Made for and by developers

Inject the proxy in your docker-compose.yaml or even compose.yaml, do not change labels. Done !

Pathwae is built to do things fast.

  • No configuration file required *
  • No container modification
  • Auto TLS/SSL
  • Works with Docker, Podman, compose...

Declare the routes


    # Your container here listening, for example,
    # on port 5000.
    # No label, no port to bind...

    # Pathwae!
    - "80:80"
    - "443:443"
    - "8080:8080"
      CONFIG: |
          # foocontainer port 5000
          to: http://foocontainer:5000
          force_ssl: true
  • Use docker-compose up or podman-compose up
  • And navigate to
  • force_ssl will automatically redirect the browser to https.

No label, no arguments, no configuration file.

Everything is declared on the proxy container environment. This is the "standard" for containers.

You also don't need to use depends_on because the proxy doesn't need to wait for backends containers.

The port 8080 provides a simple monitor view of the backend.

What about "rootless" containers?

You're using Podman? - Good news, that works! Pathwae does not use Docker API, you don't need to mount the socket file, everthing is controlled by the environment.

You only need to allow your standard user to open 80/443 ports with this command:

That's simple:

sudo sysctl -w net.ipv4.ip_unprivileged_port_start=0

Make it permanent if you want:

sudo mkdir -p /etc/sysctl.d
echo "net.ipv4.ip_unprivileged_port_start=0" | \
   sudo tee /etc/sysctl.d/99-unprivileged_port.conf

But I like configuration files!

OK, no problem, you can create the confiuration file:
  to: http://foocontainer:5000
  force_ssl: true

Then mount the file in Pathwae container, and indicate the configuration file path with CONFIG_FILE environment variable.

        - "80:80"
        - "443:443"
        - "8080:8080"
        - CONFIG_FILE: /config/config.yaml
        - ./config.yaml:/config/config.yaml:ro,z

Need a "near the reality" domain name?

One solution (Docker only for the moment):

  • set a hostname on the pathwae container
  • and use Docker-Domains daemon to have local domains.

Docker-Domains is a nice daemon that allows you to use whatever the domain you want, even .com domains!

It will also remove the need to bind ports 80, 443 and 8080 to localhost.

Monitor with UI

Monitor with UI

Monitor your endpoints with UI. Also, you can pause a route, get certificate information or even change the endpoints addresses.

Everything is real-time.

Simply bind the 8080 port to localhost, and visit http://localhost:8080

Pathwae Web UI

What about others reverse proxy

Of course, there are others solutions and we love them!

Pathwae is not the first one. Actually there is plenty of very powerful reverse proxy. So, why to use this one?

To help you to choose our proxy, the first question to answer is:

Do you want a proxy for production or for development?

If you speak about development, so Pathwae is already a good choice. Because it's lightweight and easy to use. You will not spend time to fix the reverse proxy, you will only focus on your containers, your project, and your container stack.

Later, you'll use a real production reverse proxy like Traefik, Nginx, or HAProxy

But, because it's a fashion, let's make a table to compare some solutions.

Pathwae Traefik Nginx
See this section

need to declare the certificates in a configuraiton file

need to create the server configuration
Automatic SSL/TLS
depends on the nginx container image, some have generic SSL certificates
Route declaration
no labels, no configuration file

labels and/or configuration file

configuraiton file
Web UI

Web UI

no Web UI
For development
very subjective, yes
For production
Actually that's OK but not the best choice
Response modification
like rewrite rules, specific redirections, ...

Nothing excepting redirect to https address

some rules can be applied.
Podman (rootless) compatibility
Will never work with rootless container engines


Let Pathwae to help you

If you don't provide certificates, Pathwae generates temporary TLS certificates.

Of course, these certificates are not "trusted", but they are "valid".

Or give your certificates

You can generate trusted certificates (with mkcert for example) and then mount the directory into /certs directory of Pathwae container.

Pathwae will automatically find the certificates and the corresponding hosts to use with.

And that works with wildcard certificates, of course.

Opensource, free, on Github

It's free!

Pathwae is opensource - developped with Go for the proxy part, and VueJS (in Typescript) for the Web UI

License is MIT

Please, star and follow the project on Github!