Modern HTTP reverse proxy and load balancer on FreeBSD.
| Port | 80 |
| Registry | ghcr.io/daemonless/traefik |
| Source | https://github.com/traefik/traefik |
| Website | https://traefik.io/ |
| Tag | Description | Best For |
|---|---|---|
latest |
Upstream Binary. Built from official release. | Most users. Matches Linux Docker behavior. |
pkg |
FreeBSD Quarterly. Uses stable, tested packages. | Production stability. |
pkg-latest |
FreeBSD Latest. Rolling package updates. | Newest FreeBSD packages. |
k8s |
Passthrough. Traefik as PID 1, no s6 — for Kubernetes/helm & CLI-arg config. | Alternative build. |
Before deploying, ensure your host environment is ready. See the Quick Start Guide for host setup instructions.
services:
traefik:
image: "ghcr.io/daemonless/traefik:latest"
container_name: traefik
environment:
- PUID=1000 # User ID for the application process
- PGID=1000 # Group ID for the application process
- TZ=UTC # Timezone for the container
volumes:
- "/path/to/containers/traefik:/config"
ports:
- "80:80"
- "443:443"
- "8080:8080"
restart: unless-stopped.env:
# .env
DIRECTOR_PROJECT=traefik
PUID=1000
PGID=1000
TZ=UTC
appjail-director.yml:
# appjail-director.yml
options:
- virtualnet: ':<random> default'
- nat:
services:
traefik:
name: traefik
options:
- container: 'boot args:--pull'
- expose: '80:80 proto:tcp' \
- expose: '443:443 proto:tcp' \
- expose: '8080:8080 proto:tcp' \
oci:
user: root
environment:
- PUID: !ENV '${PUID}'
- PGID: !ENV '${PGID}'
- TZ: !ENV '${TZ}'
volumes:
- traefik: /config
volumes:
traefik:
device: '/path/to/containers/traefik'Makejail:
# Makejail
ARG tag=latest
OPTION overwrite=force
OPTION from=ghcr.io/daemonless/traefik:${tag}
Note: Exposing ports in AppJail means that your service can be reached from remote hosts. If that is not your intention, do not expose the ports and communicate with the service using the IPv4 address assigned by the virtual network.
podman run -d --name traefik \
-p 80:80 \
-p 443:443 \
-p 8080:8080 \
-e PUID=1000 \
-e PGID=1000 \
-e TZ=UTC \
-v /path/to/containers/traefik:/config \
ghcr.io/daemonless/traefik:latestappjail oci run -Pd \
-o overwrite=force \
-o container="args:--pull" \
-o virtualnet=":<random> default" \
-o nat \
-o expose="80:80 proto:tcp" \
-o expose="443:443 proto:tcp" \
-o expose="8080:8080 proto:tcp" \
-e PUID=1000 \
-e PGID=1000 \
-e TZ=UTC \
-o fstab="/path/to/containers/traefik /config <pseudofs>" \
ghcr.io/daemonless/traefik:latest traefikNote: Exposing ports in AppJail means that your service can be reached from remote hosts. If that is not your intention, do not expose the ports and communicate with the service using the IPv4 address assigned by the virtual network.
- name: Deploy traefik
containers.podman.podman_container:
name: traefik
image: "ghcr.io/daemonless/traefik:latest"
state: started
restart_policy: always
env:
PUID: "1000"
PGID: "1000"
TZ: "UTC"
ports:
- "80:80"
- "443:443"
- "8080:8080"
volumes:
- "/path/to/containers/traefik:/config"| Variable | Default | Description |
|---|---|---|
PUID |
1000 |
User ID for the application process |
PGID |
1000 |
Group ID for the application process |
TZ |
UTC |
Timezone for the container |
| Path | Description |
|---|---|
/config |
Configuration directory (traefik.yml, dynamic/, letsencrypt/) |
| Port | Protocol | Description |
|---|---|---|
80 |
TCP | HTTP |
443 |
TCP | HTTPS |
8080 |
TCP | Dashboard/API |
Architectures: amd64
User: bsd (UID/GID via PUID/PGID, defaults to 1000:1000)
Base: FreeBSD 15.1
Need help? Join our Discord community.