The Dashboard

See What's Going On

The dashboard is the central place that shows you the current active routes handled by Traefik.

Dashboard - Providers The dashboard in action

The dashboard is available at the same location as the API but on the path /dashboard/ by default.

The trailing slash / in /dashboard/ is mandatory

There are 2 ways to configure and access the dashboard:

There is also a redirect of the path / to the path /dashboard/, but one should not rely on that property as it is bound to change, and it might make for confusing routing rules anyway.

Secure Mode

This is the recommended method.

Start by enabling the dashboard by using the following option from Traefik's API on the static configuration:

  1. [api]
  2.   # Dashboard
  3.   #
  4.   # Optional
  5.   # Default: true
  6.   #
  7.   dashboard = true
  1. api:
  2.   # Dashboard
  3.   #
  4.   # Optional
  5.   # Default: true
  6.   #
  7.   dashboard: true
  1. # Dashboard
  2. #
  3. # Optional
  4. # Default: true
  5. #
  6. --api.dashboard=true

Then define a routing configuration on Traefik itself, with a router attached to the service [email protected] in the dynamic configuration, to allow defining:

Dashboard Dynamic Configuration Examples

  1. # Dynamic Configuration
  2. labels:
  3.   - "traefik.http.routers.api.rule=Host(`traefik.example.com`)"
  4.   - "[email protected]"
  5.   - "traefik.http.routers.api.middlewares=auth"
  6.   - "traefik.http.middlewares.auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
  1. # Dynamic Configuration
  2. deploy:
  3.   labels:
  4.     - "traefik.http.routers.api.rule=Host(`traefik.example.com`)"
  5.     - "[email protected]"
  6.     - "traefik.http.routers.api.middlewares=auth"
  7.     - "traefik.http.middlewares.auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
  8.     # Dummy service for Swarm port detection. The port can be any valid integer value.
  9.     - "traefik.http.services.dummy-svc.loadbalancer.server.port=9999"
  1. apiVersion: traefik.containo.us/v1alpha1
  2. kind: IngressRoute
  3. metadata:
  4.   name: traefik-dashboard
  5. spec:
  6.   routes:
  7.   - match: Host(`traefik.example.com`)
  8.     kind: Rule
  9.     services:
  10.     - name: [email protected]
  11.       kind: TraefikService
  12.     middlewares:
  13.       - name: auth
  14. ---
  15. apiVersion: traefik.containo.us/v1alpha1
  16. kind: Middleware
  17. metadata:
  18.   name: auth
  19. spec:
  20.   basicAuth:
  21.     secret: secretName # Kubernetes secret named "secretName"
  1. # Dynamic Configuration
  2. - "traefik.http.routers.api.rule=Host(`traefik.example.com`)"
  3. - "[email protected]"
  4. - "traefik.http.routers.api.middlewares=auth"
  5. - "traefik.http.middlewares.auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
  1. "labels": {
  2.   "traefik.http.routers.api.rule": "Host(`traefik.example.com`)",
  3.   "traefik.http.routers.api.service": "[email protected]",
  4.   "traefik.http.routers.api.middlewares": "auth",
  5.   "traefik.http.middlewares.auth.basicauth.users": "test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
  6. }
  1. # Dynamic Configuration
  2. labels:
  3.   - "traefik.http.routers.api.rule=Host(`traefik.example.com`)"
  4.   - "[email protected]"
  5.   - "traefik.http.routers.api.middlewares=auth"
  6.   - "traefik.http.middlewares.auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
  1. # Dynamic Configuration
  2. [http.routers.my-api]
  3.   rule = "Host(`traefik.example.com`)"
  4.   service = "[email protected]"
  5.   middlewares = ["auth"]
  7. [http.middlewares.auth.basicAuth]
  8.   users = [
  9.     "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
  10.     "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0",
  11.   ]
  1. # Dynamic Configuration
  2. http:
  3.   routers:
  4.     api:
  5.       rule: Host(`traefik.example.com`)
  6.       service: [email protected]
  7.       middlewares:
  8.         - auth
  9.   middlewares:
  10.     auth:
  11.       basicAuth:
  12.         users:
  13.           - "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
  14.           - "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"

Dashboard Router Rule

As underlined in the documentation for the api.dashboard option, the router rule defined for Traefik must match the path prefixes /api and /dashboard.

We recommend to use a "Host Based rule" as Host(traefik.example.com) to match everything on the host domain, or to make sure that the defined rule captures both prefixes:

  1. # The dashboard can be accessed on http://traefik.example.com/dashboard/
  2. rule = "Host(`traefik.example.com`)"
  1. # The dashboard can be accessed on http://example.com/dashboard/ or http://traefik.example.com/dashboard/
  2. rule = "PathPrefix(`/api`) || PathPrefix(`/dashboard`)"
  1. # The dashboard can be accessed on http://traefik.example.com/dashboard/
  2. rule = "Host(`traefik.example.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"

Insecure Mode

This mode is not recommended because it does not allow the use of security features.

To enable the "insecure mode", use the following options from Traefik's API:

  1. [api]
  2.   dashboard = true
  3.   insecure = true
  1. api:
  2.   dashboard: true
  3.   insecure: true
  1. --api.dashboard=true --api.insecure=true

You can now access the dashboard on the port 8080 of the Traefik instance, at the following URL: http://:8080/dashboard/ (trailing slash is mandatory).