Merge pull request #349 from stongo/acme-bundle

#345: bundle intermediate certificates

.dockerignore

@@ -1,4 +1,5 @@
 dist/
 vendor/
 !dist/traefik
-site/
+site/
+**/*.test

.gitignore

@@ -10,4 +10,6 @@ traefik.toml
 vendor/
 static/
 .vscode/
-site/
+site/
+*.log
+*.exe

Makefile

@@ -24,36 +24,27 @@ print-%: ; @echo $*=$($*)
 
 default: binary
 
-all: generate-webui build
+all: generate-webui build ## validate all checks, build linux binary, run all tests\ncross non-linux binaries
 	$(DOCKER_RUN_TRAEFIK) ./script/make.sh
 
-binary: generate-webui build
+binary: generate-webui build ## build the linux binary
 	$(DOCKER_RUN_TRAEFIK) ./script/make.sh generate binary
 
-crossbinary: generate-webui build
+crossbinary: generate-webui build ## cross build the non-linux binaries
 	$(DOCKER_RUN_TRAEFIK) ./script/make.sh generate crossbinary
 
-test: build
+test: build ## run the unit and integration tests
 	$(DOCKER_RUN_TRAEFIK) ./script/make.sh generate test-unit binary test-integration
 
-test-unit: build
+test-unit: build ## run the unit tests
 	$(DOCKER_RUN_TRAEFIK) ./script/make.sh generate test-unit
 
-test-integration: build
+test-integration: build ## run the integration tests
 	$(DOCKER_RUN_TRAEFIK) ./script/make.sh generate test-integration
 
-validate: build 
+validate: build  ## validate gofmt, golint and go vet
 	$(DOCKER_RUN_TRAEFIK) ./script/make.sh  validate-gofmt validate-govet validate-golint 
 
-validate-gofmt: build
-	$(DOCKER_RUN_TRAEFIK) ./script/make.sh validate-gofmt
-
-validate-govet: build
-	$(DOCKER_RUN_TRAEFIK) ./script/make.sh validate-govet
-
-validate-golint: build
-	$(DOCKER_RUN_TRAEFIK) ./script/make.sh validate-golint
-
 build: dist
 	docker build -t "$(TRAEFIK_DEV_IMAGE)" -f build.Dockerfile .
 
@@ -63,10 +54,10 @@ build-webui:
 build-no-cache: dist
 	docker build --no-cache -t "$(TRAEFIK_DEV_IMAGE)" -f build.Dockerfile .
 
-shell: build
+shell: build ## start a shell inside the build env
 	$(DOCKER_RUN_TRAEFIK) /bin/bash
 
-image: build
+image: build ## build a docker traefik image 
 	docker build -t $(TRAEFIK_IMAGE) .
 
 dist:
@@ -92,3 +83,6 @@ fmt:
 
 deploy:
 	./script/deploy.sh
+
+help: ## this help
+	@awk 'BEGIN {FS = ":.*?## "} /^[a-zA-Z_-]+:.*?## / {sub("\\\\n",sprintf("\n%22c"," "), $$2);printf "\033[36m%-20s\033[0m %s\n", $$1, $$2}' $(MAKEFILE_LIST)

README.md

@@ -6,13 +6,14 @@
 [![Build Status](https://travis-ci.org/containous/traefik.svg?branch=master)](https://travis-ci.org/containous/traefik)
 [![Docs](https://img.shields.io/badge/docs-current-brightgreen.svg)](https://docs.traefik.io)
 [![Go Report Card](https://goreportcard.com/badge/kubernetes/helm)](http://goreportcard.com/report/containous/traefik)
+[![Image Layer](https://badge.imagelayers.io/traefik:latest.svg)](https://imagelayers.io/?images=traefik)
 [![License](https://img.shields.io/badge/license-MIT-blue.svg)](https://github.com/containous/traefik/blob/master/LICENSE.md)
 [![Join the chat at https://traefik.herokuapp.com](https://img.shields.io/badge/style-register-green.svg?style=social&label=Slack)](https://traefik.herokuapp.com)
 [![Twitter](https://img.shields.io/twitter/follow/traefikproxy.svg?style=social)](https://twitter.com/intent/follow?screen_name=traefikproxy)
 
 
 Træfɪk is a modern HTTP reverse proxy and load balancer made to deploy microservices with ease.
-It supports several backends ([Docker](https://www.docker.com/), [Swarm](https://docs.docker.com/swarm), [Mesos/Marathon](https://mesosphere.github.io/marathon/), [Consul](https://www.consul.io/), [Etcd](https://coreos.com/etcd/), [Zookeeper](https://zookeeper.apache.org), [BoltDB](https://github.com/boltdb/bolt), Rest API, file...) to manage its configuration automatically and dynamically.
+It supports several backends ([Docker](https://www.docker.com/), [Swarm](https://docs.docker.com/swarm), [Mesos/Marathon](https://mesosphere.github.io/marathon/), [Kubernetes](http://kubernetes.io/), [Consul](https://www.consul.io/), [Etcd](https://coreos.com/etcd/), [Zookeeper](https://zookeeper.apache.org), [BoltDB](https://github.com/boltdb/bolt), Rest API, file...) to manage its configuration automatically and dynamically.
 
 ## Overview
 
@@ -51,7 +52,7 @@ Run it and forget it!
 - Circuit breakers on backends
 - Round Robin, rebalancer load-balancers
 - Rest Metrics
-- Tiny docker image included [![Image Layers](https://badge.imagelayers.io/containous/traefik:latest.svg)](https://imagelayers.io/?images=containous/traefik:latest)
+- [Tiny](https://imagelayers.io/?images=traefik) [official](https://hub.docker.com/r/_/traefik/) docker image included
 - SSL backends support
 - SSL frontend support (with SNI)
 - Clean AngularJS Web UI
@@ -75,7 +76,7 @@ You can access to a simple HTML frontend of Træfik.
 
 ## Plumbing
 
-- [Oxy](https://github.com/vulcand/oxy): an awsome proxy library made by Mailgun guys
+- [Oxy](https://github.com/vulcand/oxy): an awesome proxy library made by Mailgun guys
 - [Gorilla mux](https://github.com/gorilla/mux): famous request router
 - [Negroni](https://github.com/codegangsta/negroni): web middlewares made simple
 - [Manners](https://github.com/mailgun/manners): graceful shutdown of http.Handler servers
@@ -92,7 +93,7 @@ You can access to a simple HTML frontend of Træfik.
 - Use the tiny Docker image:
 
 ```shell
-docker run -d -p 8080:8080 -p 80:80 -v $PWD/traefik.toml:/etc/traefik/traefik.toml containous/traefik
+docker run -d -p 8080:8080 -p 80:80 -v $PWD/traefik.toml:/etc/traefik/traefik.toml traefik
 ```
 
 - From sources:
@@ -132,8 +133,11 @@ Europe. We provide consulting, development, training and support for the world
 software products.
 
 
-
 [![Asteris](docs/img/asteris.logo.png)](https://aster.is)
 
 Founded in 2014, Asteris creates next-generation infrastructure software for the modern datacenter. Asteris writes software that makes it easy for companies to implement continuous delivery and realtime data pipelines. We support the HashiCorp stack, along with Kubernetes, Apache Mesos, Spark and Kafka. We're core committers on mantl.io, consul-cli and mesos-consul.
 .
+
+## Credits
+
+Thanks you [Peka](http://peka.byethost11.com/photoblog/) for your awesome work on the logo ![logo](docs/img/traefik.icon.png)

acme/acme.go

@@ -181,7 +181,7 @@ func (a *ACME) CreateConfig(tlsConfig *tls.Config, CheckOnDemandDomain func(doma
 	acme.Logger = fmtlog.New(ioutil.Discard, "", 0)
 
 	if len(a.StorageFile) == 0 {
-		return errors.New("Empty StorageFile, please provide a filenmae for certs storage")
+		return errors.New("Empty StorageFile, please provide a filename for certs storage")
 	}
 
 	log.Debugf("Generating default certificate...")
@@ -406,7 +406,7 @@ func (a *ACME) saveAccount(Account *Account) error {
 
 func (a *ACME) getDomainsCertificates(client *acme.Client, domains []string) (*Certificate, error) {
 	log.Debugf("Loading ACME certificates %s...", domains)
-	bundle := false
+	bundle := true
 	certificate, failures := client.ObtainCertificate(domains, bundle, nil)
 	if len(failures) > 0 {
 		log.Error(failures)

adapters.go

@@ -23,9 +23,9 @@ func (oxylogger *OxyLogger) Warningf(format string, args ...interface{}) {
 	log.Warningf(format, args...)
 }
 
-// Errorf logs specified string as Error level in logrus.
+// Errorf logs specified string as Warningf level in logrus.
 func (oxylogger *OxyLogger) Errorf(format string, args ...interface{}) {
-	log.Errorf(format, args...)
+	log.Warningf(format, args...)
 }
 
 func notFoundHandler(w http.ResponseWriter, r *http.Request) {

build.Dockerfile

@@ -1,4 +1,4 @@
-FROM golang:1.6.0-alpine
+FROM golang:1.6.1-alpine
 
 RUN apk update && apk add git bash gcc musl-dev \
 && go get github.com/Masterminds/glide \

cmd.go

@@ -51,6 +51,7 @@ var arguments = struct {
 	etcd          bool
 	etcdTLS       bool
 	boltdb        bool
+	kubernetes    bool
 }{
 	GlobalConfiguration{
 		EntryPoints: make(EntryPoints),
@@ -72,7 +73,8 @@ var arguments = struct {
 				TLS: &provider.KvTLS{},
 			},
 		},
-		Boltdb: &provider.BoltDb{},
+		Boltdb:     &provider.BoltDb{},
+		Kubernetes: &provider.Kubernetes{},
 	},
 	false,
 	false,
@@ -86,6 +88,7 @@ var arguments = struct {
 	false,
 	false,
 	false,
+	false,
 }
 
 func init() {
@@ -142,6 +145,7 @@ func init() {
 	traefikCmd.PersistentFlags().BoolVar(&arguments.consulCatalog, "consulCatalog", false, "Enable Consul catalog backend")
 	traefikCmd.PersistentFlags().StringVar(&arguments.ConsulCatalog.Domain, "consulCatalog.domain", "", "Default domain used")
 	traefikCmd.PersistentFlags().StringVar(&arguments.ConsulCatalog.Endpoint, "consulCatalog.endpoint", "127.0.0.1:8500", "Consul server endpoint")
+	traefikCmd.PersistentFlags().StringVar(&arguments.ConsulCatalog.Prefix, "consulCatalog.prefix", "traefik", "Consul catalog tag prefix")
 
 	traefikCmd.PersistentFlags().BoolVar(&arguments.zookeeper, "zookeeper", false, "Enable Zookeeper backend")
 	traefikCmd.PersistentFlags().BoolVar(&arguments.Zookeeper.Watch, "zookeeper.watch", true, "Watch provider")
@@ -166,6 +170,9 @@ func init() {
 	traefikCmd.PersistentFlags().StringVar(&arguments.Boltdb.Endpoint, "boltdb.endpoint", "127.0.0.1:4001", "Boltdb server endpoint")
 	traefikCmd.PersistentFlags().StringVar(&arguments.Boltdb.Prefix, "boltdb.prefix", "/traefik", "Prefix used for KV store")
 
+	traefikCmd.PersistentFlags().BoolVar(&arguments.kubernetes, "kubernetes", false, "Enable Kubernetes backend")
+	traefikCmd.PersistentFlags().StringVar(&arguments.Kubernetes.Endpoint, "kubernetes.endpoint", "127.0.0.1:8080", "Kubernetes server endpoint")
+
 	_ = viper.BindPFlag("configFile", traefikCmd.PersistentFlags().Lookup("configFile"))
 	_ = viper.BindPFlag("graceTimeOut", traefikCmd.PersistentFlags().Lookup("graceTimeOut"))
 	_ = viper.BindPFlag("logLevel", traefikCmd.PersistentFlags().Lookup("logLevel"))

configuration.go

@@ -37,6 +37,7 @@ type GlobalConfiguration struct {
 	Etcd                      *provider.Etcd
 	Zookeeper                 *provider.Zookepper
 	Boltdb                    *provider.BoltDb
+	Kubernetes                *provider.Kubernetes
 }
 
 // DefaultEntryPoints holds default entry points
@@ -209,7 +210,11 @@ func LoadConfiguration() *GlobalConfiguration {
 	viper.AddConfigPath("$HOME/.traefik/") // call multiple times to add many search paths
 	viper.AddConfigPath(".")               // optionally look for config in the working directory
 	if err := viper.ReadInConfig(); err != nil {
-		fmtlog.Fatalf("Error reading file: %s", err)
+		if len(viper.ConfigFileUsed()) > 0 {
+			fmtlog.Printf("Error reading configuration file: %s", err)
+		} else {
+			fmtlog.Printf("No configuration file found")
+		}
 	}
 
 	if len(arguments.EntryPoints) > 0 {
@@ -254,6 +259,9 @@ func LoadConfiguration() *GlobalConfiguration {
 	if arguments.boltdb {
 		viper.Set("boltdb", arguments.Boltdb)
 	}
+	if arguments.kubernetes {
+		viper.Set("kubernetes", arguments.Kubernetes)
+	}
 	if err := unmarshal(&configuration); err != nil {
 
 		fmtlog.Fatalf("Error reading file: %s", err)

docs/basics.md

@@ -19,7 +19,7 @@ Let's zoom on Træfɪk and have an overview of its internal architecture:
 ![Architecture](img/internal.png)
 
 - Incoming requests end on [entrypoints](#entrypoints), as the name suggests, they are the network entry points into Træfɪk (listening port, SSL, traffic redirection...).
-- Traffic is then forwared to a matching [frontend](#frontends). A frontend defines routes from [entrypoints](#entrypoints) to [backends](#backends).
+- Traffic is then forwarded to a matching [frontend](#frontends). A frontend defines routes from [entrypoints](#entrypoints) to [backends](#backends).
 Routes are created using requests fields (`Host`, `Path`, `Headers`...) and can match or not a request.
 - The [frontend](#frontends) will then send the request to a [backend](#backends). A backend can be composed by one or more [servers](#servers), and by a load-balancing strategy.
 - Finally, the [server](#servers) will forward the request to the corresponding microservice in the private network.
@@ -63,14 +63,14 @@ Frontends can be defined using the following rules:
 - `HeadersRegexp: Content-Type, application/(text|json)`: Regular expressions can be used with headers as well. It accepts a sequence of key/value pairs, where the value has regex support.
 - `Host: traefik.io, www.traefik.io`: Match request host with given host list.
 - `HostRegexp: traefik.io, {subdomain:[a-z]+}.traefik.io`: Adds a matcher for the URL hosts. It accepts templates with zero or more URL variables enclosed by `{}`. Variables can define an optional regexp pattern to be matched.
-- `Method: GET, POST, PUT`: Methods adds a matcher for HTTP methods. It accepts a sequence of one or more methods to be matched.
+- `Method: GET, POST, PUT`: Method adds a matcher for HTTP methods. It accepts a sequence of one or more methods to be matched.
 - `Path: /products/, /articles/{category}/{id:[0-9]+}`: Path adds a matcher for the URL paths. It accepts templates with zero or more URL variables enclosed by `{}`.
 - `PathStrip`: Same as `Path` but strip the given prefix from the request URL's Path.
 - `PathPrefix`: PathPrefix adds a matcher for the URL path prefixes. This matches if the given template is a prefix of the full URL path.
 - `PathPrefixStrip`: Same as `PathPrefix` but strip the given prefix from the request URL's Path.
 
 You can optionally enable `passHostHeader` to forward client `Host` header to the backend.
- 
+
 Here is an example of frontends definition:
 
 ```toml
@@ -107,7 +107,7 @@ A circuit breaker can also be applied to a backend, preventing high loads on fai
 Initial state is Standby. CB observes the statistics and does not modify the request.
 In case if condition matches, CB enters Tripped state, where it responds with predefines code or redirects to another frontend.
 Once Tripped timer expires, CB enters Recovering state and resets all stats.
-In case if the condition does not match and recovery timer expries, CB enters Standby state.
+In case if the condition does not match and recovery timer expires, CB enters Standby state.
 
 It can be configured using:
 
@@ -120,9 +120,29 @@ For example:
 - `LatencyAtQuantileMS(50.0) > 50`:  watch latency at quantile in milliseconds.
 - `ResponseCodeRatio(500, 600, 0, 600) > 0.5`: ratio of response codes in range [500-600) to  [0-600)
 
+To proactively prevent backends from being overwhelmed with high load, a maximum connection limit can
+also be applied to each backend.
+
+Maximum connections can be configured by specifying an integer value for `maxconn.amount` and
+`maxconn.extractorfunc` which is a strategy used to determine how to categorize requests in order to
+evaluate the maximum connections.
+
+For example:
+```toml
+[backends]
+  [backends.backend1]
+    [backends.backend1.maxconn]
+       amount = 10
+       extractorfunc = "request.host"
+```
+
+- `backend1` will return `HTTP code 429 Too Many Requests` if there are already 10 requests in progress for the same Host header.
+- Another possible value for `extractorfunc` is `client.ip` which will categorize requests based on client source ip.
+- Lastly `extractorfunc` can take the value of `request.header.ANY_HEADER` which will categorize requests based on `ANY_HEADER` that you provide.
+
 ## Servers
 
-Servers are simply defined using a `URL`. You can also apply a custom `weight` to each server (this will be used by load-balacning).
+Servers are simply defined using a `URL`. You can also apply a custom `weight` to each server (this will be used by load-balancing).
 
 Here is an example of backends and servers definition:
 

docs/benchmarks.md

@@ -1,70 +1,213 @@
 # Benchmarks
 
-Here are some early Benchmarks between Nginx, HA-Proxy and Træfɪk acting as simple load balancers between two servers.
+## Configuration
 
-- Nginx:
+I would like to thanks [vincentbernat](https://github.com/vincentbernat) from [exoscale.ch](https://www.exoscale.ch) who kindly provided the infrastructure needed for the benchmarks.
 
-```sh
-$ docker run -d -e VIRTUAL_HOST=test.nginx.localhost emilevauge/whoami
-$ docker run -d -e VIRTUAL_HOST=test.nginx.localhost emilevauge/whoami
-$ docker run --log-driver=none -d -p 80:80 -v /var/run/docker.sock:/tmp/docker.sock:ro jwilder/nginx-proxy
-$ wrk -t12 -c400 -d60s -H "Host: test.nginx.localhost" --latency http://127.0.0.1:80
-Running 1m test @ http://127.0.0.1:80
-  12 threads and 400 connections
-  Thread Stats   Avg      Stdev     Max   +/- Stdev
-    Latency   162.61ms  203.34ms   1.72s    91.07%
-    Req/Sec   277.57    107.67   790.00     67.53%
-  Latency Distribution
-     50%  128.19ms
-     75%  218.22ms
-     90%  342.12ms
-     99%    1.08s 
-  197991 requests in 1.00m, 82.32MB read
-  Socket errors: connect 0, read 0, write 0, timeout 18
-Requests/sec:   3296.04
-Transfer/sec:      1.37MB
+I used 4 VMs for the tests with the following configuration:
+
+- 32 GB RAM
+- 8 CPU Cores
+- 10 GB SSD
+- Ubuntu 14.04 LTS 64-bit
+
+## Setup
+
+1. One VM used to launch the benchmarking tool [wrk](https://github.com/wg/wrk)
+2. One VM for traefik (v1.0.0-beta.416) / nginx (v1.4.6)
+3. Two VMs for 2 backend servers in go [whoami](https://github.com/emilevauge/whoamI/)
+
+Each VM has been tuned using the following limits:
+
+```bash
+sysctl -w fs.file-max="9999999"
+sysctl -w fs.nr_open="9999999"
+sysctl -w net.core.netdev_max_backlog="4096"
+sysctl -w net.core.rmem_max="16777216"
+sysctl -w net.core.somaxconn="65535"
+sysctl -w net.core.wmem_max="16777216"
+sysctl -w net.ipv4.ip_local_port_range="1025       65535"
+sysctl -w net.ipv4.tcp_fin_timeout="30"
+sysctl -w net.ipv4.tcp_keepalive_time="30"
+sysctl -w net.ipv4.tcp_max_syn_backlog="20480"
+sysctl -w net.ipv4.tcp_max_tw_buckets="400000"
+sysctl -w net.ipv4.tcp_no_metrics_save="1"
+sysctl -w net.ipv4.tcp_syn_retries="2"
+sysctl -w net.ipv4.tcp_synack_retries="2"
+sysctl -w net.ipv4.tcp_tw_recycle="1"
+sysctl -w net.ipv4.tcp_tw_reuse="1"
+sysctl -w vm.min_free_kbytes="65536"
+sysctl -w vm.overcommit_memory="1"
+ulimit -n 9999999
 ```
 
-- HA-Proxy:
+### Nginx
 
-```sh
-$ docker run -d --name web1 -e VIRTUAL_HOST=test.haproxy.localhost emilevauge/whoami
-$ docker run -d --name web2 -e VIRTUAL_HOST=test.haproxy.localhost emilevauge/whoami
-$ docker run -d -p 80:80 --link web1:web1 --link web2:web2 dockercloud/haproxy
-$ wrk -t12 -c400 -d60s -H "Host: test.haproxy.localhost" --latency http://127.0.0.1:80
-Running 1m test @ http://127.0.0.1:80
-  12 threads and 400 connections
-  Thread Stats   Avg      Stdev     Max   +/- Stdev
-    Latency   158.08ms  187.88ms   1.75s    89.61%
-    Req/Sec   281.33    120.47     0.98k    65.88%
-  Latency Distribution
-     50%  121.77ms
-     75%  227.10ms
-     90%  351.98ms
-     99%    1.01s 
-  200462 requests in 1.00m, 59.65MB read
-Requests/sec:   3337.66
-Transfer/sec:      0.99MB
+Here is the config Nginx file use `/etc/nginx/nginx.conf`:
+
+```
+user www-data;
+worker_processes auto;
+worker_rlimit_nofile 200000;
+pid /var/run/nginx.pid;
+
+events {
+    worker_connections 10000;
+    use epoll;
+    multi_accept on;
+}
+
+http {
+    sendfile on;
+    tcp_nopush on;
+    tcp_nodelay on;
+    keepalive_timeout 300;
+    keepalive_requests 10000;
+    types_hash_max_size 2048;
+
+    open_file_cache max=200000 inactive=300s; 
+    open_file_cache_valid 300s; 
+    open_file_cache_min_uses 2;
+    open_file_cache_errors on;
+
+    server_tokens off;
+    dav_methods off;
+
+    include /etc/nginx/mime.types;
+    default_type application/octet-stream;
+
+    access_log /var/log/nginx/access.log combined;
+    error_log /var/log/nginx/error.log warn;
+
+    gzip off;
+    gzip_vary off;
+
+    include /etc/nginx/conf.d/*.conf;
+    include /etc/nginx/sites-enabled/*.conf;
+}
 ```
 
-- Træfɪk:
+Here is the Nginx vhost file used:
 
-```sh
-$ docker run -d -l traefik.backend=test1 -l traefik.frontend.rule=Host -l traefik.frontend.value=test.traefik.localhost emilevauge/whoami
-$ docker run -d -l traefik.backend=test1 -l traefik.frontend.rule=Host -l traefik.frontend.value=test.traefik.localhost emilevauge/whoami
-$ docker run -d -p 8080:8080 -p 80:80 -v $PWD/traefik.toml:/traefik.toml -v /var/run/docker.sock:/var/run/docker.sock containous/traefik
-$ wrk -t12 -c400 -d60s -H "Host: test.traefik.localhost" --latency http://127.0.0.1:80
-Running 1m test @ http://127.0.0.1:80
-  12 threads and 400 connections
+```
+upstream whoami {
+    server IP-whoami1:80;
+    server IP-whoami2:80;
+    keepalive 300;
+}
+
+server {
+    listen 8001;
+    server_name test.traefik;
+    access_log off;
+    error_log /dev/null crit;
+    if ($host != "test.traefik") {
+        return 404;
+    }
+    location / {
+        proxy_pass http://whoami;
+        proxy_http_version 1.1;
+        proxy_set_header Connection "";
+	proxy_set_header  X-Forwarded-Host $host;
+    }
+}
+```
+
+### Traefik
+
+Here is the `traefik.toml` file used:
+
+```
+MaxIdleConnsPerHost = 100000
+defaultEntryPoints = ["http"]
+
+[entryPoints]
+  [entryPoints.http]
+  address = ":8000"
+
+[file]
+[backends]
+  [backends.backend1]
+    [backends.backend1.servers.server1]
+    url = "http://IP-whoami1:80"
+    weight = 1
+    [backends.backend1.servers.server2]
+    url = "http://IP-whoami2:80"
+    weight = 1
+
+[frontends]
+  [frontends.frontend1]
+  backend = "backend1"
+    [frontends.frontend1.routes.test_1]
+    rule = "Host: test.traefik"
+```
+
+## Results
+
+### whoami:
+```
+wrk -t8 -c1000 -d60s -H "Host: test.traefik" --latency  http://IP-whoami:80/bench
+Running 1m test @ http://IP-whoami:80/bench
+  20 threads and 1000 connections
   Thread Stats   Avg      Stdev     Max   +/- Stdev
-    Latency   132.93ms  121.89ms   1.20s    66.62%
-    Req/Sec   280.95    104.88   740.00     68.26%
+    Latency    70.28ms  134.72ms   1.91s    89.94%
+    Req/Sec     2.92k   742.42     8.78k    68.80%
   Latency Distribution
-     50%  128.71ms
-     75%  214.15ms
-     90%  281.45ms
-     99%  498.44ms
-  200734 requests in 1.00m, 80.02MB read
-Requests/sec:   3340.13
-Transfer/sec:      1.33MB
-```
+     50%   10.63ms
+     75%   75.64ms
+     90%  205.65ms
+     99%  668.28ms
+  3476705 requests in 1.00m, 384.61MB read
+  Socket errors: connect 0, read 0, write 0, timeout 103
+Requests/sec:  57894.35
+Transfer/sec:      6.40MB
+```
+
+### nginx:
+```
+wrk -t20 -c1000 -d60s -H "Host: test.traefik" --latency  http://IP-nginx:8001/bench
+Running 1m test @ http://IP-nginx:8001/bench
+  20 threads and 1000 connections
+  Thread Stats   Avg      Stdev     Max   +/- Stdev
+    Latency   101.25ms  180.09ms   1.99s    89.34%
+    Req/Sec     1.69k   567.69     9.39k    72.62%
+  Latency Distribution
+     50%   15.46ms
+     75%  129.11ms
+     90%  302.44ms
+     99%  846.59ms
+  2018427 requests in 1.00m, 298.36MB read
+  Socket errors: connect 0, read 0, write 0, timeout 90
+Requests/sec:  33591.67
+Transfer/sec:      4.97MB
+```
+
+### traefik:
+```
+wrk -t8 -c1000 -d60s -H "Host: test.traefik" --latency  http://IP-traefik:8000/bench
+Running 1m test @ http://IP-traefik:8000/bench
+  20 threads and 1000 connections
+  Thread Stats   Avg      Stdev     Max   +/- Stdev
+    Latency    91.72ms  150.43ms   2.00s    90.50%
+    Req/Sec     1.43k   266.37     2.97k    69.77%
+  Latency Distribution
+     50%   19.74ms
+     75%  121.98ms
+     90%  237.39ms
+     99%  687.49ms
+  1705073 requests in 1.00m, 188.63MB read
+  Socket errors: connect 0, read 0, write 0, timeout 7
+Requests/sec:  28392.44
+Transfer/sec:      3.14MB
+```
+
+## Conclusion
+
+Traefik is obviously slower than Nginx, but not so much: Traefik can serve 28392 requests/sec and Nginx 33591 requests/sec which gives a ratio of 85%.
+Not bad for young project :) !
+
+Some areas of possible improvements:
+
+- Use [GO_REUSEPORT](https://github.com/kavu/go_reuseport) listener
+- Run a separate server instance per CPU core with `GOMAXPROCS=1` (it appears during benchmarks that there is a lot more context switches with traefik than with nginx)
+

docs/css/traefik.css

@@ -40,4 +40,22 @@ h1, h2, h3, H4 {
 
 blockquote p {
     font-size: 14px;
+}
+
+.navbar-default .navbar-nav>.open>a, .navbar-default .navbar-nav>.open>a:hover, .navbar-default .navbar-nav>.open>a:focus {
+    color: #fff;
+    background-color: #25606F;
+}
+
+.dropdown-menu>li>a:hover, .dropdown-menu>li>a:focus {
+    color: #fff;
+    text-decoration: none;
+    background-color: #25606F;
+}
+
+.dropdown-menu>.active>a, .dropdown-menu>.active>a:hover, .dropdown-menu>.active>a:focus {
+    color: #fff;
+    text-decoration: none;
+    background-color: #25606F;
+    outline: 0;
 }

docs/index.md

@@ -57,7 +57,7 @@ You can grab the latest binary from the [releases](https://github.com/containous
 Using the tiny Docker image:
 
 ```shell
-docker run -d -p 8080:8080 -p 80:80 -v $PWD/traefik.toml:/etc/traefik/traefik.toml containous/traefik
+docker run -d -p 8080:8080 -p 80:80 -v $PWD/traefik.toml:/etc/traefik/traefik.toml traefik
 ```
 
 ## Test it
@@ -66,7 +66,7 @@ You can test Træfɪk easily using [Docker compose](https://docs.docker.com/comp
 
 ```yaml
 traefik:
-  image: containous/traefik
+  image: traefik
   command: --web --docker --docker.domain=docker.localhost --logLevel=DEBUG
   ports:
     - "80:80"

docs/toml.md

@@ -89,6 +89,10 @@
 #     [entryPoints.http.redirect]
 #       regex = "^http://localhost/(.*)"
 #       replacement = "http://mydomain/$1"
+
+[entryPoints]
+  [entryPoints.http]
+  address = ":80"
 ```
 
 ## Retry configuration
@@ -98,7 +102,7 @@
 #
 # Optional
 #
-# [retry]
+[retry]
 
 # Number of attempts
 #
@@ -118,31 +122,37 @@
 ## ACME (Let's Encrypt) configuration
 
 ```toml
+# Sample entrypoint configuration when using ACME
+[entryPoints]
+  [entryPoints.https]
+  address = ":443"
+    [entryPoints.https.tls]
+
 # Enable ACME (Let's Encrypt): automatic SSL
 #
 # Optional
 #
-# [acme]
+[acme]
 
 # Email address used for registration
 #
 # Required
 #
-# email = "test@traefik.io"
+email = "test@traefik.io"
 
 # File used for certificates storage.
 # WARNING, if you use Traefik in Docker, don't forget to mount this file as a volume.
 #
 # Required
 #
-# storageFile = "acme.json"
+storageFile = "acme.json"
 
 # Entrypoint to proxy acme challenge to.
-# WARNING, must point to an entrypoint on port 443 
+# WARNING, must point to an entrypoint on port 443
 #
 # Required
 #
-# entryPoint = "https"
+entryPoint = "https"
 
 # Enable on demand certificate. This will request a certificate from Let's Encrypt during the first TLS handshake for a hostname that does not yet have a certificate.
 # WARNING, TLS handshakes will be slow when requesting a hostname certificate for the first time, this can leads to DoS attacks.
@@ -162,6 +172,7 @@
 
 # Domains list
 # You can provide SANs (alternative domains) to each main domain
+# All domains must have A/AAAA records pointing to Traefik
 # WARNING, Take note that Let's Encrypt have rate limiting: https://community.letsencrypt.org/t/quick-start-guide/1631
 # Each domain & SANs will lead to a certificate request.
 #
@@ -175,6 +186,13 @@
 #   main = "local3.com"
 # [[acme.domains]]
 #   main = "local4.com"
+[[acme.domains]]
+   main = "local1.com"
+   sans = ["test1.local1.com", "test2.local1.com"]
+[[acme.domains]]
+   main = "local3.com"
+[[acme.domains]]
+   main = "local4.com"
 ```
 
 # Configuration backends
@@ -218,6 +236,9 @@ defaultEntryPoints = ["http", "https"]
     url = "http://172.17.0.3:80"
     weight = 1
   [backends.backend2]
+    [backends.backend1.maxconn]
+      amount = 10
+      extractorfunc = "request.host"
     [backends.backend2.LoadBalancer]
       method = "drr"
     [backends.backend2.servers.server1]
@@ -244,7 +265,7 @@ defaultEntryPoints = ["http", "https"]
     rule = "Path:/test"
 ```
 
-- or put your rules in a separate file, for example `rules.tml`:
+- or put your rules in a separate file, for example `rules.toml`:
 
 ```toml
 # traefik.toml
@@ -281,6 +302,9 @@ filename = "rules.toml"
     url = "http://172.17.0.3:80"
     weight = 1
   [backends.backend2]
+    [backends.backend1.maxconn]
+      amount = 10
+      extractorfunc = "request.host"
     [backends.backend2.LoadBalancer]
       method = "drr"
     [backends.backend2.servers.server1]
@@ -512,7 +536,7 @@ Labels can be used on containers to override default behaviour:
 - `traefik.protocol=https`: override the default `http` protocol
 - `traefik.weight=10`: assign this weight to the container
 - `traefik.enable=false`: disable this container in Træfɪk
-- `traefik.frontend.rule=Host:test.traefik.io`: override the default frontend rule (Default: `Host:{containerName}.{domain}`). See [frontends](#frontends).
+- `traefik.frontend.rule=Host:test.traefik.io`: override the default frontend rule (Default: `Host:{containerName}.{domain}`).
 - `traefik.frontend.passHostHeader=true`: forward client `Host` header to the backend.
 - `traefik.frontend.entryPoints=http,https`: assign this frontend to entry points `http` and `https`. Overrides `defaultEntryPoints`.
 * `traefik.domain=traefik.localhost`: override the default domain
@@ -592,11 +616,42 @@ Labels can be used on containers to override default behaviour:
 - `traefik.protocol=https`: override the default `http` protocol
 - `traefik.weight=10`: assign this weight to the application
 - `traefik.enable=false`: disable this application in Træfɪk
-- `traefik.frontend.rule=Host:test.traefik.io`: override the default frontend rule (Default: `Host:{containerName}.{domain}`). See [frontends](#frontends).
+- `traefik.frontend.rule=Host:test.traefik.io`: override the default frontend rule (Default: `Host:{containerName}.{domain}`).
 - `traefik.frontend.passHostHeader=true`: forward client `Host` header to the backend.
 - `traefik.frontend.entryPoints=http,https`: assign this frontend to entry points `http` and `https`. Overrides `defaultEntryPoints`.
 * `traefik.domain=traefik.localhost`: override the default domain
 
+
+## Kubernetes Ingress backend
+
+
+Træfɪk can be configured to use Kubernetes Ingress as a backend configuration:
+
+```toml
+################################################################
+# Kubernetes Ingress configuration backend
+################################################################
+# Enable Kubernetes Ingress configuration backend
+#
+# Optional
+#
+[kubernetes]
+
+# Kubernetes server endpoint
+#
+# When deployed as a replication controller in Kubernetes,
+# Traefik will use env variable KUBERNETES_SERVICE_HOST
+# and KUBERNETES_SERVICE_PORT_HTTPS as endpoint
+# Secure token will be found in /var/run/secrets/kubernetes.io/serviceaccount/token
+# and SSL CA cert in /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
+# 
+# Optional
+#
+# endpoint = "http://localhost:8080"
+```
+
+You can find here an example [ingress](https://raw.githubusercontent.com/containous/traefik/master/examples/k8s.ingress.yaml) and [replication controller](https://raw.githubusercontent.com/containous/traefik/master/examples/k8s.rc.yaml).
+
 ## Consul backend
 
 Træfɪk can be configured to use Consul as a backend configuration:
@@ -675,11 +730,27 @@ endpoint = "127.0.0.1:8500"
 # Optional
 #
 domain = "consul.localhost"
+
+# Prefix for Consul catalog tags
+#
+# Optional
+#
+prefix = "traefik"
 ```
 
 This backend will create routes matching on hostname based on the service name
 used in consul.
 
+Additional settings can be defined using Consul Catalog tags:
+
+- ```traefik.enable=false```: disable this container in Træfɪk
+- ```traefik.protocol=https```: override the default `http` protocol
+- ```traefik.backend.weight=10```: assign this weight to the container
+- ```traefik.backend.circuitbreaker=NetworkErrorRatio() > 0.5```
+- ```traefik.backend.loadbalancer=drr```: override the default load balancing mode
+- ```traefik.frontend.rule=Host:test.traefik.io```: override the default frontend rule (Default: `Host:{containerName}.{domain}`).
+- ```traefik.frontend.passHostHeader=true```: forward client `Host` header to the backend.
+- ```traefik.frontend.entryPoints=http,https```: assign this frontend to entry points `http` and `https`. Overrides `defaultEntryPoints`.
 
 ## Etcd backend
 
@@ -694,25 +765,25 @@ Træfɪk can be configured to use Etcd as a backend configuration:
 #
 # Optional
 #
-# [etcd]
+[etcd]
 
 # Etcd server endpoint
 #
 # Required
 #
-# endpoint = "127.0.0.1:4001"
+endpoint = "127.0.0.1:4001"
 
 # Enable watch Etcd changes
 #
 # Optional
 #
-# watch = true
+watch = true
 
 # Prefix used for KV store.
 #
 # Optional
 #
-# prefix = "/traefik"
+prefix = "/traefik"
 
 # Override default configuration template. For advanced users :)
 #
@@ -747,25 +818,25 @@ Træfɪk can be configured to use Zookeeper as a backend configuration:
 #
 # Optional
 #
-# [zookeeper]
+[zookeeper]
 
 # Zookeeper server endpoint
 #
 # Required
 #
-# endpoint = "127.0.0.1:2181"
+endpoint = "127.0.0.1:2181"
 
 # Enable watch Zookeeper changes
 #
 # Optional
 #
-# watch = true
+watch = true
 
 # Prefix used for KV store.
 #
 # Optional
 #
-# prefix = "/traefik"
+prefix = "/traefik"
 
 # Override default configuration template. For advanced users :)
 #
@@ -789,25 +860,25 @@ Træfɪk can be configured to use BoltDB as a backend configuration:
 #
 # Optional
 #
-# [boltdb]
+[boltdb]
 
 # BoltDB file
 #
 # Required
 #
-# endpoint = "/my.db"
+endpoint = "/my.db"
 
 # Enable watch BoltDB changes
 #
 # Optional
 #
-# watch = true
+watch = true
 
 # Prefix used for KV store.
 #
 # Optional
 #
-# prefix = "/traefik"
+prefix = "/traefik"
 
 # Override default configuration template. For advanced users :)
 #
@@ -836,6 +907,8 @@ The Keys-Values structure should look (using `prefix = "/traefik"`):
 
 | Key                                                 | Value                  |
 |-----------------------------------------------------|------------------------|
+| `/traefik/backends/backend2/maxconn/amount`         | `10`                   |
+| `/traefik/backends/backend2/maxconn/extractorfunc`  | `request.host`         |
 | `/traefik/backends/backend2/loadbalancer/method`    | `drr`                  |
 | `/traefik/backends/backend2/servers/server1/url`    | `http://172.17.0.4:80` |
 | `/traefik/backends/backend2/servers/server1/weight` | `1`                    |
@@ -896,99 +969,3 @@ Once the `/traefik/alias` key is updated, the new `/traefik_configurations/2` co
 
 Note that Træfɪk *will not watch for key changes in the `/traefik_configurations` prefix*. It will only watch for changes in the `/traefik` prefix. Further, if the `/traefik/alias` key is set, all other sibling keys with the `/traefik` prefix are ignored.
 
-
-# Examples
-
-## HTTP only
-
-```
-defaultEntryPoints = ["http"]
-[entryPoints]
-  [entryPoints.http]
-  address = ":80"
-```
-
-## HTTP + HTTPS (with SNI)
-
-```
-defaultEntryPoints = ["http", "https"]
-[entryPoints]
-  [entryPoints.http]
-  address = ":80"
-  [entryPoints.https]
-  address = ":443"
-    [entryPoints.https.tls]
-      [[entryPoints.https.tls.certificates]]
-      CertFile = "integration/fixtures/https/snitest.com.cert"
-      KeyFile = "integration/fixtures/https/snitest.com.key"
-      [[entryPoints.https.tls.certificates]]
-      CertFile = "integration/fixtures/https/snitest.org.cert"
-      KeyFile = "integration/fixtures/https/snitest.org.key"
-```
-
-## HTTP redirect on HTTPS
-
-```
-defaultEntryPoints = ["http", "https"]
-[entryPoints]
-  [entryPoints.http]
-  address = ":80"
-    [entryPoints.http.redirect]
-    entryPoint = "https"
-  [entryPoints.https]
-  address = ":443"
-    [entryPoints.https.tls]
-      [[entryPoints.https.tls.certificates]]
-      certFile = "tests/traefik.crt"
-      keyFile = "tests/traefik.key"
-```
-
-## Let's Encrypt support
-
-```
-[entryPoints]
-  [entryPoints.https]
-  address = ":443"
-    [entryPoints.https.tls]
-      # certs used as default certs
-      [[entryPoints.https.tls.certificates]]
-      certFile = "tests/traefik.crt"
-      keyFile = "tests/traefik.key"
-[acme]
-email = "test@traefik.io"
-storageFile = "acme.json"
-onDemand = true
-caServer = "http://172.18.0.1:4000/directory"
-entryPoint = "https"
-
-[[acme.domains]]
-  main = "local1.com"
-  sans = ["test1.local1.com", "test2.local1.com"]
-[[acme.domains]]
-  main = "local2.com"
-  sans = ["test1.local2.com", "test2x.local2.com"]
-[[acme.domains]]
-  main = "local3.com"
-[[acme.domains]]
-  main = "local4.com"
-```
-
-## Override entrypoints in frontends
-
-```
-[frontends]
-  [frontends.frontend1]
-  backend = "backend2"
-    [frontends.frontend1.routes.test_1]
-    rule = "Host:test.localhost"
-  [frontends.frontend2]
-  backend = "backend1"
-  passHostHeader = true
-  entrypoints = ["https"] # overrides defaultEntryPoints
-    [frontends.frontend2.routes.test_1]
-    rule = "Host:{subdomain:[a-z]+}.localhost"
-  [frontends.frontend3]
-  entrypoints = ["http", "https"] # overrides defaultEntryPoints
-  backend = "backend2"
-    rule = "Path:/test"
-```

docs/user-guide/examples.md

@@ -0,0 +1,98 @@
+
+# Examples
+
+You will find here some configuration examples of Træfɪk.
+
+## HTTP only
+
+```
+defaultEntryPoints = ["http"]
+[entryPoints]
+  [entryPoints.http]
+  address = ":80"
+```
+
+## HTTP + HTTPS (with SNI)
+
+```
+defaultEntryPoints = ["http", "https"]
+[entryPoints]
+  [entryPoints.http]
+  address = ":80"
+  [entryPoints.https]
+  address = ":443"
+    [entryPoints.https.tls]
+      [[entryPoints.https.tls.certificates]]
+      CertFile = "integration/fixtures/https/snitest.com.cert"
+      KeyFile = "integration/fixtures/https/snitest.com.key"
+      [[entryPoints.https.tls.certificates]]
+      CertFile = "integration/fixtures/https/snitest.org.cert"
+      KeyFile = "integration/fixtures/https/snitest.org.key"
+```
+
+## HTTP redirect on HTTPS
+
+```
+defaultEntryPoints = ["http", "https"]
+[entryPoints]
+  [entryPoints.http]
+  address = ":80"
+    [entryPoints.http.redirect]
+    entryPoint = "https"
+  [entryPoints.https]
+  address = ":443"
+    [entryPoints.https.tls]
+      [[entryPoints.https.tls.certificates]]
+      certFile = "tests/traefik.crt"
+      keyFile = "tests/traefik.key"
+```
+
+## Let's Encrypt support
+
+```
+[entryPoints]
+  [entryPoints.https]
+  address = ":443"
+    [entryPoints.https.tls]
+      # certs used as default certs
+      [[entryPoints.https.tls.certificates]]
+      certFile = "tests/traefik.crt"
+      keyFile = "tests/traefik.key"
+[acme]
+email = "test@traefik.io"
+storageFile = "acme.json"
+onDemand = true
+caServer = "http://172.18.0.1:4000/directory"
+entryPoint = "https"
+
+[[acme.domains]]
+  main = "local1.com"
+  sans = ["test1.local1.com", "test2.local1.com"]
+[[acme.domains]]
+  main = "local2.com"
+  sans = ["test1.local2.com", "test2x.local2.com"]
+[[acme.domains]]
+  main = "local3.com"
+[[acme.domains]]
+  main = "local4.com"
+```
+
+## Override entrypoints in frontends
+
+```
+[frontends]
+  [frontends.frontend1]
+  backend = "backend2"
+    [frontends.frontend1.routes.test_1]
+    rule = "Host:test.localhost"
+  [frontends.frontend2]
+  backend = "backend1"
+  passHostHeader = true
+  entrypoints = ["https"] # overrides defaultEntryPoints
+    [frontends.frontend2.routes.test_1]
+    rule = "Host:{subdomain:[a-z]+}.localhost"
+  [frontends.frontend3]
+  entrypoints = ["http", "https"] # overrides defaultEntryPoints
+  backend = "backend2"
+    rule = "Path:/test"
+```

docs/user-guide/swarm.md

@@ -0,0 +1,170 @@
+# Swarm cluster
+
+This section explains how to create a multi-host [swarm](https://docs.docker.com/swarm) cluster using [docker-machine](https://docs.docker.com/machine/) and how to deploy Træfɪk on it.
+The cluster will be made of:
+
+- 2 servers
+- 1 swarm master
+- 2 swarm nodes
+- 1 [overlay](https://docs.docker.com/engine/userguide/networking/dockernetworks/#an-overlay-network) network (multi-host networking)
+
+## Prerequisites
+
+1. You will need to install [docker-machine](https://docs.docker.com/machine/)
+2. You will need the latest [VirtualBox](https://www.virtualbox.org/wiki/Downloads)
+
+## Cluster provisioning
+
+We will first follow [this guide](https://docs.docker.com/engine/userguide/networking/get-started-overlay/) to create the cluster.
+
+### Create machine `mh-keystore`
+
+This machine will be the service registry of our cluster.
+
+```sh
+docker-machine create -d virtualbox mh-keystore
+```
+
+Then we install the service registry [Consul](https://consul.io) on this machine:
+
+```sh
+eval "$(docker-machine env mh-keystore)"
+docker run -d \
+    -p "8500:8500" \
+    -h "consul" \
+    progrium/consul -server -bootstrap
+```
+
+### Create machine `mhs-demo0`
+
+This machine will have a swarm master and a swarm agent on it.
+
+```sh
+docker-machine create -d virtualbox \
+    --swarm --swarm-master \
+    --swarm-discovery="consul://$(docker-machine ip mh-keystore):8500" \
+    --engine-opt="cluster-store=consul://$(docker-machine ip mh-keystore):8500" \
+    --engine-opt="cluster-advertise=eth1:2376" \
+    mhs-demo0
+```
+
+### Create machine `mhs-demo1`
+
+This machine will have a swarm agent on it.
+
+```sh
+docker-machine create -d virtualbox \
+    --swarm \
+    --swarm-discovery="consul://$(docker-machine ip mh-keystore):8500" \
+    --engine-opt="cluster-store=consul://$(docker-machine ip mh-keystore):8500" \
+    --engine-opt="cluster-advertise=eth1:2376" \
+    mhs-demo1
+```
+
+### Create the overlay Network
+
+Create the overlay network on the swarm master:
+
+```sh
+eval $(docker-machine env --swarm mhs-demo0)
+docker network create --driver overlay --subnet=10.0.9.0/24 my-net
+```
+
+## Deploy Træfɪk
+
+Deploy Træfɪk:
+
+```sh
+docker $(docker-machine config mhs-demo0) run \
+    -d \
+    -p 80:80 -p 8080:8080 \
+    --net=my-net \
+    -v /var/lib/boot2docker/:/ssl \
+    traefik \
+    -l DEBUG \
+    -c /dev/null \
+    --docker \
+    --docker.domain traefik \
+    --docker.endpoint tcp://$(docker-machine ip mhs-demo0):3376 \
+    --docker.tls \
+    --docker.tls.ca /ssl/ca.pem \
+    --docker.tls.cert /ssl/server.pem \
+    --docker.tls.key /ssl/server-key.pem \
+    --docker.tls.insecureSkipVerify \
+    --docker.watch  \
+    --web
+```
+
+Let's explain this command:
+
+- `-p 80:80 -p 8080:8080`: we bind ports 80 and 8080
+- `--net=my-net`: run the container on the network my-net
+- `-v /var/lib/boot2docker/:/ssl`: mount the ssl keys generated by docker-machine
+- `-c /dev/null`: empty config file
+- `--docker`: enable docker backend
+- `--docker.endpoint tcp://172.18.0.1:3376`: connect to the swarm master using the docker_gwbridge network
+- `--docker.tls`: enable TLS using the docker-machine keys
+- `--web`: activate the webUI on port 8080
+
+## Deploy your apps
+
+We can now deploy our app on the cluster, here [whoami](https://github.com/emilevauge/whoami), a simple web server in GO, on the network `my-net`:
+
+```sh
+eval $(docker-machine env --swarm mhs-demo0)
+docker run -d --name=whoami0 --net=my-net --env="constraint:node==mhs-demo0" emilevauge/whoami
+docker run -d --name=whoami1 --net=my-net --env="constraint:node==mhs-demo1" emilevauge/whoami
+```
+
+Check that everything is started:
+
+```sh
+docker ps
+CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                                                      NAMES
+ba2c21488299        emilevauge/whoami   "/whoamI"                8 seconds ago       Up 9 seconds        80/tcp                                                     mhs-demo1/whoami1
+8147a7746e7a        emilevauge/whoami   "/whoamI"                19 seconds ago      Up 20 seconds       80/tcp                                                     mhs-demo0/whoami0
+8fbc39271b4c        traefik             "/traefik -l DEBUG -c"   36 seconds ago      Up 37 seconds       192.168.99.101:80->80/tcp, 192.168.99.101:8080->8080/tcp   mhs-demo0/serene_bhabha
+```
+
+## Access to your apps through Træfɪk
+
+```sh
+curl -H Host:whoami0.traefik http://$(docker-machine ip mhs-demo0)
+Hostname: 8147a7746e7a
+IP: 127.0.0.1
+IP: ::1
+IP: 10.0.9.3
+IP: fe80::42:aff:fe00:903
+IP: 172.18.0.3
+IP: fe80::42:acff:fe12:3
+GET / HTTP/1.1
+Host: 10.0.9.3:80
+User-Agent: curl/7.35.0
+Accept: */*
+Accept-Encoding: gzip
+X-Forwarded-For: 192.168.99.1
+X-Forwarded-Host: 10.0.9.3:80
+X-Forwarded-Proto: http
+X-Forwarded-Server: 8fbc39271b4c
+
+curl -H Host:whoami1.traefik http://$(docker-machine ip mhs-demo0)
+Hostname: ba2c21488299
+IP: 127.0.0.1
+IP: ::1
+IP: 10.0.9.4
+IP: fe80::42:aff:fe00:904
+IP: 172.18.0.2
+IP: fe80::42:acff:fe12:2
+GET / HTTP/1.1
+Host: 10.0.9.4:80
+User-Agent: curl/7.35.0
+Accept: */*
+Accept-Encoding: gzip
+X-Forwarded-For: 192.168.99.1
+X-Forwarded-Host: 10.0.9.4:80
+X-Forwarded-Proto: http
+X-Forwarded-Server: 8fbc39271b4c
+```
+
+![](http://i.giphy.com/ujUdrdpX7Ok5W.gif)
+

examples/accessLog/.gitignore

@@ -0,0 +1,2 @@
+exampleHandler
+exampleHandler.exe

examples/accessLog/exampleHandler.go

@@ -0,0 +1,46 @@
+/*
+Simple program to start a web server on a specified port
+*/
+package main
+
+import (
+	"flag"
+	"fmt"
+	"net/http"
+	"os"
+)
+
+var (
+	name string
+	port int
+	help *bool
+)
+
+func init() {
+	flag.StringVar(&name, "n", "", "Name of handler for messages")
+	flag.IntVar(&port, "p", 0, "Port number to listen")
+	help = flag.Bool("h", false, "Displays help message")
+}
+
+func usage() {
+	fmt.Printf("Usage: example -n name -p port \n")
+	os.Exit(2)
+}
+
+func handler(w http.ResponseWriter, r *http.Request) {
+	fmt.Fprintf(w, "%s: Received query %s!\n", name, r.URL.Path[1:])
+}
+
+func main() {
+	flag.Parse()
+	if *help || len(name) == 0 || port <= 0 {
+		usage()
+	}
+	http.HandleFunc("/", handler)
+	fmt.Printf("%s: Listening on :%d...\n", name, port)
+	if er := http.ListenAndServe(fmt.Sprintf(":%d", port), nil); er != nil {
+		fmt.Printf("%s: Error from ListenAndServe: %s", name, er.Error())
+		os.Exit(1)
+	}
+	fmt.Printf("%s: How'd we get past listen and serve???\n", name)
+}

examples/accessLog/runAb.sh

@@ -0,0 +1,122 @@
+#!/bin/bash
+usage()
+{
+  echo 'runAb.sh - Run Apache Benchmark to test access log'
+  echo '   Usage: runAb.sh [--conn nnn] [--log xxx] [--num nnn] [--time nnn] [--wait nn]'
+  echo '     -c|--conn - number of simultaneous connections (default 100)'
+  echo '     -l|--log  - name of logfile (default benchmark.log)'
+  echo '     -n|--num  - number of requests (default 50000); ignored when -t specified'
+  echo '     -t|--time - time in seconds for benchmark (default no limit)'
+  echo '     -w|--wait - number of seconds to wait for Traefik to initialize (default 15)'
+  echo '   '
+  exit
+}
+
+# Parse options
+
+conn=100
+num=50000
+wait=15
+time=0
+logfile=""
+while [[ $1 =~ ^- ]]
+do
+  case $1 in
+    -c|--conn)
+      conn=$2
+      shift
+      ;;
+    -h|--help)
+      usage
+      ;;
+    -l|--log|--logfile)
+      logfile=$2
+      shift
+      ;;
+    -n|--num)
+      num=$2
+      shift
+      ;;
+    -t|--time)
+      time=$2
+      shift
+      ;;
+    -w|--wait)
+      wait=$2
+      shift
+      ;;
+    *)
+      echo Unknown option "$1"
+      usage
+  esac
+  shift
+done
+if [ -z "$logfile" ] ; then
+  logfile="benchmark.log"
+fi
+
+# Change to accessLog examples directory
+
+[ -d examples/accessLog ] && cd examples/accessLog
+if [ ! -r exampleHandler.go ] ; then
+  echo Please run this script either from the traefik repo root or from the examples/accessLog directory
+  exit
+fi
+
+# Kill traefik and any running example processes
+
+sudo pkill -f traefik
+pkill -f exampleHandler
+[ ! -d log ] && mkdir log
+
+# Start new example processes
+
+go build exampleHandler.go
+[ $? -ne 0 ] && exit $?
+./exampleHandler -n Handler1 -p 8081 &
+[ $? -ne 0 ] && exit $?
+./exampleHandler -n Handler2 -p 8082 &
+[ $? -ne 0 ] && exit $?
+./exampleHandler -n Handler3 -p 8083 &
+[ $? -ne 0 ] && exit $?
+
+# Wait a couple of seconds for handlers to initialize and start Traefik
+
+cd ../..
+sleep 2s
+echo Starting Traefik...
+sudo ./traefik -c examples/accessLog/traefik.ab.toml &
+[ $? -ne 0 ] && exit $?
+
+# Wait for Traefik to initialize and run ab
+
+echo Waiting $wait seconds before starting ab benchmark
+sleep ${wait}s
+echo
+stime=`date '+%s'`
+if [ $time -eq 0 ] ; then
+  echo Benchmark starting `date` with $conn connections until $num requests processed | tee $logfile
+  echo | tee -a $logfile
+  echo ab -k -c $conn -n $num http://127.0.0.1/test | tee -a $logfile
+  echo | tee -a $logfile
+  ab -k -c $conn -n $num http://127.0.0.1/test 2>&1 | tee -a $logfile
+else
+  if [ $num -ne 50000 ] ; then
+    echo Request count ignored when --time specified
+  fi
+  echo Benchmark starting `date` with $conn connections for $time seconds | tee $logfile
+  echo | tee -a $logfile
+  echo ab -k -c $conn -t $time -n 100000000 http://127.0.0.1/test | tee -a $logfile
+  echo | tee -a $logfile
+  ab -k -c $conn -t $time -n 100000000 http://127.0.0.1/test 2>&1 | tee -a $logfile
+fi
+
+etime=`date '+%s'`
+let "dt=$etime - $stime"
+let "ds=$dt % 60"
+let "dm=($dt / 60) % 60"
+let "dh=$dt / 3600"
+echo | tee -a $logfile
+printf "Benchmark ended `date` after %d:%02d:%02d\n" $dh $dm $ds | tee -a $logfile
+echo Results available in $logfile
+

examples/accessLog/runExample.sh

@@ -0,0 +1,40 @@
+#!/bin/bash
+# Script to run a three-server example.  This script runs the three servers and restarts Traefik
+# Once it is running, use the command:
+#
+# curl http://127.0.0.1:80/test{1,2,2}
+#
+# to send requests to send test requests to the servers.  You should see a response like:
+#
+# Handler1: received query test1!
+# Handler2: received query test2!
+# Handler3: received query test2!
+#
+# and can then inspect log/access.log to see frontend, backend, and timing
+
+# Kill traefik and any running example processes
+sudo pkill -f traefik
+pkill -f exampleHandler
+[ ! -d log ] && mkdir log
+
+# Start new example processes
+cd examples/accessLog
+go build exampleHandler.go
+[ $? -ne 0 ] && exit $?
+./exampleHandler -n Handler1 -p 8081 &
+[ $? -ne 0 ] && exit $?
+./exampleHandler -n Handler2 -p 8082 &
+[ $? -ne 0 ] && exit $?
+./exampleHandler -n Handler3 -p 8083 &
+[ $? -ne 0 ] && exit $?
+
+# Wait a couple of seconds for handlers to initialize and start Traefik
+cd ../..
+sleep 2s
+echo Starting Traefik...
+sudo ./traefik -c examples/accessLog/traefik.example.toml &
+[ $? -ne 0 ] && exit $?
+
+echo Sample handlers and traefik started successfully!
+echo 'Use command curl http://127.0.0.1:80/test{1,2,2} to drive test'
+echo Then inspect log/access.log to verify it contains frontend, backend, and timing

examples/accessLog/traefik.ab.toml

@@ -0,0 +1,37 @@
+################################################################
+# Global configuration
+################################################################
+traefikLogsFile = "log/traefik.log"
+accessLogsFile = "log/access.log"
+logLevel = "DEBUG"
+
+################################################################
+# Web configuration backend
+################################################################
+[web]
+address = ":7888"
+
+################################################################
+# File configuration backend
+################################################################
+[file]
+
+################################################################
+# rules
+################################################################
+ [backends]
+   [backends.backend]
+     [backends.backend.LoadBalancer]
+       method = "drr"
+     [backends.backend.servers.server1]
+       url = "http://127.0.0.1:8081"
+     [backends.backend.servers.server2]
+       url = "http://127.0.0.1:8082"
+     [backends.backend.servers.server3]
+       url = "http://127.0.0.1:8083"
+ [frontends]
+   [frontends.frontend]
+   backend = "backend"
+   passHostHeader = true
+     [frontends.frontend.routes.test]
+     rule = "Path: /test"

examples/accessLog/traefik.example.toml

@@ -0,0 +1,42 @@
+################################################################
+# Global configuration
+################################################################
+traefikLogsFile = "log/traefik.log"
+accessLogsFile = "log/access.log"
+logLevel = "DEBUG"
+
+################################################################
+# Web configuration backend
+################################################################
+[web]
+address = ":7888"
+
+################################################################
+# File configuration backend
+################################################################
+[file]
+
+################################################################
+# rules
+################################################################
+ [backends]
+   [backends.backend1]
+     [backends.backend1.servers.server1]
+       url = "http://127.0.0.1:8081"
+   [backends.backend2]
+     [backends.backend2.LoadBalancer]
+       method = "drr"
+     [backends.backend2.servers.server1]
+       url = "http://127.0.0.1:8082"
+     [backends.backend2.servers.server2]
+       url = "http://127.0.0.1:8083"
+  [frontends]
+   [frontends.frontend1]
+   backend = "backend1"
+     [frontends.frontend1.routes.test_1]
+     rule = "Path: /test1"
+   [frontends.frontend2]
+   backend = "backend2"
+   passHostHeader = true
+     [frontends.frontend2.routes.test_2]
+     rule = "Path: /test2"

examples/compose-k8s.yaml

@@ -0,0 +1,17 @@
+# etcd:
+#   image: gcr.io/google_containers/etcd:2.2.1
+#   net: host
+#   command: ['/usr/local/bin/etcd', '--addr=127.0.0.1:4001', '--bind-addr=0.0.0.0:4001', '--data-dir=/var/etcd/data']
+
+kubelet:
+  image: gcr.io/google_containers/hyperkube-amd64:v1.2.2
+  privileged: true
+  pid: host
+  net : host
+  volumes:
+    - /:/rootfs:ro
+    - /sys:/sys:ro
+    - /var/lib/docker/:/var/lib/docker:rw
+    - /var/lib/kubelet/:/var/lib/kubelet:rw
+    - /var/run:/var/run:rw
+  command: ['/hyperkube', 'kubelet', '--containerized', '--hostname-override=127.0.0.1', '--address=0.0.0.0', '--api-servers=http://localhost:8080', '--config=/etc/kubernetes/manifests', '--allow-privileged=true', '--v=2']

examples/compose-marathon.yml

@@ -6,7 +6,7 @@ zk:
     ZK_ID: 1
 
 master:
-  image: mesosphere/mesos-master:0.26.0-0.2.145.ubuntu1404
+  image: mesosphere/mesos-master:0.28.1-2.0.20.ubuntu1404
   net: host
   environment:
     MESOS_ZK: zk://127.0.0.1:2181/mesos
@@ -17,7 +17,7 @@ master:
     MESOS_WORK_DIR: /var/lib/mesos
 
 slave:
-  image: mesosphere/mesos-slave:0.26.0-0.2.145.ubuntu1404
+  image: mesosphere/mesos-slave:0.28.1-2.0.20.ubuntu1404
   net: host
   pid: host
   privileged: true
@@ -34,10 +34,19 @@ slave:
     - /lib/x86_64-linux-gnu/libsystemd-journal.so.0:/lib/x86_64-linux-gnu/libsystemd-journal.so.0
 
 marathon:
-  image: mesosphere/marathon:v0.13.0
+  image: mesosphere/marathon:v1.1.1
   net: host
   environment:
     MARATHON_MASTER: zk://127.0.0.1:2181/mesos
     MARATHON_ZK: zk://127.0.0.1:2181/marathon
     MARATHON_HOSTNAME: 127.0.0.1
   command: --event_subscriber http_callback
+
+traefik:
+  image: containous/traefik
+  command: -c /dev/null --web --logLevel=DEBUG --marathon --marathon.domain marathon.localhost --marathon.endpoint http://172.17.0.1:8080 --marathon.watch
+  ports:
+    - "8000:80"
+    - "8081:8080"
+  volumes:
+    - /var/run/docker.sock:/var/run/docker.sock

examples/compose-traefik.yml

@@ -1,12 +1,11 @@
 traefik:
-  image: containous/traefik
-  command: --web --docker --docker.domain=docker.localhost --logLevel=DEBUG
+  image: traefik
+  command: -c /dev/null --web --docker --docker.domain=docker.localhost --logLevel=DEBUG
   ports:
     - "80:80"
     - "8080:8080"
   volumes:
     - /var/run/docker.sock:/var/run/docker.sock
-    - /dev/null:/traefik.toml
 
 whoami1:
   image: emilevauge/whoami

examples/consul-config.sh

@@ -17,11 +17,9 @@ curl -i -H "Accept: application/json" -X PUT -d "2"                           ht
 # frontend 1
 curl -i -H "Accept: application/json" -X PUT -d "backend2"                    http://localhost:8500/v1/kv/traefik/frontends/frontend1/backend
 curl -i -H "Accept: application/json" -X PUT -d "http"                        http://localhost:8500/v1/kv/traefik/frontends/frontend1/entrypoints
-curl -i -H "Accept: application/json" -X PUT -d "Host"                        http://localhost:8500/v1/kv/traefik/frontends/frontend1/routes/test_1/rule
-curl -i -H "Accept: application/json" -X PUT -d "test.localhost"              http://localhost:8500/v1/kv/traefik/frontends/frontend1/routes/test_1/value
+curl -i -H "Accept: application/json" -X PUT -d "Host:test.localhost"         http://localhost:8500/v1/kv/traefik/frontends/frontend1/routes/test_1/rule
 
 # frontend 2
 curl -i -H "Accept: application/json" -X PUT -d "backend1"                    http://localhost:8500/v1/kv/traefik/frontends/frontend2/backend
-curl -i -H "Accept: application/json" -X PUT -d "http,https"                  http://localhost:8500/v1/kv/traefik/frontends/frontend2/entrypoints
-curl -i -H "Accept: application/json" -X PUT -d "Path"                        http://localhost:8500/v1/kv/traefik/frontends/frontend2/routes/test_2/rule
-curl -i -H "Accept: application/json" -X PUT -d "/test"                       http://localhost:8500/v1/kv/traefik/frontends/frontend2/routes/test_2/value
+curl -i -H "Accept: application/json" -X PUT -d "http"                  http://localhost:8500/v1/kv/traefik/frontends/frontend2/entrypoints
+curl -i -H "Accept: application/json" -X PUT -d "Path:/test"                  http://localhost:8500/v1/kv/traefik/frontends/frontend2/routes/test_2/rule

examples/k8s.ingress.yaml

@@ -0,0 +1,93 @@
+# 3 Services for the 3 endpoints of the Ingress
+apiVersion: v1
+kind: Service
+metadata:
+  name: service1
+  labels:
+    app: whoami
+spec:
+  type: NodePort
+  ports:
+  - port: 80
+    nodePort: 30283
+    targetPort: 80
+    protocol: TCP
+    name: https
+  selector:
+    app: whoami
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: service2
+  labels:
+    app: whoami
+spec:
+  type: NodePort
+  ports:
+  - port: 80
+    nodePort: 30284
+    targetPort: 80
+    protocol: TCP
+    name: http
+  selector:
+    app: whoami
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: service3
+  labels:
+    app: whoami
+spec:
+  type: NodePort
+  ports:
+  - port: 80
+    nodePort: 30285
+    targetPort: 80
+    protocol: TCP
+    name: http
+  selector:
+    app: whoami
+---
+# A single RC matching all Services
+apiVersion: v1
+kind: ReplicationController
+metadata:
+  name: whoami
+spec:
+  replicas: 1
+  template:
+    metadata:
+      labels:
+        app: whoami
+    spec:
+      containers:
+      - name: whoami
+        image: emilevauge/whoami
+        ports:
+        - containerPort: 80
+---
+# An Ingress with 2 hosts and 3 endpoints
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: whoami-ingress
+spec:
+  rules:
+  - host: foo.localhost
+    http:
+      paths:
+      - path: /bar
+        backend:
+          serviceName: service1
+          servicePort: 80
+  - host: bar.localhost
+    http:
+      paths:
+      - backend:
+          serviceName: service2
+          servicePort: 80
+      - backend:
+          serviceName: service3
+          servicePort: 80

examples/k8s.namespace.sh

@@ -0,0 +1,10 @@
+#!/bin/bash
+
+kubectl create -f - << EOF
+kind: Namespace
+apiVersion: v1
+metadata:
+  name: kube-system
+  labels:
+    name: kube-system
+EOF

examples/k8s.rc.yaml

@@ -0,0 +1,31 @@
+apiVersion: v1
+kind: ReplicationController
+metadata:
+  name: traefik-ingress-controller
+  labels:
+    k8s-app: traefik-ingress-lb
+spec:
+  replicas: 1
+  selector:
+    k8s-app: traefik-ingress-lb
+  template:
+    metadata:
+      labels:
+        k8s-app: traefik-ingress-lb
+        name: traefik-ingress-lb
+    spec:
+      terminationGracePeriodSeconds: 60
+      containers:
+      - image: containous/traefik
+        name: traefik-ingress-lb
+        imagePullPolicy: Always
+        ports:
+        - containerPort: 80
+          hostPort: 80
+        - containerPort: 443
+          hostPort: 443
+        - containerPort: 8080
+        args:
+        - --web
+        - --kubernetes
+        - --logLevel=DEBUG

examples/whoami.json

@@ -25,7 +25,7 @@
   ],
   "labels": {
       "traefik.weight": "1",
-      "traefik.protocole": "http",
-      "traefik.frontend.rule" : "Headers:Host,test.localhost"
+      "traefik.protocol": "http",
+      "traefik.frontend.rule" : "Host:test.marathon.localhost"
   }
 }

glide.lock

@@ -1,5 +1,5 @@
-hash: 2e15595ec349ec462fa2b0a52e26e3f3dcbd17fed66dad9a1e1c2e2c0385fe49
-updated: 2016-04-02T15:25:37.354420171+02:00
+hash: a9f41b9fe89ac3028da27ac9cbe31db9a79ae89082f42507d4d0c58290517ee2
+updated: 2016-04-27T17:14:45.61228359Z
 imports:
 - name: github.com/alecthomas/template
   version: b867cc6ab45cece8143cfcc6fc9c77cf3f2c23c0
@@ -8,7 +8,7 @@ imports:
 - name: github.com/boltdb/bolt
   version: 51f99c862475898df9773747d3accd05a7ca33c1
 - name: github.com/BurntSushi/toml
-  version: bd2bdf7f18f849530ef7a1c29a4290217cab32a1
+  version: bbd5bb678321a0d6e58f1099321dfa73391c1b6f
 - name: github.com/BurntSushi/ty
   version: 6add9cd6ad42d389d6ead1dde60b4ad71e46fd74
   subpackages:
@@ -22,18 +22,21 @@ imports:
 - name: github.com/codegangsta/negroni
   version: c7477ad8e330bef55bf1ebe300cf8aa67c492d1b
 - name: github.com/containous/oxy
-  version: 0b5b371bce661385d35439204298fa6fb5db5463
+  version: 021f82bd8260ba15f5862a9fe62018437720dff5
   subpackages:
   - cbreaker
   - forward
   - memmetrics
   - roundrobin
   - utils
+  - connlimit
   - stream
-- name: github.com/coreos/go-etcd
-  version: cc90c7b091275e606ad0ca7102a23fb2072f3f5e
+- name: github.com/coreos/etcd
+  version: 26e52d2bce9e3e11b77b68cc84bf91aebb1ef637
   subpackages:
-  - etcd
+  - client
+  - pkg/pathutil
+  - pkg/types
 - name: github.com/davecgh/go-spew
   version: 5215b55f46b2b919f50a1df0eaa5886afe4e3b3d
   subpackages:
@@ -89,16 +92,25 @@ imports:
   - types/container
   - types/filters
   - types/strslice
+  - types/events
+  - client/transport
+  - client/transport/cancellable
+  - types/network
+  - types/registry
+  - types/time
+  - types/blkiodev
 - name: github.com/docker/go-connections
   version: f549a9393d05688dff0992ef3efd8bbe6c628aeb
   subpackages:
   - nat
+  - sockets
+  - tlsconfig
 - name: github.com/docker/go-units
   version: 5d2041e26a699eaca682e2ea41c8f891e1060444
 - name: github.com/docker/libcompose
   version: e290a513ba909ca3afefd5cd611f3a3fe56f6a3a
 - name: github.com/docker/libkv
-  version: 3732f7ff1b56057c3158f10bceb1e79133025373
+  version: 7283ef27ed32fe267388510a91709b307bb9942c
   subpackages:
   - store
   - store/boltdb
@@ -109,38 +121,26 @@ imports:
   version: 9cbd2a1374f46905c68a4eb3694a130610adc62a
 - name: github.com/donovanhide/eventsource
   version: d8a3071799b98cacd30b6da92f536050ccfe6da4
+- name: github.com/eapache/go-resiliency
+  version: b86b1ec0dd4209a588dc1285cdd471e73525c0b3
+  subpackages:
+  - breaker
+- name: github.com/eapache/queue
+  version: ded5959c0d4e360646dc9e9908cff48666781367
 - name: github.com/elazarl/go-bindata-assetfs
   version: d5cac425555ca5cf00694df246e04f05e6a55150
 - name: github.com/flynn/go-shlex
   version: 3f9db97f856818214da2e1057f8ad84803971cff
-- name: github.com/fsouza/go-dockerclient
-  version: a49c8269a6899cae30da1f8a4b82e0ce945f9967
-  subpackages:
-  - external/github.com/docker/docker/opts
-  - external/github.com/docker/docker/pkg/archive
-  - external/github.com/docker/docker/pkg/fileutils
-  - external/github.com/docker/docker/pkg/homedir
-  - external/github.com/docker/docker/pkg/stdcopy
-  - external/github.com/hashicorp/go-cleanhttp
-  - external/github.com/Sirupsen/logrus
-  - external/github.com/docker/docker/pkg/idtools
-  - external/github.com/docker/docker/pkg/ioutils
-  - external/github.com/docker/docker/pkg/longpath
-  - external/github.com/docker/docker/pkg/pools
-  - external/github.com/docker/docker/pkg/promise
-  - external/github.com/docker/docker/pkg/system
-  - external/github.com/opencontainers/runc/libcontainer/user
-  - external/golang.org/x/sys/unix
-  - external/golang.org/x/net/context
-  - external/github.com/docker/go-units
 - name: github.com/gambol99/go-marathon
   version: ade11d1dc2884ee1f387078fc28509559b6235d1
 - name: github.com/go-check/check
   version: 11d3bc7aa68e238947792f30573146a3231fc0f1
 - name: github.com/golang/glog
   version: fca8c8854093a154ff1eb580aae10276ad6b1b5f
+- name: github.com/golang/snappy
+  version: ec642410cd033af63620b66a91ccbd3c69c2c59a
 - name: github.com/google/go-querystring
-  version: 6bb77fe6f42b85397288d4f6f67ac72f8f400ee7
+  version: 9235644dd9e52eeae6fa48efd539fdc351a0af53
   subpackages:
   - query
 - name: github.com/gorilla/context
@@ -168,6 +168,8 @@ imports:
   - json/token
 - name: github.com/inconshreveable/mousetrap
   version: 76626ae9c91c4f2a10f34cad8ce83ea42c93bb75
+- name: github.com/klauspost/crc32
+  version: 19b0b332c9e4516a6370a0456e6182c3b5036720
 - name: github.com/kr/pretty
   version: add1dbc86daf0f983cd4a48ceb39deb95c729b67
 - name: github.com/kr/text
@@ -182,14 +184,22 @@ imports:
   version: 565402cd71fbd9c12aa7e295324ea357e970a61e
 - name: github.com/mailgun/timetools
   version: fd192d755b00c968d312d23f521eb0cdc6f66bd0
+- name: github.com/mattn/go-shellwords
+  version: 525bedee691b5a8df547cb5cf9f86b7fb1883e24
+- name: github.com/Microsoft/go-winio
+  version: 862b6557927a5c5c81e411c12aa6de7e566cbb7a
 - name: github.com/miekg/dns
-  version: 7e024ce8ce18b21b475ac6baf8fa3c42536bf2fa
+  version: dd83d5cbcfd986f334b2747feeb907e281318fdf
 - name: github.com/mitchellh/mapstructure
   version: d2dd0262208475919e1a362f675cfc0e7c10e905
+- name: github.com/moul/http2curl
+  version: 1812aee76a1ce98d604a44200c6a23c689b17a89
 - name: github.com/opencontainers/runc
   version: 4ab132458fc3e9dbeea624153e0331952dc4c8d5
   subpackages:
   - libcontainer/user
+- name: github.com/parnurzeal/gorequest
+  version: 91b42fce877cc6af96c45818665a4c615cc5f4ee
 - name: github.com/pmezard/go-difflib
   version: d8ed2627bdf02c080bf22230dbb337003b7aba2d
   subpackages:
@@ -198,37 +208,47 @@ imports:
   version: fa6674abf3f4580b946a01bf7a1ce4ba8766205b
   subpackages:
   - zk
+- name: github.com/Shopify/sarama
+  version: 92a286e4dde1688175cff3d2ec9b49a02838b447
 - name: github.com/Sirupsen/logrus
   version: 418b41d23a1bf978c06faea5313ba194650ac088
 - name: github.com/spf13/cast
   version: ee7b3e0353166ab1f3a605294ac8cd2b77953778
 - name: github.com/spf13/cobra
-  version: 2ccf9e982a3e3eb21eba9c9ad8e546529fd74c71
+  version: 4c05eb1145f16d0e6bb4a3e1b6d769f4713cb41f
   subpackages:
   - cobra
 - name: github.com/spf13/jwalterweatherman
   version: 33c24e77fb80341fe7130ee7c594256ff08ccc46
 - name: github.com/spf13/pflag
-  version: 7f60f83a2c81bc3c3c0d5297f61ddfa68da9d3b7
+  version: 1f296710f879815ad9e6d39d947c828c3e4b4c3d
 - name: github.com/spf13/viper
   version: a212099cbe6fbe8d07476bfda8d2d39b6ff8f325
+- name: github.com/streamrail/concurrent-map
+  version: 788b276dc7eabf20890ea3fa280956664d58b329
 - name: github.com/stretchr/objx
   version: cbeaeb16a013161a98496fad62933b1d21786672
 - name: github.com/stretchr/testify
-  version: 6fe211e493929a8aac0469b93f28b1d0688a9a3a
+  version: bcd9e3389dd03b0b668d11f4d462a6af6c2dfd60
   subpackages:
   - mock
   - assert
 - name: github.com/thoas/stats
   version: 54ed61c2b47e263ae2f01b86837b0c4bd1da28e8
+- name: github.com/ugorji/go
+  version: ea9cd21fa0bc41ee4bdd50ac7ed8cbc7ea2ed960
+  subpackages:
+  - codec
 - name: github.com/unrolled/render
   version: 26b4e3aac686940fe29521545afad9966ddfc80c
+- name: github.com/vdemeester/docker-events
+  version: 6ea3f28df37f29a47498bc8b32b36ad8491dbd37
 - name: github.com/vdemeester/libkermit
   version: 7e4e689a6fa9281e0fb9b7b9c297e22d5342a5ec
 - name: github.com/vdemeester/shakers
   version: 24d7f1d6a71aa5d9cbe7390e4afb66b7eef9e1b3
 - name: github.com/vulcand/oxy
-  version: 8aaf36279137ac04ace3792a4f86098631b27d5a
+  version: 11677428db34c4a05354d66d028174d0e3c6e905
   subpackages:
   - memmetrics
   - utils
@@ -245,11 +265,11 @@ imports:
 - name: github.com/wendal/errors
   version: f66c77a7882b399795a8987ebf87ef64a427417e
 - name: github.com/xenolf/lego
-  version: ca19a90028e242e878585941c2a27c8f3b3efc25
+  version: 23e88185c255e95a106835d80e76e5a3a66d7c54
   subpackages:
   - acme
 - name: golang.org/x/crypto
-  version: 9e7f5dc375abeb9619ea3c5c58502c428f457aa2
+  version: d68c3ecb62c850b645dc072a8d78006286bf81ca
   subpackages:
   - ocsp
 - name: golang.org/x/net
@@ -257,6 +277,7 @@ imports:
   subpackages:
   - context
   - publicsuffix
+  - proxy
 - name: golang.org/x/sys
   version: eb2c74142fd19a79b3f237334c7384d5167b1b46
   subpackages:

glide.yaml

@@ -1,175 +1,187 @@
 package: main
 import:
-  - package: github.com/coreos/go-etcd
-    ref:     cc90c7b091275e606ad0ca7102a23fb2072f3f5e
-    subpackages:
-      - etcd
-  - package: github.com/mailgun/log
-    ref:     44874009257d4d47ba9806f1b7f72a32a015e4d8
-  - package: github.com/containous/oxy
-    ref:     0b5b371bce661385d35439204298fa6fb5db5463
-    subpackages:
-      - cbreaker
-      - forward
-      - memmetrics
-      - roundrobin
-      - utils
-  - package: github.com/hashicorp/consul
-    ref:     de080672fee9e6104572eeea89eccdca135bb918
-    subpackages:
-      - api
-  - package: github.com/samuel/go-zookeeper
-    ref:     fa6674abf3f4580b946a01bf7a1ce4ba8766205b
-    subpackages:
-      - zk
-  - package: github.com/docker/libtrust
-    ref:     9cbd2a1374f46905c68a4eb3694a130610adc62a
-  - package: github.com/go-check/check
-    ref:     11d3bc7aa68e238947792f30573146a3231fc0f1
-  - package: golang.org/x/net
-    ref:     d9558e5c97f85372afee28cf2b6059d7d3818919
-    subpackages:
-      - context
-  - package: github.com/gorilla/handlers
-    ref:     40694b40f4a928c062f56849989d3e9cd0570e5f
-  - package: github.com/docker/libkv
-    ref:     3732f7ff1b56057c3158f10bceb1e79133025373
-  - package: github.com/alecthomas/template
-    ref:     b867cc6ab45cece8143cfcc6fc9c77cf3f2c23c0
-  - package: github.com/vdemeester/shakers
-    ref:     24d7f1d6a71aa5d9cbe7390e4afb66b7eef9e1b3
-  - package: github.com/alecthomas/units
-    ref:     6b4e7dc5e3143b85ea77909c72caf89416fc2915
-  - package: github.com/gambol99/go-marathon
-    ref:     ade11d1dc2884ee1f387078fc28509559b6235d1
-  - package: github.com/vulcand/predicate
-    ref:     cb0bff91a7ab7cf7571e661ff883fc997bc554a3
-  - package: github.com/thoas/stats
-    ref:     54ed61c2b47e263ae2f01b86837b0c4bd1da28e8
-  - package: github.com/Sirupsen/logrus
-    ref:     418b41d23a1bf978c06faea5313ba194650ac088
-  - package: github.com/unrolled/render
-    ref:     26b4e3aac686940fe29521545afad9966ddfc80c
-  - package: github.com/flynn/go-shlex
-    ref:     3f9db97f856818214da2e1057f8ad84803971cff
-  - package: github.com/fsouza/go-dockerclient
-    ref:     a49c8269a6899cae30da1f8a4b82e0ce945f9967
-  - package: github.com/boltdb/bolt
-    ref:     51f99c862475898df9773747d3accd05a7ca33c1
-  - package: gopkg.in/mgo.v2
-    ref:     22287bab4379e1fbf6002fb4eb769888f3fb224c
-    subpackages:
-      - bson
-  - package: github.com/docker/docker
-    ref:     f39987afe8d611407887b3094c03d6ba6a766a67
-    subpackages:
-      - autogen
-      - api
-      - cliconfig
-      - daemon/network
-      - graph/tags
-      - image
-      - opts
-      - pkg/archive
-      - pkg/fileutils
-      - pkg/homedir
-      - pkg/httputils
-      - pkg/ioutils
-      - pkg/jsonmessage
-      - pkg/mflag
-      - pkg/nat
-      - pkg/parsers
-      - pkg/pools
-      - pkg/promise
-      - pkg/random
-      - pkg/stdcopy
-      - pkg/stringid
-      - pkg/symlink
-      - pkg/system
-      - pkg/tarsum
-      - pkg/term
-      - pkg/timeutils
-      - pkg/tlsconfig
-      - pkg/ulimit
-      - pkg/units
-      - pkg/urlutil
-      - pkg/useragent
-      - pkg/version
-      - registry
-      - runconfig
-      - utils
-      - volume
-  - package: github.com/mailgun/timetools
-    ref:     fd192d755b00c968d312d23f521eb0cdc6f66bd0
-  - package: github.com/codegangsta/negroni
-    ref:     c7477ad8e330bef55bf1ebe300cf8aa67c492d1b
-  - package: gopkg.in/yaml.v2
-    ref:     7ad95dd0798a40da1ccdff6dff35fd177b5edf40
-  - package: github.com/opencontainers/runc
-    ref:     4ab132458fc3e9dbeea624153e0331952dc4c8d5
-    subpackages:
-      - libcontainer/user
-  - package: github.com/gorilla/mux
-    ref:     f15e0c49460fd49eebe2bcc8486b05d1bef68d3a
-  - package: github.com/BurntSushi/ty
-    ref:     6add9cd6ad42d389d6ead1dde60b4ad71e46fd74
-  - package: github.com/elazarl/go-bindata-assetfs
-    ref:     d5cac425555ca5cf00694df246e04f05e6a55150
-  - package: github.com/BurntSushi/toml
-    ref:     bd2bdf7f18f849530ef7a1c29a4290217cab32a1
-  - package: gopkg.in/alecthomas/kingpin.v2
-    ref:     639879d6110b1b0409410c7b737ef0bb18325038
-  - package: github.com/cenkalti/backoff
-    ref:     4dc77674aceaabba2c7e3da25d4c823edfb73f99
-  - package: gopkg.in/fsnotify.v1
-    ref:     96c060f6a6b7e0d6f75fddd10efeaca3e5d1bcb0
-  - package: github.com/mailgun/manners
-    ref:     fada45142db3f93097ca917da107aa3fad0ffcb5
-  - package: github.com/gorilla/context
-    ref:     215affda49addc4c8ef7e2534915df2c8c35c6cd
-  - package: github.com/codahale/hdrhistogram
-    ref:     954f16e8b9ef0e5d5189456aa4c1202758e04f17
-  - package: github.com/gorilla/websocket
-  - package: github.com/donovanhide/eventsource
-    ref:     d8a3071799b98cacd30b6da92f536050ccfe6da4
-  - package: github.com/golang/glog
-    ref:     fca8c8854093a154ff1eb580aae10276ad6b1b5f
-  - package: github.com/spf13/cast
-    ref: ee7b3e0353166ab1f3a605294ac8cd2b77953778
-  - package: github.com/mitchellh/mapstructure
-  - package: github.com/spf13/jwalterweatherman
-  - package: github.com/spf13/pflag
-  - package: github.com/wendal/errors
-  - package: github.com/hashicorp/hcl
-  - package: github.com/kr/pretty
-  - package: github.com/magiconair/properties
-  - package: github.com/kr/text
-  - package: github.com/spf13/viper
-    ref: a212099cbe6fbe8d07476bfda8d2d39b6ff8f325
-  - package: github.com/spf13/cobra
-    subpackages:
-    - /cobra
-  - package: github.com/google/go-querystring/query
-  - package: github.com/vulcand/vulcand/plugin/rewrite
-  - package: github.com/stretchr/testify/mock
-  - package: github.com/xenolf/lego
-  - package: github.com/vdemeester/libkermit
-    ref: 7e4e689a6fa9281e0fb9b7b9c297e22d5342a5ec
-  - package: github.com/docker/libcompose
-    version: e290a513ba909ca3afefd5cd611f3a3fe56f6a3a
-  - package: github.com/docker/distribution
-    version: ff6f38ccb69afa96214c7ee955359465d1fc767a
-    subpackages:
-    - reference
-  - package: github.com/docker/engine-api
-    subpackages:
-    - client
-    - types
-    - types/container
-    - types/filters
-    - types/strslice
-  - package: github.com/docker/go-connections
-    subpackages:
-    - nat
-  - package: github.com/docker/go-units
-  - package: github.com/mailgun/multibuf
+- package: github.com/coreos/etcd
+  version: 26e52d2bce9e3e11b77b68cc84bf91aebb1ef637
+  subpackages:
+  - client
+- package: github.com/mailgun/log
+  version: 44874009257d4d47ba9806f1b7f72a32a015e4d8
+- package: github.com/containous/oxy
+  version: 021f82bd8260ba15f5862a9fe62018437720dff5
+  subpackages:
+  - cbreaker
+  - forward
+  - memmetrics
+  - roundrobin
+  - utils
+- package: github.com/hashicorp/consul
+  version: de080672fee9e6104572eeea89eccdca135bb918
+  subpackages:
+  - api
+- package: github.com/samuel/go-zookeeper
+  version: fa6674abf3f4580b946a01bf7a1ce4ba8766205b
+  subpackages:
+  - zk
+- package: github.com/docker/libtrust
+  version: 9cbd2a1374f46905c68a4eb3694a130610adc62a
+- package: github.com/go-check/check
+  version: 11d3bc7aa68e238947792f30573146a3231fc0f1
+- package: golang.org/x/net
+  version: d9558e5c97f85372afee28cf2b6059d7d3818919
+  subpackages:
+  - context
+- package: github.com/gorilla/handlers
+  version: 40694b40f4a928c062f56849989d3e9cd0570e5f
+- package: github.com/docker/libkv
+  version: 7283ef27ed32fe267388510a91709b307bb9942c
+- package: github.com/alecthomas/template
+  version: b867cc6ab45cece8143cfcc6fc9c77cf3f2c23c0
+- package: github.com/vdemeester/shakers
+  version: 24d7f1d6a71aa5d9cbe7390e4afb66b7eef9e1b3
+- package: github.com/alecthomas/units
+  version: 6b4e7dc5e3143b85ea77909c72caf89416fc2915
+- package: github.com/gambol99/go-marathon
+  version: ade11d1dc2884ee1f387078fc28509559b6235d1
+- package: github.com/vulcand/predicate
+  version: cb0bff91a7ab7cf7571e661ff883fc997bc554a3
+- package: github.com/thoas/stats
+  version: 54ed61c2b47e263ae2f01b86837b0c4bd1da28e8
+- package: github.com/Sirupsen/logrus
+  version: 418b41d23a1bf978c06faea5313ba194650ac088
+- package: github.com/unrolled/render
+  version: 26b4e3aac686940fe29521545afad9966ddfc80c
+- package: github.com/flynn/go-shlex
+  version: 3f9db97f856818214da2e1057f8ad84803971cff
+- package: github.com/boltdb/bolt
+  version: 51f99c862475898df9773747d3accd05a7ca33c1
+- package: gopkg.in/mgo.v2
+  version: 22287bab4379e1fbf6002fb4eb769888f3fb224c
+  subpackages:
+  - bson
+- package: github.com/docker/docker
+  version: f39987afe8d611407887b3094c03d6ba6a766a67
+  subpackages:
+  - autogen
+  - api
+  - cliconfig
+  - daemon/network
+  - graph/tags
+  - image
+  - opts
+  - pkg/archive
+  - pkg/fileutils
+  - pkg/homedir
+  - pkg/httputils
+  - pkg/ioutils
+  - pkg/jsonmessage
+  - pkg/mflag
+  - pkg/nat
+  - pkg/parsers
+  - pkg/pools
+  - pkg/promise
+  - pkg/random
+  - pkg/stdcopy
+  - pkg/stringid
+  - pkg/symlink
+  - pkg/system
+  - pkg/tarsum
+  - pkg/term
+  - pkg/timeutils
+  - pkg/tlsconfig
+  - pkg/ulimit
+  - pkg/units
+  - pkg/urlutil
+  - pkg/useragent
+  - pkg/version
+  - registry
+  - runconfig
+  - utils
+  - volume
+- package: github.com/mailgun/timetools
+  version: fd192d755b00c968d312d23f521eb0cdc6f66bd0
+- package: github.com/codegangsta/negroni
+  version: c7477ad8e330bef55bf1ebe300cf8aa67c492d1b
+- package: gopkg.in/yaml.v2
+  version: 7ad95dd0798a40da1ccdff6dff35fd177b5edf
+- package: github.com/opencontainers/runc
+  version: 4ab132458fc3e9dbeea624153e0331952dc4c8d5
+  subpackages:
+  - libcontainer/user
+- package: github.com/gorilla/mux
+  version: f15e0c49460fd49eebe2bcc8486b05d1bef68d3a
+- package: github.com/BurntSushi/ty
+  version: 6add9cd6ad42d389d6ead1dde60b4ad71e46fd74
+- package: github.com/elazarl/go-bindata-assetfs
+  version: d5cac425555ca5cf00694df246e04f05e6a55150
+- package: github.com/BurntSushi/toml
+  version: bbd5bb678321a0d6e58f1099321dfa73391c1b6f
+- package: gopkg.in/alecthomas/kingpin.v2
+  version: 639879d6110b1b0409410c7b737ef0bb18325038
+- package: github.com/cenkalti/backoff
+  version: 4dc77674aceaabba2c7e3da25d4c823edfb73f99
+- package: gopkg.in/fsnotify.v1
+  version: 96c060f6a6b7e0d6f75fddd10efeaca3e5d1bcb0
+- package: github.com/mailgun/manners
+  version: fada45142db3f93097ca917da107aa3fad0ffcb5
+- package: github.com/gorilla/context
+  version: 215affda49addc4c8ef7e2534915df2c8c35c6cd
+- package: github.com/codahale/hdrhistogram
+  version: 954f16e8b9ef0e5d5189456aa4c1202758e04f17
+- package: github.com/gorilla/websocket
+- package: github.com/donovanhide/eventsource
+  version: d8a3071799b98cacd30b6da92f536050ccfe6da4
+- package: github.com/golang/glog
+  version: fca8c8854093a154ff1eb580aae10276ad6b1b5f
+- package: github.com/spf13/cast
+  version: ee7b3e0353166ab1f3a605294ac8cd2b77953778
+- package: github.com/mitchellh/mapstructure
+- package: github.com/spf13/jwalterweatherman
+- package: github.com/spf13/pflag
+- package: github.com/wendal/errors
+- package: github.com/hashicorp/hcl
+- package: github.com/kr/pretty
+- package: github.com/magiconair/properties
+- package: github.com/kr/text
+- package: github.com/spf13/viper
+  version: a212099cbe6fbe8d07476bfda8d2d39b6ff8f325
+- package: github.com/spf13/cobra
+  subpackages:
+  - cobra
+- package: github.com/google/go-querystring
+  subpackages:
+  - query
+- package: github.com/vulcand/vulcand
+  subpackages:
+  - plugin/rewrite
+- package: github.com/stretchr/testify
+  subpackages:
+  - mock
+- package: github.com/xenolf/lego
+- package: github.com/vdemeester/libkermit
+  version: 7e4e689a6fa9281e0fb9b7b9c297e22d5342a5ec
+- package: github.com/docker/libcompose
+  version: e290a513ba909ca3afefd5cd611f3a3fe56f6a3a
+- package: github.com/docker/distribution
+  version: ff6f38ccb69afa96214c7ee955359465d1fc767a
+  subpackages:
+  - reference
+- package: github.com/docker/engine-api
+  version: 8924d6900370b4c7e7984be5adc61f50a80d7537
+  subpackages:
+  - client
+  - types
+  - types/container
+  - types/filters
+  - types/strslice
+- package: github.com/vdemeester/docker-events
+- package: github.com/docker/go-connections
+  subpackages:
+  - nat
+  - sockets
+  - tlsconfig
+- package: github.com/docker/go-units
+- package: github.com/mailgun/multibuf
+- package: github.com/streamrail/concurrent-map
+- package: github.com/parnurzeal/gorequest
+- package: github.com/mattn/go-shellwords
+- package: github.com/moul/http2curl

integration/access_log_test.go

@@ -0,0 +1,106 @@
+package main
+
+import (
+	"fmt"
+	"io/ioutil"
+	"net"
+	"net/http"
+	"net/http/httptest"
+	"os"
+	"os/exec"
+	"regexp"
+	"strings"
+	"time"
+
+	"github.com/go-check/check"
+	shellwords "github.com/mattn/go-shellwords"
+
+	checker "github.com/vdemeester/shakers"
+)
+
+// AccessLogSuite
+type AccessLogSuite struct{ BaseSuite }
+
+func (s *AccessLogSuite) TestAccessLog(c *check.C) {
+	// Ensure working directory is clean
+	os.Remove("access.log")
+	os.Remove("traefik.log")
+
+	// Start Traefik
+	cmd := exec.Command(traefikBinary, "--configFile=fixtures/access_log_config.toml")
+	err := cmd.Start()
+	c.Assert(err, checker.IsNil)
+	defer cmd.Process.Kill()
+	defer os.Remove("access.log")
+	defer os.Remove("traefik.log")
+
+	time.Sleep(500 * time.Millisecond)
+
+	// Verify Traefik started OK
+	traefikLog, err := ioutil.ReadFile("traefik.log")
+	c.Assert(err, checker.IsNil)
+	if len(traefikLog) > 0 {
+		fmt.Printf("%s\n", string(traefikLog))
+		c.Assert(len(traefikLog), checker.Equals, 0)
+	}
+
+	// Start test servers
+	ts1 := startAccessLogServer(8081)
+	defer ts1.Close()
+	ts2 := startAccessLogServer(8082)
+	defer ts2.Close()
+	ts3 := startAccessLogServer(8083)
+	defer ts3.Close()
+
+	// Make some requests
+	_, err = http.Get("http://127.0.0.1:8000/test1")
+	c.Assert(err, checker.IsNil)
+	_, err = http.Get("http://127.0.0.1:8000/test2")
+	c.Assert(err, checker.IsNil)
+	_, err = http.Get("http://127.0.0.1:8000/test2")
+	c.Assert(err, checker.IsNil)
+
+	// Verify access.log output as expected
+	accessLog, err := ioutil.ReadFile("access.log")
+	c.Assert(err, checker.IsNil)
+	lines := strings.Split(string(accessLog), "\n")
+	count := 0
+	for i, line := range lines {
+		if len(line) > 0 {
+			count++
+			tokens, err := shellwords.Parse(line)
+			c.Assert(err, checker.IsNil)
+			c.Assert(len(tokens), checker.Equals, 13)
+			c.Assert(tokens[6], checker.Equals, "200")
+			c.Assert(tokens[9], checker.Equals, fmt.Sprintf("%d", i+1))
+			c.Assert(strings.HasPrefix(tokens[10], "frontend"), checker.True)
+			c.Assert(strings.HasPrefix(tokens[11], "http://127.0.0.1:808"), checker.True)
+			c.Assert(regexp.MustCompile("^\\d+\\.\\d+.*s$").MatchString(tokens[12]), checker.True)
+		}
+	}
+	c.Assert(count, checker.Equals, 3)
+
+	// Verify no other Traefik problems
+	traefikLog, err = ioutil.ReadFile("traefik.log")
+	c.Assert(err, checker.IsNil)
+	if len(traefikLog) > 0 {
+		fmt.Printf("%s\n", string(traefikLog))
+		c.Assert(len(traefikLog), checker.Equals, 0)
+	}
+}
+
+func startAccessLogServer(port int) (ts *httptest.Server) {
+	handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		fmt.Fprintf(w, "Received query %s!\n", r.URL.Path[1:])
+	})
+	if listener, err := net.Listen("tcp", fmt.Sprintf("127.0.0.1:%d", port)); err != nil {
+		panic(err)
+	} else {
+		ts = &httptest.Server{
+			Listener: listener,
+			Config:   &http.Server{Handler: handler},
+		}
+		ts.Start()
+	}
+	return
+}

integration/basic_test.go

@@ -8,6 +8,7 @@ import (
 	"fmt"
 	"github.com/go-check/check"
 
+	"bytes"
 	checker "github.com/vdemeester/shakers"
 )
 
@@ -16,25 +17,45 @@ type SimpleSuite struct{ BaseSuite }
 
 func (s *SimpleSuite) TestNoOrInexistentConfigShouldFail(c *check.C) {
 	cmd := exec.Command(traefikBinary)
-	output, err := cmd.CombinedOutput()
 
-	c.Assert(err, checker.NotNil)
-	c.Assert(string(output), checker.Contains, "Error reading file: open : no such file or directory")
+	var b bytes.Buffer
+	cmd.Stdout = &b
+	cmd.Stderr = &b
+
+	cmd.Start()
+	time.Sleep(500 * time.Millisecond)
+	output := b.Bytes()
+
+	c.Assert(string(output), checker.Contains, "No configuration file found")
+	cmd.Process.Kill()
 
 	nonExistentFile := "non/existent/file.toml"
 	cmd = exec.Command(traefikBinary, "--configFile="+nonExistentFile)
-	output, err = cmd.CombinedOutput()
 
-	c.Assert(err, checker.NotNil)
-	c.Assert(string(output), checker.Contains, fmt.Sprintf("Error reading file: open %s: no such file or directory", nonExistentFile))
+	cmd.Stdout = &b
+	cmd.Stderr = &b
+
+	cmd.Start()
+	time.Sleep(500 * time.Millisecond)
+	output = b.Bytes()
+
+	c.Assert(string(output), checker.Contains, fmt.Sprintf("Error reading configuration file: open %s: no such file or directory", nonExistentFile))
+	cmd.Process.Kill()
 }
 
 func (s *SimpleSuite) TestInvalidConfigShouldFail(c *check.C) {
 	cmd := exec.Command(traefikBinary, "--configFile=fixtures/invalid_configuration.toml")
-	output, err := cmd.CombinedOutput()
 
-	c.Assert(err, checker.NotNil)
-	c.Assert(string(output), checker.Contains, "Error reading file: While parsing config: Near line 1")
+	var b bytes.Buffer
+	cmd.Stdout = &b
+	cmd.Stderr = &b
+
+	cmd.Start()
+	time.Sleep(500 * time.Millisecond)
+	defer cmd.Process.Kill()
+	output := b.Bytes()
+
+	c.Assert(string(output), checker.Contains, "While parsing config: Near line 0 (last key parsed ''): Bare keys cannot contain '{'")
 }
 
 func (s *SimpleSuite) TestSimpleDefaultConfig(c *check.C) {

integration/consul_catalog_test.go

@@ -39,7 +39,7 @@ func (s *ConsulCatalogSuite) SetUpSuite(c *check.C) {
 	time.Sleep(2000 * time.Millisecond)
 }
 
-func (s *ConsulCatalogSuite) registerService(name string, address string, port int) error {
+func (s *ConsulCatalogSuite) registerService(name string, address string, port int, tags []string) error {
 	catalog := s.consulClient.Catalog()
 	_, err := catalog.Register(
 		&api.CatalogRegistration{
@@ -50,6 +50,7 @@ func (s *ConsulCatalogSuite) registerService(name string, address string, port i
 				Service: name,
 				Address: address,
 				Port:    port,
+				Tags:    tags,
 			},
 		},
 		&api.WriteOptions{},
@@ -93,7 +94,7 @@ func (s *ConsulCatalogSuite) TestSingleService(c *check.C) {
 
 	nginx := s.composeProject.Container(c, "nginx")
 
-	err = s.registerService("test", nginx.NetworkSettings.IPAddress, 80)
+	err = s.registerService("test", nginx.NetworkSettings.IPAddress, 80, []string{})
 	c.Assert(err, checker.IsNil, check.Commentf("Error registering service"))
 	defer s.deregisterService("test", nginx.NetworkSettings.IPAddress)
 

integration/fixtures/access_log_config.toml

@@ -0,0 +1,46 @@
+################################################################
+# Global configuration
+################################################################
+traefikLogsFile = "traefik.log"
+accessLogsFile = "access.log"
+logLevel = "ERROR"
+defaultEntryPoints = ["http"]
+[entryPoints]
+  [entryPoints.http]
+  address = ":8000"
+
+################################################################
+# Web configuration backend
+################################################################
+[web]
+address = ":7888"
+
+################################################################
+# File configuration backend
+################################################################
+[file]
+
+################################################################
+# rules
+################################################################
+ [backends]
+   [backends.backend1]
+     [backends.backend1.servers.server1]
+       url = "http://127.0.0.1:8081"
+   [backends.backend2]
+     [backends.backend2.LoadBalancer]
+       method = "drr"
+     [backends.backend2.servers.server1]
+       url = "http://127.0.0.1:8082"
+     [backends.backend2.servers.server2]
+       url = "http://127.0.0.1:8083"
+  [frontends]
+   [frontends.frontend1]
+   backend = "backend1"
+     [frontends.frontend1.routes.test_1]
+     rule = "Path: /test1"
+   [frontends.frontend2]
+   backend = "backend2"
+   passHostHeader = true
+     [frontends.frontend2.routes.test_2]
+     rule = "Path: /test2"

integration/integration_test.go

@@ -23,6 +23,7 @@ func Test(t *testing.T) {
 
 func init() {
 	check.Suite(&SimpleSuite{})
+	check.Suite(&AccessLogSuite{})
 	check.Suite(&HTTPSSuite{})
 	check.Suite(&FileSuite{})
 	check.Suite(&DockerSuite{})

middlewares/handlerSwitcher.go

@@ -1,40 +1,35 @@
 package middlewares
 
 import (
+	"github.com/containous/traefik/safe"
 	"github.com/gorilla/mux"
 	"net/http"
-	"sync"
 )
 
 // HandlerSwitcher allows hot switching of http.ServeMux
 type HandlerSwitcher struct {
-	handler     *mux.Router
-	handlerLock *sync.Mutex
+	handler *safe.Safe
 }
 
 // NewHandlerSwitcher builds a new instance of HandlerSwitcher
 func NewHandlerSwitcher(newHandler *mux.Router) (hs *HandlerSwitcher) {
 	return &HandlerSwitcher{
-		handler:     newHandler,
-		handlerLock: &sync.Mutex{},
+		handler: safe.New(newHandler),
 	}
 }
 
 func (hs *HandlerSwitcher) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
-	hs.handlerLock.Lock()
-	handlerBackup := hs.handler
-	hs.handlerLock.Unlock()
+	handlerBackup := hs.handler.Get().(*mux.Router)
 	handlerBackup.ServeHTTP(rw, r)
 }
 
 // GetHandler returns the current http.ServeMux
 func (hs *HandlerSwitcher) GetHandler() (newHandler *mux.Router) {
-	return hs.handler
+	handler := hs.handler.Get().(*mux.Router)
+	return handler
 }
 
 // UpdateHandler safely updates the current http.ServeMux with a new one
 func (hs *HandlerSwitcher) UpdateHandler(newHandler *mux.Router) {
-	hs.handlerLock.Lock()
-	hs.handler = newHandler
-	defer hs.handlerLock.Unlock()
+	hs.handler.Set(newHandler)
 }

middlewares/logger.go

@@ -1,18 +1,54 @@
 package middlewares
 
 import (
-	"log"
+	"fmt"
+	log "github.com/Sirupsen/logrus"
+	"github.com/streamrail/concurrent-map"
+	"io"
+	"net"
 	"net/http"
 	"os"
-
-	"github.com/gorilla/handlers"
+	"strconv"
+	"strings"
+	"sync/atomic"
+	"time"
 )
 
-// Logger is a middleware handler that logs the request as it goes in and the response as it goes out.
+const (
+	loggerReqidHeader = "X-Traefik-Reqid"
+)
+
+/*
+Logger writes each request and its response to the access log.
+It gets some information from the logInfoResponseWriter set up by previous middleware.
+*/
 type Logger struct {
 	file *os.File
 }
 
+// Logging handler to log frontend name, backend name, and elapsed time
+type frontendBackendLoggingHandler struct {
+	reqid       string
+	writer      io.Writer
+	handlerFunc http.HandlerFunc
+}
+
+var (
+	reqidCounter        uint64       // Request ID
+	infoRwMap           = cmap.New() // Map of reqid to response writer
+	backend2FrontendMap *map[string]string
+)
+
+// logInfoResponseWriter is a wrapper of type http.ResponseWriter
+// that tracks frontend and backend names and request status and size
+type logInfoResponseWriter struct {
+	rw       http.ResponseWriter
+	backend  string
+	frontend string
+	status   int
+	size     int
+}
+
 // NewLogger returns a new Logger instance.
 func NewLogger(file string) *Logger {
 	if len(file) > 0 {
@@ -25,15 +61,132 @@ func NewLogger(file string) *Logger {
 	return &Logger{nil}
 }
 
+// SetBackend2FrontendMap is called by server.go to set up frontend translation
+func SetBackend2FrontendMap(newMap *map[string]string) {
+	backend2FrontendMap = newMap
+}
+
 func (l *Logger) ServeHTTP(rw http.ResponseWriter, r *http.Request, next http.HandlerFunc) {
 	if l.file == nil {
 		next(rw, r)
 	} else {
-		handlers.CombinedLoggingHandler(l.file, next).ServeHTTP(rw, r)
+		reqid := strconv.FormatUint(atomic.AddUint64(&reqidCounter, 1), 10)
+		r.Header[loggerReqidHeader] = []string{reqid}
+		defer deleteReqid(r, reqid)
+		frontendBackendLoggingHandler{reqid, l.file, next}.ServeHTTP(rw, r)
 	}
 }
 
-// Close closes the logger (i.e. the file).
-func (l *Logger) Close() {
-	l.file.Close()
+// Delete a reqid from the map and the request's headers
+func deleteReqid(r *http.Request, reqid string) {
+	infoRwMap.Remove(reqid)
+	delete(r.Header, loggerReqidHeader)
+}
+
+// Save the backend name for the Logger
+func saveBackendNameForLogger(r *http.Request, backendName string) {
+	if reqidHdr := r.Header[loggerReqidHeader]; len(reqidHdr) == 1 {
+		reqid := reqidHdr[0]
+		if infoRw, ok := infoRwMap.Get(reqid); ok {
+			infoRw.(*logInfoResponseWriter).SetBackend(backendName)
+			infoRw.(*logInfoResponseWriter).SetFrontend((*backend2FrontendMap)[backendName])
+		}
+	}
+}
+
+// Close closes the Logger (i.e. the file).
+func (l *Logger) Close() {
+	if l.file != nil {
+		l.file.Close()
+	}
+}
+
+// Logging handler to log frontend name, backend name, and elapsed time
+func (fblh frontendBackendLoggingHandler) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
+	startTime := time.Now()
+	infoRw := &logInfoResponseWriter{rw: rw}
+	infoRwMap.Set(fblh.reqid, infoRw)
+	fblh.handlerFunc(infoRw, req)
+
+	username := "-"
+	url := *req.URL
+	if url.User != nil {
+		if name := url.User.Username(); name != "" {
+			username = name
+		}
+	}
+
+	host, _, err := net.SplitHostPort(req.RemoteAddr)
+	if err != nil {
+		host = req.RemoteAddr
+	}
+
+	ts := startTime.Format("02/Jan/2006:15:04:05 -0700")
+	method := req.Method
+	uri := url.RequestURI()
+	if qmIndex := strings.Index(uri, "?"); qmIndex > 0 {
+		uri = uri[0:qmIndex]
+	}
+	proto := req.Proto
+	referer := req.Referer()
+	agent := req.UserAgent()
+
+	frontend := strings.TrimPrefix(infoRw.GetFrontend(), "frontend-")
+	backend := infoRw.GetBackend()
+	status := infoRw.GetStatus()
+	size := infoRw.GetSize()
+
+	elapsed := time.Now().UTC().Sub(startTime.UTC())
+	fmt.Fprintf(fblh.writer, `%s - %s [%s] "%s %s %s" %d %d "%s" "%s" %s "%s" "%s" %s%s`,
+		host, username, ts, method, uri, proto, status, size, referer, agent, fblh.reqid, frontend, backend, elapsed, "\n")
+
+}
+
+func (lirw *logInfoResponseWriter) Header() http.Header {
+	return lirw.rw.Header()
+}
+
+func (lirw *logInfoResponseWriter) Write(b []byte) (int, error) {
+	if lirw.status == 0 {
+		lirw.status = http.StatusOK
+	}
+	size, err := lirw.rw.Write(b)
+	lirw.size += size
+	return size, err
+}
+
+func (lirw *logInfoResponseWriter) WriteHeader(s int) {
+	lirw.rw.WriteHeader(s)
+	lirw.status = s
+}
+
+func (lirw *logInfoResponseWriter) Flush() {
+	f, ok := lirw.rw.(http.Flusher)
+	if ok {
+		f.Flush()
+	}
+}
+
+func (lirw *logInfoResponseWriter) GetStatus() int {
+	return lirw.status
+}
+
+func (lirw *logInfoResponseWriter) GetSize() int {
+	return lirw.size
+}
+
+func (lirw *logInfoResponseWriter) GetBackend() string {
+	return lirw.backend
+}
+
+func (lirw *logInfoResponseWriter) GetFrontend() string {
+	return lirw.frontend
+}
+
+func (lirw *logInfoResponseWriter) SetBackend(backend string) {
+	lirw.backend = backend
+}
+
+func (lirw *logInfoResponseWriter) SetFrontend(frontend string) {
+	lirw.frontend = frontend
 }

middlewares/logger_test.go

@@ -0,0 +1,116 @@
+package middlewares
+
+import (
+	"fmt"
+	shellwords "github.com/mattn/go-shellwords"
+	"github.com/stretchr/testify/assert"
+	"io/ioutil"
+	"net/http"
+	"net/url"
+	"os"
+	"path/filepath"
+	"runtime"
+	"testing"
+)
+
+type logtestResponseWriter struct{}
+
+var (
+	logger                  *Logger
+	logfileName             = "traefikTestLogger.log"
+	logfilePath             string
+	helloWorld              = "Hello, World"
+	testBackendName         = "http://127.0.0.1/testBackend"
+	testFrontendName        = "testFrontend"
+	testStatus              = 123
+	testHostname            = "TestHost"
+	testUsername            = "TestUser"
+	testPath                = "http://testpath"
+	testPort                = 8181
+	testProto               = "HTTP/0.0"
+	testMethod              = "POST"
+	testReferer             = "testReferer"
+	testUserAgent           = "testUserAgent"
+	testBackend2FrontendMap = map[string]string{
+		testBackendName: testFrontendName,
+	}
+	printedLogdata bool
+)
+
+func TestLogger(t *testing.T) {
+	if runtime.GOOS == "windows" {
+		logfilePath = filepath.Join(os.Getenv("TEMP"), logfileName)
+	} else {
+		logfilePath = filepath.Join("/tmp", logfileName)
+	}
+
+	logger = NewLogger(logfilePath)
+	defer cleanup()
+	SetBackend2FrontendMap(&testBackend2FrontendMap)
+
+	r := &http.Request{
+		Header: map[string][]string{
+			"User-Agent": {testUserAgent},
+			"Referer":    {testReferer},
+		},
+		Proto:      testProto,
+		Host:       testHostname,
+		Method:     testMethod,
+		RemoteAddr: fmt.Sprintf("%s:%d", testHostname, testPort),
+		URL: &url.URL{
+			User: url.UserPassword(testUsername, ""),
+			Path: testPath,
+		},
+	}
+
+	logger.ServeHTTP(&logtestResponseWriter{}, r, LogWriterTestHandlerFunc)
+
+	if logdata, err := ioutil.ReadFile(logfilePath); err != nil {
+		fmt.Printf("%s\n%s\n", string(logdata), err.Error())
+		assert.Nil(t, err)
+	} else if tokens, err := shellwords.Parse(string(logdata)); err != nil {
+		fmt.Printf("%s\n", err.Error())
+		assert.Nil(t, err)
+	} else if assert.Equal(t, 14, len(tokens), printLogdata(logdata)) {
+		assert.Equal(t, testHostname, tokens[0], printLogdata(logdata))
+		assert.Equal(t, testUsername, tokens[2], printLogdata(logdata))
+		assert.Equal(t, fmt.Sprintf("%s %s %s", testMethod, testPath, testProto), tokens[5], printLogdata(logdata))
+		assert.Equal(t, fmt.Sprintf("%d", testStatus), tokens[6], printLogdata(logdata))
+		assert.Equal(t, fmt.Sprintf("%d", len(helloWorld)), tokens[7], printLogdata(logdata))
+		assert.Equal(t, testReferer, tokens[8], printLogdata(logdata))
+		assert.Equal(t, testUserAgent, tokens[9], printLogdata(logdata))
+		assert.Equal(t, "1", tokens[10], printLogdata(logdata))
+		assert.Equal(t, testFrontendName, tokens[11], printLogdata(logdata))
+		assert.Equal(t, testBackendName, tokens[12], printLogdata(logdata))
+	}
+}
+
+func cleanup() {
+	logger.Close()
+	os.Remove(logfilePath)
+}
+
+func printLogdata(logdata []byte) string {
+	return fmt.Sprintf(
+		"\nExpected: %s\n"+
+			"Actual:   %s",
+		"TestHost - TestUser [13/Apr/2016:07:14:19 -0700] \"POST http://testpath HTTP/0.0\" 123 12 \"testReferer\" \"testUserAgent\" 1 \"testFrontend\" \"http://127.0.0.1/testBackend\" 1ms",
+		string(logdata))
+}
+
+func LogWriterTestHandlerFunc(rw http.ResponseWriter, r *http.Request) {
+	rw.Write([]byte(helloWorld))
+	rw.WriteHeader(testStatus)
+	saveBackendNameForLogger(r, testBackendName)
+}
+
+func (lrw *logtestResponseWriter) Header() http.Header {
+	return map[string][]string{}
+}
+
+func (lrw *logtestResponseWriter) Write(b []byte) (int, error) {
+	return len(b), nil
+}
+
+func (lrw *logtestResponseWriter) WriteHeader(s int) {
+}

middlewares/saveBackend.go

@@ -0,0 +1,20 @@
+package middlewares
+
+import (
+	"net/http"
+)
+
+// SaveBackend sends the backend name to the logger.
+type SaveBackend struct {
+	next http.Handler
+}
+
+// NewSaveBackend creates a SaveBackend
+func NewSaveBackend(next http.Handler) *SaveBackend {
+	return &SaveBackend{next}
+}
+
+func (sb *SaveBackend) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
+	saveBackendNameForLogger(r, (*r.URL).String())
+	sb.next.ServeHTTP(rw, r)
+}

mkdocs.yml

@@ -46,4 +46,7 @@ pages:
   - Getting Started: index.md
   - Basics: basics.md
   - traefik.toml: toml.md
+  - User Guide:
+      - 'Configuration examples': 'user-guide/examples.md'
+      - 'Swarm cluster': 'user-guide/swarm.md'
   - Benchmarks: benchmarks.md

provider/boltdb.go

@@ -1,6 +1,7 @@
 package provider
 
 import (
+	"github.com/containous/traefik/safe"
 	"github.com/containous/traefik/types"
 	"github.com/docker/libkv/store"
 	"github.com/docker/libkv/store/boltdb"
@@ -13,8 +14,8 @@ type BoltDb struct {
 
 // Provide allows the provider to provide configurations to traefik
 // using the given configuration channel.
-func (provider *BoltDb) Provide(configurationChan chan<- types.ConfigMessage) error {
+func (provider *BoltDb) Provide(configurationChan chan<- types.ConfigMessage, pool *safe.Pool) error {
 	provider.storeType = store.BOLTDB
 	boltdb.Register()
-	return provider.provide(configurationChan)
+	return provider.provide(configurationChan, pool)
 }

provider/consul.go

@@ -1,6 +1,7 @@
 package provider
 
 import (
+	"github.com/containous/traefik/safe"
 	"github.com/containous/traefik/types"
 	"github.com/docker/libkv/store"
 	"github.com/docker/libkv/store/consul"
@@ -13,8 +14,8 @@ type Consul struct {
 
 // Provide allows the provider to provide configurations to traefik
 // using the given configuration channel.
-func (provider *Consul) Provide(configurationChan chan<- types.ConfigMessage) error {
+func (provider *Consul) Provide(configurationChan chan<- types.ConfigMessage, pool *safe.Pool) error {
 	provider.storeType = store.CONSUL
 	consul.Register()
-	return provider.provide(configurationChan)
+	return provider.provide(configurationChan, pool)
 }

provider/consul_catalog.go

@@ -2,6 +2,7 @@ package provider
 
 import (
 	"errors"
+	"strconv"
 	"strings"
 	"text/template"
 	"time"
@@ -16,6 +17,8 @@ import (
 const (
 	// DefaultWatchWaitTime is the duration to wait when polling consul
 	DefaultWatchWaitTime = 15 * time.Second
+	// DefaultConsulCatalogTagPrefix is a prefix for additional service/node configurations
+	DefaultConsulCatalogTagPrefix = "traefik"
 )
 
 // ConsulCatalog holds configurations of the Consul catalog provider.
@@ -24,10 +27,16 @@ type ConsulCatalog struct {
 	Endpoint     string
 	Domain       string
 	client       *api.Client
+	Prefix       string
+}
+
+type serviceUpdate struct {
+	ServiceName string
+	Attributes  []string
 }
 
 type catalogUpdate struct {
-	Service string
+	Service *serviceUpdate
 	Nodes   []*api.ServiceEntry
 }
 
@@ -79,41 +88,102 @@ func (provider *ConsulCatalog) healthyNodes(service string) (catalogUpdate, erro
 		return catalogUpdate{}, err
 	}
 
+	set := map[string]bool{}
+	tags := []string{}
+	for _, node := range data {
+		for _, tag := range node.Service.Tags {
+			if _, ok := set[tag]; ok == false {
+				set[tag] = true
+				tags = append(tags, tag)
+			}
+		}
+	}
+
 	return catalogUpdate{
-		Service: service,
-		Nodes:   data,
+		Service: &serviceUpdate{
+			ServiceName: service,
+			Attributes:  tags,
+		},
+		Nodes: data,
 	}, nil
 }
 
+func (provider *ConsulCatalog) getEntryPoints(list string) []string {
+	return strings.Split(list, ",")
+}
+
 func (provider *ConsulCatalog) getBackend(node *api.ServiceEntry) string {
 	return strings.ToLower(node.Service.Service)
 }
 
-func (provider *ConsulCatalog) getFrontendValue(service string) string {
-	return "Host:" + service + "." + provider.Domain
+func (provider *ConsulCatalog) getFrontendRule(service serviceUpdate) string {
+	customFrontendRule := provider.getAttribute("frontend.rule", service.Attributes, "")
+	if customFrontendRule != "" {
+		return customFrontendRule
+	}
+	return "Host:" + service.ServiceName + "." + provider.Domain
+}
+
+func (provider *ConsulCatalog) getBackendAddress(node *api.ServiceEntry) string {
+	if node.Service.Address != "" {
+		return node.Service.Address
+	}
+	return node.Node.Address
+}
+
+func (provider *ConsulCatalog) getBackendName(node *api.ServiceEntry, index int) string {
+	serviceName := node.Service.Service + "--" + node.Service.Address + "--" + strconv.Itoa(node.Service.Port)
+	if len(node.Service.Tags) > 0 {
+		serviceName += "--" + strings.Join(node.Service.Tags, "--")
+	}
+	serviceName = strings.Replace(serviceName, ".", "-", -1)
+	serviceName = strings.Replace(serviceName, "=", "-", -1)
+
+	// unique int at the end
+	serviceName += "--" + strconv.Itoa(index)
+	return serviceName
+}
+
+func (provider *ConsulCatalog) getAttribute(name string, tags []string, defaultValue string) string {
+	for _, tag := range tags {
+		if strings.Index(strings.ToLower(tag), DefaultConsulCatalogTagPrefix+".") == 0 {
+			if kv := strings.SplitN(tag[len(DefaultConsulCatalogTagPrefix+"."):], "=", 2); len(kv) == 2 && strings.ToLower(kv[0]) == strings.ToLower(name) {
+				return kv[1]
+			}
+		}
+	}
+	return defaultValue
 }
 
 func (provider *ConsulCatalog) buildConfig(catalog []catalogUpdate) *types.Configuration {
 	var FuncMap = template.FuncMap{
-		"getBackend":       provider.getBackend,
-		"getFrontendValue": provider.getFrontendValue,
-		"replace":          replace,
+		"getBackend":        provider.getBackend,
+		"getFrontendRule":   provider.getFrontendRule,
+		"getBackendName":    provider.getBackendName,
+		"getBackendAddress": provider.getBackendAddress,
+		"getAttribute":      provider.getAttribute,
+		"getEntryPoints":    provider.getEntryPoints,
 	}
 
 	allNodes := []*api.ServiceEntry{}
-	serviceNames := []string{}
+	services := []*serviceUpdate{}
 	for _, info := range catalog {
-		if len(info.Nodes) > 0 {
-			serviceNames = append(serviceNames, info.Service)
-			allNodes = append(allNodes, info.Nodes...)
+		for _, node := range info.Nodes {
+			isEnabled := provider.getAttribute("enable", node.Service.Tags, "true")
+			if isEnabled != "false" && len(info.Nodes) > 0 {
+				services = append(services, info.Service)
+				allNodes = append(allNodes, info.Nodes...)
+				break
+			}
+
 		}
 	}
 
 	templateObjects := struct {
-		Services []string
+		Services []*serviceUpdate
 		Nodes    []*api.ServiceEntry
 	}{
-		Services: serviceNames,
+		Services: services,
 		Nodes:    allNodes,
 	}
 
@@ -146,7 +216,7 @@ func (provider *ConsulCatalog) getNodes(index map[string][]string) ([]catalogUpd
 	return nodes, nil
 }
 
-func (provider *ConsulCatalog) watch(configurationChan chan<- types.ConfigMessage) error {
+func (provider *ConsulCatalog) watch(configurationChan chan<- types.ConfigMessage, stop chan bool) error {
 	stopCh := make(chan struct{})
 	serviceCatalog := provider.watchServices(stopCh)
 
@@ -154,6 +224,8 @@ func (provider *ConsulCatalog) watch(configurationChan chan<- types.ConfigMessag
 
 	for {
 		select {
+		case <-stop:
+			return nil
 		case index, ok := <-serviceCatalog:
 			if !ok {
 				return errors.New("Consul service list nil")
@@ -174,7 +246,7 @@ func (provider *ConsulCatalog) watch(configurationChan chan<- types.ConfigMessag
 
 // Provide allows the provider to provide configurations to traefik
 // using the given configuration channel.
-func (provider *ConsulCatalog) Provide(configurationChan chan<- types.ConfigMessage) error {
+func (provider *ConsulCatalog) Provide(configurationChan chan<- types.ConfigMessage, pool *safe.Pool) error {
 	config := api.DefaultConfig()
 	config.Address = provider.Endpoint
 	client, err := api.NewClient(config)
@@ -183,12 +255,12 @@ func (provider *ConsulCatalog) Provide(configurationChan chan<- types.ConfigMess
 	}
 	provider.client = client
 
-	safe.Go(func() {
+	pool.Go(func(stop chan bool) {
 		notify := func(err error, time time.Duration) {
 			log.Errorf("Consul connection error %+v, retrying in %s", err, time)
 		}
 		worker := func() error {
-			return provider.watch(configurationChan)
+			return provider.watch(configurationChan, stop)
 		}
 		err := backoff.RetryNotify(worker, backoff.NewExponentialBackOff(), notify)
 		if err != nil {

provider/consul_catalog_test.go

@@ -14,17 +14,150 @@ func TestConsulCatalogGetFrontendRule(t *testing.T) {
 	}
 
 	services := []struct {
-		service  string
+		service  serviceUpdate
 		expected string
 	}{
 		{
-			service:  "foo",
+			service: serviceUpdate{
+				ServiceName: "foo",
+				Attributes:  []string{},
+			},
 			expected: "Host:foo.localhost",
 		},
+		{
+			service: serviceUpdate{
+				ServiceName: "foo",
+				Attributes: []string{
+					"traefik.frontend.rule=Host:*.example.com",
+				},
+			},
+			expected: "Host:*.example.com",
+		},
 	}
 
 	for _, e := range services {
-		actual := provider.getFrontendValue(e.service)
+		actual := provider.getFrontendRule(e.service)
+		if actual != e.expected {
+			t.Fatalf("expected %q, got %q", e.expected, actual)
+		}
+	}
+}
+
+func TestConsulCatalogGetAttribute(t *testing.T) {
+	provider := &ConsulCatalog{
+		Domain: "localhost",
+	}
+
+	services := []struct {
+		tags         []string
+		key          string
+		defaultValue string
+		expected     string
+	}{
+		{
+			tags: []string{
+				"foo.bar=ramdom",
+				"traefik.backend.weight=42",
+			},
+			key:          "backend.weight",
+			defaultValue: "",
+			expected:     "42",
+		},
+		{
+			tags: []string{
+				"foo.bar=ramdom",
+				"traefik.backend.wei=42",
+			},
+			key:          "backend.weight",
+			defaultValue: "",
+			expected:     "",
+		},
+	}
+
+	for _, e := range services {
+		actual := provider.getAttribute(e.key, e.tags, e.defaultValue)
+		if actual != e.expected {
+			t.Fatalf("expected %q, got %q", e.expected, actual)
+		}
+	}
+}
+
+func TestConsulCatalogGetBackendAddress(t *testing.T) {
+	provider := &ConsulCatalog{
+		Domain: "localhost",
+	}
+
+	services := []struct {
+		node     *api.ServiceEntry
+		expected string
+	}{
+		{
+			node: &api.ServiceEntry{
+				Node: &api.Node{
+					Address: "10.1.0.1",
+				},
+				Service: &api.AgentService{
+					Address: "10.2.0.1",
+				},
+			},
+			expected: "10.2.0.1",
+		},
+		{
+			node: &api.ServiceEntry{
+				Node: &api.Node{
+					Address: "10.1.0.1",
+				},
+				Service: &api.AgentService{
+					Address: "",
+				},
+			},
+			expected: "10.1.0.1",
+		},
+	}
+
+	for _, e := range services {
+		actual := provider.getBackendAddress(e.node)
+		if actual != e.expected {
+			t.Fatalf("expected %q, got %q", e.expected, actual)
+		}
+	}
+}
+
+func TestConsulCatalogGetBackendName(t *testing.T) {
+	provider := &ConsulCatalog{
+		Domain: "localhost",
+	}
+
+	services := []struct {
+		node     *api.ServiceEntry
+		expected string
+	}{
+		{
+			node: &api.ServiceEntry{
+				Service: &api.AgentService{
+					Service: "api",
+					Address: "10.0.0.1",
+					Port:    80,
+					Tags:    []string{},
+				},
+			},
+			expected: "api--10-0-0-1--80--0",
+		},
+		{
+			node: &api.ServiceEntry{
+				Service: &api.AgentService{
+					Service: "api",
+					Address: "10.0.0.1",
+					Port:    80,
+					Tags:    []string{"traefik.weight=42", "traefik.enable=true"},
+				},
+			},
+			expected: "api--10-0-0-1--80--traefik-weight-42--traefik-enable-true--1",
+		},
+	}
+
+	for i, e := range services {
+		actual := provider.getBackendName(e.node, i)
 		if actual != e.expected {
 			t.Fatalf("expected %q, got %q", e.expected, actual)
 		}
@@ -49,7 +182,10 @@ func TestConsulCatalogBuildConfig(t *testing.T) {
 		{
 			nodes: []catalogUpdate{
 				{
-					Service: "test",
+					Service: &serviceUpdate{
+						ServiceName: "test",
+						Attributes:  []string{},
+					},
 				},
 			},
 			expectedFrontends: map[string]*types.Frontend{},
@@ -58,12 +194,26 @@ func TestConsulCatalogBuildConfig(t *testing.T) {
 		{
 			nodes: []catalogUpdate{
 				{
-					Service: "test",
+					Service: &serviceUpdate{
+						ServiceName: "test",
+						Attributes: []string{
+							"traefik.backend.loadbalancer=drr",
+							"traefik.backend.circuitbreaker=NetworkErrorRatio() > 0.5",
+							"random.foo=bar",
+						},
+					},
 					Nodes: []*api.ServiceEntry{
 						{
 							Service: &api.AgentService{
 								Service: "test",
+								Address: "127.0.0.1",
 								Port:    80,
+								Tags: []string{
+									"traefik.backend.weight=42",
+									"random.foo=bar",
+									"traefik.backend.passHostHeader=true",
+									"traefik.protocol=https",
+								},
 							},
 							Node: &api.Node{
 								Node:    "localhost",
@@ -86,12 +236,17 @@ func TestConsulCatalogBuildConfig(t *testing.T) {
 			expectedBackends: map[string]*types.Backend{
 				"backend-test": {
 					Servers: map[string]types.Server{
-						"server-localhost-80": {
-							URL: "http://127.0.0.1:80",
+						"test--127-0-0-1--80--traefik-backend-weight-42--random-foo-bar--traefik-backend-passHostHeader-true--traefik-protocol-https--0": {
+							URL:    "https://127.0.0.1:80",
+							Weight: 42,
 						},
 					},
-					CircuitBreaker: nil,
-					LoadBalancer:   nil,
+					CircuitBreaker: &types.CircuitBreaker{
+						Expression: "NetworkErrorRatio() > 0.5",
+					},
+					LoadBalancer: &types.LoadBalancer{
+						Method: "drr",
+					},
 				},
 			},
 		},

provider/docker.go

@@ -2,19 +2,31 @@ package provider
 
 import (
 	"errors"
+	"net/http"
 	"strconv"
 	"strings"
 	"text/template"
 	"time"
 
+	"golang.org/x/net/context"
+
 	"github.com/BurntSushi/ty/fun"
 	log "github.com/Sirupsen/logrus"
 	"github.com/cenkalti/backoff"
 	"github.com/containous/traefik/safe"
 	"github.com/containous/traefik/types"
-	"github.com/fsouza/go-dockerclient"
+	"github.com/docker/engine-api/client"
+	dockertypes "github.com/docker/engine-api/types"
+	eventtypes "github.com/docker/engine-api/types/events"
+	"github.com/docker/engine-api/types/filters"
+	"github.com/docker/go-connections/sockets"
+	"github.com/docker/go-connections/tlsconfig"
+	"github.com/vdemeester/docker-events"
 )
 
+// DockerAPIVersion is a constant holding the version of the Docker API traefik will use
+const DockerAPIVersion string = "1.21"
+
 // Docker holds configurations of the Docker provider.
 type Docker struct {
 	BaseProvider `mapstructure:",squash"`
@@ -31,59 +43,105 @@ type DockerTLS struct {
 	InsecureSkipVerify bool
 }
 
+func (provider *Docker) createClient() (client.APIClient, error) {
+	var httpClient *http.Client
+	httpHeaders := map[string]string{
+		// FIXME(vdemeester) use version here O:)
+		"User-Agent": "Traefik",
+	}
+	if provider.TLS != nil {
+		tlsOptions := tlsconfig.Options{
+			CAFile:             provider.TLS.CA,
+			CertFile:           provider.TLS.Cert,
+			KeyFile:            provider.TLS.Key,
+			InsecureSkipVerify: provider.TLS.InsecureSkipVerify,
+		}
+		config, err := tlsconfig.Client(tlsOptions)
+		if err != nil {
+			return nil, err
+		}
+		tr := &http.Transport{
+			TLSClientConfig: config,
+		}
+		proto, addr, _, err := client.ParseHost(provider.Endpoint)
+		if err != nil {
+			return nil, err
+		}
+
+		sockets.ConfigureTransport(tr, proto, addr)
+
+		httpClient = &http.Client{
+			Transport: tr,
+		}
+	}
+	return client.NewClient(provider.Endpoint, DockerAPIVersion, httpClient, httpHeaders)
+}
+
 // Provide allows the provider to provide configurations to traefik
 // using the given configuration channel.
-func (provider *Docker) Provide(configurationChan chan<- types.ConfigMessage) error {
+func (provider *Docker) Provide(configurationChan chan<- types.ConfigMessage, pool *safe.Pool) error {
+	// TODO register this routine in pool, and watch for stop channel
 	safe.Go(func() {
 		operation := func() error {
-			var dockerClient *docker.Client
 			var err error
 
-			if provider.TLS != nil {
-				dockerClient, err = docker.NewTLSClient(provider.Endpoint,
-					provider.TLS.Cert, provider.TLS.Key, provider.TLS.CA)
-				if err == nil {
-					dockerClient.TLSConfig.InsecureSkipVerify = provider.TLS.InsecureSkipVerify
-				}
-			} else {
-				dockerClient, err = docker.NewClient(provider.Endpoint)
-			}
+			dockerClient, err := provider.createClient()
 			if err != nil {
 				log.Errorf("Failed to create a client for docker, error: %s", err)
 				return err
 			}
-			err = dockerClient.Ping()
+			version, err := dockerClient.ServerVersion(context.Background())
+			log.Debugf("Docker connection established with docker %s (API %s)", version.Version, version.APIVersion)
+			containers, err := listContainers(dockerClient)
 			if err != nil {
-				log.Errorf("Docker connection error %+v", err)
+				log.Errorf("Failed to list containers for docker, error %s", err)
 				return err
 			}
-			log.Debug("Docker connection established")
-			configuration := provider.loadDockerConfig(listContainers(dockerClient))
+			configuration := provider.loadDockerConfig(containers)
 			configurationChan <- types.ConfigMessage{
 				ProviderName:  "docker",
 				Configuration: configuration,
 			}
 			if provider.Watch {
-				dockerEvents := make(chan *docker.APIEvents)
-				dockerClient.AddEventListener(dockerEvents)
-				log.Debug("Docker listening")
-				for {
-					event := <-dockerEvents
-					if event == nil {
-						return errors.New("Docker event nil")
-						//							log.Fatalf("Docker connection error")
+				ctx, cancel := context.WithCancel(context.Background())
+				f := filters.NewArgs()
+				f.Add("type", "container")
+				options := dockertypes.EventsOptions{
+					Filters: f,
+				}
+				eventHandler := events.NewHandler(events.ByAction)
+				startStopHandle := func(m eventtypes.Message) {
+					log.Debugf("Docker event received %+v", m)
+					containers, err := listContainers(dockerClient)
+					if err != nil {
+						log.Errorf("Failed to list containers for docker, error %s", err)
+						// Call cancel to get out of the monitor
+						cancel()
 					}
-					if event.Status == "start" || event.Status == "die" {
-						log.Debugf("Docker event receveived %+v", event)
-						configuration := provider.loadDockerConfig(listContainers(dockerClient))
-						if configuration != nil {
-							configurationChan <- types.ConfigMessage{
-								ProviderName:  "docker",
-								Configuration: configuration,
-							}
+					configuration := provider.loadDockerConfig(containers)
+					if configuration != nil {
+						configurationChan <- types.ConfigMessage{
+							ProviderName:  "docker",
+							Configuration: configuration,
 						}
 					}
 				}
+				eventHandler.Handle("start", startStopHandle)
+				eventHandler.Handle("die", startStopHandle)
+
+				errChan := events.MonitorWithHandler(ctx, dockerClient, options, eventHandler)
+				pool.Go(func(stop chan bool) {
+					for {
+						select {
+						case <-stop:
+							cancel()
+							return
+						}
+					}
+				})
+				if err := <-errChan; err != nil {
+					return err
+				}
 			}
 			return nil
 		}
@@ -99,7 +157,7 @@ func (provider *Docker) Provide(configurationChan chan<- types.ConfigMessage) er
 	return nil
 }
 
-func (provider *Docker) loadDockerConfig(containersInspected []docker.Container) *types.Configuration {
+func (provider *Docker) loadDockerConfig(containersInspected []dockertypes.ContainerJSON) *types.Configuration {
 	var DockerFuncMap = template.FuncMap{
 		"getBackend":        provider.getBackend,
 		"getPort":           provider.getPort,
@@ -113,16 +171,16 @@ func (provider *Docker) loadDockerConfig(containersInspected []docker.Container)
 	}
 
 	// filter containers
-	filteredContainers := fun.Filter(containerFilter, containersInspected).([]docker.Container)
+	filteredContainers := fun.Filter(containerFilter, containersInspected).([]dockertypes.ContainerJSON)
 
-	frontends := map[string][]docker.Container{}
+	frontends := map[string][]dockertypes.ContainerJSON{}
 	for _, container := range filteredContainers {
 		frontends[provider.getFrontendName(container)] = append(frontends[provider.getFrontendName(container)], container)
 	}
 
 	templateObjects := struct {
-		Containers []docker.Container
-		Frontends  map[string][]docker.Container
+		Containers []dockertypes.ContainerJSON
+		Frontends  map[string][]dockertypes.ContainerJSON
 		Domain     string
 	}{
 		filteredContainers,
@@ -137,7 +195,7 @@ func (provider *Docker) loadDockerConfig(containersInspected []docker.Container)
 	return configuration
 }
 
-func containerFilter(container docker.Container) bool {
+func containerFilter(container dockertypes.ContainerJSON) bool {
 	if len(container.NetworkSettings.Ports) == 0 {
 		log.Debugf("Filtering container without port %s", container.Name)
 		return false
@@ -156,14 +214,14 @@ func containerFilter(container docker.Container) bool {
 	return true
 }
 
-func (provider *Docker) getFrontendName(container docker.Container) string {
+func (provider *Docker) getFrontendName(container dockertypes.ContainerJSON) string {
 	// Replace '.' with '-' in quoted keys because of this issue https://github.com/BurntSushi/toml/issues/78
 	return normalize(provider.getFrontendRule(container))
 }
 
 // GetFrontendRule returns the frontend rule for the specified container, using
 // it's label. It returns a default one (Host) if the label is not present.
-func (provider *Docker) getFrontendRule(container docker.Container) string {
+func (provider *Docker) getFrontendRule(container dockertypes.ContainerJSON) string {
 	// ⚠⚠⚠⚠⚠⚠⚠⚠⚠⚠⚠⚠⚠⚠⚠⚠⚠⚠⚠⚠⚠⚠⚠⚠⚠⚠⚠⚠⚠⚠⚠⚠⚠⚠⚠⚠⚠⚠
 	// TODO: backwards compatibility with DEPRECATED rule.Value
 	if value, ok := container.Config.Labels["traefik.frontend.value"]; ok {
@@ -179,14 +237,14 @@ func (provider *Docker) getFrontendRule(container docker.Container) string {
 	return "Host:" + getEscapedName(container.Name) + "." + provider.Domain
 }
 
-func (provider *Docker) getBackend(container docker.Container) string {
+func (provider *Docker) getBackend(container dockertypes.ContainerJSON) string {
 	if label, err := getLabel(container, "traefik.backend"); err == nil {
 		return label
 	}
 	return normalize(container.Name)
 }
 
-func (provider *Docker) getPort(container docker.Container) string {
+func (provider *Docker) getPort(container dockertypes.ContainerJSON) string {
 	if label, err := getLabel(container, "traefik.port"); err == nil {
 		return label
 	}
@@ -196,42 +254,42 @@ func (provider *Docker) getPort(container docker.Container) string {
 	return ""
 }
 
-func (provider *Docker) getWeight(container docker.Container) string {
+func (provider *Docker) getWeight(container dockertypes.ContainerJSON) string {
 	if label, err := getLabel(container, "traefik.weight"); err == nil {
 		return label
 	}
 	return "1"
 }
 
-func (provider *Docker) getDomain(container docker.Container) string {
+func (provider *Docker) getDomain(container dockertypes.ContainerJSON) string {
 	if label, err := getLabel(container, "traefik.domain"); err == nil {
 		return label
 	}
 	return provider.Domain
 }
 
-func (provider *Docker) getProtocol(container docker.Container) string {
+func (provider *Docker) getProtocol(container dockertypes.ContainerJSON) string {
 	if label, err := getLabel(container, "traefik.protocol"); err == nil {
 		return label
 	}
 	return "http"
 }
 
-func (provider *Docker) getPassHostHeader(container docker.Container) string {
+func (provider *Docker) getPassHostHeader(container dockertypes.ContainerJSON) string {
 	if passHostHeader, err := getLabel(container, "traefik.frontend.passHostHeader"); err == nil {
 		return passHostHeader
 	}
 	return "false"
 }
 
-func (provider *Docker) getEntryPoints(container docker.Container) []string {
+func (provider *Docker) getEntryPoints(container dockertypes.ContainerJSON) []string {
 	if entryPoints, err := getLabel(container, "traefik.frontend.entryPoints"); err == nil {
 		return strings.Split(entryPoints, ",")
 	}
 	return []string{}
 }
 
-func getLabel(container docker.Container, label string) (string, error) {
+func getLabel(container dockertypes.ContainerJSON, label string) (string, error) {
 	for key, value := range container.Config.Labels {
 		if key == label {
 			return value, nil
@@ -240,7 +298,7 @@ func getLabel(container docker.Container, label string) (string, error) {
 	return "", errors.New("Label not found:" + label)
 }
 
-func getLabels(container docker.Container, labels []string) (map[string]string, error) {
+func getLabels(container dockertypes.ContainerJSON, labels []string) (map[string]string, error) {
 	var globalErr error
 	foundLabels := map[string]string{}
 	for _, label := range labels {
@@ -256,14 +314,20 @@ func getLabels(container docker.Container, labels []string) (map[string]string,
 	return foundLabels, globalErr
 }
 
-func listContainers(dockerClient *docker.Client) []docker.Container {
-	containerList, _ := dockerClient.ListContainers(docker.ListContainersOptions{})
-	containersInspected := []docker.Container{}
+func listContainers(dockerClient client.APIClient) ([]dockertypes.ContainerJSON, error) {
+	containerList, err := dockerClient.ContainerList(context.Background(), dockertypes.ContainerListOptions{})
+	if err != nil {
+		return []dockertypes.ContainerJSON{}, err
+	}
+	containersInspected := []dockertypes.ContainerJSON{}
 
 	// get inspect containers
 	for _, container := range containerList {
-		containerInspected, _ := dockerClient.InspectContainer(container.ID)
-		containersInspected = append(containersInspected, *containerInspected)
+		containerInspected, err := dockerClient.ContainerInspect(context.Background(), container.ID)
+		if err != nil {
+			log.Warnf("Failed to inpsect container %s, error: %s", container.ID, err)
+		}
+		containersInspected = append(containersInspected, containerInspected)
 	}
-	return containersInspected
+	return containersInspected, nil
 }

provider/docker_test.go

@@ -6,7 +6,10 @@ import (
 	"testing"
 
 	"github.com/containous/traefik/types"
-	"github.com/fsouza/go-dockerclient"
+	docker "github.com/docker/engine-api/types"
+	"github.com/docker/engine-api/types/container"
+	"github.com/docker/engine-api/types/network"
+	"github.com/docker/go-connections/nat"
 )
 
 func TestDockerGetFrontendName(t *testing.T) {
@@ -15,20 +18,24 @@ func TestDockerGetFrontendName(t *testing.T) {
 	}
 
 	containers := []struct {
-		container docker.Container
+		container docker.ContainerJSON
 		expected  string
 	}{
 		{
-			container: docker.Container{
-				Name:   "foo",
-				Config: &docker.Config{},
+			container: docker.ContainerJSON{
+				ContainerJSONBase: &docker.ContainerJSONBase{
+					Name: "foo",
+				},
+				Config: &container.Config{},
 			},
 			expected: "Host-foo-docker-localhost",
 		},
 		{
-			container: docker.Container{
-				Name: "bar",
-				Config: &docker.Config{
+			container: docker.ContainerJSON{
+				ContainerJSONBase: &docker.ContainerJSONBase{
+					Name: "bar",
+				},
+				Config: &container.Config{
 					Labels: map[string]string{
 						"traefik.frontend.rule": "Headers:User-Agent,bat/0.1.0",
 					},
@@ -37,9 +44,11 @@ func TestDockerGetFrontendName(t *testing.T) {
 			expected: "Headers-User-Agent-bat-0-1-0",
 		},
 		{
-			container: docker.Container{
-				Name: "test",
-				Config: &docker.Config{
+			container: docker.ContainerJSON{
+				ContainerJSONBase: &docker.ContainerJSONBase{
+					Name: "test",
+				},
+				Config: &container.Config{
 					Labels: map[string]string{
 						"traefik.frontend.rule": "Host:foo.bar",
 					},
@@ -48,9 +57,11 @@ func TestDockerGetFrontendName(t *testing.T) {
 			expected: "Host-foo-bar",
 		},
 		{
-			container: docker.Container{
-				Name: "test",
-				Config: &docker.Config{
+			container: docker.ContainerJSON{
+				ContainerJSONBase: &docker.ContainerJSONBase{
+					Name: "test",
+				},
+				Config: &container.Config{
 					Labels: map[string]string{
 						"traefik.frontend.rule": "Path:/test",
 					},
@@ -59,9 +70,11 @@ func TestDockerGetFrontendName(t *testing.T) {
 			expected: "Path-test",
 		},
 		{
-			container: docker.Container{
-				Name: "test",
-				Config: &docker.Config{
+			container: docker.ContainerJSON{
+				ContainerJSONBase: &docker.ContainerJSONBase{
+					Name: "test",
+				},
+				Config: &container.Config{
 					Labels: map[string]string{
 						"traefik.frontend.rule": "PathPrefix:/test2",
 					},
@@ -85,27 +98,33 @@ func TestDockerGetFrontendRule(t *testing.T) {
 	}
 
 	containers := []struct {
-		container docker.Container
+		container docker.ContainerJSON
 		expected  string
 	}{
 		{
-			container: docker.Container{
-				Name:   "foo",
-				Config: &docker.Config{},
+			container: docker.ContainerJSON{
+				ContainerJSONBase: &docker.ContainerJSONBase{
+					Name: "foo",
+				},
+				Config: &container.Config{},
 			},
 			expected: "Host:foo.docker.localhost",
 		},
 		{
-			container: docker.Container{
-				Name:   "bar",
-				Config: &docker.Config{},
+			container: docker.ContainerJSON{
+				ContainerJSONBase: &docker.ContainerJSONBase{
+					Name: "bar",
+				},
+				Config: &container.Config{},
 			},
 			expected: "Host:bar.docker.localhost",
 		},
 		{
-			container: docker.Container{
-				Name: "test",
-				Config: &docker.Config{
+			container: docker.ContainerJSON{
+				ContainerJSONBase: &docker.ContainerJSONBase{
+					Name: "test",
+				},
+				Config: &container.Config{
 					Labels: map[string]string{
 						"traefik.frontend.rule": "Host:foo.bar",
 					},
@@ -114,9 +133,11 @@ func TestDockerGetFrontendRule(t *testing.T) {
 			expected: "Host:foo.bar",
 		},
 		{
-			container: docker.Container{
-				Name: "test",
-				Config: &docker.Config{
+			container: docker.ContainerJSON{
+				ContainerJSONBase: &docker.ContainerJSONBase{
+					Name: "test",
+				},
+				Config: &container.Config{
 					Labels: map[string]string{
 						"traefik.frontend.rule": "Path:/test",
 					},
@@ -138,27 +159,33 @@ func TestDockerGetBackend(t *testing.T) {
 	provider := &Docker{}
 
 	containers := []struct {
-		container docker.Container
+		container docker.ContainerJSON
 		expected  string
 	}{
 		{
-			container: docker.Container{
-				Name:   "foo",
-				Config: &docker.Config{},
+			container: docker.ContainerJSON{
+				ContainerJSONBase: &docker.ContainerJSONBase{
+					Name: "foo",
+				},
+				Config: &container.Config{},
 			},
 			expected: "foo",
 		},
 		{
-			container: docker.Container{
-				Name:   "bar",
-				Config: &docker.Config{},
+			container: docker.ContainerJSON{
+				ContainerJSONBase: &docker.ContainerJSONBase{
+					Name: "bar",
+				},
+				Config: &container.Config{},
 			},
 			expected: "bar",
 		},
 		{
-			container: docker.Container{
-				Name: "test",
-				Config: &docker.Config{
+			container: docker.ContainerJSON{
+				ContainerJSONBase: &docker.ContainerJSONBase{
+					Name: "test",
+				},
+				Config: &container.Config{
 					Labels: map[string]string{
 						"traefik.backend": "foobar",
 					},
@@ -180,24 +207,30 @@ func TestDockerGetPort(t *testing.T) {
 	provider := &Docker{}
 
 	containers := []struct {
-		container docker.Container
+		container docker.ContainerJSON
 		expected  string
 	}{
 		{
-			container: docker.Container{
-				Name:            "foo",
-				Config:          &docker.Config{},
+			container: docker.ContainerJSON{
+				ContainerJSONBase: &docker.ContainerJSONBase{
+					Name: "foo",
+				},
+				Config:          &container.Config{},
 				NetworkSettings: &docker.NetworkSettings{},
 			},
 			expected: "",
 		},
 		{
-			container: docker.Container{
-				Name:   "bar",
-				Config: &docker.Config{},
+			container: docker.ContainerJSON{
+				ContainerJSONBase: &docker.ContainerJSONBase{
+					Name: "bar",
+				},
+				Config: &container.Config{},
 				NetworkSettings: &docker.NetworkSettings{
-					Ports: map[docker.Port][]docker.PortBinding{
-						"80/tcp": {},
+					NetworkSettingsBase: docker.NetworkSettingsBase{
+						Ports: nat.PortMap{
+							"80/tcp": {},
+						},
 					},
 				},
 			},
@@ -205,9 +238,9 @@ func TestDockerGetPort(t *testing.T) {
 		},
 		// FIXME handle this better..
 		// {
-		// 	container: docker.Container{
+		// 	container: docker.ContainerJSON{
 		// 		Name:   "bar",
-		// 		Config: &docker.Config{},
+		// 		Config: &container.Config{},
 		// 		NetworkSettings: &docker.NetworkSettings{
 		// 			Ports: map[docker.Port][]docker.PortBinding{
 		// 				"80/tcp":  []docker.PortBinding{},
@@ -218,16 +251,20 @@ func TestDockerGetPort(t *testing.T) {
 		// 	expected: "80",
 		// },
 		{
-			container: docker.Container{
-				Name: "test",
-				Config: &docker.Config{
+			container: docker.ContainerJSON{
+				ContainerJSONBase: &docker.ContainerJSONBase{
+					Name: "test",
+				},
+				Config: &container.Config{
 					Labels: map[string]string{
 						"traefik.port": "8080",
 					},
 				},
 				NetworkSettings: &docker.NetworkSettings{
-					Ports: map[docker.Port][]docker.PortBinding{
-						"80/tcp": {},
+					NetworkSettingsBase: docker.NetworkSettingsBase{
+						Ports: nat.PortMap{
+							"80/tcp": {},
+						},
 					},
 				},
 			},
@@ -247,20 +284,24 @@ func TestDockerGetWeight(t *testing.T) {
 	provider := &Docker{}
 
 	containers := []struct {
-		container docker.Container
+		container docker.ContainerJSON
 		expected  string
 	}{
 		{
-			container: docker.Container{
-				Name:   "foo",
-				Config: &docker.Config{},
+			container: docker.ContainerJSON{
+				ContainerJSONBase: &docker.ContainerJSONBase{
+					Name: "foo",
+				},
+				Config: &container.Config{},
 			},
 			expected: "1",
 		},
 		{
-			container: docker.Container{
-				Name: "test",
-				Config: &docker.Config{
+			container: docker.ContainerJSON{
+				ContainerJSONBase: &docker.ContainerJSONBase{
+					Name: "test",
+				},
+				Config: &container.Config{
 					Labels: map[string]string{
 						"traefik.weight": "10",
 					},
@@ -284,20 +325,24 @@ func TestDockerGetDomain(t *testing.T) {
 	}
 
 	containers := []struct {
-		container docker.Container
+		container docker.ContainerJSON
 		expected  string
 	}{
 		{
-			container: docker.Container{
-				Name:   "foo",
-				Config: &docker.Config{},
+			container: docker.ContainerJSON{
+				ContainerJSONBase: &docker.ContainerJSONBase{
+					Name: "foo",
+				},
+				Config: &container.Config{},
 			},
 			expected: "docker.localhost",
 		},
 		{
-			container: docker.Container{
-				Name: "test",
-				Config: &docker.Config{
+			container: docker.ContainerJSON{
+				ContainerJSONBase: &docker.ContainerJSONBase{
+					Name: "test",
+				},
+				Config: &container.Config{
 					Labels: map[string]string{
 						"traefik.domain": "foo.bar",
 					},
@@ -319,20 +364,24 @@ func TestDockerGetProtocol(t *testing.T) {
 	provider := &Docker{}
 
 	containers := []struct {
-		container docker.Container
+		container docker.ContainerJSON
 		expected  string
 	}{
 		{
-			container: docker.Container{
-				Name:   "foo",
-				Config: &docker.Config{},
+			container: docker.ContainerJSON{
+				ContainerJSONBase: &docker.ContainerJSONBase{
+					Name: "foo",
+				},
+				Config: &container.Config{},
 			},
 			expected: "http",
 		},
 		{
-			container: docker.Container{
-				Name: "test",
-				Config: &docker.Config{
+			container: docker.ContainerJSON{
+				ContainerJSONBase: &docker.ContainerJSONBase{
+					Name: "test",
+				},
+				Config: &container.Config{
 					Labels: map[string]string{
 						"traefik.protocol": "https",
 					},
@@ -354,20 +403,24 @@ func TestDockerGetPassHostHeader(t *testing.T) {
 	provider := &Docker{}
 
 	containers := []struct {
-		container docker.Container
+		container docker.ContainerJSON
 		expected  string
 	}{
 		{
-			container: docker.Container{
-				Name:   "foo",
-				Config: &docker.Config{},
+			container: docker.ContainerJSON{
+				ContainerJSONBase: &docker.ContainerJSONBase{
+					Name: "foo",
+				},
+				Config: &container.Config{},
 			},
 			expected: "false",
 		},
 		{
-			container: docker.Container{
-				Name: "test",
-				Config: &docker.Config{
+			container: docker.ContainerJSON{
+				ContainerJSONBase: &docker.ContainerJSONBase{
+					Name: "test",
+				},
+				Config: &container.Config{
 					Labels: map[string]string{
 						"traefik.frontend.passHostHeader": "true",
 					},
@@ -387,18 +440,18 @@ func TestDockerGetPassHostHeader(t *testing.T) {
 
 func TestDockerGetLabel(t *testing.T) {
 	containers := []struct {
-		container docker.Container
+		container docker.ContainerJSON
 		expected  string
 	}{
 		{
-			container: docker.Container{
-				Config: &docker.Config{},
+			container: docker.ContainerJSON{
+				Config: &container.Config{},
 			},
 			expected: "Label not found:",
 		},
 		{
-			container: docker.Container{
-				Config: &docker.Config{
+			container: docker.ContainerJSON{
+				Config: &container.Config{
 					Labels: map[string]string{
 						"foo": "bar",
 					},
@@ -424,20 +477,20 @@ func TestDockerGetLabel(t *testing.T) {
 
 func TestDockerGetLabels(t *testing.T) {
 	containers := []struct {
-		container      docker.Container
+		container      docker.ContainerJSON
 		expectedLabels map[string]string
 		expectedError  string
 	}{
 		{
-			container: docker.Container{
-				Config: &docker.Config{},
+			container: docker.ContainerJSON{
+				Config: &container.Config{},
 			},
 			expectedLabels: map[string]string{},
 			expectedError:  "Label not found:",
 		},
 		{
-			container: docker.Container{
-				Config: &docker.Config{
+			container: docker.ContainerJSON{
+				Config: &container.Config{
 					Labels: map[string]string{
 						"foo": "fooz",
 					},
@@ -449,8 +502,8 @@ func TestDockerGetLabels(t *testing.T) {
 			expectedError: "Label not found: bar",
 		},
 		{
-			container: docker.Container{
-				Config: &docker.Config{
+			container: docker.ContainerJSON{
+				Config: &container.Config{
 					Labels: map[string]string{
 						"foo": "fooz",
 						"bar": "barz",
@@ -480,125 +533,168 @@ func TestDockerGetLabels(t *testing.T) {
 
 func TestDockerTraefikFilter(t *testing.T) {
 	containers := []struct {
-		container docker.Container
+		container docker.ContainerJSON
 		expected  bool
 	}{
 		{
-			container: docker.Container{
-				Config:          &docker.Config{},
+			container: docker.ContainerJSON{
+				ContainerJSONBase: &docker.ContainerJSONBase{
+					Name: "container",
+				},
+				Config:          &container.Config{},
 				NetworkSettings: &docker.NetworkSettings{},
 			},
 			expected: false,
 		},
 		{
-			container: docker.Container{
-				Config: &docker.Config{
+			container: docker.ContainerJSON{
+				ContainerJSONBase: &docker.ContainerJSONBase{
+					Name: "container",
+				},
+				Config: &container.Config{
 					Labels: map[string]string{
 						"traefik.enable": "false",
 					},
 				},
 				NetworkSettings: &docker.NetworkSettings{
-					Ports: map[docker.Port][]docker.PortBinding{
-						"80/tcp": {},
+					NetworkSettingsBase: docker.NetworkSettingsBase{
+						Ports: nat.PortMap{
+							"80/tcp": {},
+						},
 					},
 				},
 			},
 			expected: false,
 		},
 		{
-			container: docker.Container{
-				Config: &docker.Config{
+			container: docker.ContainerJSON{
+				ContainerJSONBase: &docker.ContainerJSONBase{
+					Name: "container",
+				},
+				Config: &container.Config{
 					Labels: map[string]string{
 						"traefik.frontend.rule": "Host:foo.bar",
 					},
 				},
 				NetworkSettings: &docker.NetworkSettings{
-					Ports: map[docker.Port][]docker.PortBinding{
-						"80/tcp": {},
+					NetworkSettingsBase: docker.NetworkSettingsBase{
+						Ports: nat.PortMap{
+							"80/tcp": {},
+						},
 					},
 				},
 			},
 			expected: true,
 		},
 		{
-			container: docker.Container{
-				Config: &docker.Config{},
+			container: docker.ContainerJSON{
+				ContainerJSONBase: &docker.ContainerJSONBase{
+					Name: "container",
+				},
+				Config: &container.Config{},
 				NetworkSettings: &docker.NetworkSettings{
-					Ports: map[docker.Port][]docker.PortBinding{
-						"80/tcp":  {},
-						"443/tcp": {},
+					NetworkSettingsBase: docker.NetworkSettingsBase{
+						Ports: nat.PortMap{
+							"80/tcp":  {},
+							"443/tcp": {},
+						},
 					},
 				},
 			},
 			expected: false,
 		},
 		{
-			container: docker.Container{
-				Config: &docker.Config{},
+			container: docker.ContainerJSON{
+				ContainerJSONBase: &docker.ContainerJSONBase{
+					Name: "container",
+				},
+				Config: &container.Config{},
 				NetworkSettings: &docker.NetworkSettings{
-					Ports: map[docker.Port][]docker.PortBinding{
-						"80/tcp": {},
+					NetworkSettingsBase: docker.NetworkSettingsBase{
+						Ports: nat.PortMap{
+							"80/tcp": {},
+						},
 					},
 				},
 			},
 			expected: true,
 		},
 		{
-			container: docker.Container{
-				Config: &docker.Config{
+			container: docker.ContainerJSON{
+				ContainerJSONBase: &docker.ContainerJSONBase{
+					Name: "container",
+				},
+				Config: &container.Config{
 					Labels: map[string]string{
 						"traefik.port": "80",
 					},
 				},
 				NetworkSettings: &docker.NetworkSettings{
-					Ports: map[docker.Port][]docker.PortBinding{
-						"80/tcp":  {},
-						"443/tcp": {},
+					NetworkSettingsBase: docker.NetworkSettingsBase{
+						Ports: nat.PortMap{
+							"80/tcp":  {},
+							"443/tcp": {},
+						},
 					},
 				},
 			},
 			expected: true,
 		},
 		{
-			container: docker.Container{
-				Config: &docker.Config{
+			container: docker.ContainerJSON{
+				ContainerJSONBase: &docker.ContainerJSONBase{
+					Name: "container",
+				},
+				Config: &container.Config{
 					Labels: map[string]string{
 						"traefik.enable": "true",
 					},
 				},
 				NetworkSettings: &docker.NetworkSettings{
-					Ports: map[docker.Port][]docker.PortBinding{
-						"80/tcp": {},
+					NetworkSettingsBase: docker.NetworkSettingsBase{
+						Ports: nat.PortMap{
+							"80/tcp": {},
+						},
 					},
 				},
 			},
 			expected: true,
 		},
 		{
-			container: docker.Container{
-				Config: &docker.Config{
+			container: docker.ContainerJSON{
+				ContainerJSONBase: &docker.ContainerJSONBase{
+					Name: "container",
+				},
+				Config: &container.Config{
 					Labels: map[string]string{
 						"traefik.enable": "anything",
 					},
 				},
 				NetworkSettings: &docker.NetworkSettings{
-					Ports: map[docker.Port][]docker.PortBinding{
-						"80/tcp": {},
+					NetworkSettingsBase: docker.NetworkSettingsBase{
+						Ports: nat.PortMap{
+							"80/tcp": {},
+						},
 					},
 				},
 			},
 			expected: true,
 		},
 		{
-			container: docker.Container{
-				Config: &docker.Config{
+			container: docker.ContainerJSON{
+				ContainerJSONBase: &docker.ContainerJSONBase{
+					Name: "container",
+				},
+				Config: &container.Config{
 					Labels: map[string]string{
 						"traefik.frontend.rule": "Host:foo.bar",
 					},
 				},
 				NetworkSettings: &docker.NetworkSettings{
-					Ports: map[docker.Port][]docker.PortBinding{
-						"80/tcp": {},
+					NetworkSettingsBase: docker.NetworkSettingsBase{
+						Ports: nat.PortMap{
+							"80/tcp": {},
+						},
 					},
 				},
 			},
@@ -616,26 +712,30 @@ func TestDockerTraefikFilter(t *testing.T) {
 
 func TestDockerLoadDockerConfig(t *testing.T) {
 	cases := []struct {
-		containers        []docker.Container
+		containers        []docker.ContainerJSON
 		expectedFrontends map[string]*types.Frontend
 		expectedBackends  map[string]*types.Backend
 	}{
 		{
-			containers:        []docker.Container{},
+			containers:        []docker.ContainerJSON{},
 			expectedFrontends: map[string]*types.Frontend{},
 			expectedBackends:  map[string]*types.Backend{},
 		},
 		{
-			containers: []docker.Container{
+			containers: []docker.ContainerJSON{
 				{
-					Name:   "test",
-					Config: &docker.Config{},
+					ContainerJSONBase: &docker.ContainerJSONBase{
+						Name: "test",
+					},
+					Config: &container.Config{},
 					NetworkSettings: &docker.NetworkSettings{
-						Ports: map[docker.Port][]docker.PortBinding{
-							"80/tcp": {},
+						NetworkSettingsBase: docker.NetworkSettingsBase{
+							Ports: nat.PortMap{
+								"80/tcp": {},
+							},
 						},
-						Networks: map[string]docker.ContainerNetwork{
-							"bridgde": {
+						Networks: map[string]*network.EndpointSettings{
+							"bridge": {
 								IPAddress: "127.0.0.1",
 							},
 						},
@@ -643,11 +743,11 @@ func TestDockerLoadDockerConfig(t *testing.T) {
 				},
 			},
 			expectedFrontends: map[string]*types.Frontend{
-				`"frontend-Host-test-docker-localhost"`: {
+				"frontend-Host-test-docker-localhost": {
 					Backend:     "backend-test",
 					EntryPoints: []string{},
 					Routes: map[string]types.Route{
-						`"route-frontend-Host-test-docker-localhost"`: {
+						"route-frontend-Host-test-docker-localhost": {
 							Rule: "Host:test.docker.localhost",
 						},
 					},
@@ -667,38 +767,46 @@ func TestDockerLoadDockerConfig(t *testing.T) {
 			},
 		},
 		{
-			containers: []docker.Container{
+			containers: []docker.ContainerJSON{
 				{
-					Name: "test1",
-					Config: &docker.Config{
+					ContainerJSONBase: &docker.ContainerJSONBase{
+						Name: "test1",
+					},
+					Config: &container.Config{
 						Labels: map[string]string{
 							"traefik.backend":              "foobar",
 							"traefik.frontend.entryPoints": "http,https",
 						},
 					},
 					NetworkSettings: &docker.NetworkSettings{
-						Ports: map[docker.Port][]docker.PortBinding{
-							"80/tcp": {},
+						NetworkSettingsBase: docker.NetworkSettingsBase{
+							Ports: nat.PortMap{
+								"80/tcp": {},
+							},
 						},
-						Networks: map[string]docker.ContainerNetwork{
-							"bridgde": {
+						Networks: map[string]*network.EndpointSettings{
+							"bridge": {
 								IPAddress: "127.0.0.1",
 							},
 						},
 					},
 				},
 				{
-					Name: "test2",
-					Config: &docker.Config{
+					ContainerJSONBase: &docker.ContainerJSONBase{
+						Name: "test2",
+					},
+					Config: &container.Config{
 						Labels: map[string]string{
 							"traefik.backend": "foobar",
 						},
 					},
 					NetworkSettings: &docker.NetworkSettings{
-						Ports: map[docker.Port][]docker.PortBinding{
-							"80/tcp": {},
+						NetworkSettingsBase: docker.NetworkSettingsBase{
+							Ports: nat.PortMap{
+								"80/tcp": {},
+							},
 						},
-						Networks: map[string]docker.ContainerNetwork{
+						Networks: map[string]*network.EndpointSettings{
 							"bridge": {
 								IPAddress: "127.0.0.1",
 							},
@@ -707,20 +815,20 @@ func TestDockerLoadDockerConfig(t *testing.T) {
 				},
 			},
 			expectedFrontends: map[string]*types.Frontend{
-				`"frontend-Host-test1-docker-localhost"`: {
+				"frontend-Host-test1-docker-localhost": {
 					Backend:     "backend-foobar",
 					EntryPoints: []string{"http", "https"},
 					Routes: map[string]types.Route{
-						`"route-frontend-Host-test1-docker-localhost"`: {
+						"route-frontend-Host-test1-docker-localhost": {
 							Rule: "Host:test1.docker.localhost",
 						},
 					},
 				},
-				`"frontend-Host-test2-docker-localhost"`: {
+				"frontend-Host-test2-docker-localhost": {
 					Backend:     "backend-foobar",
 					EntryPoints: []string{},
 					Routes: map[string]types.Route{
-						`"route-frontend-Host-test2-docker-localhost"`: {
+						"route-frontend-Host-test2-docker-localhost": {
 							Rule: "Host:test2.docker.localhost",
 						},
 					},

provider/etcd.go

@@ -1,6 +1,7 @@
 package provider
 
 import (
+	"github.com/containous/traefik/safe"
 	"github.com/containous/traefik/types"
 	"github.com/docker/libkv/store"
 	"github.com/docker/libkv/store/etcd"
@@ -13,8 +14,8 @@ type Etcd struct {
 
 // Provide allows the provider to provide configurations to traefik
 // using the given configuration channel.
-func (provider *Etcd) Provide(configurationChan chan<- types.ConfigMessage) error {
+func (provider *Etcd) Provide(configurationChan chan<- types.ConfigMessage, pool *safe.Pool) error {
 	provider.storeType = store.ETCD
 	etcd.Register()
-	return provider.provide(configurationChan)
+	return provider.provide(configurationChan, pool)
 }

provider/file.go

@@ -19,7 +19,7 @@ type File struct {
 
 // Provide allows the provider to provide configurations to traefik
 // using the given configuration channel.
-func (provider *File) Provide(configurationChan chan<- types.ConfigMessage) error {
+func (provider *File) Provide(configurationChan chan<- types.ConfigMessage, pool *safe.Pool) error {
 	watcher, err := fsnotify.NewWatcher()
 	if err != nil {
 		log.Error("Error creating file watcher", err)
@@ -35,10 +35,12 @@ func (provider *File) Provide(configurationChan chan<- types.ConfigMessage) erro
 
 	if provider.Watch {
 		// Process events
-		safe.Go(func() {
+		pool.Go(func(stop chan bool) {
 			defer watcher.Close()
 			for {
 				select {
+				case <-stop:
+					return
 				case event := <-watcher.Events:
 					if strings.Contains(event.Name, file.Name()) {
 						log.Debug("File event:", event)

provider/k8s/client.go

@@ -0,0 +1,274 @@
+package k8s
+
+import (
+	"crypto/tls"
+	"crypto/x509"
+	"encoding/json"
+	"fmt"
+	"github.com/containous/traefik/safe"
+	"github.com/parnurzeal/gorequest"
+	"net/http"
+	"net/url"
+	"strings"
+)
+
+const (
+	// APIEndpoint defines the base path for kubernetes API resources.
+	APIEndpoint        = "/api/v1"
+	extentionsEndpoint = "/apis/extensions/v1beta1"
+	defaultIngress     = "/ingresses"
+)
+
+// Client is a client for the Kubernetes master.
+type Client interface {
+	GetIngresses(predicate func(Ingress) bool) ([]Ingress, error)
+	GetServices(predicate func(Service) bool) ([]Service, error)
+	WatchAll(stopCh <-chan bool) (chan interface{}, chan error, error)
+}
+
+type clientImpl struct {
+	endpointURL string
+	tls         *tls.Config
+	token       string
+	caCert      []byte
+}
+
+// NewClient returns a new Kubernetes client.
+// The provided host is an url (scheme://hostname[:port]) of a
+// Kubernetes master without any path.
+// The provided client is an authorized http.Client used to perform requests to the Kubernetes API master.
+func NewClient(baseURL string, caCert []byte, token string) (Client, error) {
+	validURL, err := url.Parse(baseURL)
+	if err != nil {
+		return nil, fmt.Errorf("failed to parse URL %q: %v", baseURL, err)
+	}
+	return &clientImpl{
+		endpointURL: strings.TrimSuffix(validURL.String(), "/"),
+		token:       token,
+		caCert:      caCert,
+	}, nil
+}
+
+// GetIngresses returns all services in the cluster
+func (c *clientImpl) GetIngresses(predicate func(Ingress) bool) ([]Ingress, error) {
+	getURL := c.endpointURL + extentionsEndpoint + defaultIngress
+
+	body, err := c.do(c.request(getURL))
+	if err != nil {
+		return nil, fmt.Errorf("failed to create ingresses request: GET %q : %v", getURL, err)
+	}
+
+	var ingressList IngressList
+	if err := json.Unmarshal(body, &ingressList); err != nil {
+		return nil, fmt.Errorf("failed to decode list of ingress resources: %v", err)
+	}
+	ingresses := ingressList.Items[:0]
+	for _, ingress := range ingressList.Items {
+		if predicate(ingress) {
+			ingresses = append(ingresses, ingress)
+		}
+	}
+	return ingresses, nil
+}
+
+// WatchIngresses returns all ingresses in the cluster
+func (c *clientImpl) WatchIngresses(stopCh <-chan bool) (chan interface{}, chan error, error) {
+	getURL := c.endpointURL + extentionsEndpoint + defaultIngress
+	return c.watch(getURL, stopCh)
+}
+
+// GetServices returns all services in the cluster
+func (c *clientImpl) GetServices(predicate func(Service) bool) ([]Service, error) {
+	getURL := c.endpointURL + APIEndpoint + "/services"
+
+	body, err := c.do(c.request(getURL))
+	if err != nil {
+		return nil, fmt.Errorf("failed to create services request: GET %q : %v", getURL, err)
+	}
+
+	var serviceList ServiceList
+	if err := json.Unmarshal(body, &serviceList); err != nil {
+		return nil, fmt.Errorf("failed to decode list of services resources: %v", err)
+	}
+	services := serviceList.Items[:0]
+	for _, service := range serviceList.Items {
+		if predicate(service) {
+			services = append(services, service)
+		}
+	}
+	return services, nil
+}
+
+// WatchServices returns all services in the cluster
+func (c *clientImpl) WatchServices(stopCh <-chan bool) (chan interface{}, chan error, error) {
+	getURL := c.endpointURL + APIEndpoint + "/services"
+	return c.watch(getURL, stopCh)
+}
+
+// WatchEvents returns events in the cluster
+func (c *clientImpl) WatchEvents(stopCh <-chan bool) (chan interface{}, chan error, error) {
+	getURL := c.endpointURL + APIEndpoint + "/events"
+	return c.watch(getURL, stopCh)
+}
+
+// WatchPods returns pods in the cluster
+func (c *clientImpl) WatchPods(stopCh <-chan bool) (chan interface{}, chan error, error) {
+	getURL := c.endpointURL + APIEndpoint + "/pods"
+	return c.watch(getURL, stopCh)
+}
+
+// WatchReplicationControllers returns ReplicationControllers in the cluster
+func (c *clientImpl) WatchReplicationControllers(stopCh <-chan bool) (chan interface{}, chan error, error) {
+	getURL := c.endpointURL + APIEndpoint + "/replicationcontrollers"
+	return c.watch(getURL, stopCh)
+}
+
+// WatchAll returns events in the cluster
+func (c *clientImpl) WatchAll(stopCh <-chan bool) (chan interface{}, chan error, error) {
+	watchCh := make(chan interface{})
+	errCh := make(chan error)
+
+	stopIngresses := make(chan bool)
+	chanIngresses, chanIngressesErr, err := c.WatchIngresses(stopIngresses)
+	if err != nil {
+		return watchCh, errCh, fmt.Errorf("failed to create watch: %v", err)
+	}
+	stopServices := make(chan bool)
+	chanServices, chanServicesErr, err := c.WatchServices(stopServices)
+	if err != nil {
+		return watchCh, errCh, fmt.Errorf("failed to create watch: %v", err)
+	}
+	stopPods := make(chan bool)
+	chanPods, chanPodsErr, err := c.WatchPods(stopPods)
+	if err != nil {
+		return watchCh, errCh, fmt.Errorf("failed to create watch: %v", err)
+	}
+	stopReplicationControllers := make(chan bool)
+	chanReplicationControllers, chanReplicationControllersErr, err := c.WatchReplicationControllers(stopReplicationControllers)
+	if err != nil {
+		return watchCh, errCh, fmt.Errorf("failed to create watch: %v", err)
+	}
+	go func() {
+		defer close(watchCh)
+		defer close(errCh)
+		defer close(stopIngresses)
+		defer close(stopServices)
+		defer close(stopPods)
+		defer close(stopReplicationControllers)
+
+		for {
+			select {
+			case <-stopCh:
+				stopIngresses <- true
+				stopServices <- true
+				stopPods <- true
+				stopReplicationControllers <- true
+				break
+			case err := <-chanIngressesErr:
+				errCh <- err
+			case err := <-chanServicesErr:
+				errCh <- err
+			case err := <-chanPodsErr:
+				errCh <- err
+			case err := <-chanReplicationControllersErr:
+				errCh <- err
+			case event := <-chanIngresses:
+				watchCh <- event
+			case event := <-chanServices:
+				watchCh <- event
+			case event := <-chanPods:
+				watchCh <- event
+			case event := <-chanReplicationControllers:
+				watchCh <- event
+			}
+		}
+	}()
+
+	return watchCh, errCh, nil
+}
+
+func (c *clientImpl) do(request *gorequest.SuperAgent) ([]byte, error) {
+	res, body, errs := request.EndBytes()
+	if errs != nil {
+		return nil, fmt.Errorf("failed to create request: GET %q : %v", request.Url, errs)
+	}
+	if res.StatusCode != http.StatusOK {
+		return nil, fmt.Errorf("http error %d GET %q: %q", res.StatusCode, request.Url, string(body))
+	}
+	return body, nil
+}
+
+func (c *clientImpl) request(url string) *gorequest.SuperAgent {
+	// Make request to Kubernetes API
+	request := gorequest.New().Get(url)
+	if len(c.token) > 0 {
+		request.Header["Authorization"] = "Bearer " + c.token
+		pool := x509.NewCertPool()
+		pool.AppendCertsFromPEM(c.caCert)
+		c.tls = &tls.Config{RootCAs: pool}
+	}
+	return request.TLSClientConfig(c.tls)
+}
+
+// GenericObject generic object
+type GenericObject struct {
+	TypeMeta `json:",inline"`
+	ListMeta `json:"metadata,omitempty"`
+}
+
+func (c *clientImpl) watch(url string, stopCh <-chan bool) (chan interface{}, chan error, error) {
+	watchCh := make(chan interface{})
+	errCh := make(chan error)
+
+	// get version
+	body, err := c.do(c.request(url))
+	if err != nil {
+		return watchCh, errCh, fmt.Errorf("failed to do version request: GET %q : %v", url, err)
+	}
+
+	var generic GenericObject
+	if err := json.Unmarshal(body, &generic); err != nil {
+		return watchCh, errCh, fmt.Errorf("failed to decode version %v", err)
+	}
+	resourceVersion := generic.ResourceVersion
+
+	url = url + "?watch&resourceVersion=" + resourceVersion
+	// Make request to Kubernetes API
+	request := c.request(url)
+	req, err := request.MakeRequest()
+	if err != nil {
+		return watchCh, errCh, fmt.Errorf("failed to make watch request: GET %q : %v", url, err)
+	}
+	request.Client.Transport = request.Transport
+	res, err := request.Client.Do(req)
+	if err != nil {
+		return watchCh, errCh, fmt.Errorf("failed to do watch request: GET %q: %v", url, err)
+	}
+
+	shouldStop := safe.New(false)
+
+	go func() {
+		select {
+		case <-stopCh:
+			shouldStop.Set(true)
+			res.Body.Close()
+			return
+		}
+	}()
+
+	go func() {
+		defer close(watchCh)
+		defer close(errCh)
+		for {
+			var eventList interface{}
+			if err := json.NewDecoder(res.Body).Decode(&eventList); err != nil {
+				if !shouldStop.Get().(bool) {
+					errCh <- fmt.Errorf("failed to decode watch event: %v", err)
+				}
+				return
+			}
+			watchCh <- eventList
+		}
+	}()
+	return watchCh, errCh, nil
+}

provider/k8s/ingress.go

@@ -0,0 +1,151 @@
+package k8s
+
+// Ingress is a collection of rules that allow inbound connections to reach the
+// endpoints defined by a backend. An Ingress can be configured to give services
+// externally-reachable urls, load balance traffic, terminate SSL, offer name
+// based virtual hosting etc.
+type Ingress struct {
+	TypeMeta `json:",inline"`
+	// Standard object's metadata.
+	// More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#metadata
+	ObjectMeta `json:"metadata,omitempty"`
+
+	// Spec is the desired state of the Ingress.
+	// More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#spec-and-status
+	Spec IngressSpec `json:"spec,omitempty"`
+
+	// Status is the current state of the Ingress.
+	// More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#spec-and-status
+	Status IngressStatus `json:"status,omitempty"`
+}
+
+// IngressList is a collection of Ingress.
+type IngressList struct {
+	TypeMeta `json:",inline"`
+	// Standard object's metadata.
+	// More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#metadata
+	ListMeta `json:"metadata,omitempty"`
+
+	// Items is the list of Ingress.
+	Items []Ingress `json:"items"`
+}
+
+// IngressSpec describes the Ingress the user wishes to exist.
+type IngressSpec struct {
+	// A default backend capable of servicing requests that don't match any
+	// rule. At least one of 'backend' or 'rules' must be specified. This field
+	// is optional to allow the loadbalancer controller or defaulting logic to
+	// specify a global default.
+	Backend *IngressBackend `json:"backend,omitempty"`
+
+	// TLS configuration. Currently the Ingress only supports a single TLS
+	// port, 443. If multiple members of this list specify different hosts, they
+	// will be multiplexed on the same port according to the hostname specified
+	// through the SNI TLS extension, if the ingress controller fulfilling the
+	// ingress supports SNI.
+	TLS []IngressTLS `json:"tls,omitempty"`
+
+	// A list of host rules used to configure the Ingress. If unspecified, or
+	// no rule matches, all traffic is sent to the default backend.
+	Rules []IngressRule `json:"rules,omitempty"`
+	// TODO: Add the ability to specify load-balancer IP through claims
+}
+
+// IngressTLS describes the transport layer security associated with an Ingress.
+type IngressTLS struct {
+	// Hosts are a list of hosts included in the TLS certificate. The values in
+	// this list must match the name/s used in the tlsSecret. Defaults to the
+	// wildcard host setting for the loadbalancer controller fulfilling this
+	// Ingress, if left unspecified.
+	Hosts []string `json:"hosts,omitempty"`
+	// SecretName is the name of the secret used to terminate SSL traffic on 443.
+	// Field is left optional to allow SSL routing based on SNI hostname alone.
+	// If the SNI host in a listener conflicts with the "Host" header field used
+	// by an IngressRule, the SNI host is used for termination and value of the
+	// Host header is used for routing.
+	SecretName string `json:"secretName,omitempty"`
+	// TODO: Consider specifying different modes of termination, protocols etc.
+}
+
+// IngressStatus describe the current state of the Ingress.
+type IngressStatus struct {
+	// LoadBalancer contains the current status of the load-balancer.
+	LoadBalancer LoadBalancerStatus `json:"loadBalancer,omitempty"`
+}
+
+// IngressRule represents the rules mapping the paths under a specified host to
+// the related backend services. Incoming requests are first evaluated for a host
+// match, then routed to the backend associated with the matching IngressRuleValue.
+type IngressRule struct {
+	// Host is the fully qualified domain name of a network host, as defined
+	// by RFC 3986. Note the following deviations from the "host" part of the
+	// URI as defined in the RFC:
+	// 1. IPs are not allowed. Currently an IngressRuleValue can only apply to the
+	//	  IP in the Spec of the parent Ingress.
+	// 2. The `:` delimiter is not respected because ports are not allowed.
+	//	  Currently the port of an Ingress is implicitly :80 for http and
+	//	  :443 for https.
+	// Both these may change in the future.
+	// Incoming requests are matched against the host before the IngressRuleValue.
+	// If the host is unspecified, the Ingress routes all traffic based on the
+	// specified IngressRuleValue.
+	Host string `json:"host,omitempty"`
+	// IngressRuleValue represents a rule to route requests for this IngressRule.
+	// If unspecified, the rule defaults to a http catch-all. Whether that sends
+	// just traffic matching the host to the default backend or all traffic to the
+	// default backend, is left to the controller fulfilling the Ingress. Http is
+	// currently the only supported IngressRuleValue.
+	IngressRuleValue `json:",inline,omitempty"`
+}
+
+// IngressRuleValue represents a rule to apply against incoming requests. If the
+// rule is satisfied, the request is routed to the specified backend. Currently
+// mixing different types of rules in a single Ingress is disallowed, so exactly
+// one of the following must be set.
+type IngressRuleValue struct {
+	//TODO:
+	// 1. Consider renaming this resource and the associated rules so they
+	// aren't tied to Ingress. They can be used to route intra-cluster traffic.
+	// 2. Consider adding fields for ingress-type specific global options
+	// usable by a loadbalancer, like http keep-alive.
+
+	HTTP *HTTPIngressRuleValue `json:"http,omitempty"`
+}
+
+// HTTPIngressRuleValue is a list of http selectors pointing to backends.
+// In the example: http://<host>/<path>?<searchpart> -> backend where
+// where parts of the url correspond to RFC 3986, this resource will be used
+// to match against everything after the last '/' and before the first '?'
+// or '#'.
+type HTTPIngressRuleValue struct {
+	// A collection of paths that map requests to backends.
+	Paths []HTTPIngressPath `json:"paths"`
+	// TODO: Consider adding fields for ingress-type specific global
+	// options usable by a loadbalancer, like http keep-alive.
+}
+
+// HTTPIngressPath associates a path regex with a backend. Incoming urls matching
+// the path are forwarded to the backend.
+type HTTPIngressPath struct {
+	// Path is a extended POSIX regex as defined by IEEE Std 1003.1,
+	// (i.e this follows the egrep/unix syntax, not the perl syntax)
+	// matched against the path of an incoming request. Currently it can
+	// contain characters disallowed from the conventional "path"
+	// part of a URL as defined by RFC 3986. Paths must begin with
+	// a '/'. If unspecified, the path defaults to a catch all sending
+	// traffic to the backend.
+	Path string `json:"path,omitempty"`
+
+	// Backend defines the referenced service endpoint to which the traffic
+	// will be forwarded to.
+	Backend IngressBackend `json:"backend"`
+}
+
+// IngressBackend describes all endpoints for a given service and port.
+type IngressBackend struct {
+	// Specifies the name of the referenced service.
+	ServiceName string `json:"serviceName"`
+
+	// Specifies the port of the referenced service.
+	ServicePort IntOrString `json:"servicePort"`
+}

provider/k8s/service.go

@@ -0,0 +1,326 @@
+package k8s
+
+import (
+	"encoding/json"
+	"strconv"
+	"time"
+)
+
+// TypeMeta describes an individual object in an API response or request
+// with strings representing the type of the object and its API schema version.
+// Structures that are versioned or persisted should inline TypeMeta.
+type TypeMeta struct {
+	// Kind is a string value representing the REST resource this object represents.
+	// Servers may infer this from the endpoint the client submits requests to.
+	// Cannot be updated.
+	// In CamelCase.
+	// More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#types-kinds
+	Kind string `json:"kind,omitempty"`
+
+	// APIVersion defines the versioned schema of this representation of an object.
+	// Servers should convert recognized schemas to the latest internal value, and
+	// may reject unrecognized values.
+	// More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#resources
+	APIVersion string `json:"apiVersion,omitempty"`
+}
+
+// ObjectMeta is metadata that all persisted resources must have, which includes all objects
+// users must create.
+type ObjectMeta struct {
+	// Name is unique within a namespace.  Name is required when creating resources, although
+	// some resources may allow a client to request the generation of an appropriate name
+	// automatically. Name is primarily intended for creation idempotence and configuration
+	// definition.
+	Name string `json:"name,omitempty"`
+
+	// GenerateName indicates that the name should be made unique by the server prior to persisting
+	// it. A non-empty value for the field indicates the name will be made unique (and the name
+	// returned to the client will be different than the name passed). The value of this field will
+	// be combined with a unique suffix on the server if the Name field has not been provided.
+	// The provided value must be valid within the rules for Name, and may be truncated by the length
+	// of the suffix required to make the value unique on the server.
+	//
+	// If this field is specified, and Name is not present, the server will NOT return a 409 if the
+	// generated name exists - instead, it will either return 201 Created or 500 with Reason
+	// ServerTimeout indicating a unique name could not be found in the time allotted, and the client
+	// should retry (optionally after the time indicated in the Retry-After header).
+	GenerateName string `json:"generateName,omitempty"`
+
+	// Namespace defines the space within which name must be unique. An empty namespace is
+	// equivalent to the "default" namespace, but "default" is the canonical representation.
+	// Not all objects are required to be scoped to a namespace - the value of this field for
+	// those objects will be empty.
+	Namespace string `json:"namespace,omitempty"`
+
+	// SelfLink is a URL representing this object.
+	SelfLink string `json:"selfLink,omitempty"`
+
+	// UID is the unique in time and space value for this object. It is typically generated by
+	// the server on successful creation of a resource and is not allowed to change on PUT
+	// operations.
+	UID UID `json:"uid,omitempty"`
+
+	// An opaque value that represents the version of this resource. May be used for optimistic
+	// concurrency, change detection, and the watch operation on a resource or set of resources.
+	// Clients must treat these values as opaque and values may only be valid for a particular
+	// resource or set of resources. Only servers will generate resource versions.
+	ResourceVersion string `json:"resourceVersion,omitempty"`
+
+	// A sequence number representing a specific generation of the desired state.
+	// Populated by the system. Read-only.
+	Generation int64 `json:"generation,omitempty"`
+
+	// CreationTimestamp is a timestamp representing the server time when this object was
+	// created. It is not guaranteed to be set in happens-before order across separate operations.
+	// Clients may not set this value. It is represented in RFC3339 form and is in UTC.
+	CreationTimestamp Time `json:"creationTimestamp,omitempty"`
+
+	// DeletionTimestamp is the time after which this resource will be deleted. This
+	// field is set by the server when a graceful deletion is requested by the user, and is not
+	// directly settable by a client. The resource will be deleted (no longer visible from
+	// resource lists, and not reachable by name) after the time in this field. Once set, this
+	// value may not be unset or be set further into the future, although it may be shortened
+	// or the resource may be deleted prior to this time. For example, a user may request that
+	// a pod is deleted in 30 seconds. The Kubelet will react by sending a graceful termination
+	// signal to the containers in the pod. Once the resource is deleted in the API, the Kubelet
+	// will send a hard termination signal to the container.
+	DeletionTimestamp *Time `json:"deletionTimestamp,omitempty"`
+
+	// DeletionGracePeriodSeconds records the graceful deletion value set when graceful deletion
+	// was requested. Represents the most recent grace period, and may only be shortened once set.
+	DeletionGracePeriodSeconds *int64 `json:"deletionGracePeriodSeconds,omitempty"`
+
+	// Labels are key value pairs that may be used to scope and select individual resources.
+	// Label keys are of the form:
+	//     label-key ::= prefixed-name | name
+	//     prefixed-name ::= prefix '/' name
+	//     prefix ::= DNS_SUBDOMAIN
+	//     name ::= DNS_LABEL
+	// The prefix is optional.  If the prefix is not specified, the key is assumed to be private
+	// to the user.  Other system components that wish to use labels must specify a prefix.  The
+	// "kubernetes.io/" prefix is reserved for use by kubernetes components.
+	// TODO: replace map[string]string with labels.LabelSet type
+	Labels map[string]string `json:"labels,omitempty"`
+
+	// Annotations are unstructured key value data stored with a resource that may be set by
+	// external tooling. They are not queryable and should be preserved when modifying
+	// objects.  Annotation keys have the same formatting restrictions as Label keys. See the
+	// comments on Labels for details.
+	Annotations map[string]string `json:"annotations,omitempty"`
+}
+
+// UID is a type that holds unique ID values, including UUIDs.  Because we
+// don't ONLY use UUIDs, this is an alias to string.  Being a type captures
+// intent and helps make sure that UIDs and names do not get conflated.
+type UID string
+
+// Time is a wrapper around time.Time which supports correct
+// marshaling to YAML and JSON.  Wrappers are provided for many
+// of the factory methods that the time package offers.
+//
+// +protobuf.options.marshal=false
+// +protobuf.as=Timestamp
+type Time struct {
+	time.Time `protobuf:"-"`
+}
+
+// Service is a named abstraction of software service (for example, mysql) consisting of local port
+// (for example 3306) that the proxy listens on, and the selector that determines which pods
+// will answer requests sent through the proxy.
+type Service struct {
+	TypeMeta   `json:",inline"`
+	ObjectMeta `json:"metadata,omitempty"`
+
+	// Spec defines the behavior of a service.
+	Spec ServiceSpec `json:"spec,omitempty"`
+
+	// Status represents the current status of a service.
+	Status ServiceStatus `json:"status,omitempty"`
+}
+
+// ServiceSpec describes the attributes that a user creates on a service
+type ServiceSpec struct {
+	// Type determines how the service will be exposed.  Valid options: ClusterIP, NodePort, LoadBalancer
+	Type ServiceType `json:"type,omitempty"`
+
+	// Required: The list of ports that are exposed by this service.
+	Ports []ServicePort `json:"ports"`
+
+	// This service will route traffic to pods having labels matching this selector. If empty or not present,
+	// the service is assumed to have endpoints set by an external process and Kubernetes will not modify
+	// those endpoints.
+	Selector map[string]string `json:"selector"`
+
+	// ClusterIP is usually assigned by the master.  If specified by the user
+	// we will try to respect it or else fail the request.  This field can
+	// not be changed by updates.
+	// Valid values are None, empty string (""), or a valid IP address
+	// None can be specified for headless services when proxying is not required
+	ClusterIP string `json:"clusterIP,omitempty"`
+
+	// ExternalIPs are used by external load balancers, or can be set by
+	// users to handle external traffic that arrives at a node.
+	ExternalIPs []string `json:"externalIPs,omitempty"`
+
+	// Only applies to Service Type: LoadBalancer
+	// LoadBalancer will get created with the IP specified in this field.
+	// This feature depends on whether the underlying cloud-provider supports specifying
+	// the loadBalancerIP when a load balancer is created.
+	// This field will be ignored if the cloud-provider does not support the feature.
+	LoadBalancerIP string `json:"loadBalancerIP,omitempty"`
+
+	// Required: Supports "ClientIP" and "None".  Used to maintain session affinity.
+	SessionAffinity ServiceAffinity `json:"sessionAffinity,omitempty"`
+}
+
+// ServicePort service port
+type ServicePort struct {
+	// Optional if only one ServicePort is defined on this service: The
+	// name of this port within the service.  This must be a DNS_LABEL.
+	// All ports within a ServiceSpec must have unique names.  This maps to
+	// the 'Name' field in EndpointPort objects.
+	Name string `json:"name"`
+
+	// The IP protocol for this port.  Supports "TCP" and "UDP".
+	Protocol Protocol `json:"protocol"`
+
+	// The port that will be exposed on the service.
+	Port int `json:"port"`
+
+	// Optional: The target port on pods selected by this service.  If this
+	// is a string, it will be looked up as a named port in the target
+	// Pod's container ports.  If this is not specified, the value
+	// of the 'port' field is used (an identity map).
+	// This field is ignored for services with clusterIP=None, and should be
+	// omitted or set equal to the 'port' field.
+	TargetPort IntOrString `json:"targetPort"`
+
+	// The port on each node on which this service is exposed.
+	// Default is to auto-allocate a port if the ServiceType of this Service requires one.
+	NodePort int `json:"nodePort"`
+}
+
+// ServiceStatus represents the current status of a service
+type ServiceStatus struct {
+	// LoadBalancer contains the current status of the load-balancer,
+	// if one is present.
+	LoadBalancer LoadBalancerStatus `json:"loadBalancer,omitempty"`
+}
+
+// LoadBalancerStatus represents the status of a load-balancer
+type LoadBalancerStatus struct {
+	// Ingress is a list containing ingress points for the load-balancer;
+	// traffic intended for the service should be sent to these ingress points.
+	Ingress []LoadBalancerIngress `json:"ingress,omitempty"`
+}
+
+// LoadBalancerIngress represents the status of a load-balancer ingress point:
+// traffic intended for the service should be sent to an ingress point.
+type LoadBalancerIngress struct {
+	// IP is set for load-balancer ingress points that are IP based
+	// (typically GCE or OpenStack load-balancers)
+	IP string `json:"ip,omitempty"`
+
+	// Hostname is set for load-balancer ingress points that are DNS based
+	// (typically AWS load-balancers)
+	Hostname string `json:"hostname,omitempty"`
+}
+
+// ServiceAffinity Session Affinity Type string
+type ServiceAffinity string
+
+// ServiceType Service Type string describes ingress methods for a service
+type ServiceType string
+
+// Protocol defines network protocols supported for things like container ports.
+type Protocol string
+
+// IntOrString is a type that can hold an int32 or a string.  When used in
+// JSON or YAML marshalling and unmarshalling, it produces or consumes the
+// inner type.  This allows you to have, for example, a JSON field that can
+// accept a name or number.
+// TODO: Rename to Int32OrString
+//
+// +protobuf=true
+// +protobuf.options.(gogoproto.goproto_stringer)=false
+type IntOrString struct {
+	Type   Type
+	IntVal int32
+	StrVal string
+}
+
+// FromInt creates an IntOrString object with an int32 value. It is
+// your responsibility not to call this method with a value greater
+// than int32.
+// TODO: convert to (val int32)
+func FromInt(val int) IntOrString {
+	return IntOrString{Type: Int, IntVal: int32(val)}
+}
+
+// FromString creates an IntOrString object with a string value.
+func FromString(val string) IntOrString {
+	return IntOrString{Type: String, StrVal: val}
+}
+
+// String returns the string value, or the Itoa of the int value.
+func (intstr *IntOrString) String() string {
+	if intstr.Type == String {
+		return intstr.StrVal
+	}
+	return strconv.Itoa(intstr.IntValue())
+}
+
+// IntValue returns the IntVal if type Int, or if
+// it is a String, will attempt a conversion to int.
+func (intstr *IntOrString) IntValue() int {
+	if intstr.Type == String {
+		i, _ := strconv.Atoi(intstr.StrVal)
+		return i
+	}
+	return int(intstr.IntVal)
+}
+
+// UnmarshalJSON implements the json.Unmarshaller interface.
+func (intstr *IntOrString) UnmarshalJSON(value []byte) error {
+	if value[0] == '"' {
+		intstr.Type = String
+		return json.Unmarshal(value, &intstr.StrVal)
+	}
+	intstr.Type = Int
+	return json.Unmarshal(value, &intstr.IntVal)
+}
+
+// Type represents the stored type of IntOrString.
+type Type int
+
+const (
+	// Int int
+	Int Type = iota // The IntOrString holds an int.
+	//String string
+	String // The IntOrString holds a string.
+)
+
+// ServiceList holds a list of services.
+type ServiceList struct {
+	TypeMeta `json:",inline"`
+	ListMeta `json:"metadata,omitempty"`
+
+	Items []Service `json:"items"`
+}
+
+// ListMeta describes metadata that synthetic resources must have, including lists and
+// various status objects. A resource may have only one of {ObjectMeta, ListMeta}.
+type ListMeta struct {
+	// SelfLink is a URL representing this object.
+	// Populated by the system.
+	// Read-only.
+	SelfLink string `json:"selfLink,omitempty"`
+
+	// String that identifies the server's internal version of this object that
+	// can be used by clients to determine when objects have changed.
+	// Value must be treated as opaque by clients and passed unmodified back to the server.
+	// Populated by the system.
+	// Read-only.
+	// More info: http://releases.k8s.io/HEAD/docs/devel/api-conventions.md#concurrency-control-and-consistency
+	ResourceVersion string `json:"resourceVersion,omitempty"`
+}

provider/kubernetes.go

@@ -0,0 +1,200 @@
+package provider
+
+import (
+	log "github.com/Sirupsen/logrus"
+	"github.com/cenkalti/backoff"
+	"github.com/containous/traefik/provider/k8s"
+	"github.com/containous/traefik/safe"
+	"github.com/containous/traefik/types"
+	"io"
+	"io/ioutil"
+	"os"
+	"strings"
+	"text/template"
+	"time"
+)
+
+const (
+	serviceAccountToken  = "/var/run/secrets/kubernetes.io/serviceaccount/token"
+	serviceAccountCACert = "/var/run/secrets/kubernetes.io/serviceaccount/ca.crt"
+)
+
+// Kubernetes holds configurations of the Kubernetes provider.
+type Kubernetes struct {
+	BaseProvider `mapstructure:",squash"`
+	Endpoint     string
+}
+
+func (provider *Kubernetes) createClient() (k8s.Client, error) {
+	var token string
+	tokenBytes, err := ioutil.ReadFile(serviceAccountToken)
+	if err == nil {
+		token = string(tokenBytes)
+		log.Debugf("Kubernetes token: %s", token)
+	} else {
+		log.Errorf("Kubernetes load token error: %s", err)
+	}
+	caCert, err := ioutil.ReadFile(serviceAccountCACert)
+	if err == nil {
+		log.Debugf("Kubernetes CA cert: %s", serviceAccountCACert)
+	} else {
+		log.Errorf("Kubernetes load token error: %s", err)
+	}
+	kubernetesHost := os.Getenv("KUBERNETES_SERVICE_HOST")
+	kubernetesPort := os.Getenv("KUBERNETES_SERVICE_PORT_HTTPS")
+	if len(kubernetesPort) > 0 && len(kubernetesHost) > 0 {
+		provider.Endpoint = "https://" + kubernetesHost + ":" + kubernetesPort
+	}
+	log.Debugf("Kubernetes endpoint: %s", provider.Endpoint)
+	return k8s.NewClient(provider.Endpoint, caCert, token)
+}
+
+// Provide allows the provider to provide configurations to traefik
+// using the given configuration channel.
+func (provider *Kubernetes) Provide(configurationChan chan<- types.ConfigMessage, pool *safe.Pool) error {
+	k8sClient, err := provider.createClient()
+	if err != nil {
+		return err
+	}
+	backOff := backoff.NewExponentialBackOff()
+
+	pool.Go(func(stop chan bool) {
+		stopWatch := make(chan bool)
+		defer close(stopWatch)
+		operation := func() error {
+			select {
+			case <-stop:
+				return nil
+			default:
+			}
+			for {
+				eventsChan, errEventsChan, err := k8sClient.WatchAll(stopWatch)
+				if err != nil {
+					log.Errorf("Error watching kubernetes events: %v", err)
+					return err
+				}
+			Watch:
+				for {
+					select {
+					case <-stop:
+						stopWatch <- true
+						return nil
+					case err := <-errEventsChan:
+						if strings.Contains(err.Error(), io.EOF.Error()) {
+							// edge case, kubernetes long-polling disconnection
+							break Watch
+						}
+						return err
+					case event := <-eventsChan:
+						log.Debugf("Received event from kubenetes %+v", event)
+						templateObjects, err := provider.loadIngresses(k8sClient)
+						if err != nil {
+							return err
+						}
+						configurationChan <- types.ConfigMessage{
+							ProviderName:  "kubernetes",
+							Configuration: provider.loadConfig(*templateObjects),
+						}
+					}
+				}
+			}
+		}
+
+		notify := func(err error, time time.Duration) {
+			log.Errorf("Kubernetes connection error %+v, retrying in %s", err, time)
+		}
+		err := backoff.RetryNotify(operation, backOff, notify)
+		if err != nil {
+			log.Fatalf("Cannot connect to Kubernetes server %+v", err)
+		}
+	})
+
+	templateObjects, err := provider.loadIngresses(k8sClient)
+	if err != nil {
+		return err
+	}
+	configurationChan <- types.ConfigMessage{
+		ProviderName:  "kubernetes",
+		Configuration: provider.loadConfig(*templateObjects),
+	}
+
+	return nil
+}
+
+func (provider *Kubernetes) loadIngresses(k8sClient k8s.Client) (*types.Configuration, error) {
+	ingresses, err := k8sClient.GetIngresses(func(ingress k8s.Ingress) bool {
+		return true
+	})
+	if err != nil {
+		log.Errorf("Error retrieving ingresses: %+v", err)
+		return nil, err
+	}
+	templateObjects := types.Configuration{
+		map[string]*types.Backend{},
+		map[string]*types.Frontend{},
+	}
+	for _, i := range ingresses {
+		for _, r := range i.Spec.Rules {
+			for _, pa := range r.HTTP.Paths {
+				if _, exists := templateObjects.Backends[r.Host+pa.Path]; !exists {
+					templateObjects.Backends[r.Host+pa.Path] = &types.Backend{
+						Servers: make(map[string]types.Server),
+					}
+				}
+				if _, exists := templateObjects.Frontends[r.Host+pa.Path]; !exists {
+					templateObjects.Frontends[r.Host+pa.Path] = &types.Frontend{
+						Backend: r.Host + pa.Path,
+						Routes:  make(map[string]types.Route),
+					}
+				}
+				if _, exists := templateObjects.Frontends[r.Host+pa.Path].Routes[r.Host]; !exists {
+					templateObjects.Frontends[r.Host+pa.Path].Routes[r.Host] = types.Route{
+						Rule: "Host:" + r.Host,
+					}
+				}
+				if len(pa.Path) > 0 {
+					templateObjects.Frontends[r.Host+pa.Path].Routes[pa.Path] = types.Route{
+						Rule: "PathPrefixStrip:" + pa.Path,
+					}
+				}
+				services, err := k8sClient.GetServices(func(service k8s.Service) bool {
+					return service.Name == pa.Backend.ServiceName
+				})
+				if err != nil {
+					log.Errorf("Error retrieving services: %v", err)
+					continue
+				}
+				if len(services) == 0 {
+					// no backends found, delete frontend...
+					delete(templateObjects.Frontends, r.Host+pa.Path)
+					log.Errorf("Error retrieving services %s", pa.Backend.ServiceName)
+				}
+				for _, service := range services {
+					protocol := "http"
+					for _, port := range service.Spec.Ports {
+						if port.Port == pa.Backend.ServicePort.IntValue() {
+							if port.Port == 443 {
+								protocol = "https"
+							}
+							templateObjects.Backends[r.Host+pa.Path].Servers[string(service.UID)] = types.Server{
+								URL:    protocol + "://" + service.Spec.ClusterIP + ":" + pa.Backend.ServicePort.String(),
+								Weight: 1,
+							}
+							break
+						}
+					}
+				}
+			}
+		}
+	}
+	return &templateObjects, nil
+}
+
+func (provider *Kubernetes) loadConfig(templateObjects types.Configuration) *types.Configuration {
+	var FuncMap = template.FuncMap{}
+	configuration, err := provider.getConfiguration("templates/kubernetes.tmpl", FuncMap, templateObjects)
+	if err != nil {
+		log.Error(err)
+	}
+	return configuration
+}

provider/kubernetes_test.go

@@ -0,0 +1,187 @@
+package provider
+
+import (
+	"encoding/json"
+	"github.com/containous/traefik/provider/k8s"
+	"github.com/containous/traefik/types"
+	"reflect"
+	"testing"
+)
+
+func TestLoadIngresses(t *testing.T) {
+	ingresses := []k8s.Ingress{{
+		Spec: k8s.IngressSpec{
+			Rules: []k8s.IngressRule{
+				{
+					Host: "foo",
+					IngressRuleValue: k8s.IngressRuleValue{
+						HTTP: &k8s.HTTPIngressRuleValue{
+							Paths: []k8s.HTTPIngressPath{
+								{
+									Path: "/bar",
+									Backend: k8s.IngressBackend{
+										ServiceName: "service1",
+										ServicePort: k8s.FromInt(801),
+									},
+								},
+							},
+						},
+					},
+				},
+				{
+					Host: "bar",
+					IngressRuleValue: k8s.IngressRuleValue{
+						HTTP: &k8s.HTTPIngressRuleValue{
+							Paths: []k8s.HTTPIngressPath{
+								{
+									Backend: k8s.IngressBackend{
+										ServiceName: "service3",
+										ServicePort: k8s.FromInt(443),
+									},
+								},
+								{
+									Backend: k8s.IngressBackend{
+										ServiceName: "service2",
+										ServicePort: k8s.FromInt(802),
+									},
+								},
+							},
+						},
+					},
+				},
+			},
+		},
+	}}
+	services := []k8s.Service{
+		{
+			ObjectMeta: k8s.ObjectMeta{
+				Name: "service1",
+				UID:  "1",
+			},
+			Spec: k8s.ServiceSpec{
+				ClusterIP: "10.0.0.1",
+				Ports: []k8s.ServicePort{
+					{
+						Name: "http",
+						Port: 801,
+					},
+				},
+			},
+		},
+		{
+			ObjectMeta: k8s.ObjectMeta{
+				Name: "service2",
+				UID:  "2",
+			},
+			Spec: k8s.ServiceSpec{
+				ClusterIP: "10.0.0.2",
+				Ports: []k8s.ServicePort{
+					{
+						Port: 802,
+					},
+				},
+			},
+		},
+		{
+			ObjectMeta: k8s.ObjectMeta{
+				Name: "service3",
+				UID:  "3",
+			},
+			Spec: k8s.ServiceSpec{
+				ClusterIP: "10.0.0.3",
+				Ports: []k8s.ServicePort{
+					{
+						Name: "http",
+						Port: 443,
+					},
+				},
+			},
+		},
+	}
+	watchChan := make(chan interface{})
+	client := clientMock{
+		ingresses: ingresses,
+		services:  services,
+		watchChan: watchChan,
+	}
+	provider := Kubernetes{}
+	actual, err := provider.loadIngresses(client)
+	if err != nil {
+		t.Fatalf("error %+v", err)
+	}
+
+	expected := &types.Configuration{
+		Backends: map[string]*types.Backend{
+			"foo/bar": {
+				Servers: map[string]types.Server{
+					"1": {
+						URL:    "http://10.0.0.1:801",
+						Weight: 1,
+					},
+				},
+				CircuitBreaker: nil,
+				LoadBalancer:   nil,
+			},
+			"bar": {
+				Servers: map[string]types.Server{
+					"2": {
+						URL:    "http://10.0.0.2:802",
+						Weight: 1,
+					},
+					"3": {
+						URL:    "https://10.0.0.3:443",
+						Weight: 1,
+					},
+				},
+				CircuitBreaker: nil,
+				LoadBalancer:   nil,
+			},
+		},
+		Frontends: map[string]*types.Frontend{
+			"foo/bar": {
+				Backend: "foo/bar",
+				Routes: map[string]types.Route{
+					"/bar": {
+						Rule: "PathPrefixStrip:/bar",
+					},
+					"foo": {
+						Rule: "Host:foo",
+					},
+				},
+			},
+			"bar": {
+				Backend: "bar",
+				Routes: map[string]types.Route{
+					"bar": {
+						Rule: "Host:bar",
+					},
+				},
+			},
+		},
+	}
+	actualJSON, _ := json.Marshal(actual)
+	expectedJSON, _ := json.Marshal(expected)
+
+	if !reflect.DeepEqual(actual, expected) {
+		t.Fatalf("expected %+v, got %+v", string(expectedJSON), string(actualJSON))
+	}
+}
+
+type clientMock struct {
+	ingresses []k8s.Ingress
+	services  []k8s.Service
+	watchChan chan interface{}
+}
+
+func (c clientMock) GetIngresses(predicate func(k8s.Ingress) bool) ([]k8s.Ingress, error) {
+	return c.ingresses, nil
+}
+func (c clientMock) WatchIngresses(predicate func(k8s.Ingress) bool, stopCh <-chan bool) (chan interface{}, chan error, error) {
+	return c.watchChan, make(chan error), nil
+}
+func (c clientMock) GetServices(predicate func(k8s.Service) bool) ([]k8s.Service, error) {
+	return c.services, nil
+}
+func (c clientMock) WatchAll(stopCh <-chan bool) (chan interface{}, chan error, error) {
+	return c.watchChan, make(chan error), nil
+}

provider/kv.go

@@ -10,8 +10,10 @@ import (
 	"text/template"
 	"time"
 
+	"errors"
 	"github.com/BurntSushi/ty/fun"
 	log "github.com/Sirupsen/logrus"
+	"github.com/cenkalti/backoff"
 	"github.com/containous/traefik/safe"
 	"github.com/containous/traefik/types"
 	"github.com/docker/libkv"
@@ -36,28 +38,42 @@ type KvTLS struct {
 	InsecureSkipVerify bool
 }
 
-func (provider *Kv) watchKv(configurationChan chan<- types.ConfigMessage, prefix string) {
-	for {
-		chanKeys, err := provider.kvclient.WatchTree(provider.Prefix, make(chan struct{}) /* stop chan */)
+func (provider *Kv) watchKv(configurationChan chan<- types.ConfigMessage, prefix string, stop chan bool) {
+	operation := func() error {
+		events, err := provider.kvclient.WatchTree(provider.Prefix, make(chan struct{}) /* stop chan */)
 		if err != nil {
 			log.Errorf("Failed to WatchTree %s", err)
-			continue
+			return err
 		}
-
-		for range chanKeys {
-			configuration := provider.loadConfig()
-			if configuration != nil {
-				configurationChan <- types.ConfigMessage{
-					ProviderName:  string(provider.storeType),
-					Configuration: configuration,
+		for {
+			select {
+			case <-stop:
+				return nil
+			case _, ok := <-events:
+				if !ok {
+					return errors.New("watchtree channel closed")
+				}
+				configuration := provider.loadConfig()
+				if configuration != nil {
+					configurationChan <- types.ConfigMessage{
+						ProviderName:  string(provider.storeType),
+						Configuration: configuration,
+					}
 				}
 			}
 		}
-		log.Warnf("Intermittent failure to WatchTree KV. Retrying.")
+	}
+
+	notify := func(err error, time time.Duration) {
+		log.Errorf("KV connection error %+v, retrying in %s", err, time)
+	}
+	err := backoff.RetryNotify(operation, backoff.NewExponentialBackOff(), notify)
+	if err != nil {
+		log.Fatalf("Cannot connect to KV server %+v", err)
 	}
 }
 
-func (provider *Kv) provide(configurationChan chan<- types.ConfigMessage) error {
+func (provider *Kv) provide(configurationChan chan<- types.ConfigMessage, pool *safe.Pool) error {
 	storeConfig := &store.Config{
 		ConnectionTimeout: 30 * time.Second,
 		Bucket:            "traefik",
@@ -89,27 +105,37 @@ func (provider *Kv) provide(configurationChan chan<- types.ConfigMessage) error
 		}
 	}
 
-	kv, err := libkv.NewStore(
-		provider.storeType,
-		strings.Split(provider.Endpoint, ","),
-		storeConfig,
-	)
+	operation := func() error {
+		kv, err := libkv.NewStore(
+			provider.storeType,
+			strings.Split(provider.Endpoint, ","),
+			storeConfig,
+		)
+		if err != nil {
+			return err
+		}
+		if _, err := kv.List(""); err != nil {
+			return err
+		}
+		provider.kvclient = kv
+		if provider.Watch {
+			pool.Go(func(stop chan bool) {
+				provider.watchKv(configurationChan, provider.Prefix, stop)
+			})
+		}
+		configuration := provider.loadConfig()
+		configurationChan <- types.ConfigMessage{
+			ProviderName:  string(provider.storeType),
+			Configuration: configuration,
+		}
+		return nil
+	}
+	notify := func(err error, time time.Duration) {
+		log.Errorf("KV connection error %+v, retrying in %s", err, time)
+	}
+	err := backoff.RetryNotify(operation, backoff.NewExponentialBackOff(), notify)
 	if err != nil {
-		return err
-	}
-	if _, err := kv.List(""); err != nil {
-		return err
-	}
-	provider.kvclient = kv
-	if provider.Watch {
-		safe.Go(func() {
-			provider.watchKv(configurationChan, provider.Prefix)
-		})
-	}
-	configuration := provider.loadConfig()
-	configurationChan <- types.ConfigMessage{
-		ProviderName:  string(provider.storeType),
-		Configuration: configuration,
+		log.Fatalf("Cannot connect to KV server %+v", err)
 	}
 	return nil
 }

provider/kv_test.go

@@ -7,7 +7,6 @@ import (
 	"testing"
 	"time"
 
-	"github.com/containous/traefik/safe"
 	"github.com/docker/libkv/store"
 	"reflect"
 	"sort"
@@ -81,7 +80,7 @@ func TestKvList(t *testing.T) {
 				},
 			},
 			keys:     []string{"foo", "/baz/"},
-			expected: []string{"foo/baz/biz", "foo/baz/1", "foo/baz/2"},
+			expected: []string{"foo/baz/1", "foo/baz/2"},
 		},
 	}
 
@@ -257,9 +256,9 @@ func TestKvWatchTree(t *testing.T) {
 	}
 
 	configChan := make(chan types.ConfigMessage)
-	safe.Go(func() {
-		provider.watchKv(configChan, "prefix")
-	})
+	go func() {
+		provider.watchKv(configChan, "prefix", make(chan bool, 1))
+	}()
 
 	select {
 	case c1 := <-returnedChans:
@@ -339,7 +338,7 @@ func (s *Mock) List(prefix string) ([]*store.KVPair, error) {
 	}
 	kv := []*store.KVPair{}
 	for _, kvPair := range s.KVPairs {
-		if strings.HasPrefix(kvPair.Key, prefix) {
+		if strings.HasPrefix(kvPair.Key, prefix) && !strings.ContainsAny(strings.TrimPrefix(kvPair.Key, prefix), "/") {
 			kv = append(kv, kvPair)
 		}
 	}
@@ -365,3 +364,86 @@ func (s *Mock) AtomicDelete(key string, previous *store.KVPair) (bool, error) {
 func (s *Mock) Close() {
 	return
 }
+
+func TestKVLoadConfig(t *testing.T) {
+	provider := &Kv{
+		Prefix: "traefik",
+		kvclient: &Mock{
+			KVPairs: []*store.KVPair{
+				{
+					Key:   "traefik/frontends/frontend.with.dot",
+					Value: []byte(""),
+				},
+				{
+					Key:   "traefik/frontends/frontend.with.dot/backend",
+					Value: []byte("backend.with.dot.too"),
+				},
+				{
+					Key:   "traefik/frontends/frontend.with.dot/routes",
+					Value: []byte(""),
+				},
+				{
+					Key:   "traefik/frontends/frontend.with.dot/routes/route.with.dot",
+					Value: []byte(""),
+				},
+				{
+					Key:   "traefik/frontends/frontend.with.dot/routes/route.with.dot/rule",
+					Value: []byte("Host:test.localhost"),
+				},
+				{
+					Key:   "traefik/backends/backend.with.dot.too",
+					Value: []byte(""),
+				},
+				{
+					Key:   "traefik/backends/backend.with.dot.too/servers",
+					Value: []byte(""),
+				},
+				{
+					Key:   "traefik/backends/backend.with.dot.too/servers/server.with.dot",
+					Value: []byte(""),
+				},
+				{
+					Key:   "traefik/backends/backend.with.dot.too/servers/server.with.dot/url",
+					Value: []byte("http://172.17.0.2:80"),
+				},
+				{
+					Key:   "traefik/backends/backend.with.dot.too/servers/server.with.dot/weight",
+					Value: []byte("1"),
+				},
+			},
+		},
+	}
+	actual := provider.loadConfig()
+	expected := &types.Configuration{
+		Backends: map[string]*types.Backend{
+			"backend.with.dot.too": {
+				Servers: map[string]types.Server{
+					"server.with.dot": {
+						URL:    "http://172.17.0.2:80",
+						Weight: 1,
+					},
+				},
+				CircuitBreaker: nil,
+				LoadBalancer:   nil,
+			},
+		},
+		Frontends: map[string]*types.Frontend{
+			"frontend.with.dot": {
+				Backend:        "backend.with.dot.too",
+				PassHostHeader: false,
+				EntryPoints:    []string{},
+				Routes: map[string]types.Route{
+					"route.with.dot": {
+						Rule: "Host:test.localhost",
+					},
+				},
+			},
+		},
+	}
+	if !reflect.DeepEqual(actual.Backends, expected.Backends) {
+		t.Fatalf("expected %+v, got %+v", expected.Backends, actual.Backends)
+	}
+	if !reflect.DeepEqual(actual.Frontends, expected.Frontends) {
+		t.Fatalf("expected %+v, got %+v", expected.Frontends, actual.Frontends)
+	}
+}

provider/marathon.go

@@ -10,10 +10,12 @@ import (
 	"crypto/tls"
 	"github.com/BurntSushi/ty/fun"
 	log "github.com/Sirupsen/logrus"
+	"github.com/cenkalti/backoff"
 	"github.com/containous/traefik/safe"
 	"github.com/containous/traefik/types"
 	"github.com/gambol99/go-marathon"
 	"net/http"
+	"time"
 )
 
 // Marathon holds configuration of the Marathon provider.
@@ -40,50 +42,65 @@ type lightMarathonClient interface {
 
 // Provide allows the provider to provide configurations to traefik
 // using the given configuration channel.
-func (provider *Marathon) Provide(configurationChan chan<- types.ConfigMessage) error {
-	config := marathon.NewDefaultConfig()
-	config.URL = provider.Endpoint
-	config.EventsTransport = marathon.EventsTransportSSE
-	if provider.Basic != nil {
-		config.HTTPBasicAuthUser = provider.Basic.HTTPBasicAuthUser
-		config.HTTPBasicPassword = provider.Basic.HTTPBasicPassword
-	}
-	config.HTTPClient = &http.Client{
-		Transport: &http.Transport{
-			TLSClientConfig: provider.TLS,
-		},
-	}
-	client, err := marathon.NewClient(config)
-	if err != nil {
-		log.Errorf("Failed to create a client for marathon, error: %s", err)
-		return err
-	}
-	provider.marathonClient = client
-	update := make(marathon.EventsChannel, 5)
-	if provider.Watch {
-		if err := client.AddEventsListener(update, marathon.EVENTS_APPLICATIONS); err != nil {
-			log.Errorf("Failed to register for events, %s", err)
-		} else {
-			safe.Go(func() {
+func (provider *Marathon) Provide(configurationChan chan<- types.ConfigMessage, pool *safe.Pool) error {
+	operation := func() error {
+		config := marathon.NewDefaultConfig()
+		config.URL = provider.Endpoint
+		config.EventsTransport = marathon.EventsTransportSSE
+		if provider.Basic != nil {
+			config.HTTPBasicAuthUser = provider.Basic.HTTPBasicAuthUser
+			config.HTTPBasicPassword = provider.Basic.HTTPBasicPassword
+		}
+		config.HTTPClient = &http.Client{
+			Transport: &http.Transport{
+				TLSClientConfig: provider.TLS,
+			},
+		}
+		client, err := marathon.NewClient(config)
+		if err != nil {
+			log.Errorf("Failed to create a client for marathon, error: %s", err)
+			return err
+		}
+		provider.marathonClient = client
+		update := make(marathon.EventsChannel, 5)
+		if provider.Watch {
+			if err := client.AddEventsListener(update, marathon.EVENTS_APPLICATIONS); err != nil {
+				log.Errorf("Failed to register for events, %s", err)
+				return err
+			}
+			pool.Go(func(stop chan bool) {
+				defer close(update)
 				for {
-					event := <-update
-					log.Debug("Marathon event receveived", event)
-					configuration := provider.loadMarathonConfig()
-					if configuration != nil {
-						configurationChan <- types.ConfigMessage{
-							ProviderName:  "marathon",
-							Configuration: configuration,
+					select {
+					case <-stop:
+						return
+					case event := <-update:
+						log.Debug("Marathon event receveived", event)
+						configuration := provider.loadMarathonConfig()
+						if configuration != nil {
+							configurationChan <- types.ConfigMessage{
+								ProviderName:  "marathon",
+								Configuration: configuration,
+							}
 						}
 					}
 				}
 			})
 		}
+		configuration := provider.loadMarathonConfig()
+		configurationChan <- types.ConfigMessage{
+			ProviderName:  "marathon",
+			Configuration: configuration,
+		}
+		return nil
 	}
 
-	configuration := provider.loadMarathonConfig()
-	configurationChan <- types.ConfigMessage{
-		ProviderName:  "marathon",
-		Configuration: configuration,
+	notify := func(err error, time time.Duration) {
+		log.Errorf("Marathon connection error %+v, retrying in %s", err, time)
+	}
+	err := backoff.RetryNotify(operation, backoff.NewExponentialBackOff(), notify)
+	if err != nil {
+		log.Fatalf("Cannot connect to Marathon server %+v", err)
 	}
 	return nil
 }

provider/provider.go

@@ -8,6 +8,7 @@ import (
 
 	"github.com/BurntSushi/toml"
 	"github.com/containous/traefik/autogen"
+	"github.com/containous/traefik/safe"
 	"github.com/containous/traefik/types"
 	"unicode"
 )
@@ -16,7 +17,7 @@ import (
 type Provider interface {
 	// Provide allows the provider to provide configurations to traefik
 	// using the given configuration channel.
-	Provide(configurationChan chan<- types.ConfigMessage) error
+	Provide(configurationChan chan<- types.ConfigMessage, pool *safe.Pool) error
 }
 
 // BaseProvider should be inherited by providers

provider/provider_test.go

@@ -74,7 +74,7 @@ func TestConfigurationErrors(t *testing.T) {
 					Filename: templateInvalidTOMLFile.Name(),
 				},
 			},
-			expectedError: "Near line 1, key 'Hello': Near line 1: Expected key separator '=', but got '<' instead",
+			expectedError: "Near line 1 (last key parsed 'Hello'): Expected key separator '=', but got '<' instead",
 			funcMap: template.FuncMap{
 				"Foo": func() string {
 					return "bar"
@@ -168,3 +168,41 @@ func TestReplace(t *testing.T) {
 		}
 	}
 }
+
+func TestGetConfigurationReturnsCorrectMaxConnConfiguration(t *testing.T) {
+	templateFile, err := ioutil.TempFile("", "provider-configuration")
+	if err != nil {
+		t.Fatal(err)
+	}
+	defer os.RemoveAll(templateFile.Name())
+	data := []byte(`[backends]
+  [backends.backend1]
+    [backends.backend1.maxconn]
+      amount = 10
+      extractorFunc = "request.host"`)
+	err = ioutil.WriteFile(templateFile.Name(), data, 0700)
+	if err != nil {
+		t.Fatal(err)
+	}
+
+	provider := &myProvider{
+		BaseProvider{
+			Filename: templateFile.Name(),
+		},
+	}
+	configuration, err := provider.getConfiguration(templateFile.Name(), nil, nil)
+	if err != nil {
+		t.Fatalf("Shouldn't have error out, got %v", err)
+	}
+	if configuration == nil {
+		t.Fatalf("Configuration should not be nil, but was")
+	}
+
+	if configuration.Backends["backend1"].MaxConn.Amount != 10 {
+		t.Fatalf("Configuration did not parse MaxConn.Amount properly")
+	}
+
+	if configuration.Backends["backend1"].MaxConn.ExtractorFunc != "request.host" {
+		t.Fatalf("Configuration did not parse MaxConn.ExtractorFunc properly")
+	}
+}

provider/zk.go

@@ -1,6 +1,7 @@
 package provider
 
 import (
+	"github.com/containous/traefik/safe"
 	"github.com/containous/traefik/types"
 	"github.com/docker/libkv/store"
 	"github.com/docker/libkv/store/zookeeper"
@@ -13,8 +14,8 @@ type Zookepper struct {
 
 // Provide allows the provider to provide configurations to traefik
 // using the given configuration channel.
-func (provider *Zookepper) Provide(configurationChan chan<- types.ConfigMessage) error {
+func (provider *Zookepper) Provide(configurationChan chan<- types.ConfigMessage, pool *safe.Pool) error {
 	provider.storeType = store.ZK
 	zookeeper.Register()
-	return provider.provide(configurationChan)
+	return provider.provide(configurationChan, pool)
 }

rules.go

@@ -3,6 +3,7 @@ package main
 import (
 	"errors"
 	"github.com/gorilla/mux"
+	"net"
 	"net/http"
 	"reflect"
 	"sort"
@@ -12,12 +13,17 @@ import (
 // Rules holds rule parsing and configuration
 type Rules struct {
 	route *serverRoute
+	err   error
 }
 
 func (r *Rules) host(hosts ...string) *mux.Route {
 	return r.route.route.MatcherFunc(func(req *http.Request, route *mux.RouteMatch) bool {
+		reqHost, _, err := net.SplitHostPort(req.Host)
+		if err != nil {
+			reqHost = req.Host
+		}
 		for _, host := range hosts {
-			if strings.EqualFold(req.Host, strings.TrimSpace(host)) {
+			if reqHost == strings.TrimSpace(host) {
 				return true
 			}
 		}
@@ -110,7 +116,7 @@ func (r *Rules) Parse(expression string) (*mux.Route, error) {
 	}
 	parsedFunction, ok := functions[parsedFunctions[0]]
 	if !ok {
-		return nil, errors.New("Error parsing rule: " + expression + ". Unknow function: " + parsedFunctions[0])
+		return nil, errors.New("Error parsing rule: " + expression + ". Unknown function: " + parsedFunctions[0])
 	}
 	parsedFunctions = append(parsedFunctions[:0], parsedFunctions[1:]...)
 	fargs := func(c rune) bool {
@@ -129,6 +135,9 @@ func (r *Rules) Parse(expression string) (*mux.Route, error) {
 	method := reflect.ValueOf(parsedFunction)
 	if method.IsValid() {
 		resultRoute := method.Call(inputs)[0].Interface().(*mux.Route)
+		if r.err != nil {
+			return nil, r.err
+		}
 		if resultRoute.GetError() != nil {
 			return nil, resultRoute.GetError()
 		}

safe/routine.go

@@ -0,0 +1,70 @@
+package safe
+
+import (
+	"log"
+	"runtime/debug"
+	"sync"
+)
+
+type routine struct {
+	goroutine func(chan bool)
+	stop      chan bool
+}
+
+// Pool creates a pool of go routines
+type Pool struct {
+	routines  []routine
+	waitGroup sync.WaitGroup
+	lock      sync.Mutex
+}
+
+// Go starts a recoverable goroutine, and can be stopped with stop chan
+func (p *Pool) Go(goroutine func(stop chan bool)) {
+	p.lock.Lock()
+	newRoutine := routine{
+		goroutine: goroutine,
+		stop:      make(chan bool, 1),
+	}
+	p.routines = append(p.routines, newRoutine)
+	p.waitGroup.Add(1)
+	Go(func() {
+		goroutine(newRoutine.stop)
+		p.waitGroup.Done()
+	})
+	p.lock.Unlock()
+}
+
+// Stop stops all started routines, waiting for their termination
+func (p *Pool) Stop() {
+	p.lock.Lock()
+	for _, routine := range p.routines {
+		routine.stop <- true
+	}
+	p.waitGroup.Wait()
+	for _, routine := range p.routines {
+		close(routine.stop)
+	}
+	p.lock.Unlock()
+}
+
+// Go starts a recoverable goroutine
+func Go(goroutine func()) {
+	GoWithRecover(goroutine, defaultRecoverGoroutine)
+}
+
+// GoWithRecover starts a recoverable goroutine using given customRecover() function
+func GoWithRecover(goroutine func(), customRecover func(err interface{})) {
+	go func() {
+		defer func() {
+			if err := recover(); err != nil {
+				customRecover(err)
+			}
+		}()
+		goroutine()
+	}()
+}
+
+func defaultRecoverGoroutine(err interface{}) {
+	log.Println(err)
+	debug.PrintStack()
+}

safe/safe.go

@@ -1,28 +1,30 @@
 package safe
 
 import (
-	"log"
-	"runtime/debug"
+	"sync"
 )
 
-// Go starts a recoverable goroutine
-func Go(goroutine func()) {
-	GoWithRecover(goroutine, defaultRecoverGoroutine)
+// Safe contains a thread-safe value
+type Safe struct {
+	value interface{}
+	lock  sync.RWMutex
 }
 
-// GoWithRecover starts a recoverable goroutine using given customRecover() function
-func GoWithRecover(goroutine func(), customRecover func(err interface{})) {
-	go func() {
-		defer func() {
-			if err := recover(); err != nil {
-				customRecover(err)
-			}
-		}()
-		goroutine()
-	}()
+// New create a new Safe instance given a value
+func New(value interface{}) *Safe {
+	return &Safe{value: value, lock: sync.RWMutex{}}
 }
 
-func defaultRecoverGoroutine(err interface{}) {
-	log.Println(err)
-	debug.PrintStack()
+// Get returns the value
+func (s *Safe) Get() interface{} {
+	s.lock.RLock()
+	defer s.lock.RUnlock()
+	return s.value
+}
+
+// Set sets a new value
+func (s *Safe) Set(value interface{}) {
+	s.lock.Lock()
+	defer s.lock.Unlock()
+	s.value = value
 }

script/binary

@@ -22,4 +22,4 @@ if [ -z "$DATE" ]; then
 fi
 
 # Build binaries
-CGO_ENABLED=0 GOGC=off go build $FLAGS -ldflags "-X main.Version=$VERSION -X main.BuildDate=$DATE" -a -installsuffix nocgo -o dist/traefik .
+CGO_ENABLED=0 GOGC=off go build $FLAGS -ldflags "-s -w -X main.Version=$VERSION -X main.BuildDate=$DATE" -a -installsuffix nocgo -o dist/traefik .

script/deploy.sh

@@ -8,6 +8,9 @@ else
   exit 0
 fi
 
+git config --global user.email "emile@vauge.com"
+git config --global user.name "Emile Vauge"
+
 # load ssh key
 echo "Loading key..."
 openssl aes-256-cbc -d -k "$pass" -in .travis/traefik.id_rsa.enc -out ~/.ssh/traefik.id_rsa
@@ -28,19 +31,32 @@ ghr -t $GITHUB_TOKEN -u containous -r traefik --prerelease ${VERSION} dist/
 
 # update docs.traefik.io
 echo "Generating and updating documentation..."
-mkdocs gh-deploy --clean
+# DOESN'T WORK :'(
+# git remote add ssh git@github.com:containous/traefik.git
+# mkdocs gh-deploy -m $VERSION -c -r ssh
+
+mkdir site
+cd site
+git init
+git remote add origin git@github.com:containous/traefik.git
+git fetch origin
+git checkout gh-pages
+cd ..
+mkdocs build --clean
+cd site
+git add .
+echo $VERSION | git commit --file -
+git push -q -f origin gh-pages > /dev/null 2>&1
 
 # update traefik-library-image repo (official Docker image)
 echo "Updating traefik-library-imag repo..."
-git config --global user.email "emile@vauge.com"
-git config --global user.name "Emile Vauge"
 git clone git@github.com:containous/traefik-library-image.git
 cd traefik-library-image
 ./update.sh $VERSION
 git add -A
 echo $VERSION | git commit --file -
 echo $VERSION | git tag -a $VERSION --file -
-git push -q --follow-tags -u origin master
+git push -q --follow-tags -u origin master > /dev/null 2>&1
 
 # create docker image emilevauge/traefik (compatibility)
 echo "Updating docker emilevauge/traefik image..."

server.go

@@ -15,22 +15,24 @@ import (
 	"regexp"
 	"sort"
 	"strconv"
-	"sync"
 	"syscall"
 	"time"
 
 	log "github.com/Sirupsen/logrus"
 	"github.com/codegangsta/negroni"
 	"github.com/containous/oxy/cbreaker"
+	"github.com/containous/oxy/connlimit"
 	"github.com/containous/oxy/forward"
 	"github.com/containous/oxy/roundrobin"
 	"github.com/containous/oxy/stream"
+	"github.com/containous/oxy/utils"
 	"github.com/containous/traefik/middlewares"
 	"github.com/containous/traefik/provider"
 	"github.com/containous/traefik/safe"
 	"github.com/containous/traefik/types"
 	"github.com/gorilla/mux"
 	"github.com/mailgun/manners"
+	"github.com/streamrail/concurrent-map"
 )
 
 var oxyLogger = &OxyLogger{}
@@ -43,10 +45,10 @@ type Server struct {
 	signals                    chan os.Signal
 	stopChan                   chan bool
 	providers                  []provider.Provider
-	serverLock                 sync.Mutex
-	currentConfigurations      configs
+	currentConfigurations      safe.Safe
 	globalConfiguration        GlobalConfiguration
 	loggerMiddleware           *middlewares.Logger
+	routinesPool               safe.Pool
 }
 
 type serverEntryPoints map[string]*serverEntryPoint
@@ -69,10 +71,11 @@ func NewServer(globalConfiguration GlobalConfiguration) *Server {
 	server.configurationChan = make(chan types.ConfigMessage, 10)
 	server.configurationValidatedChan = make(chan types.ConfigMessage, 10)
 	server.signals = make(chan os.Signal, 1)
-	server.stopChan = make(chan bool)
+	server.stopChan = make(chan bool, 1)
 	server.providers = []provider.Provider{}
 	signal.Notify(server.signals, syscall.SIGINT, syscall.SIGTERM)
-	server.currentConfigurations = make(configs)
+	currentConfigurations := make(configs)
+	server.currentConfigurations.Set(currentConfigurations)
 	server.globalConfiguration = globalConfiguration
 	server.loggerMiddleware = middlewares.NewLogger(globalConfiguration.AccessLogsFile)
 
@@ -82,11 +85,11 @@ func NewServer(globalConfiguration GlobalConfiguration) *Server {
 // Start starts the server and blocks until server is shutted down.
 func (server *Server) Start() {
 	server.startHTTPServers()
-	safe.Go(func() {
-		server.listenProviders()
+	server.routinesPool.Go(func(stop chan bool) {
+		server.listenProviders(stop)
 	})
-	safe.Go(func() {
-		server.listenConfigurations()
+	server.routinesPool.Go(func(stop chan bool) {
+		server.listenConfigurations(stop)
 	})
 	server.configureProviders()
 	server.startProviders()
@@ -104,6 +107,7 @@ func (server *Server) Stop() {
 
 // Close destroys the server
 func (server *Server) Close() {
+	server.routinesPool.Stop()
 	close(server.configurationChan)
 	close(server.configurationValidatedChan)
 	close(server.signals)
@@ -124,58 +128,79 @@ func (server *Server) startHTTPServers() {
 	}
 }
 
-func (server *Server) listenProviders() {
-	lastReceivedConfiguration := time.Unix(0, 0)
-	lastConfigs := make(map[string]*types.ConfigMessage)
+func (server *Server) listenProviders(stop chan bool) {
+	lastReceivedConfiguration := safe.New(time.Unix(0, 0))
+	lastConfigs := cmap.New()
 	for {
-		configMsg := <-server.configurationChan
-		jsonConf, _ := json.Marshal(configMsg.Configuration)
-		log.Debugf("Configuration received from provider %s: %s", configMsg.ProviderName, string(jsonConf))
-		lastConfigs[configMsg.ProviderName] = &configMsg
-		if time.Now().After(lastReceivedConfiguration.Add(time.Duration(server.globalConfiguration.ProvidersThrottleDuration))) {
-			log.Debugf("Last %s config received more than %s, OK", configMsg.ProviderName, server.globalConfiguration.ProvidersThrottleDuration)
-			// last config received more than n s ago
-			server.configurationValidatedChan <- configMsg
-		} else {
-			log.Debugf("Last %s config received less than %s, waiting...", configMsg.ProviderName, server.globalConfiguration.ProvidersThrottleDuration)
-			safe.Go(func() {
-				<-time.After(server.globalConfiguration.ProvidersThrottleDuration)
-				if time.Now().After(lastReceivedConfiguration.Add(time.Duration(server.globalConfiguration.ProvidersThrottleDuration))) {
-					log.Debugf("Waited for %s config, OK", configMsg.ProviderName)
-					server.configurationValidatedChan <- *lastConfigs[configMsg.ProviderName]
-				}
-			})
+		select {
+		case <-stop:
+			return
+		case configMsg, ok := <-server.configurationChan:
+			if !ok {
+				return
+			}
+			jsonConf, _ := json.Marshal(configMsg.Configuration)
+			log.Debugf("Configuration received from provider %s: %s", configMsg.ProviderName, string(jsonConf))
+			lastConfigs.Set(configMsg.ProviderName, &configMsg)
+			lastReceivedConfigurationValue := lastReceivedConfiguration.Get().(time.Time)
+			if time.Now().After(lastReceivedConfigurationValue.Add(time.Duration(server.globalConfiguration.ProvidersThrottleDuration))) {
+				log.Debugf("Last %s config received more than %s, OK", configMsg.ProviderName, server.globalConfiguration.ProvidersThrottleDuration)
+				// last config received more than n s ago
+				server.configurationValidatedChan <- configMsg
+			} else {
+				log.Debugf("Last %s config received less than %s, waiting...", configMsg.ProviderName, server.globalConfiguration.ProvidersThrottleDuration)
+				server.routinesPool.Go(func(stop chan bool) {
+					select {
+					case <-stop:
+						return
+					case <-time.After(server.globalConfiguration.ProvidersThrottleDuration):
+						lastReceivedConfigurationValue := lastReceivedConfiguration.Get().(time.Time)
+						if time.Now().After(lastReceivedConfigurationValue.Add(time.Duration(server.globalConfiguration.ProvidersThrottleDuration))) {
+							log.Debugf("Waited for %s config, OK", configMsg.ProviderName)
+							if lastConfig, ok := lastConfigs.Get(configMsg.ProviderName); ok {
+								server.configurationValidatedChan <- *lastConfig.(*types.ConfigMessage)
+							}
+						}
+					}
+				})
+			}
+			lastReceivedConfiguration.Set(time.Now())
 		}
-		lastReceivedConfiguration = time.Now()
 	}
 }
 
-func (server *Server) listenConfigurations() {
+func (server *Server) listenConfigurations(stop chan bool) {
 	for {
-		configMsg := <-server.configurationValidatedChan
-		if configMsg.Configuration == nil {
-			log.Info("Skipping empty Configuration")
-		} else if reflect.DeepEqual(server.currentConfigurations[configMsg.ProviderName], configMsg.Configuration) {
-			log.Info("Skipping same configuration")
-		} else {
-			// Copy configurations to new map so we don't change current if LoadConfig fails
-			newConfigurations := make(configs)
-			for k, v := range server.currentConfigurations {
-				newConfigurations[k] = v
+		select {
+		case <-stop:
+			return
+		case configMsg, ok := <-server.configurationValidatedChan:
+			if !ok {
+				return
 			}
-			newConfigurations[configMsg.ProviderName] = configMsg.Configuration
-
-			newServerEntryPoints, err := server.loadConfig(newConfigurations, server.globalConfiguration)
-			if err == nil {
-				server.serverLock.Lock()
-				for newServerEntryPointName, newServerEntryPoint := range newServerEntryPoints {
-					server.serverEntryPoints[newServerEntryPointName].httpRouter.UpdateHandler(newServerEntryPoint.httpRouter.GetHandler())
-					log.Infof("Server configuration reloaded on %s", server.serverEntryPoints[newServerEntryPointName].httpServer.Addr)
-				}
-				server.currentConfigurations = newConfigurations
-				server.serverLock.Unlock()
+			currentConfigurations := server.currentConfigurations.Get().(configs)
+			if configMsg.Configuration == nil {
+				log.Infof("Skipping empty Configuration for provider %s", configMsg.ProviderName)
+			} else if reflect.DeepEqual(currentConfigurations[configMsg.ProviderName], configMsg.Configuration) {
+				log.Infof("Skipping same configuration for provider %s", configMsg.ProviderName)
 			} else {
-				log.Error("Error loading new configuration, aborted ", err)
+				// Copy configurations to new map so we don't change current if LoadConfig fails
+				newConfigurations := make(configs)
+				for k, v := range currentConfigurations {
+					newConfigurations[k] = v
+				}
+				newConfigurations[configMsg.ProviderName] = configMsg.Configuration
+
+				newServerEntryPoints, err := server.loadConfig(newConfigurations, server.globalConfiguration)
+				if err == nil {
+					for newServerEntryPointName, newServerEntryPoint := range newServerEntryPoints {
+						server.serverEntryPoints[newServerEntryPointName].httpRouter.UpdateHandler(newServerEntryPoint.httpRouter.GetHandler())
+						log.Infof("Server configuration reloaded on %s", server.serverEntryPoints[newServerEntryPointName].httpServer.Addr)
+					}
+					server.currentConfigurations.Set(newConfigurations)
+				} else {
+					log.Error("Error loading new configuration, aborted ", err)
+				}
 			}
 		}
 	}
@@ -211,6 +236,9 @@ func (server *Server) configureProviders() {
 	if server.globalConfiguration.Boltdb != nil {
 		server.providers = append(server.providers, server.globalConfiguration.Boltdb)
 	}
+	if server.globalConfiguration.Kubernetes != nil {
+		server.providers = append(server.providers, server.globalConfiguration.Kubernetes)
+	}
 }
 
 func (server *Server) startProviders() {
@@ -220,7 +248,7 @@ func (server *Server) startProviders() {
 		log.Infof("Starting provider %v %s", reflect.TypeOf(provider), jsonConf)
 		currentProvider := provider
 		safe.Go(func() {
-			err := currentProvider.Provide(server.configurationChan)
+			err := currentProvider.Provide(server.configurationChan, &server.routinesPool)
 			if err != nil {
 				log.Errorf("Error starting provider %s", err)
 			}
@@ -344,6 +372,7 @@ func (server *Server) loadConfig(configurations configs, globalConfiguration Glo
 	redirectHandlers := make(map[string]http.Handler)
 
 	backends := map[string]http.Handler{}
+	backend2FrontendMap := map[string]string{}
 	for _, configuration := range configurations {
 		frontendNames := sortedFrontendNamesForConfig(configuration)
 		for _, frontendName := range frontendNames {
@@ -351,6 +380,7 @@ func (server *Server) loadConfig(configurations configs, globalConfiguration Glo
 
 			log.Debugf("Creating frontend %s", frontendName)
 			fwd, _ := forward.New(forward.Logger(oxyLogger), forward.PassHostHeader(frontend.PassHostHeader))
+			saveBackend := middlewares.NewSaveBackend(fwd)
 			// default endpoints if not defined in frontends
 			if len(frontend.EntryPoints) == 0 {
 				frontend.EntryPoints = globalConfiguration.DefaultEntryPoints
@@ -386,7 +416,7 @@ func (server *Server) loadConfig(configurations configs, globalConfiguration Glo
 					if backends[frontend.Backend] == nil {
 						log.Debugf("Creating backend %s", frontend.Backend)
 						var lb http.Handler
-						rr, _ := roundrobin.New(fwd)
+						rr, _ := roundrobin.New(saveBackend)
 						if configuration.Backends[frontend.Backend] == nil {
 							return nil, errors.New("Undefined backend: " + frontend.Backend)
 						}
@@ -404,6 +434,7 @@ func (server *Server) loadConfig(configurations configs, globalConfiguration Glo
 								if err != nil {
 									return nil, err
 								}
+								backend2FrontendMap[url.String()] = frontendName
 								log.Debugf("Creating server %s at %s with weight %d", serverName, url.String(), server.Weight)
 								if err := rebalancer.UpsertServer(url, roundrobin.Weight(server.Weight)); err != nil {
 									return nil, err
@@ -417,12 +448,25 @@ func (server *Server) loadConfig(configurations configs, globalConfiguration Glo
 								if err != nil {
 									return nil, err
 								}
+								backend2FrontendMap[url.String()] = frontendName
 								log.Debugf("Creating server %s at %s with weight %d", serverName, url.String(), server.Weight)
 								if err := rr.UpsertServer(url, roundrobin.Weight(server.Weight)); err != nil {
 									return nil, err
 								}
 							}
 						}
+						maxConns := configuration.Backends[frontend.Backend].MaxConn
+						if maxConns != nil && maxConns.Amount != 0 {
+							extractFunc, err := utils.NewExtractor(maxConns.ExtractorFunc)
+							if err != nil {
+								return nil, err
+							}
+							log.Debugf("Creating loadd-balancer connlimit")
+							lb, err = connlimit.New(lb, extractFunc, maxConns.Amount, connlimit.Logger(oxyLogger))
+							if err != nil {
+								return nil, err
+							}
+						}
 						// retry ?
 						if globalConfiguration.Retry != nil {
 							retries := len(configuration.Backends[frontend.Backend].Servers)
@@ -466,6 +510,7 @@ func (server *Server) loadConfig(configurations configs, globalConfiguration Glo
 			}
 		}
 	}
+	middlewares.SetBackend2FrontendMap(&backend2FrontendMap)
 	return serverEntryPoints, nil
 }
 

templates/consul_catalog.tmpl

@@ -1,12 +1,41 @@
-[backends]{{range .Nodes}}
-    [backends.backend-{{getBackend .}}.servers.server-{{.Node.Node | replace "." "-"}}-{{.Service.Port}}]
-    url = "http://{{.Node.Address}}:{{.Service.Port}}"
+[backends]
+{{range $index, $node := .Nodes}}
+  {{if ne (getAttribute "enable" $node.Service.Tags "true") "false"}}
+    [backends.backend-{{getBackend $node}}.servers.{{getBackendName $node $index}}]
+      url = "{{getAttribute "protocol" $node.Service.Tags "http"}}://{{getBackendAddress $node}}:{{$node.Service.Port}}"
+      {{$weight := getAttribute "backend.weight" $node.Service.Tags ""}}
+      {{with $weight}}
+        weight = {{$weight}}
+      {{end}}
+    {{end}}
 {{end}}
 
-[frontends]{{range .Services}}
-  [frontends.frontend-{{.}}]
-  backend = "backend-{{.}}"
-  passHostHeader = false
-    [frontends.frontend-{{.}}.routes.route-host-{{.}}]
-    rule = "{{getFrontendValue .}}"
+{{range .Services}}
+  {{$service := .ServiceName}}
+  {{$circuitBreaker := getAttribute "backend.circuitbreaker" .Attributes ""}}
+  {{with $circuitBreaker}}
+  [backends.backend-{{$service}}.circuitbreaker]
+    expression = "{{$circuitBreaker}}"
+  {{end}}
+
+  {{$loadBalancer := getAttribute "backend.loadbalancer" .Attributes ""}}
+  {{with $loadBalancer}}
+  [backends.backend-{{$service}}.loadbalancer]
+    method = "{{$loadBalancer}}"
+  {{end}}
+{{end}}
+
+[frontends]
+{{range .Services}}
+  [frontends.frontend-{{.ServiceName}}]
+  backend = "backend-{{.ServiceName}}"
+  passHostHeader = {{getAttribute "frontend.passHostHeader" .Attributes "false"}}
+  {{$entryPoints := getAttribute "frontend.entrypoints" .Attributes ""}}
+  {{with $entryPoints}}
+    entrypoints = [{{range getEntryPoints $entryPoints}}
+      "{{.}}",
+    {{end}}]
+  {{end}}
+  [frontends.frontend-{{.ServiceName}}.routes.route-host-{{.ServiceName}}]
+    rule = "{{getFrontendRule .}}"
 {{end}}

templates/kubernetes.tmpl

@@ -0,0 +1,16 @@
+[backends]{{range $backendName, $backend := .Backends}}
+    {{range $serverName, $server := $backend.Servers}}
+    [backends."{{$backendName}}".servers."{{$serverName}}"]
+    url = "{{$server.URL}}"
+    weight = {{$server.Weight}}
+    {{end}}
+{{end}}
+
+[frontends]{{range $frontendName, $frontend := .Frontends}}
+  [frontends."{{$frontendName}}"]
+  backend = "{{$frontend.Backend}}"
+    {{range $routeName, $route := $frontend.Routes}}
+    [frontends."{{$frontendName}}".routes."{{$routeName}}"]
+    rule = "{{$route.Rule}}"
+    {{end}}
+{{end}}

templates/kv.tmpl

@@ -1,24 +1,34 @@
 {{$frontends := List .Prefix "/frontends/" }}
 {{$backends :=  List .Prefix "/backends/"}}
 
-{{range $backends}}
+[backends]{{range $backends}}
 {{$backend := .}}
 {{$servers := List $backend "/servers/" }}
 
 {{$circuitBreaker := Get "" . "/circuitbreaker/" "expression"}}
 {{with $circuitBreaker}}
-[backends.{{Last $backend}}.circuitBreaker]
+[backends."{{Last $backend}}".circuitBreaker]
     expression = "{{$circuitBreaker}}"
 {{end}}
 
 {{$loadBalancer := Get "" . "/loadbalancer/" "method"}}
 {{with $loadBalancer}}
-[backends.{{Last $backend}}.loadBalancer]
+[backends."{{Last $backend}}".loadBalancer]
     method = "{{$loadBalancer}}"
 {{end}}
 
+{{$maxConnAmt := Get "" . "/maxconn/" "amount"}}
+{{$maxConnExtractorFunc := Get "" . "/maxconn/" "extractorfunc"}}
+{{with $maxConnAmt}}
+{{with $maxConnExtractorFunc}}
+[backends."{{Last $backend}}".maxConn]
+    amount = {{$maxConnAmt}}
+    extractorFunc = "{{$maxConnExtractorFunc}}"
+{{end}}
+{{end}}
+
 {{range $servers}}
-[backends.{{Last $backend}}.servers.{{Last .}}]
+[backends."{{Last $backend}}".servers."{{Last .}}"]
     url = "{{Get "" . "/url"}}"
     weight = {{Get ""  . "/weight"}}
 {{end}}
@@ -27,7 +37,7 @@
 [frontends]{{range $frontends}}
     {{$frontend := Last .}}
     {{$entryPoints := SplitGet . "/entrypoints"}}
-    [frontends.{{$frontend}}]
+    [frontends."{{$frontend}}"]
     backend = "{{Get "" . "/backend"}}"
     passHostHeader = {{Get "false" . "/passHostHeader"}}
     entryPoints = [{{range $entryPoints}}
@@ -35,7 +45,7 @@
     {{end}}]
     {{$routes := List . "/routes/"}}
         {{range $routes}}
-        [frontends.{{$frontend}}.routes.{{Last .}}]
+        [frontends."{{$frontend}}".routes."{{Last .}}"]
         rule = "{{Get "" . "/rule"}}"
         {{end}}
 {{end}}

traefik.sample.toml

@@ -323,6 +323,26 @@
 # [marathon.TLS]
 # InsecureSkipVerify = true
 
+################################################################
+# Kubernetes Ingress configuration backend
+################################################################
+# Enable Kubernetes Ingress configuration backend
+#
+# Optional
+#
+# [kubernetes]
+
+# Kubernetes server endpoint
+#
+# When deployed as a replication controller in Kubernetes,
+# Traefik will use env variable KUBERNETES_SERVICE_HOST
+# and KUBERNETES_SERVICE_PORT_HTTPS as endpoint
+# Secure token will be found in /var/run/secrets/kubernetes.io/serviceaccount/token
+# and SSL CA cert in /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
+# 
+# Optional
+#
+# endpoint = "http://localhost:8080"
 
 ################################################################
 # Consul KV configuration backend

types/types.go

@@ -10,6 +10,13 @@ type Backend struct {
 	Servers        map[string]Server `json:"servers,omitempty"`
 	CircuitBreaker *CircuitBreaker   `json:"circuitBreaker,omitempty"`
 	LoadBalancer   *LoadBalancer     `json:"loadBalancer,omitempty"`
+	MaxConn        *MaxConn          `json:"maxConn,omitempty"`
+}
+
+// MaxConn holds maximum connection configuration
+type MaxConn struct {
+	Amount        int64  `json:"amount,omitempty"`
+	ExtractorFunc string `json:"extractorFunc,omitempty"`
 }
 
 // LoadBalancer holds load balancing configuration.

web.go

@@ -8,6 +8,7 @@ import (
 
 	log "github.com/Sirupsen/logrus"
 	"github.com/containous/traefik/autogen"
+	"github.com/containous/traefik/safe"
 	"github.com/containous/traefik/types"
 	"github.com/elazarl/go-bindata-assetfs"
 	"github.com/gorilla/mux"
@@ -34,7 +35,7 @@ var (
 
 // Provide allows the provider to provide configurations to traefik
 // using the given configuration channel.
-func (provider *WebProvider) Provide(configurationChan chan<- types.ConfigMessage) error {
+func (provider *WebProvider) Provide(configurationChan chan<- types.ConfigMessage, pool *safe.Pool) error {
 	systemRouter := mux.NewRouter()
 
 	// health route
@@ -104,13 +105,15 @@ func (provider *WebProvider) getHealthHandler(response http.ResponseWriter, requ
 }
 
 func (provider *WebProvider) getConfigHandler(response http.ResponseWriter, request *http.Request) {
-	templatesRenderer.JSON(response, http.StatusOK, provider.server.currentConfigurations)
+	currentConfigurations := provider.server.currentConfigurations.Get().(configs)
+	templatesRenderer.JSON(response, http.StatusOK, currentConfigurations)
 }
 
 func (provider *WebProvider) getProviderHandler(response http.ResponseWriter, request *http.Request) {
 	vars := mux.Vars(request)
 	providerID := vars["provider"]
-	if provider, ok := provider.server.currentConfigurations[providerID]; ok {
+	currentConfigurations := provider.server.currentConfigurations.Get().(configs)
+	if provider, ok := currentConfigurations[providerID]; ok {
 		templatesRenderer.JSON(response, http.StatusOK, provider)
 	} else {
 		http.NotFound(response, request)
@@ -120,7 +123,8 @@ func (provider *WebProvider) getProviderHandler(response http.ResponseWriter, re
 func (provider *WebProvider) getBackendsHandler(response http.ResponseWriter, request *http.Request) {
 	vars := mux.Vars(request)
 	providerID := vars["provider"]
-	if provider, ok := provider.server.currentConfigurations[providerID]; ok {
+	currentConfigurations := provider.server.currentConfigurations.Get().(configs)
+	if provider, ok := currentConfigurations[providerID]; ok {
 		templatesRenderer.JSON(response, http.StatusOK, provider.Backends)
 	} else {
 		http.NotFound(response, request)
@@ -131,7 +135,8 @@ func (provider *WebProvider) getBackendHandler(response http.ResponseWriter, req
 	vars := mux.Vars(request)
 	providerID := vars["provider"]
 	backendID := vars["backend"]
-	if provider, ok := provider.server.currentConfigurations[providerID]; ok {
+	currentConfigurations := provider.server.currentConfigurations.Get().(configs)
+	if provider, ok := currentConfigurations[providerID]; ok {
 		if backend, ok := provider.Backends[backendID]; ok {
 			templatesRenderer.JSON(response, http.StatusOK, backend)
 			return
@@ -144,7 +149,8 @@ func (provider *WebProvider) getServersHandler(response http.ResponseWriter, req
 	vars := mux.Vars(request)
 	providerID := vars["provider"]
 	backendID := vars["backend"]
-	if provider, ok := provider.server.currentConfigurations[providerID]; ok {
+	currentConfigurations := provider.server.currentConfigurations.Get().(configs)
+	if provider, ok := currentConfigurations[providerID]; ok {
 		if backend, ok := provider.Backends[backendID]; ok {
 			templatesRenderer.JSON(response, http.StatusOK, backend.Servers)
 			return
@@ -158,7 +164,8 @@ func (provider *WebProvider) getServerHandler(response http.ResponseWriter, requ
 	providerID := vars["provider"]
 	backendID := vars["backend"]
 	serverID := vars["server"]
-	if provider, ok := provider.server.currentConfigurations[providerID]; ok {
+	currentConfigurations := provider.server.currentConfigurations.Get().(configs)
+	if provider, ok := currentConfigurations[providerID]; ok {
 		if backend, ok := provider.Backends[backendID]; ok {
 			if server, ok := backend.Servers[serverID]; ok {
 				templatesRenderer.JSON(response, http.StatusOK, server)
@@ -172,7 +179,8 @@ func (provider *WebProvider) getServerHandler(response http.ResponseWriter, requ
 func (provider *WebProvider) getFrontendsHandler(response http.ResponseWriter, request *http.Request) {
 	vars := mux.Vars(request)
 	providerID := vars["provider"]
-	if provider, ok := provider.server.currentConfigurations[providerID]; ok {
+	currentConfigurations := provider.server.currentConfigurations.Get().(configs)
+	if provider, ok := currentConfigurations[providerID]; ok {
 		templatesRenderer.JSON(response, http.StatusOK, provider.Frontends)
 	} else {
 		http.NotFound(response, request)
@@ -183,7 +191,8 @@ func (provider *WebProvider) getFrontendHandler(response http.ResponseWriter, re
 	vars := mux.Vars(request)
 	providerID := vars["provider"]
 	frontendID := vars["frontend"]
-	if provider, ok := provider.server.currentConfigurations[providerID]; ok {
+	currentConfigurations := provider.server.currentConfigurations.Get().(configs)
+	if provider, ok := currentConfigurations[providerID]; ok {
 		if frontend, ok := provider.Frontends[frontendID]; ok {
 			templatesRenderer.JSON(response, http.StatusOK, frontend)
 			return
@@ -196,7 +205,8 @@ func (provider *WebProvider) getRoutesHandler(response http.ResponseWriter, requ
 	vars := mux.Vars(request)
 	providerID := vars["provider"]
 	frontendID := vars["frontend"]
-	if provider, ok := provider.server.currentConfigurations[providerID]; ok {
+	currentConfigurations := provider.server.currentConfigurations.Get().(configs)
+	if provider, ok := currentConfigurations[providerID]; ok {
 		if frontend, ok := provider.Frontends[frontendID]; ok {
 			templatesRenderer.JSON(response, http.StatusOK, frontend.Routes)
 			return
@@ -210,7 +220,8 @@ func (provider *WebProvider) getRouteHandler(response http.ResponseWriter, reque
 	providerID := vars["provider"]
 	frontendID := vars["frontend"]
 	routeID := vars["route"]
-	if provider, ok := provider.server.currentConfigurations[providerID]; ok {
+	currentConfigurations := provider.server.currentConfigurations.Get().(configs)
+	if provider, ok := currentConfigurations[providerID]; ok {
 		if frontend, ok := provider.Frontends[frontendID]; ok {
 			if route, ok := frontend.Routes[routeID]; ok {
 				templatesRenderer.JSON(response, http.StatusOK, route)

webui/src/app/traefik.scss

@@ -24,3 +24,11 @@
 .tabset-row__providers {
   margin-top: 3rem;
 }
+
+table {
+  table-layout: fixed; 
+}
+
+td, th {
+    word-wrap: break-word;
+}

webui/src/index.html

@@ -40,10 +40,10 @@
               </ul>
               <ul class="nav navbar-nav navbar-right">
                 <li>
-                  <a href="https://github.com/containous/traefik/blob/master/docs/index.md" target="_blank">Documentation</a>
+                  <a href="https://docs.traefik.io" target="_blank">Documentation</a>
                 </li>
                 <li>
-                  <a href="http://traefik.io" target="_blank"><span class="traefik-blue">traefik.io</span></a>
+                  <a href="https://traefik.io" target="_blank"><span class="traefik-blue">traefik.io</span></a>
                 </li>
               </ul>
             </div>