The Dashboard
See What’s Going On
The dashboard is the central place that shows you the current active routes handled by Traefik.
The dashboard in action
The dashboard is available at the same location as the API but on the path /dashboard/
by default.
The trailing slash /
in /dashboard/
is mandatory
There are 2 ways to configure and access the dashboard:
There is also a redirect of the path /
to the path /dashboard/
, but one should not rely on that property as it is bound to change, and it might make for confusing routing rules anyway.
Secure Mode
This is the recommended method.
Start by enabling the dashboard by using the following option from Traefik’s API on the static configuration:
File (YAML)
api:
# Dashboard
#
# Optional
# Default: true
#
dashboard: true
File (TOML)
[api]
# Dashboard
#
# Optional
# Default: true
#
dashboard = true
CLI
# Dashboard
#
# Optional
# Default: true
#
--api.dashboard=true
Then define a routing configuration on Traefik itself, with a router attached to the service [[email protected]](https://doc.traefik.io/cdn-cgi/l/email-protection)
in the dynamic configuration, to allow defining:
One or more security features through middlewares like authentication (basicAuth , digestAuth, forwardAuth) or whitelisting.
A router rule for accessing the dashboard, through Traefik itself (sometimes referred as “Traefik-ception”).
Dashboard Router Rule
As underlined in the documentation for the api.dashboard option, the router rule defined for Traefik must match the path prefixes /api
and /dashboard
.
We recommend to use a “Host Based rule” as Host(`traefik.example.com`)
to match everything on the host domain, or to make sure that the defined rule captures both prefixes:
Host Rule
# The dashboard can be accessed on http://traefik.example.com/dashboard/
rule = "Host(`traefik.example.com`)"
Path Prefix Rule
# The dashboard can be accessed on http://example.com/dashboard/ or http://traefik.example.com/dashboard/
rule = "PathPrefix(`/api`, `/dashboard`)"
Combination of Rules
# The dashboard can be accessed on http://traefik.example.com/dashboard/
rule = "Host(`traefik.example.com`) && PathPrefix(`/api`, `/dashboard`)"
Dashboard Dynamic Configuration Examples
Docker
# Dynamic Configuration
labels:
- "traefik.http.routers.dashboard.rule=Host(`traefik.example.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
- "[email protected]"
- "traefik.http.routers.dashboard.middlewares=auth"
- "traefik.http.middlewares.auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
Docker (Swarm)
# Dynamic Configuration
deploy:
labels:
- "traefik.http.routers.dashboard.rule=Host(`traefik.example.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
- "[email protected]"
- "traefik.http.routers.dashboard.middlewares=auth"
- "traefik.http.middlewares.auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
# Dummy service for Swarm port detection. The port can be any valid integer value.
- "traefik.http.services.dummy-svc.loadbalancer.server.port=9999"
Kubernetes CRD
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: traefik-dashboard
spec:
routes:
- match: Host(`traefik.example.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))
kind: Rule
services:
- name: [email protected]
kind: TraefikService
middlewares:
- name: auth
---
apiVersion: traefik.containo.us/v1alpha1
kind: Middleware
metadata:
name: auth
spec:
basicAuth:
secret: secretName # Kubernetes secret named "secretName"
Consul Catalog
# Dynamic Configuration
- "traefik.http.routers.dashboard.rule=Host(`traefik.example.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
- "[email protected]"
- "traefik.http.routers.dashboard.middlewares=auth"
- "traefik.http.middlewares.auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
Marathon
"labels": {
"traefik.http.routers.dashboard.rule": "Host(`traefik.example.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))",
"traefik.http.routers.dashboard.service": "[email protected]",
"traefik.http.routers.dashboard.middlewares": "auth",
"traefik.http.middlewares.auth.basicauth.users": "test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
}
Rancher
# Dynamic Configuration
labels:
- "traefik.http.routers.dashboard.rule=Host(`traefik.example.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
- "[email protected]"
- "traefik.http.routers.dashboard.middlewares=auth"
- "traefik.http.middlewares.auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
File (YAML)
# Dynamic Configuration
http:
routers:
dashboard:
rule: Host(`traefik.example.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))
service: [email protected]
middlewares:
- auth
middlewares:
auth:
basicAuth:
users:
- "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
- "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"
File (TOML)
# Dynamic Configuration
[http.routers.my-api]
rule = "Host(`traefik.example.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
service = "[email protected]"
middlewares = ["auth"]
[http.middlewares.auth.basicAuth]
users = [
"test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
"test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0",
]
Insecure Mode
This mode is not recommended because it does not allow the use of security features.
To enable the “insecure mode”, use the following options from Traefik’s API:
File (YAML)
api:
dashboard: true
insecure: true
File (TOML)
[api]
dashboard = true
insecure = true
CLI
--api.dashboard=true --api.insecure=true
You can now access the dashboard on the port 8080
of the Traefik instance, at the following URL: http://<Traefik IP>:8080/dashboard/
(trailing slash is mandatory).
Using Traefik for Business Applications?
If you are using Traefik for commercial applications, consider the Enterprise Edition. You can use it as your:
Traefik Enterprise enables centralized access management, distributed Let’s Encrypt, and other advanced capabilities. Learn more in this 15-minute technical walkthrough.