Traefik Reverse Proxy

Traefik serves as the modern reverse proxy and API gateway for HALO, providing automatic service discovery, TLS termination, and intelligent request routing.

Overview

Traefik replaces nginx as the primary ingress point for all HTTP/HTTPS traffic in HALO. Key features include:

• Automatic Service Discovery: Discovers services through Docker labels
• Dynamic Configuration: Updates routing without restarts
• TLS Management: Automatic certificate management with Let’s Encrypt
• Load Balancing: Distributes traffic across service instances
• Middleware: Request transformation, authentication, rate limiting

Configuration

Traefik configuration is managed through:

• Docker Compose file: nexus/compose/traefik.yml (planned)
• Docker labels on service containers
• Static configuration for global settings
• Dynamic configuration through Docker provider

Network Architecture

Traefik connects to multiple Docker networks:

• frontnet: Public-facing network for external access
• appnet: Internal service communication

Planned Features

• Automatic HTTPS with Let’s Encrypt
• Dashboard for monitoring routes and services
• Integration with OAuth2 for authentication
• Metrics export to Prometheus/Grafana

Note: Traefik is planned to replace nginx. Current implementation still uses nginx.

See Also

• Ingress & Identity - Complete Traefik configuration guide
• Nexus Overview - Infrastructure architecture
• Container Reference - Traefik container details
• Data & Backups - TLS certificate backups