github chr0nzz/traefik-manager v1.5.0
on GitHub

13 hours ago

v1.5.0

New Features

  • #66 - Git Repository Backup and Restore - Traefik Manager can now automatically push your Traefik configuration to a Git repository after every change. Configure a repository URL, branch, username, and access token in Settings → Backups → Git tab. Supports GitHub, Gitea, Forgejo, GitLab, and any HTTPS Git host. Features include:

    • Auto-push on save - config is committed and pushed in the background after every route, middleware, or static config change
    • Git History - browse the last 50 commits with timestamps and messages
    • Side-by-side diff viewer - click View Diff on any commit to open a full-screen Monaco diff editor showing exactly what changed, with per-file tabs when multiple files were modified
    • One-click restore - roll back to any commit directly from the UI; a local backup is created automatically before restoring
    • Test Connection and Manual Push buttons
    • Notifications - push success, push failure, and restore events all fire through the notification engine (in-app dropdown + webhooks)
    • Access token stored encrypted at rest (same Fernet encryption as OIDC and CrowdSec secrets)

  • #67 - Multi-Server Agent Mode (TMA) - a lightweight Go daemon that runs alongside Traefik on any remote server; one central TM can now manage unlimited remote Traefik instances. Features include:

    • Server switcher in the nav bar - switch between Host and remote agents; every data tab (routes, services, middlewares, route map, backups, logs, certs, CrowdSec) shows that server's data
    • Settings - Agents multi-step wizard - enter a name and URL, TM generates an API key (shown once, stored encrypted), then generates a copy-paste Docker Compose or Docker Run command with all env vars pre-filled
    • Comprehensive env var support - Traefik API URL, dynamic/static config paths, ACME/certs, access log, plugins, restart method (proxy/poison-pill/socket), CrowdSec, git backup, and TRAEFIK_INSECURE_SKIP_VERIFY for HTTPS APIs with self-signed or Cloudflare Origin certs
    • Full remote editing - add, edit, delete, and toggle routes and middlewares on remote servers, including raw YAML editing; changes are written to the agent's config files exactly as they are locally
    • Per-agent domains, entrypoints, and middlewares - the Add/Edit Route modal fetches these from the active agent
    • Remote static config and backups - static config editing and all backup/restore/git operations are proxied through the active agent; the agent writes a .bak before every config change
    • Agent health dots - live green/red status on each agent card and in the server switcher dropdown
    • Docker image - ghcr.io/chr0nzz/traefik-manager-agent:latest (amd64 + arm64), built in parallel with the main TM image on every release
    • Installer - new agent mode in traefik-stack/setup.sh: Docker agent only, Docker agent + Traefik, or binary (systemd). Skip the menu with export TMA_INSTALL=1
    • Per-agent git backup via GIT_BACKUP_* env vars, and rate limiting via TMA_RATE_LIMIT (default 300 req/min per IP)

  • #71 - Custom Middleware Templates - new Settings - Templates panel to save and reuse custom middleware YAML snippets. Templates are stored in templates.yml alongside manager.yml and appear in the Template selector in the Add/Edit Middleware modal under a "My Templates" group. Supports any middleware type including plugins. Full CRUD from the Settings panel.

CrowdSec Improvements (fixes #70)

  • Redesigned tab - Decisions and Alerts are now separate views toggled with a switch, with 6 stat cards (Total Alerts, Active Decisions, LAPI Status, Active Bans, Captchas, Bypasses)
  • Add Decision - manually ban, captcha, or bypass any IP or CIDR range from the UI, with durations from 1 hour to 1 year and an optional reason
  • Pagination and accurate counts - decisions paginate at 100 rows per page; all LAPI pages are fetched automatically, expired decisions are filtered out, and pagination is capped (5,000 decisions / 1,000 alerts) to prevent the worker timeout crash on large deployments (fixes #70)
  • Machine credentials for Alerts and unban - CrowdSec's LAPI requires machine (watcher) auth for alerts and decision deletion, not the bouncer key. Set CROWDSEC_MACHINE_ID / CROWDSEC_MACHINE_PASSWORD (or the new fields in Settings - System Monitoring - CrowdSec, also generated by the agent wizard) to enable the Alerts view and unban; decisions continue to use the bouncer key. See the CrowdSec docs
  • Cleaner alerts - blocklist-import alerts (origin lists, e.g. free_proxies) are filtered out to match cscli alerts list, and a missing read:alerts permission now shows a clear message instead of crashing
  • Added an Origin column and absolute until expiry timestamps to the decisions table

Bug Fixes

  • Fixed TCP routes not supporting TLS passthrough mode (fixes #77) - added a TLS Mode selector (No TLS / TLS / Passthrough) to the TCP route form
  • Fixed config files with duplicate YAML keys causing a 500 crash on page load (fixes #74) - the app now loads with best-effort parsing and shows a warning banner
  • Fixed serversTransport not being removed from the original config file when moving a route with "Skip TLS Verify" to a different file (fixes #75)
  • Fixed wildcard certificate request using the primary domain instead of the selected secondary domain (fixes #76)
  • Fixed route, router, and service entries not being removed from the original config file when moving a route to a different file (fixes #73)
  • Fixed deleting a disabled route returning "not found" (fixes #80) - the delete handler now checks disabled_routes when the route is not in any config file
  • Fixed the middleware wizard saving empty Basic Auth or Forward Auth config that crashes Traefik (fixes #79) - required fields are validated and unparseable YAML is rejected before writing, and the backend returns the actual YAML parse error
  • Fixed the Routes tab badge not matching the served routes (fixes #81) - the badge now equals the HTTP Routers + TCP/UDP stat cards (active HTTP + TCP + UDP routers) and no longer counts disabled or other-provider routes
  • Fixed the middleware chip selector in the route modal showing a stale list after a middleware save or delete (fixes #82) - the client-side cache is now cleared on every change
  • Fixed OTP login crash (binascii.Error) when the TOTP secret could not be decrypted after a rebuild with a new encryption key - the secret is treated as empty, allowing login and re-enrollment
  • Fixed manager.yml corruption caused by ruamel.yaml writing type annotations as YAML document separators (---); added recovery for existing corrupted files
  • Fixed timestamps not respecting the TZ environment variable on Alpine; tzdata is now included in the Docker image
Check out latest releases or
releases around chr0nzz/traefik-manager v1.5.0

Don't miss a new traefik-manager release

NewReleases is sending notifications on new releases.

Get notifications