Dynamically route to new domain?

Hi, I am wondering is it possible to let Tarefik to route the traffic to a new domain name without restarting docker container?

My understanding is, if I add a new domain, I don't have to restart the tarefik container, but my webserver container has to be restarted, because Tarefik uses the labels to determine which container to route the traffic to, and labels cannot be added unless I restart the container.

So, is there a way to make the route work without restarting webserver container?


In swarm the labels are on the service, not the container, so if all you are doing is adding a service label then the container should not, nor need to be, restarted.

Thanks! I will give it a try.

This won't work in my scenario, the domains can go up to thousands
I have tarefik 2 in docker swarm, I have a few known sites (domains), I also like to be able to proxy new domains served by one of my containers.

Can i setup a catch all rule so any unmatched URLs go to one service?


PathPrefix(`/`) is a good one.

Thanks... now I am stuck at certificates. I may serve hundreds of new domains, but how to let traefik to request the cert / renew cert for these dynamic domains?

Certificates are requested based on the tls.domains option or the Host rule.

If you're pointing a dns name to traefik then that is the time to update tls.domains or add a Host rule.
Or keep it simple and leave them on http.


Thanks @cakiwi unfortunately I do need https, and adding host rules or tls.domains won't work, because it will have a main domain and the rest are SANs, and this only work for max of 100 domains. Also, I assume the certificate will display all these domains, and I don't want this to happen.

I there a way I can write a plugin to get this done?

For hosts rules I believe a new cert will be requested for each host. A SAN requested when a Host rule has multiple hosts Host(`h1.dom.com`,'h2.dom.com`,`h3.dom.net`)

Test it with the LE staging servers.

You're going to have to get the certificate before the client request comes in anyway. So may as well go with a Host rule.

If you were doing it first connect it would likely take too long to complete the ACME challenge before the client timed out and it would become a nice denial of service attack on your LetsEncrypt account.

There are other providers you could use to dynamically create routers and point them to the same service.

Plugins are for providers and middlewares, so I doubt it.