Setting Up Traefik as Reverse Proxy for Docker is a common requirement for VPS administrators. This guide provides practical instructions that you can follow on Ubuntu 22.04/24.04 or Debian 12, though most steps apply to other distributions as well.
Prerequisites
- A web server installed (Nginx or Apache)
- Root or sudo access to the server
- A VPS running Ubuntu 22.04 or later (2GB+ RAM recommended)
Server Installation
For production deployments, consider implementing high availability by running multiple instances behind a load balancer. This approach provides both redundancy and improved performance under heavy load.
# /etc/nginx/sites-available/traefik.conf
server {
listen 80;
server_name example.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
server_name example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
location / {
proxy_pass http://127.0.0.1:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
The output should show the service running without errors. If you see any warning messages, address them before proceeding to the next step.
Performance Considerations
The default configuration works well for development environments, but production servers require additional tuning. Pay particular attention to connection limits, timeout values, and logging settings.
Virtual Host Configuration
Security should be a primary consideration when configuring traefik. Always use strong passwords, keep software updated, and restrict network access to only the necessary ports and IP addresses.
# Test and reload Nginx configuration
sudo nginx -t
sudo systemctl reload nginx
# Check access and error logs
sudo tail -f /var/log/nginx/access.log
sudo tail -f /var/log/nginx/error.log
The configuration above sets the recommended values for a VPS with 2-4GB of RAM. Adjust the memory-related settings proportionally if your server has different specifications.
- Enable firewall and allow only necessary ports
- Use SSH keys instead of password authentication
- Keep all software components up to date
- Set up fail2ban for brute force protection
- Use strong, unique passwords for all services
Next Steps
With traefik now set up and running, consider implementing monitoring to track performance metrics over time. Regularly review your configuration as your workload changes and scale resources accordingly.