Traefik Manager

A clean, self-hosted web UI for managing your Traefik reverse proxy.

Add routes, manage middlewares, monitor services, and view TLS certificates - all without touching a YAML file by hand.

_{Built for homelabbers who love Traefik but hate editing YAML at 2am.}

---

Interface Gallery

Initial Setup Workflow

1. Login	2. Welcome	3. Connection & domains
4. Self route	5. Optional tabs	6. Set password

Dashboard

Routes

Card View	List View	Add HTTP
Add TCP	Add UDP

Services

Middlewares

Card View

List View

Add

Plugins

Route Map

Settings

Interface	Authentication	API Keys
Static Config	Connection	Backups

---

Features

Routing & Middleware

• Add, edit, delete, and enable/disable HTTP, TCP, and UDP routes - no YAML editing required
• Multiple domains per route - select any combination of your configured domains; generates multi-host Traefik rules (Host(\sub.d1`) || Host(`sub.d2`)`)
• Per-service insecureSkipVerify - checkbox adds a named serversTransport for backends with self-signed certs (Proxmox, Kasm, etc.); yellow TLS skip badge shown on route cards
• Create middlewares with built-in templates (Basic Auth, Forward Auth, Redirect, Strip Prefix)
• Multi-config file support - mount several dynamic config files with CONFIG_DIR or CONFIG_PATHS; a dropdown selects which file each route or middleware is saved to; create new files on the fly when CONFIG_DIR is set
• Timestamped backups before every change; one-click restore from Settings

Live Dashboard

• Real-time stats: router counts, service health, entrypoints, Traefik version
• Provider tabs: Docker, Kubernetes, Swarm, Nomad, ECS, Consul Catalog, Redis, etcd, Consul KV, ZooKeeper, HTTP Provider, File - all API-based, no extra mounts
• Filter live services by protocol (HTTP/TCP/UDP) and provider (docker, file, kubernetes…)
• List view toggle on Routes, Middlewares, and Services tabs - switch between card grid and compact table

Visualizations (optional, toggle in Settings)

• Dashboard tab - routes grouped by category (Media, Monitoring, Infrastructure, etc.) with app icons sourced from selfh.st/icons, cached locally, and per-card editing (display name, icon override, group override)
• Route Map tab - 4-column topology view (Entry Points - Routes - Middlewares - Services) with Bezier curve connections, hover-to-highlight, and route tooltips

Static Config Editor (optional - mount traefik.yml read-write)

• Edit Traefik's static configuration directly from the UI - entrypoints, certificate resolvers, plugins, and a raw YAML editor (Monaco/VS Code engine) for anything else
• Changes are staged with a pending banner, backed up before saving, and Traefik is restarted automatically
• Three restart methods: socket proxy (recommended - sidecar with minimal socket exposure), poison pill (no socket needed - shared signal file), direct socket
• Full-screen reconnect overlay polls until Traefik is back up and dismisses automatically

System Monitoring (optional file mounts)

• Certs - acme.json certificates with expiry tracking
• Plugins - plugins from your static traefik.yml; add, edit, and remove plugins when static config editor is enabled
• Logs - parsed access log cards showing method, status, path, IP, service, and duration; click any card for a full detail panel with all fields and the raw log line
• Configurable file paths - set acme.json, access log, and static config paths from Settings → File Paths without a container restart; UI setting takes priority over env vars

Security

• bcrypt passwords (cost 12), CSRF protection, session management with session fixation protection
• Optional TOTP 2FA · 7-day remember me · configurable inactivity timeout
• Auto-generated password on first start · CLI recovery with flask reset-password
• OIDC / SSO - sign in with Keycloak, Google, Authentik, or any OIDC-compliant provider alongside password login; access restricted to specific emails or groups; client secret stored encrypted at rest
• Per-device API keys - up to 10 named keys (e.g. "My Phone"), each independently revocable via X-Api-Key header
• Rate limiting on login and auth endpoints (Flask-Limiter)
• Atomic config writes - crash-safe YAML saves via temp file + rename
• Encrypted OTP secret - TOTP seed encrypted at rest with Fernet

---

Mobile App

traefik-manager-mobile is a React Native companion app for managing Traefik Manager from your phone. Requires Traefik Manager v1.0.0 or higher.

Repo	github.com/chr0nzz/traefik-manager-mobile
Download	Latest release
Auth	Per-device API key - generate one in Settings → Authentication → App / Mobile API Keys

Features: browse routes, middlewares, and services · enable/disable routes · add and edit routes and middlewares (12 middleware templates) · multiple domains per route · per-service insecureSkipVerify · backend scheme + pass host header controls · multi-config file picker · edit mode for bulk actions · system light/dark theme.

---

Quick Start

One-liner installer - installs Traefik + Traefik Manager together, or Traefik Manager on its own via Docker or a native Linux service:

curl -fsSL https://get-traefik.xyzlab.dev | bash

Manual Docker Compose:

services:
  traefik-manager:
    image: ghcr.io/chr0nzz/traefik-manager:latest
    container_name: traefik-manager
    restart: unless-stopped
    ports:
      - "5000:5000"
    environment:
      - COOKIE_SECURE=false
    volumes:
      - /path/to/traefik/dynamic.yml:/app/config/dynamic.yml
      - /path/to/traefik-manager/config:/app/config
      - /path/to/traefik-manager/backups:/app/backups

docker compose up -d

Open http://your-server:5000 - the setup wizard will guide you through the rest.

---

Deployment

Runtime	Guide
Installer	One-liner: full stack, TM-only Docker, TM-only Linux service
Docker	Docker Compose setup, networking, behind Traefik
Podman	Rootless, Quadlet/systemd, SELinux labels
Linux	Native Python + systemd, no container required
Unraid	Community Applications template, networking, multi-config

---

Documentation

Full documentation at traefik-manager.xyzlab.dev

Get Started	Deployment guides for Docker, Podman, and Linux
Traefik Stack	One-liner installer guide
Configuration	manager.yml reference
Environment Variables	CONFIG_DIR, CONFIG_PATHS, auth, domains, and more
Security	API keys, sessions, CSRF, rate limits, and hardening
API Reference	REST API for integrations and the mobile app
OIDC / SSO	OIDC setup, provider examples, and access control
Mobile App	Android companion app setup and features
Reset Password	CLI reset, TOTP recovery, manual reset
UI Examples	Screenshots and walkthroughs
Provider Tabs	Docker, Kubernetes, Swarm, Nomad, ECS, and more

---

Tech Stack

Layer	Technology
Backend	Python 3.11 · Flask · Gunicorn
Config	ruamel.yaml (preserves comments)
Auth	bcrypt · pyotp (TOTP) · Flask sessions · CSRF · Flask-Limiter · Fernet
Frontend	Vanilla JS · Tailwind CSS · Phosphor Icons
Editor	Monaco Editor (VS Code engine)
Route Map	dagre (graph layout)
Container	Docker · Alpine Linux

---

Contributing

Pull requests are welcome. See CONTRIBUTING.md for how to report bugs, suggest features, and run the project locally.

Star History

License

GPL-3.0