Proxy and SSL
Traefik as the edge
Section titled “Traefik as the edge”Pier ships with a managed Traefik container that:
- Watches
/opt/pier/data/traefik/dynamic/*.ymlfor config changes. - Terminates TLS on ports 80 and 443.
- Requests Let’s Encrypt certificates for every configured domain.
- Forwards traffic to the matching container on
pier-net.
Adding a domain
Section titled “Adding a domain”- Under a service, click Domains → Add.
- Enter the hostname — for example
app.example.com. - Point DNS at your server’s IP (A or AAAA record).
- Pier writes a dynamic-config file describing the router, service, and cert resolver. Traefik picks it up within a second or two, requests a certificate, and starts serving the domain.
Path-prefixed routes
Section titled “Path-prefixed routes”If you want one backend serving example.com/v1, Pier auto-adds a StripPrefix middleware so the backend receives /health rather than /v1/health. You configure the prefix once; no backend changes needed.
Custom certificates
Section titled “Custom certificates”Pier uses Let’s Encrypt by default. If you already have certificates from another CA, drop them into /opt/pier/data/traefik/certs/ and reference them in the domain config. Let’s Encrypt is the default and the most common path.