47 comments

[ 0.19 ms ] story [ 64.7 ms ] thread
Traefik's F/OSS projects are useless to me. Every single feature that I need to use is locked away in a closed source product.

Close to the same issue with Varnish Enterprise. Why would I pay for Varnish Enterprise if I can't even review or extend the source? Know what I have to do with Varnish's source once a quarter? I have to look at it. Because the documentation is non-existent. The closed source version is going to make my life objectively worse.

Aside from NGINX, Postgres, and memcached, I've had to patch every major piece of software in my stack at one point or another. I refuse to use any product that I can't fix myself.

It's current year, why are JWTs only supported in the closed source/enterprise versions of Varnish, NGINX, and Traefik?

I happily give $1,000/year to Django and lesser amounts to other projects that I depend on. Do you know how much I spend on projects that put features behind a closed source product? Zero. I will never pay for that.

Was just taking a break from reading Traefik documentation - thank you for this amazing project.
I don't generally use/need Traefik. But the cheese shirt makes me unreasonably happy, and if it appeared for sale on some easily accessible site for a decent price, I'd very likely order one.
Horrible read. That whole post is nothing but gratuitous self-importance. Just don't use llms for something like this... it just gets over the top really easy.
I never understood why folks use Traefik. HAProxy feels more configurable and resilient.
Anyone know of a Traefik alternative but in Rust? I'm looking to oxidize a lot of my stack so just curious.
Looking for a Rust-based alternative to a battle-tested industry-standard tool written in a memory-safe language that can get about 75-90% of the speed of Rust is kind of pointless outside embedded context.
No, use Traefik. I like Rust a lot and many new tools written on it, but nothing beats Traefik currently, and there’s no need, tbh.
the closest thing is pingora which is a proxy framework, so you build your own proxy basically
With Envoy (https://www.envoyproxy.io/) and Contour (https://projectcontour.io/) being official CNCF sanctioned projects in the Service Proxy space, Istio (https://istio.io/) and Linkerd (https://linkerd.io/) being official CNCF sanctioned projects in the Service Mesh space and Emissary Ingress (https://emissary-ingress.dev/) the same in the API Gateway space, just to name a few, naming yourself a standard are some pretty big words...

... Traefik is pretty good yes, but a standard? Hell no.

Architecture is also different. Thread-per-core (no garbage collector) vs work-stealing with garbage collection cycles.
So much hate for Traefik here. I don't get it. I personally use it and find it amazing, but I read elsewhere that their enterprise offering is prohibitively expensive.

I wish them to succeed, Traefik has been one of my favorite choices for Kubernetes for a long time now :)

They consider caching and TLS to be enterprise features.

If you can't get the basics right, you stay at the kids table forever.

Amusing that they don't mention xds at all.

How did they "win" when xds, envoy's config, is becoming the defacto interface to LBs? Sure, Gateway API is kinda xds by not, but it's envoy all the way down.

I just wanted to sincerely say: congratulations for this project.

When a person is determined it can go very far. These things do not happen just by pure chance.

Quite a bold claim there about being "standard" :D

At one point I was using nginx for my local RPi deployment handling of various services with docker-compose but ultimatelly switched to Caddy and it made everything so simple :)

Standard where?

We use Kong on our projects, when not using the preferred gateway from the respective cloud vendor.

I use Traefik for local development on daily basis, where I have to run double digit https services. It works, but it was a pain to set up. The documentation sucks ** and the config is confusing AF. I would never recommend this to anyone. If i will have to reinstall my computer one day, Traefik will not be welcomed back.
OMG yes. I want to like Traefik, but the thought having to set it up again is not something i look forward to. Why cant it just work out of the box?

Caddy is probably my new favorite. It works out of the box, its super low resource, handles a ton of traffic, and the docs are decent.

I really like how it can be easily configured from Docker labels (from Portainer for example), or from your big production Consul cluster alike. But yeah, the docs need a lot of work, it’s difficult to figure out the format many times, it lacks examples, and things that need to be enabled together have their docs at different places.
I have completely opposite experience. To me Traefik is the easiest thing to work with on the market. It should be even easier now to setup using Agentic AI.
Yeah I deal with it because it's part of the ansible matrix playbook. But I hate it, I always have issues with it. Complex configs, things not quite working right.

Nginx which they used before works much better. And these days I use caddy on everything else. That really shines.

Traefik maintainer here.

Documentation quality has been a common complaint. Previously, we only provided reference documentation and relied on the community to create tutorials and guides.

Based on feedback like yours, we've completed documentation rewrite. Have you had a chance to review the new version? Your feedback is taken very seriously, so we'd greatly value your thoughts on these improvements.

I have the opposite opinion. Traefik documentation is good if you take the time to read and comprehend it - and it has gotten significantly better over the last few years, it being bad (e.g. "it sucks") is an old trope at this point. I don't use Caddy or nginx because of the first class routing and middleware capabilities of Traefik. I've got it deployed in dozens of services and it's so easy to use one you've solidified your boilerplate that everything else, to me, appears to be a pain now.

To each their own but it's interesting you find it useful (you use it) yet it won't be welcome back. Maybe, as others have noted, try it in Docker (or k3s/k8s/etc). Once the base configuration you want is configured and deployed all you need to do is place labels in for dynamic service configuration.

funny and sad how ingress-nginx loses all users by going into maintenance mode, and once we switched we dont care about their new project
Managed Nginx is standard for AKS. I wouldn’t say it’s gone.
The first this I ever do when setting up k3s is pass --disable-traefik I don't know what it is, I never used it, never had the motivation to look into what I am losing out because everything else I am familiar with already works and I don't have many complains. I do not remember why I have this opinion, but I usually only treat software like this when they're trying to sell themselves too hard.
I use traefik quite a bit. Easy to use, easy to understand. Optional dashboard for understanding the current state of the configuration.
There's a lot of mentions to Caddy here. Haven't used it as, back in the day, there was something funny about its license and binary distribution. AFAIK that's not a problem anymore, isn't it?

From people that migrated from Traefik to Caddy... What are the main differences? Anything you really miss?

I use Traefik in a bunch of small deployments, sometimes pointing to Docker stuff, sometimes outside of Docker, Kubernetes, or anything similar.

Maybe you're thinking of the drama involving Caddy putting sponsorships into its Server header. They walked that back relatively quickly and hasn't been a problem since then.

Back when they both were on the rise, they felt equivalent. I haven't deployed Traefik in a long time but as far as I remember, Traefik's configuration is more service-discovery oriented. While they both are capable of working with a static set of hosts, it felt like Traefik made it harder to configure for a static set of upstream servers while Caddy made it much easier. Traefik almost started off with the assumption that you would have some service discovery of some sort.

I guess one possible gotcha I can think of is, be prepared to build your own binaries/images if you aren't already. Some bread-and-butter features like L4 proxying depend on plugins and aren't part of the core package. It's good to self-build for other reasons, just sayin', distro versions or the official docker image will only get you so far.

Also iirc not all such functionality is actually available when configuring via Caddyfile so it can be confusing if you expect that and don't realize you need to switch to json/yaml configuration to do what you want. A little remniscient of the Traefik static/dynamic confusion ;)

All good, just things that can be different than what you are used to and expect.

When I wanted to move to something besides NGINX proxy manager, it was caddy or traefik. At the time, tutorials for the clueless like myself were way more abundant for Traefik. Thats the way I went. Now I also have Authentik up in front and it works great.
Congrats, awesome product! Traefik saved me a lot of time when working with Docker Compose and certificates.
I use and appreciate both Traefik and Caddy. I like that Traefik includes TLS termination, whereas the equivalent functionality with Caddy requires compiling a separate module with xcaddy.
I'm pretty sure that's how I'm already using Caddy, and I didn't compile anything separate. Maybe it's packaged automatically as part of the Caddy Docker image?
I host a couple of web services like Nextcloud and Overleaf instances (Docker) and I use nginx as a reverse proxy. What would be the benefit of using Traefik instead? Traefik can handle things such as TLS certificates automatically, but that seems a rather weak reason to move away from a robust and modular setup where each component complies with the Unix philosophy or doing one thing well.
Sigh. Congrats and all that, but this just makes me feel old.
Letsencrypt Https should be a default like caddy.

Mounting certs, opening right ports and mapping them right is really not what I want to mess around with just to get SSL.