Note
v1 Beta is now available - try the new Static Config editor and more. Join the beta →
A clean, self-hosted web UI for managing your Traefik reverse proxy.
Add routes, manage middlewares, monitor services, and view TLS certificates - all without touching a YAML file by hand.
Initial Setup Workflow
1. Temporary password |
2. Welcome |
3. Connection & domains |
4. Optional tabs |
5. Set password |
Dashboard
Routes
Overview |
Details |
Edit |
Add HTTP |
Add TCP |
Add UDP |
Services
Middlewares
List |
Edit |
Add |
Plugins & Certificates
Docker Provider
Route Map
Logs
Settings
Authentication |
Connections |
Routes Config |
System |
Backups |
UI Preferences |
Routing & Middleware
- Add, edit, delete, and enable/disable HTTP, TCP, and UDP routes - no YAML editing required
- Multiple domains per route - select any combination of your configured domains; generates multi-host Traefik rules (
Host(\sub.d1`) || Host(`sub.d2`)`) - Per-service insecureSkipVerify - checkbox adds a named
serversTransportfor backends with self-signed certs (Proxmox, Kasm, etc.); yellow TLS skip badge shown on route cards - Create middlewares with built-in templates (Basic Auth, Forward Auth, Redirect, Strip Prefix)
- Multi-config file support - mount several dynamic config files with
CONFIG_DIRorCONFIG_PATHS; a dropdown selects which file each route or middleware is saved to; create new files on the fly whenCONFIG_DIRis set - Timestamped backups before every change; one-click restore from Settings
Live Dashboard
- Real-time stats: router counts, service health, entrypoints, Traefik version
- Provider tabs: Docker, Kubernetes, Swarm, Nomad, ECS, Consul Catalog, Redis, etcd, Consul KV, ZooKeeper, HTTP Provider, File - all API-based, no extra mounts
- Filter live services by protocol (HTTP/TCP/UDP) and provider (docker, file, kubernetes…)
- List view toggle on Routes, Middlewares, and Services tabs - switch between card grid and compact table
Visualizations (optional, toggle in Settings)
- Dashboard tab - routes grouped by category (Media, Monitoring, Infrastructure, etc.) with app icons sourced from selfh.st/icons, cached locally, and per-card editing (display name, icon override, group override)
- Route Map tab - 4-column topology view (Entry Points - Routes - Middlewares - Services) with Bezier curve connections, hover-to-highlight, and route tooltips
System Monitoring (optional file mounts)
- Certs -
acme.jsoncertificates with expiry tracking - Plugins - plugins from your static
traefik.yml - Logs - parsed access log cards showing method, status, path, IP, service, and duration; click any card for a full detail panel with all fields and the raw log line
- Configurable file paths - set
acme.json, access log, and static config paths from Settings → File Paths without a container restart; UI setting takes priority over env vars
Security
- bcrypt passwords (cost 12), CSRF protection, session management with session fixation protection
- Optional TOTP 2FA · 7-day remember me · configurable inactivity timeout
- Auto-generated password on first start · CLI recovery with
flask reset-password - OIDC / SSO - sign in with Keycloak, Google, Authentik, or any OIDC-compliant provider alongside password login; access restricted to specific emails or groups; client secret stored encrypted at rest
- Per-device API keys - up to 10 named keys (e.g. "My Phone"), each independently revocable via
X-Api-Keyheader - Rate limiting on login and auth endpoints (Flask-Limiter)
- Atomic config writes - crash-safe YAML saves via temp file + rename
- Encrypted OTP secret - TOTP seed encrypted at rest with Fernet
traefik-manager-mobile is a React Native companion app for managing Traefik Manager from your phone. Requires Traefik Manager v0.6.0 or higher.
| Repo | github.com/chr0nzz/traefik-manager-mobile |
| Download | Latest release |
| Beta | Sign up to beta test on Google Play |
| Auth | Per-device API key - generate one in Settings → Authentication → App / Mobile API Keys |
Features: browse routes, middlewares, and services · enable/disable routes · add and edit routes and middlewares (12 middleware templates) · multiple domains per route · per-service insecureSkipVerify · backend scheme + pass host header controls · multi-config file picker · edit mode for bulk actions · system light/dark theme.
One-liner installer - installs Traefik + Traefik Manager together, or Traefik Manager on its own via Docker or a native Linux service:
curl -fsSL https://get-traefik.xyzlab.dev | bashManual Docker Compose:
services:
traefik-manager:
image: ghcr.io/chr0nzz/traefik-manager:latest
container_name: traefik-manager
restart: unless-stopped
ports:
- "5000:5000"
environment:
- COOKIE_SECURE=false
volumes:
- /path/to/traefik/dynamic.yml:/app/config/dynamic.yml
- /path/to/traefik-manager/config:/app/config
- /path/to/traefik-manager/backups:/app/backupsdocker compose up -dOpen http://your-server:5000 - the setup wizard will guide you through the rest.
Full documentation at traefik-manager.xyzlab.dev
| Get Started | Deployment guides for Docker, Podman, and Linux |
| Traefik Stack | One-liner installer guide |
| Configuration | manager.yml reference |
| Environment Variables | CONFIG_DIR, CONFIG_PATHS, auth, domains, and more |
| Security | API keys, sessions, CSRF, rate limits, and hardening |
| API Reference | REST API for integrations and the mobile app |
| OIDC / SSO | OIDC setup, provider examples, and access control |
| Mobile App | Android companion app setup and features |
| Reset Password | CLI reset, TOTP recovery, manual reset |
| UI Examples | Screenshots and walkthroughs |
| Provider Tabs | Docker, Kubernetes, Swarm, Nomad, ECS, and more |
| Layer | Technology |
|---|---|
| Backend | Python 3.11 · Flask · Gunicorn |
| Config | ruamel.yaml (preserves comments) |
| Auth | bcrypt · pyotp (TOTP) · Flask sessions · CSRF · Flask-Limiter · Fernet |
| Frontend | Vanilla JS · Tailwind CSS · Phosphor Icons |
| Container | Docker · Alpine Linux |
Pull requests are welcome. For larger changes please open an issue first.