Hi,
We are deploying Traefik as a reverse proxy to our application.
However i was not able to find a good security guide to harden our rules.
Can someone point me to a good guideline for hardening Traefik as a standalone proxy ?
Thanks
Arun
Basics: Keep Traefik up to date, maybe enable CORS, run Traefik with a dedicated user, maybe use a Docker socket proxy, check OWASP cheatsheet.
You can use various middlewares to limit requests like parallel or from an IP, check the list.
Some people use Cloudflare, personally I don’t want them to see my data, others use threat detection solutions via ForwardAuth or middleware. But again, you are sharing (potentially private) data, introduce more delay and depend on another service, which can fail.