Creating Ratelimit Label

alwayzsomthin · January 24, 2026, 10:22pm

Seeing if I could get a second pair of eyes on my configuration. Not sure why my “traefik-ratelimit” isn’t showing up as a middleware for my “traefik-secure” router. Any help would be appreciated. Below is my compose file.

networks:
proxy:
external: true
backend:
external: true
###########################################################################
services:
traefik:
image: traefik:latest
container_name: traefik
restart: unless-stopped
security_opt:
- no-new-privileges:true
ports:
- 80:80
- 443:443
environment:
CF_DNS_API_TOKEN: ${CF_DNS_API_TOKEN}
CF_API_EMAIL: ${CF_API_EMAIL}
TRAEFIK_DASHBOARD_CREDENTIALS: ${TRAEFIK_DASHBOARD_CREDENTIALS}
env_file: .env
volumes:
- /etc/localtime:/etc/localtime:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
- ./data/traefik.yml:/traefik.yml:ro
- ./data/acme.json:/acme.json
- ./log:/var/log/traefik
# - ./dynamic/config.yml:/config.yml:ro
labels:
- "traefik.enable=true"

HTTP Dashboard Router

"traefik.http.routers.traefik.entrypoints=http"
"traefik.http.routers.traefik.rule=Host(`traefik.domain.com`)"
"traefik.http.routers.traefik.middlewares=traefik-https-redirect"

Middlewares

"traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
"traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_DASHBOARD_CREDENTIALS}"
"traefik.http.middlewares.traefik-ratelimit.ratelimit.average=100"
"traefik.http.middlewares.traefik-ratelimit.ratelimit.burst=50"
"traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https"

HTTPS Dashboard Router

"traefik.http.routers.traefik-secure.entrypoints=https"
"traefik.http.routers.traefik-secure.rule=Host(`traefik.domain.com`)"
"traefik.http.routers.traefik-secure.middlewares=traefik-auth,traefik-ratelimit@docker"
"traefik.http.routers.traefik-secure.tls=true"
"traefik.http.routers.traefik-secure.tls.certresolver=letsencrypt"
"traefik.http.routers.traefik-secure.tls.domains[0].main=domain.com"
"traefik.http.routers.traefik-secure.tls.domains[0].sans=*.domain.com"
"traefik.http.routers.traefik-secure.service=api@internal"

###########################################################################
networks:
proxy:
ipv4_address: 10.1.17.20
backend:
ipv4_address: 10.1.27.20

bluepuma77 · January 24, 2026, 10:23pm

Use 3 backticks before and after code/config to improve readability and preserve spacing, which is important in yaml.

alwayzsomthin · January 25, 2026, 1:17am

networks:
proxy:
external: true
backend:
external: true
###########################################################################
services:
traefik:
image: traefik:latest
container_name: traefik
restart: unless-stopped
security_opt:

no-new-privileges:true
ports:

80:80

443:443
environment:
CF_DNS_API_TOKEN: ${CF_DNS_API_TOKEN}
CF_API_EMAIL: ${CF_API_EMAIL}
TRAEFIK_DASHBOARD_CREDENTIALS: ${TRAEFIK_DASHBOARD_CREDENTIALS}
env_file: .env
volumes:

/etc/localtime:/etc/localtime:ro

/var/run/docker.sock:/var/run/docker.sock:ro

./data/traefik.yml:/traefik.yml:ro

./data/acme.json:/acme.json

./log:/var/log/traefik

- ./dynamic/config.yml:/config.yml:ro

labels:

"traefik.enable=true"

HTTP Dashboard Router

"traefik.http.routers.traefik.entrypoints=http"
"traefik.http.routers.traefik.rule=Host(traefik.domain.com)"
"traefik.http.routers.traefik.middlewares=traefik-https-redirect"
Middlewares

"traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
"traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_DASHBOARD_CREDENTIALS}"
"traefik.http.middlewares.traefik-ratelimit.ratelimit.average=100"
"traefik.http.middlewares.traefik-ratelimit.ratelimit.burst=50"
"traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https"
HTTPS Dashboard Router

"traefik.http.routers.traefik-secure.entrypoints=https"
"traefik.http.routers.traefik-secure.rule=Host(traefik.domain.com)"
"traefik.http.routers.traefik-secure.middlewares=traefik-auth,traefik-ratelimit@docker"
"traefik.http.routers.traefik-secure.tls=true"
"traefik.http.routers.traefik-secure.tls.certresolver=letsencrypt"
"traefik.http.routers.traefik-secure.tls.domains[0].main=domain.com"
"traefik.http.routers.traefik-secure.tls.domains[0].sans=*.domain.com"
"traefik.http.routers.traefik-secure.service=api@internal"
###########################################################################
networks:
proxy:
ipv4_address: 10.1.17.20
backend:
ipv4_address: 10.1.27.20

alwayzsomthin · January 25, 2026, 1:20am

```

networks:
proxy:
external: true
backend:
external: true
###########################################################################
services:
traefik:
image: traefik:latest
container_name: traefik
restart: unless-stopped
security_opt:

no-new-privileges:true
ports:
80:80
443:443
environment:
CF_DNS_API_TOKEN: ${CF_DNS_API_TOKEN}
CF_API_EMAIL: ${CF_API_EMAIL}
TRAEFIK_DASHBOARD_CREDENTIALS: ${TRAEFIK_DASHBOARD_CREDENTIALS}
env_file: .env
volumes:
/etc/localtime:/etc/localtime:ro
/var/run/docker.sock:/var/run/docker.sock:ro
./data/traefik.yml:/traefik.yml:ro
./data/acme.json:/acme.json
./log:/var/log/traefik

- ./dynamic/config.yml:/config.yml:ro

labels:

"traefik.enable=true"

HTTP Dashboard Router

"traefik.http.routers.traefik.entrypoints=http"
"traefik.http.routers.traefik.rule=Host(traefik.domain.com)"
"traefik.http.routers.traefik.middlewares=traefik-https-redirect"
Middlewares

"traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"
"traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_DASHBOARD_CREDENTIALS}"
"traefik.http.middlewares.traefik-ratelimit.ratelimit.average=100"
"traefik.http.middlewares.traefik-ratelimit.ratelimit.burst=50"
"traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https"
HTTPS Dashboard Router

"traefik.http.routers.traefik-secure.entrypoints=https"
"traefik.http.routers.traefik-secure.rule=Host(traefik.domain.com)"
"traefik.http.routers.traefik-secure.middlewares=traefik-auth,traefik-ratelimit@docker"
"traefik.http.routers.traefik-secure.tls=true"
"traefik.http.routers.traefik-secure.tls.certresolver=letsencrypt"
"traefik.http.routers.traefik-secure.tls.domains[0].main=domain.com"
"traefik.http.routers.traefik-secure.tls.domains[0].sans=*.domain.com"
"traefik.http.routers.traefik-secure.service=api@internal"
###########################################################################
networks:
proxy:
ipv4_address: 10.1.17.20
backend:
ipv4_address: 10.1.27.20

```

bluepuma77 · January 25, 2026, 7:41am

or select code/config and press </>.

alwayzsomthin · January 25, 2026, 1:59pm

I did orginally and you still didn’t like it

alwayzsomthin · January 25, 2026, 2:08pm

networks:

   proxy:

     external: true

   backend:

      external: true  

###########################################################################

services:

  traefik:

    image: traefik:latest

    container_name: traefik

    restart: unless-stopped

    security_opt:

      - no-new-privileges:true    

    ports:

      - 80:80

      - 443:443      

    environment:

       CF_DNS_API_TOKEN: ${CF_DNS_API_TOKEN}

       CF_API_EMAIL: ${CF_API_EMAIL}

       TRAEFIK_DASHBOARD_CREDENTIALS: ${TRAEFIK_DASHBOARD_CREDENTIALS}       

    env_file: .env

    volumes:

      - /etc/localtime:/etc/localtime:ro

      - /var/run/docker.sock:/var/run/docker.sock:ro

      - ./data/traefik.yml:/traefik.yml:ro

      - ./data/acme.json:/acme.json

      - ./log:/var/log/traefik

      # - ./dynamic/config.yml:/config.yml:ro

    labels:

      - "traefik.enable=true"

   # HTTP Dashboard Router   

      - "traefik.http.routers.traefik.entrypoints=http"

      - "traefik.http.routers.traefik.rule=Host(`traefik.domain.com`)"

      - "traefik.http.routers.traefik.middlewares=traefik-https-redirect"

   # Middlewares

      - "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"    

      - "traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_DASHBOARD_CREDENTIALS}"

      - "traefik.http.middlewares.traefik-ratelimit.ratelimit.average=100"

      - "traefik.http.middlewares.traefik-ratelimit.ratelimit.burst=50"           

      - "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https"   

   # HTTPS Dashboard Router                                                    

      - "traefik.http.routers.traefik-secure.entrypoints=https"

      - "traefik.http.routers.traefik-secure.rule=Host(`traefik.domain.com`)"       

      - "traefik.http.routers.traefik-secure.middlewares=traefik-auth,traefik-ratelimit@docker"      

      - "traefik.http.routers.traefik-secure.tls=true"

      - "traefik.http.routers.traefik-secure.tls.certresolver=letsencrypt"

      - "traefik.http.routers.traefik-secure.tls.domains[0].main=domain.com"

      - "traefik.http.routers.traefik-secure.tls.domains[0].sans=*.domain.com"      

      - "traefik.http.routers.traefik-secure.service=api@internal"

###########################################################################

    networks:

       proxy:

          ipv4_address: 10.1.17.20

       backend:

          ipv4_address: 10.1.27.20

bluepuma77 · January 26, 2026, 11:59am

Now it looks pretty (spaced, no bullets) and is readable

What's inside your Traefik static configuration in traefik.yml?

Is there a potential collision with dynamic config from config.yml?

Note that this does not work as intended, there is no ro on sockets:

      - /var/run/docker.sock:/var/run/docker.sock:ro

alwayzsomthin · January 26, 2026, 1:49pm

Finally!

Didn’t realize that about the docker socket…Thank you.

I don’t have a config.yml file setup yet. Below is my traefik.yml file.

api:

  dashboard: true

  debug: true

entryPoints:

  http:

    address: ":80"

    http:

      redirections:

        entryPoint:

          to: https

          scheme: https

  https:

    address: ":443"

serversTransport:

  insecureSkipVerify: true

providers:

  docker:

    endpoint: "unix:///var/run/docker.sock"

    exposedByDefault: false

  # file:

  #   filename: /config.yml

certificatesResolvers:

  letsencrypt:

    acme:

      email: email@email.com

      storage: acme.json

      caServer: https://acme-v02.api.letsencrypt.org/directory # prod (default)

      #caServer: https://acme-staging-v02.api.letsencrypt.org/directory # staging

      dnsChallenge:

        provider: cloudflare        

        resolvers:

          - "1.1.1.1:53"

          - "1.0.0.1:53"

###########################################################################

log:

  level: "DEBUG"

  filePath: "/var/log/traefik/traefik.log"

accessLog:

  filePath: "/var/log/traefik/access.log"

alwayzsomthin · January 26, 2026, 7:40pm

Not sure what I changed if anything, but it appears to be working now…

networks:

   proxy:

     external: true

   backend:

      external: true  

###########################################################################

services:

  traefik:

    image: traefik:latest

    container_name: traefik

    restart: unless-stopped

    security_opt:

      - no-new-privileges:true    

    ports:

      - 80:80

      - 443:443      

    environment:

       CF_DNS_API_TOKEN: ${CF_DNS_API_TOKEN}

       CF_API_EMAIL: ${CF_API_EMAIL}

       TRAEFIK_DASHBOARD_CREDENTIALS: ${TRAEFIK_DASHBOARD_CREDENTIALS}       

    env_file: .env

    volumes:

      - /etc/localtime:/etc/localtime:ro

      - /var/run/docker.sock:/var/run/docker.sock:ro

      - ./data/traefik.yml:/traefik.yml:ro

      - ./data/acme.json:/acme.json

      - ./log:/var/log/traefik

      # - ./dynamic/config.yml:/config.yml:ro

    labels:

      - "traefik.enable=true"

# HTTP Dashboard Router ###########################################################################      

      - "traefik.http.routers.traefik.entrypoints=http"

      - "traefik.http.routers.traefik.rule=Host(`traefik.domain.com`)"

      - "traefik.http.routers.traefik.middlewares=traefik-https-redirect"

# Middlewares ###########################################################################      

      - "traefik.http.middlewares.traefik-auth.basicauth.users=${TRAEFIK_DASHBOARD_CREDENTIALS}"

      - "traefik.http.middlewares.traefik-https-redirect.redirectscheme.scheme=https"

      - "traefik.http.middlewares.sslheader.headers.customrequestheaders.X-Forwarded-Proto=https"

      - "traefik.http.middlewares.traefik-ratelimit.ratelimit.average=100"

      - "traefik.http.middlewares.traefik-ratelimit.ratelimit.burst=50"

# HTTPS Dashboard Router ###########################################################################      

      - "traefik.http.routers.traefik-secure.entrypoints=https"

      - "traefik.http.routers.traefik-secure.rule=Host(`traefik.domain.com`)"

      - "traefik.http.routers.traefik-secure.middlewares=traefik-auth,traefik-ratelimit"

      - "traefik.http.routers.traefik-secure.tls=true"

      - "traefik.http.routers.traefik-secure.tls.certresolver=letsencrypt"

      - "traefik.http.routers.traefik-secure.tls.domains[0].main=domain.com"

      - "traefik.http.routers.traefik-secure.tls.domains[0].sans=*.domain.com"

      - "traefik.http.routers.traefik-secure.service=api@internal"

###########################################################################

    networks:

       proxy:

          ipv4_address: 10.1.17.20

       backend:

          ipv4_address: 10.1.27.20

bluepuma77 · January 26, 2026, 8:05pm

You removed @docker at the end

Topic		Replies	Views
Docker dashboard + routes help Traefik v2 docker	5	681	December 16, 2019
Basic config without label usage Traefik v2 docker , dashboard-api	1	2075	November 10, 2019
Need help with securing Traefik dashboard Traefik v2 docker-swarm	8	1808	May 30, 2020
Traefik dashboard secured (SSL + basicAuth)? Traefik v2 docker , dashboard-api	6	1467	December 24, 2023
Traefik is filtering traefik docker container Traefik v2 docker , docker-swarm , dashboard-api	7	7749	May 27, 2020

Creating Ratelimit Label

- ./dynamic/config.yml:/config.yml:ro

Related topics