# Type: string
traefik_role_web_domain: "{{ user.domain }}"

traefik_role_metrics_subdomain

# Type: string
traefik_role_metrics_subdomain: "{{ traefik.subdomains.metrics }}"

traefik_role_metrics_domain

# Type: string
traefik_role_metrics_domain: "{{ user.domain }}"

traefik_role_log_level

# Type: string
traefik_role_log_level: "ERROR"

traefik_role_log_file

# Type: bool (true/false)
traefik_role_log_file: true

traefik_role_log_max_size

# Type: string
traefik_role_log_max_size: "10"

traefik_role_log_max_backups

# Type: string
traefik_role_log_max_backups: "3"

traefik_role_log_max_age

# Type: string
traefik_role_log_max_age: "3"

traefik_role_log_compress

# Type: string
traefik_role_log_compress: "true"

traefik_role_access_log

# Type: bool (true/false)
traefik_role_access_log: true

traefik_role_access_buffer

# Type: int
traefik_role_access_buffer: 100

traefik_role_autoheal_enabled

# Enable or disable Autoheal monitoring for the container created when deploying
# Type: bool (true/false)
traefik_role_autoheal_enabled: true

traefik_role_depends_on

# List of container dependencies that must be running before the container start
# Type: string
traefik_role_depends_on: ""

traefik_role_depends_on_delay

# Delay in seconds before starting the container after dependencies are ready
# Type: string (quoted number)
traefik_role_depends_on_delay: "0"

traefik_role_depends_on_healthchecks

# Enable healthcheck waiting for container dependencies
# Type: string ("true"/"false")
traefik_role_depends_on_healthchecks:

traefik_role_diun_enabled

# Enable or disable Diun update notifications for the container created when deploying
# Type: bool (true/false)
traefik_role_diun_enabled: true

traefik_role_dns_enabled

# Enable or disable automatic DNS record creation for the container
# Type: bool (true/false)
traefik_role_dns_enabled: true

traefik_role_docker_controller

# Enable or disable Saltbox Docker Controller management for the container
# Type: bool (true/false)
traefik_role_docker_controller: true

traefik_role_docker_networks_alias_custom

# Type: list
traefik_role_docker_networks_alias_custom:

traefik_role_docker_volumes_download

# Type: bool (true/false)
traefik_role_docker_volumes_download:

traefik_role_themepark_addons

# Type: string
traefik_role_themepark_addons:

traefik_role_themepark_app

# Type: string
traefik_role_themepark_app:

traefik_role_themepark_theme

# Type: string
traefik_role_themepark_theme:

traefik_role_traefik_api_endpoint

# Type: dict/omit
traefik_role_traefik_api_endpoint:

traefik_role_traefik_api_middleware

# Type: string
traefik_role_traefik_api_middleware:

traefik_role_traefik_api_middleware_http

# Type: string
traefik_role_traefik_api_middleware_http:

traefik_role_traefik_autodetect_enabled

# Enable Traefik autodetect middleware for the container
# Type: bool (true/false)
traefik_role_traefik_autodetect_enabled: false

traefik_role_traefik_certresolver

# Type: string
traefik_role_traefik_certresolver:

traefik_role_traefik_crowdsec_enabled

# Enable CrowdSec middleware for the container
# Type: bool (true/false)
traefik_role_traefik_crowdsec_enabled: false

traefik_role_traefik_error_pages_enabled

# Enable custom error pages middleware for the container
# Type: bool (true/false)
traefik_role_traefik_error_pages_enabled: false

traefik_role_traefik_gzip_enabled

# Enable gzip compression middleware for the container
# Type: bool (true/false)
traefik_role_traefik_gzip_enabled: false

traefik_role_traefik_middleware_http

# Type: string
traefik_role_traefik_middleware_http:

traefik_role_traefik_middleware_http_api_insecure

# Type: bool (true/false)
traefik_role_traefik_middleware_http_api_insecure:

traefik_role_traefik_middleware_http_insecure

# Type: bool (true/false)
traefik_role_traefik_middleware_http_insecure:

traefik_role_traefik_priority

# Type: string
traefik_role_traefik_priority:

traefik_role_traefik_robot_enabled

# Enable robots.txt middleware for the container
# Type: bool (true/false)
traefik_role_traefik_robot_enabled: true

traefik_role_traefik_tailscale_enabled

# Enable Tailscale-specific Traefik configuration for the container
# Type: bool (true/false)
traefik_role_traefik_tailscale_enabled: false

traefik_role_traefik_wildcard_enabled

# Enable wildcard certificate for the container
# Type: bool (true/false)
traefik_role_traefik_wildcard_enabled: true

traefik_role_web_api_http_port

# Type: string (quoted number)
traefik_role_web_api_http_port:

traefik_role_web_api_http_scheme

# Type: string ("http"/"https")
traefik_role_web_api_http_scheme:

traefik_role_web_api_http_serverstransport

# Type: dict/omit
traefik_role_web_api_http_serverstransport:

traefik_role_web_api_port

# Type: string (quoted number)
traefik_role_web_api_port:

traefik_role_web_api_scheme

# Type: string ("http"/"https")
traefik_role_web_api_scheme:

traefik_role_web_api_serverstransport

# Type: dict/omit
traefik_role_web_api_serverstransport:

traefik_role_web_fqdn_override

# Override the Traefik fully qualified domain name (FQDN) for the container
# Type: list
traefik_role_web_fqdn_override:

Example Override

traefik_role_web_fqdn_override:
  - "{{ traefik_host }}"
  - "traefik2.{{ user.domain }}"
  - "traefik.otherdomain.tld"

Note: Include {{ traefik_host }} to preserve the default FQDN alongside your custom entries

traefik_role_web_host_override

# Override the Traefik web host configuration for the container
# Type: string
traefik_role_web_host_override:

Example Override

traefik_role_web_host_override: "Host(`{{ traefik_host }}`) || Host(`{{ 'traefik2.' + user.domain }}`)"

Note: Use {{ traefik_host }} to include the default host configuration in your custom rule

traefik_role_web_http_port

# Type: string (quoted number)
traefik_role_web_http_port:

traefik_role_web_http_scheme

# Type: string ("http"/"https")
traefik_role_web_http_scheme:

traefik_role_web_http_serverstransport

# Type: dict/omit
traefik_role_web_http_serverstransport:

traefik_role_web_scheme

# URL scheme to use for web access to the container
# Type: string ("http"/"https")
traefik_role_web_scheme:

traefik_role_web_serverstransport

# Type: dict/omit
traefik_role_web_serverstransport: