Does traefik support dynamic entrypoint

pavanbhaskardev · December 24, 2025, 5:11pm

Hi everyone,

We’re trying to proxy multiple TCP connections to our databases inside a private network

# traefik.yaml
entryPoints:
  web:
    address: ":80"
  websecure:
    address: ":443"
  ping:
    address: ":8082"
  postgres:
    address: ":5432/tcp"
  mongo:
    address: ":27017/tcp"
  mysql:
    address: ":3306/tcp"
  redis:
    address: ":6379/tcp"

ping:
  entryPoint: ping

providers:
  etcd:
    rootKey: "customers"
  file:
    filename: /dynamic/tls.yaml

api:
  dashboard: true

log:
  level: DEBUG

# ETCD Configuration
etcdctl put 'customers/tcp/routers/mongo-router/entrypoints/0' "mongo" && \
etcdctl put 'customers/tcp/routers/mongo-router/rule' 'HostSNI(`*`)' && \
etcdctl put 'customers/tcp/routers/mongo-router/service' "mongo-service" && \
etcdctl put 'customers/tcp/services/mongo-service/loadbalancer/servers/0/address' '100.67.124.124:13232'

We don’t have TLS Termination at database level
so we can’t specify hostname in HostSNI
is there any way to mention port in entrypoint

etcdctl put 'customers/tcp/routers/mongo-router/entrypoints/0' "mongo:2202"

etcdctl put 'customers/tcp/routers/mongo-router/rule' 'HostSNI(`mongo.mydomain.com`)'

bluepuma77 · December 24, 2025, 5:13pm

Can you provide more context, what you are trying to achieve?

pavanbhaskardev · December 26, 2025, 7:37am

Hi @bluepuma77

I wanted add port-range in entrypoint

github.com/traefik/traefik

Port Ranges for entryPoints

opened 07:56PM - 31 Dec 24 UTC

closed 01:08PM - 15 May 25 UTC

Handrail9

kind/proposal area/server status/5-frozen-due-to-age

### Welcome! - [x] Yes, I've searched similar issues on [GitHub](https://github….com/traefik/traefik/issues) and didn't find any. - [x] Yes, I've searched similar issues on the [Traefik community forum](https://community.traefik.io) and didn't find any. ### What did you expect to see? I am re-opening issue [#1677](https://github.com/traefik/traefik/issues/1677) which was opened back in 2017 and closed due to age in 2018. I am re-opening the issue/requesting the feature due to the fact I would like anything I expose publicly on my infrastructure to be filtered through Traefik. One of the things I would like to host is [Matrix](https://github.com/spantaleev/matrix-docker-ansible-deploy) which requests the range `49152-49172/udp` for TURN over UDP. It would make life a lot easier to be able to define `address: :49152-:49172/udp` rather than ``` ... TURN port 1: address: :49152/udp TURN port 2 address: :49153/udp TURN port 3: address: :49154/udp TURN port 4: address: :49155/udp ... ``` so on and so fourth. If more details are needed or if there is anything I can do to improve this feature request please let me know.

bluepuma77 · December 26, 2025, 8:25am

It’s currently not possible, entrypoints accepts only a single port (doc).

It seems the feature request is too niche, with very little interest, so it’s not implemented by the devs to not bloat Traefik.

pavanbhaskardev · December 26, 2025, 11:26am

Thanks you,

If entrypoints are not dynamic, is there anyway to achieve this in traefik

bluepuma77 · December 26, 2025, 5:29pm

For every port used, you need to create a separate entrypoint in static config. And for every change in static config, you need to restart Traefik.

pavanbhaskardev · December 27, 2025, 6:50am

Thanks @bluepuma77

We’re building a platform https://dflow.sh, Open source alternative to Railway, Vercel & Heroku where users can bring there own servers and deploy Applications, Databases

customer servers will be added to our private network.
we’re exposing traefik instance (reverse proxy) from our side for proxying request to customer machines.
Application level proxy (http/https) was good using traefik.
But proxy at Database level we don’t have tls termination support at database level.
We’ve checked if there’s any other way proxy (TCP/UDP connections) via dynamic port configuration. We got a limitation of static entrypoint configuration and traefik restart.
Restarting traefik causes down-time to our application.

It would be nice if this is feature got added in future versions

bluepuma77 · December 27, 2025, 9:05am

The challenge is that you need HostSNI to be enabled by the database protocol. I think only MongoDB does that, but MySQL, MariaDB and Postgres does not support HostSNI.

Options: use a different TCP port for every database with HostSNI(`*`). If you want this dynamic, you could implement it, Traefik is open source.

Having 10000s of ports open is probably not a good idea, as each will create an overhead of CPU and RAM usage.

Not sure if a database packet router could be implemented inside Traefik.

You probably need to use a different reverse proxy for the database connections with database routing enabled. Maybe check haproxy or envoy.

system · January 6, 2026, 10:31am

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Entrypoints Dynamic Creation Traefik v2 docker	3	1876	June 30, 2020
Multiple TCP proxies to different hosts:ports Traefik v3 (latest) docker , tcp	4	28	February 24, 2026
Traefik EntryPoints/Routers Port Ranges Traefik v3 (latest) tcp	2	900	September 13, 2024
Entry Point not found even though logs indicate they started correctly Traefik v2 docker , tcp	5	3725	December 17, 2020
1 IngressRouteTCP vs Multiple entrypoints Traefik v2 kubernetes-crd	0	794	December 2, 2020

Does traefik support dynamic entrypoint

Related topics