Ingress-NGINX Isn’t Safe. Traefik is Secure by Design.
Ingress-NGINX hit a critical vulnerability (CVE-2025-1974, CVSS 9.8). It’s one of the most significant in recent years, and feature development has officially been halted.
Don’t wait for the next vulnerability. Migrate to Traefik OSS, the most secure, cloud native, and proven alternative.
Downloads
Stars on Github
Contributors
Need Help Migrating? Get Support Anytime, Day or Night.
Get commercial support 24/7/365 from the Traefik Support team. We’ll get you up and running and keep it that way.
- Choose between 3 support tiers
- Get access to our own expert engineers
- Peace of mind with a seamless upgrade path to API Gateway and more when you need it
Fill out the form to explore our commercial support options.
What is Traefik?
Traefik is a leading modern open source reverse proxy and ingress controller that makes deploying services and APIs easy. Traefik integrates with your existing infrastructure components and configures itself automatically and dynamically.
Simplified Operation, Complex Deployments
Traefik is designed to be as simple as possible to operate, but capable of handling large, highly-complex deployments across a wide range of environments and protocols in public, private, and hybrid clouds.
Enhanced with Powerful Middleware Suite
Traefik also comes with a powerful set of middlewares that enhance its capabilities to include load balancing, API gateway, orchestrator ingress, and more.
Upgrade from Traefik Proxy in Seconds
Watch this short demo video to see why our cloud native, GitOps-driven API Gateway is Developers' #1 choice.
Watch Demo VideoTraefik 3.0
WebAssembly (Wasm)
OpenTelemetry
Kubernetes Gateway API
HTTP/3
SPIFFE
Tailscale
WAF
Traefik Architecture Overview
Unlike a traditional reverse proxy, which requires manual configuration, Traefik uses service discovery to dynamically configure routing. Traefik supports all major protocols, leveraging a rich set of middleware for load balancing, rate-limiting, circuit-breakers, mirroring, authentication, and more. Traefik also supports SSL termination and works with ACME providers (like Let’s Encrypt) for automatic certificate generation. Traefik’s extensive features and capabilities make it the comprehensive gateway to all your applications.
Maximize Uptime, Solve Issues Quickly, and Achieve Peace of Mind 24/7/365
Need support with Traefik? Our team of experts is here to help!
Traefik Use Cases
![Ingress Controller]()
Ingress Controller
Deploy Traefik as your Kubernetes Ingress Controller to simplify networking, secure your APIs, and reduce the costs of managing your microservices with a dynamic, production-ready Kubernetes Ingress routing solution.
Learn more![Web Application Firewall]()
Web Application Firewall
Leverage Traefik as your WAF to protect your microservices and APIs against a myriad of online threats, such as SQL injection and cross-site scripting, thus enhancing security and ensuring data integrity.
Learn more![Certificate Management]()
Certificate Management
Traefik provides built-in support for Let’s Encrypt (ACME) automatic certificate management as well as user-defined certificates.
Learn more![Load Balancing]()
Load Balancing
Control load to upstream services with flexible Layer 4 and Layer 7 routing and load balancing capabilities plus a large middleware toolkit that enables dynamic scaling, zero-downtime blue-green and canary deployments, mirroring, and more.
Learn more
Traefik Features
Traefik offers a full, production-hardened feature set to meet the requirements of modern, cloud native applications in any environment and can integrate with legacy systems across multi-cloud, hybrid-cloud, and on-premises deployments.
Traffic Management
- Flexible Layer 4 and Layer 7 routing
- HTTP, HTTP/2, HTTP/3, TCP, UDP, Websockets, gRPC
- Mirroring
- Blue-green and canary deployments
- Stickiness
- Active health checks
- Middleware (circuit breakers, automatic retries, buffering, response compression, headers, rate limiting)
Security
- Automatic HTTPS
- Let’s Encrypt support
- Custom certificates
- Authentication
- Web Application Firewall
Integration & Extensibility
- Kubernetes Ingresses, Kubernetes Gateway API, Docker, Swarm, Red Hat OpenShift, Rancher, Amazon ECS, Consul, key-value stores
- WebAssembly (WASM) plugins support
Observability
- OpenTelemetry
- Built-in dashboard
- Distributed tracing (Jaeger, Open Tracing, Zipkin)
- Real-time traffic metrics (Datadog, Grafana, InfluxDB, Prometheus, StatsD)
Upgrade Your Traefik Deployment
Add security, centralize the control of your microservices and APIs, and ensure your business-critical applications are always highly available.
Traefik Ecosystem
Traefik integrates with every major cluster technology and includes built-in support for the top distributed tracing and metrics providers.
Providers & Orchestrators
- Kubernetes
- Docker Swarm
- etcd
- Consul
- K3S
- HashiCorp Nomad
- Redis
- Azure Service Fabric
- Amazon ECS
- AKS
- GKE
- EKS
- IBM Cloud Kubernetes Service
- OpenShift
Tracing & Metrics
- OpenTelemetry
- Datadog
- Prometheus
- InfluxDB
TLS Certificates
- Let's Encrypt
- Tailscale
- SPIFFE
What Our Users Are Saying
Join the growing number of users who trust Traefik.
