Need some help with understanding Traefic goals


I have dockerized client SPA app behind nginx with catchall rule that serves static files on one machine.
In addition I have python FastApi backends run under gunicorn on another machine with few public API on different ports. I use docker-compose for it.
Client use that API, backends use it too.
I have dev and production environment.

I would like to add SSL on prod only and need to understand how can I use Traefic for this.

  • Should I put one Traefic instance on another machine and forward requests on 80/443 port to client/server 443 port?
  • Should I have two Traefic instances maybe, one on client machine and one on backends machine? If so, how to pass certificate files between machines? And where certs are stores?
  • How to use Traefic with SPA application? I read that I still need nginx to serve static file, is that right? How such nginx file should looks like?
  • Is there any pros to use Traefic on dev too?

Edit: After full night of fighting I got nowhere and didn't manage to made single thing working. Static configuration didn't work, still getting certificate error, acme.json is empty, 404 page returned by Traefik every time. With turned off SSL and dynamic configuration it was possible to send traffic to nginx, but serving static content was much slower than when used nginx directly. Logs on debug show nothing wrong except http: TLS handshake error from x.x.x.x: remote error: tls: unknown certificate" and I see I would spend too much time for having ssl certs managed by Traefik. It would be nice if I could get some active help from someone experienced, but leaving alone I am going to try use certbot by myself.