https://github.com/chr0nzz/traefik-manager
A clean, self-hosted web UI for managing your Traefik reverse proxy.
https://github.com/chr0nzz/traefik-manager
alpine-linux bcrypt crsf csrf-protection docker fernet flask flask-limiter flask-session gunicorn phosphor-icons python3 ruamel-yaml tailwind-css totp traefik traefik-management traefik-web-ui vanilla-js
Last synced: 6 days ago
JSON representation
A clean, self-hosted web UI for managing your Traefik reverse proxy.
- Host: GitHub
- URL: https://github.com/chr0nzz/traefik-manager
- Owner: chr0nzz
- License: gpl-3.0
- Created: 2026-03-09T02:04:47.000Z (about 1 month ago)
- Default Branch: main
- Last Pushed: 2026-04-04T17:36:16.000Z (13 days ago)
- Last Synced: 2026-04-04T19:36:55.947Z (13 days ago)
- Topics: alpine-linux, bcrypt, crsf, csrf-protection, docker, fernet, flask, flask-limiter, flask-session, gunicorn, phosphor-icons, python3, ruamel-yaml, tailwind-css, totp, traefik, traefik-management, traefik-web-ui, vanilla-js
- Language: HTML
- Homepage: https://traefik-manager.xyzlab.dev/
- Size: 16.9 MB
- Stars: 236
- Watchers: 1
- Forks: 8
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
- Security: docs/security.md
Awesome Lists containing this project
README
# Traefik Manager
**A clean, self-hosted web UI for managing your Traefik reverse proxy.**
Add routes, manage middlewares, monitor services, and view TLS certificates - all without touching a YAML file by hand.
[](https://github.com/chr0nzz/traefik-manager/pkgs/container/traefik-manager)
[](LICENSE)
[](https://github.com/chr0nzz/traefik-manager/releases)
[](https://traefik-manager.xyzlab.dev/)
[](https://github.com/chr0nzz/traefik-manager-mobile)
Built for homelabbers who love Traefik but hate editing YAML at 2am.
---
## Interface Gallery
Initial Setup Workflow
1. Temporary password
2. Welcome
3. Connection & domains
4. Optional tabs
5. Set password
Dashboard
Routes
Overview
Details
Edit
Add HTTP
Add TCP
Add UDP
Services
Middlewares
List
Edit
Add
Plugins & Certificates
Docker Provider
Route Map
Logs
Settings
Authentication
Connections
Routes Config
System
Backups
UI Preferences
---
## Features
**Routing & Middleware**
- Add, edit, delete, and **enable/disable** HTTP, TCP, and UDP routes - no YAML editing required
- Create middlewares with built-in templates (Basic Auth, Forward Auth, Redirect, Strip Prefix)
- **Multi-config file support** - mount several dynamic config files with `CONFIG_DIR` or `CONFIG_PATHS`; a dropdown selects which file each route or middleware is saved to; **create new files on the fly** when `CONFIG_DIR` is set
- Timestamped backups before every change; one-click restore from Settings
**Live Dashboard**
- Real-time stats: router counts, service health, entrypoints, Traefik version
- Provider tabs: Docker, Kubernetes, Swarm, Nomad, ECS, Consul Catalog, Redis, etcd, Consul KV, ZooKeeper, HTTP Provider, File - all API-based, no extra mounts
- **Filter live services** by protocol (HTTP/TCP/UDP) and provider (docker, file, kubernetes…)
- **List view toggle** on Routes, Middlewares, and Services tabs - switch between card grid and compact table
**Visualizations** *(optional, toggle in Settings)*
- **Dashboard tab** - routes grouped by category (Media, Monitoring, Infrastructure, etc.) with app icons sourced from [selfh.st/icons](https://selfh.st/icons/), cached locally, and per-card editing (display name, icon override, group override)
- **Route Map tab** - 4-column topology view (Entry Points - Routes - Middlewares - Services) with Bezier curve connections, hover-to-highlight, and route tooltips
**System Monitoring** *(optional file mounts)*
- **Certs** - `acme.json` certificates with expiry tracking
- **Plugins** - plugins from your static `traefik.yml`
- **Logs** - live Traefik access log tail
**Security**
- bcrypt passwords (cost 12), CSRF protection, session management with session fixation protection
- Optional TOTP 2FA · 7-day remember me · configurable inactivity timeout
- Auto-generated password on first start · CLI recovery with `flask reset-password`
- **Per-device API keys** - up to 10 named keys (e.g. "My Phone"), each independently revocable via `X-Api-Key` header
- **Rate limiting** on login and auth endpoints (Flask-Limiter)
- **Atomic config writes** - crash-safe YAML saves via temp file + rename
- **Encrypted OTP secret** - TOTP seed encrypted at rest with Fernet
---
## Mobile App
**traefik-manager-mobile** is a React Native companion app for managing Traefik Manager from your phone. Requires **Traefik Manager v0.6.0 or higher**.
| | |
| ----------| ------------------------------------------------------------------------------------------------|
| Repo | [github.com/chr0nzz/traefik-manager-mobile](https://github.com/chr0nzz/traefik-manager-mobile) |
| Download | [Latest release](https://github.com/chr0nzz/traefik-manager-mobile/releases/latest) |
| Beta | [Sign up to beta test on Google Play](https://forms.gle/csituqc92sreNooZ8) |
| Auth | Per-device API key - generate one in **Settings → Authentication → App / Mobile API Keys** |
Features: browse routes, middlewares, and services · enable/disable routes · add and edit routes and middlewares (12 middleware templates) · backend scheme + pass host header controls · multi-config file picker · edit mode for bulk actions · system light/dark theme.
---
## Quick Start
**One-liner installer** - installs Traefik + Traefik Manager together, or Traefik Manager on its own via Docker or a native Linux service:
```bash
curl -fsSL https://get-traefik.xyzlab.dev | bash
```
**Manual Docker Compose:**
```yaml
services:
traefik-manager:
image: ghcr.io/chr0nzz/traefik-manager:latest
container_name: traefik-manager
restart: unless-stopped
ports:
- "5000:5000"
environment:
- COOKIE_SECURE=false
volumes:
- /path/to/traefik/dynamic.yml:/app/config/dynamic.yml
- /path/to/traefik-manager/config:/app/config
- /path/to/traefik-manager/backups:/app/backups
```
```bash
docker compose up -d
```
Open **http://your-server:5000** - the setup wizard will guide you through the rest.
---
## Deployment
| Runtime | Guide |
| -----------| --------------------------------------------------------------------------------------------------------------------------------|
| ⚡ Installer | [One-liner: full stack, TM-only Docker, TM-only Linux service](https://traefik-manager.xyzlab.dev/traefik-stack.html) |
| 🐳 Docker | [Docker Compose setup, networking, behind Traefik](https://traefik-manager.xyzlab.dev/docker.html) |
| 🦭 Podman | [Rootless, Quadlet/systemd, SELinux labels](https://traefik-manager.xyzlab.dev/podman.html) |
| 🐧 Linux | [Native Python + systemd, no container required](https://traefik-manager.xyzlab.dev/linux.html) |
| 🟠 Unraid | [Community Applications template, networking, multi-config](https://traefik-manager.xyzlab.dev/unraid.html) |
---
## Documentation
Full documentation at **[traefik-manager.xyzlab.dev](https://traefik-manager.xyzlab.dev/)**
| | |
| ---------------------------------------------------------------------------| -------------------------------------------------------|
| [Get Started](https://traefik-manager.xyzlab.dev/guide.html) | Deployment guides for Docker, Podman, and Linux |
| [Traefik Stack](https://traefik-manager.xyzlab.dev/traefik-stack.html) | One-liner installer guide |
| [Configuration](https://traefik-manager.xyzlab.dev/manager-yml.html) | `manager.yml` reference |
| [Environment Variables](https://traefik-manager.xyzlab.dev/env-vars.html) | `CONFIG_DIR`, `CONFIG_PATHS`, auth, domains, and more |
| [Security](https://traefik-manager.xyzlab.dev/security.html) | API keys, sessions, CSRF, rate limits, and hardening |
| [API Reference](https://traefik-manager.xyzlab.dev/api.html) | REST API for integrations and the mobile app |
| [Mobile App](https://traefik-manager.xyzlab.dev/mobile.html) | Android companion app setup and features |
| [Reset Password](https://traefik-manager.xyzlab.dev/reset-password.html) | CLI reset, TOTP recovery, manual reset |
| [UI Examples](https://traefik-manager.xyzlab.dev/ui-examples.html) | Screenshots and walkthroughs |
| [Provider Tabs](https://traefik-manager.xyzlab.dev/tab-docker.html) | Docker, Kubernetes, Swarm, Nomad, ECS, and more |
---
## Tech Stack
| Layer | Technology |
| -----------| -----------------------------------------------|
| Backend | Python 3.11 · Flask · Gunicorn |
| Config | ruamel.yaml (preserves comments) |
| Auth | bcrypt · pyotp (TOTP) · Flask sessions · CSRF · Flask-Limiter · Fernet |
| Frontend | Vanilla JS · Tailwind CSS · Phosphor Icons |
| Container | Docker · Alpine Linux |
---
## Contributing
Pull requests are welcome. For larger changes please open an issue first.
## Star History
## License
[GPL-3.0](LICENSE)
