Docker Labels Reference
Complete reference for Traefik Docker labels.
Core Labels
yaml
# Enable Traefik for this container
traefik.enable=true
# Network to use
traefik.docker.network=traefik-net
# Override container IP (behind NAT)
traefik.docker.ip=192.168.1.100Router Labels
yaml
# Router rule
traefik.http.routers.myapp.rule=Host(`example.com`)
# EntryPoints
traefik.http.routers.myapp.entrypoints=websecure
# Service to route to
traefik.http.routers.myapp.service=myapp
# Priority
traefik.http.routers.myapp.priority=10
# Middlewares
traefik.http.routers.myapp.middlewares=auth,rate-limit
# TLS
traefik.http.routers.myapp.tls=true
traefik.http.routers.myapp.tls.certresolver=letsencrypt
traefik.http.routers.myapp.tls.domains[0].main=example.com
traefik.http.routers.myapp.tls.domains[0].sans=www.example.comRouter Rule Syntax
yaml
# Host matching
traefik.http.routers.myapp.rule=Host(`example.com`)
traefik.http.routers.myapp.rule=Host(`example.com`) || Host(`www.example.com`)
# Path matching
traefik.http.routers.myapp.rule=Host(`example.com`) && PathPrefix(`/api`)
# Header matching
traefik.http.routers.myapp.rule=Host(`example.com`) && Header(`X-Region`, `us`)
# Method matching
traefik.http.routers.myapp.rule=Host(`api.example.com`) && Method(`GET`)Service Labels
yaml
# Backend port
traefik.http.services.myapp.loadbalancer.server.port=3000
# Backend URL (override)
traefik.http.services.myapp.loadbalancer.server.url=http://10.0.0.1:3000
# Load balancer strategy
traefik.http.services.myapp.loadbalancer.strategy=p2c
# Health check
traefik.http.services.myapp.loadbalancer.healthcheck.path=/health
traefik.http.services.myapp.loadbalancer.healthcheck.interval=30s
traefik.http.services.myapp.loadbalancer.healthcheck.timeout=3s
# Sticky sessions
traefik.http.services.myapp.loadbalancer.sticky.cookie.name=_session
traefik.http.services.myapp.loadbalancer.sticky.cookie.httponly=true
traefik.http.services.myapp.loadbalancer.sticky.cookie.secure=true
# Pass Host header
traefik.http.services.myapp.loadbalancer.passhostheader=true
# Response forwarding
traefik.http.services.myapp.loadbalancer.responseforwarding.flushinterval=100msMiddleware Labels
yaml
# Rate limiting
traefik.http.middlewares.rate-limit.ratelimit.average=100
traefik.http.middlewares.rate-limit.ratelimit.burst=50
traefik.http.middlewares.rate-limit.ratelimit.period=1m
# BasicAuth
traefik.http.middlewares.auth.basicauth.users=admin:$$2y$$05$$...
# Headers
traefik.http.middlewares.sec-headers.headers.framedeny=true
traefik.http.middlewares.sec-headers.headers.sslredirect=true
traefik.http.middlewares.sec-headers.headers.stsseconds=31536000
# IP allowlist
traefik.http.middlewares.allowlist.ipallowlist.sourcerange=10.0.0.0/8
# Redirect
traefik.http.middlewares.redirect-https.redirectscheme.scheme=https
traefik.http.middlewares.redirect-https.redirectscheme.permanent=true
# Strip prefix
traefik.http.middlewares.strip-api.stripprefix.prefixes=/api
# Compress
traefik.http.middlewares.compress.compress.excludedcontenttypes=text/event-streamTCP Labels
yaml
# TCP router
traefik.tcp.routers.db.rule=HostSNI(`*`)
traefik.tcp.routers.db.entrypoints=postgres
traefik.tcp.routers.db.service=db
traefik.tcp.routers.db.tls=true
traefik.tcp.routers.db.tls.passthrough=true
# TCP service
traefik.tcp.services.db.loadbalancer.server.port=5432UDP Labels
yaml
# UDP router
traefik.udp.routers.dns.entrypoints=dns
traefik.udp.routers.dns.service=dns
# UDP service
traefik.udp.services.dns.loadbalancer.server.port=53Provider-Specific Labels
yaml
# Use a specific network
traefik.docker.network=my-network
# Only on specific Docker Swarm node
traefik.docker.swarmmode=true
# Constraints
traefik.docker.constraints=Label(`traefik.environment`, `production`)