Skip to main content

Routing Overview

Understand how Traefik routes requests through its architecture.

How Routing Works

Traefik’s routing architecture connects incoming requests to backend services through a sophisticated pipeline:

Routing Flow

  1. EntryPoints listen for incoming traffic on specific ports (e.g., :80, :443)
  2. Routers analyze requests using rules to match patterns (host, path, headers)
  3. Middleware transforms requests (authentication, rate limiting, headers)
  4. Services load balance and forward requests to backend servers
Every request must match a router rule to be forwarded to a service. Unmatched requests return a 404 error.

Component Responsibilities

EntryPoints

Network entry points that listen on specific ports for TCP or UDP traffic

Routers

Analyze incoming requests and match them against rules (Host, Path, Headers)

Services

Load balance requests across multiple backend servers with health checks

Middleware

Transform requests and responses (auth, rate limiting, compression)

Complete Routing Example

Here’s a complete example showing all routing components working together: 
entryPoints:
  web:
    address: ":80"
  websecure:
    address: ":443"

providers:
  file:
    directory: /etc/traefik/dynamic

What This Configuration Does

  1. EntryPoints: Listens on ports 80 (HTTP) and 443 (HTTPS)
  2. Router: Matches requests to api.example.com with path /v1/*
  3. Middleware: Applies basic authentication and rate limiting
  4. Service: Load balances between two backend servers with health checks
  5. TLS: Automatically obtains certificates from Let’s Encrypt

Protocol Support

Traefik supports multiple protocols for routing:
Full HTTP/1.1, HTTP/2, and HTTP/3 support with rich routing rules:
  • Host matching: Host(example.com)
  • Path matching: PathPrefix(/api)
  • Header matching: Header(Content-Type, application/json)
  • Method matching: Method(POST)
  • Query parameters: Query(mobile, true)
See Router configuration for all HTTP rules.

Router Priority

When multiple routers match a request, Traefik uses priority to determine which router handles the request. 
http:
  routers:
    # Priority: 34 (longer rule)
    specific-router:
      rule: "Host(`api.example.com`) && PathPrefix(`/v1`)"
      service: api-v1
    
    # Priority: 21 (shorter rule)
    generic-router:
      rule: "Host(`api.example.com`)"
      service: api-default
Routers with higher priority values are evaluated first. Without explicit priority, longer rules have higher priority.

Dynamic Configuration

Traefik supports dynamic configuration from multiple providers:
  • File - YAML/TOML configuration files
  • Docker - Container labels
  • Kubernetes - Ingress, IngressRoute CRDs
  • Consul/Etcd - Key-value stores
  • HTTP - REST API endpoint
See the Providers documentation for provider-specific routing configuration.

Best Practices

When you have multiple routers that could match the same request, set explicit priorities to ensure predictable routing:
http:
  routers:
    api-v2:
      rule: "Host(`api.example.com`) && PathPrefix(`/v2`)"
      priority: 200
      service: api-v2
    
    api-v1:
      rule: "Host(`api.example.com`) && PathPrefix(`/v1`)"
      priority: 150
      service: api-v1
    
    api-default:
      rule: "Host(`api.example.com`)"
      priority: 100
      service: api-default
Use && (AND), || (OR), and ! (NOT) for complex routing:
# Route API requests from specific IPs
rule: "PathPrefix(`/api`) && ClientIP(`192.168.1.0/24`)"

# Route multiple domains
rule: "Host(`example.com`) || Host(`example.org`)"

# Exclude admin paths
rule: "Host(`app.example.com`) && !PathPrefix(`/admin`)"
Always configure health checks to automatically remove unhealthy servers:
services:
  production-service:
    loadBalancer:
      servers:
        - url: "http://10.0.1.10:8080"
        - url: "http://10.0.1.11:8080"
      healthCheck:
        path: /health
        interval: "10s"
        timeout: "3s"
Order middleware carefully - authentication should come before rate limiting:
routers:
  api:
    middlewares:
      - api-auth       # 1. Authenticate first
      - api-ratelimit  # 2. Then rate limit
      - api-compress   # 3. Finally compress

Next Steps

Configure EntryPoints

Set up network entry points for HTTP, HTTPS, TCP, and UDP

Create Routers

Define routing rules to match and forward requests

Setup Services

Configure load balancing and health checks for backends

Build docs developers (and LLMs) love

Get started for freeTalk to us