Traefik Proxy 3.4 “Chaource” Is Ready to Serve

Traefik Proxy 3.4 is here, and it’s greater than ever! Codenamed “Chaource” 🧀 (a creamy delight from Champagne, France, has been crafted since Roman times), this release is packed with zesty new features, smoother operations, and a sprinkle of magic to keep your infrastructure running like a well-oiled fondue pot. Let’s cut through the rind and dig into the goodness!
Key New Features
Distributed Rate-Limiting with Redis
“Sharing is caring” just got a whole new meaning! Traefik’s new distributed rate-limiting (#10211 by longquan0104) lets you enforce traffic rules globally across instances using Redis. No more rogue services hogging bandwidth—this feature ensures fair play, even in a multi-node setup. Perfect for stopping API abuse or managing traffic spikes without breaking a sweat.
Here is an example to deploy a rateLimit
middleware in Kubernetes:
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: test-ratelimit
spec:
rateLimit:
# ...
redis:
secret: mysecret
---
apiVersion: v1
kind: Secret
metadata:
name: mysecret
namespace: default
data:
username: dXNlcm5hbWU=
password: cGFzc3dvcmQ=
P2C (Power of Two Choices) Load-Balancing
Meet the Power of Two Choices (P2C) load balancer—your new traffic whisperer. Instead of blindly picking a backend, P2C intelligently selects two random candidates and routes requests to the least busy one (initiated by ifross89 in #10534). Under heavy traffic, P2C avoids overloading a single server “by accident”. This results in fewer bottlenecks and a steadier, more predictable load distribution.
Enabling P2C is easy. In your service’s load-balancer config, set the method to p2c
instead of the default. For example:
http:
services:
my-service:
loadBalancer:
servers:
- url: "http://10.0.0.1"
- url: "http://10.0.0.2"
- url: "http://10.0.0.3"
- url: "http://10.0.0.4"
method: "p2c"
Custom Server URL with Labels
A long awaited feature is part of this release, Chaource lets you define server URLs via labels on Docker, Swarm, ECS, Consul & Nomad (#11374 by yelvert). This feature is needed in case you don’t want to use the container’s IP but a custom URL instead.
Here is a Docker compose example deploying an app and setting custom server urls:
version: '3.8'
services:
main:
image: lorem/ipsum:latest
deploy:
replicas: 3
labels:
- "traefik.enable=true"
- "traefik.http.routers.service1.entrypoints=https"
- "traefik.http.routers.service1.rule=Host(`foobar1.example.com`)"
- "traefik.http.routers.service1.service=foobar1"
- "traefik.http.routers.service1.tls=true"
- "traefik.http.services.service1.loadbalancer.server.url=http://foobar1:80"
- "traefik.http.routers.service2.entrypoints=https"
- "traefik.http.routers.service2.rule=Host(`foobar2.example.com`)"
- "traefik.http.routers.service2.service=foobar2"
- "traefik.http.routers.service2.tls=true"
- "traefik.http.services.service2.loadbalancer.server.url=http://foobar2:80"
- "traefik.docker.network=traefik"
More Delicacies
- ACME Enhancements: Introduced new options
acme.profile
andacme.emailAddresses
to customize certificate requests (#11597 by ldez). See the ACME documentation for details. - Kubernetes Improvements: Improved CEL validation for CRDs (#11311 by mloiseleur), ingress statuses were added for
ClusterIP
andNodePort
Service Type (#11100 by mlec1) and we can now get a root CA to be added through config maps (#11475 by Nelwhix). Refer to the Kubernetes Ingress documentation. - Gateway API: It’s now possible to set rule priority in Gateway API TLSRoute (#11443 by augustozanellato)
- Middlewares: An option
preserveRequestMethod
has been added to the ForwardAuth middleware to preserve the original HTTP method and to send the request body to the authorization server (#11473 by an09mous). See the ForwardAuth middleware documentation. The ErrorPage middleware now supports rewriting status codes dynamically (#11520 by sevensolutions). Check out the ErrorPage middleware documentation. - Sticky Sessions: You can now specify a cookie domain for sticky sessions (#11556 by jleal52). Refer to the Sticky Sessions documentation.
- TLS Enhancements: Added options to disable TLS session tickets and to add extra CA certificates via Kubernetes ConfigMaps (#11609 by avdhoot). See the TLS documentation.
- UDP Routing: Traefik can now route UDP traffic with systemd socket activation (#11022 by tsiid). Check out the UDP documentation.
- Web UI: The dashboard now supports an auto theme option, switching between light and dark modes based on your system settings (#11455 by zizzfizzix). Refer to the Dashboard documentation.
- Under the hood: experimental maps and slices have been replaced by stdlib (#11350 by Juneezee)
A Big Slice of Gratitude
Chaource wouldn’t be the same without our amazing community! To everyone who filed bugs, brainstormed features, or geeked out with us on GitHub—thank you! 🥂
Got questions? Compliments? Cheese puns? Share them in our Community Forum!
Useful Links
- Traefik 3.4 on GitHub & on DockerHub
- Traefik Documentation, Website, & GitHub
- Our Community Forum