← Back to blog

Setting up Traefik on your VPS with automatic service discovery and routing

June 26, 2025 · Guides

Learn how to set up Traefik on your VPS with automatic service discovery and routing using Serversinc's one-click deployment. Complete setup guide with SSL certificates, Docker integration, and dynamic configuration.

Setting up Traefik on your VPS has never been easier than with Serversinc's streamlined deployment process. This comprehensive guide will walk you through configuring Traefik with automatic SSL certificates, Docker service discovery, and seamless integration with your container infrastructure.

What is Traefik and Why Use It?

Traefik is a modern reverse proxy and load balancer that revolutionizes how you deploy and manage containerized applications. Unlike traditional reverse proxies like nginx or Apache that require manual configuration files, Traefik automatically discovers your services and routes traffic based on simple labels.

Key Features for Docker Container Hosting

Automatic Service Discovery: Traefik automatically detects new services as they start or stop, updating routing configuration in real-time without manual intervention.

Dynamic Configuration: Routes, middleware, and SSL certificates are configured through Docker labels, making it incredibly simple to expose new services with just a few configuration lines.

Built-in SSL Management: Traefik reverse proxy automatically obtains and renews SSL certificates from Let's Encrypt, ensuring your services maintain HTTPS security.

Advanced Load Balancing: Automatically distributes traffic across multiple service instances, improving reliability and performance compared to single-server setups.

Prerequisites

Before you deploy Traefik on your VPS, ensure you have:

  • Serversinc account with access to container deployment
  • VPS or dedicated server managed through Serversinc
  • Domain name pointed to your server's IP address
  • Cloudflare account (for DNS challenge SSL validation)
  • Cloudflare API token with DNS edit permissions
  • Basic Docker knowledge (helpful but not required)

Quick Setup Summary

For experienced users who want to deploy Traefik quickly:

  1. Create new Docker application in Serversinc
  2. Use image traefik:latest
  3. Configure environment variables for Docker provider and Let's Encrypt
  4. Add Cloudflare DNS credentials
  5. Mount Docker socket and certificate storage volumes
  6. Deploy to target server

Continue reading for detailed explanations of each step.

Why Traefik Works Perfectly with Serversinc

Serversinc's container management platform enhances Traefik deployment with several key advantages:

Automatic Service Discovery of Docker Containers

When you deploy applications through Serversinc, your Traefik reverse proxy automatically detects them without manual configuration. This seamless integration eliminates the complexity typically associated with container orchestration.

One-Click Traefik Configuration

Serversinc's dashboard simplifies Traefik Docker setup by providing an intuitive interface for configuring routing labels, eliminating the need to manually write complex Docker Compose files or command-line deployments.

Automatic SSL Provisioning

Through integration with Let's Encrypt and DNS providers like Cloudflare, Serversinc automatically provisions and manages SSL certificates for all your applications, ensuring secure HTTPS connections.

Dashboard-Driven Management

Everything is managed through Serversinc's web interface, making Traefik deployment accessible to developers who prefer visual configuration over command-line management.

Step-by-Step Deployment Guide

Step 1: Create New Application

  1. Log in to Serversinc Dashboard: Access your account and navigate to the main dashboard
  2. Navigate to Applications: Click Applications in the sidebar menu
  3. Start New Deployment: Click Create Application to begin your Traefik setup
  4. Configure Basic Settings:
    • Application Type: Select Docker Image
    • Application Name: Use a descriptive name like "traefik-reverse-proxy"
    • Port: Set to 80 (Traefik handles internal HTTPS routing)

Step 2: Configure Docker Image

Specify the Traefik Docker image details:

  • Image: traefik
  • Tag: latest (recommended) or specific version like v3.0 for production stability

Using the latest tag ensures you get the newest features and security updates, while specific versions provide deployment consistency.

Step 3: Environment Variables Configuration

The following environment variables configure your Traefik reverse proxy's core functionality:

RAEFIK_ENTRYPOINTS_WEB_ADDRESS=:80
TRAEFIK_ENTRYPOINTS_WEBSECURE_ADDRESS=:443

TRAEFIK_PROVIDERS_DOCKER=true
TRAEFIK_PROVIDERS_DOCKER_EXPOSEDBYDEFAULT=false

TRAEFIK_LOG_LEVEL=DEBUG

TRAEFIK_CERTIFICATESRESOLVERS_LETSENCRYPT_ACME_EMAIL=your-email@example.com
TRAEFIK_CERTIFICATESRESOLVERS_LETSENCRYPT_ACME_STORAGE=/letsencrypt/acme.json
TRAEFIK_CERTIFICATESRESOLVERS_LETSENCRYPT_ACME_DNSCHALLENGE=true
TRAEFIK_CERTIFICATESRESOLVERS_LETSENCRYPT_ACME_DNSCHALLENGE_PROVIDER=cloudflare

CLOUDFLARE_EMAIL=your-cloudflare-email@example.com
CLOUDFLARE_DNS_API_TOKEN=your-cloudflare-dns-api-token

Environment Variables Explained

Entry Points Configuration

  • TRAEFIK_ENTRYPOINTS_WEB_ADDRESS=:80: Configures HTTP traffic handling on port 80
  • TRAEFIK_ENTRYPOINTS_WEBSECURE_ADDRESS=:443: Enables HTTPS traffic on port 443

Docker Provider Configuration

  • TRAEFIK_PROVIDERS_DOCKER=true: Activates Docker service discovery for automatic container detection
  • TRAEFIK_PROVIDERS_DOCKER_EXPOSEDBYDEFAULT=false: Enhances security by requiring explicit Traefik labels for service exposure

SSL Certificate Management

  • ACME_EMAIL: Your email for Let's Encrypt registration and renewal notifications
  • ACME_STORAGE: Persistent storage location for certificate data
  • DNSCHALLENGE: Enables DNS-based certificate validation, working even for non-public services
  • PROVIDER: Specifies Cloudflare as the DNS challenge provider

Cloudflare API Configuration

To create your Cloudflare DNS API token:

  1. Access Cloudflare Dashboard: Go to My Profile → API Tokens
  2. Create Custom Token: Click "Create Token" and select custom template
  3. Set Permissions: Configure Zone:DNS:Edit for your target zones
  4. Copy Token: Save the generated token securely for your Traefik deployment

Volume Configuration

Add these essential volumes for proper Traefik reverse proxy operation:

Docker Socket Access

/var/run/docker.sock:/var/run/docker.sock

Purpose: Provides Traefik read access to Docker daemon events, enabling automatic service discovery and container monitoring.

Certificate Storage

/letsencrypt:/letsencrypt

Purpose: Persistent storage for Let's Encrypt certificates and account data. Without this volume, certificates are lost during container restarts, potentially triggering rate limits.

Step 4: Deploy Your Traefik Instance

  1. Select Target Server: Choose your VPS from the available servers dropdown
  2. Review Configuration: Verify all environment variables and volume mounts are correct
  3. Deploy Application: Click Deploy to start the Traefik reverse proxy deployment

What Happens Behind the Scenes

When you deploy Traefik with Serversinc, several automated processes occur:

Image Management and Container Creation

  • Pulls Traefik image to your VPS if not already cached locally
  • Creates optimized container with your specified configuration parameters
  • Applies environment variables to configure Traefik's routing and SSL behaviour
  • Establishes volume mounts for Docker socket access and certificate persistence

Verification and Testing

After deploying your Traefik reverse proxy, verify proper operation:

  1. Check Status: Confirm the Traefik container shows "Running" in Serversinc dashboard
  2. Review Logs: Look for successful provider initialization and certificate resolver setup
  3. HTTP Access Test: Navigate to your server's IP address on port 80 - expect Traefik's 404 page
  4. SSL Certificate Verification: Check logs for successful Let's Encrypt certificate provisioning
  5. Docker Discovery Test: Deploy a test container with Traefik labels to verify automatic detection

Common Success Indicators

  • Traefik dashboard accessible (if enabled)
  • Docker provider showing "UP" status in logs
  • SSL certificates successfully obtained for configured domains
  • No error messages in container logs

Next Steps

With your Traefik reverse proxy successfully deployed, you can now:

Configure Application Routing

  • Add Traefik Labels: Configure existing applications with routing labels for automatic exposure
  • Set Up Custom Domains: Point your domains to the VPS and let Traefik handle SSL automation
  • Implement Path-Based Routing: Use Traefik's advanced routing for complex application architectures

FAQ

What is Traefik and why should I use it?

Traefik is a modern reverse proxy that automatically discovers and routes traffic to your Docker containers. It's easier to configure than nginx or Apache and includes built-in SSL certificate management.

How does Traefik compare to nginx for reverse proxy use?

While nginx requires manual configuration files, Traefik uses dynamic Docker labels for automatic service discovery. Traefik also includes native Let's Encrypt integration, while nginx requires additional tools for SSL management.

Can I use Traefik with other DNS providers besides Cloudflare?

Yes, Traefik supports many DNS providers for ACME challenges including Route53, DigitalOcean, and others. You'll need to adjust the environment variables accordingly.

Is it safe to mount the Docker socket?

Mounting the Docker socket gives Traefik read access to container information. This is necessary for service discovery but should be done only on trusted systems. Traefik doesn't require write access to the socket.

How often do SSL certificates renew automatically?

Let's Encrypt certificates automatically renew every 60-90 days. Traefik handles this process automatically when properly configured with ACME resolvers.

Can I run multiple Traefik instances?

While possible, it's generally not recommended unless you're implementing advanced load balancing. A single Traefik instance can handle multiple domains and services efficiently.

What happens if my Cloudflare API token expires?

Certificate renewals will fail if the API token expires. You'll need to generate a new token and update your Traefik configuration. Monitor your logs for authentication errors.

How do I enable the Traefik dashboard?

Add dashboard-specific environment variables and labels to enable Traefik's web UI. Ensure proper authentication is configured for security.

This comprehensive guide provides everything you need to successfully deploy Traefik reverse proxy on your VPS using Serversinc's streamlined platform. The combination of automatic service discovery, SSL management, and intuitive configuration makes this the ideal solution for modern container deployments.