Training Agenda

Nginx & Traefik

Nginx and Traefik are the two most common reverse proxies and ingress controllers in modern infrastructure. Nginx brings decades of production hardening, extreme performance, and a rich module ecosystem; Traefik brings dynamic configuration from Docker and Kubernetes labels, automatic Let's Encrypt certificates, and a clean middleware system — ideal for environments where configuration changes frequently.

1 day On-site, remote, or hybrid Up to 20 participants German or English
What We Cover
Production reverse proxying, ingress control, and certificate automation
Module 1

Nginx — Reverse Proxy, SSL & Kubernetes Ingress

  • Reverse proxy configuration: server blocks, location blocks, proxy_pass, upstream load balancing (round-robin, least_conn, ip_hash)
  • SSL/TLS termination: ssl_certificate and ssl_certificate_key, TLS 1.3, cipher suite hardening, HSTS header
  • OCSP stapling: ssl_stapling and ssl_stapling_verify for improved TLS handshake performance
  • Rate limiting: limit_req_zone with burst and nodelay, limit_conn for connection-based limiting, returning 429
  • Caching: proxy_cache_path, cache zones, Cache-Control header respect, cache bypass conditions
  • Kubernetes Ingress Controller: ingress-nginx annotations (rewrite-target, auth-url, custom headers), TLS termination with cert-manager
  • Nginx configuration testing: nginx -t, canary reloads with nginx -s reload, log format tuning for observability
Module 2

Traefik — Dynamic Configuration & Middleware Chains

  • Static vs dynamic configuration: traefik.yml / traefik.toml for entrypoints and providers vs dynamic router/middleware configs
  • Providers: Docker provider (labels), Kubernetes IngressRoute CRD, file provider for static rules
  • Middleware chains: BasicAuth, ForwardAuth for OAuth2/OIDC delegation, RateLimit, Compress, Headers middleware
  • Let's Encrypt integration: HTTP-01 challenge via ACME, DNS-01 challenge for wildcard certificates, certificate stores
  • Traefik Dashboard: read-only API, securing dashboard access, metric exports to Prometheus
  • TCP and UDP routing: TCP IngressRouteTCP for non-HTTP protocols, SNI-based routing, passthrough TLS
  • Nginx vs Traefik: configuration model, operational complexity, use-case fit for static vs dynamic infrastructure
Learning Outcomes
What your team walks away with

Participants can configure both Nginx and Traefik for production workloads and select the right tool based on their infrastructure's rate of change and operational model.

Book the Nginx & Traefik training

Reach out to schedule a session for your team — remote, on-site, or hybrid, in German or English.

Get in touch