Running on Linux (without Docker)¶
Traefik Manager is a standard Python/Flask application and runs natively on any Linux system with Python 3.11+. No container runtime required.
Requirements¶
- Python 3.11 or newer
pip- A running Traefik instance reachable from the same host
- Write access to your Traefik
dynamic.yml
Install¶
1. Clone the repository
git clone https://github.com/chr0nzz/traefik-manager.git /opt/traefik-manager
cd /opt/traefik-manager
2. Create a virtual environment and install dependencies
3. Create the data directories
4. Test run
CONFIG_PATH=/etc/traefik/dynamic.yml \
BACKUP_DIR=/var/lib/traefik-manager/backups \
SETTINGS_PATH=/var/lib/traefik-manager/manager.yml \
COOKIE_SECURE=false \
/opt/traefik-manager/venv/bin/gunicorn \
--bind 0.0.0.0:5000 \
--workers 1 \
--chdir /opt/traefik-manager \
app:app
Open http://your-server:5000 — the setup wizard will guide you through the rest.
Systemd service¶
Running as a systemd service gives you automatic start on boot and restart on crash.
1. Create a dedicated user (recommended)
Give it read/write access to the files it needs:
# Write access to dynamic.yml and its directory (for backups/config)
chown traefik-manager: /etc/traefik/dynamic.yml
chown traefik-manager: /var/lib/traefik-manager
chown traefik-manager: /var/lib/traefik-manager/backups
# Read-only optional mounts (if using Certs/Plugins/Logs tabs)
# The user just needs read access to these files
2. Create the service unit
Create /etc/systemd/system/traefik-manager.service:
[Unit]
Description=Traefik Manager
After=network.target
[Service]
Type=simple
User=traefik-manager
WorkingDirectory=/opt/traefik-manager
ExecStart=/opt/traefik-manager/venv/bin/gunicorn \
--bind 0.0.0.0:5000 \
--workers 1 \
--log-level info \
app:app
# Paths
Environment=CONFIG_PATH=/etc/traefik/dynamic.yml
Environment=BACKUP_DIR=/var/lib/traefik-manager/backups
Environment=SETTINGS_PATH=/var/lib/traefik-manager/manager.yml
# Set to true if running behind a reverse proxy with HTTPS
Environment=COOKIE_SECURE=false
Restart=on-failure
RestartSec=5
[Install]
WantedBy=multi-user.target
3. Enable and start
4. Check it is running
Optional monitoring mounts¶
The Certs, Plugins, and Logs tabs work the same as with Docker — just point the env vars at your existing files:
# In the [Service] section of the systemd unit:
# Certs tab — path to acme.json
Environment=ACME_JSON_PATH=/etc/traefik/acme.json
# Plugins tab — path to traefik.yml
Environment=STATIC_CONFIG_PATH=/etc/traefik/traefik.yml
# Logs tab — path to access.log
Environment=ACCESS_LOG_PATH=/logs/access.log
Make sure traefik-manager user has read access to each file:
Behind a reverse proxy (nginx or Traefik)¶
When serving Traefik Manager over HTTPS through a reverse proxy, set COOKIE_SECURE=true in the service unit and remove the direct port binding.
nginx¶
server {
listen 443 ssl;
server_name manager.example.com;
ssl_certificate /etc/letsencrypt/live/manager.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/manager.example.com/privkey.pem;
location / {
proxy_pass http://127.0.0.1:5000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
Traefik (file provider)¶
Add to your dynamic.yml:
http:
routers:
traefik-manager:
rule: "Host(`manager.example.com`)"
entrypoints: [https]
tls:
certResolver: cloudflare
service: traefik-manager
services:
traefik-manager:
loadBalancer:
servers:
- url: "http://127.0.0.1:5000"
Password reset¶
Without Docker, use the flask CLI directly from the install directory:
cd /opt/traefik-manager
SETTINGS_PATH=/var/lib/traefik-manager/manager.yml \
venv/bin/flask reset-password
With --disable-otp if you have also lost access to your TOTP app:
cd /opt/traefik-manager
SETTINGS_PATH=/var/lib/traefik-manager/manager.yml \
venv/bin/flask reset-password --disable-otp
Updating¶
cd /opt/traefik-manager
git pull
source venv/bin/activate
pip install -r requirements.txt gunicorn
systemctl restart traefik-manager