In this tutorial, we'll learn how to install and configure Traefik on Ubuntu 24.04.
What is Traefik?
Traefik is a modern, cloud-native reverse proxy and load balancer that automatically manages network traffic for web applications. It sits in front of our services and routes incoming requests to the right container or server.
Unlike traditional reverse proxies like Nginx or HAProxy, Traefik integrates directly with platforms such as Docker, Kubernetes, and systemd — detecting new services automatically. It also handles automatic SSL certificates through Let’s Encrypt, meaning our sites can run securely over HTTPS without any manual setup or renewal.
In short, Traefik makes managing web traffic simple, automated, and ready for production environments.
Prerequisites
Before we begin, ensure we have the following:
- An Ubuntu 24.04 on dedicated server or KVM VPS.
- Basic Linux Command Line Knowledge.
- A domain name pointing A record to server IP.
Install and Configure Traefik on Ubuntu 24.04
1. Update Server and Install Docker
Run these commands on our Ubuntu 24.04 server:
sudo apt update && sudo apt upgrade -y
sudo apt-get install ca-certificates curl
Add Docker’s official repository and install it:
sudo install -m 0755 -d /etc/apt/keyrings
sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
sudo chmod a+r /etc/apt/keyrings/docker.asc
# Add the repository to Apt sources:
echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
$(. /etc/os-release && echo "${UBUNTU_CODENAME:-$VERSION_CODENAME}") stable" | \
sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt update
sudo apt install -y docker-ce docker-ce-cli containerd.io docker-compose-plugin
Log out and log back in to apply the group change.
2. Create Traefik Directory
mkdir -p ~/traefik/{config,acme,logs}
cd ~/traefik
We’ll keep everything organized inside this folder.
3. Create Traefik Configuration File
Create the file:
nano ~/traefik/config/traefik.yml
Paste this content:
entryPoints:
web:
address: ":80"
websecure:
address: ":443"
providers:
docker:
endpoint: "unix:///var/run/docker.sock"
exposedByDefault: false
certificatesResolvers:
letsencrypt:
acme:
email: admin@example.com
storage: /acme/acme.json
httpChallenge:
entryPoint: web
Replace admin@example.com with our own email (used for Let’s Encrypt notifications).
Save and close.
4. Create Docker Compose File
Create a file named docker-compose.yml inside ~/traefik:
nano docker-compose.yml
Paste this content:
services:
traefik:
image: traefik:latest
container_name: traefik
restart: unless-stopped
command:
- "--configFile=/config/traefik.yml"
ports:
- "80:80"
- "443:443"
volumes:
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./config:/config
- ./acme:/acme
- ./logs:/logs
networks:
- web
whoami:
image: traefik/whoami
container_name: whoami
restart: unless-stopped
labels:
- "traefik.enable=true"
- "traefik.http.routers.whoami.rule=Host(`test.example.com`)"
- "traefik.http.routers.whoami.entrypoints=websecure"
- "traefik.http.routers.whoami.tls.certresolver=letsencrypt"
networks:
- web
networks:
web:
driver: bridge
Replace test.example.com with our own domain name that points to the server IP.
5. Set File Permissions
Let’s Encrypt will save certificates in acme.json. It must be secure.
touch acme/acme.json
chmod 600 acme/acme.json
6. Start Traefik
Run:
docker compose up -d
Check if Traefik is running:
docker compose ps
Check logs:
docker compose logs -f traefik
7. Open Firewall Ports
Allow HTTP and HTTPS traffic:
sudo ufw allow 80,443/tcp
sudo ufw reload
sudo ufw status
8. Test HTTPS
Open the domain in a browser:
https://test.example.com
If DNS and ports are correct, Traefik will automatically issue an SSL certificate via Let’s Encrypt and redirect all traffic to HTTPS.
9. Add More Websites
To add another site, simply add a new service block to the docker-compose.yml like this:
myapp:
image: nginx
labels:
- "traefik.enable=true"
- "traefik.http.routers.myapp.rule=Host(`myapp.example.com`)"
- "traefik.http.routers.myapp.entrypoints=websecure"
- "traefik.http.routers.myapp.tls.certresolver=letsencrypt"
networks:
- web
Then run:
docker compose up -d
Traefik will detect it and create a new SSL certificate automatically.
10. Logs and Maintenance
View Traefik logs:
docker logs traefik -f
Certificates are renewed automatically. We don’t need any manual action.
To update Traefik later:
docker compose pull
docker compose up -d
Summary
We installed Traefik Reverse Proxy on Ubuntu 24.04 with Docker, configured it to manage multiple domains, and enabled automatic SSL certificates using Let’s Encrypt.
This setup is clean, fast, and production-ready.
Our Traefik container will:
- Handle HTTP and HTTPS routing
- Automatically request and renew SSL certificates
- Route traffic to multiple containers safely
No more manual certificate management, no more downtime during renewals. Traefik keeps everything running smoothly.
