From c864863be40c98eeee1513aed67a7e9b23c168f7 Mon Sep 17 00:00:00 2001
From: Andrea Santoro <andreasantoro.pvt@gmail.com>
Date: Sun, 16 Nov 2025 22:19:46 +0100
Subject: [PATCH] Add Traefik configuration documentation

Added documentation for configuring Traefik as a reverse proxy with HTTPS support, including example docker-compose configuration.
---
 .../2. Reverse proxy/Traefik.md               | 59 +++++++++++++++++++
 1 file changed, 59 insertions(+)
 create mode 100644 docs/User Guide/User Guide/Installation & Setup/Server Installation/2. Reverse proxy/Traefik.md

diff --git a/docs/User Guide/User Guide/Installation & Setup/Server Installation/2. Reverse proxy/Traefik.md b/docs/User Guide/User Guide/Installation & Setup/Server Installation/2. Reverse proxy/Traefik.md
new file mode 100644
index 000000000..f8c62a0f1
--- /dev/null
+++ b/docs/User Guide/User Guide/Installation & Setup/Server Installation/2. Reverse proxy/Traefik.md	
@@ -0,0 +1,59 @@
+# Traefik
+Configure Traefik proxy and HTTPS. See [#7768](https://github.com/TriliumNext/Trilium/issues/7768#issuecomment-3539165814) for reference
+
+### Build the docker-compose file
+
+Setting up Traefik as reverse proxy requires setting the following labels:
+
+```yaml
+    labels:
+      - traefik.enable=true
+      - traefik.http.routers.trilium.entrypoints=https
+      - traefik.http.routers.trilium.rule=Host(`trilium.mydomain.tld`)
+      - traefik.http.routers.trilium.tls=true
+      - traefik.http.routers.trilium.service=trilium
+      - traefik.http.services.trilium.loadbalancer.server.port=8080
+      # scheme must be HTTP instead of the usual HTTPS because Trilium listens on HTTP internally
+      - traefik.http.services.trilium.loadbalancer.server.scheme=http
+      - traefik.docker.network=proxy
+      # forward HTTP to HTTPS
+      - traefik.http.routers.trilium.middlewares=trilium-headers@docker
+      - traefik.http.middlewares.trilium-headers.headers.customrequestheaders.X-Forwarded-Proto=https
+```
+
+### Setup needed environment variables
+After setting up a reverse proxy, make sure to configure the <a class="reference-link" href="Trusted%20proxy.md">Trusted proxy</a>.
+
+### Example `docker-compose.yaml`
+
+```yaml
+services:
+  trilium:
+    image: triliumnext/trilium
+    container_name: trilium
+    networks:
+      - traefik-proxy
+    environment:
+      - /etc/timezone:/etc/timezone:ro
+      - /etc/localtime:/etc/localtime:ro
+      - TRILIUM_NETWORK_TRUSTEDREVERSEPROXY=my-traefik-host-ip
+    volumes:
+      - /path/to/data=/home/node/trilium-data
+    labels:
+      - traefik.enable=true
+      - traefik.http.routers.trilium.entrypoints=https
+      - traefik.http.routers.trilium.rule=Host(`trilium.mydomain.tld`)
+      - traefik.http.routers.trilium.tls=true
+      - traefik.http.routers.trilium.service=trilium
+      - traefik.http.services.trilium.loadbalancer.server.port=8080
+      # scheme must be HTTP instead of the usual HTTPS because of how trilium works
+      - traefik.http.services.trilium.loadbalancer.server.scheme=http
+      - traefik.docker.network=proxy
+      # forward to HTTPS
+      - traefik.http.routers.trilium.middlewares=trilium-headers@docker
+      - traefik.http.middlewares.trilium-headers.headers.customrequestheaders.X-Forwarded-Proto=https
+
+networks:
+  traefik-proxy:
+    external: true
+```