Traefik Proxy¶
| Description / name | Input element |
|---|---|
| Your domain name |
Overview¶
Traefik Proxy is an open-source, dynamic reverse proxy and load balancer designed for modern, distributed, and microservices architectures.
Deployment¶
Saltbox dependency.
sb install traefik
Usage¶
Visit https://dash.iYOUR_DOMAIN_NAMEi.
Role Defaults¶
Use the Inventory to customize variables. (1)
-
Example override
traefik_name: "custom_value"Avoid overriding variables ending in
_defaultWhen overriding variables that end in
_default(liketraefik_docker_envs_default), you replace the entire default configuration. Future updates that add new default values will not be applied to your setup, potentially breaking functionality.Instead, use the corresponding
_customvariable (liketraefik_docker_envs_custom) to add your changes. Custom values are merged with defaults, ensuring you receive updates.
traefik_name
# Type: string
traefik_name: traefik
traefik_trusted_ips
# Type: string
traefik_trusted_ips: ""
traefik_plugin_cloudflarewarp_enabled
# Type: bool (true/false)
traefik_plugin_cloudflarewarp_enabled: true
traefik_file_watch
# Type: string
traefik_file_watch: "true"
traefik_x_robots
# Type: string
traefik_x_robots: "none,noarchive,nosnippet,notranslate,noimageindex"
traefik_http3
# HTTP3 can cause issues with some apps
# Type: bool (true/false)
traefik_http3: false
traefik_tailscale_enabled
# Type: bool (true/false)
traefik_tailscale_enabled: false
traefik_entrypoint_web_port
# traefik_tailscale_bind_ip: "" # Set to override the WAN IP port binding when server is not connected directly to the Internet.
# traefik_tailscale_bind_ipv6: "" # Same but IPv6
# Type: string
traefik_entrypoint_web_port: "80"
traefik_entrypoint_web_readtimeout
# Type: string
traefik_entrypoint_web_readtimeout: "600"
traefik_entrypoint_web_writetimeout
# Type: string
traefik_entrypoint_web_writetimeout: "0"
traefik_entrypoint_web_idletimeout
# Type: string
traefik_entrypoint_web_idletimeout: "180"
traefik_entrypoint_web_request_maxheaderbytes
# Type: string
traefik_entrypoint_web_request_maxheaderbytes: "1048576"
traefik_entrypoint_websecure_port
# Type: string
traefik_entrypoint_websecure_port: "443"
traefik_entrypoint_websecure_readtimeout
# Type: string
traefik_entrypoint_websecure_readtimeout: "600"
traefik_entrypoint_websecure_writetimeout
# Type: string
traefik_entrypoint_websecure_writetimeout: "0"
traefik_entrypoint_websecure_idletimeout
# Type: string
traefik_entrypoint_websecure_idletimeout: "180"
traefik_entrypoint_websecure_request_maxheaderbytes
# Type: string
traefik_entrypoint_websecure_request_maxheaderbytes: "1048576"
traefik_entrypoint_custom
# Type: dict
traefik_entrypoint_custom: {}
traefik_dns_resolvers
# Format is as follows (address can be empty string "" to bind on every interface):
# Type options are tcp, udp or both.
# traefik_entrypoint_custom:
# tcp-entrypoint:
# address: "IP"
# port: "81"
# tls: false
# type: tcp
# tcp-and-udp-entrypoint-with-tls:
# address: "IP"
# port: "444"
# tls: true
# type: both
# Type: string
traefik_dns_resolvers: "1.1.1.1:53,1.0.0.1:53"
traefik_disable_propagation_check
# Type: bool (true/false)
traefik_disable_propagation_check: false
traefik_enable_http_validation
# Type: string
traefik_enable_http_validation: "{{ traefik_http or (traefik.cert.http_validation | bool) }}"
traefik_enable_zerossl
# Type: bool (true/false)
traefik_enable_zerossl: true
traefik_crowdsec_ban_filepath
# Path is internal to the container, so a host path of /opt/traefik/ban.html becomes /etc/traefik/ban.html
# Type: string
traefik_crowdsec_ban_filepath: "/etc/traefik/ban.html"
traefik_sanitize_path
# Entrypoint Path Sanitization Settings
# Type: bool (true/false)
traefik_sanitize_path: true
traefik_encoded_allow_slash
# Entrypoint Encoded characters settings (applied to all entrypoints)
# Type: bool (true/false)
traefik_encoded_allow_slash: true
traefik_encoded_allow_backslash
# Type: bool (true/false)
traefik_encoded_allow_backslash: true
traefik_encoded_allow_null
# Type: bool (true/false)
traefik_encoded_allow_null: true
traefik_encoded_allow_semicolon
# Type: bool (true/false)
traefik_encoded_allow_semicolon: true
traefik_encoded_allow_percent
# Type: bool (true/false)
traefik_encoded_allow_percent: true
traefik_encoded_allow_question_mark
# Type: bool (true/false)
traefik_encoded_allow_question_mark: true
traefik_encoded_allow_hash
# Type: bool (true/false)
traefik_encoded_allow_hash: true
traefik_role_web_subdomain
# Type: string
traefik_role_web_subdomain: "{{ traefik.subdomains.dash }}"
traefik_role_web_domain
# Type: string
traefik_role_web_domain: "{{ user.domain }}"
traefik_role_metrics_subdomain
# Type: string
traefik_role_metrics_subdomain: "{{ traefik.subdomains.metrics }}"
traefik_role_metrics_domain
# Type: string
traefik_role_metrics_domain: "{{ user.domain }}"
traefik_role_log_level
# Type: string
traefik_role_log_level: "ERROR"
traefik_role_log_file
# Type: bool (true/false)
traefik_role_log_file: true
traefik_role_log_max_size
# Type: string
traefik_role_log_max_size: "10"
traefik_role_log_max_backups
# Type: string
traefik_role_log_max_backups: "3"
traefik_role_log_max_age
# Type: string
traefik_role_log_max_age: "3"
traefik_role_log_compress
# Type: string
traefik_role_log_compress: "true"
traefik_role_access_log
# Type: bool (true/false)
traefik_role_access_log: true
traefik_role_access_buffer
# Type: int
traefik_role_access_buffer: 100
The following advanced options are available via create_docker_container but are not defined in the role. See: docker_container module
Resource Limits
traefik_role_docker_blkio_weight
# Type: int
traefik_role_docker_blkio_weight:
traefik_role_docker_cpu_period
# Type: int
traefik_role_docker_cpu_period:
traefik_role_docker_cpu_quota
# Type: int
traefik_role_docker_cpu_quota:
traefik_role_docker_cpu_shares
# Type: int
traefik_role_docker_cpu_shares:
traefik_role_docker_cpus
# Type: string
traefik_role_docker_cpus:
traefik_role_docker_cpuset_cpus
# Type: string
traefik_role_docker_cpuset_cpus:
traefik_role_docker_cpuset_mems
# Type: string
traefik_role_docker_cpuset_mems:
traefik_role_docker_kernel_memory
# Type: string
traefik_role_docker_kernel_memory:
traefik_role_docker_memory
# Type: string
traefik_role_docker_memory:
traefik_role_docker_memory_reservation
# Type: string
traefik_role_docker_memory_reservation:
traefik_role_docker_memory_swap
# Type: string
traefik_role_docker_memory_swap:
traefik_role_docker_memory_swappiness
# Type: int
traefik_role_docker_memory_swappiness:
traefik_role_docker_shm_size
# Type: string
traefik_role_docker_shm_size:
Security & Devices
traefik_role_docker_cap_drop
# Type: list
traefik_role_docker_cap_drop:
traefik_role_docker_cgroupns_mode
# Type: string
traefik_role_docker_cgroupns_mode:
traefik_role_docker_device_cgroup_rules
# Type: list
traefik_role_docker_device_cgroup_rules:
traefik_role_docker_device_read_bps
# Type: list
traefik_role_docker_device_read_bps:
traefik_role_docker_device_read_iops
# Type: list
traefik_role_docker_device_read_iops:
traefik_role_docker_device_requests
# Type: list
traefik_role_docker_device_requests:
traefik_role_docker_device_write_bps
# Type: list
traefik_role_docker_device_write_bps:
traefik_role_docker_device_write_iops
# Type: list
traefik_role_docker_device_write_iops:
traefik_role_docker_devices
# Type: list
traefik_role_docker_devices:
traefik_role_docker_devices_default
# Type: string
traefik_role_docker_devices_default:
traefik_role_docker_groups
# Type: list
traefik_role_docker_groups:
traefik_role_docker_privileged
# Type: bool (true/false)
traefik_role_docker_privileged:
traefik_role_docker_security_opts
# Type: list
traefik_role_docker_security_opts:
traefik_role_docker_user
# Type: string
traefik_role_docker_user:
traefik_role_docker_userns_mode
# Type: string
traefik_role_docker_userns_mode:
Networking
traefik_role_docker_dns_opts
# Type: list
traefik_role_docker_dns_opts:
traefik_role_docker_dns_search_domains
# Type: list
traefik_role_docker_dns_search_domains:
traefik_role_docker_dns_servers
# Type: list
traefik_role_docker_dns_servers:
traefik_role_docker_domainname
# Type: string
traefik_role_docker_domainname:
traefik_role_docker_exposed_ports
# Type: list
traefik_role_docker_exposed_ports:
traefik_role_docker_hosts_use_common
# Type: bool (true/false)
traefik_role_docker_hosts_use_common:
traefik_role_docker_ipc_mode
# Type: string
traefik_role_docker_ipc_mode:
traefik_role_docker_links
# Type: list
traefik_role_docker_links:
traefik_role_docker_network_mode
# Type: string
traefik_role_docker_network_mode:
traefik_role_docker_pid_mode
# Type: string
traefik_role_docker_pid_mode:
traefik_role_docker_uts
# Type: string
traefik_role_docker_uts:
Storage
traefik_role_docker_keep_volumes
# Type: bool (true/false)
traefik_role_docker_keep_volumes:
traefik_role_docker_mounts
# Type: list
traefik_role_docker_mounts:
traefik_role_docker_storage_opts
# Type: dict
traefik_role_docker_storage_opts:
traefik_role_docker_tmpfs
# Type: list
traefik_role_docker_tmpfs:
traefik_role_docker_volume_driver
# Type: string
traefik_role_docker_volume_driver:
traefik_role_docker_volumes_from
# Type: list
traefik_role_docker_volumes_from:
traefik_role_docker_volumes_global
# Type: bool (true/false)
traefik_role_docker_volumes_global:
traefik_role_docker_working_dir
# Type: string
traefik_role_docker_working_dir:
Monitoring & Lifecycle
traefik_role_docker_auto_remove
# Type: bool (true/false)
traefik_role_docker_auto_remove:
traefik_role_docker_cleanup
# Type: bool (true/false)
traefik_role_docker_cleanup:
traefik_role_docker_force_kill
# Type: string
traefik_role_docker_force_kill:
traefik_role_docker_healthcheck
# Type: dict
traefik_role_docker_healthcheck:
traefik_role_docker_healthy_wait_timeout
# Type: int
traefik_role_docker_healthy_wait_timeout:
traefik_role_docker_init
# Type: bool (true/false)
traefik_role_docker_init:
traefik_role_docker_kill_signal
# Type: string
traefik_role_docker_kill_signal:
traefik_role_docker_log_driver
# Type: string
traefik_role_docker_log_driver:
traefik_role_docker_log_options
# Type: dict
traefik_role_docker_log_options:
traefik_role_docker_oom_killer
# Type: bool (true/false)
traefik_role_docker_oom_killer:
traefik_role_docker_oom_score_adj
# Type: int
traefik_role_docker_oom_score_adj:
traefik_role_docker_output_logs
# Type: bool (true/false)
traefik_role_docker_output_logs:
traefik_role_docker_paused
# Type: bool (true/false)
traefik_role_docker_paused:
traefik_role_docker_recreate
# Type: bool (true/false)
traefik_role_docker_recreate:
traefik_role_docker_restart_retries
# Type: int
traefik_role_docker_restart_retries:
traefik_role_docker_stop_timeout
# Type: int
traefik_role_docker_stop_timeout:
Other Options
traefik_role_docker_capabilities
# Type: list
traefik_role_docker_capabilities:
traefik_role_docker_cgroup_parent
# Type: string
traefik_role_docker_cgroup_parent:
traefik_role_docker_create_timeout
# Type: int
traefik_role_docker_create_timeout:
traefik_role_docker_entrypoint
# Type: string
traefik_role_docker_entrypoint:
traefik_role_docker_env_file
# Type: string
traefik_role_docker_env_file:
traefik_role_docker_read_only
# Type: bool (true/false)
traefik_role_docker_read_only:
traefik_role_docker_runtime
# Type: string
traefik_role_docker_runtime:
traefik_role_docker_sysctls
# Type: list
traefik_role_docker_sysctls:
traefik_role_docker_ulimits
# Type: list
traefik_role_docker_ulimits:
traefik_role_autoheal_enabled
# Enable or disable Autoheal monitoring for the container created when deploying
# Type: bool (true/false)
traefik_role_autoheal_enabled: true
traefik_role_depends_on
# List of container dependencies that must be running before the container start
# Type: string
traefik_role_depends_on: ""
traefik_role_depends_on_delay
# Delay in seconds before starting the container after dependencies are ready
# Type: string (quoted number)
traefik_role_depends_on_delay: "0"
traefik_role_depends_on_healthchecks
# Enable healthcheck waiting for container dependencies
# Type: string ("true"/"false")
traefik_role_depends_on_healthchecks:
traefik_role_diun_enabled
# Enable or disable Diun update notifications for the container created when deploying
# Type: bool (true/false)
traefik_role_diun_enabled: true
traefik_role_dns_enabled
# Enable or disable automatic DNS record creation for the container
# Type: bool (true/false)
traefik_role_dns_enabled: true
traefik_role_docker_controller
# Enable or disable Saltbox Docker Controller management for the container
# Type: bool (true/false)
traefik_role_docker_controller: true
traefik_role_docker_volumes_download
# Type: bool (true/false)
traefik_role_docker_volumes_download:
traefik_role_themepark_addons
# Type: string
traefik_role_themepark_addons:
traefik_role_themepark_app
# Type: string
traefik_role_themepark_app:
traefik_role_themepark_theme
# Type: string
traefik_role_themepark_theme:
traefik_role_traefik_api_endpoint
# Type: dict/omit
traefik_role_traefik_api_endpoint:
traefik_role_traefik_api_middleware
# Type: string
traefik_role_traefik_api_middleware:
traefik_role_traefik_api_middleware_http
# Type: string
traefik_role_traefik_api_middleware_http:
traefik_role_traefik_autodetect_enabled
# Enable Traefik autodetect middleware for the container
# Type: bool (true/false)
traefik_role_traefik_autodetect_enabled: false
traefik_role_traefik_certresolver
# Type: string
traefik_role_traefik_certresolver:
traefik_role_traefik_crowdsec_enabled
# Enable CrowdSec middleware for the container
# Type: bool (true/false)
traefik_role_traefik_crowdsec_enabled: false
traefik_role_traefik_error_pages_enabled
# Enable custom error pages middleware for the container
# Type: bool (true/false)
traefik_role_traefik_error_pages_enabled: false
traefik_role_traefik_gzip_enabled
# Enable gzip compression middleware for the container
# Type: bool (true/false)
traefik_role_traefik_gzip_enabled: false
traefik_role_traefik_middleware_http
# Type: string
traefik_role_traefik_middleware_http:
traefik_role_traefik_middleware_http_api_insecure
# Type: bool (true/false)
traefik_role_traefik_middleware_http_api_insecure:
traefik_role_traefik_middleware_http_insecure
# Type: bool (true/false)
traefik_role_traefik_middleware_http_insecure:
traefik_role_traefik_priority
# Type: string
traefik_role_traefik_priority:
traefik_role_traefik_robot_enabled
# Enable robots.txt middleware for the container
# Type: bool (true/false)
traefik_role_traefik_robot_enabled: true
traefik_role_traefik_tailscale_enabled
# Enable Tailscale-specific Traefik configuration for the container
# Type: bool (true/false)
traefik_role_traefik_tailscale_enabled: false
traefik_role_traefik_wildcard_enabled
# Enable wildcard certificate for the container
# Type: bool (true/false)
traefik_role_traefik_wildcard_enabled: true
traefik_role_web_fqdn_override
# Override the Traefik fully qualified domain name (FQDN) for the container
# Type: list
traefik_role_web_fqdn_override:
Example Override
traefik_role_web_fqdn_override:
- "{{ traefik_host }}"
- "traefik2.{{ user.domain }}"
- "traefik.otherdomain.tld"
Note: Include {{ traefik_host }} to preserve the default FQDN alongside your custom entries
traefik_role_web_host_override
# Override the Traefik web host configuration for the container
# Type: string
traefik_role_web_host_override:
Example Override
traefik_role_web_host_override: "Host(`{{ traefik_host }}`) || Host(`{{ 'traefik2.' + user.domain }}`)"
Note: Use {{ traefik_host }} to include the default host configuration in your custom rule
traefik_role_web_http_port
# Type: string (quoted number)
traefik_role_web_http_port:
traefik_role_web_http_scheme
# Type: string ("http"/"https")
traefik_role_web_http_scheme:
traefik_role_web_http_serverstransport
# Type: dict/omit
traefik_role_web_http_serverstransport:
traefik_role_web_scheme
# URL scheme to use for web access to the container
# Type: string ("http"/"https")
traefik_role_web_scheme:
traefik_role_web_serverstransport
# Type: dict/omit
traefik_role_web_serverstransport: