1# The Dashboard
2
3See What's Going On
4{: .subtitle }
5
6The dashboard is the central place that shows you the current active routes handled by Traefik.
7
8<figure>
9    <img src="../../assets/img/webui-dashboard.png" alt="Dashboard - Providers" />
10    <figcaption>The dashboard in action</figcaption>
11</figure>
12
13The dashboard is available at the same location as the [API](./api.md) but on the path `/dashboard/` by default.
14
15!!! warning "The trailing slash `/` in `/dashboard/` is mandatory"
16
17There are 2 ways to configure and access the dashboard:
18
19- [Secure mode (Recommended)](#secure-mode)
20- [Insecure mode](#insecure-mode)
21
22!!! note ""
23    There is also a redirect of the path `/` to the path `/dashboard/`,
24    but one should not rely on that property as it is bound to change,
25    and it might make for confusing routing rules anyway.
26
27## Secure Mode
28
29This is the **recommended** method.
30
31Start by enabling the dashboard by using the following option from [Traefik's API](./api.md)
32on the [static configuration](../getting-started/configuration-overview.md#the-static-configuration):
33
34```yaml tab="File (YAML)"
35api:
36  # Dashboard
37  #
38  # Optional
39  # Default: true
40  #
41  dashboard: true
42```
43
44```toml tab="File (TOML)"
45[api]
46  # Dashboard
47  #
48  # Optional
49  # Default: true
50  #
51  dashboard = true
52```
53
54```bash tab="CLI"
55# Dashboard
56#
57# Optional
58# Default: true
59#
60--api.dashboard=true
61```
62
63Then define a routing configuration on Traefik itself,
64with a router attached to the service `api@internal` in the
65[dynamic configuration](../getting-started/configuration-overview.md#the-dynamic-configuration),
66to allow defining:
67
68- One or more security features through [middlewares](../middlewares/overview.md)
69  like authentication ([basicAuth](../middlewares/http/basicauth.md) , [digestAuth](../middlewares/http/digestauth.md),
70  [forwardAuth](../middlewares/http/forwardauth.md)) or [whitelisting](../middlewares/http/ipwhitelist.md).
71
72- A [router rule](#dashboard-router-rule) for accessing the dashboard,
73  through Traefik itself (sometimes referred as "Traefik-ception").
74
75### Dashboard Router Rule
76
77As underlined in the [documentation for the `api.dashboard` option](./api.md#dashboard),
78the [router rule](../routing/routers/index.md#rule) defined for Traefik must match
79the path prefixes `/api` and `/dashboard`.
80
81We recommend to use a "Host Based rule" as ```Host(`traefik.example.com`)``` to match everything on the host domain,
82or to make sure that the defined rule captures both prefixes:
83
84```bash tab="Host Rule"
85# The dashboard can be accessed on http://traefik.example.com/dashboard/
86rule = "Host(`traefik.example.com`)"
87```
88
89```bash tab="Path Prefix Rule"
90# The dashboard can be accessed on http://example.com/dashboard/ or http://traefik.example.com/dashboard/
91rule = "PathPrefix(`/api`) || PathPrefix(`/dashboard`)"
92```
93
94```bash tab="Combination of Rules"
95# The dashboard can be accessed on http://traefik.example.com/dashboard/
96rule = "Host(`traefik.example.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
97```
98
99??? example "Dashboard Dynamic Configuration Examples"
100    --8<-- "content/operations/include-dashboard-examples.md"
101
102## Insecure Mode
103
104This mode is not recommended because it does not allow the use of security features.
105
106To enable the "insecure mode", use the following options from [Traefik's API](./api.md#insecure):
107
108```yaml tab="File (YAML)"
109api:
110  dashboard: true
111  insecure: true
112```
113
114```toml tab="File (TOML)"
115[api]
116  dashboard = true
117  insecure = true
118```
119
120```bash tab="CLI"
121--api.dashboard=true --api.insecure=true
122```
123
124You can now access the dashboard on the port `8080` of the Traefik instance,
125at the following URL: `http://<Traefik IP>:8080/dashboard/` (trailing slash is mandatory).
126