A Traefik-like reverse proxy implemented in Python (asyncio + Starlette).
Project description
python-traefik
A production-grade, Traefik-inspired reverse proxy implemented in Python using asyncio and Starlette.
Features
Core (Implemented ✔)
- Dynamic Routing — rule-based routing with
Host(),PathPrefix(),Path(),HostRegexp(),Headers(),Method(),ClientIP()matchers - Compound Rules — combine matchers with
&&,||, and parentheses:(Host(\a.com`) || Host(`b.com`)) && PathPrefix(`/api`)` - Load Balancing — round-robin across backend servers with health-aware selection
- Health Checks — periodic async health probes; unhealthy backends are automatically removed from rotation
- Prometheus Metrics — request count and latency histograms at
/metrics - Reverse Proxy — full HTTP forwarding with hop-by-hop header filtering and
X-Forwarded-*injection - Connection Pooling — shared
httpx.AsyncClientfor efficient backend connections
Middleware Pipeline ✔
- Rate Limiting — per-IP token bucket rate limiter
- Basic Auth — HTTP Basic authentication
- Circuit Breaker — trips open after N failures, auto-recovers after timeout
- Retry — configurable retry with exponential back-off
- Headers — set, add, or remove response headers
- Redirect Scheme — HTTP → HTTPS redirect
TCP/UDP Support ✔
- TCP Proxy — layer-4 TCP reverse proxy with bidirectional streaming
- UDP Proxy — layer-4 UDP relay with client address tracking
- TLS Termination — optional TLS on TCP entrypoints
SSL/TLS Certificate Management ✔
- Static Certificates — load PEM cert/key from files
- Self-Signed Generation — auto-generate dev certs via
cryptography - ACME Stub — provisioning framework (full Let's Encrypt client TBD)
- Certificate Store — in-memory store with wildcard domain support
Service Discovery ✔
- Consul — discover services from Consul catalog with health filtering
- Kubernetes — discover services from K8s API with in-cluster token auto-detection
- Hot Reload — discovered services update the registry without restart
Dashboard API ✔
- Web UI — dark-themed dashboard at
/dashboard - REST API — JSON endpoints for overview, routers, services, and certificates
- Real-time Status — backend health status with visual indicators
Architecture
┌──────────────┐ ┌──────────────┐ ┌──────────────┐
│ Entrypoint │────▶│ Router │────▶│ Middleware │
│ :8000 HTTP │ │ Rule Match │ │ Pipeline │
│ :3306 TCP │ │ Priority │ │ rate-limit │
│ :5353 UDP │ │ │ │ basic-auth │
└──────────────┘ └──────────────┘ │ retry │
└──────┬───────┘
│
┌──────────────┐ ┌──────▼───────┐
│ Backend │◀────│ Load Balancer│
│ :5000 │ │ Round-Robin │
│ :5001 │ │ Health-Aware │
└──────────────┘ └──────────────┘
Quickstart
Install
pip install -e .
Install with dev dependencies
pip install -e ".[dev]"
Run
python-traefik run --config examples/config.yml
Validate config without starting
python-traefik validate --config examples/config.yml
Check version
python-traefik version
Test routing
# Route by host
curl -H "Host: example.com" http://localhost:8000/
# Prometheus metrics
curl http://localhost:8000/metrics
# Dashboard
open http://localhost:8080/dashboard
# Dashboard API
curl http://localhost:8080/api/overview
curl http://localhost:8080/api/routers
curl http://localhost:8080/api/services
Configuration
See examples/config.yml for a basic setup and examples/config_full.yml for a full reference.
Minimal Config
entryPoints:
web:
address: ":8000"
routers:
app:
rule: "Host(`example.com`) && PathPrefix(`/`)"
service: "app_service"
services:
app_service:
loadBalancer:
servers:
- url: "http://localhost:5000"
Config Sections
| Section | Description |
|---|---|
entryPoints |
HTTP listener addresses |
tcpEntryPoints |
TCP proxy listeners |
udpEntryPoints |
UDP proxy listeners |
routers |
Rule → service mapping with optional middlewares and priority |
services |
Backend server groups with load balancer |
middlewares |
Named middleware definitions |
tls |
TLS certificates and ACME configuration |
metrics |
Prometheus endpoint toggle |
healthcheck |
Backend health probe settings |
dashboard |
Dashboard UI and API |
providers |
Service discovery (Consul, Kubernetes) |
logging |
Log level and access log toggle |
Development
Run tests
pytest tests/ -v
Lint
ruff check python_traefik/
License
MIT — see LICENSE.
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
python_traefik-0.3.0.tar.gz
(31.9 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file python_traefik-0.3.0.tar.gz.
File metadata
- Download URL: python_traefik-0.3.0.tar.gz
- Upload date:
- Size: 31.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.10
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
a79b63e4fcb7c3cb9653a07fcd9be7791b8a8240d3c80c8c68241ac4e4a36fd9
|
|
| MD5 |
d119748f526af936f3ca8d915e001442
|
|
| BLAKE2b-256 |
62b7f22188b9c2119e5329723929c12a286a8304a87c43679e3b39ecfc23e240
|
File details
Details for the file python_traefik-0.3.0-py3-none-any.whl.
File metadata
- Download URL: python_traefik-0.3.0-py3-none-any.whl
- Upload date:
- Size: 29.3 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.12.10
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
b7567f9f06e5e96050998c1f17bc9129e3d416c7f009a2ffd1d8d31a586e7796
|
|
| MD5 |
8aa83b314d0fff0a3f61b1e6d3ab545f
|
|
| BLAKE2b-256 |
5aadfdf4c24052d9b8e79d13a416c9e0b251ee221f9da7fe8024c51e558a84d9
|
