Traefik Proxy 3.4 “Chaource” Is Ready to Serve

Traefik Proxy 3.4 is here, and it’s greater than ever! Codenamed “Chaource” 🧀 (a creamy delight from Champagne, France, has been crafted since Roman times), this release is packed with zesty new features, smoother operations, and a sprinkle of magic to keep your infrastructure running like a well-oiled fondue pot. Let’s cut through the rind and dig into the goodness!

Key New Features

Distributed Rate-Limiting with Redis 

“Sharing is caring” just got a whole new meaning! Traefik’s new distributed rate-limiting (#10211 by longquan0104) lets you enforce traffic rules globally across instances using Redis. No more rogue services hogging bandwidth—this feature ensures fair play, even in a multi-node setup. Perfect for stopping API abuse or managing traffic spikes without breaking a sweat.

Here is an example to deploy a rateLimit middleware in Kubernetes:

apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
   name: test-ratelimit
spec:
   rateLimit:
      # ...
      redis:
         secret: mysecret

---
apiVersion: v1
kind: Secret
metadata:
   name: mysecret
   namespace: default
data:
   username: dXNlcm5hbWU=
   password: cGFzc3dvcmQ=

P2C (Power of Two Choices) Load-Balancing

Meet the Power of Two Choices (P2C) load balancer—your new traffic whisperer. Instead of blindly picking a backend, P2C intelligently selects two random candidates and routes requests to the least busy one (initiated by ifross89 in #10534). Under heavy traffic, P2C avoids overloading a single server “by accident”. This results in fewer bottlenecks and a steadier, more predictable load distribution.

Enabling P2C is easy. In your service’s load-balancer config, set the method to p2c instead of the default. For example:

http:
  services:
    my-service:
      loadBalancer:
        servers:
          - url: "http://10.0.0.1"
          - url: "http://10.0.0.2"
          - url: "http://10.0.0.3"
          - url: "http://10.0.0.4"
        method: "p2c"

Custom Server URL with Labels 

A long awaited feature is part of this release, Chaource lets you define server URLs via labels on Docker, Swarm, ECS, Consul & Nomad (#11374 by yelvert). This feature is needed in case you don’t want to use the container’s IP but a custom URL instead.

Here is a Docker compose example deploying an app and setting custom server urls:

version: '3.8'
services:
  main:
    image: lorem/ipsum:latest
    deploy:
      replicas: 3
      labels:
        - "traefik.enable=true"

        - "traefik.http.routers.service1.entrypoints=https"
        - "traefik.http.routers.service1.rule=Host(`foobar1.example.com`)"
        - "traefik.http.routers.service1.service=foobar1"
        - "traefik.http.routers.service1.tls=true"
        - "traefik.http.services.service1.loadbalancer.server.url=http://foobar1:80"
        
        - "traefik.http.routers.service2.entrypoints=https"
        - "traefik.http.routers.service2.rule=Host(`foobar2.example.com`)"
        - "traefik.http.routers.service2.service=foobar2"
        - "traefik.http.routers.service2.tls=true"
        - "traefik.http.services.service2.loadbalancer.server.url=http://foobar2:80"

        - "traefik.docker.network=traefik"

More Delicacies

• ACME Enhancements: Introduced new options acme.profile and acme.emailAddresses to customize certificate requests (#11597 by ldez). See the ACME documentation for details.
• Kubernetes Improvements: Improved CEL validation for CRDs (#11311 by mloiseleur), ingress statuses were added for ClusterIP and NodePort Service Type (#11100 by mlec1) and we can now get a root CA to be added through config maps (#11475 by Nelwhix). Refer to the Kubernetes Ingress documentation.
• Gateway API: It’s now possible to set rule priority in Gateway API TLSRoute (#11443 by augustozanellato)
• Middlewares: An option preserveRequestMethod has been added to the ForwardAuth middleware to preserve the original HTTP method and to send the request body to the authorization server (#11473 by an09mous). See the ForwardAuth middleware documentation. The ErrorPage middleware now supports rewriting status codes dynamically (#11520 by sevensolutions). Check out the ErrorPage middleware documentation.
• Sticky Sessions: You can now specify a cookie domain for sticky sessions (#11556 by jleal52). Refer to the Sticky Sessions documentation.
• TLS Enhancements: Added options to disable TLS session tickets and to add extra CA certificates via Kubernetes ConfigMaps (#11609 by avdhoot). See the TLS documentation.
• UDP Routing: Traefik can now route UDP traffic with systemd socket activation (#11022 by tsiid). Check out the UDP documentation.
• Web UI: The dashboard now supports an auto theme option, switching between light and dark modes based on your system settings (#11455 by zizzfizzix). Refer to the Dashboard documentation.
• Under the hood: experimental maps and slices have been replaced by stdlib (#11350 by Juneezee)

A Big Slice of Gratitude

Chaource wouldn’t be the same without our amazing community! To everyone who filed bugs, brainstormed features, or geeked out with us on GitHub—thank you! 🥂

Got questions? Compliments? Cheese puns? Share them in our Community Forum!

Useful Links

• Traefik 3.4 on GitHub & on DockerHub
• Traefik Documentation, Website, & GitHub
• Our Community Forum