Every application deployed in Dokploy is automatically exposed to the internet through Traefik, a modern reverse proxy and load balancer. Dokploy manages the full lifecycle of Traefik configuration: it generates routing rules when you add a domain, requests and renews Let’s Encrypt TLS certificates automatically, and provides first-class UI controls for editing the raw configuration when you need to go beyond the defaults.Documentation Index
Fetch the complete documentation index at: https://mintlify.com/Nettalco/dokploy/llms.txt
Use this file to discover all available pages before exploring further.
How Dokploy Uses Traefik
When you create an application and assign a domain, Dokploy writes a dynamic configuration file for Traefik into/etc/dokploy/traefik/dynamic/. Traefik watches this directory and hot-reloads routing rules without any restart. The generated config wires together:
- An HTTP router — matches incoming requests by
Hostheader and forwards them to the right Docker service - A TLS certificate resolver — requests a Let’s Encrypt certificate for the domain automatically
- Any middleware attached to the application (redirects, basic auth, custom headers, etc.)
dokploy-traefik) managed by Dokploy itself. It listens on ports 80 (HTTP) and 443 (HTTPS) by default.
Traefik Dashboard
The built-in Traefik dashboard gives a real-time view of routers, services, and middleware. It is disabled by default and listens on port8080 when enabled.
Enable the dashboard:
settings.toggleDashboard, which:
- Checks that port
8080is not already in use on the host - Adds
8080:8080/tcpto the Traefik Docker service port mappings - Recreates the Traefik service in the background
settings.haveTraefikDashboardPortEnabled reads the current port list for dokploy-traefik and returns true if port 8080 is published.
Reading and Updating Traefik Config
Dokploy exposes three layers of Traefik configuration, each editable independently:- Main (static) config
- Web server config
- Middleware config
The static config controls global Traefik behaviour — entry points, certificate resolvers, log level, and access logs.
After saving, reload Traefik for changes to take effect (see Reloading Traefik).
| Operation | API call |
|---|---|
| Read | settings.readTraefikConfig → readMainConfig() |
| Write | settings.updateTraefikConfig → writeMainConfig(config) |
Traefik Environment Variables
Traefik’s runtime environment (for DNS challenge credentials, log levels, etc.) can be read and updated without touching the static config file:| Operation | API call | Description |
|---|---|---|
| Read | settings.readTraefikEnv | Returns the current dokploy-traefik environment variables |
| Write | settings.writeTraefikEnv | Applies new environment variables and recreates the Traefik service |
writeTraefikEnv internally calls writeTraefikSetup, which prepares the new environment alongside the existing port list and recreates the Docker service in the background — the request returns immediately while the update proceeds asynchronously.
Custom Traefik Files
For advanced use cases (custom providers, static TLS certificates, additional dynamic config), you can manage the raw files in the Traefik config directory directly:| Operation | API call | Description |
|---|---|---|
| Browse directory | settings.readDirectories | Lists files and folders under MAIN_TRAEFIK_PATH |
| Read a file | settings.readTraefikFile | Returns the contents of any file in the config tree |
| Write a file | settings.updateTraefikFile | Writes (or overwrites) a file at the specified path |
traefikFiles.read or traefikFiles.write permission.
Example: creating a custom dynamic config file for a TCP passthrough router:
settings.updateTraefikFile and Traefik will pick it up automatically.
Port Management
By default, Traefik publishes ports80 and 443. You can add arbitrary additional ports to expose TCP or UDP services (e.g., databases, game servers) through Traefik’s entrypoints.
| Operation | API call | Description |
|---|---|---|
| List ports | settings.getTraefikPorts → readPorts("dokploy-traefik") | Returns all currently published ports |
| Update ports | settings.updateTraefikPorts → writeTraefikSetup(...) | Replaces the port list and recreates the service |
updateTraefikPorts checks each new port for conflicts before applying the change. If a port is already in use by another container, it returns a CONFLICT error.
Example port definition:
Reloading Traefik
Some configuration changes (environment variables, port bindings) require recreating the Traefik Docker service. Others (dynamic config file updates) are picked up automatically by Traefik’s file provider without a restart. To force a reload after static config changes:settings.reloadTraefik, which triggers reloadDockerResource("dokploy-traefik") in the background. The function returns immediately; the dashboard polls /api/health to confirm Traefik is back up.
Application-Level Traefik Config
Every application in Dokploy has its own Traefik dynamic config file. You can view and edit it from the application’s Advanced → Traefik Config tab.| Operation | API call | Notes |
|---|---|---|
| Read | application.readTraefikConfig | Returns the current per-app config file |
| Write | application.updateTraefikConfig | Overwrites the file; Traefik hot-reloads immediately |
Middleware
Middleware transforms HTTP requests and responses as they pass through Traefik. Dokploy pre-configures two common middleware chains:HTTP → HTTPS Redirect
Automatically redirects all plaintext HTTP requests to their HTTPS equivalent. Configured in the redirects router and applied globally to all Dokploy-managed domains.
Basic Auth
Protects an endpoint with username/password authentication. Managed via the
security router and configurable per-application from the Security tab.settings.updateMiddlewareTraefikConfig and reference it from any application config by name.
Advanced: Custom Traefik Providers
Traefik supports multiple configuration providers (file, Docker, Consul, etc.) running simultaneously. To add a custom file provider that lives outside the default directory:Edit the main (static) config
Read the current config with
settings.readTraefikConfig, then add a providers.file entry:Save and reload
Save with
settings.updateTraefikConfig, then reload Traefik via settings.reloadTraefik.