Skip to content

Environment Variables

All supported environment variables for Traefik Manager. Variables marked Override take priority over the corresponding manager.yml field.

Quick reference

Variable Default Override Description
COOKIE_SECURE false Mark session cookie as Secure (required for HTTPS)
AUTH_ENABLED true auth_enabled Disable built-in login entirely
ADMIN_PASSWORD (unset) password_hash Admin password in plain text (hashed at runtime)
DOMAINS example.com domains Comma-separated base domains
CERT_RESOLVER cloudflare cert_resolver Default ACME resolver name
TRAEFIK_API_URL http://traefik:8080 traefik_api_url Traefik API URL
CONFIG_PATH /app/config/dynamic.yml Path to the Traefik dynamic config
BACKUP_DIR /app/backups Directory for timestamped config backups
SETTINGS_PATH /app/config/manager.yml Path to the Traefik Manager settings file

Reference

Default: false

Set to true when Traefik Manager is served over HTTPS. Marks the session cookie as Secure, which is required by browsers for cookies on HTTPS origins.

environment:
  - COOKIE_SECURE=true

Environment=COOKIE_SECURE=true

Warning

If you are behind a reverse proxy with HTTPS and do not set this, logins will fail silently — the session cookie will not be sent by the browser.

AUTH_ENABLED

Default: true Overrides: auth_enabled in manager.yml

Set to false to disable the built-in login entirely. Use this when Traefik Manager is protected by an external auth provider (Authentik, Authelia, Traefik basicAuth, etc.).

environment:
  - AUTH_ENABLED=false

Environment=AUTH_ENABLED=false

Danger

When disabled, the UI is fully open. Only use this behind another authentication layer.

ADMIN_PASSWORD

Default: (unset) Overrides: password_hash in manager.yml

Set the admin password in plain text. It is hashed with bcrypt at runtime. Useful for scripted deployments where you do not want to pre-generate a hash.

environment:
  - ADMIN_PASSWORD=mysecretpassword

Environment=ADMIN_PASSWORD=mysecretpassword

Note

When this variable is set, the CLI flask reset-password command and the in-UI password change have no effect — the password always comes from this variable. Remove the variable to switch back to manager.yml-managed passwords.

DOMAINS

Default: example.com Overrides: domains in manager.yml

Comma-separated list of base domains shown in the Add Route form.

environment:
  - DOMAINS=example.com,home.lab

Environment=DOMAINS=example.com,home.lab

CERT_RESOLVER

Default: cloudflare Overrides: cert_resolver in manager.yml

The default ACME cert resolver name pre-filled in the Add Route form.

environment:
  - CERT_RESOLVER=letsencrypt

Environment=CERT_RESOLVER=letsencrypt

TRAEFIK_API_URL

Default: http://traefik:8080 Overrides: traefik_api_url in manager.yml

The URL of the Traefik API. Must be reachable from the host running Traefik Manager.

environment:
  - TRAEFIK_API_URL=http://traefik:8080

Environment=TRAEFIK_API_URL=http://localhost:8080

CONFIG_PATH

Default: /app/config/dynamic.yml

Path to the Traefik dynamic config file. Change this if your layout does not match the default.

environment:
  - CONFIG_PATH=/data/traefik/dynamic.yml
volumes:
  - /path/to/traefik/dynamic.yml:/data/traefik/dynamic.yml

Environment=CONFIG_PATH=/etc/traefik/dynamic.yml

BACKUP_DIR

Default: /app/backups

Directory where timestamped backups of dynamic.yml are stored before every save.

environment:
  - BACKUP_DIR=/data/backups
volumes:
  - /path/to/backups:/data/backups

Environment=BACKUP_DIR=/var/lib/traefik-manager/backups

SETTINGS_PATH

Default: /app/config/manager.yml

Path to the Traefik Manager settings file. Useful if you want to separate it from the dynamic config directory.

environment:
  - SETTINGS_PATH=/data/manager.yml
volumes:
  - /path/to/manager.yml:/data/manager.yml

Environment=SETTINGS_PATH=/var/lib/traefik-manager/manager.yml