A Traefik-like reverse proxy implemented in Python (asyncio + Starlette).
Project description
python-traefik
A production-grade, Traefik-inspired reverse proxy implemented in Python using asyncio and Starlette.
Demo
Features
Core (Implemented ✔)
- Dynamic Routing — rule-based routing with
Host(),PathPrefix(),Path(),HostRegexp(),Headers(),Method(),ClientIP()matchers - Compound Rules — combine matchers with
&&,||, and parentheses:(Host(\a.com`) || Host(`b.com`)) && PathPrefix(`/api`)` - Load Balancing — round-robin across backend servers with health-aware selection
- Health Checks — periodic async health probes; unhealthy backends are automatically removed from rotation
- Prometheus Metrics — request count and latency histograms at
/metrics - Reverse Proxy — full HTTP forwarding with hop-by-hop header filtering and
X-Forwarded-*injection - Connection Pooling — shared
httpx.AsyncClientfor efficient backend connections
Middleware Pipeline ✔
- Rate Limiting — per-IP token bucket rate limiter
- Basic Auth — HTTP Basic authentication
- Circuit Breaker — trips open after N failures, auto-recovers after timeout
- Retry — configurable retry with exponential back-off
- Headers — set, add, or remove response headers
- Redirect Scheme — HTTP → HTTPS redirect
TCP/UDP Support ✔
- TCP Proxy — layer-4 TCP reverse proxy with bidirectional streaming
- UDP Proxy — layer-4 UDP relay with client address tracking
- TLS Termination — optional TLS on TCP entrypoints
SSL/TLS Certificate Management ✔
- Static Certificates — load PEM cert/key from files
- Self-Signed Generation — auto-generate dev certs via
cryptography - ACME Stub — provisioning framework (full Let's Encrypt client TBD)
- Certificate Store — in-memory store with wildcard domain support
Service Discovery ✔
- Consul — discover services from Consul catalog with health filtering
- Kubernetes — discover services from K8s API with in-cluster token auto-detection
- Hot Reload — discovered services update the registry without restart
Dashboard API ✔
- Web UI — dark-themed dashboard at
/dashboard - REST API — JSON endpoints for overview, routers, services, and certificates
- Real-time Status — backend health status with visual indicators
Architecture
┌──────────────┐ ┌──────────────┐ ┌──────────────┐
│ Entrypoint │────▶│ Router │────▶│ Middleware │
│ :8000 HTTP │ │ Rule Match │ │ Pipeline │
│ :3306 TCP │ │ Priority │ │ rate-limit │
│ :5353 UDP │ │ │ │ basic-auth │
└──────────────┘ └──────────────┘ │ retry │
└──────┬───────┘
│
┌──────────────┐ ┌──────▼───────┐
│ Backend │◀────│ Load Balancer│
│ :5000 │ │ Round-Robin │
│ :5001 │ │ Health-Aware │
└──────────────┘ └──────────────┘
Quickstart
Install
pip install -e .
Install with dev dependencies
pip install -e ".[dev]"
Run
python-traefik run --config examples/config.yml
Validate config without starting
python-traefik validate --config examples/config.yml
Check version
python-traefik version
Test routing
# Route by host
curl -H "Host: example.com" http://localhost:8000/
# Prometheus metrics
curl http://localhost:8000/metrics
# Dashboard
open http://localhost:8080/dashboard
# Dashboard API
curl http://localhost:8080/api/overview
curl http://localhost:8080/api/routers
curl http://localhost:8080/api/services
Configuration
See examples/config.yml for a basic setup and examples/config_full.yml for a full reference.
Minimal Config
entryPoints:
web:
address: ":8000"
routers:
app:
rule: "Host(`example.com`) && PathPrefix(`/`)"
service: "app_service"
services:
app_service:
loadBalancer:
servers:
- url: "http://localhost:5000"
Config Sections
| Section | Description |
|---|---|
entryPoints |
HTTP listener addresses |
tcpEntryPoints |
TCP proxy listeners |
udpEntryPoints |
UDP proxy listeners |
routers |
Rule → service mapping with optional middlewares and priority |
services |
Backend server groups with load balancer |
middlewares |
Named middleware definitions |
tls |
TLS certificates and ACME configuration |
metrics |
Prometheus endpoint toggle |
healthcheck |
Backend health probe settings |
dashboard |
Dashboard UI and API |
providers |
Service discovery (Consul, Kubernetes) |
logging |
Log level and access log toggle |
Development
Run tests
pytest tests/ -v
Lint
ruff check python_traefik/
License
MIT — see LICENSE.
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
python_traefik-0.4.0.tar.gz
(32.2 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file python_traefik-0.4.0.tar.gz.
File metadata
- Download URL: python_traefik-0.4.0.tar.gz
- Upload date:
- Size: 32.2 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.10
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
22f71d455ff2d528b9462d4bea5eefade0d45f3a8f4a1b8a1025128f34df32dd
|
|
| MD5 |
3917fa0d20f6d651097afbea2be416b4
|
|
| BLAKE2b-256 |
e014b795b741d61102e25a7f725c815f189c508181d34aa75dcca82949a2dc2b
|
File details
Details for the file python_traefik-0.4.0-py3-none-any.whl.
File metadata
- Download URL: python_traefik-0.4.0-py3-none-any.whl
- Upload date:
- Size: 29.4 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.10
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
d969925b77bc3f8b4658647afda39e9a893e40bc39eff4da8b1972bbafecf403
|
|
| MD5 |
cf457da029d0549f680c8a0d40bf2f31
|
|
| BLAKE2b-256 |
779cbe2de30f6a1339518fb225565d23e237bbfb7da433bd8234124df8b0fb55
|
