Traefik's F/OSS projects are useless to me. Every single feature that I need to use is locked away in a closed source product.
Close to the same issue with Varnish Enterprise. Why would I pay for Varnish Enterprise if I can't even review or extend the source? Know what I have to do with Varnish's source once a quarter? I have to look at it. Because the documentation is non-existent. The closed source version is going to make my life objectively worse.
Aside from NGINX, Postgres, and memcached, I've had to patch every major piece of software in my stack at one point or another. I refuse to use any product that I can't fix myself.
It's current year, why are JWTs only supported in the closed source/enterprise versions of Varnish, NGINX, and Traefik?
I happily give $1,000/year to Django and lesser amounts to other projects that I depend on. Do you know how much I spend on projects that put features behind a closed source product? Zero. I will never pay for that.
I don't generally use/need Traefik. But the cheese shirt makes me unreasonably happy, and if it appeared for sale on some easily accessible site for a decent price, I'd very likely order one.
Horrible read. That whole post is nothing but gratuitous self-importance. Just don't use llms for something like this... it just gets over the top really easy.
Looking for a Rust-based alternative to a battle-tested industry-standard tool written in a memory-safe language that can get about 75-90% of the speed of Rust is kind of pointless outside embedded context.
So much hate for Traefik here. I don't get it. I personally use it and find it amazing, but I read elsewhere that their enterprise offering is prohibitively expensive.
I wish them to succeed, Traefik has been one of my favorite choices for Kubernetes for a long time now :)
How did they "win" when xds, envoy's config, is becoming the defacto interface to LBs? Sure, Gateway API is kinda xds by not, but it's envoy all the way down.
Quite a bold claim there about being "standard" :D
At one point I was using nginx for my local RPi deployment handling of various services with docker-compose but ultimatelly switched to Caddy and it made everything so simple :)
I use Traefik for local development on daily basis, where I have to run double digit https services. It works, but it was a pain to set up. The documentation sucks ** and the config is confusing AF. I would never recommend this to anyone. If i will have to reinstall my computer one day, Traefik will not be welcomed back.
I really like how it can be easily configured from Docker labels (from Portainer for example), or from your big production Consul cluster alike. But yeah, the docs need a lot of work, it’s difficult to figure out the format many times, it lacks examples, and things that need to be enabled together have their docs at different places.
I have completely opposite experience. To me Traefik is the easiest thing to work with on the market. It should be even easier now to setup using Agentic AI.
Yeah I deal with it because it's part of the ansible matrix playbook. But I hate it, I always have issues with it. Complex configs, things not quite working right.
Nginx which they used before works much better. And these days I use caddy on everything else. That really shines.
Documentation quality has been a common complaint. Previously, we only provided reference documentation and relied on the community to create tutorials and guides.
Based on feedback like yours, we've completed documentation rewrite. Have you had a chance to review the new version? Your feedback is taken very seriously, so we'd greatly value your thoughts on these improvements.
I have the opposite opinion. Traefik documentation is good if you take the time to read and comprehend it - and it has gotten significantly better over the last few years, it being bad (e.g. "it sucks") is an old trope at this point. I don't use Caddy or nginx because of the first class routing and middleware capabilities of Traefik. I've got it deployed in dozens of services and it's so easy to use one you've solidified your boilerplate that everything else, to me, appears to be a pain now.
To each their own but it's interesting you find it useful (you use it) yet it won't be welcome back. Maybe, as others have noted, try it in Docker (or k3s/k8s/etc). Once the base configuration you want is configured and deployed all you need to do is place labels in for dynamic service configuration.
The first this I ever do when setting up k3s is pass --disable-traefik I don't know what it is, I never used it, never had the motivation to look into what I am losing out because everything else I am familiar with already works and I don't have many complains. I do not remember why I have this opinion, but I usually only treat software like this when they're trying to sell themselves too hard.
There's a lot of mentions to Caddy here. Haven't used it as, back in the day, there was something funny about its license and binary distribution. AFAIK that's not a problem anymore, isn't it?
From people that migrated from Traefik to Caddy... What are the main differences? Anything you really miss?
I use Traefik in a bunch of small deployments, sometimes pointing to Docker stuff, sometimes outside of Docker, Kubernetes, or anything similar.
Maybe you're thinking of the drama involving Caddy putting sponsorships into its Server header. They walked that back relatively quickly and hasn't been a problem since then.
Back when they both were on the rise, they felt equivalent. I haven't deployed Traefik in a long time but as far as I remember, Traefik's configuration is more service-discovery oriented. While they both are capable of working with a static set of hosts, it felt like Traefik made it harder to configure for a static set of upstream servers while Caddy made it much easier. Traefik almost started off with the assumption that you would have some service discovery of some sort.
I guess one possible gotcha I can think of is, be prepared to build your own binaries/images if you aren't already. Some bread-and-butter features like L4 proxying depend on plugins and aren't part of the core package. It's good to self-build for other reasons, just sayin', distro versions or the official docker image will only get you so far.
Also iirc not all such functionality is actually available when configuring via Caddyfile so it can be confusing if you expect that and don't realize you need to switch to json/yaml configuration to do what you want. A little remniscient of the Traefik static/dynamic confusion ;)
All good, just things that can be different than what you are used to and expect.
When I wanted to move to something besides NGINX proxy manager, it was caddy or traefik. At the time, tutorials for the clueless like myself were way more abundant for Traefik. Thats the way I went. Now I also have Authentik up in front and it works great.
I use and appreciate both Traefik and Caddy. I like that Traefik includes TLS termination, whereas the equivalent functionality with Caddy requires compiling a separate module with xcaddy.
I'm pretty sure that's how I'm already using Caddy, and I didn't compile anything separate. Maybe it's packaged automatically as part of the Caddy Docker image?
I host a couple of web services like Nextcloud and Overleaf instances (Docker) and I use nginx as a reverse proxy. What would be the benefit of using Traefik instead? Traefik can handle things such as TLS certificates automatically, but that seems a rather weak reason to move away from a robust and modular setup where each component complies with the Unix philosophy or doing one thing well.
47 comments
[ 0.19 ms ] story [ 64.7 ms ] threadClose to the same issue with Varnish Enterprise. Why would I pay for Varnish Enterprise if I can't even review or extend the source? Know what I have to do with Varnish's source once a quarter? I have to look at it. Because the documentation is non-existent. The closed source version is going to make my life objectively worse.
Aside from NGINX, Postgres, and memcached, I've had to patch every major piece of software in my stack at one point or another. I refuse to use any product that I can't fix myself.
It's current year, why are JWTs only supported in the closed source/enterprise versions of Varnish, NGINX, and Traefik?
I happily give $1,000/year to Django and lesser amounts to other projects that I depend on. Do you know how much I spend on projects that put features behind a closed source product? Zero. I will never pay for that.
Apparently they wrote it correctly at the time, with an m: https://traefik.io/blog/introducing-distributed-cheese-traef...
... Traefik is pretty good yes, but a standard? Hell no.
I wish them to succeed, Traefik has been one of my favorite choices for Kubernetes for a long time now :)
If you can't get the basics right, you stay at the kids table forever.
How did they "win" when xds, envoy's config, is becoming the defacto interface to LBs? Sure, Gateway API is kinda xds by not, but it's envoy all the way down.
When a person is determined it can go very far. These things do not happen just by pure chance.
At one point I was using nginx for my local RPi deployment handling of various services with docker-compose but ultimatelly switched to Caddy and it made everything so simple :)
We use Kong on our projects, when not using the preferred gateway from the respective cloud vendor.
Caddy is probably my new favorite. It works out of the box, its super low resource, handles a ton of traffic, and the docs are decent.
Nginx which they used before works much better. And these days I use caddy on everything else. That really shines.
Documentation quality has been a common complaint. Previously, we only provided reference documentation and relied on the community to create tutorials and guides.
Based on feedback like yours, we've completed documentation rewrite. Have you had a chance to review the new version? Your feedback is taken very seriously, so we'd greatly value your thoughts on these improvements.
To each their own but it's interesting you find it useful (you use it) yet it won't be welcome back. Maybe, as others have noted, try it in Docker (or k3s/k8s/etc). Once the base configuration you want is configured and deployed all you need to do is place labels in for dynamic service configuration.
From people that migrated from Traefik to Caddy... What are the main differences? Anything you really miss?
I use Traefik in a bunch of small deployments, sometimes pointing to Docker stuff, sometimes outside of Docker, Kubernetes, or anything similar.
Back when they both were on the rise, they felt equivalent. I haven't deployed Traefik in a long time but as far as I remember, Traefik's configuration is more service-discovery oriented. While they both are capable of working with a static set of hosts, it felt like Traefik made it harder to configure for a static set of upstream servers while Caddy made it much easier. Traefik almost started off with the assumption that you would have some service discovery of some sort.
Also iirc not all such functionality is actually available when configuring via Caddyfile so it can be confusing if you expect that and don't realize you need to switch to json/yaml configuration to do what you want. A little remniscient of the Traefik static/dynamic confusion ;)
All good, just things that can be different than what you are used to and expect.
Mounting certs, opening right ports and mapping them right is really not what I want to mess around with just to get SSL.