Middleware Manager Docs

Middleware Manager Docs

Middleware Manager Onboarding Deploy with Pangolin Deploy with Traefik (Standalone)Configuration Overview Data Sources Templates Environment Variables Dashboard Resources & Routers Middlewares Services Plugin Hub Security & mTLS Traefik Explorer Settings & Theme Security & Misconfiguration Risks Operations Runbook Troubleshooting Backups & Persistence API Overview Reverting Traefik Provider Development Guide

Security & mTLS

Manage mTLS, CA/client certs, and the mtlswhitelist plugin.

Global mTLS

Enable/disable globally via Security Hub; stores CA path and middleware defaults in DB.
Adds TLS option mtls-verify with clientAuth pointing to your CA.

Per-resource mTLS

Toggle mTLS on a resource to inject a per-resource mtlswhitelist middleware and set router tls.options=mtls-verify.
Optional per-resource overrides:
- Rules (allowlist)
- Request headers to inject
- Reject message/code
- Refresh interval
- External data payload

Certificates

Create CA, issue client certs, revoke/delete from the Security Hub.
Download P12 bundles per client.

Plugin requirement

The mtlswhitelist Traefik plugin must be installed (see Plugin Hub) and present in static config.
TRAEFIK_STATIC_CONFIG_PATH must be correct for plugin detection.

mTLS misconfiguration

Incorrect CA path or missing plugin will break router handshakes. Test on staging entrypoints before enabling on production hosts.

Screenshot placeholder — Security Hub and per-resource mTLS toggle.

Plugin Hub

Install and manage Traefik plugins from the UI.

Traefik Explorer

Inspect routers, services, middlewares directly from Traefik API.

On this page

Global mTLS Per-resource mTLS Certificates Plugin requirement