0 0 Share PDF

Traefik Enterprise Edition Solution Brief for Docker Enterprise and Swarm

Traefik Enterprise Edition on Docker Enterprise Edition with Docker Swarm

Traefik Enterprise Edition (TraefikEE) is a production-grade, distributed, and highly-available routing solution built on top of Traefik.

Containous aims at simplifying the life of today’s DevOps and Site Reliability Engineers (SREs) with an easy-to-install, robust and secure edge router. Our cloud-native solution enables users to address all the routing (simple to very complex), load balancing, tracing and observability, and governance needs they may have with a small footprint. Containous is a cloud-agnostic and legacy friendly routing solution. TraefikEE is an enterprise-grade ingress controller built upon the acclaimed open source edge router 'Traefik'. It benefits from one of the most vibrant and supportive communities and caters to all the 'wiring' needs of your microservices projects, whether you are starting from scratch (greenfield) or transitioning away from a different infrastructure.

Traefik Architecture

To learn more about TraefikEE concepts, see Concepts of the documentation.


The 'Traefik Enterprise Edition on Docker Enterprise Edition with Docker Swarm' solution guide has been tested using the following environment:

External Ingress Access


TraefikEE takes advantage of the Routing Mesh with Swarm.

To reach TraefikEE from an external network, you must configure either:

  • DNS record(s) to at least one Docker EE worker node
  • An external load-balancer distributing requests to your Docker EE worker nodes
  • If you prefer to test the example without a DNS, you can simple use the IP address of one of the Swarm nodes in your cluster in place of public.cluster.dns.org in the example configurations.


We strongly recommend you to expose the IANA HTTP (80) and HTTPS (443) ports on the Docker EE worker nodes.

However, the default installation of UCP is already using the port 443 of the worker nodes, as explained in the Docker's UCP documentation

Based on your future needs, you have to choose one of the following scenarios:

  • If you plan to use Let's Encrypt with TraefikEE:
  • If you don't need Let's Encrypt, or cannot change UCP ports:
    • Consider using 2 available ports on the Docker EE worker nodes: Let's say 9080 and 9443
    • Configure your external Load-Balancer to do the port forwarding 80 <-> 9080 and 443 <-> 9443
    • Port 443 is mandatory if you plan to use Let's Encrypt with TLS challenge


You can install TraefikEE in Docker Swarm Mode using Swarm One Line Installation, specifying the HTTP/HTTPS public ports (chosen earlier in the "Ports" section) as options:

traefikeectl install \
  --swarm \
  --dashboard \
  --licensekey="${TRAEFIKEE_LICENSE_KEY}" \
  --swarm.http=9080 \
  --swarm.https=9443 \

"traefikeectl install options" To learn more about the command-line options used in traefikeectl install, see the Reference Guide


When the installation is complete:

  • Check your cluster nodes and logs using traefikeectl:

    traefikeectl list-nodes --clustername=traefikee-swarm
    traefikeectl logs --clustername=traefikee-swarm
  • Deploy a customized routing configuration to create the entrypoints. Please note that TraefikEE uses the 80 and 443 port internally, hence these values for the entrypoints:

    traefikeectl deploy --clustername=traefikee-swarm \
        --docker.swarmmode \
        --entryPoints='Name:http Address::80' \
        --entryPoints='Name:https Address::443 TLS' \

Deploy Application

You can start deploying applications in Docker Swarm with labels configured:

  • Start by creating the following Docker YAML Compose file named whoami-stack.yaml, with public.cluster.dns.org being the public DNS to reach the cluster (you can also use the IP address of a Swarm node instead of public.cluster.dns.org):

    version: '3.4'
        external: true
        image: containous/whoami
          mode: replicated
          replicas: 2
            - "traefik.enable=true"
            - "traefik.frontend.rule=Host:public.cluster.dns.org"
            - "traefik.port=80"
            - "traefik.backend=whoami"
        - traefikee_net
  • Deploy your application with the following command:

    docker stack deploy --compose-file=./whoami-stack.yaml whoami
  • Check the application deployment status, with 2/2 replicas ready:

    docker stack ps whoami
  • Verify that the requests are routed by TraefikEE to the "whoami" application:

    curl http://public.cluster.dns.org:9080
  • Cleanup the "whoami" application if everything is alright:

    docker stack rm whoami