Nginx Proxy Companion VS Portrainer & Traefik in 2025 for Scalable WordPress Hosting

October 14, 2025 - by pbieda

Since the release of JWilder’s Docker Let’s Encrypt Nginx Proxy Companion in 2016, the containerization ecosystem has evolved significantly. Once the go-to solution for automated SSL management and reverse proxying, JWilder’s approach has now been outpaced by modern stacks emphasizing observability, automation, and scalability.

In this article, we’ll compare the traditional JWilder setup with a modern, cloud-native stack powered by Portainer, Traefik, and Grafana. You’ll learn how these architectures differ, where each shines, and why the modern approach dominates in 2025.

The Traditional Approach: JWilder’s Nginx Proxy Companion

Historical Context and Design Philosophy

In 2016, managing SSL certificates for multiple Docker services was a headache. JWilder’s solution automated certificate generation and renewal with Let’s Encrypt, drastically simplifying reverse proxy setups. It became the “set it and forget it” solution for developers focused on coding, not infrastructure.

Core Components

  • Nginx Proxy – Reverse proxy for HTTP/HTTPS traffic
  • Let’s Encrypt Companion – Handles automatic SSL certificate management
  • Docker Socket Access – Enables automatic service discovery

The architecture automatically detected running containers and generated certificates dynamically — no restarts needed.

Strengths

Simplicity – Easy to deploy with minimal configuration
Automatic Service Discovery – Containers were auto-detected and configured
Lightweight – Low resource consumption
Stable and Mature – Widely used and well-documented
Community Support – Large community and tutorials

Limitations

⚠️ Limited Observability – No built-in metrics or dashboards
⚠️ Manual Configuration for Complex Routing
⚠️ Security Risks – Docker socket exposure
⚠️ Poor Scalability – Not ideal for microservices
⚠️ No Load Balancing or Middleware Support

The Modern Stack: Portainer + Traefik + Grafana

Evolution to Cloud-Native Design

The modern approach emphasizes automation, scalability, and observability — core principles of cloud-native architecture.

The stack includes:

  1. Portainer – Simplified container orchestration and UI
  2. Traefik – Modern reverse proxy and load balancer
  3. Grafana – Real-time observability and monitoring

Portainer: Container Orchestration Made Accessible

Portainer provides a visual, intuitive interface to manage Docker or Kubernetes environments.

Key Features:

  • Web-based container management
  • Role-based access control (RBAC)
  • Multi-environment support
  • Backup and restore
  • Application templates for fast deployment

Traefik: The Modern Reverse Proxy

Traefik is built for dynamic, microservice-heavy environments.

Capabilities:

  • Automatic service discovery
  • Built-in Let’s Encrypt integration
  • Advanced load balancing
  • Middleware (auth, rate limiting, redirects)
  • Native Prometheus metrics
  • Declarative configuration as code

Grafana: Complete Observability

Grafana fills the monitoring gap left by traditional approaches.

Advantages:

  • Real-time dashboards (Prometheus, InfluxDB, Loki, etc.)
  • Alerts via email, Slack, or webhooks
  • Role-based dashboards and sharing
  • Plugins for extended metrics and visualization

Architecture Comparison

Traditional: Monolithic and Simple

Flow:
Internet → Nginx Proxy → Let’s Encrypt Companion → Docker Socket → Containers

Characteristics:

  • Single point of failure
  • Minimal resource usage
  • Simple configuration

Modern: Distributed and Observable

Flow:
Internet → Traefik → Portainer → Prometheus → Grafana (Loki logs)

Characteristics:

  • Fault-tolerant and scalable
  • Full observability
  • Enterprise-grade security
  • Declarative and automated configuration

Implementation Overview

Traditional Stack (docker-compose.yml)

version: '3.8'
services:
  nginx-proxy:
    image: nginxproxy/nginx-proxy
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - /var/run/docker.sock:/tmp/docker.sock:ro
      - certs:/etc/nginx/certs
      - vhost:/etc/nginx/vhost.d
      - html:/usr/share/nginx/html
  nginx-proxy-letsencrypt:
    image: nginxproxy/acme-companion
    environment:
      - NGINX_PROXY_CONTAINER=nginx-proxy
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - certs:/etc/nginx/certs
      - vhost:/etc/nginx/vhost.d
      - html:/usr/share/nginx/html

volumes:
  certs:
  vhost:
  html:

Steps:

  1. Create Docker network
  2. Deploy nginx-proxy
  3. Deploy acme-companion
  4. Label target containers with VIRTUAL_HOST and LETSENCRYPT_EMAIL

Modern Stack (docker-compose.yml)

version: '3.8'
services:
  traefik:
    image: traefik:v3.0
    command:
      - --api.dashboard=true
      - --providers.docker=true
      - --entrypoints.web.address=:80
      - --entrypoints.websecure.address=:443
      - --certificatesresolvers.letsencrypt.acme.email=admin@example.com
      - --certificatesresolvers.letsencrypt.acme.storage=/letsencrypt/acme.json
    ports:
      - "80:80"
      - "443:443"
      - "8080:8080"
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - letsencrypt:/letsencrypt

  portainer:
    image: portainer/portainer-ce:latest
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
      - portainer_data:/data
    labels:
      - "traefik.enable=true"
      - "traefik.http.routers.portainer.rule=Host(`portainer.example.com`)"
      - "traefik.http.routers.portainer.tls.certresolver=letsencrypt"

  prometheus:
    image: prom/prometheus
    volumes:
      - ./prometheus.yml:/etc/prometheus/prometheus.yml

  grafana:
    image: grafana/grafana
    environment:
      - GF_SECURITY_ADMIN_PASSWORD=admin
    volumes:
      - grafana_data:/var/lib/grafana

Key Features:

  • Real-time observability
  • Secure TLS automation
  • Centralized management
  • Prometheus + Grafana monitoring

Security Enhancements

Traditional Stack:

  • Required full Docker socket access
  • No RBAC or audit logging
  • Single network exposure

Modern Stack:

  • Role-based access control
  • Network segmentation
  • Encrypted inter-service communication
  • Automated certificate rotation
  • Full audit and compliance support

Cost and Performance Analysis

FeatureTraditional StackModern Stack
Initial Setup Cost$50–$100/month$200–$400/month
Maintenance Cost$200–$500/month$100–$200/month
ScalingDifficultLinear, efficient
ObservabilityNoneComplete
SecurityBasicEnterprise-grade

Conclusion: Higher initial cost for the modern stack, but significantly better ROI and scalability.

Migration Path

Step 1: Assess

  • List existing containers and domains
  • Identify SSL and network dependencies

Step 2: Deploy Infrastructure

  • Set up Traefik, Portainer, Prometheus, Grafana

Step 3: Migrate Services

  • Move non-critical apps first
  • Verify SSL and monitoring

Step 4: Optimize and Secure

  • Fine-tune dashboards
  • Add alerts and backup automation

Best Practices

For Traditional Stack

  • Use for small, low-traffic apps
  • Restrict Docker socket permissions
  • Regularly back up SSL volumes

For Modern Stack

  • Treat configuration as code
  • Use network segmentation and RBAC
  • Enable full observability
  • Automate deployments and alerts

Conclusion

The shift from JWilder’s Nginx Proxy Companion to Portainer + Traefik + Grafana reflects how DevOps evolved from simplicity to scalability, automation, and observability.

Key Takeaways

  • JWilder Stack: Great for simplicity and low-resource setups.
  • Modern Stack: Ideal for scalable, production-grade infrastructure.

When to Choose Each

  • Use JWilder for quick, low-traffic prototypes.
  • Use Portainer + Traefik + Grafana for production-grade, monitored, and secure environments.

Future Trends

  • Service Mesh Integration (Istio, Linkerd)
  • GitOps (ArgoCD, Flux)
  • Edge Deployments
  • AI-Powered Monitoring

Leave a comment