Merge pull request #1318 from containous/prepare-release-v1.2.0

Prepare release v1.2.0
2025-09-08 13:44:22 +03:00 · 2017-03-21 10:37:24 +01:00 · 2017-03-20 23:26:52 +01:00 · 2017-03-20 19:28:10 +01:00 · 2017-03-20 17:54:09 +01:00 · 2017-03-20 12:36:49 +01:00
344 changed files with 47066 additions and 4092 deletions
--- a/.dockerignore
+++ b/.dockerignore
@@ -1,3 +1,5 @@
 dist/
 vendor/
 !dist/traefik
+site/
+**/*.test
--- a/.gitattributes
+++ b/.gitattributes
@@ -0,0 +1 @@
+glide.lock binary
--- a/.github/CONTRIBUTING.md
+++ b/.github/CONTRIBUTING.md
@@ -0,0 +1,146 @@
+# Contributing
+
+### Building
+
+You need either [Docker](https://github.com/docker/docker) and `make` (Method 1), or `go` and `glide` (Method 2) in order to build traefik.
+
+#### Method 1: Using `Docker` and `Makefile`
+
+You need to run the `binary` target. This will create binaries for Linux platform in the `dist` folder.
+
+```bash
+$ make binary
+docker build -t "traefik-dev:no-more-godep-ever" -f build.Dockerfile .
+Sending build context to Docker daemon 295.3 MB
+Step 0 : FROM golang:1.7
+ ---> 8c6473912976
+Step 1 : RUN go get github.com/Masterminds/glide
+[...]
+docker run --rm  -v "/var/run/docker.sock:/var/run/docker.sock" -it -e OS_ARCH_ARG -e OS_PLATFORM_ARG -e TESTFLAGS -v "/home/emile/dev/go/src/github.com/containous/traefik/"dist":/go/src/github.com/containous/traefik/"dist"" "traefik-dev:no-more-godep-ever" ./script/make.sh generate binary
+---> Making bundle: generate (in .)
+removed 'gen.go'
+
+---> Making bundle: binary (in .)
+
+$ ls dist/
+traefik*
+```
+
+#### Method 2: Using `go` and `glide`
+
+###### Setting up your `go` environment
+
+- You need `go` v1.7+
+- It is recommended you clone Træfɪk into a directory like `~/go/src/github.com/containous/traefik` (This is the official golang workspace hierarchy, and will allow dependencies to resolve properly)
+- This will allow your `GOPATH` and `PATH` variable to be set to `~/go` via:
+```
+$ export GOPATH=~/go
+$ export PATH=$PATH:$GOPATH/bin
+```
+
+This can be verified via `$ go env`
+- You will want to add those 2 export lines to your `.bashrc` or `.bash_profile`
+- You need `go-bindata` to be able to use `go generate` command (needed to build) : `$ go get github.com/jteeuwen/go-bindata/...` (Please note, the ellipses are required)
+
+###### Setting up your `glide` environment
+
+- Glide can be installed either via homebrew: `$ brew install glide` or via the official glide script: `$ curl https://glide.sh/get | sh`
+
+The idea behind `glide` is the following :
+
+- when checkout(ing) a project, run `$ glide install -v` from the cloned directory to install
+  (`go get …`) the dependencies in your `GOPATH`.
+- if you need another dependency, import and use it in
+  the source, and run `$ glide get github.com/Masterminds/cookoo` to save it in
+  `vendor` and add it to your `glide.yaml`.
+
+```bash
+$ glide install --strip-vendor
+# generate (Only required to integrate other components such as web dashboard)
+$ go generate
+# Standard go build
+$ go build
+# Using gox to build multiple platform
+$ gox "linux darwin" "386 amd64 arm" \
+    -output="dist/traefik_{{.OS}}-{{.Arch}}"
+# run other commands like tests
+```
+
+### Tests
+
+##### Method 1: `Docker` and `make`
+
+You can run unit tests using the `test-unit` target and the
+integration test using the `test-integration` target.
+
+```bash
+$ make test-unit
+docker build -t "traefik-dev:your-feature-branch" -f build.Dockerfile .
+# […]
+docker run --rm -it -e OS_ARCH_ARG -e OS_PLATFORM_ARG -e TESTFLAGS -v "/home/vincent/src/github/vdemeester/traefik/dist:/go/src/github.com/containous/traefik/dist" "traefik-dev:your-feature-branch" ./script/make.sh generate test-unit
+---> Making bundle: generate (in .)
+removed 'gen.go'
+
+---> Making bundle: test-unit (in .)
+ go test -cover -coverprofile=cover.out .
+ok      github.com/containous/traefik   0.005s  coverage: 4.1% of statements
+
+Test success
+```
+
+For development purposes, you can specify which tests to run by using:
+```
+# Run every tests in the MyTest suite
+TESTFLAGS="-check.f MyTestSuite" make test-integration
+
+# Run the test "MyTest" in the MyTest suite
+TESTFLAGS="-check.f MyTestSuite.MyTest" make test-integration
+
+# Run every tests starting with "My", in the MyTest suite
+TESTFLAGS="-check.f MyTestSuite.My" make test-integration
+
+# Run every tests ending with "Test", in the MyTest suite
+TESTFLAGS="-check.f MyTestSuite.*Test" make test-integration
+```
+
+More: https://labix.org/gocheck
+
+##### Method 2: `go` and `glide`
+
+- Tests can be run from the cloned directory, by `$ go test ./...` which should return `ok` similar to:
+```
+ok      _/home/vincent/src/github/vdemeester/traefik    0.004s
+```
+- Note that `$ go test ./...` will run all tests (including the ones in the vendor directory for the dependencies that glide have fetched). If you only want to run the tests for traefik use `$ go test $(glide novendor)` instead.
+
+
+### Documentation
+
+The [documentation site](http://docs.traefik.io/) is built with [mkdocs](http://mkdocs.org/)
+
+First make sure you have python and pip installed
+
+```
+$ python --version
+Python 2.7.2
+$ pip --version
+pip 1.5.2
+```
+
+Then install mkdocs with pip
+
+```
+$ pip install mkdocs
+```
+
+To test documentation locally run `mkdocs serve` in the root directory, this should start a server locally to preview your changes.
+
+```
+$ mkdocs serve
+INFO    -  Building documentation...
+WARNING -  Config value: 'theme'. Warning: The theme 'united' will be removed in an upcoming MkDocs release. See http://www.mkdocs.org/about/release-notes/ for more details
+INFO    -  Cleaning site directory
+[I 160505 22:31:24 server:281] Serving on http://127.0.0.1:8000
+[I 160505 22:31:24 handlers:59] Start watching changes
+[I 160505 22:31:24 handlers:61] Start detecting changes
+```
--- a/.github/ISSUE_TEMPLATE
+++ b/.github/ISSUE_TEMPLATE
@@ -0,0 +1,13 @@
+### What version of Traefik are you using (`traefik version`)?
+
+
+### What is your environment & configuration (arguments, toml...)?
+
+
+### What did you do?
+
+
+### What did you expect to see?
+
+
+### What did you see instead?
--- a/.github/cpr.sh
+++ b/.github/cpr.sh
@@ -0,0 +1,26 @@
+#!/bin/sh
+#
+# git config --global alias.cpr '!sh .github/cpr.sh'
+
+set -e # stop on error
+
+usage="$(basename "$0") pr -- Checkout a Pull Request locally"
+
+if [ "$#" -ne 1 ]; then
+    echo "Illegal number of parameters"
+    echo "$usage" >&2
+    exit 1
+fi
+
+command -v jq >/dev/null 2>&1 || { echo "I require jq but it's not installed.  Aborting." >&2; exit 1; }
+
+set -x # echo on
+
+initial=$(git rev-parse --abbrev-ref HEAD)
+pr=$1
+remote=$(curl -s https://api.github.com/repos/containous/traefik/pulls/$pr | jq -r .head.repo.owner.login)
+branch=$(curl -s https://api.github.com/repos/containous/traefik/pulls/$pr | jq -r .head.ref)
+
+git remote add $remote git@github.com:$remote/traefik.git
+git fetch $remote $branch
+git checkout -t $remote/$branch
--- a/.github/rmpr.sh
+++ b/.github/rmpr.sh
@@ -0,0 +1,27 @@
+#!/bin/sh
+#
+# git config --global alias.rmpr '!sh .github/rmpr.sh'
+
+set -e # stop on error
+
+usage="$(basename "$0") pr -- remove a Pull Request local branch & remote"
+
+if [ "$#" -ne 1 ]; then
+    echo "Illegal number of parameters"
+    echo "$usage" >&2
+    exit 1
+fi
+
+command -v jq >/dev/null 2>&1 || { echo "I require jq but it's not installed.  Aborting." >&2; exit 1; }
+
+set -x # echo on
+
+initial=$(git rev-parse --abbrev-ref HEAD)
+pr=$1
+remote=$(curl -s https://api.github.com/repos/containous/traefik/pulls/$pr | jq -r .head.repo.owner.login)
+branch=$(curl -s https://api.github.com/repos/containous/traefik/pulls/$pr | jq -r .head.ref)
+
+# clean
+git checkout $initial
+git branch -D $branch
+git remote remove $remote
--- a/.github/rpr.sh
+++ b/.github/rpr.sh
@@ -0,0 +1,36 @@
+#!/bin/sh
+#
+# git config --global alias.rpr '!sh .github/rpr.sh'
+
+set -e # stop on error
+
+usage="$(basename "$0") pr remote/branch -- rebase a Pull Request against a remote branch"
+
+if [ "$#" -ne 2 ]; then
+    echo "Illegal number of parameters"
+    echo "$usage" >&2
+    exit 1
+fi
+
+command -v jq >/dev/null 2>&1 || { echo "I require jq but it's not installed.  Aborting." >&2; exit 1; }
+
+set -x # echo on
+
+initial=$(git rev-parse --abbrev-ref HEAD)
+pr=$1
+base=$2
+remote=$(curl -s https://api.github.com/repos/containous/traefik/pulls/$pr | jq -r .head.repo.owner.login)
+branch=$(curl -s https://api.github.com/repos/containous/traefik/pulls/$pr | jq -r .head.ref)
+
+clean ()
+{
+    git checkout $initial
+    .github/rmpr.sh $pr
+}
+
+trap clean EXIT
+
+.github/cpr.sh $pr
+
+git rebase $base
+git push -f $remote $branch
--- a/.gitignore
+++ b/.gitignore
@@ -1,9 +1,15 @@
 /dist
 gen.go
 .idea
-log
+.intellij
 *.iml
 traefik
 traefik.toml
 *.test
 vendor/
+static/
+.vscode/
+site/
+*.log
+*.exe
+.DS_Store
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -0,0 +1,10 @@
+-   repo: git://github.com/pre-commit/pre-commit-hooks
+    sha: 44e1753f98b0da305332abe26856c3e621c5c439
+    hooks:
+    -   id: detect-private-key
+-   repo: git://github.com/containous/pre-commit-hooks
+    sha: 35e641b5107671e94102b0ce909648559e568d61
+    hooks:
+    -   id: goFmt
+    -   id: goLint
+    -   id: goErrcheck
--- a/.travis.yml
+++ b/.travis.yml
@@ -0,0 +1,67 @@
+sudo: required
+dist: trusty
+
+services:
+  - docker
+
+env:
+  global:
+    - secure: btt4r13t09gQlHb6gYrvGC2yGCMMHfnp1Mz1RQedc4Mpf/FfT8aE6xmK2a2i9CCvskjrP0t/BFaS4yxIURjnFRn+ugQIEa0pLspB9UJArW/vgOSpIWM9/OQ/fg8z5XuMxN6Md4DL1/iLypMNSageA1x0TRdt89+D1N1dALpg5XRCXLFbC84TLi0gjlFuib9ibPKzEhLT+anCRJ6iZMzeupDSoaCVbAtJMoDvXw4+4AcRZ1+k4MybBLyCib5boaEOt4pTT88mz4Kk0YaMwPVJyg9Qv36VqyUcPS09Yd95LuyVQ4+tZt8Y1ccbIzULsK+sLM3hLCzxlmlpN3dQBlZJiiRtQde0mgGAKyC0P0A1XjuDTywcsa5edB+fTk1Dsewz9xZ9V0NmMz8t+UNZnaSsAPga9i86jULbXUUwMVSzVRc+Xgx02liB/8qI1xYC9FM6ilStt7rn7mF0k3KbiWhcptgeXjO6Lah9FjEKd5w4MXsdUSTi/86rQaLo+kj+XdaTrXCTulKHyRyQEUj+8V1w0oVz7pcGjePHd7y5oU9ByifVQy6sytuFBfRZvugM5bKHo+i0pcWvixrZS42DrzwxZJsspANOvqSe5ifVbvOkfUppQdCBIwptxV5N1b49XPKU3W/w34QJ8xGmKp3TFA7WwVCztriFHjPgiRpB3EG99Bg=
+    - REPO: $TRAVIS_REPO_SLUG
+    - VERSION: $TRAVIS_TAG
+    - CODENAME: morbier
+
+matrix:
+  fast_finish: true
+  include:
+  - env: DOCKER_VERSION=1.10.3
+  - env: DOCKER_VERSION=1.12.6
+
+before_install:
+  - sudo -E apt-get -yq update
+  - sudo -E apt-get -yq --no-install-suggests --no-install-recommends --force-yes install docker-engine=${DOCKER_VERSION}*
+install:
+  - docker version
+  - pip install --user -r requirements.txt
+before_script:
+  - make validate
+  - make binary
+script:
+  - travis_retry make test-unit
+  - travis_retry make test-integration
+after_failure:
+  - docker ps
+after_success:
+  - make crossbinary
+  - make image
+before_deploy:
+  - mkdocs build --clean
+  - tar cfz dist/traefik-${VERSION}.src.tar.gz --exclude-vcs --exclude dist .
+deploy:
+  - provider: pages
+    edge: true
+    github_token: ${GITHUB_TOKEN}
+    local_dir: site
+    skip_cleanup: true
+    on:
+      repo: containous/traefik
+      tags: true
+  - provider: releases
+    api_key: ${GITHUB_TOKEN}
+    file: dist/traefik*
+    skip_cleanup: true
+    file_glob: true
+    on:
+      repo: containous/traefik
+      tags: true
+  - provider: script
+    script: sh script/deploy.sh
+    skip_cleanup: true
+    on:
+      repo: containous/traefik
+      tags: true
+  - provider: script
+    script: sh script/deploy-docker.sh
+    skip_cleanup: true
+    on:
+      repo: containous/traefik
--- a/.travis/traefik.id_rsa.enc
+++ b/.travis/traefik.id_rsa.enc
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -0,0 +1,880 @@
+# Change Log
+
+## [v1.2.0](https://github.com/containous/traefik/tree/v1.2.0) (2017-03-20)
+[Full Changelog](https://github.com/containous/traefik/compare/v1.1.2...v1.2.0)
+
+**Merged pull requests:**
+
+- Docker: Added warning if network could not be found [\#1310](https://github.com/containous/traefik/pull/1310) ([zweizeichen](https://github.com/zweizeichen))
+- Add filter on task status in addition to desired status \(Docker Provider - swarm\) [\#1304](https://github.com/containous/traefik/pull/1304) ([Yshayy](https://github.com/Yshayy))
+- Abort Kubernetes Ingress update if Kubernetes API call fails [\#1295](https://github.com/containous/traefik/pull/1295) ([Regner](https://github.com/Regner))
+- Small fixes [\#1291](https://github.com/containous/traefik/pull/1291) ([emilevauge](https://github.com/emilevauge))
+- Rename health check URL parameter to path. [\#1285](https://github.com/containous/traefik/pull/1285) ([timoreimann](https://github.com/timoreimann))
+- Update Oxy, fix for \#1199 [\#1278](https://github.com/containous/traefik/pull/1278) ([akanto](https://github.com/akanto))
+- Fix metrics registering [\#1258](https://github.com/containous/traefik/pull/1258) ([matevzmihalic](https://github.com/matevzmihalic))
+- Update DefaultMaxIdleConnsPerHost default in docs. [\#1239](https://github.com/containous/traefik/pull/1239) ([timoreimann](https://github.com/timoreimann))
+- Update WSS/WS Proto \[Fixes \#670\] [\#1225](https://github.com/containous/traefik/pull/1225) ([dtomcej](https://github.com/dtomcej))
+- Bump go-rancher version [\#1219](https://github.com/containous/traefik/pull/1219) ([SantoDE](https://github.com/SantoDE))
+- Chunk taskArns into groups of 100 [\#1209](https://github.com/containous/traefik/pull/1209) ([owen](https://github.com/owen))
+- Prepare release v1.2.0 rc2 [\#1204](https://github.com/containous/traefik/pull/1204) ([emilevauge](https://github.com/emilevauge))
+- Revert "Ensure that we don't add balancees with no health check runs … [\#1198](https://github.com/containous/traefik/pull/1198) ([jangie](https://github.com/jangie))
+- Small fixes and improvments [\#1173](https://github.com/containous/traefik/pull/1173) ([SantoDE](https://github.com/SantoDE))
+- Fix docker issues with global and dead tasks [\#1167](https://github.com/containous/traefik/pull/1167) ([christopherobin](https://github.com/christopherobin))
+- Better ECS error checking [\#1143](https://github.com/containous/traefik/pull/1143) ([lpetre](https://github.com/lpetre))
+- Fix stats race condition [\#1141](https://github.com/containous/traefik/pull/1141) ([emilevauge](https://github.com/emilevauge))
+- ECS: Docs - info about cred. resolution and required access policies [\#1137](https://github.com/containous/traefik/pull/1137) ([rickard-von-essen](https://github.com/rickard-von-essen))
+- Healthcheck tests and doc [\#1132](https://github.com/containous/traefik/pull/1132) ([Juliens](https://github.com/Juliens))
+- Fix travis deploy [\#1128](https://github.com/containous/traefik/pull/1128) ([emilevauge](https://github.com/emilevauge))
+- Prepare release v1.2.0 rc1 [\#1126](https://github.com/containous/traefik/pull/1126) ([emilevauge](https://github.com/emilevauge))
+- Fix checkout initial before calling rmpr [\#1124](https://github.com/containous/traefik/pull/1124) ([emilevauge](https://github.com/emilevauge))
+- Feature rancher integration [\#1120](https://github.com/containous/traefik/pull/1120) ([SantoDE](https://github.com/SantoDE))
+- Fix glide go units [\#1119](https://github.com/containous/traefik/pull/1119) ([emilevauge](https://github.com/emilevauge))
+- Carry \#818 —  Add systemd watchdog feature [\#1116](https://github.com/containous/traefik/pull/1116) ([vdemeester](https://github.com/vdemeester))
+- Skip file permission check on Windows [\#1115](https://github.com/containous/traefik/pull/1115) ([StefanScherer](https://github.com/StefanScherer))
+- Fix Docker API version for Windows [\#1113](https://github.com/containous/traefik/pull/1113) ([StefanScherer](https://github.com/StefanScherer))
+- Fix git rpr [\#1109](https://github.com/containous/traefik/pull/1109) ([emilevauge](https://github.com/emilevauge))
+- Fix docker version specifier [\#1108](https://github.com/containous/traefik/pull/1108) ([timoreimann](https://github.com/timoreimann))
+- Merge v1.1.2 master [\#1105](https://github.com/containous/traefik/pull/1105) ([emilevauge](https://github.com/emilevauge))
+- add sh before script in deploy... [\#1103](https://github.com/containous/traefik/pull/1103) ([emilevauge](https://github.com/emilevauge))
+- \[doc\] typo fixes for kubernetes user guide [\#1102](https://github.com/containous/traefik/pull/1102) ([bamarni](https://github.com/bamarni))
+- add skip\_cleanup in deploy [\#1101](https://github.com/containous/traefik/pull/1101) ([emilevauge](https://github.com/emilevauge))
+- Fix k8s example UI port. [\#1098](https://github.com/containous/traefik/pull/1098) ([ddunkin](https://github.com/ddunkin))
+- Fix marathon provider [\#1090](https://github.com/containous/traefik/pull/1090) ([diegooliveira](https://github.com/diegooliveira))
+- Add an ECS provider [\#1088](https://github.com/containous/traefik/pull/1088) ([lpetre](https://github.com/lpetre))
+- Update comment to reflect the code [\#1087](https://github.com/containous/traefik/pull/1087) ([np](https://github.com/np))
+- update NYTimes/gziphandler fixes \#1059 [\#1084](https://github.com/containous/traefik/pull/1084) ([JamesKyburz](https://github.com/JamesKyburz))
+- Ensure that we don't add balancees with no health check runs if there is a health check defined on it [\#1080](https://github.com/containous/traefik/pull/1080) ([jangie](https://github.com/jangie))
+- Add FreeBSD & OpenBSD to crossbinary [\#1078](https://github.com/containous/traefik/pull/1078) ([geoffgarside](https://github.com/geoffgarside))
+- Fix metrics for multiple entry points [\#1071](https://github.com/containous/traefik/pull/1071) ([matevzmihalic](https://github.com/matevzmihalic))
+- Allow setting load balancer method and sticky using service annotations [\#1068](https://github.com/containous/traefik/pull/1068) ([bakins](https://github.com/bakins))
+- Fix travis script [\#1067](https://github.com/containous/traefik/pull/1067) ([emilevauge](https://github.com/emilevauge))
+- Add missing fmt verb specifier in k8s provider. [\#1066](https://github.com/containous/traefik/pull/1066) ([timoreimann](https://github.com/timoreimann))
+- Add git rpr command [\#1063](https://github.com/containous/traefik/pull/1063) ([emilevauge](https://github.com/emilevauge))
+- Fix k8s example [\#1062](https://github.com/containous/traefik/pull/1062) ([emilevauge](https://github.com/emilevauge))
+- Replace underscores to dash in autogenerated urls \(docker provider\) [\#1061](https://github.com/containous/traefik/pull/1061) ([WTFKr0](https://github.com/WTFKr0))
+- Don't run go test on .glide cache folder [\#1057](https://github.com/containous/traefik/pull/1057) ([vdemeester](https://github.com/vdemeester))
+- Allow setting circuitbreaker expression via Kubernetes annotation [\#1056](https://github.com/containous/traefik/pull/1056) ([bakins](https://github.com/bakins))
+- Improving instrumentation. [\#1042](https://github.com/containous/traefik/pull/1042) ([enxebre](https://github.com/enxebre))
+- Update user guide for upcoming `docker stack deploy`  [\#1041](https://github.com/containous/traefik/pull/1041) ([twelvelabs](https://github.com/twelvelabs))
+- Support sticky sessions under SWARM Mode. \#1024 [\#1033](https://github.com/containous/traefik/pull/1033) ([foleymic](https://github.com/foleymic))
+- Allow for wildcards in k8s ingress host, fixes \#792 [\#1029](https://github.com/containous/traefik/pull/1029) ([sheerun](https://github.com/sheerun))
+- Don't fetch ACME certificates for frontends using non-TLS entrypoints \(\#989\) [\#1023](https://github.com/containous/traefik/pull/1023) ([syfonseq](https://github.com/syfonseq))
+- Return Proper Non-ACME certificate - Fixes Issue 672 [\#1018](https://github.com/containous/traefik/pull/1018) ([dtomcej](https://github.com/dtomcej))
+- Fix docs build and add missing benchmarks page [\#1017](https://github.com/containous/traefik/pull/1017) ([csabapalfi](https://github.com/csabapalfi))
+- Set a NopCloser request body with retry middleware [\#1016](https://github.com/containous/traefik/pull/1016) ([bamarni](https://github.com/bamarni))
+- instruct to flatten dependencies with glide [\#1010](https://github.com/containous/traefik/pull/1010) ([bamarni](https://github.com/bamarni))
+- check permissions on acme.json during startup [\#1009](https://github.com/containous/traefik/pull/1009) ([bamarni](https://github.com/bamarni))
+- \[doc\] few tweaks on the basics page [\#1005](https://github.com/containous/traefik/pull/1005) ([bamarni](https://github.com/bamarni))
+- Import order as goimports does [\#1004](https://github.com/containous/traefik/pull/1004) ([vdemeester](https://github.com/vdemeester))
+- See the right go report badge [\#991](https://github.com/containous/traefik/pull/991) ([guilhem](https://github.com/guilhem))
+- Add multiple values for one rule to docs [\#978](https://github.com/containous/traefik/pull/978) ([j0hnsmith](https://github.com/j0hnsmith))
+- Add ACME/Let’s Encrypt integration tests [\#975](https://github.com/containous/traefik/pull/975) ([trecloux](https://github.com/trecloux))
+- deploy.sh: upload release source tarball [\#969](https://github.com/containous/traefik/pull/969) ([Mic92](https://github.com/Mic92))
+- toml zookeeper doc fix [\#948](https://github.com/containous/traefik/pull/948) ([brdude](https://github.com/brdude))
+- Add Rule AddPrefix [\#931](https://github.com/containous/traefik/pull/931) ([Juliens](https://github.com/Juliens))
+- Add bug command [\#921](https://github.com/containous/traefik/pull/921) ([emilevauge](https://github.com/emilevauge))
+- \(WIP\) feat: HealthCheck [\#918](https://github.com/containous/traefik/pull/918) ([Juliens](https://github.com/Juliens))
+- Add ability to set authenticated user in request header [\#889](https://github.com/containous/traefik/pull/889) ([ViViDboarder](https://github.com/ViViDboarder))
+- IP-per-task: [\#841](https://github.com/containous/traefik/pull/841) ([diegooliveira](https://github.com/diegooliveira))
+
+## [v1.2.0-rc2](https://github.com/containous/traefik/tree/v1.2.0-rc2) (2017-03-01)
+[Full Changelog](https://github.com/containous/traefik/compare/v1.2.0-rc1...v1.2.0-rc2)
+
+**Implemented enhancements:**
+
+- Are there plans to support the service type ExternalName in Kubernetes? [\#1142](https://github.com/containous/traefik/issues/1142)
+- Kubernetes Ingress and sticky support [\#911](https://github.com/containous/traefik/issues/911)
+- kubernetes client does not support InsecureSkipVerify [\#876](https://github.com/containous/traefik/issues/876)
+- Support active health checking like HAProxy [\#824](https://github.com/containous/traefik/issues/824)
+- Allow k8s ingress controller serviceAccountToken and serviceAccountCACert to be changed [\#611](https://github.com/containous/traefik/issues/611)
+
+**Fixed bugs:**
+
+- \[rancher\] invalid memory address or nil pointer dereference [\#1134](https://github.com/containous/traefik/issues/1134)
+- Kubernetes default backend should work [\#1073](https://github.com/containous/traefik/issues/1073)
+
+**Closed issues:**
+
+- Are release Download links broken? [\#1201](https://github.com/containous/traefik/issues/1201)
+- Bind to specific ip address [\#1193](https://github.com/containous/traefik/issues/1193)
+- DNS01 challenge use the wrong zone through route53 [\#1192](https://github.com/containous/traefik/issues/1192)
+- Reverse proxy https to http backends fails [\#1180](https://github.com/containous/traefik/issues/1180)
+- Swarm Mode + Letsecrypt + KV Store [\#1176](https://github.com/containous/traefik/issues/1176)
+- docker deploy -c example.yml    e [\#1169](https://github.com/containous/traefik/issues/1169)
+- Traefik not finding dynamically added services \(Docker Swarm Mode\) [\#1168](https://github.com/containous/traefik/issues/1168)
+- Traefik with Kubernetes backend - keep getting 401 on all GET requests to kube-apiserver [\#1166](https://github.com/containous/traefik/issues/1166)
+- Near line 15 \(last key parsed 'backends.backend-monitor-viz.servers'\): Key 'backends.backend-monitor-viz.servers.server-monitor\_viz-1' has already been defined. [\#1154](https://github.com/containous/traefik/issues/1154)
+- How to reuse SSL certificates automatically fetched from Let´s encrypt? [\#1152](https://github.com/containous/traefik/issues/1152)
+- Dynamically ban ip when backend repeatedly returns specified status code. \( 403 \) [\#1136](https://github.com/containous/traefik/issues/1136)
+- Always get 404 accessing my nginx backend service [\#1112](https://github.com/containous/traefik/issues/1112)
+- Incomplete Docu [\#1091](https://github.com/containous/traefik/issues/1091)
+- LoadCertificateForDomains: runtime error: invalid memory address [\#1069](https://github.com/containous/traefik/issues/1069)
+- Traefik creating backends & mappings for ingress annotated with ingress.class: nginx [\#1058](https://github.com/containous/traefik/issues/1058)
+- ACME file format description [\#1012](https://github.com/containous/traefik/issues/1012)
+- SwarmMode - Not routing on worker node [\#838](https://github.com/containous/traefik/issues/838)
+- Migrate k8s to kubernetes/client-go  [\#678](https://github.com/containous/traefik/issues/678)
+- Support for sticky session with kubernetes ingress as backend [\#674](https://github.com/containous/traefik/issues/674)
+
+**Merged pull requests:**
+
+- Revert "Ensure that we don't add balancees with no health check runs … [\#1198](https://github.com/containous/traefik/pull/1198) ([jangie](https://github.com/jangie))
+- Small fixes and improvments [\#1173](https://github.com/containous/traefik/pull/1173) ([SantoDE](https://github.com/SantoDE))
+- Fix docker issues with global and dead tasks [\#1167](https://github.com/containous/traefik/pull/1167) ([christopherobin](https://github.com/christopherobin))
+- Better ECS error checking [\#1143](https://github.com/containous/traefik/pull/1143) ([lpetre](https://github.com/lpetre))
+- Fix stats race condition [\#1141](https://github.com/containous/traefik/pull/1141) ([emilevauge](https://github.com/emilevauge))
+- ECS: Docs - info about cred. resolution and required access policies [\#1137](https://github.com/containous/traefik/pull/1137) ([rickard-von-essen](https://github.com/rickard-von-essen))
+- Healthcheck tests and doc [\#1132](https://github.com/containous/traefik/pull/1132) ([Juliens](https://github.com/Juliens))
+
+## [v1.2.0-rc1](https://github.com/containous/traefik/tree/v1.2.0-rc1) (2017-02-06)
+[Full Changelog](https://github.com/containous/traefik/compare/v1.1.2...v1.2.0-rc1)
+
+**Implemented enhancements:**
+
+- Add FreeBSD and OpenBSD to release builds [\#923](https://github.com/containous/traefik/issues/923)
+- Write authenticated user to header key [\#802](https://github.com/containous/traefik/issues/802)
+- Question: Wildcard Host for Kubernetes Ingress [\#792](https://github.com/containous/traefik/issues/792)
+- First commit prometheus middleware. [\#1022](https://github.com/containous/traefik/pull/1022) ([enxebre](https://github.com/enxebre))
+- Use deployment primitives from travis [\#843](https://github.com/containous/traefik/pull/843) ([guilhem](https://github.com/guilhem))
+
+**Fixed bugs:**
+
+- Increase Docker API version to work with Windows Containers [\#1094](https://github.com/containous/traefik/issues/1094)
+
+**Closed issues:**
+
+- How could I know whether forwarding path is correctly set? [\#1111](https://github.com/containous/traefik/issues/1111)
+- ACME + Docker-compose labels [\#1099](https://github.com/containous/traefik/issues/1099)
+- Loadbalance between 2 containers in Docker Swarm Mode [\#1095](https://github.com/containous/traefik/issues/1095)
+- Add DNS01 letsencrypt challenge support through AWS. [\#1093](https://github.com/containous/traefik/issues/1093)
+- New Release Cut [\#1092](https://github.com/containous/traefik/issues/1092)
+- Marathon integration changed default backend server port from task-level to application-level [\#1072](https://github.com/containous/traefik/issues/1072)
+- websockets not working when compress = true in toml config. [\#1059](https://github.com/containous/traefik/issues/1059)
+- Proxying 403 http status into the application [\#1044](https://github.com/containous/traefik/issues/1044)
+- Normalize auto generated frontend-rule \(docker\) [\#1043](https://github.com/containous/traefik/issues/1043)
+- Traefik with Consul catalog backend + Registrator [\#1039](https://github.com/containous/traefik/issues/1039)
+- \[Configuration help\] Can't connect to docker containers under a domain path [\#1032](https://github.com/containous/traefik/issues/1032)
+- Kubernetes and etcd backend : `storeconfig` fails. [\#1031](https://github.com/containous/traefik/issues/1031)
+- kubernetes: Undefined backend 'X/' for frontend X/" [\#1026](https://github.com/containous/traefik/issues/1026)
+- TLS handshake error [\#1025](https://github.com/containous/traefik/issues/1025)
+- Traefik failing on POST request [\#1008](https://github.com/containous/traefik/issues/1008)
+- how config traffic.toml http 80 without basic auth, traefik WebUI 8080 with basic auth [\#1001](https://github.com/containous/traefik/issues/1001)
+- Docs 404 [\#995](https://github.com/containous/traefik/issues/995)
+- Disable acme for non https endpoints [\#989](https://github.com/containous/traefik/issues/989)
+- Add parameter to configure TLS entrypoints with ca-bundle file [\#984](https://github.com/containous/traefik/issues/984)
+- docker multiple networks routing [\#970](https://github.com/containous/traefik/issues/970)
+- don't add Docker containers not on the same network as traefik [\#959](https://github.com/containous/traefik/issues/959)
+- Multiple frontend routes [\#957](https://github.com/containous/traefik/issues/957)
+- SNI based routing without TLS offloading [\#933](https://github.com/containous/traefik/issues/933)
+- NEO4J + traefik proxy Issues  [\#907](https://github.com/containous/traefik/issues/907)
+- ACME OnDemand ignores entrypoint certificate [\#672](https://github.com/containous/traefik/issues/672)
+- Ability to use self-signed certificates for local development [\#399](https://github.com/containous/traefik/issues/399)
+
+**Merged pull requests:**
+
+- Fix checkout initial before calling rmpr [\#1124](https://github.com/containous/traefik/pull/1124) ([emilevauge](https://github.com/emilevauge))
+- Feature rancher integration [\#1120](https://github.com/containous/traefik/pull/1120) ([SantoDE](https://github.com/SantoDE))
+- Fix glide go units [\#1119](https://github.com/containous/traefik/pull/1119) ([emilevauge](https://github.com/emilevauge))
+- Carry \#818 —  Add systemd watchdog feature [\#1116](https://github.com/containous/traefik/pull/1116) ([vdemeester](https://github.com/vdemeester))
+- Skip file permission check on Windows [\#1115](https://github.com/containous/traefik/pull/1115) ([StefanScherer](https://github.com/StefanScherer))
+- Fix Docker API version for Windows [\#1113](https://github.com/containous/traefik/pull/1113) ([StefanScherer](https://github.com/StefanScherer))
+- Fix git rpr [\#1109](https://github.com/containous/traefik/pull/1109) ([emilevauge](https://github.com/emilevauge))
+- Fix docker version specifier [\#1108](https://github.com/containous/traefik/pull/1108) ([timoreimann](https://github.com/timoreimann))
+- Merge v1.1.2 master [\#1105](https://github.com/containous/traefik/pull/1105) ([emilevauge](https://github.com/emilevauge))
+- add sh before script in deploy... [\#1103](https://github.com/containous/traefik/pull/1103) ([emilevauge](https://github.com/emilevauge))
+- \[doc\] typo fixes for kubernetes user guide [\#1102](https://github.com/containous/traefik/pull/1102) ([bamarni](https://github.com/bamarni))
+- add skip\_cleanup in deploy [\#1101](https://github.com/containous/traefik/pull/1101) ([emilevauge](https://github.com/emilevauge))
+- Fix k8s example UI port. [\#1098](https://github.com/containous/traefik/pull/1098) ([ddunkin](https://github.com/ddunkin))
+- Fix marathon provider [\#1090](https://github.com/containous/traefik/pull/1090) ([diegooliveira](https://github.com/diegooliveira))
+- Add an ECS provider [\#1088](https://github.com/containous/traefik/pull/1088) ([lpetre](https://github.com/lpetre))
+- Update comment to reflect the code [\#1087](https://github.com/containous/traefik/pull/1087) ([np](https://github.com/np))
+- update NYTimes/gziphandler fixes \#1059 [\#1084](https://github.com/containous/traefik/pull/1084) ([JamesKyburz](https://github.com/JamesKyburz))
+- Ensure that we don't add balancees with no health check runs if there is a health check defined on it [\#1080](https://github.com/containous/traefik/pull/1080) ([jangie](https://github.com/jangie))
+- Add FreeBSD & OpenBSD to crossbinary [\#1078](https://github.com/containous/traefik/pull/1078) ([geoffgarside](https://github.com/geoffgarside))
+- Fix metrics for multiple entry points [\#1071](https://github.com/containous/traefik/pull/1071) ([matevzmihalic](https://github.com/matevzmihalic))
+- Allow setting load balancer method and sticky using service annotations [\#1068](https://github.com/containous/traefik/pull/1068) ([bakins](https://github.com/bakins))
+- Fix travis script [\#1067](https://github.com/containous/traefik/pull/1067) ([emilevauge](https://github.com/emilevauge))
+- Add missing fmt verb specifier in k8s provider. [\#1066](https://github.com/containous/traefik/pull/1066) ([timoreimann](https://github.com/timoreimann))
+- Add git rpr command [\#1063](https://github.com/containous/traefik/pull/1063) ([emilevauge](https://github.com/emilevauge))
+- Fix k8s example [\#1062](https://github.com/containous/traefik/pull/1062) ([emilevauge](https://github.com/emilevauge))
+- Replace underscores to dash in autogenerated urls \(docker provider\) [\#1061](https://github.com/containous/traefik/pull/1061) ([WTFKr0](https://github.com/WTFKr0))
+- Don't run go test on .glide cache folder [\#1057](https://github.com/containous/traefik/pull/1057) ([vdemeester](https://github.com/vdemeester))
+- Allow setting circuitbreaker expression via Kubernetes annotation [\#1056](https://github.com/containous/traefik/pull/1056) ([bakins](https://github.com/bakins))
+- Improving instrumentation. [\#1042](https://github.com/containous/traefik/pull/1042) ([enxebre](https://github.com/enxebre))
+- Update user guide for upcoming `docker stack deploy`  [\#1041](https://github.com/containous/traefik/pull/1041) ([twelvelabs](https://github.com/twelvelabs))
+- Support sticky sessions under SWARM Mode. \#1024 [\#1033](https://github.com/containous/traefik/pull/1033) ([foleymic](https://github.com/foleymic))
+- Allow for wildcards in k8s ingress host, fixes \#792 [\#1029](https://github.com/containous/traefik/pull/1029) ([sheerun](https://github.com/sheerun))
+- Don't fetch ACME certificates for frontends using non-TLS entrypoints \(\#989\) [\#1023](https://github.com/containous/traefik/pull/1023) ([syfonseq](https://github.com/syfonseq))
+- Return Proper Non-ACME certificate - Fixes Issue 672 [\#1018](https://github.com/containous/traefik/pull/1018) ([dtomcej](https://github.com/dtomcej))
+- Fix docs build and add missing benchmarks page [\#1017](https://github.com/containous/traefik/pull/1017) ([csabapalfi](https://github.com/csabapalfi))
+- Set a NopCloser request body with retry middleware [\#1016](https://github.com/containous/traefik/pull/1016) ([bamarni](https://github.com/bamarni))
+- instruct to flatten dependencies with glide [\#1010](https://github.com/containous/traefik/pull/1010) ([bamarni](https://github.com/bamarni))
+- check permissions on acme.json during startup [\#1009](https://github.com/containous/traefik/pull/1009) ([bamarni](https://github.com/bamarni))
+- \[doc\] few tweaks on the basics page [\#1005](https://github.com/containous/traefik/pull/1005) ([bamarni](https://github.com/bamarni))
+- Import order as goimports does [\#1004](https://github.com/containous/traefik/pull/1004) ([vdemeester](https://github.com/vdemeester))
+- See the right go report badge [\#991](https://github.com/containous/traefik/pull/991) ([guilhem](https://github.com/guilhem))
+- Add multiple values for one rule to docs [\#978](https://github.com/containous/traefik/pull/978) ([j0hnsmith](https://github.com/j0hnsmith))
+- Add ACME/Let’s Encrypt integration tests [\#975](https://github.com/containous/traefik/pull/975) ([trecloux](https://github.com/trecloux))
+- deploy.sh: upload release source tarball [\#969](https://github.com/containous/traefik/pull/969) ([Mic92](https://github.com/Mic92))
+- toml zookeeper doc fix [\#948](https://github.com/containous/traefik/pull/948) ([brdude](https://github.com/brdude))
+- Add Rule AddPrefix [\#931](https://github.com/containous/traefik/pull/931) ([Juliens](https://github.com/Juliens))
+- Add bug command [\#921](https://github.com/containous/traefik/pull/921) ([emilevauge](https://github.com/emilevauge))
+- \(WIP\) feat: HealthCheck [\#918](https://github.com/containous/traefik/pull/918) ([Juliens](https://github.com/Juliens))
+- Add ability to set authenticated user in request header [\#889](https://github.com/containous/traefik/pull/889) ([ViViDboarder](https://github.com/ViViDboarder))
+- IP-per-task: [\#841](https://github.com/containous/traefik/pull/841) ([diegooliveira](https://github.com/diegooliveira))
+
+## [v1.1.2](https://github.com/containous/traefik/tree/v1.1.2) (2016-12-15)
+[Full Changelog](https://github.com/containous/traefik/compare/v1.1.1...v1.1.2)
+
+**Fixed bugs:**
+
+- Problem during HTTPS redirection [\#952](https://github.com/containous/traefik/issues/952)
+- nil pointer with kubernetes ingress [\#934](https://github.com/containous/traefik/issues/934)
+- ConsulCatalog and File not working [\#903](https://github.com/containous/traefik/issues/903)
+- Traefik can not start [\#902](https://github.com/containous/traefik/issues/902)
+- Cannot connect to Kubernetes server failed to decode watch event [\#532](https://github.com/containous/traefik/issues/532)
+
+**Closed issues:**
+
+- Updating certificates with configuration file. [\#968](https://github.com/containous/traefik/issues/968)
+- Let's encrypt retrieving certificate from wrong IP [\#962](https://github.com/containous/traefik/issues/962)
+- let's encrypt and dashboard? [\#961](https://github.com/containous/traefik/issues/961)
+- Working HTTPS example for GKE? [\#960](https://github.com/containous/traefik/issues/960)
+- GKE design pattern [\#958](https://github.com/containous/traefik/issues/958)
+- Consul Catalog constraints does not seem to work [\#954](https://github.com/containous/traefik/issues/954)
+- Issue in building traefik from master [\#949](https://github.com/containous/traefik/issues/949)
+- Proxy http application to https doesn't seem to work correctly for all services [\#937](https://github.com/containous/traefik/issues/937)
+- Excessive requests to kubernetes apiserver [\#922](https://github.com/containous/traefik/issues/922)
+- I am getting a connection error while creating traefik with consul backend "dial tcp 127.0.0.1:8500: getsockopt: connection refused" [\#917](https://github.com/containous/traefik/issues/917)
+- SwarmMode - 1.13 RC2 - DNS RR - Individual IPs not retrieved [\#913](https://github.com/containous/traefik/issues/913)
+- Panic in kubernetes ingress \(traefik 1.1.0\) [\#910](https://github.com/containous/traefik/issues/910)
+- Kubernetes updating deployment image requires Ingress to be remade  [\#909](https://github.com/containous/traefik/issues/909)
+- \[ACME\] Too many currently pending authorizations [\#905](https://github.com/containous/traefik/issues/905)
+- WEB UI Authentication and Let's Encrypt : error 404 [\#754](https://github.com/containous/traefik/issues/754)
+- Traefik as ingress controller for SNI based routing in kubernetes [\#745](https://github.com/containous/traefik/issues/745)
+- Kubernetes Ingress backend: using self-signed certificates [\#486](https://github.com/containous/traefik/issues/486)
+- Kubernetes Ingress backend: can't find token and ca.crt [\#484](https://github.com/containous/traefik/issues/484)
+
+**Merged pull requests:**
+
+- Fix duplicate acme certificates [\#972](https://github.com/containous/traefik/pull/972) ([emilevauge](https://github.com/emilevauge))
+- Fix leadership panic [\#956](https://github.com/containous/traefik/pull/956) ([emilevauge](https://github.com/emilevauge))
+- Fix redirect regex [\#947](https://github.com/containous/traefik/pull/947) ([emilevauge](https://github.com/emilevauge))
+- Add operation recover [\#944](https://github.com/containous/traefik/pull/944) ([emilevauge](https://github.com/emilevauge))
+
+## [v1.1.1](https://github.com/containous/traefik/tree/v1.1.1) (2016-11-29)
+[Full Changelog](https://github.com/containous/traefik/compare/v1.1.0...v1.1.1)
+
+**Implemented enhancements:**
+
+- Getting "Kubernetes connection error failed to decode watch event : unexpected EOF" every minute in Traefik log [\#732](https://github.com/containous/traefik/issues/732)
+
+**Fixed bugs:**
+
+- 1.1.0 kubernetes panic: send on closed channel [\#877](https://github.com/containous/traefik/issues/877)
+- digest auth example is incorrect [\#869](https://github.com/containous/traefik/issues/869)
+- Marathon & Mesos providers' GroupsAsSubDomains option broken [\#867](https://github.com/containous/traefik/issues/867)
+- 404 responses when a new Marathon leader is elected [\#653](https://github.com/containous/traefik/issues/653)
+
+**Closed issues:**
+
+- traefik:latest fails to auto-detect Docker containers [\#901](https://github.com/containous/traefik/issues/901)
+- Panic error on bare metal Kubernetes \(installed with Kubeadm\) [\#897](https://github.com/containous/traefik/issues/897)
+- api backend readOnly: what is the purpose of this setting [\#893](https://github.com/containous/traefik/issues/893)
+- file backend: using external file - doesn't work [\#892](https://github.com/containous/traefik/issues/892)
+- auth support for web backend [\#891](https://github.com/containous/traefik/issues/891)
+- Basic auth with docker labels [\#890](https://github.com/containous/traefik/issues/890)
+- file vs inline config [\#888](https://github.com/containous/traefik/issues/888)
+- combine Host and HostRegexp rules [\#882](https://github.com/containous/traefik/issues/882)
+- \[Question\] Traefik + Kubernetes + Let's Encrypt \(ssl not used\) [\#881](https://github.com/containous/traefik/issues/881)
+- Traefik security for dashboard [\#880](https://github.com/containous/traefik/issues/880)
+- Kubernetes Nginx Deployment Panic [\#879](https://github.com/containous/traefik/issues/879)
+- Kubernetes Example Address already in use [\#872](https://github.com/containous/traefik/issues/872)
+- ETCD Backend - frontend/backends missing [\#866](https://github.com/containous/traefik/issues/866)
+- \[Swarm mode\] Dashboard does not work on RC4 [\#864](https://github.com/containous/traefik/issues/864)
+- Docker v1.1.0 image does not exist [\#861](https://github.com/containous/traefik/issues/861)
+- ConsulService catalog do not support multiple rules [\#859](https://github.com/containous/traefik/issues/859)
+- Update official docker repo [\#858](https://github.com/containous/traefik/issues/858)
+- Still a memory leak with k8s - 1.1 RC4 [\#844](https://github.com/containous/traefik/issues/844)
+
+**Merged pull requests:**
+
+- Fix Swarm panic [\#908](https://github.com/containous/traefik/pull/908) ([emilevauge](https://github.com/emilevauge))
+- Fix k8s panic [\#900](https://github.com/containous/traefik/pull/900) ([emilevauge](https://github.com/emilevauge))
+- Fix missing value for k8s watch request parameter [\#874](https://github.com/containous/traefik/pull/874) ([codablock](https://github.com/codablock))
+- Fix GroupsAsSubDomains option for Mesos and Marathon [\#868](https://github.com/containous/traefik/pull/868) ([ryanleary](https://github.com/ryanleary))
+- Normalize backend even if is user-defined [\#865](https://github.com/containous/traefik/pull/865) ([WTFKr0](https://github.com/WTFKr0))
+- consul/kv.tmpl: weight default value should be a int [\#826](https://github.com/containous/traefik/pull/826) ([klausenbusk](https://github.com/klausenbusk))
+
+## [v1.1.0](https://github.com/containous/traefik/tree/v1.1.0) (2016-11-17)
+[Full Changelog](https://github.com/containous/traefik/compare/v1.0.0...v1.1.0)
+
+**Implemented enhancements:**
+
+- Support healthcheck if present for docker [\#666](https://github.com/containous/traefik/issues/666)
+- Standard unit for traefik latency in access log [\#559](https://github.com/containous/traefik/issues/559)
+- \[CI\] wiredep marked as unmaintained [\#550](https://github.com/containous/traefik/issues/550)
+- Feature Request: Enable Health checks to containers. [\#540](https://github.com/containous/traefik/issues/540)
+- Feature Request: SSL Cipher Selection [\#535](https://github.com/containous/traefik/issues/535)
+- Error with -consulcatalog and missing load balance method on 1.0.0 [\#524](https://github.com/containous/traefik/issues/524)
+- Running Traefik with Docker 1.12 Swarm Mode [\#504](https://github.com/containous/traefik/issues/504)
+- Kubernetes provider: should allow the master url to be override [\#501](https://github.com/containous/traefik/issues/501)
+- \[FRONTEND\]\[LE\] Pre-generate SSL certificates for "Host:" rules [\#483](https://github.com/containous/traefik/issues/483)
+- Frontend Rule evolution [\#437](https://github.com/containous/traefik/issues/437)
+- Add a Changelog [\#388](https://github.com/containous/traefik/issues/388)
+- Add label matching for kubernetes ingests [\#363](https://github.com/containous/traefik/issues/363)
+- Acme in HA Traefik Scenario [\#348](https://github.com/containous/traefik/issues/348)
+- HTTP Basic Auth support [\#77](https://github.com/containous/traefik/issues/77)
+- Session affinity / stickiness / persistence [\#5](https://github.com/containous/traefik/issues/5)
+
+**Fixed bugs:**
+
+- 1.1.0-rc4 dashboard UX not displaying [\#828](https://github.com/containous/traefik/issues/828)
+- Traefik stopped serving on upgrade to v1.1.0-rc3 [\#807](https://github.com/containous/traefik/issues/807)
+- cannot access webui/dashboard  [\#796](https://github.com/containous/traefik/issues/796)
+- Traefik cannot read constraints from KV [\#794](https://github.com/containous/traefik/issues/794)
+- HTTP2 - configuration [\#790](https://github.com/containous/traefik/issues/790)
+- Cannot provide multiple certificates using flag [\#757](https://github.com/containous/traefik/issues/757)
+- Allow multiple certificates on a single entrypoint when trying to use TLS? [\#747](https://github.com/containous/traefik/issues/747)
+- traefik \* Users: unsupported type: slice [\#743](https://github.com/containous/traefik/issues/743)
+- \[Docker swarm mode\] The traefik.docker.network seems to have no effect [\#719](https://github.com/containous/traefik/issues/719)
+- traefik hangs - stops handling requests [\#662](https://github.com/containous/traefik/issues/662)
+- Add long jobs in exponential backoff providers  [\#626](https://github.com/containous/traefik/issues/626)
+- Tip of tree crashes on invalid pointer on Marathon provider [\#624](https://github.com/containous/traefik/issues/624)
+- ACME: revoke certificate on agreement update [\#579](https://github.com/containous/traefik/issues/579)
+- WebUI: Providers tabs disappeared [\#577](https://github.com/containous/traefik/issues/577)
+- traefik version command contains incorrect information when building from master branch [\#569](https://github.com/containous/traefik/issues/569)
+- Case sensitive domain names breaks routing  [\#562](https://github.com/containous/traefik/issues/562)
+- Flag --etcd.endpoint default [\#508](https://github.com/containous/traefik/issues/508)
+- Conditional ACME on demand generation [\#505](https://github.com/containous/traefik/issues/505)
+- Important delay with streams \(Mozilla EventSource\) [\#503](https://github.com/containous/traefik/issues/503)
+- Traefik crashing [\#458](https://github.com/containous/traefik/issues/458)
+- traefik.toml constraints error: `Expected map but found 'string'.` [\#451](https://github.com/containous/traefik/issues/451)
+- Multiple path separators in the url path causing redirect [\#167](https://github.com/containous/traefik/issues/167)
+
+**Closed issues:**
+
+- All path rules require paths to be lowercase [\#851](https://github.com/containous/traefik/issues/851)
+- The UI stops working after a time and have to restart the service. [\#840](https://github.com/containous/traefik/issues/840)
+- Incorrect Dashboard page returned [\#831](https://github.com/containous/traefik/issues/831)
+- LoadBalancing doesn't work in single node Swarm-mode [\#815](https://github.com/containous/traefik/issues/815)
+- cannot connect to docker daemon [\#813](https://github.com/containous/traefik/issues/813)
+- Let's encrypt configuration not working [\#805](https://github.com/containous/traefik/issues/805)
+- Multiple subdomains for Marathon backend. [\#785](https://github.com/containous/traefik/issues/785)
+- traefik-1.1.0-rc1: build error [\#781](https://github.com/containous/traefik/issues/781)
+- dependencies installation error [\#755](https://github.com/containous/traefik/issues/755)
+- k8s provider w/ acme? [\#752](https://github.com/containous/traefik/issues/752)
+- Swarm Docs - How to use a FQDN [\#744](https://github.com/containous/traefik/issues/744)
+- Documented ProvidersThrottleDuration value is invalid [\#741](https://github.com/containous/traefik/issues/741)
+- Sensible configuration for consulCatalog [\#737](https://github.com/containous/traefik/issues/737)
+- Traefik ignoring container listening in more than one TCP port [\#734](https://github.com/containous/traefik/issues/734)
+- Loadbalaning issues with traefik and Docker Swarm cluster [\#730](https://github.com/containous/traefik/issues/730)
+- issues with marathon app ids containing a dot [\#726](https://github.com/containous/traefik/issues/726)
+- Error when using HA acme in kubernetes with etcd [\#725](https://github.com/containous/traefik/issues/725)
+- \[Docker swarm mode\] No round robin when using service [\#718](https://github.com/containous/traefik/issues/718)
+- Dose it support docker swarm mode  [\#712](https://github.com/containous/traefik/issues/712)
+- Kubernetes - Undefined backend  [\#710](https://github.com/containous/traefik/issues/710)
+- How Routing traffic depending on path not domain in docker [\#706](https://github.com/containous/traefik/issues/706)
+- Constraints on Consul Catalogue not working as expected [\#703](https://github.com/containous/traefik/issues/703)
+- Global InsecureSkipVerify does not work [\#700](https://github.com/containous/traefik/issues/700)
+- Traefik crashes when using Consul catalog [\#699](https://github.com/containous/traefik/issues/699)
+- \[documentation/feature\] Consul/etcd support atomic multiple key changes now [\#698](https://github.com/containous/traefik/issues/698)
+- How to configure which network to use when starting traefik binary? [\#694](https://github.com/containous/traefik/issues/694)
+- How to get multiple host headers working for docker labels? [\#692](https://github.com/containous/traefik/issues/692)
+- Requests with URL-encoded characters are not forwarded correctly [\#684](https://github.com/containous/traefik/issues/684)
+- File Watcher for rules does not work  [\#683](https://github.com/containous/traefik/issues/683)
+- Issue with global InsecureSkipVerify = true and self signed certificates [\#667](https://github.com/containous/traefik/issues/667)
+- Docker exposedbydefault = false didn't work [\#663](https://github.com/containous/traefik/issues/663)
+- swarm documentation needs update [\#656](https://github.com/containous/traefik/issues/656)
+- \[ACME\] Auto SAN Detection [\#655](https://github.com/containous/traefik/issues/655)
+- Fronting a domain with DNS A-record round-robin & ACME [\#654](https://github.com/containous/traefik/issues/654)
+- Overriding toml configuration with environment variables [\#650](https://github.com/containous/traefik/issues/650)
+- marathon provider exposedByDefault = false [\#647](https://github.com/containous/traefik/issues/647)
+- Add status URL for service up checks [\#642](https://github.com/containous/traefik/issues/642)
+- acme's storage file, containing private key, is word readable [\#638](https://github.com/containous/traefik/issues/638)
+- wildcard domain with exclusions [\#633](https://github.com/containous/traefik/issues/633)
+- Enable evenly distribution among backend [\#631](https://github.com/containous/traefik/issues/631)
+- Traefik sporadically failing when proxying requests [\#615](https://github.com/containous/traefik/issues/615)
+- TCP Proxy [\#608](https://github.com/containous/traefik/issues/608)
+- How to use in Windows? [\#605](https://github.com/containous/traefik/issues/605)
+- `ClientCAFiles` ignored [\#604](https://github.com/containous/traefik/issues/604)
+- Let`s Encrypt enable in etcd [\#600](https://github.com/containous/traefik/issues/600)
+- Support HTTP Basic Auth [\#599](https://github.com/containous/traefik/issues/599)
+- Consul KV seem broken [\#587](https://github.com/containous/traefik/issues/587)
+- HTTPS entryPoint not working [\#574](https://github.com/containous/traefik/issues/574)
+- Traefik stuck when used as frontend for a streaming API [\#560](https://github.com/containous/traefik/issues/560)
+- Exclude some frontends in consul catalog [\#555](https://github.com/containous/traefik/issues/555)
+- Update docs with new Mesos provider [\#548](https://github.com/containous/traefik/issues/548)
+- Can I use Traefik without a domain name? [\#539](https://github.com/containous/traefik/issues/539)
+- docker run syntax in swarm example has changed [\#528](https://github.com/containous/traefik/issues/528)
+- Priortities in 1.0.0 not behaving [\#506](https://github.com/containous/traefik/issues/506)
+- Route by path [\#500](https://github.com/containous/traefik/issues/500)
+- Secure WebSockets [\#467](https://github.com/containous/traefik/issues/467)
+- Container IP Lost [\#375](https://github.com/containous/traefik/issues/375)
+- Multiple routes support with Docker or Marathon labels [\#118](https://github.com/containous/traefik/issues/118)
+
+**Merged pull requests:**
+
+- Fix path case sensitive v1.1 [\#855](https://github.com/containous/traefik/pull/855) ([emilevauge](https://github.com/emilevauge))
+- Fix golint in v1.1 [\#849](https://github.com/containous/traefik/pull/849) ([emilevauge](https://github.com/emilevauge))
+- Fix Kubernetes watch leak [\#845](https://github.com/containous/traefik/pull/845) ([emilevauge](https://github.com/emilevauge))
+- Pass Version, Codename and Date to crosscompiled [\#842](https://github.com/containous/traefik/pull/842) ([guilhem](https://github.com/guilhem))
+- Add Nvd3 Dependency to fix UI / Dashboard [\#829](https://github.com/containous/traefik/pull/829) ([SantoDE](https://github.com/SantoDE))
+- Fix mkdoc theme [\#823](https://github.com/containous/traefik/pull/823) ([emilevauge](https://github.com/emilevauge))
+- Prepare release v1.1.0 rc4 [\#822](https://github.com/containous/traefik/pull/822) ([emilevauge](https://github.com/emilevauge))
+- Check that we serve HTTP/2 [\#820](https://github.com/containous/traefik/pull/820) ([trecloux](https://github.com/trecloux))
+- Fix multiple issues [\#814](https://github.com/containous/traefik/pull/814) ([emilevauge](https://github.com/emilevauge))
+- Fix ACME renew & add version check [\#783](https://github.com/containous/traefik/pull/783) ([emilevauge](https://github.com/emilevauge))
+- Use first port by default [\#782](https://github.com/containous/traefik/pull/782) ([guilhem](https://github.com/guilhem))
+- Prepare release v1.1.0-rc3 [\#779](https://github.com/containous/traefik/pull/779) ([emilevauge](https://github.com/emilevauge))
+- Fix ResponseRecorder Flush [\#776](https://github.com/containous/traefik/pull/776) ([emilevauge](https://github.com/emilevauge))
+- Use sdnotify for systemd [\#768](https://github.com/containous/traefik/pull/768) ([guilhem](https://github.com/guilhem))
+- Fix providers throttle duration doc [\#760](https://github.com/containous/traefik/pull/760) ([emilevauge](https://github.com/emilevauge))
+- Fix mapstructure issue with anonymous slice [\#759](https://github.com/containous/traefik/pull/759) ([emilevauge](https://github.com/emilevauge))
+- Fix multiple certificates using flag [\#758](https://github.com/containous/traefik/pull/758) ([emilevauge](https://github.com/emilevauge))
+- Really fix deploy ghr... [\#748](https://github.com/containous/traefik/pull/748) ([emilevauge](https://github.com/emilevauge))
+- Fixes deploy ghr [\#742](https://github.com/containous/traefik/pull/742) ([emilevauge](https://github.com/emilevauge))
+- prepare v1.1.0-rc2 [\#740](https://github.com/containous/traefik/pull/740) ([emilevauge](https://github.com/emilevauge))
+- Fix case sensitive host [\#733](https://github.com/containous/traefik/pull/733) ([emilevauge](https://github.com/emilevauge))
+- Update Kubernetes examples [\#731](https://github.com/containous/traefik/pull/731) ([Starefossen](https://github.com/Starefossen))
+- fIx marathon template with dots in ID [\#728](https://github.com/containous/traefik/pull/728) ([emilevauge](https://github.com/emilevauge))
+- Fix networkMap construction in ListServices [\#724](https://github.com/containous/traefik/pull/724) ([vincentlepot](https://github.com/vincentlepot))
+- Add basic compatibility with marathon-lb [\#720](https://github.com/containous/traefik/pull/720) ([guilhem](https://github.com/guilhem))
+- Add Ed's video at ContainerCamp [\#717](https://github.com/containous/traefik/pull/717) ([emilevauge](https://github.com/emilevauge))
+- Add documentation for Træfik on docker swarm mode [\#715](https://github.com/containous/traefik/pull/715) ([vdemeester](https://github.com/vdemeester))
+- Remove duplicated link to Kubernetes.io in README.md [\#713](https://github.com/containous/traefik/pull/713) ([oscerd](https://github.com/oscerd))
+- Show current version in web UI [\#709](https://github.com/containous/traefik/pull/709) ([vhf](https://github.com/vhf))
+- Add support for docker healthcheck 👼 [\#708](https://github.com/containous/traefik/pull/708) ([vdemeester](https://github.com/vdemeester))
+- Fix syntax in Swarm example. Resolves \#528 [\#707](https://github.com/containous/traefik/pull/707) ([billglover](https://github.com/billglover))
+- Add HTTP compression [\#702](https://github.com/containous/traefik/pull/702) ([tuier](https://github.com/tuier))
+- Carry PR 446 - Add sticky session support \(round two!\) [\#701](https://github.com/containous/traefik/pull/701) ([emilevauge](https://github.com/emilevauge))
+- Remove unused endpoint when using constraints with Marathon provider [\#697](https://github.com/containous/traefik/pull/697) ([tuier](https://github.com/tuier))
+- Replace imagelayers.io with microbadger [\#696](https://github.com/containous/traefik/pull/696) ([solidnerd](https://github.com/solidnerd))
+- Selectable TLS Versions [\#690](https://github.com/containous/traefik/pull/690) ([dtomcej](https://github.com/dtomcej))
+- Carry pr 439 [\#689](https://github.com/containous/traefik/pull/689) ([emilevauge](https://github.com/emilevauge))
+- Disable gorilla/mux URL cleaning to prevent sending redirect [\#688](https://github.com/containous/traefik/pull/688) ([ydubreuil](https://github.com/ydubreuil))
+- Some fixes [\#687](https://github.com/containous/traefik/pull/687) ([emilevauge](https://github.com/emilevauge))
+- feat\(constraints\): Supports constraints for Marathon provider [\#686](https://github.com/containous/traefik/pull/686) ([tuier](https://github.com/tuier))
+- Update docs to improve contribution setup [\#685](https://github.com/containous/traefik/pull/685) ([dtomcej](https://github.com/dtomcej))
+- Add basic auth support for web backend [\#677](https://github.com/containous/traefik/pull/677) ([SantoDE](https://github.com/SantoDE))
+- Document accepted values for logLevel. [\#676](https://github.com/containous/traefik/pull/676) ([jimmycuadra](https://github.com/jimmycuadra))
+- If Marathon doesn't have healthcheck, assume it's ok [\#665](https://github.com/containous/traefik/pull/665) ([gomes](https://github.com/gomes))
+- ACME: renew certificates 30 days before expiry [\#660](https://github.com/containous/traefik/pull/660) ([JayH5](https://github.com/JayH5))
+- Update broken link and add a comment to sample config file  [\#658](https://github.com/containous/traefik/pull/658) ([Yggdrasil](https://github.com/Yggdrasil))
+- Add possibility to use BindPort IPAddress 👼 [\#657](https://github.com/containous/traefik/pull/657) ([vdemeester](https://github.com/vdemeester))
+- Update marathon [\#648](https://github.com/containous/traefik/pull/648) ([emilevauge](https://github.com/emilevauge))
+- Add backend features to docker [\#646](https://github.com/containous/traefik/pull/646) ([jangie](https://github.com/jangie))
+- enable consul catalog to use maxconn [\#645](https://github.com/containous/traefik/pull/645) ([jangie](https://github.com/jangie))
+- Adopt the Code Of Coduct from http://contributor-covenant.org [\#641](https://github.com/containous/traefik/pull/641) ([errm](https://github.com/errm))
+- Use secure mode 600 instead of 644 for acme.json [\#639](https://github.com/containous/traefik/pull/639) ([discordianfish](https://github.com/discordianfish))
+- docker clarification, fix dead urls, misc typos [\#637](https://github.com/containous/traefik/pull/637) ([djalal](https://github.com/djalal))
+- add PING handler to dashboard API [\#630](https://github.com/containous/traefik/pull/630) ([jangie](https://github.com/jangie))
+- Migrate to JobBackOff [\#628](https://github.com/containous/traefik/pull/628) ([emilevauge](https://github.com/emilevauge))
+- Add long job exponential backoff [\#627](https://github.com/containous/traefik/pull/627) ([emilevauge](https://github.com/emilevauge))
+- HA acme support [\#625](https://github.com/containous/traefik/pull/625) ([emilevauge](https://github.com/emilevauge))
+- Bump go v1.7 [\#620](https://github.com/containous/traefik/pull/620) ([emilevauge](https://github.com/emilevauge))
+- Make duration logging consistent [\#619](https://github.com/containous/traefik/pull/619) ([jangie](https://github.com/jangie))
+- fix for nil clientTLS causing issue [\#617](https://github.com/containous/traefik/pull/617) ([jangie](https://github.com/jangie))
+- Add ability for marathon provider to set maxconn values, loadbalancer algorithm, and circuit breaker expression [\#616](https://github.com/containous/traefik/pull/616) ([jangie](https://github.com/jangie))
+- Make systemd unit installable [\#613](https://github.com/containous/traefik/pull/613) ([keis](https://github.com/keis))
+- Merge v1.0.2 master [\#610](https://github.com/containous/traefik/pull/610) ([emilevauge](https://github.com/emilevauge))
+- update staert and flaeg [\#609](https://github.com/containous/traefik/pull/609) ([cocap10](https://github.com/cocap10))
+- \#504 Initial support for Docker 1.12 Swarm Mode [\#602](https://github.com/containous/traefik/pull/602) ([diegofernandes](https://github.com/diegofernandes))
+- Add Host cert ACME generation [\#601](https://github.com/containous/traefik/pull/601) ([emilevauge](https://github.com/emilevauge))
+- Fixed binary script so traefik version command doesn't just print default values [\#598](https://github.com/containous/traefik/pull/598) ([keiths-osc](https://github.com/keiths-osc))
+- Name servers after thier pods [\#596](https://github.com/containous/traefik/pull/596) ([errm](https://github.com/errm))
+- Fix Consul prefix [\#589](https://github.com/containous/traefik/pull/589) ([jippi](https://github.com/jippi))
+- Prioritize kubernetes routes by path length [\#588](https://github.com/containous/traefik/pull/588) ([philk](https://github.com/philk))
+- beautify help [\#580](https://github.com/containous/traefik/pull/580) ([cocap10](https://github.com/cocap10))
+- Upgrade directives name since we use angular-ui-bootstrap [\#578](https://github.com/containous/traefik/pull/578) ([micaelmbagira](https://github.com/micaelmbagira))
+- Fix basic docs for configuration of multiple rules [\#576](https://github.com/containous/traefik/pull/576) ([ajaegle](https://github.com/ajaegle))
+- Fix k8s watch [\#573](https://github.com/containous/traefik/pull/573) ([errm](https://github.com/errm))
+- Add requirements.txt for netlify [\#567](https://github.com/containous/traefik/pull/567) ([emilevauge](https://github.com/emilevauge))
+- Merge v1.0.1 master [\#565](https://github.com/containous/traefik/pull/565) ([emilevauge](https://github.com/emilevauge))
+-  Move webui to FountainJS with Webpack [\#558](https://github.com/containous/traefik/pull/558) ([micaelmbagira](https://github.com/micaelmbagira))
+- Add global InsecureSkipVerify option to disable certificate checking [\#557](https://github.com/containous/traefik/pull/557) ([stuart-c](https://github.com/stuart-c))
+- Move version.go in its own package… [\#553](https://github.com/containous/traefik/pull/553) ([vdemeester](https://github.com/vdemeester))
+- Upgrade libkermit and dependencies [\#552](https://github.com/containous/traefik/pull/552) ([vdemeester](https://github.com/vdemeester))
+- Add command storeconfig [\#551](https://github.com/containous/traefik/pull/551) ([cocap10](https://github.com/cocap10))
+- Add basic/digest auth [\#547](https://github.com/containous/traefik/pull/547) ([emilevauge](https://github.com/emilevauge))
+- Bump node to 6 for webui [\#546](https://github.com/containous/traefik/pull/546) ([vdemeester](https://github.com/vdemeester))
+- Bump golang to 1.6.3 [\#545](https://github.com/containous/traefik/pull/545) ([vdemeester](https://github.com/vdemeester))
+- Fix typos [\#538](https://github.com/containous/traefik/pull/538) ([jimt](https://github.com/jimt))
+- Kubernetes user-guide [\#519](https://github.com/containous/traefik/pull/519) ([errm](https://github.com/errm))
+- Implement Kubernetes Selectors, minor kube endpoint fix [\#516](https://github.com/containous/traefik/pull/516) ([pnegahdar](https://github.com/pnegahdar))
+- Carry \#358 : Option to disable expose of all docker containers [\#514](https://github.com/containous/traefik/pull/514) ([vdemeester](https://github.com/vdemeester))
+- Remove traefik.frontend.value support in docker… [\#510](https://github.com/containous/traefik/pull/510) ([vdemeester](https://github.com/vdemeester))
+- Use KvStores as global config sources [\#481](https://github.com/containous/traefik/pull/481) ([cocap10](https://github.com/cocap10))
+- Add endpoint option to authenticate by client tls cert. [\#461](https://github.com/containous/traefik/pull/461) ([andersbetner](https://github.com/andersbetner))
+- add mesos provider inspired by mesos-dns & marathon provider [\#353](https://github.com/containous/traefik/pull/353) ([skydjol](https://github.com/skydjol))
+
+## [v1.1.0-rc4](https://github.com/containous/traefik/tree/v1.1.0-rc4) (2016-11-10)
+[Full Changelog](https://github.com/containous/traefik/compare/v1.1.0-rc3...v1.1.0-rc4)
+
+**Implemented enhancements:**
+
+- Feature Request: Enable Health checks to containers. [\#540](https://github.com/containous/traefik/issues/540)
+
+**Fixed bugs:**
+
+- Traefik stopped serving on upgrade to v1.1.0-rc3 [\#807](https://github.com/containous/traefik/issues/807)
+- Traefik cannot read constraints from KV [\#794](https://github.com/containous/traefik/issues/794)
+- HTTP2 - configuration [\#790](https://github.com/containous/traefik/issues/790)
+- Allow multiple certificates on a single entrypoint when trying to use TLS? [\#747](https://github.com/containous/traefik/issues/747)
+
+**Closed issues:**
+
+- LoadBalancing doesn't work in single node Swarm-mode [\#815](https://github.com/containous/traefik/issues/815)
+- cannot connect to docker daemon [\#813](https://github.com/containous/traefik/issues/813)
+- Let's encrypt configuration not working [\#805](https://github.com/containous/traefik/issues/805)
+- Question: Wildcard Host for Kubernetes Ingress [\#792](https://github.com/containous/traefik/issues/792)
+- Multiple subdomains for Marathon backend. [\#785](https://github.com/containous/traefik/issues/785)
+- traefik-1.1.0-rc1: build error [\#781](https://github.com/containous/traefik/issues/781)
+- Multiple routes support with Docker or Marathon labels [\#118](https://github.com/containous/traefik/issues/118)
+
+**Merged pull requests:**
+
+- Prepare release v1.1.0 rc4 [\#822](https://github.com/containous/traefik/pull/822) ([emilevauge](https://github.com/emilevauge))
+- Fix multiple issues [\#814](https://github.com/containous/traefik/pull/814) ([emilevauge](https://github.com/emilevauge))
+- Fix ACME renew & add version check [\#783](https://github.com/containous/traefik/pull/783) ([emilevauge](https://github.com/emilevauge))
+- Use first port by default [\#782](https://github.com/containous/traefik/pull/782) ([guilhem](https://github.com/guilhem))
+
+## [v1.1.0-rc3](https://github.com/containous/traefik/tree/v1.1.0-rc3) (2016-10-26)
+[Full Changelog](https://github.com/containous/traefik/compare/v1.1.0-rc2...v1.1.0-rc3)
+
+**Fixed bugs:**
+
+- Cannot provide multiple certificates using flag [\#757](https://github.com/containous/traefik/issues/757)
+- traefik \* Users: unsupported type: slice [\#743](https://github.com/containous/traefik/issues/743)
+- \[Docker swarm mode\] The traefik.docker.network seems to have no effect [\#719](https://github.com/containous/traefik/issues/719)
+- Case sensitive domain names breaks routing  [\#562](https://github.com/containous/traefik/issues/562)
+
+**Closed issues:**
+
+- dependencies installation error [\#755](https://github.com/containous/traefik/issues/755)
+- k8s provider w/ acme? [\#752](https://github.com/containous/traefik/issues/752)
+- Documented ProvidersThrottleDuration value is invalid [\#741](https://github.com/containous/traefik/issues/741)
+- Loadbalaning issues with traefik and Docker Swarm cluster [\#730](https://github.com/containous/traefik/issues/730)
+- issues with marathon app ids containing a dot [\#726](https://github.com/containous/traefik/issues/726)
+- How Routing traffic depending on path not domain in docker [\#706](https://github.com/containous/traefik/issues/706)
+- Traefik crashes when using Consul catalog [\#699](https://github.com/containous/traefik/issues/699)
+- File Watcher for rules does not work  [\#683](https://github.com/containous/traefik/issues/683)
+
+**Merged pull requests:**
+
+- Fix ResponseRecorder Flush [\#776](https://github.com/containous/traefik/pull/776) ([emilevauge](https://github.com/emilevauge))
+- Use sdnotify for systemd [\#768](https://github.com/containous/traefik/pull/768) ([guilhem](https://github.com/guilhem))
+- Fix providers throttle duration doc [\#760](https://github.com/containous/traefik/pull/760) ([emilevauge](https://github.com/emilevauge))
+- Fix mapstructure issue with anonymous slice [\#759](https://github.com/containous/traefik/pull/759) ([emilevauge](https://github.com/emilevauge))
+- Fix multiple certificates using flag [\#758](https://github.com/containous/traefik/pull/758) ([emilevauge](https://github.com/emilevauge))
+- Really fix deploy ghr... [\#748](https://github.com/containous/traefik/pull/748) ([emilevauge](https://github.com/emilevauge))
+
+## [v1.1.0-rc2](https://github.com/containous/traefik/tree/v1.1.0-rc2) (2016-10-17)
+[Full Changelog](https://github.com/containous/traefik/compare/v1.1.0-rc1...v1.1.0-rc2)
+
+**Implemented enhancements:**
+
+- Support healthcheck if present for docker [\#666](https://github.com/containous/traefik/issues/666)
+
+**Closed issues:**
+
+- Sensible configuration for consulCatalog [\#737](https://github.com/containous/traefik/issues/737)
+- Traefik ignoring container listening in more than one TCP port [\#734](https://github.com/containous/traefik/issues/734)
+- Error when using HA acme in kubernetes with etcd [\#725](https://github.com/containous/traefik/issues/725)
+- \[Docker swarm mode\] No round robin when using service [\#718](https://github.com/containous/traefik/issues/718)
+- Dose it support docker swarm mode  [\#712](https://github.com/containous/traefik/issues/712)
+- Kubernetes - Undefined backend  [\#710](https://github.com/containous/traefik/issues/710)
+- Constraints on Consul Catalogue not working as expected [\#703](https://github.com/containous/traefik/issues/703)
+- docker run syntax in swarm example has changed [\#528](https://github.com/containous/traefik/issues/528)
+- Secure WebSockets [\#467](https://github.com/containous/traefik/issues/467)
+
+**Merged pull requests:**
+
+- Fix case sensitive host [\#733](https://github.com/containous/traefik/pull/733) ([emilevauge](https://github.com/emilevauge))
+- Update Kubernetes examples [\#731](https://github.com/containous/traefik/pull/731) ([Starefossen](https://github.com/Starefossen))
+- fIx marathon template with dots in ID [\#728](https://github.com/containous/traefik/pull/728) ([emilevauge](https://github.com/emilevauge))
+- Fix networkMap construction in ListServices [\#724](https://github.com/containous/traefik/pull/724) ([vincentlepot](https://github.com/vincentlepot))
+- Add basic compatibility with marathon-lb [\#720](https://github.com/containous/traefik/pull/720) ([guilhem](https://github.com/guilhem))
+- Add Ed's video at ContainerCamp [\#717](https://github.com/containous/traefik/pull/717) ([emilevauge](https://github.com/emilevauge))
+- Add documentation for Træfik on docker swarm mode [\#715](https://github.com/containous/traefik/pull/715) ([vdemeester](https://github.com/vdemeester))
+- Remove duplicated link to Kubernetes.io in README.md [\#713](https://github.com/containous/traefik/pull/713) ([oscerd](https://github.com/oscerd))
+- Show current version in web UI [\#709](https://github.com/containous/traefik/pull/709) ([vhf](https://github.com/vhf))
+- Add support for docker healthcheck 👼 [\#708](https://github.com/containous/traefik/pull/708) ([vdemeester](https://github.com/vdemeester))
+- Fix syntax in Swarm example. Resolves \#528 [\#707](https://github.com/containous/traefik/pull/707) ([billglover](https://github.com/billglover))
+
+## [v1.1.0-rc1](https://github.com/containous/traefik/tree/v1.1.0-rc1) (2016-09-30)
+[Full Changelog](https://github.com/containous/traefik/compare/v1.0.0...v1.1.0-rc1)
+
+**Implemented enhancements:**
+
+- Feature Request: SSL Cipher Selection [\#535](https://github.com/containous/traefik/issues/535)
+- Error with -consulcatalog and missing load balance method on 1.0.0 [\#524](https://github.com/containous/traefik/issues/524)
+- Running Traefik with Docker 1.12 Swarm Mode [\#504](https://github.com/containous/traefik/issues/504)
+- Kubernetes provider: should allow the master url to be override [\#501](https://github.com/containous/traefik/issues/501)
+- \[FRONTEND\]\[LE\] Pre-generate SSL certificates for "Host:" rules [\#483](https://github.com/containous/traefik/issues/483)
+- Frontend Rule evolution [\#437](https://github.com/containous/traefik/issues/437)
+- Add a Changelog [\#388](https://github.com/containous/traefik/issues/388)
+- Add label matching for kubernetes ingests [\#363](https://github.com/containous/traefik/issues/363)
+- Acme in HA Traefik Scenario [\#348](https://github.com/containous/traefik/issues/348)
+- HTTP Basic Auth support [\#77](https://github.com/containous/traefik/issues/77)
+- Session affinity / stickiness / persistence [\#5](https://github.com/containous/traefik/issues/5)
+- Kubernetes provider: traefik.frontend.rule.type logging [\#668](https://github.com/containous/traefik/pull/668) ([yvespp](https://github.com/yvespp))
+
+**Fixed bugs:**
+
+- traefik hangs - stops handling requests [\#662](https://github.com/containous/traefik/issues/662)
+- Add long jobs in exponential backoff providers  [\#626](https://github.com/containous/traefik/issues/626)
+- Tip of tree crashes on invalid pointer on Marathon provider [\#624](https://github.com/containous/traefik/issues/624)
+- ACME: revoke certificate on agreement update [\#579](https://github.com/containous/traefik/issues/579)
+- WebUI: Providers tabs disappeared [\#577](https://github.com/containous/traefik/issues/577)
+- traefik version command contains incorrect information when building from master branch [\#569](https://github.com/containous/traefik/issues/569)
+- Flag --etcd.endpoint default [\#508](https://github.com/containous/traefik/issues/508)
+- Conditional ACME on demand generation [\#505](https://github.com/containous/traefik/issues/505)
+- Important delay with streams \(Mozilla EventSource\) [\#503](https://github.com/containous/traefik/issues/503)
+- Traefik crashing [\#458](https://github.com/containous/traefik/issues/458)
+- traefik.toml constraints error: `Expected map but found 'string'.` [\#451](https://github.com/containous/traefik/issues/451)
+- Multiple path separators in the url path causing redirect [\#167](https://github.com/containous/traefik/issues/167)
+
+**Closed issues:**
+
+- Global InsecureSkipVerify does not work [\#700](https://github.com/containous/traefik/issues/700)
+- \[documentation/feature\] Consul/etcd support atomic multiple key changes now [\#698](https://github.com/containous/traefik/issues/698)
+- How to configure which network to use when starting traefik binary? [\#694](https://github.com/containous/traefik/issues/694)
+- How to get multiple host headers working for docker labels? [\#692](https://github.com/containous/traefik/issues/692)
+- Requests with URL-encoded characters are not forwarded correctly [\#684](https://github.com/containous/traefik/issues/684)
+- Issue with global InsecureSkipVerify = true and self signed certificates [\#667](https://github.com/containous/traefik/issues/667)
+- Docker exposedbydefault = false didn't work [\#663](https://github.com/containous/traefik/issues/663)
+- \[ACME\] Auto SAN Detection [\#655](https://github.com/containous/traefik/issues/655)
+- Fronting a domain with DNS A-record round-robin & ACME [\#654](https://github.com/containous/traefik/issues/654)
+- Overriding toml configuration with environment variables [\#650](https://github.com/containous/traefik/issues/650)
+- marathon provider exposedByDefault = false [\#647](https://github.com/containous/traefik/issues/647)
+- Add status URL for service up checks [\#642](https://github.com/containous/traefik/issues/642)
+- acme's storage file, containing private key, is word readable [\#638](https://github.com/containous/traefik/issues/638)
+- wildcard domain with exclusions [\#633](https://github.com/containous/traefik/issues/633)
+- Enable evenly distribution among backend [\#631](https://github.com/containous/traefik/issues/631)
+- Traefik sporadically failing when proxying requests [\#615](https://github.com/containous/traefik/issues/615)
+- TCP Proxy [\#608](https://github.com/containous/traefik/issues/608)
+- How to use in Windows? [\#605](https://github.com/containous/traefik/issues/605)
+- `ClientCAFiles` ignored [\#604](https://github.com/containous/traefik/issues/604)
+- Let`s Encrypt enable in etcd [\#600](https://github.com/containous/traefik/issues/600)
+- Support HTTP Basic Auth [\#599](https://github.com/containous/traefik/issues/599)
+- Consul KV seem broken [\#587](https://github.com/containous/traefik/issues/587)
+- HTTPS entryPoint not working [\#574](https://github.com/containous/traefik/issues/574)
+- Traefik stuck when used as frontend for a streaming API [\#560](https://github.com/containous/traefik/issues/560)
+- Exclude some frontends in consul catalog [\#555](https://github.com/containous/traefik/issues/555)
+- Can I use Traefik without a domain name? [\#539](https://github.com/containous/traefik/issues/539)
+- Priortities in 1.0.0 not behaving [\#506](https://github.com/containous/traefik/issues/506)
+- Route by path [\#500](https://github.com/containous/traefik/issues/500)
+- Container IP Lost [\#375](https://github.com/containous/traefik/issues/375)
+
+**Merged pull requests:**
+
+- Add HTTP compression [\#702](https://github.com/containous/traefik/pull/702) ([tuier](https://github.com/tuier))
+- Carry PR 446 - Add sticky session support \(round two!\) [\#701](https://github.com/containous/traefik/pull/701) ([emilevauge](https://github.com/emilevauge))
+- Remove unused endpoint when using constraints with Marathon provider [\#697](https://github.com/containous/traefik/pull/697) ([tuier](https://github.com/tuier))
+- Replace imagelayers.io with microbadger [\#696](https://github.com/containous/traefik/pull/696) ([solidnerd](https://github.com/solidnerd))
+- Selectable TLS Versions [\#690](https://github.com/containous/traefik/pull/690) ([dtomcej](https://github.com/dtomcej))
+- Carry pr 439 [\#689](https://github.com/containous/traefik/pull/689) ([emilevauge](https://github.com/emilevauge))
+- Disable gorilla/mux URL cleaning to prevent sending redirect [\#688](https://github.com/containous/traefik/pull/688) ([ydubreuil](https://github.com/ydubreuil))
+- Some fixes [\#687](https://github.com/containous/traefik/pull/687) ([emilevauge](https://github.com/emilevauge))
+- feat\(constraints\): Supports constraints for Marathon provider [\#686](https://github.com/containous/traefik/pull/686) ([tuier](https://github.com/tuier))
+- Update docs to improve contribution setup [\#685](https://github.com/containous/traefik/pull/685) ([dtomcej](https://github.com/dtomcej))
+- Add basic auth support for web backend [\#677](https://github.com/containous/traefik/pull/677) ([SantoDE](https://github.com/SantoDE))
+- Document accepted values for logLevel. [\#676](https://github.com/containous/traefik/pull/676) ([jimmycuadra](https://github.com/jimmycuadra))
+- If Marathon doesn't have healthcheck, assume it's ok [\#665](https://github.com/containous/traefik/pull/665) ([gomes](https://github.com/gomes))
+- ACME: renew certificates 30 days before expiry [\#660](https://github.com/containous/traefik/pull/660) ([JayH5](https://github.com/JayH5))
+- Update broken link and add a comment to sample config file  [\#658](https://github.com/containous/traefik/pull/658) ([Yggdrasil](https://github.com/Yggdrasil))
+- Add possibility to use BindPort IPAddress 👼 [\#657](https://github.com/containous/traefik/pull/657) ([vdemeester](https://github.com/vdemeester))
+- Update marathon [\#648](https://github.com/containous/traefik/pull/648) ([emilevauge](https://github.com/emilevauge))
+- Add backend features to docker [\#646](https://github.com/containous/traefik/pull/646) ([jangie](https://github.com/jangie))
+- enable consul catalog to use maxconn [\#645](https://github.com/containous/traefik/pull/645) ([jangie](https://github.com/jangie))
+- Adopt the Code Of Coduct from http://contributor-covenant.org [\#641](https://github.com/containous/traefik/pull/641) ([errm](https://github.com/errm))
+- Use secure mode 600 instead of 644 for acme.json [\#639](https://github.com/containous/traefik/pull/639) ([discordianfish](https://github.com/discordianfish))
+- docker clarification, fix dead urls, misc typos [\#637](https://github.com/containous/traefik/pull/637) ([djalal](https://github.com/djalal))
+- add PING handler to dashboard API [\#630](https://github.com/containous/traefik/pull/630) ([jangie](https://github.com/jangie))
+- Migrate to JobBackOff [\#628](https://github.com/containous/traefik/pull/628) ([emilevauge](https://github.com/emilevauge))
+- Add long job exponential backoff [\#627](https://github.com/containous/traefik/pull/627) ([emilevauge](https://github.com/emilevauge))
+- HA acme support [\#625](https://github.com/containous/traefik/pull/625) ([emilevauge](https://github.com/emilevauge))
+- Bump go v1.7 [\#620](https://github.com/containous/traefik/pull/620) ([emilevauge](https://github.com/emilevauge))
+- Make duration logging consistent [\#619](https://github.com/containous/traefik/pull/619) ([jangie](https://github.com/jangie))
+- fix for nil clientTLS causing issue [\#617](https://github.com/containous/traefik/pull/617) ([jangie](https://github.com/jangie))
+- Add ability for marathon provider to set maxconn values, loadbalancer algorithm, and circuit breaker expression [\#616](https://github.com/containous/traefik/pull/616) ([jangie](https://github.com/jangie))
+- Make systemd unit installable [\#613](https://github.com/containous/traefik/pull/613) ([keis](https://github.com/keis))
+- Merge v1.0.2 master [\#610](https://github.com/containous/traefik/pull/610) ([emilevauge](https://github.com/emilevauge))
+- update staert and flaeg [\#609](https://github.com/containous/traefik/pull/609) ([cocap10](https://github.com/cocap10))
+- \#504 Initial support for Docker 1.12 Swarm Mode [\#602](https://github.com/containous/traefik/pull/602) ([diegofernandes](https://github.com/diegofernandes))
+- Add Host cert ACME generation [\#601](https://github.com/containous/traefik/pull/601) ([emilevauge](https://github.com/emilevauge))
+- Fixed binary script so traefik version command doesn't just print default values [\#598](https://github.com/containous/traefik/pull/598) ([keiths-osc](https://github.com/keiths-osc))
+- Name servers after thier pods [\#596](https://github.com/containous/traefik/pull/596) ([errm](https://github.com/errm))
+- Fix Consul prefix [\#589](https://github.com/containous/traefik/pull/589) ([jippi](https://github.com/jippi))
+- Prioritize kubernetes routes by path length [\#588](https://github.com/containous/traefik/pull/588) ([philk](https://github.com/philk))
+- beautify help [\#580](https://github.com/containous/traefik/pull/580) ([cocap10](https://github.com/cocap10))
+- Upgrade directives name since we use angular-ui-bootstrap [\#578](https://github.com/containous/traefik/pull/578) ([micaelmbagira](https://github.com/micaelmbagira))
+- Fix basic docs for configuration of multiple rules [\#576](https://github.com/containous/traefik/pull/576) ([ajaegle](https://github.com/ajaegle))
+- Fix k8s watch [\#573](https://github.com/containous/traefik/pull/573) ([errm](https://github.com/errm))
+- Add requirements.txt for netlify [\#567](https://github.com/containous/traefik/pull/567) ([emilevauge](https://github.com/emilevauge))
+- Merge v1.0.1 master [\#565](https://github.com/containous/traefik/pull/565) ([emilevauge](https://github.com/emilevauge))
+-  Move webui to FountainJS with Webpack [\#558](https://github.com/containous/traefik/pull/558) ([micaelmbagira](https://github.com/micaelmbagira))
+- Add global InsecureSkipVerify option to disable certificate checking [\#557](https://github.com/containous/traefik/pull/557) ([stuart-c](https://github.com/stuart-c))
+- Move version.go in its own package… [\#553](https://github.com/containous/traefik/pull/553) ([vdemeester](https://github.com/vdemeester))
+- Upgrade libkermit and dependencies [\#552](https://github.com/containous/traefik/pull/552) ([vdemeester](https://github.com/vdemeester))
+- Add command storeconfig [\#551](https://github.com/containous/traefik/pull/551) ([cocap10](https://github.com/cocap10))
+- Add basic/digest auth [\#547](https://github.com/containous/traefik/pull/547) ([emilevauge](https://github.com/emilevauge))
+- Bump node to 6 for webui [\#546](https://github.com/containous/traefik/pull/546) ([vdemeester](https://github.com/vdemeester))
+- Bump golang to 1.6.3 [\#545](https://github.com/containous/traefik/pull/545) ([vdemeester](https://github.com/vdemeester))
+- Fix typos [\#538](https://github.com/containous/traefik/pull/538) ([jimt](https://github.com/jimt))
+- Kubernetes user-guide [\#519](https://github.com/containous/traefik/pull/519) ([errm](https://github.com/errm))
+- Implement Kubernetes Selectors, minor kube endpoint fix [\#516](https://github.com/containous/traefik/pull/516) ([pnegahdar](https://github.com/pnegahdar))
+- Carry \#358 : Option to disable expose of all docker containers [\#514](https://github.com/containous/traefik/pull/514) ([vdemeester](https://github.com/vdemeester))
+- Remove traefik.frontend.value support in docker… [\#510](https://github.com/containous/traefik/pull/510) ([vdemeester](https://github.com/vdemeester))
+- Use KvStores as global config sources [\#481](https://github.com/containous/traefik/pull/481) ([cocap10](https://github.com/cocap10))
+- Add endpoint option to authenticate by client tls cert. [\#461](https://github.com/containous/traefik/pull/461) ([andersbetner](https://github.com/andersbetner))
+- add mesos provider inspired by mesos-dns & marathon provider [\#353](https://github.com/containous/traefik/pull/353) ([skydjol](https://github.com/skydjol))
+
+## [v1.0.2](https://github.com/containous/traefik/tree/v1.0.2) (2016-08-02)
+[Full Changelog](https://github.com/containous/traefik/compare/v1.0.1...v1.0.2)
+
+**Fixed bugs:**
+
+- ACME: revoke certificate on agreement update [\#579](https://github.com/containous/traefik/issues/579)
+
+**Closed issues:**
+
+- Exclude some frontends in consul catalog [\#555](https://github.com/containous/traefik/issues/555)
+
+**Merged pull requests:**
+
+- Bump oxy version, fix streaming [\#584](https://github.com/containous/traefik/pull/584) ([emilevauge](https://github.com/emilevauge))
+- Fix ACME TOS [\#582](https://github.com/containous/traefik/pull/582) ([emilevauge](https://github.com/emilevauge))
+
+## [v1.0.1](https://github.com/containous/traefik/tree/v1.0.1) (2016-07-19)
+[Full Changelog](https://github.com/containous/traefik/compare/v1.0.0...v1.0.1)
+
+**Implemented enhancements:**
+
+- Error with -consulcatalog and missing load balance method on 1.0.0 [\#524](https://github.com/containous/traefik/issues/524)
+- Kubernetes provider: should allow the master url to be override [\#501](https://github.com/containous/traefik/issues/501)
+
+**Fixed bugs:**
+
+- Flag --etcd.endpoint default [\#508](https://github.com/containous/traefik/issues/508)
+- Conditional ACME on demand generation [\#505](https://github.com/containous/traefik/issues/505)
+- Important delay with streams \(Mozilla EventSource\) [\#503](https://github.com/containous/traefik/issues/503)
+
+**Closed issues:**
+
+- Can I use Traefik without a domain name? [\#539](https://github.com/containous/traefik/issues/539)
+- Priortities in 1.0.0 not behaving [\#506](https://github.com/containous/traefik/issues/506)
+- Route by path [\#500](https://github.com/containous/traefik/issues/500)
+
+**Merged pull requests:**
+
+- Update server.go [\#531](https://github.com/containous/traefik/pull/531) ([Jsewill](https://github.com/Jsewill))
+- Add sse support [\#527](https://github.com/containous/traefik/pull/527) ([emilevauge](https://github.com/emilevauge))
+- Fix acme checkOnDemandDomain [\#512](https://github.com/containous/traefik/pull/512) ([emilevauge](https://github.com/emilevauge))
+- Fix default etcd port [\#511](https://github.com/containous/traefik/pull/511) ([errm](https://github.com/errm))
+
+## [v1.0.0](https://github.com/containous/traefik/tree/v1.0.0) (2016-07-05)
+[Full Changelog](https://github.com/containous/traefik/compare/v1.0.0-rc3...v1.0.0)
+
+**Fixed bugs:**
+
+- Enable to define empty TLS option by flag for Let's Encrypt [\#488](https://github.com/containous/traefik/issues/488)
+- \[Docker\] No IP in backend in host networking mode [\#487](https://github.com/containous/traefik/issues/487)
+- Response is compressed when not requested [\#485](https://github.com/containous/traefik/issues/485)
+- loadConfig modifies configuration causing same config check to fail [\#480](https://github.com/containous/traefik/issues/480)
+
+**Closed issues:**
+
+- svg logo [\#482](https://github.com/containous/traefik/issues/482)
+- etcd tries to connect with TLS even with --etcd.tls=false [\#456](https://github.com/containous/traefik/issues/456)
+- Zookeeper - KV connection error: Failed to test KV store connection [\#455](https://github.com/containous/traefik/issues/455)
+- "Not Found" api response needed instead of 404  [\#454](https://github.com/containous/traefik/issues/454)
+- domain label doesn't work on docker [\#447](https://github.com/containous/traefik/issues/447)
+- Any chance of a windows release? [\#425](https://github.com/containous/traefik/issues/425)
+
+**Merged pull requests:**
+
+- Fix windows builds [\#495](https://github.com/containous/traefik/pull/495) ([emilevauge](https://github.com/emilevauge))
+- Fix host Docker network [\#494](https://github.com/containous/traefik/pull/494) ([emilevauge](https://github.com/emilevauge))
+- Fix empty tls flag [\#493](https://github.com/containous/traefik/pull/493) ([emilevauge](https://github.com/emilevauge))
+- Fix webui proxying [\#492](https://github.com/containous/traefik/pull/492) ([emilevauge](https://github.com/emilevauge))
+- Fix default weight in server.LoadConfig [\#491](https://github.com/containous/traefik/pull/491) ([emilevauge](https://github.com/emilevauge))
+- Fix retry headers, simplify ResponseRecorder [\#490](https://github.com/containous/traefik/pull/490) ([emilevauge](https://github.com/emilevauge))
+
+## [v1.0.0-rc3](https://github.com/containous/traefik/tree/v1.0.0-rc3) (2016-06-23)
+[Full Changelog](https://github.com/containous/traefik/compare/v1.0.0-rc2...v1.0.0-rc3)
+
+**Implemented enhancements:**
+
+- support more than one rule to Docker backend [\#419](https://github.com/containous/traefik/issues/419)
+
+**Fixed bugs:**
+
+- consulCatalog issue when serviceName contains a dot [\#475](https://github.com/containous/traefik/issues/475)
+- Issue with empty responses [\#463](https://github.com/containous/traefik/issues/463)
+- Severe memory leak in beta.470 and beyond crashes Traefik server  [\#462](https://github.com/containous/traefik/issues/462)
+- Marathon that starts with a space causes parsing errors. [\#459](https://github.com/containous/traefik/issues/459)
+- A frontend route without a rule \(or empty rule\) causes a crash when traefik starts [\#453](https://github.com/containous/traefik/issues/453)
+- container dropped out when connecting to Docker Swarm [\#442](https://github.com/containous/traefik/issues/442)
+- Traefik setting Accept-Encoding: gzip on requests \(Traefik may also be broken with chunked responses\) [\#421](https://github.com/containous/traefik/issues/421)
+
+**Closed issues:**
+
+- HTTP headers case gets modified [\#466](https://github.com/containous/traefik/issues/466)
+- File frontend \> Marathon Backend [\#465](https://github.com/containous/traefik/issues/465)
+- Websocket: Unable to hijack the connection [\#452](https://github.com/containous/traefik/issues/452)
+- kubernetes: Received event spamming? [\#449](https://github.com/containous/traefik/issues/449)
+- kubernetes: backends not updated when i scale replication controller? [\#448](https://github.com/containous/traefik/issues/448)
+- Add href link on frontend [\#436](https://github.com/containous/traefik/issues/436)
+- Multiple Domains Rule [\#430](https://github.com/containous/traefik/issues/430)
+
+**Merged pull requests:**
+
+- Disable constraints in doc until 1.1 [\#479](https://github.com/containous/traefik/pull/479) ([emilevauge](https://github.com/emilevauge))
+- Sort nodes before creating consul catalog config [\#478](https://github.com/containous/traefik/pull/478) ([keis](https://github.com/keis))
+- Fix spamming events in listenProviders [\#477](https://github.com/containous/traefik/pull/477) ([emilevauge](https://github.com/emilevauge))
+- Fix empty responses [\#476](https://github.com/containous/traefik/pull/476) ([emilevauge](https://github.com/emilevauge))
+- Fix acme renew [\#472](https://github.com/containous/traefik/pull/472) ([emilevauge](https://github.com/emilevauge))
+- Fix typo in error message. [\#471](https://github.com/containous/traefik/pull/471) ([KevinBusse](https://github.com/KevinBusse))
+- Fix errors load config [\#470](https://github.com/containous/traefik/pull/470) ([emilevauge](https://github.com/emilevauge))
+- Typo: Replace French words by English ones [\#469](https://github.com/containous/traefik/pull/469) ([kumy](https://github.com/kumy))
+- Fix marathon TLS/basic auth [\#468](https://github.com/containous/traefik/pull/468) ([emilevauge](https://github.com/emilevauge))
+- Fix memory leak in listenProviders [\#464](https://github.com/containous/traefik/pull/464) ([emilevauge](https://github.com/emilevauge))
+- Fix websocket connection Hijack [\#460](https://github.com/containous/traefik/pull/460) ([emilevauge](https://github.com/emilevauge))
+- Fix default KV configuration [\#450](https://github.com/containous/traefik/pull/450) ([emilevauge](https://github.com/emilevauge))
+- Fix panic if listContainers fails… [\#443](https://github.com/containous/traefik/pull/443) ([vdemeester](https://github.com/vdemeester))
+- mount acme folder instead of file [\#441](https://github.com/containous/traefik/pull/441) ([NicolasGeraud](https://github.com/NicolasGeraud))
+- feat\(constraints\): Supports constraints for docker backend [\#438](https://github.com/containous/traefik/pull/438) ([samber](https://github.com/samber))
+
+## [v1.0.0-rc2](https://github.com/containous/traefik/tree/v1.0.0-rc2) (2016-06-07)
+[Full Changelog](https://github.com/containous/traefik/compare/v1.0.0-rc1...v1.0.0-rc2)
+
+**Implemented enhancements:**
+
+- Add @samber to maintainers [\#440](https://github.com/containous/traefik/pull/440) ([emilevauge](https://github.com/emilevauge))
+
+**Fixed bugs:**
+
+- Panic on help [\#429](https://github.com/containous/traefik/issues/429)
+- Bad default values in configuration [\#427](https://github.com/containous/traefik/issues/427)
+
+**Closed issues:**
+
+- Traefik doesn't listen on IPv4 ports [\#434](https://github.com/containous/traefik/issues/434)
+- Not listening on port 80 [\#432](https://github.com/containous/traefik/issues/432)
+- docs need updating for new frontend rules format [\#423](https://github.com/containous/traefik/issues/423)
+- Does traefik supports for Mac? \(For devlelopment\)  [\#417](https://github.com/containous/traefik/issues/417)
+
+**Merged pull requests:**
+
+- Allow multiple rules [\#435](https://github.com/containous/traefik/pull/435) ([fclaeys](https://github.com/fclaeys))
+- Add routes priorities [\#433](https://github.com/containous/traefik/pull/433) ([emilevauge](https://github.com/emilevauge))
+- Fix default configuration [\#428](https://github.com/containous/traefik/pull/428) ([emilevauge](https://github.com/emilevauge))
+- Fix marathon groups subdomain [\#426](https://github.com/containous/traefik/pull/426) ([emilevauge](https://github.com/emilevauge))
+- Fix travis tag check [\#422](https://github.com/containous/traefik/pull/422) ([emilevauge](https://github.com/emilevauge))
+- log info about TOML configuration file using [\#420](https://github.com/containous/traefik/pull/420) ([cocap10](https://github.com/cocap10))
+- Doc about skipping some integration tests with '-check.f ConsulCatalogSuite' [\#418](https://github.com/containous/traefik/pull/418) ([samber](https://github.com/samber))
+
+
+
+\* *This Change Log was automatically generated by [github_changelog_generator](https://github.com/skywinder/Github-Changelog-Generator)*
--- a/CODE_OF_CONDUCT.md
+++ b/CODE_OF_CONDUCT.md
@@ -0,0 +1,74 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+In the interest of fostering an open and welcoming environment, we as
+contributors and maintainers pledge to making participation in our project and
+our community a harassment-free experience for everyone, regardless of age, body
+size, disability, ethnicity, gender identity and expression, level of experience,
+nationality, personal appearance, race, religion, or sexual identity and
+orientation.
+
+## Our Standards
+
+Examples of behavior that contributes to creating a positive environment
+include:
+
+* Using welcoming and inclusive language
+* Being respectful of differing viewpoints and experiences
+* Gracefully accepting constructive criticism
+* Focusing on what is best for the community
+* Showing empathy towards other community members
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery and unwelcome sexual attention or
+advances
+* Trolling, insulting/derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or electronic
+  address, without explicit permission
+* Other conduct which could reasonably be considered inappropriate in a
+  professional setting
+
+## Our Responsibilities
+
+Project maintainers are responsible for clarifying the standards of acceptable
+behavior and are expected to take appropriate and fair corrective action in
+response to any instances of unacceptable behavior.
+
+Project maintainers have the right and responsibility to remove, edit, or
+reject comments, commits, code, wiki edits, issues, and other contributions
+that are not aligned to this Code of Conduct, or to ban temporarily or
+permanently any contributor for other behaviors that they deem inappropriate,
+threatening, offensive, or harmful.
+
+## Scope
+
+This Code of Conduct applies both within project spaces and in public spaces
+when an individual is representing the project or its community. Examples of
+representing a project or community include using an official project e-mail
+address, posting via an official social media account, or acting as an appointed
+representative at an online or offline event. Representation of a project may be
+further defined and clarified by project maintainers.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be
+reported by contacting the project team at contact@containo.us
+All complaints will be reviewed and investigated and will result in a response that
+is deemed necessary and appropriate to the circumstances. The project team is
+obligated to maintain confidentiality with regard to the reporter of an incident.
+Further details of specific enforcement policies may be posted separately.
+
+Project maintainers who do not follow or enforce the Code of Conduct in good
+faith may face temporary or permanent repercussions as determined by other
+members of the project's leadership.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
+available at [http://contributor-covenant.org/version/1/4][version]
+
+[homepage]: http://contributor-covenant.org
+[version]: http://contributor-covenant.org/version/1/4/
--- a/1
+++ b/1
@@ -1,4 +1,5 @@
 FROM scratch
 COPY script/ca-certificates.crt /etc/ssl/certs/
 COPY dist/traefik /
+EXPOSE 80
 ENTRYPOINT ["/traefik"]
--- a/LICENSE.md
+++ b/LICENSE.md
@@ -1,6 +1,6 @@
 The MIT License (MIT)

-Copyright (c) 2015 Emile Vauge, emile@vauge.com
+Copyright (c) 2016 Containous SAS, Emile Vauge, emile@vauge.com

 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
@@ -18,4 +18,4 @@ FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
-THE SOFTWARE.
+THE SOFTWARE.
--- a/62
+++ b/62
@@ -3,60 +3,63 @@
 TRAEFIK_ENVS := \
 	-e OS_ARCH_ARG \
 	-e OS_PLATFORM_ARG \
-	-e TESTFLAGS
+	-e TESTFLAGS \
+	-e VERBOSE \
+	-e VERSION \
+	-e CODENAME
+
+SRCS = $(shell git ls-files '*.go' | grep -v '^external/')

 BIND_DIR := "dist"
-TRAEFIK_MOUNT := -v "$(CURDIR)/$(BIND_DIR):/go/src/github.com/emilevauge/traefik/$(BIND_DIR)"
+TRAEFIK_MOUNT := -v "$(CURDIR)/$(BIND_DIR):/go/src/github.com/containous/traefik/$(BIND_DIR)"

-GIT_BRANCH := $(shell git rev-parse --abbrev-ref HEAD 2>/dev/null)
+GIT_BRANCH := $(subst heads/,,$(shell git rev-parse --abbrev-ref HEAD 2>/dev/null))
 TRAEFIK_DEV_IMAGE := traefik-dev$(if $(GIT_BRANCH),:$(GIT_BRANCH))
 REPONAME := $(shell echo $(REPO) | tr '[:upper:]' '[:lower:]')
-TRAEFIK_IMAGE := $(if $(REPONAME),$(REPONAME),"emilevauge/traefik")
+TRAEFIK_IMAGE := $(if $(REPONAME),$(REPONAME),"containous/traefik")
 INTEGRATION_OPTS := $(if $(MAKE_DOCKER_HOST),-e "DOCKER_HOST=$(MAKE_DOCKER_HOST)", -v "/var/run/docker.sock:/var/run/docker.sock")

-DOCKER_RUN_TRAEFIK := docker run $(if $(CIRCLECI),,--rm) $(INTEGRATION_OPTS) -it $(TRAEFIK_ENVS) $(TRAEFIK_MOUNT) "$(TRAEFIK_DEV_IMAGE)"
+DOCKER_BUILD_ARGS := $(if $(DOCKER_VERSION), "--build-arg=DOCKER_VERSION=$(DOCKER_VERSION)",)
+DOCKER_RUN_TRAEFIK := docker run $(INTEGRATION_OPTS) -it $(TRAEFIK_ENVS) $(TRAEFIK_MOUNT) "$(TRAEFIK_DEV_IMAGE)"

 print-%: ; @echo $*=$($*)

 default: binary

-all: build
+all: generate-webui build ## validate all checks, build linux binary, run all tests\ncross non-linux binaries
 	$(DOCKER_RUN_TRAEFIK) ./script/make.sh

-binary: build
+binary: generate-webui build ## build the linux binary
 	$(DOCKER_RUN_TRAEFIK) ./script/make.sh generate binary

-crossbinary: build
+crossbinary: generate-webui build ## cross build the non-linux binaries
 	$(DOCKER_RUN_TRAEFIK) ./script/make.sh generate crossbinary

-test: build
+test: build ## run the unit and integration tests
 	$(DOCKER_RUN_TRAEFIK) ./script/make.sh generate test-unit binary test-integration

-test-unit: build
+test-unit: build ## run the unit tests
 	$(DOCKER_RUN_TRAEFIK) ./script/make.sh generate test-unit

-test-integration: build
+test-integration: build ## run the integration tests
 	$(DOCKER_RUN_TRAEFIK) ./script/make.sh generate test-integration

-validate: build
-	$(DOCKER_RUN_TRAEFIK) ./script/make.sh validate-gofmt validate-govet
-
-validate-gofmt: build
-	$(DOCKER_RUN_TRAEFIK) ./script/make.sh validate-gofmt
-
-validate-govet: build
-	$(DOCKER_RUN_TRAEFIK) ./script/make.sh validate-govet
+validate: build  ## validate gofmt, golint and go vet
+	$(DOCKER_RUN_TRAEFIK) ./script/make.sh  validate-glide validate-gofmt validate-govet validate-golint validate-misspell

 build: dist
-	docker build -t "$(TRAEFIK_DEV_IMAGE)" -f build.Dockerfile .
+	docker build $(DOCKER_BUILD_ARGS) -t "$(TRAEFIK_DEV_IMAGE)" -f build.Dockerfile .
+
+build-webui:
+	docker build -t traefik-webui -f webui/Dockerfile webui

 build-no-cache: dist
 	docker build --no-cache -t "$(TRAEFIK_DEV_IMAGE)" -f build.Dockerfile .

-shell: build
+shell: build ## start a shell inside the build env
 	$(DOCKER_RUN_TRAEFIK) /bin/bash

-image: build
+image: build ## build a docker traefik image 
 	docker build -t $(TRAEFIK_IMAGE) .

 dist:
@@ -66,3 +69,18 @@ run-dev:
 	go generate
 	go build
 	./traefik
+
+generate-webui: build-webui
+	if [ ! -d "static" ]; then \
+		mkdir -p static; \
+		docker run --rm -v "$$PWD/static":'/src/static' traefik-webui npm run build; \
+		echo 'For more informations show `webui/readme.md`' > $$PWD/static/DONT-EDIT-FILES-IN-THIS-DIRECTORY.md; \
+	fi
+
+lint:
+	script/validate-golint
+
+fmt:
+	gofmt -s -l -w $(SRCS)
+help: ## this help
+	@awk 'BEGIN {FS = ":.*?## "} /^[a-zA-Z_-]+:.*?## / {sub("\\\\n",sprintf("\n%22c"," "), $$2);printf "\033[36m%-20s\033[0m %s\n", $$1, $$2}' $(MAKEFILE_LIST)
--- a/README.md
+++ b/README.md
@@ -1,38 +1,80 @@
-![Træfɪk](http://traefik.github.io/traefik.logo.svg  "Træfɪk")
-___

-[![Circle CI](https://circleci.com/gh/emilevauge/traefik.svg?style=shield&circle-token=:circle-token)](https://circleci.com/gh/emilevauge/traefik)
-[![License](https://img.shields.io/badge/license-MIT-blue.svg)](https://github.com/EmileVauge/traefik/blob/master/LICENSE.md)
+<p align="center">
+<img src="docs/img/traefik.logo.png" alt="Træfɪk" title="Træfɪk" />
+</p>
+
+[![Build Status](https://travis-ci.org/containous/traefik.svg?branch=master)](https://travis-ci.org/containous/traefik)
+[![Docs](https://img.shields.io/badge/docs-current-brightgreen.svg)](https://docs.traefik.io)
+[![Go Report Card](https://goreportcard.com/badge/containous/traefik)](http://goreportcard.com/report/containous/traefik)
+[![](https://images.microbadger.com/badges/image/traefik.svg)](https://microbadger.com/images/traefik)
+[![License](https://img.shields.io/badge/license-MIT-blue.svg)](https://github.com/containous/traefik/blob/master/LICENSE.md)
 [![Join the chat at https://traefik.herokuapp.com](https://img.shields.io/badge/style-register-green.svg?style=social&label=Slack)](https://traefik.herokuapp.com)
+[![Twitter](https://img.shields.io/twitter/follow/traefikproxy.svg?style=social)](https://twitter.com/intent/follow?screen_name=traefikproxy)


-Træfɪk is a modern HTTP reverse proxy and load balancer made to deploy microservices with ease.
-It supports several backends ([Docker :whale:](https://www.docker.com/), [Mesos/Marathon](https://mesosphere.github.io/marathon/), [Consul](https://consul.io/), [Etcd](https://coreos.com/etcd/), [Zookeeper](https://zookeeper.apache.org), [BoltDB](https://github.com/boltdb/bolt), Rest API, file...) to manage its configuration automatically and dynamically.
+Træfɪk (pronounced like [traffic](https://speak-ipa.bearbin.net/speak.cgi?speak=%CB%88tr%C3%A6f%C9%AAk)) is a modern HTTP reverse proxy and load balancer made to deploy microservices with ease.
+It supports several backends ([Docker](https://www.docker.com/), [Swarm](https://docs.docker.com/swarm), [Kubernetes](http://kubernetes.io), [Marathon](https://mesosphere.github.io/marathon/), [Mesos](https://github.com/apache/mesos), [Consul](https://www.consul.io/), [Etcd](https://coreos.com/etcd/), [Zookeeper](https://zookeeper.apache.org), [BoltDB](https://github.com/boltdb/bolt), [Eureka](https://github.com/Netflix/eureka), Rest API, file...) to manage its configuration automatically and dynamically.
+
+## Overview
+
+Imagine that you have deployed a bunch of microservices on your infrastructure. You probably used a service registry (like etcd or consul) and/or an orchestrator (swarm, Mesos/Marathon) to manage all these services.
+If you want your users to access some of your microservices from the Internet, you will have to use a reverse proxy and configure it using virtual hosts or prefix paths:
+
+- domain `api.domain.com` will point the microservice `api` in your private network
+- path `domain.com/web` will point the microservice `web` in your private network
+- domain `backoffice.domain.com` will point the microservices `backoffice` in your private network, load-balancing between your multiple instances
+
+But a microservices architecture is dynamic... Services are added, removed, killed or upgraded often, eventually several times a day.
+
+Traditional reverse-proxies are not natively dynamic. You can't change their configuration and hot-reload easily.
+
+Here enters Træfɪk.
+
+![Architecture](docs/img/architecture.png)
+
+Træfɪk can listen to your service registry/orchestrator API, and knows each time a microservice is added, removed, killed or upgraded, and can generate its configuration automatically.
+Routes to your services will be created instantly.
+
+Run it and forget it!
+  
+  


 ## Features

+- [It's fast](http://docs.traefik.io/benchmarks)
 - No dependency hell, single binary made with go
- Simple json Rest API
- Simple TOML file configuration
- Multiple backends supported: Docker, Mesos/Marathon, Consul, Etcd, and more to come
- Watchers for backends, can listen change in backends to apply a new configuration automatically
+- Rest API
+- Multiple backends supported: Docker, Swarm, Kubernetes, Marathon, Mesos, Consul, Etcd, and more to come
+- Watchers for backends, can listen for changes in backends to apply a new configuration automatically
 - Hot-reloading of configuration. No need to restart the process
- Graceful shutdown http connections during hot-reloads
+- Graceful shutdown http connections
 - Circuit breakers on backends
 - Round Robin, rebalancer load-balancers
 - Rest Metrics
- Tiny docker image included
+- [Tiny](https://microbadger.com/images/traefik) [official](https://hub.docker.com/r/_/traefik/) docker image included
 - SSL backends support
- SSL frontend support
+- SSL frontend support (with SNI)
 - Clean AngularJS Web UI
 - Websocket support
+- HTTP/2 support
+- Retry request if network error
+- [Let's Encrypt](https://letsencrypt.org) support (Automatic HTTPS with renewal)
+- High Availability with cluster mode

-## Demo
+## Quickstart

-Here is a demo of Træfɪk using Docker backend, showing a load-balancing between two servers, hot reloading of configuration, and graceful shutdown.
+You can have a quick look at Træfɪk in this [Katacoda tutorial](https://www.katacoda.com/courses/traefik/deploy-load-balancer) that shows how to load balance requests between multiple Docker containers.

-[![asciicast](https://asciinema.org/a/4tcyde7riou5vxulo6my3mtko.png)](https://asciinema.org/a/4tcyde7riou5vxulo6my3mtko)
+Here is a talk given by [Ed Robinson](https://github.com/errm) at the [ContainerCamp UK](https://container.camp) conference.
+You will learn fundamental Træfɪk features and see some demos with Kubernetes.
+
+[![Traefik ContainerCamp UK](http://img.youtube.com/vi/aFtpIShV60I/0.jpg)](https://www.youtube.com/watch?v=aFtpIShV60I)
+
+Here is a talk (in French) given by [Emile Vauge](https://github.com/emilevauge) at the [Devoxx France 2016](http://www.devoxx.fr) conference. 
+You will learn fundamental Træfɪk features and see some demos with Docker, Mesos/Marathon and Let's Encrypt. 
+
+[![Traefik Devoxx France](http://img.youtube.com/vi/QvAz9mVx5TI/0.jpg)](http://www.youtube.com/watch?v=QvAz9mVx5TI)

 ## Web UI

@@ -43,114 +85,85 @@ You can access to a simple HTML frontend of Træfik.

 ## Plumbing

- [Oxy](https://github.com/mailgun/oxy/): an awsome proxy library made by Mailgun guys
+- [Oxy](https://github.com/vulcand/oxy): an awesome proxy library made by Mailgun guys
 - [Gorilla mux](https://github.com/gorilla/mux): famous request router
 - [Negroni](https://github.com/codegangsta/negroni): web middlewares made simple
 - [Manners](https://github.com/mailgun/manners): graceful shutdown of http.Handler servers
+- [Lego](https://github.com/xenolf/lego): the best [Let's Encrypt](https://letsencrypt.org) library in go

-## Quick start
+## Test it

- The simple way: grab the latest binary from the [releases](https://github.com/emilevauge/traefik/releases) page and just run it with the [sample configuration file](https://raw.githubusercontent.com/EmileVauge/traefik/master/traefik.sample.toml):
+- The simple way: grab the latest binary from the [releases](https://github.com/containous/traefik/releases) page and just run it with the [sample configuration file](https://raw.githubusercontent.com/containous/traefik/master/traefik.sample.toml):

 ```shell
-./traefik traefik.toml
+./traefik --configFile=traefik.toml
 ```

 - Use the tiny Docker image:

 ```shell
-docker run -d -p 8080:8080 -p 80:80 -v $PWD/traefik.toml:/traefik.toml emilevauge/traefik
+docker run -d -p 8080:8080 -p 80:80 -v $PWD/traefik.toml:/etc/traefik/traefik.toml traefik
 ```

 - From sources:

 ```shell
-git clone https://github.com/EmileVauge/traefik
+git clone https://github.com/containous/traefik
 ```

 ## Documentation

-You can find the complete documentation [here](docs/index.md).
-
-## Benchmarks
-
-Refer to the [benchmarks section](docs/index.md#benchmarks) in the documentation.
+You can find the complete documentation [here](https://docs.traefik.io).

 ## Contributing

-### Building
+Please refer to [this section](.github/CONTRIBUTING.md).

-You need either [Docker](https://github.com/docker/docker) and `make`, or `go` and `glide` in order to build traefik.
+## Code Of Conduct

-#### Setting up your `go` environment
- You need `go` v1.5
- You need to set `export GO15VENDOREXPERIMENT=1` environment variable
- You need `go-bindata` to be able to use `go generate` command (needed to build) : `go get github.com/jteeuwen/go-bindata/...`.
- If you clone Træfɪk into something like `~/go/src/github.com/traefik`, your `GOPATH` variable will have to be set to `~/go`: export `GOPATH=~/go`.
+Please note that this project is released with a [Contributor Code of Conduct](CODE_OF_CONDUCT.md). By participating in this project you agree to abide by its terms.

-#### Using `Docker` and `Makefile`
+## Support

-You need to run the `binary` target. This will create binaries for
-linux platform in the `dist` folder.
+You can join [![Join the chat at https://traefik.herokuapp.com](https://img.shields.io/badge/style-register-green.svg?style=social&label=Slack)](https://traefik.herokuapp.com) to get basic support.
+If you prefer commercial support, please contact [containo.us](https://containo.us) by mail: <mailto:support@containo.us>.

-```bash
-$ make binary
-docker build -t "traefik-dev:no-more-godep-ever" -f build.Dockerfile .
-Sending build context to Docker daemon 295.3 MB
-Step 0 : FROM golang:1.5
- ---> 8c6473912976
-Step 1 : RUN go get github.com/Masterminds/glide
-[...]
-docker run --rm  -v "/var/run/docker.sock:/var/run/docker.sock" -it -e OS_ARCH_ARG -e OS_PLATFORM_ARG -e TESTFLAGS -v "/home/emile/dev/go/src/github.com/emilevauge/traefik/"dist":/go/src/github.com/emilevauge/traefik/"dist"" "traefik-dev:no-more-godep-ever" ./script/make.sh generate binary
---> Making bundle: generate (in .)
-removed 'gen.go'
+## Træfɪk here and there

---> Making bundle: binary (in .)
+These projects use Træfɪk internally. If your company uses Træfɪk, we would be glad to get your feedback :) Contact us on [![Join the chat at https://traefik.herokuapp.com](https://img.shields.io/badge/style-register-green.svg?style=social&label=Slack)](https://traefik.herokuapp.com)

-$ ls dist/
-traefik*
-```
+- Project [Mantl](https://mantl.io/) from Cisco

-#### Using `glide`
+![Web UI Providers](docs/img/mantl-logo.png)
+> Mantl is a modern platform for rapidly deploying globally distributed services. A container orchestrator, docker, a network stack, something to pool your logs, something to monitor health, a sprinkle of service discovery and some automation.

-The idea behind `glide` is the following :
+- Project [Apollo](http://capgemini.github.io/devops/apollo/) from Cap Gemini

- when checkout(ing) a project, **run `glide up`** to install
-  (`go get …`) the dependencies in the `GOPATH`.
- if you need another dependency, import and use it in
-  the source, and **run `glide get github.com/Masterminds/cookoo`** to save it in
-  `vendor` and add it to your `glide.yaml`.
+![Web UI Providers](docs/img/apollo-logo.png)
+> Apollo is an open source project to aid with building and deploying IAAS and PAAS services. It is particularly geared towards managing containerized applications across multiple hosts, and big data type workloads. Apollo leverages other open source components to provide basic mechanisms for deployment, maintenance, and scaling of infrastructure and applications.

-```bash
-$ glide up --update-vendored
-# generate
-$ go generate
-# Simple go build
-$ go build
-# Using gox to build multiple platform
-$ gox "linux darwin" "386 amd64 arm" \
-    -output="dist/traefik_{{.OS}}-{{.Arch}}"
-# run other commands like tests
-$ go test ./...
-ok      _/home/vincent/src/github/vdemeester/traefik    0.004s
-```
+## Partners

-### Tests
+[![Zenika](docs/img/zenika.logo.png)](https://zenika.com)

-You can run unit tests using the `test-unit` target and the
-integration test using the `test-integration` target.
+Zenika is one of the leading providers of professional Open Source services and agile methodologies in
+Europe. We provide consulting, development, training and support for the world’s leading Open Source
+software products.

-```bash
-$ make test-unit
-docker build -t "traefik-dev:your-feature-branch" -f build.Dockerfile .
-# […]
-docker run --rm -it -e OS_ARCH_ARG -e OS_PLATFORM_ARG -e TESTFLAGS -v "/home/vincent/src/github/vdemeester/traefik/dist:/go/src/github.com/emilevauge/traefik/dist" "traefik-dev:your-feature-branch" ./script/make.sh generate test-unit
---> Making bundle: generate (in .)
-removed 'gen.go'

---> Making bundle: test-unit (in .)
-+ go test -cover -coverprofile=cover.out .
-ok      github.com/emilevauge/traefik   0.005s  coverage: 4.1% of statements
+[![Asteris](docs/img/asteris.logo.png)](https://aster.is)

-Test success
-```
+Founded in 2014, Asteris creates next-generation infrastructure software for the modern datacenter. Asteris writes software that makes it easy for companies to implement continuous delivery and realtime data pipelines. We support the HashiCorp stack, along with Kubernetes, Apache Mesos, Spark and Kafka. We're core committers on mantl.io, consul-cli and mesos-consul.
+
+## Maintainers
+
+- Emile Vauge [@emilevauge](https://github.com/emilevauge)
+- Vincent Demeester [@vdemeester](https://github.com/vdemeester)
+- Russell Clare [@Russell-IO](https://github.com/Russell-IO)
+- Ed Robinson [@errm](https://github.com/errm)
+- Daniel Tomcej [@dtomcej](https://github.com/dtomcej)
+- Manuel Laufenberg [@SantoDE](https://github.com/SantoDE)
+
+## Credits
+
+Kudos to [Peka](http://peka.byethost11.com/photoblog/) for his awesome work on the logo ![logo](docs/img/traefik.icon.png)
--- a/acme/account.go
+++ b/acme/account.go
@@ -0,0 +1,245 @@
+package acme
+
+import (
+	"crypto"
+	"crypto/rand"
+	"crypto/rsa"
+	"crypto/tls"
+	"crypto/x509"
+	"errors"
+	"reflect"
+	"sort"
+	"strings"
+	"sync"
+	"time"
+
+	"github.com/containous/traefik/log"
+	"github.com/xenolf/lego/acme"
+)
+
+// Account is used to store lets encrypt registration info
+type Account struct {
+	Email              string
+	Registration       *acme.RegistrationResource
+	PrivateKey         []byte
+	DomainsCertificate DomainsCertificates
+	ChallengeCerts     map[string]*ChallengeCert
+}
+
+// ChallengeCert stores a challenge certificate
+type ChallengeCert struct {
+	Certificate []byte
+	PrivateKey  []byte
+	certificate *tls.Certificate
+}
+
+// Init inits acccount struct
+func (a *Account) Init() error {
+	err := a.DomainsCertificate.Init()
+	if err != nil {
+		return err
+	}
+
+	for _, cert := range a.ChallengeCerts {
+		if cert.certificate == nil {
+			certificate, err := tls.X509KeyPair(cert.Certificate, cert.PrivateKey)
+			if err != nil {
+				return err
+			}
+			cert.certificate = &certificate
+		}
+		if cert.certificate.Leaf == nil {
+			leaf, err := x509.ParseCertificate(cert.certificate.Certificate[0])
+			if err != nil {
+				return err
+			}
+			cert.certificate.Leaf = leaf
+		}
+	}
+	return nil
+}
+
+// NewAccount creates an account
+func NewAccount(email string) (*Account, error) {
+	// Create a user. New accounts need an email and private key to start
+	privateKey, err := rsa.GenerateKey(rand.Reader, 4096)
+	if err != nil {
+		return nil, err
+	}
+	domainsCerts := DomainsCertificates{Certs: []*DomainsCertificate{}}
+	domainsCerts.Init()
+	return &Account{
+		Email:              email,
+		PrivateKey:         x509.MarshalPKCS1PrivateKey(privateKey),
+		DomainsCertificate: DomainsCertificates{Certs: domainsCerts.Certs},
+		ChallengeCerts:     map[string]*ChallengeCert{}}, nil
+}
+
+// GetEmail returns email
+func (a *Account) GetEmail() string {
+	return a.Email
+}
+
+// GetRegistration returns lets encrypt registration resource
+func (a *Account) GetRegistration() *acme.RegistrationResource {
+	return a.Registration
+}
+
+// GetPrivateKey returns private key
+func (a *Account) GetPrivateKey() crypto.PrivateKey {
+	if privateKey, err := x509.ParsePKCS1PrivateKey(a.PrivateKey); err == nil {
+		return privateKey
+	}
+	log.Errorf("Cannot unmarshall private key %+v", a.PrivateKey)
+	return nil
+}
+
+// Certificate is used to store certificate info
+type Certificate struct {
+	Domain        string
+	CertURL       string
+	CertStableURL string
+	PrivateKey    []byte
+	Certificate   []byte
+}
+
+// DomainsCertificates stores a certificate for multiple domains
+type DomainsCertificates struct {
+	Certs []*DomainsCertificate
+	lock  sync.RWMutex
+}
+
+func (dc *DomainsCertificates) Len() int {
+	return len(dc.Certs)
+}
+
+func (dc *DomainsCertificates) Swap(i, j int) {
+	dc.Certs[i], dc.Certs[j] = dc.Certs[j], dc.Certs[i]
+}
+
+func (dc *DomainsCertificates) Less(i, j int) bool {
+	if reflect.DeepEqual(dc.Certs[i].Domains, dc.Certs[j].Domains) {
+		return dc.Certs[i].tlsCert.Leaf.NotAfter.After(dc.Certs[j].tlsCert.Leaf.NotAfter)
+	}
+	if dc.Certs[i].Domains.Main == dc.Certs[j].Domains.Main {
+		return strings.Join(dc.Certs[i].Domains.SANs, ",") < strings.Join(dc.Certs[j].Domains.SANs, ",")
+	}
+	return dc.Certs[i].Domains.Main < dc.Certs[j].Domains.Main
+}
+
+func (dc *DomainsCertificates) removeDuplicates() {
+	sort.Sort(dc)
+	for i := 0; i < len(dc.Certs); i++ {
+		for i2 := i + 1; i2 < len(dc.Certs); i2++ {
+			if reflect.DeepEqual(dc.Certs[i].Domains, dc.Certs[i2].Domains) {
+				// delete
+				log.Warnf("Remove duplicate cert: %+v, expiration :%s", dc.Certs[i2].Domains, dc.Certs[i2].tlsCert.Leaf.NotAfter.String())
+				dc.Certs = append(dc.Certs[:i2], dc.Certs[i2+1:]...)
+				i2--
+			}
+		}
+	}
+}
+
+// Init inits DomainsCertificates
+func (dc *DomainsCertificates) Init() error {
+	dc.lock.Lock()
+	defer dc.lock.Unlock()
+	for _, domainsCertificate := range dc.Certs {
+		tlsCert, err := tls.X509KeyPair(domainsCertificate.Certificate.Certificate, domainsCertificate.Certificate.PrivateKey)
+		if err != nil {
+			return err
+		}
+		domainsCertificate.tlsCert = &tlsCert
+		if domainsCertificate.tlsCert.Leaf == nil {
+			leaf, err := x509.ParseCertificate(domainsCertificate.tlsCert.Certificate[0])
+			if err != nil {
+				return err
+			}
+			domainsCertificate.tlsCert.Leaf = leaf
+		}
+	}
+	dc.removeDuplicates()
+	return nil
+}
+
+func (dc *DomainsCertificates) renewCertificates(acmeCert *Certificate, domain Domain) error {
+	dc.lock.Lock()
+	defer dc.lock.Unlock()
+
+	for _, domainsCertificate := range dc.Certs {
+		if reflect.DeepEqual(domain, domainsCertificate.Domains) {
+			tlsCert, err := tls.X509KeyPair(acmeCert.Certificate, acmeCert.PrivateKey)
+			if err != nil {
+				return err
+			}
+			domainsCertificate.Certificate = acmeCert
+			domainsCertificate.tlsCert = &tlsCert
+			return nil
+		}
+	}
+	return errors.New("Certificate to renew not found for domain " + domain.Main)
+}
+
+func (dc *DomainsCertificates) addCertificateForDomains(acmeCert *Certificate, domain Domain) (*DomainsCertificate, error) {
+	dc.lock.Lock()
+	defer dc.lock.Unlock()
+
+	tlsCert, err := tls.X509KeyPair(acmeCert.Certificate, acmeCert.PrivateKey)
+	if err != nil {
+		return nil, err
+	}
+	cert := DomainsCertificate{Domains: domain, Certificate: acmeCert, tlsCert: &tlsCert}
+	dc.Certs = append(dc.Certs, &cert)
+	return &cert, nil
+}
+
+func (dc *DomainsCertificates) getCertificateForDomain(domainToFind string) (*DomainsCertificate, bool) {
+	dc.lock.RLock()
+	defer dc.lock.RUnlock()
+	for _, domainsCertificate := range dc.Certs {
+		domains := []string{}
+		domains = append(domains, domainsCertificate.Domains.Main)
+		domains = append(domains, domainsCertificate.Domains.SANs...)
+		for _, domain := range domains {
+			if domain == domainToFind {
+				return domainsCertificate, true
+			}
+		}
+	}
+	return nil, false
+}
+
+func (dc *DomainsCertificates) exists(domainToFind Domain) (*DomainsCertificate, bool) {
+	dc.lock.RLock()
+	defer dc.lock.RUnlock()
+	for _, domainsCertificate := range dc.Certs {
+		if reflect.DeepEqual(domainToFind, domainsCertificate.Domains) {
+			return domainsCertificate, true
+		}
+	}
+	return nil, false
+}
+
+// DomainsCertificate contains a certificate for multiple domains
+type DomainsCertificate struct {
+	Domains     Domain
+	Certificate *Certificate
+	tlsCert     *tls.Certificate
+}
+
+func (dc *DomainsCertificate) needRenew() bool {
+	for _, c := range dc.tlsCert.Certificate {
+		crt, err := x509.ParseCertificate(c)
+		if err != nil {
+			// If there's an error, we assume the cert is broken, and needs update
+			return true
+		}
+		// <= 30 days left, renew certificate
+		if crt.NotAfter.Before(time.Now().Add(time.Duration(24 * 30 * time.Hour))) {
+			return true
+		}
+	}
+
+	return false
+}
--- a/acme/acme.go
+++ b/acme/acme.go
@@ -0,0 +1,607 @@
+package acme
+
+import (
+	"context"
+	"crypto/tls"
+	"errors"
+	"fmt"
+	"io/ioutil"
+	fmtlog "log"
+	"os"
+	"regexp"
+	"strings"
+	"time"
+
+	"github.com/BurntSushi/ty/fun"
+	"github.com/cenk/backoff"
+	"github.com/containous/staert"
+	"github.com/containous/traefik/cluster"
+	"github.com/containous/traefik/log"
+	"github.com/containous/traefik/safe"
+	"github.com/containous/traefik/types"
+	"github.com/eapache/channels"
+	"github.com/xenolf/lego/acme"
+	"github.com/xenolf/lego/providers/dns"
+)
+
+var (
+	// OSCPMustStaple enables OSCP stapling as from https://github.com/xenolf/lego/issues/270
+	OSCPMustStaple = false
+)
+
+// ACME allows to connect to lets encrypt and retrieve certs
+type ACME struct {
+	Email               string   `description:"Email address used for registration"`
+	Domains             []Domain `description:"SANs (alternative domains) to each main domain using format: --acme.domains='main.com,san1.com,san2.com' --acme.domains='main.net,san1.net,san2.net'"`
+	Storage             string   `description:"File or key used for certificates storage."`
+	StorageFile         string   // deprecated
+	OnDemand            bool     `description:"Enable on demand certificate. This will request a certificate from Let's Encrypt during the first TLS handshake for a hostname that does not yet have a certificate."`
+	OnHostRule          bool     `description:"Enable certificate generation on frontends Host rules."`
+	CAServer            string   `description:"CA server to use."`
+	EntryPoint          string   `description:"Entrypoint to proxy acme challenge to."`
+	DNSProvider         string   `description:"Use a DNS based challenge provider rather than HTTPS."`
+	DelayDontCheckDNS   int      `description:"Assume DNS propagates after a delay in seconds rather than finding and querying nameservers."`
+	ACMELogging         bool     `description:"Enable debug logging of ACME actions."`
+	client              *acme.Client
+	defaultCertificate  *tls.Certificate
+	store               cluster.Store
+	challengeProvider   *challengeProvider
+	checkOnDemandDomain func(domain string) bool
+	jobs                *channels.InfiniteChannel
+	TLSConfig           *tls.Config `description:"TLS config in case wildcard certs are used"`
+}
+
+//Domains parse []Domain
+type Domains []Domain
+
+//Set []Domain
+func (ds *Domains) Set(str string) error {
+	fargs := func(c rune) bool {
+		return c == ',' || c == ';'
+	}
+	// get function
+	slice := strings.FieldsFunc(str, fargs)
+	if len(slice) < 1 {
+		return fmt.Errorf("Parse error ACME.Domain. Imposible to parse %s", str)
+	}
+	d := Domain{
+		Main: slice[0],
+		SANs: []string{},
+	}
+	if len(slice) > 1 {
+		d.SANs = slice[1:]
+	}
+	*ds = append(*ds, d)
+	return nil
+}
+
+//Get []Domain
+func (ds *Domains) Get() interface{} { return []Domain(*ds) }
+
+//String returns []Domain in string
+func (ds *Domains) String() string { return fmt.Sprintf("%+v", *ds) }
+
+//SetValue sets []Domain into the parser
+func (ds *Domains) SetValue(val interface{}) {
+	*ds = Domains(val.([]Domain))
+}
+
+// Domain holds a domain name with SANs
+type Domain struct {
+	Main string
+	SANs []string
+}
+
+func (a *ACME) init() error {
+	if a.ACMELogging {
+		acme.Logger = fmtlog.New(os.Stderr, "legolog: ", fmtlog.LstdFlags)
+	} else {
+		acme.Logger = fmtlog.New(ioutil.Discard, "", 0)
+	}
+	// no certificates in TLS config, so we add a default one
+	cert, err := generateDefaultCertificate()
+	if err != nil {
+		return err
+	}
+	a.defaultCertificate = cert
+	// TODO: to remove in the futurs
+	if len(a.StorageFile) > 0 && len(a.Storage) == 0 {
+		log.Warnf("ACME.StorageFile is deprecated, use ACME.Storage instead")
+		a.Storage = a.StorageFile
+	}
+	a.jobs = channels.NewInfiniteChannel()
+	return nil
+}
+
+// CreateClusterConfig creates a tls.config using ACME configuration in cluster mode
+func (a *ACME) CreateClusterConfig(leadership *cluster.Leadership, tlsConfig *tls.Config, checkOnDemandDomain func(domain string) bool) error {
+	err := a.init()
+	if err != nil {
+		return err
+	}
+	if len(a.Storage) == 0 {
+		return errors.New("Empty Store, please provide a key for certs storage")
+	}
+	a.checkOnDemandDomain = checkOnDemandDomain
+	tlsConfig.Certificates = append(tlsConfig.Certificates, *a.defaultCertificate)
+	tlsConfig.GetCertificate = a.getCertificate
+	a.TLSConfig = tlsConfig
+	listener := func(object cluster.Object) error {
+		account := object.(*Account)
+		account.Init()
+		if !leadership.IsLeader() {
+			a.client, err = a.buildACMEClient(account)
+			if err != nil {
+				log.Errorf("Error building ACME client %+v: %s", object, err.Error())
+			}
+		}
+		return nil
+	}
+
+	datastore, err := cluster.NewDataStore(
+		leadership.Pool.Ctx(),
+		staert.KvSource{
+			Store:  leadership.Store,
+			Prefix: a.Storage,
+		},
+		&Account{},
+		listener)
+	if err != nil {
+		return err
+	}
+
+	a.store = datastore
+	a.challengeProvider = &challengeProvider{store: a.store}
+
+	ticker := time.NewTicker(24 * time.Hour)
+	leadership.Pool.AddGoCtx(func(ctx context.Context) {
+		log.Infof("Starting ACME renew job...")
+		defer log.Infof("Stopped ACME renew job...")
+		for {
+			select {
+			case <-ctx.Done():
+				return
+			case <-ticker.C:
+				a.renewCertificates()
+			}
+		}
+	})
+
+	leadership.AddListener(func(elected bool) error {
+		if elected {
+			object, err := a.store.Load()
+			if err != nil {
+				return err
+			}
+			transaction, object, err := a.store.Begin()
+			if err != nil {
+				return err
+			}
+			account := object.(*Account)
+			account.Init()
+			var needRegister bool
+			if account == nil || len(account.Email) == 0 {
+				account, err = NewAccount(a.Email)
+				if err != nil {
+					return err
+				}
+				needRegister = true
+			}
+			if err != nil {
+				return err
+			}
+			a.client, err = a.buildACMEClient(account)
+			if err != nil {
+				return err
+			}
+			if needRegister {
+				// New users will need to register; be sure to save it
+				log.Debugf("Register...")
+				reg, err := a.client.Register()
+				if err != nil {
+					return err
+				}
+				account.Registration = reg
+			}
+			// The client has a URL to the current Let's Encrypt Subscriber
+			// Agreement. The user will need to agree to it.
+			log.Debugf("AgreeToTOS...")
+			err = a.client.AgreeToTOS()
+			if err != nil {
+				// Let's Encrypt Subscriber Agreement renew ?
+				reg, err := a.client.QueryRegistration()
+				if err != nil {
+					return err
+				}
+				account.Registration = reg
+				err = a.client.AgreeToTOS()
+				if err != nil {
+					log.Errorf("Error sending ACME agreement to TOS: %+v: %s", account, err.Error())
+				}
+			}
+			err = transaction.Commit(account)
+			if err != nil {
+				return err
+			}
+
+			a.retrieveCertificates()
+			a.renewCertificates()
+			a.runJobs()
+		}
+		return nil
+	})
+	return nil
+}
+
+// CreateLocalConfig creates a tls.config using local ACME configuration
+func (a *ACME) CreateLocalConfig(tlsConfig *tls.Config, checkOnDemandDomain func(domain string) bool) error {
+	err := a.init()
+	if err != nil {
+		return err
+	}
+	if len(a.Storage) == 0 {
+		return errors.New("Empty Store, please provide a filename for certs storage")
+	}
+	a.checkOnDemandDomain = checkOnDemandDomain
+	tlsConfig.Certificates = append(tlsConfig.Certificates, *a.defaultCertificate)
+	tlsConfig.GetCertificate = a.getCertificate
+	a.TLSConfig = tlsConfig
+	localStore := NewLocalStore(a.Storage)
+	a.store = localStore
+	a.challengeProvider = &challengeProvider{store: a.store}
+
+	var needRegister bool
+	var account *Account
+
+	if fileInfo, fileErr := os.Stat(a.Storage); fileErr == nil && fileInfo.Size() != 0 {
+		log.Infof("Loading ACME Account...")
+		// load account
+		object, err := localStore.Load()
+		if err != nil {
+			return err
+		}
+		account = object.(*Account)
+	} else {
+		log.Infof("Generating ACME Account...")
+		account, err = NewAccount(a.Email)
+		if err != nil {
+			return err
+		}
+		needRegister = true
+	}
+
+	a.client, err = a.buildACMEClient(account)
+	if err != nil {
+		return err
+	}
+
+	if needRegister {
+		// New users will need to register; be sure to save it
+		log.Infof("Register...")
+		reg, err := a.client.Register()
+		if err != nil {
+			return err
+		}
+		account.Registration = reg
+	}
+
+	// The client has a URL to the current Let's Encrypt Subscriber
+	// Agreement. The user will need to agree to it.
+	log.Debugf("AgreeToTOS...")
+	err = a.client.AgreeToTOS()
+	if err != nil {
+		// Let's Encrypt Subscriber Agreement renew ?
+		reg, err := a.client.QueryRegistration()
+		if err != nil {
+			return err
+		}
+		account.Registration = reg
+		err = a.client.AgreeToTOS()
+		if err != nil {
+			log.Errorf("Error sending ACME agreement to TOS: %+v: %s", account, err.Error())
+		}
+	}
+	// save account
+	transaction, _, err := a.store.Begin()
+	if err != nil {
+		return err
+	}
+	err = transaction.Commit(account)
+	if err != nil {
+		return err
+	}
+
+	a.retrieveCertificates()
+	a.renewCertificates()
+	a.runJobs()
+
+	ticker := time.NewTicker(24 * time.Hour)
+	safe.Go(func() {
+		for range ticker.C {
+			a.renewCertificates()
+		}
+
+	})
+	return nil
+}
+
+func (a *ACME) getCertificate(clientHello *tls.ClientHelloInfo) (*tls.Certificate, error) {
+	domain := types.CanonicalDomain(clientHello.ServerName)
+	account := a.store.Get().(*Account)
+	//use regex to test for wildcard certs that might have been added into TLSConfig
+	for k := range a.TLSConfig.NameToCertificate {
+		selector := "^" + strings.Replace(k, "*.", ".*\\.?", -1) + "$"
+		match, _ := regexp.MatchString(selector, domain)
+		if match {
+			return a.TLSConfig.NameToCertificate[k], nil
+		}
+	}
+	if challengeCert, ok := a.challengeProvider.getCertificate(domain); ok {
+		log.Debugf("ACME got challenge %s", domain)
+		return challengeCert, nil
+	}
+	if domainCert, ok := account.DomainsCertificate.getCertificateForDomain(domain); ok {
+		log.Debugf("ACME got domain cert %s", domain)
+		return domainCert.tlsCert, nil
+	}
+	if a.OnDemand {
+		if a.checkOnDemandDomain != nil && !a.checkOnDemandDomain(domain) {
+			return nil, nil
+		}
+		return a.loadCertificateOnDemand(clientHello)
+	}
+	log.Debugf("ACME got nothing %s", domain)
+	return nil, nil
+}
+
+func (a *ACME) retrieveCertificates() {
+	a.jobs.In() <- func() {
+		log.Infof("Retrieving ACME certificates...")
+		for _, domain := range a.Domains {
+			// check if cert isn't already loaded
+			account := a.store.Get().(*Account)
+			if _, exists := account.DomainsCertificate.exists(domain); !exists {
+				domains := []string{}
+				domains = append(domains, domain.Main)
+				domains = append(domains, domain.SANs...)
+				certificateResource, err := a.getDomainsCertificates(domains)
+				if err != nil {
+					log.Errorf("Error getting ACME certificate for domain %s: %s", domains, err.Error())
+					continue
+				}
+				transaction, object, err := a.store.Begin()
+				if err != nil {
+					log.Errorf("Error creating ACME store transaction from domain %s: %s", domain, err.Error())
+					continue
+				}
+				account = object.(*Account)
+				_, err = account.DomainsCertificate.addCertificateForDomains(certificateResource, domain)
+				if err != nil {
+					log.Errorf("Error adding ACME certificate for domain %s: %s", domains, err.Error())
+					continue
+				}
+
+				if err = transaction.Commit(account); err != nil {
+					log.Errorf("Error Saving ACME account %+v: %s", account, err.Error())
+					continue
+				}
+			}
+		}
+		log.Infof("Retrieved ACME certificates")
+	}
+}
+
+func (a *ACME) renewCertificates() {
+	a.jobs.In() <- func() {
+		log.Debugf("Testing certificate renew...")
+		account := a.store.Get().(*Account)
+		for _, certificateResource := range account.DomainsCertificate.Certs {
+			if certificateResource.needRenew() {
+				log.Debugf("Renewing certificate %+v", certificateResource.Domains)
+				renewedCert, err := a.client.RenewCertificate(acme.CertificateResource{
+					Domain:        certificateResource.Certificate.Domain,
+					CertURL:       certificateResource.Certificate.CertURL,
+					CertStableURL: certificateResource.Certificate.CertStableURL,
+					PrivateKey:    certificateResource.Certificate.PrivateKey,
+					Certificate:   certificateResource.Certificate.Certificate,
+				}, true, OSCPMustStaple)
+				if err != nil {
+					log.Errorf("Error renewing certificate: %v", err)
+					continue
+				}
+				log.Debugf("Renewed certificate %+v", certificateResource.Domains)
+				renewedACMECert := &Certificate{
+					Domain:        renewedCert.Domain,
+					CertURL:       renewedCert.CertURL,
+					CertStableURL: renewedCert.CertStableURL,
+					PrivateKey:    renewedCert.PrivateKey,
+					Certificate:   renewedCert.Certificate,
+				}
+				transaction, object, err := a.store.Begin()
+				if err != nil {
+					log.Errorf("Error renewing certificate: %v", err)
+					continue
+				}
+				account = object.(*Account)
+				err = account.DomainsCertificate.renewCertificates(renewedACMECert, certificateResource.Domains)
+				if err != nil {
+					log.Errorf("Error renewing certificate: %v", err)
+					continue
+				}
+
+				if err = transaction.Commit(account); err != nil {
+					log.Errorf("Error Saving ACME account %+v: %s", account, err.Error())
+					continue
+				}
+			}
+		}
+	}
+}
+
+func dnsOverrideDelay(delay int) error {
+	var err error
+	if delay > 0 {
+		log.Debugf("Delaying %d seconds rather than validating DNS propagation", delay)
+		acme.PreCheckDNS = func(_, _ string) (bool, error) {
+			time.Sleep(time.Duration(delay) * time.Second)
+			return true, nil
+		}
+	} else if delay < 0 {
+		err = fmt.Errorf("Invalid negative DelayDontCheckDNS: %d", delay)
+	}
+	return err
+}
+
+func (a *ACME) buildACMEClient(account *Account) (*acme.Client, error) {
+	log.Debugf("Building ACME client...")
+	caServer := "https://acme-v01.api.letsencrypt.org/directory"
+	if len(a.CAServer) > 0 {
+		caServer = a.CAServer
+	}
+	client, err := acme.NewClient(caServer, account, acme.RSA4096)
+	if err != nil {
+		return nil, err
+	}
+
+	if len(a.DNSProvider) > 0 {
+		log.Debugf("Using DNS Challenge provider: %s", a.DNSProvider)
+
+		err = dnsOverrideDelay(a.DelayDontCheckDNS)
+		if err != nil {
+			return nil, err
+		}
+
+		var provider acme.ChallengeProvider
+		provider, err = dns.NewDNSChallengeProviderByName(a.DNSProvider)
+		if err != nil {
+			return nil, err
+		}
+
+		client.ExcludeChallenges([]acme.Challenge{acme.HTTP01, acme.TLSSNI01})
+		err = client.SetChallengeProvider(acme.DNS01, provider)
+	} else {
+		client.ExcludeChallenges([]acme.Challenge{acme.HTTP01, acme.DNS01})
+		err = client.SetChallengeProvider(acme.TLSSNI01, a.challengeProvider)
+	}
+
+	if err != nil {
+		return nil, err
+	}
+	return client, nil
+}
+
+func (a *ACME) loadCertificateOnDemand(clientHello *tls.ClientHelloInfo) (*tls.Certificate, error) {
+	domain := types.CanonicalDomain(clientHello.ServerName)
+	account := a.store.Get().(*Account)
+	if certificateResource, ok := account.DomainsCertificate.getCertificateForDomain(domain); ok {
+		return certificateResource.tlsCert, nil
+	}
+	certificate, err := a.getDomainsCertificates([]string{domain})
+	if err != nil {
+		return nil, err
+	}
+	log.Debugf("Got certificate on demand for domain %s", domain)
+
+	transaction, object, err := a.store.Begin()
+	if err != nil {
+		return nil, err
+	}
+	account = object.(*Account)
+	cert, err := account.DomainsCertificate.addCertificateForDomains(certificate, Domain{Main: domain})
+	if err != nil {
+		return nil, err
+	}
+	if err = transaction.Commit(account); err != nil {
+		return nil, err
+	}
+	return cert.tlsCert, nil
+}
+
+// LoadCertificateForDomains loads certificates from ACME for given domains
+func (a *ACME) LoadCertificateForDomains(domains []string) {
+	a.jobs.In() <- func() {
+		log.Debugf("LoadCertificateForDomains %s...", domains)
+		domains = fun.Map(types.CanonicalDomain, domains).([]string)
+		operation := func() error {
+			if a.client == nil {
+				return fmt.Errorf("ACME client still not built")
+			}
+			return nil
+		}
+		notify := func(err error, time time.Duration) {
+			log.Errorf("Error getting ACME client: %v, retrying in %s", err, time)
+		}
+		ebo := backoff.NewExponentialBackOff()
+		ebo.MaxElapsedTime = 30 * time.Second
+		err := backoff.RetryNotify(safe.OperationWithRecover(operation), ebo, notify)
+		if err != nil {
+			log.Errorf("Error getting ACME client: %v", err)
+			return
+		}
+		account := a.store.Get().(*Account)
+		var domain Domain
+		if len(domains) == 0 {
+			// no domain
+			return
+
+		} else if len(domains) > 1 {
+			domain = Domain{Main: domains[0], SANs: domains[1:]}
+		} else {
+			domain = Domain{Main: domains[0]}
+		}
+		if _, exists := account.DomainsCertificate.exists(domain); exists {
+			// domain already exists
+			return
+		}
+		certificate, err := a.getDomainsCertificates(domains)
+		if err != nil {
+			log.Errorf("Error getting ACME certificates %+v : %v", domains, err)
+			return
+		}
+		log.Debugf("Got certificate for domains %+v", domains)
+		transaction, object, err := a.store.Begin()
+
+		if err != nil {
+			log.Errorf("Error creating transaction %+v : %v", domains, err)
+			return
+		}
+		account = object.(*Account)
+		_, err = account.DomainsCertificate.addCertificateForDomains(certificate, domain)
+		if err != nil {
+			log.Errorf("Error adding ACME certificates %+v : %v", domains, err)
+			return
+		}
+		if err = transaction.Commit(account); err != nil {
+			log.Errorf("Error Saving ACME account %+v: %v", account, err)
+			return
+		}
+	}
+}
+
+func (a *ACME) getDomainsCertificates(domains []string) (*Certificate, error) {
+	domains = fun.Map(types.CanonicalDomain, domains).([]string)
+	log.Debugf("Loading ACME certificates %s...", domains)
+	bundle := true
+	certificate, failures := a.client.ObtainCertificate(domains, bundle, nil, OSCPMustStaple)
+	if len(failures) > 0 {
+		log.Error(failures)
+		return nil, fmt.Errorf("Cannot obtain certificates %s+v", failures)
+	}
+	log.Debugf("Loaded ACME certificates %s", domains)
+	return &Certificate{
+		Domain:        certificate.Domain,
+		CertURL:       certificate.CertURL,
+		CertStableURL: certificate.CertStableURL,
+		PrivateKey:    certificate.PrivateKey,
+		Certificate:   certificate.Certificate,
+	}, nil
+}
+
+func (a *ACME) runJobs() {
+	safe.Go(func() {
+		for job := range a.jobs.Out() {
+			function := job.(func())
+			function()
+		}
+	})
+}
--- a/acme/acme_test.go
+++ b/acme/acme_test.go
@@ -0,0 +1,279 @@
+package acme
+
+import (
+	"encoding/base64"
+	"net/http"
+	"net/http/httptest"
+	"reflect"
+	"sync"
+	"testing"
+	"time"
+
+	"github.com/xenolf/lego/acme"
+)
+
+func TestDomainsSet(t *testing.T) {
+	checkMap := map[string]Domains{
+		"":                                   {},
+		"foo.com":                            {Domain{Main: "foo.com", SANs: []string{}}},
+		"foo.com,bar.net":                    {Domain{Main: "foo.com", SANs: []string{"bar.net"}}},
+		"foo.com,bar1.net,bar2.net,bar3.net": {Domain{Main: "foo.com", SANs: []string{"bar1.net", "bar2.net", "bar3.net"}}},
+	}
+	for in, check := range checkMap {
+		ds := Domains{}
+		ds.Set(in)
+		if !reflect.DeepEqual(check, ds) {
+			t.Errorf("Expected %+v\nGot %+v", check, ds)
+		}
+	}
+}
+
+func TestDomainsSetAppend(t *testing.T) {
+	inSlice := []string{
+		"",
+		"foo1.com",
+		"foo2.com,bar.net",
+		"foo3.com,bar1.net,bar2.net,bar3.net",
+	}
+	checkSlice := []Domains{
+		{},
+		{
+			Domain{
+				Main: "foo1.com",
+				SANs: []string{}}},
+		{
+			Domain{
+				Main: "foo1.com",
+				SANs: []string{}},
+			Domain{
+				Main: "foo2.com",
+				SANs: []string{"bar.net"}}},
+		{
+			Domain{
+				Main: "foo1.com",
+				SANs: []string{}},
+			Domain{
+				Main: "foo2.com",
+				SANs: []string{"bar.net"}},
+			Domain{Main: "foo3.com",
+				SANs: []string{"bar1.net", "bar2.net", "bar3.net"}}},
+	}
+	ds := Domains{}
+	for i, in := range inSlice {
+		ds.Set(in)
+		if !reflect.DeepEqual(checkSlice[i], ds) {
+			t.Errorf("Expected  %s %+v\nGot %+v", in, checkSlice[i], ds)
+		}
+	}
+}
+
+func TestCertificatesRenew(t *testing.T) {
+	foo1Cert, foo1Key, _ := generateKeyPair("foo1.com", time.Now())
+	foo2Cert, foo2Key, _ := generateKeyPair("foo2.com", time.Now())
+	domainsCertificates := DomainsCertificates{
+		lock: sync.RWMutex{},
+		Certs: []*DomainsCertificate{
+			{
+				Domains: Domain{
+					Main: "foo1.com",
+					SANs: []string{}},
+				Certificate: &Certificate{
+					Domain:        "foo1.com",
+					CertURL:       "url",
+					CertStableURL: "url",
+					PrivateKey:    foo1Key,
+					Certificate:   foo1Cert,
+				},
+			},
+			{
+				Domains: Domain{
+					Main: "foo2.com",
+					SANs: []string{}},
+				Certificate: &Certificate{
+					Domain:        "foo2.com",
+					CertURL:       "url",
+					CertStableURL: "url",
+					PrivateKey:    foo2Key,
+					Certificate:   foo2Cert,
+				},
+			},
+		},
+	}
+	foo1Cert, foo1Key, _ = generateKeyPair("foo1.com", time.Now())
+	newCertificate := &Certificate{
+		Domain:        "foo1.com",
+		CertURL:       "url",
+		CertStableURL: "url",
+		PrivateKey:    foo1Key,
+		Certificate:   foo1Cert,
+	}
+
+	err := domainsCertificates.renewCertificates(
+		newCertificate,
+		Domain{
+			Main: "foo1.com",
+			SANs: []string{}})
+	if err != nil {
+		t.Errorf("Error in renewCertificates :%v", err)
+	}
+	if len(domainsCertificates.Certs) != 2 {
+		t.Errorf("Expected domainsCertificates length %d %+v\nGot %+v", 2, domainsCertificates.Certs, len(domainsCertificates.Certs))
+	}
+	if !reflect.DeepEqual(domainsCertificates.Certs[0].Certificate, newCertificate) {
+		t.Errorf("Expected new certificate %+v \nGot %+v", newCertificate, domainsCertificates.Certs[0].Certificate)
+	}
+}
+
+func TestRemoveDuplicates(t *testing.T) {
+	now := time.Now()
+	fooCert, fooKey, _ := generateKeyPair("foo.com", now)
+	foo24Cert, foo24Key, _ := generateKeyPair("foo.com", now.Add(24*time.Hour))
+	foo48Cert, foo48Key, _ := generateKeyPair("foo.com", now.Add(48*time.Hour))
+	barCert, barKey, _ := generateKeyPair("bar.com", now)
+	domainsCertificates := DomainsCertificates{
+		lock: sync.RWMutex{},
+		Certs: []*DomainsCertificate{
+			{
+				Domains: Domain{
+					Main: "foo.com",
+					SANs: []string{}},
+				Certificate: &Certificate{
+					Domain:        "foo.com",
+					CertURL:       "url",
+					CertStableURL: "url",
+					PrivateKey:    foo24Key,
+					Certificate:   foo24Cert,
+				},
+			},
+			{
+				Domains: Domain{
+					Main: "foo.com",
+					SANs: []string{}},
+				Certificate: &Certificate{
+					Domain:        "foo.com",
+					CertURL:       "url",
+					CertStableURL: "url",
+					PrivateKey:    foo48Key,
+					Certificate:   foo48Cert,
+				},
+			},
+			{
+				Domains: Domain{
+					Main: "foo.com",
+					SANs: []string{}},
+				Certificate: &Certificate{
+					Domain:        "foo.com",
+					CertURL:       "url",
+					CertStableURL: "url",
+					PrivateKey:    fooKey,
+					Certificate:   fooCert,
+				},
+			},
+			{
+				Domains: Domain{
+					Main: "bar.com",
+					SANs: []string{}},
+				Certificate: &Certificate{
+					Domain:        "bar.com",
+					CertURL:       "url",
+					CertStableURL: "url",
+					PrivateKey:    barKey,
+					Certificate:   barCert,
+				},
+			},
+			{
+				Domains: Domain{
+					Main: "foo.com",
+					SANs: []string{}},
+				Certificate: &Certificate{
+					Domain:        "foo.com",
+					CertURL:       "url",
+					CertStableURL: "url",
+					PrivateKey:    foo48Key,
+					Certificate:   foo48Cert,
+				},
+			},
+		},
+	}
+	domainsCertificates.Init()
+
+	if len(domainsCertificates.Certs) != 2 {
+		t.Errorf("Expected domainsCertificates length %d %+v\nGot %+v", 2, domainsCertificates.Certs, len(domainsCertificates.Certs))
+	}
+
+	for _, cert := range domainsCertificates.Certs {
+		switch cert.Domains.Main {
+		case "bar.com":
+			continue
+		case "foo.com":
+			if !cert.tlsCert.Leaf.NotAfter.Equal(now.Add(48 * time.Hour).Truncate(1 * time.Second)) {
+				t.Errorf("Bad expiration %s date for domain %+v, now %s", cert.tlsCert.Leaf.NotAfter.String(), cert, now.Add(48*time.Hour).Truncate(1*time.Second).String())
+			}
+		default:
+			t.Errorf("Unknown domain %+v", cert)
+		}
+	}
+}
+
+func TestNoPreCheckOverride(t *testing.T) {
+	acme.PreCheckDNS = nil // Irreversable - but not expecting real calls into this during testing process
+	err := dnsOverrideDelay(0)
+	if err != nil {
+		t.Errorf("Error in dnsOverrideDelay :%v", err)
+	}
+	if acme.PreCheckDNS != nil {
+		t.Errorf("Unexpected change to acme.PreCheckDNS when leaving DNS verification as is.")
+	}
+}
+
+func TestSillyPreCheckOverride(t *testing.T) {
+	err := dnsOverrideDelay(-5)
+	if err == nil {
+		t.Errorf("Missing expected error in dnsOverrideDelay!")
+	}
+}
+
+func TestPreCheckOverride(t *testing.T) {
+	acme.PreCheckDNS = nil // Irreversable - but not expecting real calls into this during testing process
+	err := dnsOverrideDelay(5)
+	if err != nil {
+		t.Errorf("Error in dnsOverrideDelay :%v", err)
+	}
+	if acme.PreCheckDNS == nil {
+		t.Errorf("No change to acme.PreCheckDNS when meant to be adding enforcing override function.")
+	}
+}
+
+func TestAcmeClientCreation(t *testing.T) {
+	acme.PreCheckDNS = nil // Irreversable - but not expecting real calls into this during testing process
+	// Lengthy setup to avoid external web requests - oh for easier golang testing!
+	account := &Account{Email: "f@f"}
+	account.PrivateKey, _ = base64.StdEncoding.DecodeString(`
+MIIBPAIBAAJBAMp2Ni92FfEur+CAvFkgC12LT4l9D53ApbBpDaXaJkzzks+KsLw9zyAxvlrfAyTCQ
+7tDnEnIltAXyQ0uOFUUdcMCAwEAAQJAK1FbipATZcT9cGVa5x7KD7usytftLW14heQUPXYNV80r/3
+lmnpvjL06dffRpwkYeN8DATQF/QOcy3NNNGDw/4QIhAPAKmiZFxA/qmRXsuU8Zhlzf16WrNZ68K64
+asn/h3qZrAiEA1+wFR3WXCPIolOvd7AHjfgcTKQNkoMPywU4FYUNQ1AkCIQDv8yk0qPjckD6HVCPJ
+llJh9MC0svjevGtNlxJoE3lmEQIhAKXy1wfZ32/XtcrnENPvi6lzxI0T94X7s5pP3aCoPPoJAiEAl
+cijFkALeQp/qyeXdFld2v9gUN3eCgljgcl0QweRoIc=---`)
+	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		w.Write([]byte(`{
+"new-authz": "https://foo/acme/new-authz",
+"new-cert": "https://foo/acme/new-cert",
+"new-reg": "https://foo/acme/new-reg",
+"revoke-cert": "https://foo/acme/revoke-cert"
+}`))
+	}))
+	defer ts.Close()
+	a := ACME{DNSProvider: "manual", DelayDontCheckDNS: 10, CAServer: ts.URL}
+
+	client, err := a.buildACMEClient(account)
+	if err != nil {
+		t.Errorf("Error in buildACMEClient: %v", err)
+	}
+	if client == nil {
+		t.Errorf("No client from buildACMEClient!")
+	}
+	if acme.PreCheckDNS == nil {
+		t.Errorf("No change to acme.PreCheckDNS when meant to be adding enforcing override function.")
+	}
+}
--- a/acme/challengeProvider.go
+++ b/acme/challengeProvider.go
@@ -0,0 +1,97 @@
+package acme
+
+import (
+	"crypto/tls"
+	"fmt"
+	"strings"
+	"sync"
+	"time"
+
+	"github.com/cenk/backoff"
+	"github.com/containous/traefik/cluster"
+	"github.com/containous/traefik/log"
+	"github.com/containous/traefik/safe"
+	"github.com/xenolf/lego/acme"
+)
+
+var _ acme.ChallengeProviderTimeout = (*challengeProvider)(nil)
+
+type challengeProvider struct {
+	store cluster.Store
+	lock  sync.RWMutex
+}
+
+func (c *challengeProvider) getCertificate(domain string) (cert *tls.Certificate, exists bool) {
+	log.Debugf("Challenge GetCertificate %s", domain)
+	if !strings.HasSuffix(domain, ".acme.invalid") {
+		return nil, false
+	}
+	c.lock.RLock()
+	defer c.lock.RUnlock()
+	account := c.store.Get().(*Account)
+	if account.ChallengeCerts == nil {
+		return nil, false
+	}
+	account.Init()
+	var result *tls.Certificate
+	operation := func() error {
+		for _, cert := range account.ChallengeCerts {
+			for _, dns := range cert.certificate.Leaf.DNSNames {
+				if domain == dns {
+					result = cert.certificate
+					return nil
+				}
+			}
+		}
+		return fmt.Errorf("Cannot find challenge cert for domain %s", domain)
+	}
+	notify := func(err error, time time.Duration) {
+		log.Errorf("Error getting cert: %v, retrying in %s", err, time)
+	}
+	ebo := backoff.NewExponentialBackOff()
+	ebo.MaxElapsedTime = 60 * time.Second
+	err := backoff.RetryNotify(safe.OperationWithRecover(operation), ebo, notify)
+	if err != nil {
+		log.Errorf("Error getting cert: %v", err)
+		return nil, false
+	}
+	return result, true
+}
+
+func (c *challengeProvider) Present(domain, token, keyAuth string) error {
+	log.Debugf("Challenge Present %s", domain)
+	cert, _, err := TLSSNI01ChallengeCert(keyAuth)
+	if err != nil {
+		return err
+	}
+
+	c.lock.Lock()
+	defer c.lock.Unlock()
+	transaction, object, err := c.store.Begin()
+	if err != nil {
+		return err
+	}
+	account := object.(*Account)
+	if account.ChallengeCerts == nil {
+		account.ChallengeCerts = map[string]*ChallengeCert{}
+	}
+	account.ChallengeCerts[domain] = &cert
+	return transaction.Commit(account)
+}
+
+func (c *challengeProvider) CleanUp(domain, token, keyAuth string) error {
+	log.Debugf("Challenge CleanUp %s", domain)
+	c.lock.Lock()
+	defer c.lock.Unlock()
+	transaction, object, err := c.store.Begin()
+	if err != nil {
+		return err
+	}
+	account := object.(*Account)
+	delete(account.ChallengeCerts, domain)
+	return transaction.Commit(account)
+}
+
+func (c *challengeProvider) Timeout() (timeout, interval time.Duration) {
+	return 60 * time.Second, 5 * time.Second
+}
--- a/acme/crypto.go
+++ b/acme/crypto.go
@@ -0,0 +1,135 @@
+package acme
+
+import (
+	"crypto"
+	"crypto/ecdsa"
+	"crypto/rand"
+	"crypto/rsa"
+	"crypto/sha256"
+	"crypto/tls"
+	"crypto/x509"
+	"crypto/x509/pkix"
+	"encoding/hex"
+	"encoding/pem"
+	"fmt"
+	"math/big"
+	"time"
+)
+
+func generateDefaultCertificate() (*tls.Certificate, error) {
+	randomBytes := make([]byte, 100)
+	_, err := rand.Read(randomBytes)
+	if err != nil {
+		return nil, err
+	}
+	zBytes := sha256.Sum256(randomBytes)
+	z := hex.EncodeToString(zBytes[:sha256.Size])
+	domain := fmt.Sprintf("%s.%s.traefik.default", z[:32], z[32:])
+
+	certPEM, keyPEM, err := generateKeyPair(domain, time.Time{})
+	if err != nil {
+		return nil, err
+	}
+
+	certificate, err := tls.X509KeyPair(certPEM, keyPEM)
+	if err != nil {
+		return nil, err
+	}
+
+	return &certificate, nil
+}
+
+func generateKeyPair(domain string, expiration time.Time) ([]byte, []byte, error) {
+	rsaPrivKey, err := rsa.GenerateKey(rand.Reader, 2048)
+	if err != nil {
+		return nil, nil, err
+	}
+	keyPEM := pem.EncodeToMemory(&pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(rsaPrivKey)})
+
+	certPEM, err := generatePemCert(rsaPrivKey, domain, expiration)
+	if err != nil {
+		return nil, nil, err
+	}
+	return certPEM, keyPEM, nil
+}
+
+func generatePemCert(privKey *rsa.PrivateKey, domain string, expiration time.Time) ([]byte, error) {
+	derBytes, err := generateDerCert(privKey, expiration, domain)
+	if err != nil {
+		return nil, err
+	}
+
+	return pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: derBytes}), nil
+}
+
+func generateDerCert(privKey *rsa.PrivateKey, expiration time.Time, domain string) ([]byte, error) {
+	serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
+	serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)
+	if err != nil {
+		return nil, err
+	}
+
+	if expiration.IsZero() {
+		expiration = time.Now().Add(365)
+	}
+
+	template := x509.Certificate{
+		SerialNumber: serialNumber,
+		Subject: pkix.Name{
+			CommonName: "TRAEFIK DEFAULT CERT",
+		},
+		NotBefore: time.Now(),
+		NotAfter:  expiration,
+
+		KeyUsage:              x509.KeyUsageKeyEncipherment,
+		BasicConstraintsValid: true,
+		DNSNames:              []string{domain},
+	}
+
+	return x509.CreateCertificate(rand.Reader, &template, &template, &privKey.PublicKey, privKey)
+}
+
+// TLSSNI01ChallengeCert returns a certificate and target domain for the `tls-sni-01` challenge
+func TLSSNI01ChallengeCert(keyAuth string) (ChallengeCert, string, error) {
+	// generate a new RSA key for the certificates
+	var tempPrivKey crypto.PrivateKey
+	tempPrivKey, err := rsa.GenerateKey(rand.Reader, 2048)
+	if err != nil {
+		return ChallengeCert{}, "", err
+	}
+	rsaPrivKey := tempPrivKey.(*rsa.PrivateKey)
+	rsaPrivPEM := pemEncode(rsaPrivKey)
+
+	zBytes := sha256.Sum256([]byte(keyAuth))
+	z := hex.EncodeToString(zBytes[:sha256.Size])
+	domain := fmt.Sprintf("%s.%s.acme.invalid", z[:32], z[32:])
+	tempCertPEM, err := generatePemCert(rsaPrivKey, domain, time.Time{})
+	if err != nil {
+		return ChallengeCert{}, "", err
+	}
+
+	certificate, err := tls.X509KeyPair(tempCertPEM, rsaPrivPEM)
+	if err != nil {
+		return ChallengeCert{}, "", err
+	}
+
+	return ChallengeCert{Certificate: tempCertPEM, PrivateKey: rsaPrivPEM, certificate: &certificate}, domain, nil
+}
+func pemEncode(data interface{}) []byte {
+	var pemBlock *pem.Block
+	switch key := data.(type) {
+	case *ecdsa.PrivateKey:
+		keyBytes, _ := x509.MarshalECPrivateKey(key)
+		pemBlock = &pem.Block{Type: "EC PRIVATE KEY", Bytes: keyBytes}
+	case *rsa.PrivateKey:
+		pemBlock = &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(key)}
+		break
+	case *x509.CertificateRequest:
+		pemBlock = &pem.Block{Type: "CERTIFICATE REQUEST", Bytes: key.Raw}
+		break
+	case []byte:
+		pemBlock = &pem.Block{Type: "CERTIFICATE", Bytes: []byte(data.([]byte))}
+	}
+
+	return pem.EncodeToMemory(pemBlock)
+}
--- a/acme/localStore.go
+++ b/acme/localStore.go
@@ -0,0 +1,97 @@
+package acme
+
+import (
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"os"
+	"sync"
+
+	"github.com/containous/traefik/cluster"
+	"github.com/containous/traefik/log"
+)
+
+var _ cluster.Store = (*LocalStore)(nil)
+
+// LocalStore is a store using a file as storage
+type LocalStore struct {
+	file        string
+	storageLock sync.RWMutex
+	account     *Account
+}
+
+// NewLocalStore create a LocalStore
+func NewLocalStore(file string) *LocalStore {
+	return &LocalStore{
+		file: file,
+	}
+}
+
+// Get atomically a struct from the file storage
+func (s *LocalStore) Get() cluster.Object {
+	s.storageLock.RLock()
+	defer s.storageLock.RUnlock()
+	return s.account
+}
+
+// Load loads file into store
+func (s *LocalStore) Load() (cluster.Object, error) {
+	s.storageLock.Lock()
+	defer s.storageLock.Unlock()
+	account := &Account{}
+
+	err := checkPermissions(s.file)
+	if err != nil {
+		return nil, err
+	}
+	f, err := os.Open(s.file)
+	if err != nil {
+		return nil, err
+	}
+	defer f.Close()
+	file, err := ioutil.ReadAll(f)
+	if err != nil {
+		return nil, err
+	}
+	if err := json.Unmarshal(file, &account); err != nil {
+		return nil, err
+	}
+	account.Init()
+	s.account = account
+	log.Infof("Loaded ACME config from store %s", s.file)
+	return account, nil
+}
+
+// Begin creates a transaction with the KV store.
+func (s *LocalStore) Begin() (cluster.Transaction, cluster.Object, error) {
+	s.storageLock.Lock()
+	return &localTransaction{LocalStore: s}, s.account, nil
+}
+
+var _ cluster.Transaction = (*localTransaction)(nil)
+
+type localTransaction struct {
+	*LocalStore
+	dirty bool
+}
+
+// Commit allows to set an object in the file storage
+func (t *localTransaction) Commit(object cluster.Object) error {
+	t.LocalStore.account = object.(*Account)
+	defer t.storageLock.Unlock()
+	if t.dirty {
+		return fmt.Errorf("transaction already used, please begin a new one")
+	}
+
+	// write account to file
+	data, err := json.MarshalIndent(object, "", "  ")
+	if err != nil {
+		return err
+	}
+	err = ioutil.WriteFile(t.file, data, 0600)
+	if err != nil {
+		return err
+	}
+	t.dirty = true
+	return nil
+}
--- a/acme/localStore_unix.go
+++ b/acme/localStore_unix.go
@@ -0,0 +1,25 @@
+// +build !windows
+
+package acme
+
+import (
+	"fmt"
+	"os"
+)
+
+// Check file permissions
+func checkPermissions(name string) error {
+	f, err := os.Open(name)
+	if err != nil {
+		return err
+	}
+	defer f.Close()
+	fi, err := f.Stat()
+	if err != nil {
+		return err
+	}
+	if fi.Mode().Perm()&0077 != 0 {
+		return fmt.Errorf("permissions %o for %s are too open, please use 600", fi.Mode().Perm(), name)
+	}
+	return nil
+}
--- a/acme/localStore_windows.go
+++ b/acme/localStore_windows.go
@@ -0,0 +1,6 @@
+package acme
+
+// Do not check file permissions on Windows right now
+func checkPermissions(name string) error {
+	return nil
+}
--- a/adapters.go
+++ b/adapters.go
@@ -4,42 +4,31 @@ Copyright
 package main

 import (
-	log "github.com/Sirupsen/logrus"
-	"github.com/gorilla/mux"
-	"github.com/mailgun/oxy/utils"
 	"net/http"
+
+	"github.com/containous/traefik/log"
 )

+// OxyLogger implements oxy Logger interface with logrus.
 type OxyLogger struct {
 }

+// Infof logs specified string as Debug level in logrus.
 func (oxylogger *OxyLogger) Infof(format string, args ...interface{}) {
 	log.Debugf(format, args...)
 }

+// Warningf logs specified string as Warning level in logrus.
 func (oxylogger *OxyLogger) Warningf(format string, args ...interface{}) {
 	log.Warningf(format, args...)
 }

+// Errorf logs specified string as Warningf level in logrus.
 func (oxylogger *OxyLogger) Errorf(format string, args ...interface{}) {
-	log.Errorf(format, args...)
-}
-
-type ErrorHandler struct {
-}
-
-func (e *ErrorHandler) ServeHTTP(w http.ResponseWriter, req *http.Request, err error) {
-	log.Error("server error ", err.Error())
-	utils.DefaultHandler.ServeHTTP(w, req, err)
+	log.Warningf(format, args...)
 }

 func notFoundHandler(w http.ResponseWriter, r *http.Request) {
 	http.NotFound(w, r)
 	//templatesRenderer.HTML(w, http.StatusNotFound, "notFound", nil)
 }
-
-func LoadDefaultConfig(globalConfiguration *GlobalConfiguration) *mux.Router {
-	router := mux.NewRouter()
-	router.NotFoundHandler = http.HandlerFunc(notFoundHandler)
-	return router
-}
--- a/build.Dockerfile
+++ b/build.Dockerfile
@@ -1,27 +1,36 @@
-FROM golang:1.5
+FROM golang:1.7

-RUN go get github.com/Masterminds/glide
-RUN go get github.com/mitchellh/gox
-RUN go get github.com/tcnksm/ghr
-RUN go get github.com/jteeuwen/go-bindata/...
+RUN go get github.com/jteeuwen/go-bindata/... \
+&& go get github.com/golang/lint/golint \
+&& go get github.com/kisielk/errcheck \
+&& go get github.com/client9/misspell/cmd/misspell \
+&& go get github.com/mattfarina/glide-hash

 # Which docker version to test on
-ENV DOCKER_VERSION 1.6.2
+ARG DOCKER_VERSION=1.10.3

-# enable GO15VENDOREXPERIMENT
-ENV GO15VENDOREXPERIMENT 1
+
+# Which glide version to test on
+ARG GLIDE_VERSION=v0.12.3
+
+# Download glide
+RUN mkdir -p /usr/local/bin \
+    && curl -fL https://github.com/Masterminds/glide/releases/download/${GLIDE_VERSION}/glide-${GLIDE_VERSION}-linux-amd64.tar.gz \
+    | tar -xzC /usr/local/bin --transform 's#^.+/##x'

 # Download docker
-RUN set -ex; \
-    curl https://get.docker.com/builds/Linux/x86_64/docker-${DOCKER_VERSION} -o /usr/local/bin/docker-${DOCKER_VERSION}; \
-    chmod +x /usr/local/bin/docker-${DOCKER_VERSION}
+RUN mkdir -p /usr/local/bin \
+    && curl -fL https://get.docker.com/builds/Linux/x86_64/docker-${DOCKER_VERSION}.tgz \
+    | tar -xzC /usr/local/bin --transform 's#^.+/##x'

-# Set the default Docker to be run
-RUN ln -s /usr/local/bin/docker-${DOCKER_VERSION} /usr/local/bin/docker
-
-WORKDIR /go/src/github.com/emilevauge/traefik
+WORKDIR /go/src/github.com/containous/traefik

 COPY glide.yaml glide.yaml
-RUN glide up
+COPY glide.lock glide.lock
+RUN glide install -v

-COPY . /go/src/github.com/emilevauge/traefik
+COPY integration/glide.yaml integration/glide.yaml
+COPY integration/glide.lock integration/glide.lock
+RUN cd integration && glide install
+
+COPY . /go/src/github.com/containous/traefik
--- a/cluster/datastore.go
+++ b/cluster/datastore.go
@@ -0,0 +1,255 @@
+package cluster
+
+import (
+	"context"
+	"encoding/json"
+	"fmt"
+	"sync"
+	"time"
+
+	"github.com/cenk/backoff"
+	"github.com/containous/staert"
+	"github.com/containous/traefik/job"
+	"github.com/containous/traefik/log"
+	"github.com/containous/traefik/safe"
+	"github.com/docker/libkv/store"
+	"github.com/satori/go.uuid"
+)
+
+// Metadata stores Object plus metadata
+type Metadata struct {
+	object Object
+	Object []byte
+	Lock   string
+}
+
+// NewMetadata returns new Metadata
+func NewMetadata(object Object) *Metadata {
+	return &Metadata{object: object}
+}
+
+// Marshall marshalls object
+func (m *Metadata) Marshall() error {
+	var err error
+	m.Object, err = json.Marshal(m.object)
+	return err
+}
+
+func (m *Metadata) unmarshall() error {
+	if len(m.Object) == 0 {
+		return nil
+	}
+	return json.Unmarshal(m.Object, m.object)
+}
+
+// Listener is called when Object has been changed in KV store
+type Listener func(Object) error
+
+var _ Store = (*Datastore)(nil)
+
+// Datastore holds a struct synced in a KV store
+type Datastore struct {
+	kv        staert.KvSource
+	ctx       context.Context
+	localLock *sync.RWMutex
+	meta      *Metadata
+	lockKey   string
+	listener  Listener
+}
+
+// NewDataStore creates a Datastore
+func NewDataStore(ctx context.Context, kvSource staert.KvSource, object Object, listener Listener) (*Datastore, error) {
+	datastore := Datastore{
+		kv:        kvSource,
+		ctx:       ctx,
+		meta:      &Metadata{object: object},
+		lockKey:   kvSource.Prefix + "/lock",
+		localLock: &sync.RWMutex{},
+		listener:  listener,
+	}
+	err := datastore.watchChanges()
+	if err != nil {
+		return nil, err
+	}
+	return &datastore, nil
+}
+
+func (d *Datastore) watchChanges() error {
+	stopCh := make(chan struct{})
+	kvCh, err := d.kv.Watch(d.lockKey, stopCh)
+	if err != nil {
+		return err
+	}
+	go func() {
+		ctx, cancel := context.WithCancel(d.ctx)
+		operation := func() error {
+			for {
+				select {
+				case <-ctx.Done():
+					stopCh <- struct{}{}
+					return nil
+				case _, ok := <-kvCh:
+					if !ok {
+						cancel()
+						return err
+					}
+					err = d.reload()
+					if err != nil {
+						return err
+					}
+					// log.Debugf("Datastore object change received: %+v", d.meta)
+					if d.listener != nil {
+						err := d.listener(d.meta.object)
+						if err != nil {
+							log.Errorf("Error calling datastore listener: %s", err)
+						}
+					}
+				}
+			}
+		}
+		notify := func(err error, time time.Duration) {
+			log.Errorf("Error in watch datastore: %+v, retrying in %s", err, time)
+		}
+		err := backoff.RetryNotify(safe.OperationWithRecover(operation), job.NewBackOff(backoff.NewExponentialBackOff()), notify)
+		if err != nil {
+			log.Errorf("Error in watch datastore: %v", err)
+		}
+	}()
+	return nil
+}
+
+func (d *Datastore) reload() error {
+	log.Debugf("Datastore reload")
+	d.localLock.Lock()
+	err := d.kv.LoadConfig(d.meta)
+	if err != nil {
+		d.localLock.Unlock()
+		return err
+	}
+	err = d.meta.unmarshall()
+	if err != nil {
+		d.localLock.Unlock()
+		return err
+	}
+	d.localLock.Unlock()
+	return nil
+}
+
+// Begin creates a transaction with the KV store.
+func (d *Datastore) Begin() (Transaction, Object, error) {
+	id := uuid.NewV4().String()
+	log.Debugf("Transaction %s begins", id)
+	remoteLock, err := d.kv.NewLock(d.lockKey, &store.LockOptions{TTL: 20 * time.Second, Value: []byte(id)})
+	if err != nil {
+		return nil, nil, err
+	}
+	stopCh := make(chan struct{})
+	ctx, cancel := context.WithCancel(d.ctx)
+	var errLock error
+	go func() {
+		_, errLock = remoteLock.Lock(stopCh)
+		cancel()
+	}()
+	select {
+	case <-ctx.Done():
+		if errLock != nil {
+			return nil, nil, errLock
+		}
+	case <-d.ctx.Done():
+		stopCh <- struct{}{}
+		return nil, nil, d.ctx.Err()
+	}
+
+	// we got the lock! Now make sure we are synced with KV store
+	operation := func() error {
+		meta := d.get()
+		if meta.Lock != id {
+			return fmt.Errorf("Object lock value: expected %s, got %s", id, meta.Lock)
+		}
+		return nil
+	}
+	notify := func(err error, time time.Duration) {
+		log.Errorf("Datastore sync error: %v, retrying in %s", err, time)
+		err = d.reload()
+		if err != nil {
+			log.Errorf("Error reloading: %+v", err)
+		}
+	}
+	ebo := backoff.NewExponentialBackOff()
+	ebo.MaxElapsedTime = 60 * time.Second
+	err = backoff.RetryNotify(safe.OperationWithRecover(operation), ebo, notify)
+	if err != nil {
+		return nil, nil, fmt.Errorf("Datastore cannot sync: %v", err)
+	}
+
+	// we synced with KV store, we can now return Setter
+	return &datastoreTransaction{
+		Datastore:  d,
+		remoteLock: remoteLock,
+		id:         id,
+	}, d.meta.object, nil
+}
+
+func (d *Datastore) get() *Metadata {
+	d.localLock.RLock()
+	defer d.localLock.RUnlock()
+	return d.meta
+}
+
+// Load load atomically a struct from the KV store
+func (d *Datastore) Load() (Object, error) {
+	d.localLock.Lock()
+	defer d.localLock.Unlock()
+	err := d.kv.LoadConfig(d.meta)
+	if err != nil {
+		return nil, err
+	}
+	err = d.meta.unmarshall()
+	if err != nil {
+		return nil, err
+	}
+	return d.meta.object, nil
+}
+
+// Get atomically a struct from the KV store
+func (d *Datastore) Get() Object {
+	d.localLock.RLock()
+	defer d.localLock.RUnlock()
+	return d.meta.object
+}
+
+var _ Transaction = (*datastoreTransaction)(nil)
+
+type datastoreTransaction struct {
+	*Datastore
+	remoteLock store.Locker
+	dirty      bool
+	id         string
+}
+
+// Commit allows to set an object in the KV store
+func (s *datastoreTransaction) Commit(object Object) error {
+	s.localLock.Lock()
+	defer s.localLock.Unlock()
+	if s.dirty {
+		return fmt.Errorf("Transaction already used, please begin a new one")
+	}
+	s.Datastore.meta.object = object
+	err := s.Datastore.meta.Marshall()
+	if err != nil {
+		return fmt.Errorf("Marshall error: %s", err)
+	}
+	err = s.kv.StoreConfig(s.Datastore.meta)
+	if err != nil {
+		return fmt.Errorf("StoreConfig error: %s", err)
+	}
+
+	err = s.remoteLock.Unlock()
+	if err != nil {
+		return fmt.Errorf("Unlock error: %s", err)
+	}
+
+	s.dirty = true
+	log.Debugf("Transaction committed %s", s.id)
+	return nil
+}
--- a/cluster/leadership.go
+++ b/cluster/leadership.go
@@ -0,0 +1,104 @@
+package cluster
+
+import (
+	"context"
+	"time"
+
+	"github.com/cenk/backoff"
+	"github.com/containous/traefik/log"
+	"github.com/containous/traefik/safe"
+	"github.com/containous/traefik/types"
+	"github.com/docker/leadership"
+)
+
+// Leadership allows leadership election using a KV store
+type Leadership struct {
+	*safe.Pool
+	*types.Cluster
+	candidate *leadership.Candidate
+	leader    *safe.Safe
+	listeners []LeaderListener
+}
+
+// NewLeadership creates a leadership
+func NewLeadership(ctx context.Context, cluster *types.Cluster) *Leadership {
+	return &Leadership{
+		Pool:      safe.NewPool(ctx),
+		Cluster:   cluster,
+		candidate: leadership.NewCandidate(cluster.Store, cluster.Store.Prefix+"/leader", cluster.Node, 20*time.Second),
+		listeners: []LeaderListener{},
+		leader:    safe.New(false),
+	}
+}
+
+// LeaderListener is called when leadership has changed
+type LeaderListener func(elected bool) error
+
+// Participate tries to be a leader
+func (l *Leadership) Participate(pool *safe.Pool) {
+	pool.GoCtx(func(ctx context.Context) {
+		log.Debugf("Node %s running for election", l.Cluster.Node)
+		defer log.Debugf("Node %s no more running for election", l.Cluster.Node)
+		backOff := backoff.NewExponentialBackOff()
+		operation := func() error {
+			return l.run(ctx, l.candidate)
+		}
+
+		notify := func(err error, time time.Duration) {
+			log.Errorf("Leadership election error %+v, retrying in %s", err, time)
+		}
+		err := backoff.RetryNotify(safe.OperationWithRecover(operation), backOff, notify)
+		if err != nil {
+			log.Errorf("Cannot elect leadership %+v", err)
+		}
+	})
+}
+
+// AddListener adds a leadership listerner
+func (l *Leadership) AddListener(listener LeaderListener) {
+	l.listeners = append(l.listeners, listener)
+}
+
+// Resign resigns from being a leader
+func (l *Leadership) Resign() {
+	l.candidate.Resign()
+	log.Infof("Node %s resigned", l.Cluster.Node)
+}
+
+func (l *Leadership) run(ctx context.Context, candidate *leadership.Candidate) error {
+	electedCh, errCh := candidate.RunForElection()
+	for {
+		select {
+		case elected := <-electedCh:
+			l.onElection(elected)
+		case err := <-errCh:
+			return err
+		case <-ctx.Done():
+			l.candidate.Resign()
+			return nil
+		}
+	}
+}
+
+func (l *Leadership) onElection(elected bool) {
+	if elected {
+		log.Infof("Node %s elected leader ♚", l.Cluster.Node)
+		l.leader.Set(true)
+		l.Start()
+	} else {
+		log.Infof("Node %s elected slave ♝", l.Cluster.Node)
+		l.leader.Set(false)
+		l.Stop()
+	}
+	for _, listener := range l.listeners {
+		err := listener(elected)
+		if err != nil {
+			log.Errorf("Error calling Leadership listener: %s", err)
+		}
+	}
+}
+
+// IsLeader returns true if current node is leader
+func (l *Leadership) IsLeader() bool {
+	return l.leader.Get().(bool)
+}
--- a/cluster/store.go
+++ b/cluster/store.go
@@ -0,0 +1,16 @@
+package cluster
+
+// Object is the struct to store
+type Object interface{}
+
+// Store is a generic interface to represents a storage
+type Store interface {
+	Load() (Object, error)
+	Get() Object
+	Begin() (Transaction, Object, error)
+}
+
+// Transaction allows to set a struct in the KV store
+type Transaction interface {
+	Commit(object Object) error
+}
--- a/cmd/bug.go
+++ b/cmd/bug.go
@@ -0,0 +1,111 @@
+package cmd
+
+import (
+	"bytes"
+	"encoding/json"
+	"fmt"
+	"net/url"
+	"os/exec"
+	"regexp"
+	"runtime"
+	"text/template"
+
+	"github.com/containous/flaeg"
+	"github.com/mvdan/xurls"
+)
+
+var (
+	bugtracker  = "https://github.com/containous/traefik/issues/new"
+	bugTemplate = `### What version of Traefik are you using?
+` + "```" + `
+{{.Version}}
+` + "```" + `
+
+### What is your environment & configuration (arguments, toml...)?
+` + "```" + `
+{{.Configuration}}
+` + "```" + `
+
+### What did you do?
+
+
+### What did you expect to see?
+
+
+### What did you see instead?
+`
+)
+
+// NewBugCmd builds a new Bug command
+func NewBugCmd(traefikConfiguration interface{}, traefikPointersConfiguration interface{}) *flaeg.Command {
+
+	//version Command init
+	return &flaeg.Command{
+		Name:                  "bug",
+		Description:           `Report an issue on Traefik bugtracker`,
+		Config:                traefikConfiguration,
+		DefaultPointersConfig: traefikPointersConfiguration,
+		Run: func() error {
+			var version bytes.Buffer
+			if err := getVersionPrint(&version); err != nil {
+				return err
+			}
+
+			tmpl, err := template.New("").Parse(bugTemplate)
+			if err != nil {
+				return err
+			}
+
+			configJSON, err := json.MarshalIndent(traefikConfiguration, "", " ")
+			if err != nil {
+				return err
+			}
+
+			v := struct {
+				Version       string
+				Configuration string
+			}{
+				Version:       version.String(),
+				Configuration: anonymize(string(configJSON)),
+			}
+
+			var bug bytes.Buffer
+			if err := tmpl.Execute(&bug, v); err != nil {
+				return err
+			}
+
+			body := bug.String()
+			url := bugtracker + "?body=" + url.QueryEscape(body)
+			if err := openBrowser(url); err != nil {
+				fmt.Print("Please file a new issue at " + bugtracker + " using this template:\n\n")
+				fmt.Print(body)
+			}
+
+			return nil
+		},
+		Metadata: map[string]string{
+			"parseAllSources": "true",
+		},
+	}
+}
+
+func openBrowser(url string) error {
+	var err error
+	switch runtime.GOOS {
+	case "linux":
+		err = exec.Command("xdg-open", url).Start()
+	case "windows":
+		err = exec.Command("rundll32", "url.dll,FileProtocolHandler", url).Start()
+	case "darwin":
+		err = exec.Command("open", url).Start()
+	default:
+		err = fmt.Errorf("unsupported platform")
+	}
+	return err
+}
+
+func anonymize(input string) string {
+	replace := "xxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
+	mailExp := regexp.MustCompile(`\w[-._\w]*\w@\w[-._\w]*\w\.\w{2,3}"`)
+	return xurls.Relaxed.ReplaceAllString(mailExp.ReplaceAllString(input, replace), replace)
+}
--- a/cmd/version.go
+++ b/cmd/version.go
@@ -0,0 +1,63 @@
+package cmd
+
+import (
+	"fmt"
+	"io"
+	"os"
+	"runtime"
+	"text/template"
+
+	"github.com/containous/flaeg"
+	"github.com/containous/traefik/version"
+)
+
+var versionTemplate = `Version:      {{.Version}}
+Codename:     {{.Codename}}
+Go version:   {{.GoVersion}}
+Built:        {{.BuildTime}}
+OS/Arch:      {{.Os}}/{{.Arch}}`
+
+// NewVersionCmd builds a new Version command
+func NewVersionCmd() *flaeg.Command {
+
+	//version Command init
+	return &flaeg.Command{
+		Name:                  "version",
+		Description:           `Print version`,
+		Config:                struct{}{},
+		DefaultPointersConfig: struct{}{},
+		Run: func() error {
+			if err := getVersionPrint(os.Stdout); err != nil {
+				return err
+			}
+			fmt.Printf("\n")
+			return nil
+
+		},
+	}
+}
+
+func getVersionPrint(wr io.Writer) error {
+	tmpl, err := template.New("").Parse(versionTemplate)
+	if err != nil {
+		return err
+	}
+
+	v := struct {
+		Version   string
+		Codename  string
+		GoVersion string
+		BuildTime string
+		Os        string
+		Arch      string
+	}{
+		Version:   version.Version,
+		Codename:  version.Codename,
+		GoVersion: runtime.Version(),
+		BuildTime: version.BuildDate,
+		Os:        runtime.GOOS,
+		Arch:      runtime.GOARCH,
+	}
+
+	return tmpl.Execute(wr, v)
+}
--- a/configuration.go
+++ b/configuration.go
@@ -1,39 +1,456 @@
 package main

 import (
+	"crypto/tls"
+	"errors"
+	"fmt"
+	"os"
+	"regexp"
+	"strings"
 	"time"

-	"github.com/emilevauge/traefik/provider"
-	"github.com/emilevauge/traefik/types"
+	"github.com/containous/traefik/acme"
+	"github.com/containous/traefik/provider"
+	"github.com/containous/traefik/types"
 )

-type GlobalConfiguration struct {
-	Port                      string
-	GraceTimeOut              int64
-	AccessLogsFile            string
-	TraefikLogsFile           string
-	CertFile, KeyFile         string
-	LogLevel                  string
-	ProvidersThrottleDuration time.Duration
-	Docker                    *provider.Docker
-	File                      *provider.File
-	Web                       *WebProvider
-	Marathon                  *provider.Marathon
-	Consul                    *provider.Consul
-	Etcd                      *provider.Etcd
-	Zookeeper                 *provider.Zookepper
-	Boltdb                    *provider.BoltDb
+// TraefikConfiguration holds GlobalConfiguration and other stuff
+type TraefikConfiguration struct {
+	GlobalConfiguration `mapstructure:",squash"`
+	ConfigFile          string `short:"c" description:"Configuration file to use (TOML)."`
 }

-func NewGlobalConfiguration() *GlobalConfiguration {
-	globalConfiguration := new(GlobalConfiguration)
-	// default values
-	globalConfiguration.Port = ":80"
-	globalConfiguration.GraceTimeOut = 10
-	globalConfiguration.LogLevel = "ERROR"
-	globalConfiguration.ProvidersThrottleDuration = time.Duration(2 * time.Second)
+// GlobalConfiguration holds global configuration (with providers, etc.).
+// It's populated from the traefik configuration file passed as an argument to the binary.
+type GlobalConfiguration struct {
+	GraceTimeOut              int64                   `short:"g" description:"Duration to give active requests a chance to finish during hot-reload"`
+	Debug                     bool                    `short:"d" description:"Enable debug mode"`
+	CheckNewVersion           bool                    `description:"Periodically check if a new version has been released"`
+	AccessLogsFile            string                  `description:"Access logs file"`
+	TraefikLogsFile           string                  `description:"Traefik logs file"`
+	LogLevel                  string                  `short:"l" description:"Log level"`
+	EntryPoints               EntryPoints             `description:"Entrypoints definition using format: --entryPoints='Name:http Address::8000 Redirect.EntryPoint:https' --entryPoints='Name:https Address::4442 TLS:tests/traefik.crt,tests/traefik.key;prod/traefik.crt,prod/traefik.key'"`
+	Cluster                   *types.Cluster          `description:"Enable clustering"`
+	Constraints               types.Constraints       `description:"Filter services by constraint, matching with service tags"`
+	ACME                      *acme.ACME              `description:"Enable ACME (Let's Encrypt): automatic SSL"`
+	DefaultEntryPoints        DefaultEntryPoints      `description:"Entrypoints to be used by frontends that do not specify any entrypoint"`
+	ProvidersThrottleDuration time.Duration           `description:"Backends throttle duration: minimum duration between 2 events from providers before applying a new configuration. It avoids unnecessary reloads if multiples events are sent in a short amount of time."`
+	MaxIdleConnsPerHost       int                     `description:"If non-zero, controls the maximum idle (keep-alive) to keep per-host.  If zero, DefaultMaxIdleConnsPerHost is used"`
+	InsecureSkipVerify        bool                    `description:"Disable SSL certificate verification"`
+	Retry                     *Retry                  `description:"Enable retry sending request if network error"`
+	Docker                    *provider.Docker        `description:"Enable Docker backend"`
+	File                      *provider.File          `description:"Enable File backend"`
+	Web                       *WebProvider            `description:"Enable Web backend"`
+	Marathon                  *provider.Marathon      `description:"Enable Marathon backend"`
+	Consul                    *provider.Consul        `description:"Enable Consul backend"`
+	ConsulCatalog             *provider.ConsulCatalog `description:"Enable Consul catalog backend"`
+	Etcd                      *provider.Etcd          `description:"Enable Etcd backend"`
+	Zookeeper                 *provider.Zookepper     `description:"Enable Zookeeper backend"`
+	Boltdb                    *provider.BoltDb        `description:"Enable Boltdb backend"`
+	Kubernetes                *provider.Kubernetes    `description:"Enable Kubernetes backend"`
+	Mesos                     *provider.Mesos         `description:"Enable Mesos backend"`
+	Eureka                    *provider.Eureka        `description:"Enable Eureka backend"`
+	ECS                       *provider.ECS           `description:"Enable ECS backend"`
+	Rancher                   *provider.Rancher       `description:"Enable Rancher backend"`
+}

-	return globalConfiguration
+// DefaultEntryPoints holds default entry points
+type DefaultEntryPoints []string
+
+// String is the method to format the flag's value, part of the flag.Value interface.
+// The String method's output will be used in diagnostics.
+func (dep *DefaultEntryPoints) String() string {
+	return strings.Join(*dep, ",")
+}
+
+// Set is the method to set the flag value, part of the flag.Value interface.
+// Set's argument is a string to be parsed to set the flag.
+// It's a comma-separated list, so we split it.
+func (dep *DefaultEntryPoints) Set(value string) error {
+	entrypoints := strings.Split(value, ",")
+	if len(entrypoints) == 0 {
+		return errors.New("Bad DefaultEntryPoints format: " + value)
+	}
+	for _, entrypoint := range entrypoints {
+		*dep = append(*dep, entrypoint)
+	}
+	return nil
+}
+
+// Get return the EntryPoints map
+func (dep *DefaultEntryPoints) Get() interface{} {
+	return DefaultEntryPoints(*dep)
+}
+
+// SetValue sets the EntryPoints map with val
+func (dep *DefaultEntryPoints) SetValue(val interface{}) {
+	*dep = DefaultEntryPoints(val.(DefaultEntryPoints))
+}
+
+// Type is type of the struct
+func (dep *DefaultEntryPoints) Type() string {
+	return fmt.Sprint("defaultentrypoints")
+}
+
+// EntryPoints holds entry points configuration of the reverse proxy (ip, port, TLS...)
+type EntryPoints map[string]*EntryPoint
+
+// String is the method to format the flag's value, part of the flag.Value interface.
+// The String method's output will be used in diagnostics.
+func (ep *EntryPoints) String() string {
+	return fmt.Sprintf("%+v", *ep)
+}
+
+// Set is the method to set the flag value, part of the flag.Value interface.
+// Set's argument is a string to be parsed to set the flag.
+// It's a comma-separated list, so we split it.
+func (ep *EntryPoints) Set(value string) error {
+	regex := regexp.MustCompile("(?:Name:(?P<Name>\\S*))\\s*(?:Address:(?P<Address>\\S*))?\\s*(?:TLS:(?P<TLS>\\S*))?\\s*((?P<TLSACME>TLS))?\\s*(?:CA:(?P<CA>\\S*))?\\s*(?:Redirect.EntryPoint:(?P<RedirectEntryPoint>\\S*))?\\s*(?:Redirect.Regex:(?P<RedirectRegex>\\S*))?\\s*(?:Redirect.Replacement:(?P<RedirectReplacement>\\S*))?\\s*(?:Compress:(?P<Compress>\\S*))?")
+	match := regex.FindAllStringSubmatch(value, -1)
+	if match == nil {
+		return errors.New("Bad EntryPoints format: " + value)
+	}
+	matchResult := match[0]
+	result := make(map[string]string)
+	for i, name := range regex.SubexpNames() {
+		if i != 0 {
+			result[name] = matchResult[i]
+		}
+	}
+	var tls *TLS
+	if len(result["TLS"]) > 0 {
+		certs := Certificates{}
+		if err := certs.Set(result["TLS"]); err != nil {
+			return err
+		}
+		tls = &TLS{
+			Certificates: certs,
+		}
+	} else if len(result["TLSACME"]) > 0 {
+		tls = &TLS{
+			Certificates: Certificates{},
+		}
+	}
+	if len(result["CA"]) > 0 {
+		files := strings.Split(result["CA"], ",")
+		tls.ClientCAFiles = files
+	}
+	var redirect *Redirect
+	if len(result["RedirectEntryPoint"]) > 0 || len(result["RedirectRegex"]) > 0 || len(result["RedirectReplacement"]) > 0 {
+		redirect = &Redirect{
+			EntryPoint:  result["RedirectEntryPoint"],
+			Regex:       result["RedirectRegex"],
+			Replacement: result["RedirectReplacement"],
+		}
+	}
+
+	compress := false
+	if len(result["Compress"]) > 0 {
+		compress = strings.EqualFold(result["Compress"], "enable") || strings.EqualFold(result["Compress"], "on")
+	}
+
+	(*ep)[result["Name"]] = &EntryPoint{
+		Address:  result["Address"],
+		TLS:      tls,
+		Redirect: redirect,
+		Compress: compress,
+	}
+
+	return nil
+}
+
+// Get return the EntryPoints map
+func (ep *EntryPoints) Get() interface{} {
+	return EntryPoints(*ep)
+}
+
+// SetValue sets the EntryPoints map with val
+func (ep *EntryPoints) SetValue(val interface{}) {
+	*ep = EntryPoints(val.(EntryPoints))
+}
+
+// Type is type of the struct
+func (ep *EntryPoints) Type() string {
+	return fmt.Sprint("entrypoints")
+}
+
+// EntryPoint holds an entry point configuration of the reverse proxy (ip, port, TLS...)
+type EntryPoint struct {
+	Network  string
+	Address  string
+	TLS      *TLS
+	Redirect *Redirect
+	Auth     *types.Auth
+	Compress bool
+}
+
+// Redirect configures a redirection of an entry point to another, or to an URL
+type Redirect struct {
+	EntryPoint  string
+	Regex       string
+	Replacement string
+}
+
+// TLS configures TLS for an entry point
+type TLS struct {
+	MinVersion    string
+	CipherSuites  []string
+	Certificates  Certificates
+	ClientCAFiles []string
+}
+
+// Map of allowed TLS minimum versions
+var minVersion = map[string]uint16{
+	`VersionTLS10`: tls.VersionTLS10,
+	`VersionTLS11`: tls.VersionTLS11,
+	`VersionTLS12`: tls.VersionTLS12,
+}
+
+// Map of TLS CipherSuites from crypto/tls
+var cipherSuites = map[string]uint16{
+	`TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256`: tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+	`TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384`: tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+	`TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA`:    tls.TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA,
+	`TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA`:    tls.TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA,
+	`TLS_RSA_WITH_AES_128_GCM_SHA256`:       tls.TLS_RSA_WITH_AES_128_GCM_SHA256,
+	`TLS_RSA_WITH_AES_256_GCM_SHA384`:       tls.TLS_RSA_WITH_AES_256_GCM_SHA384,
+	`TLS_RSA_WITH_AES_128_CBC_SHA`:          tls.TLS_RSA_WITH_AES_128_CBC_SHA,
+	`TLS_RSA_WITH_AES_256_CBC_SHA`:          tls.TLS_RSA_WITH_AES_256_CBC_SHA,
+	`TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA`:   tls.TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA,
+	`TLS_RSA_WITH_3DES_EDE_CBC_SHA`:         tls.TLS_RSA_WITH_3DES_EDE_CBC_SHA,
+}
+
+// Certificates defines traefik certificates type
+// Certs and Keys could be either a file path, or the file content itself
+type Certificates []Certificate
+
+//CreateTLSConfig creates a TLS config from Certificate structures
+func (certs *Certificates) CreateTLSConfig() (*tls.Config, error) {
+	config := &tls.Config{}
+	config.Certificates = []tls.Certificate{}
+	certsSlice := []Certificate(*certs)
+	for _, v := range certsSlice {
+		isAPath := false
+		_, errCert := os.Stat(v.CertFile)
+		_, errKey := os.Stat(v.KeyFile)
+		if errCert == nil {
+			if errKey == nil {
+				isAPath = true
+			} else {
+				return nil, fmt.Errorf("bad TLS Certificate KeyFile format, expected a path")
+			}
+		} else if errKey == nil {
+			return nil, fmt.Errorf("bad TLS Certificate KeyFile format, expected a path")
+		}
+
+		cert := tls.Certificate{}
+		var err error
+		if isAPath {
+			cert, err = tls.LoadX509KeyPair(v.CertFile, v.KeyFile)
+			if err != nil {
+				return nil, err
+			}
+		} else {
+			cert, err = tls.X509KeyPair([]byte(v.CertFile), []byte(v.KeyFile))
+			if err != nil {
+				return nil, err
+			}
+		}
+		config.Certificates = append(config.Certificates, cert)
+	}
+	return config, nil
+}
+
+// String is the method to format the flag's value, part of the flag.Value interface.
+// The String method's output will be used in diagnostics.
+func (certs *Certificates) String() string {
+	if len(*certs) == 0 {
+		return ""
+	}
+	var result []string
+	for _, certificate := range *certs {
+		result = append(result, certificate.CertFile+","+certificate.KeyFile)
+	}
+	return strings.Join(result, ";")
+}
+
+// Set is the method to set the flag value, part of the flag.Value interface.
+// Set's argument is a string to be parsed to set the flag.
+// It's a comma-separated list, so we split it.
+func (certs *Certificates) Set(value string) error {
+	certificates := strings.Split(value, ";")
+	for _, certificate := range certificates {
+		files := strings.Split(certificate, ",")
+		if len(files) != 2 {
+			return errors.New("Bad certificates format: " + value)
+		}
+		*certs = append(*certs, Certificate{
+			CertFile: files[0],
+			KeyFile:  files[1],
+		})
+	}
+	return nil
+}
+
+// Type is type of the struct
+func (certs *Certificates) Type() string {
+	return fmt.Sprint("certificates")
+}
+
+// Certificate holds a SSL cert/key pair
+// Certs and Key could be either a file path, or the file content itself
+type Certificate struct {
+	CertFile string
+	KeyFile  string
+}
+
+// Retry contains request retry config
+type Retry struct {
+	Attempts int `description:"Number of attempts"`
+}
+
+// NewTraefikDefaultPointersConfiguration creates a TraefikConfiguration with pointers default values
+func NewTraefikDefaultPointersConfiguration() *TraefikConfiguration {
+	//default Docker
+	var defaultDocker provider.Docker
+	defaultDocker.Watch = true
+	defaultDocker.ExposedByDefault = true
+	defaultDocker.Endpoint = "unix:///var/run/docker.sock"
+	defaultDocker.SwarmMode = false
+
+	// default File
+	var defaultFile provider.File
+	defaultFile.Watch = true
+	defaultFile.Filename = "" //needs equivalent to  viper.ConfigFileUsed()
+
+	// default Web
+	var defaultWeb WebProvider
+	defaultWeb.Address = ":8080"
+	defaultWeb.Statistics = &types.Statistics{
+		RecentErrors: 10,
+	}
+
+	// default Metrics
+	defaultWeb.Metrics = &types.Metrics{
+		Prometheus: &types.Prometheus{
+			Buckets: types.Buckets{0.1, 0.3, 1.2, 5},
+		},
+	}
+
+	// default Marathon
+	var defaultMarathon provider.Marathon
+	defaultMarathon.Watch = true
+	defaultMarathon.Endpoint = "http://127.0.0.1:8080"
+	defaultMarathon.ExposedByDefault = true
+	defaultMarathon.Constraints = types.Constraints{}
+	defaultMarathon.DialerTimeout = 60
+	defaultMarathon.KeepAlive = 10
+
+	// default Consul
+	var defaultConsul provider.Consul
+	defaultConsul.Watch = true
+	defaultConsul.Endpoint = "127.0.0.1:8500"
+	defaultConsul.Prefix = "traefik"
+	defaultConsul.Constraints = types.Constraints{}
+
+	// default ConsulCatalog
+	var defaultConsulCatalog provider.ConsulCatalog
+	defaultConsulCatalog.Endpoint = "127.0.0.1:8500"
+	defaultConsulCatalog.Constraints = types.Constraints{}
+
+	// default Etcd
+	var defaultEtcd provider.Etcd
+	defaultEtcd.Watch = true
+	defaultEtcd.Endpoint = "127.0.0.1:2379"
+	defaultEtcd.Prefix = "/traefik"
+	defaultEtcd.Constraints = types.Constraints{}
+
+	//default Zookeeper
+	var defaultZookeeper provider.Zookepper
+	defaultZookeeper.Watch = true
+	defaultZookeeper.Endpoint = "127.0.0.1:2181"
+	defaultZookeeper.Prefix = "/traefik"
+	defaultZookeeper.Constraints = types.Constraints{}
+
+	//default Boltdb
+	var defaultBoltDb provider.BoltDb
+	defaultBoltDb.Watch = true
+	defaultBoltDb.Endpoint = "127.0.0.1:4001"
+	defaultBoltDb.Prefix = "/traefik"
+	defaultBoltDb.Constraints = types.Constraints{}
+
+	//default Kubernetes
+	var defaultKubernetes provider.Kubernetes
+	defaultKubernetes.Watch = true
+	defaultKubernetes.Endpoint = ""
+	defaultKubernetes.LabelSelector = ""
+	defaultKubernetes.Constraints = types.Constraints{}
+
+	// default Mesos
+	var defaultMesos provider.Mesos
+	defaultMesos.Watch = true
+	defaultMesos.Endpoint = "http://127.0.0.1:5050"
+	defaultMesos.ExposedByDefault = true
+	defaultMesos.Constraints = types.Constraints{}
+	defaultMesos.RefreshSeconds = 30
+	defaultMesos.ZkDetectionTimeout = 30
+	defaultMesos.StateTimeoutSecond = 30
+
+	//default ECS
+	var defaultECS provider.ECS
+	defaultECS.Watch = true
+	defaultECS.ExposedByDefault = true
+	defaultECS.RefreshSeconds = 15
+	defaultECS.Cluster = "default"
+	defaultECS.Constraints = types.Constraints{}
+
+	//default Rancher
+	var defaultRancher provider.Rancher
+	defaultRancher.Watch = true
+	defaultRancher.ExposedByDefault = true
+
+	defaultConfiguration := GlobalConfiguration{
+		Docker:        &defaultDocker,
+		File:          &defaultFile,
+		Web:           &defaultWeb,
+		Marathon:      &defaultMarathon,
+		Consul:        &defaultConsul,
+		ConsulCatalog: &defaultConsulCatalog,
+		Etcd:          &defaultEtcd,
+		Zookeeper:     &defaultZookeeper,
+		Boltdb:        &defaultBoltDb,
+		Kubernetes:    &defaultKubernetes,
+		Mesos:         &defaultMesos,
+		ECS:           &defaultECS,
+		Rancher:       &defaultRancher,
+		Retry:         &Retry{},
+	}
+
+	//default Rancher
+	//@TODO: ADD
+
+	return &TraefikConfiguration{
+		GlobalConfiguration: defaultConfiguration,
+	}
+}
+
+// NewTraefikConfiguration creates a TraefikConfiguration with default values
+func NewTraefikConfiguration() *TraefikConfiguration {
+	return &TraefikConfiguration{
+		GlobalConfiguration: GlobalConfiguration{
+			GraceTimeOut:              10,
+			AccessLogsFile:            "",
+			TraefikLogsFile:           "",
+			LogLevel:                  "ERROR",
+			EntryPoints:               map[string]*EntryPoint{},
+			Constraints:               types.Constraints{},
+			DefaultEntryPoints:        []string{},
+			ProvidersThrottleDuration: time.Duration(2 * time.Second),
+			MaxIdleConnsPerHost:       200,
+			CheckNewVersion:           true,
+		},
+		ConfigFile: "",
+	}
 }

 type configs map[string]*types.Configuration
--- a/contrib/systemd/traefik.service
+++ b/contrib/systemd/traefik.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=Traefik
+
+[Service]
+Type=notify
+ExecStart=/usr/bin/traefik --configFile=/etc/traefik.toml
+Restart=always
+WatchdogSec=1s
+
+[Install]
+WantedBy=multi-user.target
--- a/docs/CNAME
+++ b/docs/CNAME
@@ -0,0 +1 @@
+docs.traefik.io
--- a/docs/basics.md
+++ b/docs/basics.md
@@ -0,0 +1,386 @@
+
+# Concepts
+
+Let's take our example from the [overview](https://docs.traefik.io/#overview) again:
+
+
+> Imagine that you have deployed a bunch of microservices on your infrastructure. You probably used a service registry (like etcd or consul) and/or an orchestrator (swarm, Mesos/Marathon) to manage all these services.
+> If you want your users to access some of your microservices from the Internet, you will have to use a reverse proxy and configure it using virtual hosts or prefix paths:
+
+> - domain `api.domain.com` will point the microservice `api` in your private network
+> - path `domain.com/web` will point the microservice `web` in your private network
+> - domain `backoffice.domain.com` will point the microservices `backoffice` in your private network, load-balancing between your multiple instances
+
+> ![Architecture](img/architecture.png)
+
+Let's zoom on Træfɪk and have an overview of its internal architecture:
+
+
+![Architecture](img/internal.png)
+
+- Incoming requests end on [entrypoints](#entrypoints), as the name suggests, they are the network entry points into Træfɪk (listening port, SSL, traffic redirection...).
+- Traffic is then forwarded to a matching [frontend](#frontends). A frontend defines routes from [entrypoints](#entrypoints) to [backends](#backends).
+Routes are created using requests fields (`Host`, `Path`, `Headers`...) and can match or not a request.
+- The [frontend](#frontends) will then send the request to a [backend](#backends). A backend can be composed by one or more [servers](#servers), and by a load-balancing strategy.
+- Finally, the [server](#servers) will forward the request to the corresponding microservice in the private network.
+
+## Entrypoints
+
+Entrypoints are the network entry points into Træfɪk.
+They can be defined using:
+
+- a port (80, 443...)
+- SSL (Certificates, Keys, authentication with a client certificate signed by a trusted CA...)
+- redirection to another entrypoint (redirect `HTTP` to `HTTPS`)
+
+Here is an example of entrypoints definition:
+
+```toml
+[entryPoints]
+  [entryPoints.http]
+  address = ":80"
+    [entryPoints.http.redirect]
+    entryPoint = "https"
+  [entryPoints.https]
+  address = ":443"
+    [entryPoints.https.tls]
+      [[entryPoints.https.tls.certificates]]
+      certFile = "tests/traefik.crt"
+      keyFile = "tests/traefik.key"
+```
+
+- Two entrypoints are defined `http` and `https`.
+- `http` listens on port `80` and `https` on port `443`.
+- We enable SSL on `https` by giving a certificate and a key.
+- We also redirect all the traffic from entrypoint `http` to `https`.
+
+And here is another example with client certificate authentication:
+
+```toml
+[entryPoints]
+  [entryPoints.https]
+  address = ":443"
+  [entryPoints.https.tls]
+  clientCAFiles = ["tests/clientca1.crt", "tests/clientca2.crt"]
+    [[entryPoints.https.tls.certificates]]
+    certFile = "tests/traefik.crt"
+    keyFile = "tests/traefik.key"
+```
+
+- We enable SSL on `https` by giving a certificate and a key.
+- One or several files containing Certificate Authorities in PEM format are added.
+- It is possible to have multiple CA:s in the same file or keep them in separate files.
+
+## Frontends
+
+A frontend is a set of rules that forwards the incoming traffic from an entrypoint to a backend.
+Frontends can be defined using the following rules:
+
+- `Headers: Content-Type, application/json`: Headers adds a matcher for request header values. It accepts a sequence of key/value pairs to be matched.
+- `HeadersRegexp: Content-Type, application/(text|json)`: Regular expressions can be used with headers as well. It accepts a sequence of key/value pairs, where the value has regex support.
+- `Host: traefik.io, www.traefik.io`: Match request host with given host list.
+- `HostRegexp: traefik.io, {subdomain:[a-z]+}.traefik.io`: Adds a matcher for the URL hosts. It accepts templates with zero or more URL variables enclosed by `{}`. Variables can define an optional regexp pattern to be matched.
+- `Method: GET, POST, PUT`: Method adds a matcher for HTTP methods. It accepts a sequence of one or more methods to be matched.
+- `Path: /products/, /articles/{category}/{id:[0-9]+}`: Path adds a matcher for the URL paths. It accepts templates with zero or more URL variables enclosed by `{}`.
+- `PathStrip`: Same as `Path` but strip the given prefix from the request URL's Path.
+- `PathPrefix`: PathPrefix adds a matcher for the URL path prefixes. This matches if the given template is a prefix of the full URL path.
+- `PathPrefixStrip`: Same as `PathPrefix` but strip the given prefix from the request URL's Path.
+- `AddPrefix` : Add prefix from the request URL's Path.
+
+You can use multlple values for a rule by separating them with `,`.
+You can use multiple rules by separating them by `;`.
+
+You can optionally enable `passHostHeader` to forward client `Host` header to the backend.
+
+Here is an example of frontends definition:
+
+```toml
+[frontends]
+  [frontends.frontend1]
+  backend = "backend2"
+    [frontends.frontend1.routes.test_1]
+    rule = "Host:test.localhost,test2.localhost"
+  [frontends.frontend2]
+  backend = "backend1"
+  passHostHeader = true
+  priority = 10
+  entrypoints = ["https"] # overrides defaultEntryPoints
+    [frontends.frontend2.routes.test_1]
+    rule = "HostRegexp:localhost,{subdomain:[a-z]+}.localhost"
+  [frontends.frontend3]
+  backend = "backend2"
+    [frontends.frontend3.routes.test_1]
+    rule = "Host:test3.localhost;Path:/test"
+```
+
+- Three frontends are defined: `frontend1`, `frontend2` and `frontend3`
+- `frontend1` will forward the traffic to the `backend2` if the rule `Host:test.localhost,test2.localhost` is matched
+- `frontend2` will forward the traffic to the `backend1` if the rule `Host:localhost,{subdomain:[a-z]+}.localhost` is matched (forwarding client `Host` header to the backend)
+- `frontend3` will forward the traffic to the `backend2` if the rules `Host:test3.localhost` **AND** `Path:/test` are matched
+
+### Combining multiple rules
+
+As seen in the previous example, you can combine multiple rules.
+In TOML file, you can use multiple routes:
+
+```toml
+  [frontends.frontend3]
+  backend = "backend2"
+    [frontends.frontend3.routes.test_1]
+    rule = "Host:test3.localhost"
+    [frontends.frontend3.routes.test_2]
+    rule = "Path:/test"
+```
+
+Here `frontend3` will forward the traffic to the `backend2` if the rules `Host:test3.localhost` **AND** `Path:/test` are matched.
+You can also use the notation using a `;` separator, same result:
+
+```toml
+  [frontends.frontend3]
+  backend = "backend2"
+    [frontends.frontend3.routes.test_1]
+    rule = "Host:test3.localhost;Path:/test"
+```
+
+Finally, you can create a rule to bind multiple domains or Path to a frontend, using the `,` separator:
+
+```toml
+ [frontends.frontend2]
+    [frontends.frontend2.routes.test_1]
+    rule = "Host:test1.localhost,test2.localhost"
+  [frontends.frontend3]
+  backend = "backend2"
+    [frontends.frontend3.routes.test_1]
+    rule = "Path:/test1,/test2"
+```
+
+### Priorities
+
+By default, routes will be sorted (in descending order) using rules length (to avoid path overlap):
+`PathPrefix:/12345` will be matched before `PathPrefix:/1234` that will be matched before `PathPrefix:/1`.
+
+You can customize priority by frontend:
+
+```
+  [frontends]
+    [frontends.frontend1]
+    backend = "backend1"
+    priority = 10
+    passHostHeader = true
+      [frontends.frontend1.routes.test_1]
+      rule = "PathPrefix:/to"
+    [frontends.frontend2]
+    priority = 5
+    backend = "backend2"
+    passHostHeader = true
+      [frontends.frontend2.routes.test_1]
+      rule = "PathPrefix:/toto"
+```
+
+Here, `frontend1` will be matched before `frontend2` (`10 > 5`).
+
+## Backends
+
+A backend is responsible to load-balance the traffic coming from one or more frontends to a set of http servers.
+Various methods of load-balancing are supported:
+
+- `wrr`: Weighted Round Robin
+- `drr`: Dynamic Round Robin: increases weights on servers that perform better than others. It also rolls back to original weights if the servers have changed.
+
+A circuit breaker can also be applied to a backend, preventing high loads on failing servers.
+Initial state is Standby. CB observes the statistics and does not modify the request.
+In case the condition matches, CB enters Tripped state, where it responds with predefined code or redirects to another frontend.
+Once Tripped timer expires, CB enters Recovering state and resets all stats.
+In case the condition does not match and recovery timer expires, CB enters Standby state.
+
+It can be configured using:
+
+- Methods: `LatencyAtQuantileMS`, `NetworkErrorRatio`, `ResponseCodeRatio`
+- Operators:  `AND`, `OR`, `EQ`, `NEQ`, `LT`, `LE`, `GT`, `GE`
+
+For example:
+
+- `NetworkErrorRatio() > 0.5`: watch error ratio over 10 second sliding window for a frontend
+- `LatencyAtQuantileMS(50.0) > 50`:  watch latency at quantile in milliseconds.
+- `ResponseCodeRatio(500, 600, 0, 600) > 0.5`: ratio of response codes in range [500-600) to  [0-600)
+
+To proactively prevent backends from being overwhelmed with high load, a maximum connection limit can
+also be applied to each backend.
+
+Maximum connections can be configured by specifying an integer value for `maxconn.amount` and
+`maxconn.extractorfunc` which is a strategy used to determine how to categorize requests in order to
+evaluate the maximum connections.
+
+For example:
+```toml
+[backends]
+  [backends.backend1]
+    [backends.backend1.maxconn]
+       amount = 10
+       extractorfunc = "request.host"
+```
+
+- `backend1` will return `HTTP code 429 Too Many Requests` if there are already 10 requests in progress for the same Host header.
+- Another possible value for `extractorfunc` is `client.ip` which will categorize requests based on client source ip.
+- Lastly `extractorfunc` can take the value of `request.header.ANY_HEADER` which will categorize requests based on `ANY_HEADER` that you provide.
+
+Sticky sessions are supported with both load balancers. When sticky sessions are enabled, a cookie called `_TRAEFIK_BACKEND` is set on the initial
+request. On subsequent requests, the client will be directed to the backend stored in the cookie if it is still healthy. If not, a new backend
+will be assigned.
+
+For example:
+```toml
+[backends]
+  [backends.backend1]
+    [backends.backend1.loadbalancer]
+      sticky = true
+```
+
+A health check can be configured in order to remove a backend from LB rotation
+as long as it keeps returning HTTP status codes other than 200 OK to HTTP GET
+requests periodically carried out by Traefik. The check is defined by a path
+appended to the backend URL and an interval (given in a format understood by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration)) specifying how
+often the health check should be executed (the default being 30 seconds). Each
+backend must respond to the health check within 5 seconds.
+
+A recovering backend returning 200 OK responses again is being returned to the
+LB rotation pool.
+
+For example:
+```toml
+[backends]
+  [backends.backend1]
+    [backends.backend1.healthcheck]
+      path = "/health"
+      interval = "10s"
+```
+
+## Servers
+
+Servers are simply defined using a `URL`. You can also apply a custom `weight` to each server (this will be used by load-balancing).
+
+Here is an example of backends and servers definition:
+
+```toml
+[backends]
+  [backends.backend1]
+    [backends.backend1.circuitbreaker]
+      expression = "NetworkErrorRatio() > 0.5"
+    [backends.backend1.servers.server1]
+    url = "http://172.17.0.2:80"
+    weight = 10
+    [backends.backend1.servers.server2]
+    url = "http://172.17.0.3:80"
+    weight = 1
+  [backends.backend2]
+    [backends.backend2.LoadBalancer]
+      method = "drr"
+    [backends.backend2.servers.server1]
+    url = "http://172.17.0.4:80"
+    weight = 1
+    [backends.backend2.servers.server2]
+    url = "http://172.17.0.5:80"
+    weight = 2
+```
+
+- Two backends are defined: `backend1` and `backend2`
+- `backend1` will forward the traffic to two servers: `http://172.17.0.2:80"` with weight `10` and `http://172.17.0.3:80` with weight `1` using default `wrr` load-balancing strategy.
+- `backend2` will forward the traffic to two servers: `http://172.17.0.4:80"` with weight `1` and `http://172.17.0.5:80` with weight `2` using `drr` load-balancing strategy.
+- a circuit breaker is added on `backend1` using the expression `NetworkErrorRatio() > 0.5`: watch error ratio over 10 second sliding window
+
+# Configuration
+
+Træfɪk's configuration has two parts: 
+
+- The [static Træfɪk configuration](/basics#static-trfk-configuration) which is loaded only at the beginning. 
+- The [dynamic Træfɪk configuration](/basics#dynamic-trfk-configuration) which can be hot-reloaded (no need to restart the process).
+
+
+## Static Træfɪk configuration
+
+The static configuration is the global configuration which is setting up connections to configuration backends and entrypoints. 
+
+Træfɪk can be configured using many configuration sources with the following precedence order. 
+Each item takes precedence over the item below it:
+
+- [Key-value Store](/basics/#key-value-stores)
+- [Arguments](/basics/#arguments)
+- [Configuration file](/basics/#configuration-file)
+- Default
+
+It means that arguments override configuration file, and Key-value Store overrides arguments.
+
+### Configuration file
+
+By default, Træfɪk will try to find a `traefik.toml` in the following places:
+
+- `/etc/traefik/`
+- `$HOME/.traefik/`
+- `.` *the working directory*
+
+You can override this by setting a `configFile` argument:
+
+```bash
+$ traefik --configFile=foo/bar/myconfigfile.toml
+```
+
+Please refer to the [global configuration](/toml/#global-configuration) section to get documentation on it.
+
+### Arguments
+
+Each argument (and command) is described in the help section:
+
+```bash
+$ traefik --help
+```
+
+Note that all default values will be displayed as well.
+
+### Key-value stores
+
+Træfɪk supports several Key-value stores:
+
+- [Consul](https://consul.io)
+- [etcd](https://coreos.com/etcd/)
+- [ZooKeeper](https://zookeeper.apache.org/) 
+- [boltdb](https://github.com/boltdb/bolt)
+
+Please refer to the [User Guide Key-value store configuration](/user-guide/kv-config/) section to get documentation on it.
+
+## Dynamic Træfɪk configuration
+
+The dynamic configuration concerns : 
+
+- [Frontends](/basics/#frontends)
+- [Backends](/basics/#backends) 
+- [Servers](/basics/#servers) 
+
+Træfɪk can hot-reload those rules which could be provided by [multiple configuration backends](/toml/#configuration-backends).
+
+We only need to enable `watch` option to make Træfɪk watch configuration backend changes and generate its configuration automatically.
+Routes to services will be created and updated instantly at any changes.
+
+Please refer to the [configuration backends](/toml/#configuration-backends) section to get documentation on it.
+
+# Commands
+
+Usage: `traefik [command] [--flag=flag_argument]`
+
+List of Træfɪk available commands with description :                                                             
+
+- `version` : Print version 
+- `storeconfig` : Store the static traefik configuration into a Key-value stores. Please refer to the [Store Træfɪk configuration](/user-guide/kv-config/#store-trfk-configuration) section to get documentation on it.
+
+Each command may have related flags. 
+All those related flags will be displayed with :
+
+```bash
+$ traefik [command] --help
+```
+
+Note that each command is described at the beginning of the help section:
+
+```bash
+$ traefik --help
+```
+
--- a/docs/benchmarks.md
+++ b/docs/benchmarks.md
@@ -0,0 +1,213 @@
+# Benchmarks
+
+## Configuration
+
+I would like to thanks [vincentbernat](https://github.com/vincentbernat) from [exoscale.ch](https://www.exoscale.ch) who kindly provided the infrastructure needed for the benchmarks.
+
+I used 4 VMs for the tests with the following configuration:
+
+- 32 GB RAM
+- 8 CPU Cores
+- 10 GB SSD
+- Ubuntu 14.04 LTS 64-bit
+
+## Setup
+
+1. One VM used to launch the benchmarking tool [wrk](https://github.com/wg/wrk)
+2. One VM for traefik (v1.0.0-beta.416) / nginx (v1.4.6)
+3. Two VMs for 2 backend servers in go [whoami](https://github.com/emilevauge/whoamI/)
+
+Each VM has been tuned using the following limits:
+
+```bash
+sysctl -w fs.file-max="9999999"
+sysctl -w fs.nr_open="9999999"
+sysctl -w net.core.netdev_max_backlog="4096"
+sysctl -w net.core.rmem_max="16777216"
+sysctl -w net.core.somaxconn="65535"
+sysctl -w net.core.wmem_max="16777216"
+sysctl -w net.ipv4.ip_local_port_range="1025       65535"
+sysctl -w net.ipv4.tcp_fin_timeout="30"
+sysctl -w net.ipv4.tcp_keepalive_time="30"
+sysctl -w net.ipv4.tcp_max_syn_backlog="20480"
+sysctl -w net.ipv4.tcp_max_tw_buckets="400000"
+sysctl -w net.ipv4.tcp_no_metrics_save="1"
+sysctl -w net.ipv4.tcp_syn_retries="2"
+sysctl -w net.ipv4.tcp_synack_retries="2"
+sysctl -w net.ipv4.tcp_tw_recycle="1"
+sysctl -w net.ipv4.tcp_tw_reuse="1"
+sysctl -w vm.min_free_kbytes="65536"
+sysctl -w vm.overcommit_memory="1"
+ulimit -n 9999999
+```
+
+### Nginx
+
+Here is the config Nginx file use `/etc/nginx/nginx.conf`:
+
+```
+user www-data;
+worker_processes auto;
+worker_rlimit_nofile 200000;
+pid /var/run/nginx.pid;
+
+events {
+    worker_connections 10000;
+    use epoll;
+    multi_accept on;
+}
+
+http {
+    sendfile on;
+    tcp_nopush on;
+    tcp_nodelay on;
+    keepalive_timeout 300;
+    keepalive_requests 10000;
+    types_hash_max_size 2048;
+
+    open_file_cache max=200000 inactive=300s; 
+    open_file_cache_valid 300s; 
+    open_file_cache_min_uses 2;
+    open_file_cache_errors on;
+
+    server_tokens off;
+    dav_methods off;
+
+    include /etc/nginx/mime.types;
+    default_type application/octet-stream;
+
+    access_log /var/log/nginx/access.log combined;
+    error_log /var/log/nginx/error.log warn;
+
+    gzip off;
+    gzip_vary off;
+
+    include /etc/nginx/conf.d/*.conf;
+    include /etc/nginx/sites-enabled/*.conf;
+}
+```
+
+Here is the Nginx vhost file used:
+
+```
+upstream whoami {
+    server IP-whoami1:80;
+    server IP-whoami2:80;
+    keepalive 300;
+}
+
+server {
+    listen 8001;
+    server_name test.traefik;
+    access_log off;
+    error_log /dev/null crit;
+    if ($host != "test.traefik") {
+        return 404;
+    }
+    location / {
+        proxy_pass http://whoami;
+        proxy_http_version 1.1;
+        proxy_set_header Connection "";
+	proxy_set_header  X-Forwarded-Host $host;
+    }
+}
+```
+
+### Traefik
+
+Here is the `traefik.toml` file used:
+
+```
+MaxIdleConnsPerHost = 100000
+defaultEntryPoints = ["http"]
+
+[entryPoints]
+  [entryPoints.http]
+  address = ":8000"
+
+[file]
+[backends]
+  [backends.backend1]
+    [backends.backend1.servers.server1]
+    url = "http://IP-whoami1:80"
+    weight = 1
+    [backends.backend1.servers.server2]
+    url = "http://IP-whoami2:80"
+    weight = 1
+
+[frontends]
+  [frontends.frontend1]
+  backend = "backend1"
+    [frontends.frontend1.routes.test_1]
+    rule = "Host: test.traefik"
+```
+
+## Results
+
+### whoami:
+```
+wrk -t20 -c1000 -d60s -H "Host: test.traefik" --latency  http://IP-whoami:80/bench
+Running 1m test @ http://IP-whoami:80/bench
+  20 threads and 1000 connections
+  Thread Stats   Avg      Stdev     Max   +/- Stdev
+    Latency    70.28ms  134.72ms   1.91s    89.94%
+    Req/Sec     2.92k   742.42     8.78k    68.80%
+  Latency Distribution
+     50%   10.63ms
+     75%   75.64ms
+     90%  205.65ms
+     99%  668.28ms
+  3476705 requests in 1.00m, 384.61MB read
+  Socket errors: connect 0, read 0, write 0, timeout 103
+Requests/sec:  57894.35
+Transfer/sec:      6.40MB
+```
+
+### nginx:
+```
+wrk -t20 -c1000 -d60s -H "Host: test.traefik" --latency  http://IP-nginx:8001/bench
+Running 1m test @ http://IP-nginx:8001/bench
+  20 threads and 1000 connections
+  Thread Stats   Avg      Stdev     Max   +/- Stdev
+    Latency   101.25ms  180.09ms   1.99s    89.34%
+    Req/Sec     1.69k   567.69     9.39k    72.62%
+  Latency Distribution
+     50%   15.46ms
+     75%  129.11ms
+     90%  302.44ms
+     99%  846.59ms
+  2018427 requests in 1.00m, 298.36MB read
+  Socket errors: connect 0, read 0, write 0, timeout 90
+Requests/sec:  33591.67
+Transfer/sec:      4.97MB
+```
+
+### traefik:
+```
+wrk -t20 -c1000 -d60s -H "Host: test.traefik" --latency  http://IP-traefik:8000/bench
+Running 1m test @ http://IP-traefik:8000/bench
+  20 threads and 1000 connections
+  Thread Stats   Avg      Stdev     Max   +/- Stdev
+    Latency    91.72ms  150.43ms   2.00s    90.50%
+    Req/Sec     1.43k   266.37     2.97k    69.77%
+  Latency Distribution
+     50%   19.74ms
+     75%  121.98ms
+     90%  237.39ms
+     99%  687.49ms
+  1705073 requests in 1.00m, 188.63MB read
+  Socket errors: connect 0, read 0, write 0, timeout 7
+Requests/sec:  28392.44
+Transfer/sec:      3.14MB
+```
+
+## Conclusion
+
+Traefik is obviously slower than Nginx, but not so much: Traefik can serve 28392 requests/sec and Nginx 33591 requests/sec which gives a ratio of 85%.
+Not bad for young project :) !
+
+Some areas of possible improvements:
+
+- Use [GO_REUSEPORT](https://github.com/kavu/go_reuseport) listener
+- Run a separate server instance per CPU core with `GOMAXPROCS=1` (it appears during benchmarks that there is a lot more context switches with traefik than with nginx)
+
--- a/docs/css/traefik.css
+++ b/docs/css/traefik.css
@@ -0,0 +1,61 @@
+a {
+    color: #37ABC8;
+    text-decoration: none;
+}
+
+a:hover, a:focus {
+    color: #25606F;
+    text-decoration: underline;
+}
+
+h1, h2, h3, H4 {
+    color: #37ABC8;
+}
+
+.navbar-default {
+    background-color: #37ABC8;
+    border-color: #25606F;
+}
+
+.navbar-default .navbar-nav>.active>a, .navbar-default .navbar-nav>.active>a:hover, .navbar-default .navbar-nav>.active>a:focus {
+    color: #fff;
+    background-color: #25606F;
+}
+
+.navbar-default .navbar-nav>li>a:hover, .navbar-default .navbar-nav>li>a:focus {
+    color: #fff;
+    background-color: #25606F;
+}
+
+.navbar-default .navbar-toggle {
+    border-color: #25606F;
+}
+
+.navbar-default .navbar-toggle:hover, .navbar-default .navbar-toggle:focus .navbar-toggle {
+    background-color: #25606F;
+}
+.navbar-default .navbar-collapse, .navbar-default .navbar-form {
+    border-color: #25606F;
+}
+
+blockquote p {
+    font-size: 14px;
+}
+
+.navbar-default .navbar-nav>.open>a, .navbar-default .navbar-nav>.open>a:hover, .navbar-default .navbar-nav>.open>a:focus {
+    color: #fff;
+    background-color: #25606F;
+}
+
+.dropdown-menu>li>a:hover, .dropdown-menu>li>a:focus {
+    color: #fff;
+    text-decoration: none;
+    background-color: #25606F;
+}
+
+.dropdown-menu>.active>a, .dropdown-menu>.active>a:hover, .dropdown-menu>.active>a:focus {
+    color: #fff;
+    text-decoration: none;
+    background-color: #25606F;
+    outline: 0;
+}
--- a/docs/img/apollo-logo.png
+++ b/docs/img/apollo-logo.png
--- a/docs/img/architecture.png
+++ b/docs/img/architecture.png
--- a/docs/img/architecture.svg
+++ b/docs/img/architecture.svg
--- a/docs/img/asteris.logo.png
+++ b/docs/img/asteris.logo.png
--- a/docs/img/internal.png
+++ b/docs/img/internal.png
--- a/docs/img/letsencrypt-logo-horizontal.svg
+++ b/docs/img/letsencrypt-logo-horizontal.svg
@@ -0,0 +1,172 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<svg
+   xmlns:dc="http://purl.org/dc/elements/1.1/"
+   xmlns:cc="http://creativecommons.org/ns#"
+   xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
+   xmlns:svg="http://www.w3.org/2000/svg"
+   xmlns="http://www.w3.org/2000/svg"
+   xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
+   xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
+   width="337.37802"
+   height="107.921"
+   id="svg2"
+   version="1.1"
+   inkscape:version="0.48.4 r9939"
+   sodipodi:docname="letsencrypt-logo-horizontal.svg">
+  <metadata
+     id="metadata37">
+    <rdf:RDF>
+      <cc:Work
+         rdf:about="">
+        <dc:format>image/svg+xml</dc:format>
+        <dc:type
+           rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
+      </cc:Work>
+    </rdf:RDF>
+  </metadata>
+  <defs
+     id="defs35" />
+  <sodipodi:namedview
+     pagecolor="#ffffff"
+     bordercolor="#666666"
+     borderopacity="1"
+     objecttolerance="10"
+     gridtolerance="10"
+     guidetolerance="10"
+     inkscape:pageopacity="0"
+     inkscape:pageshadow="2"
+     inkscape:window-width="640"
+     inkscape:window-height="480"
+     id="namedview33"
+     showgrid="false"
+     fit-margin-bottom="30"
+     fit-margin-top="0"
+     fit-margin-left="0"
+     fit-margin-right="0"
+     inkscape:zoom="0.72861357"
+     inkscape:cx="168.57"
+     inkscape:cy="69.027001"
+     inkscape:window-x="0"
+     inkscape:window-y="30"
+     inkscape:window-maximized="0"
+     inkscape:current-layer="svg2" />
+  <g
+     id="g4"
+     transform="translate(-0.930001,-1.606)">
+    <title
+       id="title6">Layer 1</title>
+    <g
+       id="svg_1">
+      <g
+         id="svg_2">
+        <g
+           id="svg_3">
+          <path
+             id="svg_4"
+             d="m 76.621002,68.878998 0,-31.406998 7.629997,0 0,24.796997 12.153999,0 0,6.609001 -19.783997,0 0,9.99e-4 z"
+             inkscape:connector-curvature="0"
+             style="fill:#2c3c69" />
+          <path
+             id="svg_5"
+             d="m 121.547,58.098999 c 0,0.295998 0,0.592003 0,0.888 0,0.295997 -0.015,0.576004 -0.044,0.843002 l -16.01301,0 c 0.059,0.620995 0.244,1.182999 0.555,1.685997 0.311,0.502998 0.71,0.938004 1.197,1.308998 0.488,0.370003 1.035,0.658005 1.642,0.864006 0.605,0.208 1.234,0.310997 1.885,0.310997 1.153,0 2.13,-0.213997 2.928,-0.642998 0.799,-0.429001 1.449,-0.983002 1.952,-1.664001 l 5.05699,3.194 c -1.03498,1.507996 -2.40199,2.668999 -4.10299,3.482002 -1.701,0.811996 -3.676,1.219994 -5.922,1.219994 -1.657,0 -3.224,-0.259995 -4.702,-0.775993 -1.479,-0.518005 -2.772,-1.271004 -3.882,-2.263 -1.108,-0.990005 -1.981,-2.210007 -2.616996,-3.659004 -0.635994,-1.448997 -0.953003,-3.104996 -0.953003,-4.969002 0,-1.802994 0.309998,-3.437996 0.931,-4.900997 0.620999,-1.463001 1.463999,-2.706001 2.528999,-3.726002 1.064,-1.021 2.32,-1.811996 3.771,-2.373997 1.448,-0.561001 3.016,-0.843002 4.701,-0.843002 1.626,0 3.12,0.274002 4.48,0.820999 1.36,0.546997 2.528,1.338001 3.505,2.373001 0.976,1.035 1.73599,2.292 2.284,3.771 0.546,1.478001 0.819,3.165001 0.819,5.056 z m -6.698,-2.794998 c 0,-1.153 -0.362,-2.144001 -1.087,-2.972 -0.725,-0.827 -1.812,-1.242001 -3.26,-1.242001 -0.71,0 -1.36,0.111 -1.952,0.333 -0.59199,0.222 -1.108,0.525002 -1.553,0.909 -0.443,0.384998 -0.798,0.835999 -1.064,1.354 -0.266,0.517998 -0.414,1.057999 -0.443,1.618 l 9.359,0 z"
+             inkscape:connector-curvature="0"
+             style="fill:#2c3c69" />
+          <path
+             id="svg_6"
+             d="m 133.168,52.200001 0,8.461002 c 0,1.038994 0.2,1.816994 0.60001,2.337997 0.39799,0.519997 1.11499,0.778 2.151,0.778 0.35399,0 0.73098,-0.028 1.13099,-0.089 0.39901,-0.05901 0.73101,-0.147003 0.998,-0.266006 l 0.089,5.323006 c -0.50299,0.176994 -1.13899,0.332001 -1.90699,0.465996 -0.76999,0.133003 -1.538,0.199005 -2.307,0.199005 -1.479,0 -2.722,-0.186005 -3.727,-0.556007 C 129.19,68.484002 128.384,67.949998 127.77901,67.252 127.172,66.556001 126.73599,65.725999 126.47,64.762002 126.203,63.799005 126.071,62.724 126.071,61.538003 l 0,-9.338001 -3.549,0 0,-5.412003 3.504,0 0,-5.810997 7.142,0 0,5.810997 5.19,0 0,5.412003 -5.19,0 z"
+             inkscape:connector-curvature="0"
+             style="fill:#2c3c69" />
+          <path
+             id="svg_7"
+             d="m 161.91299,53.307999 c -0.59201,-0.560997 -1.28601,-1.034 -2.085,-1.418999 -0.79801,-0.383999 -1.64099,-0.577 -2.528,-0.577 -0.681,0 -1.30899,0.133999 -1.885,0.398998 -0.57699,0.267002 -0.865,0.726002 -0.865,1.375 0,0.621002 0.317,1.064003 0.953,1.331001 0.636,0.266998 1.664,0.562 3.08299,0.887001 0.82801,0.177998 1.664,0.43 2.50701,0.754997 0.843,0.324997 1.604,0.754005 2.28399,1.286003 0.68001,0.531998 1.22701,1.182999 1.64202,1.951996 0.41299,0.769005 0.62098,1.686005 0.62098,2.75 0,1.391006 -0.28099,2.565002 -0.84298,3.526001 -0.56201,0.960999 -1.29401,1.737 -2.19602,2.329002 -0.902,0.592002 -1.91499,1.019997 -3.03799,1.286003 -1.12399,0.266998 -2.248,0.398994 -3.371,0.398994 -1.80499,0 -3.571,-0.287994 -5.302,-0.864998 C 149.161,68.146002 147.719,67.294996 146.566,66.170995 l 4.08099,-4.303001 c 0.649,0.710007 1.448,1.302002 2.395,1.774002 0.946,0.473999 1.952,0.709999 3.017,0.709999 0.592,0 1.176,-0.140999 1.752,-0.421997 0.577,-0.279999 0.86501,-0.776001 0.86501,-1.485001 0,-0.681 -0.35401,-1.182999 -1.06401,-1.509003 -0.71,-0.324997 -1.818,-0.664993 -3.327,-1.020996 -0.769,-0.177002 -1.53799,-0.413002 -2.30699,-0.709 -0.77001,-0.295998 -1.457,-0.694 -2.06202,-1.197998 -0.60598,-0.502007 -1.10199,-1.123001 -1.48599,-1.863007 -0.384,-0.737995 -0.576,-1.625996 -0.576,-2.660995 0,-1.331001 0.28,-2.462002 0.843,-3.394001 0.562,-0.931999 1.286,-1.692001 2.174,-2.284 0.88701,-0.591999 1.87001,-1.027 2.949,-1.308998 1.079,-0.281998 2.151,-0.422001 3.217,-0.422001 1.655,0 3.274,0.259998 4.856,0.776001 1.582,0.517998 2.921,1.293999 4.015,2.328999 l -3.995,4.127998 z"
+             inkscape:connector-curvature="0"
+             style="fill:#2c3c69" />
+          <path
+             id="svg_8"
+             d="m 179.56799,68.878998 0,-31.406998 21.114,0 0,6.388 -13.795,0 0,5.944 13.041,0 0,6.077 -13.041,0 0,6.521 14.594,0 0,6.476997 -21.913,0 z"
+             inkscape:connector-curvature="0"
+             style="fill:#2c3c69" />
+          <path
+             id="svg_9"
+             d="m 220.675,68.878998 0,-12.065994 c 0,-0.621002 -0.053,-1.212002 -0.155,-1.774002 -0.104,-0.562 -0.274,-1.057003 -0.511,-1.486 -0.237,-0.428001 -0.569,-0.769001 -0.998,-1.021 -0.429,-0.25 -0.96899,-0.377003 -1.619,-0.377003 -0.65001,0 -1.22,0.127003 -1.70799,0.377003 -0.487,0.251999 -0.89501,0.599998 -1.22001,1.042999 -0.32499,0.443001 -0.569,0.953999 -0.731,1.529999 -0.16299,0.577 -0.244,1.175999 -0.244,1.797001 l 0,11.976997 -7.319,0 0,-22.091 7.05301,0 0,3.061001 0.089,0 c 0.26699,-0.473 0.613,-0.938 1.043,-1.396 0.428,-0.459 0.932,-0.850998 1.50801,-1.175999 0.57699,-0.325001 1.20498,-0.591999 1.88598,-0.799 0.68001,-0.206001 1.40401,-0.311001 2.17301,-0.311001 1.479,0 2.735,0.266998 3.77099,0.799 1.036,0.532002 1.87001,1.220001 2.50701,2.062 0.636,0.842999 1.09401,1.812 1.375,2.904999 0.28,1.095001 0.421,2.189003 0.421,3.283001 l 0,13.661999 -7.321,0 0,9.99e-4 z"
+             inkscape:connector-curvature="0"
+             style="fill:#2c3c69" />
+          <path
+             id="svg_10"
+             d="m 246.71301,53.929001 c -0.41501,-0.532001 -0.977,-0.959999 -1.686,-1.285999 -0.70999,-0.325001 -1.43601,-0.488003 -2.174,-0.488003 -0.77,0 -1.464,0.155003 -2.085,0.466 -0.62101,0.310997 -1.153,0.726002 -1.59701,1.242001 -0.44299,0.518002 -0.79199,1.117001 -1.04299,1.797001 -0.251,0.681004 -0.377,1.404003 -0.377,2.174 0,0.768997 0.11799,1.493004 0.35499,2.173004 0.23601,0.681 0.58301,1.279999 1.04201,1.796997 0.45799,0.517998 1.005,0.924995 1.642,1.220001 0.636,0.295998 1.35299,0.443001 2.151,0.443001 0.73801,0 1.47099,-0.139999 2.19501,-0.421005 0.72401,-0.281006 1.30899,-0.687996 1.75198,-1.220001 l 4.03702,4.924004 c -0.91703,0.887001 -2.10102,1.582001 -3.54901,2.084999 -1.44899,0.501999 -2.987,0.753998 -4.61299,0.753998 -1.74501,0 -3.37401,-0.266998 -4.88701,-0.798996 -1.512,-0.531998 -2.82601,-1.308998 -3.941,-2.329002 -1.11599,-1.019997 -1.99299,-2.253998 -2.63299,-3.702995 -0.64,-1.448997 -0.959,-3.090004 -0.959,-4.924004 0,-1.804001 0.31898,-3.431 0.959,-4.880001 0.64,-1.447998 1.51699,-2.683998 2.63299,-3.703999 1.11499,-1.021 2.43,-1.804001 3.941,-2.351002 1.513,-0.546997 3.127,-0.820999 4.843,-0.820999 0.798,0 1.589,0.074 2.373,0.223 0.783,0.147003 1.53699,0.348 2.26199,0.599003 0.72501,0.251003 1.39002,0.562 1.996,0.931999 0.60599,0.369999 1.13202,0.776001 1.57502,1.219997 l -4.21201,4.877003 z"
+             inkscape:connector-curvature="0"
+             style="fill:#2c3c69" />
+          <path
+             id="svg_11"
+             d="m 268.03201,52.776001 c -0.32599,-0.089 -0.64401,-0.146999 -0.95401,-0.177002 -0.30999,-0.03 -0.61398,-0.045 -0.90899,-0.045 -0.97599,0 -1.797,0.177998 -2.46201,0.530998 -0.66498,0.354 -1.19699,0.781002 -1.59698,1.283001 -0.39902,0.500999 -0.68802,1.047001 -0.86503,1.636997 -0.177,0.589996 -0.26599,1.105003 -0.26599,1.548004 l 0,11.324997 -7.27499,0 0,-22.063999 7.009,0 0,3.194 0.089,0 c 0.56201,-1.132 1.35901,-2.055 2.396,-2.77 1.03402,-0.715 2.23202,-1.071999 3.59302,-1.071999 0.29498,0 0.58398,0.016 0.86499,0.045 0.27999,0.029 0.51001,0.074 0.68801,0.133003 L 268.03201,52.776 z"
+             inkscape:connector-curvature="0"
+             style="fill:#2c3c69" />
+          <path
+             id="svg_12"
+             d="m 285.12201,72.206001 c -0.44299,1.153 -0.939,2.181 -1.48599,3.083 -0.547,0.901001 -1.19702,1.669998 -1.95102,2.306999 -0.754,0.636002 -1.642,1.114998 -2.66199,1.441002 -1.01999,0.324997 -2.22601,0.487999 -3.61499,0.487999 -0.681,0 -1.38299,-0.045 -2.10602,-0.134003 -0.72598,-0.089 -1.354,-0.207001 -1.88598,-0.353996 L 272.215,72.916 c 0.354,0.116997 0.746,0.213997 1.17602,0.288002 0.42798,0.073 0.81998,0.110001 1.17499,0.110001 1.12399,0 1.93701,-0.259003 2.44,-0.776001 0.50199,-0.518005 0.931,-1.249001 1.28601,-2.195 l 0.70999,-1.818001 -9.22699,-21.736 8.073,0 4.92398,14.195 0.133,0 4.392,-14.195 7.71802,0 -9.89301,25.417 z"
+             inkscape:connector-curvature="0"
+             style="fill:#2c3c69" />
+          <path
+             id="svg_13"
+             d="m 321.496,57.745003 c 0,1.537994 -0.237,3.016998 -0.70999,4.435997 -0.474,1.419998 -1.16101,2.668999 -2.06201,3.748001 -0.90201,1.080002 -2.004,1.945 -3.30499,2.596001 -1.30201,0.649002 -2.78,0.975998 -4.43702,0.975998 -1.35998,0 -2.64599,-0.273003 -3.85901,-0.82 -1.21301,-0.546997 -2.15799,-1.293999 -2.83898,-2.239998 l -0.088,0 0,13.085999 -7.27502,0 0,-32.739002 6.92001,0 0,2.706001 0.133,0 c 0.681,-0.887001 1.61899,-1.662998 2.81698,-2.328999 C 307.98801,46.5 309.39999,46.167 311.02701,46.167 c 1.59698,0 3.04498,0.311001 4.34698,0.931999 1.301,0.621002 2.40201,1.464001 3.305,2.528 0.90298,1.063999 1.59701,2.299999 2.08502,3.704002 0.488,1.404999 0.73199,2.876999 0.73199,4.414001 z m -7.05301,0 c 0,-0.709999 -0.11001,-1.403999 -0.332,-2.085003 -0.22201,-0.68 -0.548,-1.278999 -0.97699,-1.797001 -0.42901,-0.516998 -0.96902,-0.938 -1.61902,-1.264 -0.64999,-0.326 -1.40399,-0.487999 -2.26199,-0.487999 -0.828,0 -1.56799,0.162998 -2.21799,0.487999 -0.651,0.325001 -1.20602,0.754002 -1.664,1.285999 -0.45901,0.532001 -0.81302,1.139 -1.06402,1.818001 -0.25199,0.681004 -0.37699,1.375004 -0.37699,2.085003 0,0.709999 0.125,1.404999 0.37699,2.084999 0.251,0.681 0.60501,1.285995 1.06402,1.818001 0.45798,0.531998 1.013,0.961998 1.664,1.286995 0.64899,0.325005 1.38999,0.487 2.21799,0.487 0.85699,0 1.61099,-0.161995 2.26199,-0.487 0.651,-0.325005 1.19001,-0.754997 1.61902,-1.286995 0.42902,-0.531998 0.75498,-1.146004 0.97699,-1.841003 0.22101,-0.693001 0.332,-1.394997 0.332,-2.104996 z"
+             inkscape:connector-curvature="0"
+             style="fill:#2c3c69" />
+          <path
+             id="svg_14"
+             d="m 333.11801,52.200001 0,8.461002 c 0,1.038994 0.20001,1.816994 0.60001,2.337997 0.39798,0.519997 1.11499,0.778 2.151,0.778 0.354,0 0.73099,-0.028 1.13098,-0.089 0.39902,-0.05901 0.73102,-0.147003 0.99802,-0.266006 l 0.089,5.323006 c -0.50299,0.176994 -1.139,0.332001 -1.90698,0.465996 -0.77002,0.133003 -1.53802,0.199005 -2.307,0.199005 -1.47901,0 -2.72202,-0.186005 -3.72702,-0.556007 -1.00599,-0.369995 -1.81199,-0.903999 -2.417,-1.601997 -0.60699,-0.695999 -1.043,-1.526001 -1.30899,-2.489998 C 326.15302,63.799005 326.021,62.724 326.021,61.538003 l 0,-9.338001 -3.54898,0 0,-5.412003 3.50399,0 0,-5.810997 7.142,0 0,5.810997 5.19,0 0,5.412003 -5.19,0 z"
+             inkscape:connector-curvature="0"
+             style="fill:#2c3c69" />
+        </g>
+      </g>
+      <path
+         id="svg_15"
+         d="m 145.00999,36.869999 c -2.18299,0 -3.89199,1.573002 -3.89199,3.582001 0,2.116001 1.43899,3.536999 3.582,3.536999 0.183,0 0.35599,-0.017 0.51899,-0.05 -0.343,1.566002 -1.852,2.690002 -3.27799,2.915001 l -0.29001,0.046 0,3.376999 0.376,-0.036 c 1.73,-0.165001 3.439,-0.951 4.691,-2.157001 1.632,-1.572998 2.49501,-3.843998 2.49501,-6.568001 0,-2.691998 -1.76799,-4.646 -4.20301,-4.646 z"
+         inkscape:connector-curvature="0"
+         style="fill:#2c3c69" />
+    </g>
+    <g
+       id="svg_16">
+      <path
+         id="svg_17"
+         d="m 46.488998,37.568001 -8.039997,0 0,-4.128002 c 0,-3.296997 -2.683002,-5.979 -5.98,-5.979 -3.297001,0 -5.979,2.683002 -5.979,5.979 l 0,4.128002 -8.040001,0 0,-4.128002 c 0,-7.73 6.288998,-14.019999 14.02,-14.019999 7.731002,0 14.02,6.289 14.02,14.019999 l 0,4.128002 -0.001,0 z"
+         inkscape:connector-curvature="0"
+         style="fill:#f9a11d" />
+    </g>
+    <path
+       id="svg_18"
+       d="m 49.731998,37.568001 -34.524998,0 c -1.474001,0 -2.68,1.205997 -2.68,2.68 l 0,25.540001 c 0,1.473999 1.205999,2.68 2.68,2.68 l 34.524998,0 c 1.474003,0 2.68,-1.206001 2.68,-2.68 l 0,-25.540001 c 0,-1.474003 -1.205997,-2.68 -2.68,-2.68 z m -15.512997,16.769001 0,3.460995 c 0,0.966003 -0.784,1.749001 -1.749001,1.749001 -0.965001,0 -1.749001,-0.783997 -1.749001,-1.749001 l 0,-3.459995 c -1.076,-0.611 -1.803001,-1.764 -1.803001,-3.09 0,-1.962002 1.591,-3.552002 3.552002,-3.552002 1.961998,0 3.551998,1.591 3.551998,3.552002 0,1.325001 -0.727001,2.478001 -1.802998,3.089001 z"
+       inkscape:connector-curvature="0"
+       style="fill:#2c3c69" />
+    <path
+       id="svg_19"
+       d="m 11.707001,33.759998 -8.331,0 c -1.351001,0 -2.446,-1.094997 -2.446,-2.445999 0,-1.351002 1.094999,-2.445999 2.446,-2.445999 l 8.331,0 c 1.351,0 2.445999,1.095001 2.445999,2.445999 0,1.350998 -1.096001,2.445999 -2.445999,2.445999 z"
+       inkscape:connector-curvature="0"
+       style="fill:#f9a11d" />
+    <path
+       id="svg_20"
+       d="m 17.575001,20.655001 c -0.546001,0 -1.097,-0.182001 -1.552,-0.557001 l -6.59,-5.418999 C 8.39,13.820999 8.239001,12.280001 9.098,11.236 9.956,10.193001 11.497,10.042 12.541001,10.9 l 6.59,5.419001 c 1.042999,0.858 1.194,2.399 0.334999,3.442999 -0.483,0.589001 -1.184,0.893002 -1.890999,0.893002 z"
+       inkscape:connector-curvature="0"
+       style="fill:#f9a11d" />
+    <path
+       id="svg_21"
+       d="m 32.469002,14.895 c -1.351002,0 -2.446003,-1.095001 -2.446003,-2.446001 l 0,-8.396999 c 0,-1.351 1.095001,-2.446 2.446003,-2.446 1.351002,0 2.445999,1.095 2.445999,2.446 l 0,8.396999 c 0,1.351 -1.095001,2.446001 -2.445999,2.446001 z"
+       inkscape:connector-curvature="0"
+       style="fill:#f9a11d" />
+    <g
+       id="svg_22">
+      <g
+         id="svg_23">
+        <path
+           id="svg_24"
+           d="M 47.362999,20.655001 C 46.655998,20.655001 45.956001,20.351 45.472,19.761999 44.613998,18.719 44.764,17.177 45.806999,16.319 l 6.59,-5.419001 c 1.044003,-0.858 2.585003,-0.706999 3.442997,0.336 0.858002,1.042999 0.708,2.584999 -0.334999,3.443001 l -6.589996,5.418999 C 48.459999,20.472999 47.91,20.655 47.362999,20.655 z"
+           inkscape:connector-curvature="0"
+           style="fill:#f9a11d" />
+      </g>
+    </g>
+    <path
+       id="svg_25"
+       d="m 61.563004,33.759998 -8.410004,0 c -1.351002,0 -2.445999,-1.094997 -2.445999,-2.445999 0,-1.351002 1.094997,-2.445999 2.445999,-2.445999 l 8.410004,0 c 1.350998,0 2.445999,1.095001 2.445999,2.445999 0,1.350998 -1.095001,2.445999 -2.445999,2.445999 z"
+       inkscape:connector-curvature="0"
+       style="fill:#f9a11d" />
+  </g>
+</svg>
--- a/docs/img/mantl-logo.png
+++ b/docs/img/mantl-logo.png
--- a/docs/img/overview.svg
+++ b/docs/img/overview.svg
--- a/docs/img/traefik-health.png
+++ b/docs/img/traefik-health.png
--- a/docs/img/traefik.icon.png
+++ b/docs/img/traefik.icon.png
--- a/docs/img/traefik.logo.png
+++ b/docs/img/traefik.logo.png
--- a/docs/img/zenika.logo.png
+++ b/docs/img/zenika.logo.png
--- a/docs/index.md
+++ b/docs/index.md
--- a/docs/toml.md
+++ b/docs/toml.md
--- a/docs/user-guide/cluster.md
+++ b/docs/user-guide/cluster.md
@@ -0,0 +1,19 @@
+# Clustering / High Availability
+
+This guide explains how tu use Træfɪk in high availability mode.
+In order to deploy and configure multiple Træfɪk instances, without copying the same configuration file on each instance, we will use a distributed Key-Value store.
+
+## Prerequisites
+
+You will need a working KV store cluster.
+
+## File configuration to KV store migration
+
+We created a special Træfɪk command to help configuring your Key Value store from a Træfɪk TOML configuration file.
+Please refer to [this section](/user-guide/kv-config/#store-configuration-in-key-value-store) to get more details.
+
+## Deploy a Træfɪk cluster
+
+Once your Træfɪk configuration is uploaded on your KV store, you can start each Træfɪk instance.
+A Træfɪk cluster is based on a master/slave model. When starting, Træfɪk will elect a master. If this instance fails, another master will be automatically elected.
+ 
--- a/docs/user-guide/examples.md
+++ b/docs/user-guide/examples.md
@@ -0,0 +1,133 @@
+
+# Examples
+
+You will find here some configuration examples of Træfɪk.
+
+## HTTP only
+
+```
+defaultEntryPoints = ["http"]
+[entryPoints]
+  [entryPoints.http]
+  address = ":80"
+```
+
+## HTTP + HTTPS (with SNI)
+
+```
+defaultEntryPoints = ["http", "https"]
+[entryPoints]
+  [entryPoints.http]
+  address = ":80"
+  [entryPoints.https]
+  address = ":443"
+    [entryPoints.https.tls]
+      [[entryPoints.https.tls.certificates]]
+      CertFile = "integration/fixtures/https/snitest.com.cert"
+      KeyFile = "integration/fixtures/https/snitest.com.key"
+      [[entryPoints.https.tls.certificates]]
+      CertFile = "integration/fixtures/https/snitest.org.cert"
+      KeyFile = "integration/fixtures/https/snitest.org.key"
+```
+Note that we can either give path to certificate file or directly the file content itself ([like in this TOML example](/user-guide/kv-config/#upload-the-configuration-in-the-key-value-store)).
+
+## HTTP redirect on HTTPS
+
+```
+defaultEntryPoints = ["http", "https"]
+[entryPoints]
+  [entryPoints.http]
+  address = ":80"
+    [entryPoints.http.redirect]
+    entryPoint = "https"
+  [entryPoints.https]
+  address = ":443"
+    [entryPoints.https.tls]
+      [[entryPoints.https.tls.certificates]]
+      certFile = "tests/traefik.crt"
+      keyFile = "tests/traefik.key"
+```
+
+## Let's Encrypt support
+
+```
+[entryPoints]
+  [entryPoints.https]
+  address = ":443"
+    [entryPoints.https.tls]
+      # certs used as default certs
+      [[entryPoints.https.tls.certificates]]
+      certFile = "tests/traefik.crt"
+      keyFile = "tests/traefik.key"
+[acme]
+email = "test@traefik.io"
+storageFile = "acme.json"
+onDemand = true
+caServer = "http://172.18.0.1:4000/directory"
+entryPoint = "https"
+
+[[acme.domains]]
+  main = "local1.com"
+  sans = ["test1.local1.com", "test2.local1.com"]
+[[acme.domains]]
+  main = "local2.com"
+  sans = ["test1.local2.com", "test2x.local2.com"]
+[[acme.domains]]
+  main = "local3.com"
+[[acme.domains]]
+  main = "local4.com"
+```
+
+## Override entrypoints in frontends
+
+```
+[frontends]
+  [frontends.frontend1]
+  backend = "backend2"
+    [frontends.frontend1.routes.test_1]
+    rule = "Host:test.localhost"
+  [frontends.frontend2]
+  backend = "backend1"
+  passHostHeader = true
+  entrypoints = ["https"] # overrides defaultEntryPoints
+    [frontends.frontend2.routes.test_1]
+    rule = "Host:{subdomain:[a-z]+}.localhost"
+  [frontends.frontend3]
+  entrypoints = ["http", "https"] # overrides defaultEntryPoints
+  backend = "backend2"
+    rule = "Path:/test"
+```
+
+## Enable Basic authentication in an entrypoint
+
+With two user/pass:
+
+- `test`:`test`
+- `test2`:`test2`
+
+Passwords are encoded in MD5: you can use htpasswd to generate those ones.
+
+```
+defaultEntryPoints = ["http"]
+[entryPoints]
+  [entryPoints.http]
+  address = ":80"
+  [entryPoints.http.auth.basic]
+  users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/", "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"]
+```
+
+## Pass Authenticated user to application via headers
+
+Providing an authentication method as described above, it is possible to pass the user to the application
+via a configurable header value
+
+```
+defaultEntryPoints = ["http"]
+[entryPoints]
+  [entryPoints.http]
+  address = ":80"
+  [entryPoints.http.auth]
+    headerField = "X-WebAuth-User"
+    [entryPoints.http.auth.basic]
+    users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/", "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"]
+```
--- a/docs/user-guide/kubernetes.md
+++ b/docs/user-guide/kubernetes.md
@@ -0,0 +1,430 @@
+# Kubernetes Ingress Controller
+
+This guide explains how to use Træfɪk as an Ingress controller in a Kubernetes cluster.
+If you are not familiar with Ingresses in Kubernetes you might want to read the [Kubernetes user guide](http://kubernetes.io/docs/user-guide/ingress/)
+
+The config files used in this guide can be found in the [examples directory](https://github.com/containous/traefik/tree/master/examples/k8s)
+
+## Prerequisites
+
+1. A working Kubernetes cluster. If you want to follow along with this guide, you should setup [minikube](http://kubernetes.io/docs/getting-started-guides/minikube/)
+on your machine, as it is the quickest way to get a local Kubernetes cluster setup for experimentation and development.
+
+2. The `kubectl` binary should be [installed on your workstation](http://kubernetes.io/docs/getting-started-guides/minikube/#download-kubectl).
+
+## Deploy Træfɪk
+
+We are going to deploy Træfɪk with a
+[Deployment](http://kubernetes.io/docs/user-guide/deployments/), as this will
+allow you to easily roll out config changes or update the image.
+
+```yaml
+kind: Deployment
+apiVersion: extensions/v1beta1
+metadata:
+  name: traefik-ingress-controller
+  namespace: kube-system
+  labels:
+    k8s-app: traefik-ingress-lb
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      k8s-app: traefik-ingress-lb
+  template:
+    metadata:
+      labels:
+        k8s-app: traefik-ingress-lb
+        name: traefik-ingress-lb
+    spec:
+      terminationGracePeriodSeconds: 60
+      containers:
+      - image: traefik
+        name: traefik-ingress-lb
+        resources:
+          limits:
+            cpu: 200m
+            memory: 30Mi
+          requests:
+            cpu: 100m
+            memory: 20Mi
+        ports:
+        - containerPort: 80
+          hostPort: 80
+        - containerPort: 8080
+        args:
+        - --web
+        - --kubernetes
+```
+[examples/k8s/traefik.yaml](https://github.com/containous/traefik/tree/master/examples/k8s/traefik.yaml)
+
+> notice that we binding port 80 on the Træfɪk container to port 80 on the host.
+> With a multi node cluster we might expose Træfɪk with a NodePort or LoadBalancer service
+> and run more than 1 replica of Træfɪk for high availability.
+
+To deploy Træfɪk to your cluster start by submitting the deployment to the cluster with `kubectl`:
+
+```sh
+kubectl apply -f examples/k8s/traefik.yaml
+```
+
+### Check the deployment
+
+Now lets check if our deployment was successful.
+
+Start by listing the pods in the `kube-system` namespace:
+
+```sh
+$kubectl --namespace=kube-system get pods
+
+NAME                                         READY     STATUS    RESTARTS   AGE
+kube-addon-manager-minikubevm                1/1       Running   0          4h
+kubernetes-dashboard-s8krj                   1/1       Running   0          4h
+traefik-ingress-controller-678226159-eqseo   1/1       Running   0          7m
+```
+
+You should see that after submitting the Deployment to Kubernetes it has launched
+a pod, and it is now running. _It might take a few moments for kubernetes to pull
+the Træfɪk image and start the container._
+
+> You could also check the deployment with the Kubernetes dashboard, run
+> `minikube dashboard` to open it in your browser, then choose the `kube-system`
+> namespace from the menu at the top right of the screen.
+
+You should now be able to access Træfɪk on port 80 of your minikube instance.
+
+```sh
+curl $(minikube ip)
+404 page not found
+```
+
+> We expect to see a 404 response here as we haven't yet given Træfɪk any configuration.
+
+## Submitting An Ingress to the cluster.
+
+Lets start by creating a Service and an Ingress that will expose the
+[Træfɪk Web UI](https://github.com/containous/traefik#web-ui).
+
+```yaml
+apiVersion: v1
+kind: Service
+metadata:
+  name: traefik-web-ui
+  namespace: kube-system
+spec:
+  selector:
+    k8s-app: traefik-ingress-lb
+  ports:
+  - port: 80
+    targetPort: 8080
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: traefik-web-ui
+  namespace: kube-system
+spec:
+  rules:
+  - host: traefik-ui.local
+    http:
+      paths:
+      - backend:
+          serviceName: traefik-web-ui
+          servicePort: 80
+```
+[examples/k8s/ui.yaml](https://github.com/containous/traefik/tree/master/examples/k8s/ui.yaml)
+
+```sh
+kubectl apply -f examples/k8s/ui.yaml
+```
+
+Now lets setup an entry in our /etc/hosts file to route `traefik-ui.local`
+to our cluster.
+
+> In production you would want to set up real dns entries.
+
+> You can get the ip address of your minikube instance by running `minikube ip`
+
+```
+echo "$(minikube ip) traefik-ui.local" | sudo tee -a /etc/hosts
+```
+
+We should now be able to visit [traefik-ui.local](http://traefik-ui.local) in the browser and view the Træfɪk Web UI.
+
+## Name based routing
+
+In this example we are going to setup websites for 3 of the United Kingdoms
+best loved cheeses, Cheddar, Stilton and Wensleydale.
+
+First lets start by launching the 3 pods for the cheese websites.
+
+```yaml
+---
+kind: Deployment
+apiVersion: extensions/v1beta1
+metadata:
+  name: stilton
+  labels:
+    app: cheese
+    cheese: stilton
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: cheese
+      task: stilton
+  template:
+    metadata:
+      labels:
+        app: cheese
+        task: stilton
+        version: v0.0.1
+    spec:
+      containers:
+      - name: cheese
+        image: errm/cheese:stilton
+        resources:
+          requests:
+            cpu: 100m
+            memory: 50Mi
+          limits:
+            cpu: 100m
+            memory: 50Mi
+        ports:
+        - containerPort: 80
+---
+kind: Deployment
+apiVersion: extensions/v1beta1
+metadata:
+  name: cheddar
+  labels:
+    app: cheese
+    cheese: cheddar
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: cheese
+      task: cheddar
+  template:
+    metadata:
+      labels:
+        app: cheese
+        task: cheddar
+        version: v0.0.1
+    spec:
+      containers:
+      - name: cheese
+        image: errm/cheese:cheddar
+        resources:
+          requests:
+            cpu: 100m
+            memory: 50Mi
+          limits:
+            cpu: 100m
+            memory: 50Mi
+        ports:
+        - containerPort: 80
+---
+kind: Deployment
+apiVersion: extensions/v1beta1
+metadata:
+  name: wensleydale
+  labels:
+    app: cheese
+    cheese: wensleydale
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: cheese
+      task: wensleydale
+  template:
+    metadata:
+      labels:
+        app: cheese
+        task: wensleydale
+        version: v0.0.1
+    spec:
+      containers:
+      - name: cheese
+        image: errm/cheese:wensleydale
+        resources:
+          requests:
+            cpu: 100m
+            memory: 50Mi
+          limits:
+            cpu: 100m
+            memory: 50Mi
+        ports:
+        - containerPort: 80
+```
+[examples/k8s/cheese-deployments.yaml](https://github.com/containous/traefik/tree/master/examples/k8s/cheese-deployments.yaml)
+
+```sh
+kubectl apply -f examples/k8s/cheese-deployments.yaml
+```
+
+Next we need to setup a service for each of the cheese pods.
+
+```yaml
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: stilton
+spec:
+  ports:
+  - name: http
+    targetPort: 80
+    port: 80
+  selector:
+    app: cheese
+    task: stilton
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: cheddar
+spec:
+  ports:
+  - name: http
+    targetPort: 80
+    port: 80
+  selector:
+    app: cheese
+    task: cheddar
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: wensleydale
+  annotations:
+    traefik.backend.circuitbreaker: "NetworkErrorRatio() > 0.5"
+spec:
+  ports:
+  - name: http
+    targetPort: 80
+    port: 80
+  selector:
+    app: cheese
+    task: wensleydale
+```
+
+> Notice that we also set a [circuit breaker expression](https://docs.traefik.io/basics/#backends) for one of the backends
+> by setting the `traefik.backend.circuitbreaker` annotation on the service.
+
+
+[examples/k8s/cheese-services.yaml](https://github.com/containous/traefik/tree/master/examples/k8s/cheese-services.yaml)
+
+```sh
+kubectl apply -f examples/k8s/cheese-services.yaml
+```
+
+Now we can submit an ingress for the cheese websites.
+
+```yaml
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: cheese
+spec:
+  rules:
+  - host: stilton.local
+    http:
+      paths:
+      - path: /
+        backend:
+          serviceName: stilton
+          servicePort: http
+  - host: cheddar.local
+    http:
+      paths:
+      - path: /
+        backend:
+          serviceName: cheddar
+          servicePort: http
+  - host: wensleydale.local
+    http:
+      paths:
+      - path: /
+        backend:
+          serviceName: wensleydale
+          servicePort: http
+```
+[examples/k8s/cheese-ingress.yaml](https://github.com/containous/traefik/tree/master/examples/k8s/cheese-ingress.yaml)
+
+> Notice that we list each hostname, and add a backend service.
+
+```sh
+kubectl apply -f examples/k8s/cheese-ingress.yaml
+```
+
+Now visit the [Træfɪk dashboard](http://traefik-ui.local/) and you should
+see a frontend for each host. Along with a backend listing for each service
+with a Server set up for each pod.
+
+If you edit your `/etc/hosts` again you should be able to access the cheese
+websites in your browser.
+
+```sh
+echo "$(minikube ip) stilton.local cheddar.local wensleydale.local" | sudo tee -a /etc/hosts
+```
+
+* [Stilton](http://stilton.local/)
+* [Cheddar](http://cheddar.local/)
+* [Wensleydale](http://wensleydale.local/)
+
+## Path based routing
+
+Now lets suppose that our fictional client has decided that while they are
+super happy about our cheesy web design, when they asked for 3 websites
+they had not really bargained on having to buy 3 domain names.
+
+No problem, we say, why don't we reconfigure the sites to host all 3 under one domain.
+
+
+```yaml
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: cheeses
+  annotations:
+    traefik.frontend.rule.type: pathprefixstrip
+spec:
+  rules:
+  - host: cheeses.local
+    http:
+      paths:
+      - path: /stilton
+        backend:
+          serviceName: stilton
+          servicePort: http
+      - path: /cheddar
+        backend:
+          serviceName: cheddar
+          servicePort: http
+      - path: /wensleydale
+        backend:
+          serviceName: wensleydale
+          servicePort: http
+```
+[examples/k8s/cheeses-ingress.yaml](https://github.com/containous/traefik/tree/master/examples/k8s/cheeses-ingress.yaml)
+
+> Notice that we are configuring Træfɪk to strip the prefix from the url path
+> with the `traefik.frontend.rule.type` annotation so that we can use
+> the containers from the previous example without modification.
+
+```sh
+kubectl apply -f examples/k8s/cheeses-ingress.yaml
+```
+
+```sh
+echo "$(minikube ip) cheeses.local" | sudo tee -a /etc/hosts
+```
+
+You should now be able to visit the websites in your browser.
+
+* [cheeses.local/stilton](http://cheeses.local/stilton/)
+* [cheeses.local/cheddar](http://cheeses.local/cheddar/)
+* [cheeses.local/wensleydale](http://cheeses.local/wensleydale/)
--- a/docs/user-guide/kv-config.md
+++ b/docs/user-guide/kv-config.md
@@ -0,0 +1,328 @@
+
+# Key-value store configuration
+
+Both [static global configuration](/user-guide/kv-config/#static-configuration-in-key-value-store) and [dynamic](/user-guide/kv-config/#dynamic-configuration-in-key-value-store) configuration can be sorted in a Key-value store.
+
+This section explains how to launch Træfɪk using a configuration loaded from a Key-value store.
+
+Træfɪk supports several Key-value stores:
+
+- [Consul](https://consul.io)
+- [etcd](https://coreos.com/etcd/)
+- [ZooKeeper](https://zookeeper.apache.org/) 
+- [boltdb](https://github.com/boltdb/bolt)
+
+# Static configuration in Key-value store
+
+We will see the steps to set it up with an easy example. 
+Note that we could do the same with any other Key-value Store.
+
+## docker-compose file for Consul
+
+The Træfɪk global configuration will be getted from a [Consul](https://consul.io) store. 
+
+First we have to launch Consul in a container. 
+The [docker-compose file](https://docs.docker.com/compose/compose-file/) allows us to launch Consul and four instances of the trivial app [emilevauge/whoamI](https://github.com/emilevauge/whoamI) : 
+
+```yml
+consul:
+  image: progrium/consul
+  command: -server -bootstrap -log-level debug -ui-dir /ui
+  ports:
+    - "8400:8400"
+    - "8500:8500"
+    - "8600:53/udp"
+  expose:
+    - "8300"
+    - "8301"
+    - "8301/udp"
+    - "8302"
+    - "8302/udp"  
+    
+whoami1:
+  image: emilevauge/whoami
+  
+whoami2:
+  image: emilevauge/whoami
+  
+whoami3:
+  image: emilevauge/whoami
+  
+whoami4:
+  image: emilevauge/whoami
+```
+
+## Upload the configuration in the Key-value store
+
+We should now fill the store with the Træfɪk global configuration, as we do with a [TOML file configuration](/toml).
+To do that, we can send the Key-value pairs via [curl commands](https://www.consul.io/intro/getting-started/kv.html) or via the [Web UI](https://www.consul.io/intro/getting-started/ui.html).
+
+Hopefully, Træfɪk allows automation of this process using the `storeconfig` subcommand.
+Please refer to the [store Træfɪk configuration](/user-guide/kv-config/#store-configuration-in-key-value-store) section to get documentation on it.
+
+Here is the toml configuration we would like to store in the Key-value Store  :
+
+```toml
+logLevel = "DEBUG"
+
+defaultEntryPoints = ["http", "https"]
+
+[entryPoints]
+  [entryPoints.http]
+  address = ":80"
+  [entryPoints.https]
+  address = ":443"
+    [entryPoints.https.tls]
+      [[entryPoints.https.tls.certificates]]
+      CertFile = "integration/fixtures/https/snitest.com.cert"
+      KeyFile = "integration/fixtures/https/snitest.com.key"
+      [[entryPoints.https.tls.certificates]]
+      CertFile = """-----BEGIN CERTIFICATE-----
+                      <cert file content>
+                      -----END CERTIFICATE-----"""
+      KeyFile = """-----BEGIN CERTIFICATE-----
+                      <key file content>
+                      -----END CERTIFICATE-----"""
+
+
+[consul]
+  endpoint = "127.0.0.1:8500"
+  watch = true
+  prefix = "traefik"
+  
+[web]
+  address = ":8081"
+```
+
+And there, the same global configuration in the Key-value Store (using `prefix = "traefik"`): 
+
+| Key                                                       | Value                                                         |
+|-----------------------------------------------------------|---------------------------------------------------------------|
+| `/traefik/loglevel`                                       | `DEBUG`                                                       |
+| `/traefik/defaultentrypoints/0`                           | `http`                                                        |
+| `/traefik/defaultentrypoints/1`                           | `https`                                                       |
+| `/traefik/entrypoints/http/address`                       | `:80`                                                         |
+| `/traefik/entrypoints/https/address`                      | `:443`                                                        |
+| `/traefik/entrypoints/https/tls/certificates/0/certfile`  | `integration/fixtures/https/snitest.com.cert`                 |
+| `/traefik/entrypoints/https/tls/certificates/0/keyfile`   | `integration/fixtures/https/snitest.com.key`                  |
+| `/traefik/entrypoints/https/tls/certificates/1/certfile`  | `--BEGIN CERTIFICATE--<cert file content>--END CERTIFICATE--` |
+| `/traefik/entrypoints/https/tls/certificates/1/keyfile`   | `--BEGIN CERTIFICATE--<key file content>--END CERTIFICATE--`  |
+| `/traefik/consul/endpoint`                                | `127.0.0.1:8500`                                              |
+| `/traefik/consul/watch`                                   | `true`                                                        |
+| `/traefik/consul/prefix`                                  | `traefik`                                                     |
+| `/traefik/web/address`                                    | `:8081`                                                       |
+
+In case you are setting key values manually,:
+ - Remember to specify the indexes (`0`,`1`, `2`, ... ) under prefixes `/traefik/defaultentrypoints/` and `/traefik/entrypoints/https/tls/certificates/` in order to match the global configuration structure.
+ - Be careful to give the correct IP address and port on the key `/traefik/consul/endpoint`.
+
+Note that we can either give path to certificate file or directly the file content itself.
+
+## Launch Træfɪk
+
+We will now launch Træfɪk in a container.
+We use CLI flags to setup the connection between Træfɪk and Consul.
+All the rest of the global configuration is stored in Consul.
+
+Here is the [docker-compose file](https://docs.docker.com/compose/compose-file/) :
+
+```yml
+traefik:
+  image: traefik
+  command: --consul --consul.endpoint=127.0.0.1:8500
+  ports:
+    - "80:80"
+    - "8080:8080"
+```
+
+NB : Be careful to give the correct IP address and port in the flag `--consul.endpoint`.
+
+## TLS support
+
+So far, only [Consul](https://consul.io) and [etcd](https://coreos.com/etcd/) support TLS connections. 
+To set it up, we should enable [consul security](https://www.consul.io/docs/internals/security.html) (or [etcd security](https://coreos.com/etcd/docs/latest/security.html)).
+
+Then, we have to provide CA, Cert and Key to Træfɪk using `consul` flags :
+
+- `--consul.tls`
+- `--consul.tls.ca=path/to/the/file`
+- `--consul.tls.cert=path/to/the/file`
+- `--consul.tls.key=path/to/the/file` 
+
+Or etcd flags :
+
+- `--etcd.tls`
+- `--etcd.tls.ca=path/to/the/file`
+- `--etcd.tls.cert=path/to/the/file`
+- `--etcd.tls.key=path/to/the/file`
+
+Note that we can either give directly directly the file content itself (instead of the path to certificate) in a TOML file configuration.
+
+Remember the command `traefik --help` to display the updated list of flags.
+
+# Dynamic configuration in Key-value store
+Following our example, we will provide backends/frontends rules to Træfɪk.
+
+Note that this section is independent of the way Træfɪk got its static configuration. 
+It means that the static configuration can either come from the same Key-value store or from any other sources.
+
+## Key-value storage structure
+Here is the toml configuration we would like to store in the store :
+
+```toml
+[file]
+
+# rules
+[backends]
+  [backends.backend1]
+    [backends.backend1.circuitbreaker]
+      expression = "NetworkErrorRatio() > 0.5"
+    [backends.backend1.servers.server1]
+    url = "http://172.17.0.2:80"
+    weight = 10
+    [backends.backend1.servers.server2]
+    url = "http://172.17.0.3:80"
+    weight = 1
+  [backends.backend2]
+    [backends.backend1.maxconn]
+      amount = 10
+      extractorfunc = "request.host"
+    [backends.backend2.LoadBalancer]
+      method = "drr"
+    [backends.backend2.servers.server1]
+    url = "http://172.17.0.4:80"
+    weight = 1
+    [backends.backend2.servers.server2]
+    url = "http://172.17.0.5:80"
+    weight = 2
+
+[frontends]
+  [frontends.frontend1]
+  backend = "backend2"
+    [frontends.frontend1.routes.test_1]
+    rule = "Host:test.localhost"
+  [frontends.frontend2]
+  backend = "backend1"
+  passHostHeader = true
+  priority = 10
+  entrypoints = ["https"] # overrides defaultEntryPoints
+    [frontends.frontend2.routes.test_1]
+    rule = "Host:{subdomain:[a-z]+}.localhost"
+  [frontends.frontend3]
+  entrypoints = ["http", "https"] # overrides defaultEntryPoints
+  backend = "backend2"
+    rule = "Path:/test"
+```
+
+And there, the same dynamic configuration in a KV Store (using `prefix = "traefik"`): 
+
+- backend 1
+
+| Key                                                    | Value                       |
+|--------------------------------------------------------|-----------------------------|
+| `/traefik/backends/backend1/circuitbreaker/expression` | `NetworkErrorRatio() > 0.5` |
+| `/traefik/backends/backend1/servers/server1/url`       | `http://172.17.0.2:80`      |
+| `/traefik/backends/backend1/servers/server1/weight`    | `10`                        |
+| `/traefik/backends/backend1/servers/server2/url`       | `http://172.17.0.3:80`      |
+| `/traefik/backends/backend1/servers/server2/weight`    | `1`                         |
+| `/traefik/backends/backend1/servers/server2/tags`      | `api,helloworld`            |
+
+- backend 2
+
+| Key                                                 | Value                  |
+|-----------------------------------------------------|------------------------|
+| `/traefik/backends/backend2/maxconn/amount`         | `10`                   |
+| `/traefik/backends/backend2/maxconn/extractorfunc`  | `request.host`         |
+| `/traefik/backends/backend2/loadbalancer/method`    | `drr`                  |
+| `/traefik/backends/backend2/servers/server1/url`    | `http://172.17.0.4:80` |
+| `/traefik/backends/backend2/servers/server1/weight` | `1`                    |
+| `/traefik/backends/backend2/servers/server2/url`    | `http://172.17.0.5:80` |
+| `/traefik/backends/backend2/servers/server2/weight` | `2`                    |
+| `/traefik/backends/backend2/servers/server2/tags`   | `web`                  |
+
+- frontend 1
+
+| Key                                               | Value                 |
+|---------------------------------------------------|-----------------------|
+| `/traefik/frontends/frontend1/backend`            | `backend2`            |
+| `/traefik/frontends/frontend1/routes/test_1/rule` | `Host:test.localhost` |
+
+- frontend 2
+
+| Key                                                | Value              |
+|----------------------------------------------------|--------------------|
+| `/traefik/frontends/frontend2/backend`             | `backend1`         |
+| `/traefik/frontends/frontend2/passHostHeader`      | `true`             |
+| `/traefik/frontends/frontend2/priority`            | `10`               |
+| `/traefik/frontends/frontend2/entrypoints`         | `http,https`       |
+| `/traefik/frontends/frontend2/routes/test_2/rule`  | `PathPrefix:/test` |
+
+## Atomic configuration changes
+
+Træfɪk can watch the backends/frontends configuration changes and generate its configuration automatically. 
+
+Note that only backends/frontends rules are dynamic, the rest of the Træfɪk configuration stay static. 
+
+The [Etcd](https://github.com/coreos/etcd/issues/860) and [Consul](https://github.com/hashicorp/consul/issues/886) backends do not support updating multiple keys atomically. As a result, it may be possible for Træfɪk to read an intermediate configuration state despite judicious use of the `--providersThrottleDuration` flag. To solve this problem, Træfɪk supports a special key called `/traefik/alias`. If set, Træfɪk use the value as an alternative key prefix.
+
+Given the key structure below, Træfɪk will use the `http://172.17.0.2:80` as its only backend (frontend keys have been omitted for brevity).
+
+| Key                                                                     | Value                       |
+|-------------------------------------------------------------------------|-----------------------------|
+| `/traefik/alias`                                                        | `/traefik_configurations/1` |
+| `/traefik_configurations/1/backends/backend1/servers/server1/url`       | `http://172.17.0.2:80`      |
+| `/traefik_configurations/1/backends/backend1/servers/server1/weight`    | `10`                        |
+
+When an atomic configuration change is required, you may write a new configuration at an alternative prefix. Here, although the `/traefik_configurations/2/...` keys have been set, the old configuration is still active because the `/traefik/alias` key still points to `/traefik_configurations/1`:
+
+| Key                                                                     | Value                       |
+|-------------------------------------------------------------------------|-----------------------------|
+| `/traefik/alias`                                                        | `/traefik_configurations/1` |
+| `/traefik_configurations/1/backends/backend1/servers/server1/url`       | `http://172.17.0.2:80`      |
+| `/traefik_configurations/1/backends/backend1/servers/server1/weight`    | `10`                        |
+| `/traefik_configurations/2/backends/backend1/servers/server1/url`       | `http://172.17.0.2:80`      |
+| `/traefik_configurations/2/backends/backend1/servers/server1/weight`    | `5`                        |
+| `/traefik_configurations/2/backends/backend1/servers/server2/url`       | `http://172.17.0.3:80`      |
+| `/traefik_configurations/2/backends/backend1/servers/server2/weight`    | `5`                        |
+
+Once the `/traefik/alias` key is updated, the new `/traefik_configurations/2` configuration becomes active atomically. Here, we have a 50% balance between the `http://172.17.0.3:80` and the `http://172.17.0.4:80` hosts while no traffic is sent to the `172.17.0.2:80` host:
+
+| Key                                                                     | Value                       |
+|-------------------------------------------------------------------------|-----------------------------|
+| `/traefik/alias`                                                        | `/traefik_configurations/2` |
+| `/traefik_configurations/1/backends/backend1/servers/server1/url`       | `http://172.17.0.2:80`      |
+| `/traefik_configurations/1/backends/backend1/servers/server1/weight`    | `10`                        |
+| `/traefik_configurations/2/backends/backend1/servers/server1/url`       | `http://172.17.0.3:80`      |
+| `/traefik_configurations/2/backends/backend1/servers/server1/weight`    | `5`                        |
+| `/traefik_configurations/2/backends/backend1/servers/server2/url`       | `http://172.17.0.4:80`      |
+| `/traefik_configurations/2/backends/backend1/servers/server2/weight`    | `5`                        |
+
+Note that Træfɪk *will not watch for key changes in the `/traefik_configurations` prefix*. It will only watch for changes in the `/traefik/alias`. 
+Further, if the `/traefik/alias` key is set, all other configuration with `/traefik/backends` or `/traefik/frontends` prefix are ignored.
+
+# Store configuration in Key-value store
+
+Don't forget to [setup the connection between Træfɪk and Key-value store](/user-guide/kv-config/#launch-trfk).
+The static Træfɪk configuration in a key-value store can be automatically created and updated, using the [`storeconfig` subcommand](/basics/#commands).
+
+```bash
+$ traefik storeconfig [flags] ...
+```
+This command is here only to automate the [process which upload the configuration into the Key-value store](/user-guide/kv-config/#upload-the-configuration-in-the-key-value-store).
+Træfɪk will not start but the [static configuration](/basics/#static-trfk-configuration) will be uploaded into the Key-value store.
+If you configured ACME (Let's Encrypt), your registration account and your certificates will also be uploaded.
+
+To upload your ACME certificates to the KV store, get your traefik TOML file and add the new `storage` option in the `acme` section:
+
+```
+[acme]
+email = "test@traefik.io"
+storage = "traefik/acme/account" # the key where to store your certificates in the KV store
+storageFile = "acme.json" # your old certificates store
+```
+
+Call `traefik storeconfig` to upload your config in the KV store.
+Then remove the line `storageFile = "acme.json"` from your TOML config file.
+That's it!
+
+
--- a/docs/user-guide/swarm-mode.md
+++ b/docs/user-guide/swarm-mode.md
@@ -0,0 +1,307 @@
+# Docker Swarm (mode) cluster
+
+This section explains how to create a multi-host docker cluster with
+swarm mode using [docker-machine](https://docs.docker.com/machine) and
+how to deploy Træfɪk on it.
+
+The cluster consists of:
+
+- 3 servers
+- 1 manager
+- 2 workers
+- 1 [overlay](https://docs.docker.com/engine/userguide/networking/dockernetworks/#an-overlay-network) network
+(multi-host networking)
+
+## Prerequisites
+
+1. You will need to install [docker-machine](https://docs.docker.com/machine/)
+2. You will need the latest [VirtualBox](https://www.virtualbox.org/wiki/Downloads)
+
+## Cluster provisioning
+
+First, let's create all the required nodes. It's a shorter version of
+the [swarm tutorial](https://docs.docker.com/engine/swarm/swarm-tutorial/).
+
+```sh
+docker-machine create -d virtualbox manager
+docker-machine create -d virtualbox worker1
+docker-machine create -d virtualbox worker2
+```
+
+Then, let's setup the cluster, in order :
+
+1. initialize the cluster
+2. get the token for other host to join
+3. on both workers, join the cluster with the token
+
+```sh
+docker-machine ssh manager "docker swarm init \
+	--listen-addr $(docker-machine ip manager) \
+	--advertise-addr $(docker-machine ip manager)"
+
+export worker_token=$(docker-machine ssh manager "docker swarm \
+join-token worker -q")
+
+docker-machine ssh worker1 "docker swarm join \
+	--token=${worker_token} \
+	--listen-addr $(docker-machine ip worker1) \
+	--advertise-addr $(docker-machine ip worker1) \
+	$(docker-machine ip manager)"
+
+docker-machine ssh worker2 "docker swarm join \
+	--token=${worker_token} \
+	--listen-addr $(docker-machine ip worker2) \
+	--advertise-addr $(docker-machine ip worker2) \
+	$(docker-machine ip manager)"
+```
+
+Let's validate the cluster is up and running.
+
+```sh
+docker-machine ssh manager docker node ls
+ID                           HOSTNAME  STATUS  AVAILABILITY  MANAGER STATUS
+2a770ov9vixeadep674265u1n    worker1   Ready   Active
+dbi3or4q8ii8elbws70g4hkdh *  manager   Ready   Active        Leader
+esbhhy6vnqv90xomjaomdgy46    worker2   Ready   Active
+```
+
+Finally, let's create a network for Træfik to use.
+
+```sh
+docker-machine ssh manager "docker network create --driver=overlay traefik-net"
+```
+
+## Deploy Træfik
+
+Let's deploy Træfik as a docker service in our cluster. The only
+requirement for Træfik to work with swarm mode is that it needs to run
+on a manager node — we are going to use a
+[constraint](https://docs.docker.com/engine/reference/commandline/service_create/#/specify-service-constraints-constraint) for
+that.
+
+```
+docker-machine ssh manager "docker service create \
+	--name traefik \
+	--constraint=node.role==manager \
+	--publish 80:80 --publish 8080:8080 \
+	--mount	type=bind,source=/var/run/docker.sock,target=/var/run/docker.sock \
+	--network traefik-net \
+	traefik \
+	--docker \
+	--docker.swarmmode \
+	--docker.domain=traefik \
+	--docker.watch \
+	--web"
+```
+
+Let's explain this command:
+
+- `--publish 80:80 --publish 8080:8080`: we publish port `80` and
+  `8080` on the cluster.
+- `--constraint=node.role==manager`: we ask docker to schedule Træfik
+  on a manager node.
+- `--mount type=bind,source=/var/run/docker.sock,target=/var/run/docker.sock`:
+  we bind mount the docker socket where Træfik is scheduled to be able
+  to speak to the daemon.
+- `--network traefik-net`: we attach the Træfik service (and thus
+  the underlying container) to the `traefik-net` network.
+- `--docker`: enable docker backend, and `--docker.swarmmode` to
+  enable the swarm mode on Træfik.
+- `--web`: activate the webUI on port 8080
+
+## Deploy your apps
+
+We can now deploy our app on the cluster,
+here [whoami](https://github.com/emilevauge/whoami), a simple web
+server in Go. We start 2 services, on the `traefik-net` network.
+
+```sh
+docker-machine ssh manager "docker service create \
+	--name whoami0 \
+	--label traefik.port=80 \
+	--network traefik-net \
+	emilevauge/whoami"
+
+docker-machine ssh manager "docker service create \
+	--name whoami1 \
+	--label traefik.port=80 \
+	--network traefik-net \
+	--label traefik.backend.loadbalancer.sticky=true \
+	emilevauge/whoami"
+```
+
+Note that we set whoami1 to use sticky sessions (`--label traefik.backend.loadbalancer.sticky=true`).  We'll demonstrate that later.
+If using `docker stack deploy`, there is [a specific way that the labels must be defined in the docker-compose file](https://github.com/containous/traefik/issues/994#issuecomment-269095109).
+
+Check that everything is scheduled and started:
+
+```sh
+docker-machine ssh manager "docker service ls"
+ID            NAME     REPLICAS  IMAGE              COMMAND
+ab046gpaqtln  whoami0  1/1       emilevauge/whoami
+cgfg5ifzrpgm  whoami1  1/1       emilevauge/whoami
+dtpl249tfghc  traefik  1/1       traefik            --docker --docker.swarmmode --docker.domain=traefik --docker.watch --web
+```
+
+## Access to your apps through Træfɪk
+
+```sh
+curl -H Host:whoami0.traefik http://$(docker-machine ip manager)
+Hostname: 8147a7746e7a
+IP: 127.0.0.1
+IP: ::1
+IP: 10.0.9.3
+IP: fe80::42:aff:fe00:903
+IP: 172.18.0.3
+IP: fe80::42:acff:fe12:3
+GET / HTTP/1.1
+Host: 10.0.9.3:80
+User-Agent: curl/7.35.0
+Accept: */*
+Accept-Encoding: gzip
+X-Forwarded-For: 192.168.99.1
+X-Forwarded-Host: 10.0.9.3:80
+X-Forwarded-Proto: http
+X-Forwarded-Server: 8fbc39271b4c
+
+curl -H Host:whoami1.traefik http://$(docker-machine ip manager)
+Hostname: ba2c21488299
+IP: 127.0.0.1
+IP: ::1
+IP: 10.0.9.4
+IP: fe80::42:aff:fe00:904
+IP: 172.18.0.2
+IP: fe80::42:acff:fe12:2
+GET / HTTP/1.1
+Host: 10.0.9.4:80
+User-Agent: curl/7.35.0
+Accept: */*
+Accept-Encoding: gzip
+X-Forwarded-For: 192.168.99.1
+X-Forwarded-Host: 10.0.9.4:80
+X-Forwarded-Proto: http
+X-Forwarded-Server: 8fbc39271b4c
+```
+
+Note that as Træfik is published, you can access it from any machine
+and not only the manager.
+
+```sh
+curl -H Host:whoami0.traefik http://$(docker-machine ip worker1)
+Hostname: 8147a7746e7a
+IP: 127.0.0.1
+IP: ::1
+IP: 10.0.9.3
+IP: fe80::42:aff:fe00:903
+IP: 172.18.0.3
+IP: fe80::42:acff:fe12:3
+GET / HTTP/1.1
+Host: 10.0.9.3:80
+User-Agent: curl/7.35.0
+Accept: */*
+Accept-Encoding: gzip
+X-Forwarded-For: 192.168.99.1
+X-Forwarded-Host: 10.0.9.3:80
+X-Forwarded-Proto: http
+X-Forwarded-Server: 8fbc39271b4c
+
+curl -H Host:whoami1.traefik http://$(docker-machine ip worker2)
+Hostname: ba2c21488299
+IP: 127.0.0.1
+IP: ::1
+IP: 10.0.9.4
+IP: fe80::42:aff:fe00:904
+IP: 172.18.0.2
+IP: fe80::42:acff:fe12:2
+GET / HTTP/1.1
+Host: 10.0.9.4:80
+User-Agent: curl/7.35.0
+Accept: */*
+Accept-Encoding: gzip
+X-Forwarded-For: 192.168.99.1
+X-Forwarded-Host: 10.0.9.4:80
+X-Forwarded-Proto: http
+X-Forwarded-Server: 8fbc39271b4c
+```
+
+## Scale both services
+
+```sh
+docker-machine ssh manager "docker service scale whoami0=5"
+
+docker-machine ssh manager "docker service scale whoami1=5"
+```
+
+
+Check that we now have 5 replicas of each `whoami` service:
+
+```sh
+docker-machine ssh manager "docker service ls"
+ID            NAME     REPLICAS  IMAGE              COMMAND
+ab046gpaqtln  whoami0  5/5       emilevauge/whoami
+cgfg5ifzrpgm  whoami1  5/5       emilevauge/whoami
+dtpl249tfghc  traefik  1/1       traefik            --docker --docker.swarmmode --docker.domain=traefik --docker.watch --web
+```
+## Access to your whoami0 through Træfɪk multiple times.
+
+Repeat the following command multiple times and note that the Hostname changes each time as Traefik load balances each request against the 5 tasks.
+```sh
+curl -H Host:whoami0.traefik http://$(docker-machine ip manager)
+Hostname: 8147a7746e7a
+IP: 127.0.0.1
+IP: ::1
+IP: 10.0.9.3
+IP: fe80::42:aff:fe00:903
+IP: 172.18.0.3
+IP: fe80::42:acff:fe12:3
+GET / HTTP/1.1
+Host: 10.0.9.3:80
+User-Agent: curl/7.35.0
+Accept: */*
+Accept-Encoding: gzip
+X-Forwarded-For: 192.168.99.1
+X-Forwarded-Host: 10.0.9.3:80
+X-Forwarded-Proto: http
+X-Forwarded-Server: 8fbc39271b4c
+```
+
+Do the same against whoami1.  
+```sh
+curl -H Host:whoami1.traefik http://$(docker-machine ip manager)
+Hostname: ba2c21488299
+IP: 127.0.0.1
+IP: ::1
+IP: 10.0.9.4
+IP: fe80::42:aff:fe00:904
+IP: 172.18.0.2
+IP: fe80::42:acff:fe12:2
+GET / HTTP/1.1
+Host: 10.0.9.4:80
+User-Agent: curl/7.35.0
+Accept: */*
+Accept-Encoding: gzip
+X-Forwarded-For: 192.168.99.1
+X-Forwarded-Host: 10.0.9.4:80
+X-Forwarded-Proto: http
+X-Forwarded-Server: 8fbc39271b4c
+```
+Wait, I thought we added the sticky flag to whoami1?  Traefik relies on a cookie to maintain stickyness so you'll need to test this with a browser.
+
+First you need to add whoami1.traefik to your hosts file:
+```ssh
+if [ -n "$(grep whoami1.traefik /etc/hosts)" ];  
+then 
+echo "whoami1.traefik already exists (make sure the ip is current)"; 
+else 
+sudo -- sh -c -e "echo '$(docker-machine ip manager)\twhoami1.traefik' 
+>> /etc/hosts"; 
+fi
+```
+
+Now open your browser and go to http://whoami1.traefik/
+
+You will now see that stickyness is maintained.
+
+![](http://i.giphy.com/ujUdrdpX7Ok5W.gif)
+
+
--- a/docs/user-guide/swarm.md
+++ b/docs/user-guide/swarm.md
@@ -0,0 +1,170 @@
+# Swarm cluster
+
+This section explains how to create a multi-host [swarm](https://docs.docker.com/swarm) cluster using [docker-machine](https://docs.docker.com/machine/) and how to deploy Træfɪk on it.
+The cluster consists of:
+
+- 2 servers
+- 1 swarm master
+- 2 swarm nodes
+- 1 [overlay](https://docs.docker.com/engine/userguide/networking/dockernetworks/#an-overlay-network) network (multi-host networking)
+
+## Prerequisites
+
+1. You need to install [docker-machine](https://docs.docker.com/machine/)
+2. You need the latest [VirtualBox](https://www.virtualbox.org/wiki/Downloads)
+
+## Cluster provisioning
+
+We first follow [this guide](https://docs.docker.com/engine/userguide/networking/get-started-overlay/) to create the cluster.
+
+### Create machine `mh-keystore`
+
+This machine is the service registry of our cluster.
+
+```sh
+docker-machine create -d virtualbox mh-keystore
+```
+
+Then we install the service registry [Consul](https://consul.io) on this machine:
+
+```sh
+eval "$(docker-machine env mh-keystore)"
+docker run -d \
+    -p "8500:8500" \
+    -h "consul" \
+    progrium/consul -server -bootstrap
+```
+
+### Create machine `mhs-demo0`
+
+This machine is a swarm master and a swarm agent on it.
+
+```sh
+docker-machine create -d virtualbox \
+    --swarm --swarm-master \
+    --swarm-discovery="consul://$(docker-machine ip mh-keystore):8500" \
+    --engine-opt="cluster-store=consul://$(docker-machine ip mh-keystore):8500" \
+    --engine-opt="cluster-advertise=eth1:2376" \
+    mhs-demo0
+```
+
+### Create machine `mhs-demo1`
+
+This machine have a swarm agent on it.
+
+```sh
+docker-machine create -d virtualbox \
+    --swarm \
+    --swarm-discovery="consul://$(docker-machine ip mh-keystore):8500" \
+    --engine-opt="cluster-store=consul://$(docker-machine ip mh-keystore):8500" \
+    --engine-opt="cluster-advertise=eth1:2376" \
+    mhs-demo1
+```
+
+### Create the overlay Network
+
+Create the overlay network on the swarm master:
+
+```sh
+eval $(docker-machine env --swarm mhs-demo0)
+docker network create --driver overlay --subnet=10.0.9.0/24 my-net
+```
+
+## Deploy Træfɪk
+
+Deploy Træfɪk:
+
+```sh
+docker $(docker-machine config mhs-demo0) run \
+    -d \
+    -p 80:80 -p 8080:8080 \
+    --net=my-net \
+    -v /var/lib/boot2docker/:/ssl \
+    traefik \
+    -l DEBUG \
+    -c /dev/null \
+    --docker \
+    --docker.domain=traefik \
+    --docker.endpoint=tcp://$(docker-machine ip mhs-demo0):3376 \
+    --docker.tls \
+    --docker.tls.ca=/ssl/ca.pem \
+    --docker.tls.cert=/ssl/server.pem \
+    --docker.tls.key=/ssl/server-key.pem \
+    --docker.tls.insecureSkipVerify \
+    --docker.watch \
+    --web
+```
+
+Let's explain this command:
+
+- `-p 80:80 -p 8080:8080`: we bind ports 80 and 8080
+- `--net=my-net`: run the container on the network my-net
+- `-v /var/lib/boot2docker/:/ssl`: mount the ssl keys generated by docker-machine
+- `-c /dev/null`: empty config file
+- `--docker`: enable docker backend
+- `--docker.endpoint=tcp://172.18.0.1:3376`: connect to the swarm master using the docker_gwbridge network
+- `--docker.tls`: enable TLS using the docker-machine keys
+- `--web`: activate the webUI on port 8080
+
+## Deploy your apps
+
+We can now deploy our app on the cluster, here [whoami](https://github.com/emilevauge/whoami), a simple web server in GO, on the network `my-net`:
+
+```sh
+eval $(docker-machine env --swarm mhs-demo0)
+docker run -d --name=whoami0 --net=my-net --env="constraint:node==mhs-demo0" emilevauge/whoami
+docker run -d --name=whoami1 --net=my-net --env="constraint:node==mhs-demo1" emilevauge/whoami
+```
+
+Check that everything is started:
+
+```sh
+docker ps
+CONTAINER ID        IMAGE               COMMAND                  CREATED             STATUS              PORTS                                                      NAMES
+ba2c21488299        emilevauge/whoami   "/whoamI"                8 seconds ago       Up 9 seconds        80/tcp                                                     mhs-demo1/whoami1
+8147a7746e7a        emilevauge/whoami   "/whoamI"                19 seconds ago      Up 20 seconds       80/tcp                                                     mhs-demo0/whoami0
+8fbc39271b4c        traefik             "/traefik -l DEBUG -c"   36 seconds ago      Up 37 seconds       192.168.99.101:80->80/tcp, 192.168.99.101:8080->8080/tcp   mhs-demo0/serene_bhabha
+```
+
+## Access to your apps through Træfɪk
+
+```sh
+curl -H Host:whoami0.traefik http://$(docker-machine ip mhs-demo0)
+Hostname: 8147a7746e7a
+IP: 127.0.0.1
+IP: ::1
+IP: 10.0.9.3
+IP: fe80::42:aff:fe00:903
+IP: 172.18.0.3
+IP: fe80::42:acff:fe12:3
+GET / HTTP/1.1
+Host: 10.0.9.3:80
+User-Agent: curl/7.35.0
+Accept: */*
+Accept-Encoding: gzip
+X-Forwarded-For: 192.168.99.1
+X-Forwarded-Host: 10.0.9.3:80
+X-Forwarded-Proto: http
+X-Forwarded-Server: 8fbc39271b4c
+
+curl -H Host:whoami1.traefik http://$(docker-machine ip mhs-demo0)
+Hostname: ba2c21488299
+IP: 127.0.0.1
+IP: ::1
+IP: 10.0.9.4
+IP: fe80::42:aff:fe00:904
+IP: 172.18.0.2
+IP: fe80::42:acff:fe12:2
+GET / HTTP/1.1
+Host: 10.0.9.4:80
+User-Agent: curl/7.35.0
+Accept: */*
+Accept-Encoding: gzip
+X-Forwarded-For: 192.168.99.1
+X-Forwarded-Host: 10.0.9.4:80
+X-Forwarded-Proto: http
+X-Forwarded-Server: 8fbc39271b4c
+```
+
+![](http://i.giphy.com/ujUdrdpX7Ok5W.gif)
+
--- a/examples/accessLog/.gitignore
+++ b/examples/accessLog/.gitignore
@@ -0,0 +1,2 @@
+exampleHandler
+exampleHandler.exe
--- a/examples/accessLog/exampleHandler.go
+++ b/examples/accessLog/exampleHandler.go
@@ -0,0 +1,46 @@
+/*
+Simple program to start a web server on a specified port
+*/
+package main
+
+import (
+	"flag"
+	"fmt"
+	"net/http"
+	"os"
+)
+
+var (
+	name string
+	port int
+	help *bool
+)
+
+func init() {
+	flag.StringVar(&name, "n", "", "Name of handler for messages")
+	flag.IntVar(&port, "p", 0, "Port number to listen")
+	help = flag.Bool("h", false, "Displays help message")
+}
+
+func usage() {
+	fmt.Printf("Usage: example -n name -p port \n")
+	os.Exit(2)
+}
+
+func handler(w http.ResponseWriter, r *http.Request) {
+	fmt.Fprintf(w, "%s: Received query %s!\n", name, r.URL.Path[1:])
+}
+
+func main() {
+	flag.Parse()
+	if *help || len(name) == 0 || port <= 0 {
+		usage()
+	}
+	http.HandleFunc("/", handler)
+	fmt.Printf("%s: Listening on :%d...\n", name, port)
+	if er := http.ListenAndServe(fmt.Sprintf(":%d", port), nil); er != nil {
+		fmt.Printf("%s: Error from ListenAndServe: %s", name, er.Error())
+		os.Exit(1)
+	}
+	fmt.Printf("%s: How'd we get past listen and serve???\n", name)
+}
--- a/examples/accessLog/runAb.sh
+++ b/examples/accessLog/runAb.sh
@@ -0,0 +1,122 @@
+#!/bin/bash
+usage()
+{
+  echo 'runAb.sh - Run Apache Benchmark to test access log'
+  echo '   Usage: runAb.sh [--conn nnn] [--log xxx] [--num nnn] [--time nnn] [--wait nn]'
+  echo '     -c|--conn - number of simultaneous connections (default 100)'
+  echo '     -l|--log  - name of logfile (default benchmark.log)'
+  echo '     -n|--num  - number of requests (default 50000); ignored when -t specified'
+  echo '     -t|--time - time in seconds for benchmark (default no limit)'
+  echo '     -w|--wait - number of seconds to wait for Traefik to initialize (default 15)'
+  echo '   '
+  exit
+}
+
+# Parse options
+
+conn=100
+num=50000
+wait=15
+time=0
+logfile=""
+while [[ $1 =~ ^- ]]
+do
+  case $1 in
+    -c|--conn)
+      conn=$2
+      shift
+      ;;
+    -h|--help)
+      usage
+      ;;
+    -l|--log|--logfile)
+      logfile=$2
+      shift
+      ;;
+    -n|--num)
+      num=$2
+      shift
+      ;;
+    -t|--time)
+      time=$2
+      shift
+      ;;
+    -w|--wait)
+      wait=$2
+      shift
+      ;;
+    *)
+      echo Unknown option "$1"
+      usage
+  esac
+  shift
+done
+if [ -z "$logfile" ] ; then
+  logfile="benchmark.log"
+fi
+
+# Change to accessLog examples directory
+
+[ -d examples/accessLog ] && cd examples/accessLog
+if [ ! -r exampleHandler.go ] ; then
+  echo Please run this script either from the traefik repo root or from the examples/accessLog directory
+  exit
+fi
+
+# Kill traefik and any running example processes
+
+sudo pkill -f traefik
+pkill -f exampleHandler
+[ ! -d log ] && mkdir log
+
+# Start new example processes
+
+go build exampleHandler.go
+[ $? -ne 0 ] && exit $?
+./exampleHandler -n Handler1 -p 8081 &
+[ $? -ne 0 ] && exit $?
+./exampleHandler -n Handler2 -p 8082 &
+[ $? -ne 0 ] && exit $?
+./exampleHandler -n Handler3 -p 8083 &
+[ $? -ne 0 ] && exit $?
+
+# Wait a couple of seconds for handlers to initialize and start Traefik
+
+cd ../..
+sleep 2s
+echo Starting Traefik...
+sudo ./traefik -c examples/accessLog/traefik.ab.toml &
+[ $? -ne 0 ] && exit $?
+
+# Wait for Traefik to initialize and run ab
+
+echo Waiting $wait seconds before starting ab benchmark
+sleep ${wait}s
+echo
+stime=`date '+%s'`
+if [ $time -eq 0 ] ; then
+  echo Benchmark starting `date` with $conn connections until $num requests processed | tee $logfile
+  echo | tee -a $logfile
+  echo ab -k -c $conn -n $num http://127.0.0.1/test | tee -a $logfile
+  echo | tee -a $logfile
+  ab -k -c $conn -n $num http://127.0.0.1/test 2>&1 | tee -a $logfile
+else
+  if [ $num -ne 50000 ] ; then
+    echo Request count ignored when --time specified
+  fi
+  echo Benchmark starting `date` with $conn connections for $time seconds | tee $logfile
+  echo | tee -a $logfile
+  echo ab -k -c $conn -t $time -n 100000000 http://127.0.0.1/test | tee -a $logfile
+  echo | tee -a $logfile
+  ab -k -c $conn -t $time -n 100000000 http://127.0.0.1/test 2>&1 | tee -a $logfile
+fi
+
+etime=`date '+%s'`
+let "dt=$etime - $stime"
+let "ds=$dt % 60"
+let "dm=($dt / 60) % 60"
+let "dh=$dt / 3600"
+echo | tee -a $logfile
+printf "Benchmark ended `date` after %d:%02d:%02d\n" $dh $dm $ds | tee -a $logfile
+echo Results available in $logfile
+
--- a/examples/accessLog/runExample.sh
+++ b/examples/accessLog/runExample.sh
@@ -0,0 +1,40 @@
+#!/bin/bash
+# Script to run a three-server example.  This script runs the three servers and restarts Traefik
+# Once it is running, use the command:
+#
+# curl http://127.0.0.1:80/test{1,2,2}
+#
+# to send requests to send test requests to the servers.  You should see a response like:
+#
+# Handler1: received query test1!
+# Handler2: received query test2!
+# Handler3: received query test2!
+#
+# and can then inspect log/access.log to see frontend, backend, and timing
+
+# Kill traefik and any running example processes
+sudo pkill -f traefik
+pkill -f exampleHandler
+[ ! -d log ] && mkdir log
+
+# Start new example processes
+cd examples/accessLog
+go build exampleHandler.go
+[ $? -ne 0 ] && exit $?
+./exampleHandler -n Handler1 -p 8081 &
+[ $? -ne 0 ] && exit $?
+./exampleHandler -n Handler2 -p 8082 &
+[ $? -ne 0 ] && exit $?
+./exampleHandler -n Handler3 -p 8083 &
+[ $? -ne 0 ] && exit $?
+
+# Wait a couple of seconds for handlers to initialize and start Traefik
+cd ../..
+sleep 2s
+echo Starting Traefik...
+sudo ./traefik -c examples/accessLog/traefik.example.toml &
+[ $? -ne 0 ] && exit $?
+
+echo Sample handlers and traefik started successfully!
+echo 'Use command curl http://127.0.0.1:80/test{1,2,2} to drive test'
+echo Then inspect log/access.log to verify it contains frontend, backend, and timing
--- a/examples/accessLog/traefik.ab.toml
+++ b/examples/accessLog/traefik.ab.toml
@@ -0,0 +1,37 @@
+################################################################
+# Global configuration
+################################################################
+traefikLogsFile = "log/traefik.log"
+accessLogsFile = "log/access.log"
+logLevel = "DEBUG"
+
+################################################################
+# Web configuration backend
+################################################################
+[web]
+address = ":7888"
+
+################################################################
+# File configuration backend
+################################################################
+[file]
+
+################################################################
+# rules
+################################################################
+ [backends]
+   [backends.backend]
+     [backends.backend.LoadBalancer]
+       method = "drr"
+     [backends.backend.servers.server1]
+       url = "http://127.0.0.1:8081"
+     [backends.backend.servers.server2]
+       url = "http://127.0.0.1:8082"
+     [backends.backend.servers.server3]
+       url = "http://127.0.0.1:8083"
+ [frontends]
+   [frontends.frontend]
+   backend = "backend"
+   passHostHeader = true
+     [frontends.frontend.routes.test]
+     rule = "Path: /test"
--- a/examples/accessLog/traefik.example.toml
+++ b/examples/accessLog/traefik.example.toml
@@ -0,0 +1,42 @@
+################################################################
+# Global configuration
+################################################################
+traefikLogsFile = "log/traefik.log"
+accessLogsFile = "log/access.log"
+logLevel = "DEBUG"
+
+################################################################
+# Web configuration backend
+################################################################
+[web]
+address = ":7888"
+
+################################################################
+# File configuration backend
+################################################################
+[file]
+
+################################################################
+# rules
+################################################################
+ [backends]
+   [backends.backend1]
+     [backends.backend1.servers.server1]
+       url = "http://127.0.0.1:8081"
+   [backends.backend2]
+     [backends.backend2.LoadBalancer]
+       method = "drr"
+     [backends.backend2.servers.server1]
+       url = "http://127.0.0.1:8082"
+     [backends.backend2.servers.server2]
+       url = "http://127.0.0.1:8083"
+  [frontends]
+   [frontends.frontend1]
+   backend = "backend1"
+     [frontends.frontend1.routes.test_1]
+     rule = "Path: /test1"
+   [frontends.frontend2]
+   backend = "backend2"
+   passHostHeader = true
+     [frontends.frontend2.routes.test_2]
+     rule = "Path: /test2"
--- a/examples/compose-consul.yml
+++ b/examples/compose-consul.yml
@@ -0,0 +1,25 @@
+version: '2'
+services:
+  consul:
+    image: progrium/consul
+    command: -server -bootstrap -advertise 12.0.0.254 -log-level debug -ui-dir /ui
+    ports:
+      - "8400:8400"
+      - "8500:8500"
+      - "8600:53/udp"
+    expose:
+      - "8300"
+      - "8301"
+      - "8301/udp"
+      - "8302"
+      - "8302/udp"
+
+  registrator:
+    depends_on:
+      - consul
+    image: gliderlabs/registrator:master
+    command: -internal consul://consul:8500
+    volumes:
+      - /var/run/docker.sock:/tmp/docker.sock
+    links:
+      - consul
--- a/examples/compose-etcd.yml
+++ b/examples/compose-etcd.yml
@@ -0,0 +1,4 @@
+etcd:
+  image: gcr.io/google_containers/etcd:2.2.1
+  net: host
+  command: ['/usr/local/bin/etcd', '--addr=127.0.0.1:2379', '--bind-addr=0.0.0.0:2379', '--data-dir=/var/etcd/data']
--- a/examples/compose-k8s.yaml
+++ b/examples/compose-k8s.yaml
@@ -0,0 +1,11 @@
+kubelet:
+  image: gcr.io/google_containers/hyperkube-amd64:v1.5.2
+  privileged: true
+  pid: host
+  net : host
+  volumes:
+    - /sys:/sys:rw
+    - /var/lib/docker/:/var/lib/docker:rw
+    - /var/lib/kubelet/:/var/lib/kubelet:rw,shared
+    - /var/run:/var/run:rw
+  command: ['/hyperkube', 'kubelet', '--hostname-override=127.0.0.1', '--api-servers=http://localhost:8080', '--config=/etc/kubernetes/manifests', '--allow-privileged=true', '--v=2', '--cluster-dns=10.0.0.10', '--cluster-domain=cluster.local']
--- a/examples/compose-marathon.yml
+++ b/examples/compose-marathon.yml
@@ -0,0 +1,59 @@
+
+version: '2'
+services:
+  zookeeper:
+    image: netflixoss/exhibitor:1.5.2
+    hostname: zookeeper
+    ports:
+      - "2181:2181"
+  mesos-master:
+    image: mesosphere/marathon:v1.2.0-RC6
+    hostname: mesos-master
+    entrypoint: [ "mesos-master" ]
+    ports:
+      - "5050:5050"
+    links:
+      - zookeeper
+    environment:
+      - MESOS_CLUSTER=local
+      - MESOS_HOSTNAME=mesos-master.docker
+      - MESOS_LOG_DIR=/var/log
+      - MESOS_WORK_DIR=/var/lib/mesos
+      - MESOS_QUORUM=1
+      - MESOS_ZK=zk://zookeeper:2181/mesos
+  mesos-slave:
+    image: mesosphere/mesos-slave-dind:0.2.4_mesos-0.27.2_docker-1.8.2_ubuntu-14.04.4
+    entrypoint:
+      - mesos-slave
+    privileged: true
+    hostname: mesos-slave
+    ports:
+      - "5051:5051"
+    links:
+      - zookeeper
+      - mesos-master
+    environment:
+      - MESOS_CONTAINERIZERS=docker,mesos
+      - MESOS_ISOLATOR=cgroups/cpu,cgroups/mem
+      - MESOS_LOG_DIR=/var/log
+      - MESOS_MASTER=zk://zookeeper:2181/mesos
+      - MESOS_PORT=5051
+      - MESOS_WORK_DIR=/var/lib/mesos
+      - MESOS_EXECUTOR_REGISTRATION_TIMEOUT=5mins
+      - MESOS_EXECUTOR_SHUTDOWN_GRACE_PERIOD=90secs
+      - MESOS_DOCKER_STOP_TIMEOUT=60secs
+      - MESOS_RESOURCES=cpus:2;mem:2048;disk:20480;ports(*):[12000-12999]
+    volumes:
+      - "/var/run/docker.sock:/var/run/docker.sock"
+  marathon:
+    image: mesosphere/marathon:v1.2.0-RC6
+    ports:
+     - "8080:8080"
+    links:
+      - zookeeper
+      - mesos-master
+    extra_hosts:
+      - "mesos-slave:172.17.0.1"
+    environment:
+      - MARATHON_ZK=zk://zookeeper:2181/marathon
+      - MARATHON_MASTER=zk://zookeeper:2181/mesos
--- a/examples/compose-rancher.yml
+++ b/examples/compose-rancher.yml
@@ -0,0 +1,10 @@
+traefik:
+  image: traefik
+  command: --web --rancher --rancher.domain=rancher.localhost --logLevel=DEBUG
+    labels:
+      io.rancher.container.agent.role: environment
+      io.rancher.container.create_agent: 'true'
+  ports:
+    - "80:80"
+    - "443:443"
+    - "8080:8080"
--- a/examples/compose-traefik.yml
+++ b/examples/compose-traefik.yml
@@ -0,0 +1,20 @@
+traefik:
+  image: traefik
+  command: -c /dev/null --web --docker --docker.domain=docker.localhost --logLevel=DEBUG
+  ports:
+    - "80:80"
+    - "8080:8080"
+  volumes:
+    - /var/run/docker.sock:/var/run/docker.sock
+
+whoami1:
+  image: emilevauge/whoami
+  labels:
+    - "traefik.backend=whoami"
+    - "traefik.frontend.rule=Host:whoami.docker.localhost"
+
+whoami2:
+  image: emilevauge/whoami
+  labels:
+    - "traefik.backend=whoami"
+    - "traefik.frontend.rule=Host:whoami.docker.localhost"
--- a/examples/consul-config.sh
+++ b/examples/consul-config.sh
@@ -16,10 +16,10 @@ curl -i -H "Accept: application/json" -X PUT -d "2"                           ht

 # frontend 1
 curl -i -H "Accept: application/json" -X PUT -d "backend2"                    http://localhost:8500/v1/kv/traefik/frontends/frontend1/backend
-curl -i -H "Accept: application/json" -X PUT -d "Host"                        http://localhost:8500/v1/kv/traefik/frontends/frontend1/routes/test_1/rule
-curl -i -H "Accept: application/json" -X PUT -d "test.localhost"              http://localhost:8500/v1/kv/traefik/frontends/frontend1/routes/test_1/value
+curl -i -H "Accept: application/json" -X PUT -d "http"                        http://localhost:8500/v1/kv/traefik/frontends/frontend1/entrypoints
+curl -i -H "Accept: application/json" -X PUT -d "Host:test.localhost"         http://localhost:8500/v1/kv/traefik/frontends/frontend1/routes/test_1/rule

 # frontend 2
 curl -i -H "Accept: application/json" -X PUT -d "backend1"                    http://localhost:8500/v1/kv/traefik/frontends/frontend2/backend
-curl -i -H "Accept: application/json" -X PUT -d "Path"                        http://localhost:8500/v1/kv/traefik/frontends/frontend2/routes/test_2/rule
-curl -i -H "Accept: application/json" -X PUT -d "/test"                       http://localhost:8500/v1/kv/traefik/frontends/frontend2/routes/test_2/value
+curl -i -H "Accept: application/json" -X PUT -d "http"                  http://localhost:8500/v1/kv/traefik/frontends/frontend2/entrypoints
+curl -i -H "Accept: application/json" -X PUT -d "Path:/test"                  http://localhost:8500/v1/kv/traefik/frontends/frontend2/routes/test_2/rule
--- a/examples/etcd-config.sh
+++ b/examples/etcd-config.sh
@@ -0,0 +1,25 @@
+#!/bin/sh
+
+# backend 1
+curl -i -H "Accept: application/json" -X PUT -d value="NetworkErrorRatio() > 0.5"   http://localhost:2379/v2/keys/traefik/backends/backend1/circuitbreaker/expression
+curl -i -H "Accept: application/json" -X PUT -d value="http://172.17.0.2:80"        http://localhost:2379/v2/keys/traefik/backends/backend1/servers/server1/url
+curl -i -H "Accept: application/json" -X PUT -d value="10"                          http://localhost:2379/v2/keys/traefik/backends/backend1/servers/server1/weight
+curl -i -H "Accept: application/json" -X PUT -d value="http://172.17.0.3:80"        http://localhost:2379/v2/keys/traefik/backends/backend1/servers/server2/url
+curl -i -H "Accept: application/json" -X PUT -d value="1"                           http://localhost:2379/v2/keys/traefik/backends/backend1/servers/server2/weight
+
+# backend 2
+curl -i -H "Accept: application/json" -X PUT -d value="drr"                         http://localhost:2379/v2/keys/traefik/backends/backend2/loadbalancer/method
+curl -i -H "Accept: application/json" -X PUT -d value="http://172.17.0.4:80"        http://localhost:2379/v2/keys/traefik/backends/backend2/servers/server1/url
+curl -i -H "Accept: application/json" -X PUT -d value="1"                           http://localhost:2379/v2/keys/traefik/backends/backend2/servers/server1/weight
+curl -i -H "Accept: application/json" -X PUT -d value="http://172.17.0.5:80"        http://localhost:2379/v2/keys/traefik/backends/backend2/servers/server2/url
+curl -i -H "Accept: application/json" -X PUT -d value="2"                           http://localhost:2379/v2/keys/traefik/backends/backend2/servers/server2/weight
+
+# frontend 1
+curl -i -H "Accept: application/json" -X PUT -d value="backend2"                    http://localhost:2379/v2/keys/traefik/frontends/frontend1/backend
+curl -i -H "Accept: application/json" -X PUT -d value="http"                        http://localhost:2379/v2/keys/traefik/frontends/frontend1/entrypoints
+curl -i -H "Accept: application/json" -X PUT -d value="Host:test.localhost"         http://localhost:2379/v2/keys/traefik/frontends/frontend1/routes/test_1/rule
+
+# frontend 2
+curl -i -H "Accept: application/json" -X PUT -d value="backend1"                    http://localhost:2379/v2/keys/traefik/frontends/frontend2/backend
+curl -i -H "Accept: application/json" -X PUT -d value="http"                        http://localhost:2379/v2/keys/traefik/frontends/frontend2/entrypoints
+curl -i -H "Accept: application/json" -X PUT -d value="Path:/test"                  http://localhost:2379/v2/keys/traefik/frontends/frontend2/routes/test_2/rule
--- a/examples/k8s.namespace.yaml
+++ b/examples/k8s.namespace.yaml
@@ -0,0 +1,6 @@
+kind: Namespace
+apiVersion: v1
+metadata:
+  name: kube-system
+  labels:
+    name: kube-system
--- a/examples/k8s/cheese-deployments.yaml
+++ b/examples/k8s/cheese-deployments.yaml
@@ -0,0 +1,99 @@
+---
+kind: Deployment
+apiVersion: extensions/v1beta1
+metadata:
+  name: stilton
+  labels:
+    app: cheese
+    cheese: stilton
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: cheese
+      task: stilton
+  template:
+    metadata:
+      labels:
+        app: cheese
+        task: stilton
+        version: v0.0.1
+    spec:
+      containers:
+      - name: cheese
+        image: errm/cheese:stilton
+        resources:
+          requests:
+            cpu: 100m
+            memory: 50Mi
+          limits:
+            cpu: 100m
+            memory: 50Mi
+        ports:
+        - containerPort: 80
+---
+kind: Deployment
+apiVersion: extensions/v1beta1
+metadata:
+  name: cheddar
+  labels:
+    app: cheese
+    cheese: cheddar
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: cheese
+      task: cheddar
+  template:
+    metadata:
+      labels:
+        app: cheese
+        task: cheddar
+        version: v0.0.1
+    spec:
+      containers:
+      - name: cheese
+        image: errm/cheese:cheddar
+        resources:
+          requests:
+            cpu: 100m
+            memory: 50Mi
+          limits:
+            cpu: 100m
+            memory: 50Mi
+        ports:
+        - containerPort: 80
+---
+kind: Deployment
+apiVersion: extensions/v1beta1
+metadata:
+  name: wensleydale
+  labels:
+    app: cheese
+    cheese: wensleydale
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: cheese
+      task: wensleydale
+  template:
+    metadata:
+      labels:
+        app: cheese
+        task: wensleydale
+        version: v0.0.1
+    spec:
+      containers:
+      - name: cheese
+        image: errm/cheese:wensleydale
+        resources:
+          requests:
+            cpu: 100m
+            memory: 50Mi
+          limits:
+            cpu: 100m
+            memory: 50Mi
+        ports:
+        - containerPort: 80
--- a/examples/k8s/cheese-ingress.yaml
+++ b/examples/k8s/cheese-ingress.yaml
@@ -0,0 +1,27 @@
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: cheese
+spec:
+  rules:
+  - host: stilton.local
+    http:
+      paths:
+      - path: /
+        backend:
+          serviceName: stilton
+          servicePort: http
+  - host: cheddar.local
+    http:
+      paths:
+      - path: /
+        backend:
+          serviceName: cheddar
+          servicePort: http
+  - host: wensleydale.local
+    http:
+      paths:
+      - path: /
+        backend:
+          serviceName: wensleydale
+          servicePort: http
--- a/examples/k8s/cheese-services.yaml
+++ b/examples/k8s/cheese-services.yaml
@@ -0,0 +1,39 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: stilton
+spec:
+  ports:
+  - name: http
+    targetPort: 80
+    port: 80
+  selector:
+    app: cheese
+    task: stilton
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: cheddar
+spec:
+  ports:
+  - name: http
+    targetPort: 80
+    port: 80
+  selector:
+    app: cheese
+    task: cheddar
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: wensleydale
+spec:
+  ports:
+  - name: http
+    targetPort: 80
+    port: 80
+  selector:
+    app: cheese
+    task: wensleydale
--- a/examples/k8s/cheeses-ingress.yaml
+++ b/examples/k8s/cheeses-ingress.yaml
@@ -0,0 +1,23 @@
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: cheeses
+  annotations:
+    traefik.frontend.rule.type: pathprefixstrip
+spec:
+  rules:
+  - host: cheeses.local
+    http:
+      paths:
+      - path: /stilton
+        backend:
+          serviceName: stilton
+          servicePort: http
+      - path: /cheddar
+        backend:
+          serviceName: cheddar
+          servicePort: http
+      - path: /wensleydale
+        backend:
+          serviceName: wensleydale
+          servicePort: http
--- a/examples/k8s/traefik.yaml
+++ b/examples/k8s/traefik.yaml
@@ -0,0 +1,42 @@
+apiVersion: v1
+kind: Deployment
+apiVersion: extensions/v1beta1
+metadata:
+  name: traefik-ingress-controller
+  namespace: kube-system
+  labels:
+    k8s-app: traefik-ingress-lb
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      k8s-app: traefik-ingress-lb
+  template:
+    metadata:
+      labels:
+        k8s-app: traefik-ingress-lb
+        name: traefik-ingress-lb
+    spec:
+      terminationGracePeriodSeconds: 60
+      hostNetwork: true
+      containers:
+      - image: traefik
+        name: traefik-ingress-lb
+        resources:
+          limits:
+            cpu: 200m
+            memory: 30Mi
+          requests:
+            cpu: 100m
+            memory: 20Mi
+        ports:
+        - name: http
+          containerPort: 80
+          hostPort: 80
+        - name: admin
+          containerPort: 8081
+        args:
+        - -d
+        - --web
+        - --web.address=:8081
+        - --kubernetes
--- a/examples/k8s/ui.yaml
+++ b/examples/k8s/ui.yaml
@@ -0,0 +1,28 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: traefik-web-ui
+  namespace: kube-system
+spec:
+  selector:
+    k8s-app: traefik-ingress-lb
+  ports:
+  - name: web
+    port: 80
+    targetPort: 8081
+---
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  name: traefik-web-ui
+  namespace: kube-system
+spec:
+  rules:
+  - host: traefik-ui.local
+    http:
+      paths:
+      - path: /
+        backend:
+          serviceName: traefik-web-ui
+          servicePort: web
--- a/examples/traefik.crt
+++ b/examples/traefik.crt
--- a/examples/traefik.key
+++ b/examples/traefik.key
--- a/examples/whoami-group.json
+++ b/examples/whoami-group.json
@@ -0,0 +1,40 @@
+{
+    "id": "/foo",
+    "groups": [
+        {
+            "id": "/foo/bar",
+            "apps": [
+                {
+                    "id": "whoami",
+                    "cpus": 0.1,
+                    "mem": 64.0,
+                    "instances": 3,
+                    "container": {
+                        "type": "DOCKER",
+                        "docker": {
+                            "image": "emilevauge/whoami",
+                            "network": "BRIDGE",
+                            "portMappings": [
+                                {
+                                    "containerPort": 80,
+                                    "hostPort": 0,
+                                    "protocol": "tcp"
+                                }
+                            ]
+                        }
+                    },
+                    "healthChecks": [
+                        {
+                            "protocol": "HTTP",
+                            "portIndex": 0,
+                            "path": "/",
+                            "gracePeriodSeconds": 5,
+                            "intervalSeconds": 20,
+                            "maxConsecutiveFailures": 3
+                        }
+                    ]
+                }
+            ]
+        }
+    ]
+}
--- a/examples/whoami.json
+++ b/examples/whoami.json
@@ -10,14 +10,7 @@
      "network": "BRIDGE",
      "portMappings": [
        { "containerPort": 80, "hostPort": 0, "protocol": "tcp" }
-      ],
-      "parameters": [{
-        "key": "log-driver",
-        "value": "gelf"
-      }, {
-        "key": "log-opt",
-        "value": "gelf-address=udp://172.17.42.1:12201"
-      }]
+      ]
    }
  },
  "healthChecks": [
@@ -32,8 +25,8 @@
  ],
  "labels": {
      "traefik.weight": "1",
-      "traefik.protocole": "https",
-      "traefik.frontend.rule": "Path",
-      "traefik.frontend.value": "/test"
+      "traefik.protocol": "http",
+      "traefik.frontend.rule" : "Host:test.marathon.localhost",
+      "traefik.frontend.priority" : "10"
  }
 }
--- a/generate.go
+++ b/generate.go
@@ -3,9 +3,7 @@ Copyright
 */

 //go:generate rm -vf autogen/gen.go
+//go:generate mkdir -p static
 //go:generate go-bindata -pkg autogen -o autogen/gen.go ./static/... ./templates/...

-//go:generate mkdir -p vendor/github.com/docker/docker/autogen/dockerversion
-//go:generate cp script/dockerversion vendor/github.com/docker/docker/autogen/dockerversion/dockerversion.go
-
 package main
--- a/glide.lock
+++ b/glide.lock
@@ -0,0 +1,767 @@
+hash: 741ec5fae23f12e6c0fa0e4c7c00c0af06fac1ddc199dd4b45c904856890b347
+updated: 2017-03-15T10:48:05.202095822+01:00
+imports:
+- name: bitbucket.org/ww/goautoneg
+  version: 75cd24fc2f2c2a2088577d12123ddee5f54e0675
+- name: cloud.google.com/go
+  version: c116c7972ec94f148459a304d07a67ecbc770d4b
+  subpackages:
+  - compute/metadata
+- name: github.com/abbot/go-http-auth
+  version: cb4372376e1e00e9f6ab9ec142e029302c9e7140
+- name: github.com/ArthurHlt/go-eureka-client
+  version: ba361cd0f9f571b4e871421423d2f02f5689c3d2
+  subpackages:
+  - eureka
+- name: github.com/ArthurHlt/gominlog
+  version: 068c01ce147ad68fca25ef3fa29ae5395ae273ab
+- name: github.com/aws/aws-sdk-go
+  version: 3f8f870ec9939e32b3372abf74d24e468bcd285d
+  subpackages:
+  - aws
+  - aws/awserr
+  - aws/awsutil
+  - aws/client
+  - aws/client/metadata
+  - aws/corehandlers
+  - aws/credentials
+  - aws/credentials/ec2rolecreds
+  - aws/credentials/endpointcreds
+  - aws/credentials/stscreds
+  - aws/defaults
+  - aws/ec2metadata
+  - aws/endpoints
+  - aws/request
+  - aws/session
+  - aws/signer/v4
+  - private/protocol
+  - private/protocol/ec2query
+  - private/protocol/json/jsonutil
+  - private/protocol/jsonrpc
+  - private/protocol/query
+  - private/protocol/query/queryutil
+  - private/protocol/rest
+  - private/protocol/restxml
+  - private/protocol/xml/xmlutil
+  - private/waiter
+  - service/ec2
+  - service/ecs
+  - service/route53
+  - service/sts
+- name: github.com/Azure/azure-sdk-for-go
+  version: 1620af6b32398bfc91827ceae54a8cc1f55df04d
+  subpackages:
+  - arm/dns
+- name: github.com/Azure/go-autorest
+  version: 32cc2321122a649b7ba4e323527bcb145134fd47
+  subpackages:
+  - autorest
+  - autorest/azure
+  - autorest/date
+  - autorest/to
+  - autorest/validation
+- name: github.com/beorn7/perks
+  version: b965b613227fddccbfffe13eae360ed3fa822f8d
+  subpackages:
+  - quantile
+- name: github.com/blang/semver
+  version: 3a37c301dda64cbe17f16f661b4c976803c0e2d2
+- name: github.com/boltdb/bolt
+  version: 5cc10bbbc5c141029940133bb33c9e969512a698
+- name: github.com/BurntSushi/toml
+  version: 99064174e013895bbd9b025c31100bd1d9b590ca
+- name: github.com/BurntSushi/ty
+  version: 6add9cd6ad42d389d6ead1dde60b4ad71e46fd74
+  subpackages:
+  - fun
+- name: github.com/cenk/backoff
+  version: 8edc80b07f38c27352fb186d971c628a6c32552b
+- name: github.com/codahale/hdrhistogram
+  version: 9208b142303c12d8899bae836fd524ac9338b4fd
+- name: github.com/codegangsta/cli
+  version: bf4a526f48af7badd25d2cb02d587e1b01be3b50
+- name: github.com/codegangsta/negroni
+  version: dc6b9d037e8dab60cbfc09c61d6932537829be8b
+- name: github.com/containous/flaeg
+  version: a731c034dda967333efce5f8d276aeff11f8ff87
+- name: github.com/containous/mux
+  version: a819b77bba13f0c0cbe36e437bc2e948411b3996
+- name: github.com/containous/staert
+  version: 1e26a71803e428fd933f5f9c8e50a26878f53147
+- name: github.com/coreos/etcd
+  version: c400d05d0aa73e21e431c16145e558d624098018
+  subpackages:
+  - Godeps/_workspace/src/github.com/ugorji/go/codec
+  - Godeps/_workspace/src/golang.org/x/net/context
+  - client
+  - pkg/pathutil
+  - pkg/types
+- name: github.com/coreos/go-oidc
+  version: 9e117111587506b9dc83b7b38263268bf48352ea
+  subpackages:
+  - http
+  - jose
+  - key
+  - oauth2
+  - oidc
+- name: github.com/coreos/go-systemd
+  version: 48702e0da86bd25e76cfef347e2adeb434a0d0a6
+  subpackages:
+  - daemon
+- name: github.com/coreos/pkg
+  version: 2c77715c4df99b5420ffcae14ead08f52104065d
+  subpackages:
+  - capnslog
+  - health
+  - httputil
+  - timeutil
+- name: github.com/davecgh/go-spew
+  version: 6d212800a42e8ab5c146b8ace3490ee17e5225f9
+  subpackages:
+  - spew
+- name: github.com/daviddengcn/go-colortext
+  version: 3b18c8575a432453d41fdafb340099fff5bba2f7
+- name: github.com/decker502/dnspod-go
+  version: f6b1d56f1c048bd94d7e42ac36efb4d57b069b6f
+- name: github.com/dgrijalva/jwt-go
+  version: 9ed569b5d1ac936e6494082958d63a6aa4fff99a
+- name: github.com/docker/distribution
+  version: 325b0804fef3a66309d962357aac3c2ce3f4d329
+  subpackages:
+  - context
+  - digest
+  - reference
+  - registry/api/errcode
+  - registry/api/v2
+  - registry/client
+  - registry/client/auth
+  - registry/client/auth/challenge
+  - registry/client/transport
+  - registry/storage/cache
+  - registry/storage/cache/memory
+  - uuid
+- name: github.com/docker/docker
+  version: 49bf474f9ed7ce7143a59d1964ff7b7fd9b52178
+  subpackages:
+  - api/types
+  - api/types/backend
+  - api/types/blkiodev
+  - api/types/container
+  - api/types/filters
+  - api/types/mount
+  - api/types/network
+  - api/types/registry
+  - api/types/strslice
+  - api/types/swarm
+  - api/types/versions
+  - builder
+  - builder/dockerignore
+  - cliconfig
+  - cliconfig/configfile
+  - daemon/graphdriver
+  - image
+  - image/v1
+  - layer
+  - namesgenerator
+  - oci
+  - opts
+  - pkg/archive
+  - pkg/chrootarchive
+  - pkg/fileutils
+  - pkg/gitutils
+  - pkg/homedir
+  - pkg/httputils
+  - pkg/idtools
+  - pkg/ioutils
+  - pkg/jsonlog
+  - pkg/jsonmessage
+  - pkg/longpath
+  - pkg/mount
+  - pkg/namesgenerator
+  - pkg/plugingetter
+  - pkg/plugins
+  - pkg/plugins/transport
+  - pkg/pools
+  - pkg/progress
+  - pkg/promise
+  - pkg/random
+  - pkg/reexec
+  - pkg/signal
+  - pkg/stdcopy
+  - pkg/streamformatter
+  - pkg/stringid
+  - pkg/symlink
+  - pkg/system
+  - pkg/tarsum
+  - pkg/term
+  - pkg/term/windows
+  - pkg/urlutil
+  - plugin/v2
+  - reference
+  - registry
+  - runconfig/opts
+- name: github.com/docker/engine-api
+  version: 3d1601b9d2436a70b0dfc045a23f6503d19195df
+  subpackages:
+  - client
+  - client/transport
+  - client/transport/cancellable
+  - types
+  - types/blkiodev
+  - types/container
+  - types/events
+  - types/filters
+  - types/network
+  - types/reference
+  - types/registry
+  - types/strslice
+  - types/swarm
+  - types/time
+  - types/versions
+- name: github.com/docker/go-connections
+  version: 990a1a1a70b0da4c4cb70e117971a4f0babfbf1a
+  subpackages:
+  - nat
+  - sockets
+  - tlsconfig
+- name: github.com/docker/go-units
+  version: 0dadbb0345b35ec7ef35e228dabb8de89a65bf52
+- name: github.com/docker/leadership
+  version: bfc7753dd48af19513b29deec23c364bf0f274eb
+- name: github.com/docker/libkv
+  version: 35d3e2084c650109e7bcc7282655b1bc8ba924ff
+  subpackages:
+  - store
+  - store/boltdb
+  - store/consul
+  - store/etcd
+  - store/zookeeper
+- name: github.com/donovanhide/eventsource
+  version: fd1de70867126402be23c306e1ce32828455d85b
+- name: github.com/eapache/channels
+  version: 47238d5aae8c0fefd518ef2bee46290909cf8263
+- name: github.com/eapache/queue
+  version: 44cc805cf13205b55f69e14bcb69867d1ae92f98
+- name: github.com/edeckers/auroradnsclient
+  version: 8b777c170cfd377aa16bb4368f093017dddef3f9
+  subpackages:
+  - records
+  - requests
+  - requests/errors
+  - tokens
+  - zones
+- name: github.com/elazarl/go-bindata-assetfs
+  version: 57eb5e1fc594ad4b0b1dbea7b286d299e0cb43c2
+- name: github.com/emicklei/go-restful
+  version: 892402ba11a2e2fd5e1295dd633481f27365f14d
+  subpackages:
+  - log
+  - swagger
+- name: github.com/gambol99/go-marathon
+  version: 6b00a5b651b1beb2c6821863f7c60df490bd46c8
+- name: github.com/ghodss/yaml
+  version: 04f313413ffd65ce25f2541bfd2b2ceec5c0908c
+- name: github.com/go-ini/ini
+  version: 6f66b0e091edb3c7b380f7c4f0f884274d550b67
+- name: github.com/go-kit/kit
+  version: f66b0e13579bfc5a48b9e2a94b1209c107ea1f41
+  subpackages:
+  - metrics
+  - metrics/internal/lv
+  - metrics/prometheus
+- name: github.com/go-openapi/jsonpointer
+  version: 8d96a2dc61536b690bd36b2e9df0b3c0b62825b2
+- name: github.com/go-openapi/jsonreference
+  version: 36d33bfe519efae5632669801b180bf1a245da3b
+- name: github.com/go-openapi/spec
+  version: 34b5ffff717ab4535aef76e3dd90818bddde571b
+- name: github.com/go-openapi/swag
+  version: 96d7b9ebd181a1735a1c9ac87914f2b32fbf56c9
+- name: github.com/gogo/protobuf
+  version: 909568be09de550ed094403c2bf8a261b5bb730a
+  subpackages:
+  - proto
+  - sortkeys
+- name: github.com/golang/glog
+  version: fca8c8854093a154ff1eb580aae10276ad6b1b5f
+- name: github.com/golang/protobuf
+  version: 5677a0e3d5e89854c9974e1256839ee23f8233ca
+  subpackages:
+  - proto
+- name: github.com/google/go-github
+  version: c8ebe3a4d7f0791a6315b7410353d4084c58805d
+  subpackages:
+  - github
+- name: github.com/google/go-querystring
+  version: 9235644dd9e52eeae6fa48efd539fdc351a0af53
+  subpackages:
+  - query
+- name: github.com/google/gofuzz
+  version: 44d81051d367757e1c7c6a5a86423ece9afcf63c
+- name: github.com/gorilla/context
+  version: 1ea25387ff6f684839d82767c1733ff4d4d15d0a
+- name: github.com/gorilla/websocket
+  version: 4873052237e4eeda85cf50c071ef33836fe8e139
+- name: github.com/hashicorp/consul
+  version: fce7d75609a04eeb9d4bf41c8dc592aac18fc97d
+  subpackages:
+  - api
+- name: github.com/hashicorp/go-cleanhttp
+  version: 875fb671b3ddc66f8e2f0acc33829c8cb989a38d
+- name: github.com/hashicorp/go-version
+  version: e96d3840402619007766590ecea8dd7af1292276
+- name: github.com/hashicorp/serf
+  version: 6c4672d66fc6312ddde18399262943e21175d831
+  subpackages:
+  - coordinate
+  - serf
+- name: github.com/JamesClonk/vultr
+  version: 9ec0427d51411407c0402b093a1771cb75af9679
+  subpackages:
+  - lib
+- name: github.com/jmespath/go-jmespath
+  version: bd40a432e4c76585ef6b72d3fd96fb9b6dc7b68d
+- name: github.com/jonboulle/clockwork
+  version: 72f9bd7c4e0c2a40055ab3d0f09654f730cce982
+- name: github.com/juju/ratelimit
+  version: 77ed1c8a01217656d2080ad51981f6e99adaa177
+- name: github.com/mailgun/manners
+  version: a585afd9d65c0e05f6c003f921e71ebc05074f4f
+- name: github.com/mailgun/timetools
+  version: fd192d755b00c968d312d23f521eb0cdc6f66bd0
+- name: github.com/mailru/easyjson
+  version: 9d6630dc8c577b56cb9687a9cf9e8578aca7298a
+  subpackages:
+  - buffer
+  - jlexer
+  - jwriter
+- name: github.com/mattn/go-shellwords
+  version: 525bedee691b5a8df547cb5cf9f86b7fb1883e24
+- name: github.com/matttproud/golang_protobuf_extensions
+  version: fc2b8d3a73c4867e51861bbdd5ae3c1f0869dd6a
+  subpackages:
+  - pbutil
+- name: github.com/mesos/mesos-go
+  version: 068d5470506e3780189fe607af40892814197c5e
+  subpackages:
+  - detector
+  - detector/zoo
+  - mesos
+  - mesosproto
+  - mesosutil
+  - upid
+- name: github.com/mesosphere/mesos-dns
+  version: b47dc4c19f215e98da687b15b4c64e70f629bea5
+  repo: https://github.com/containous/mesos-dns.git
+  vcs: git
+  subpackages:
+  - detect
+  - errorutil
+  - logging
+  - models
+  - records
+  - records/labels
+  - records/state
+  - util
+- name: github.com/Microsoft/go-winio
+  version: ce2922f643c8fd76b46cadc7f404a06282678b34
+- name: github.com/miekg/dns
+  version: 8060d9f51305bbe024b99679454e62f552cd0b0b
+- name: github.com/mitchellh/mapstructure
+  version: f3009df150dadf309fdee4a54ed65c124afad715
+- name: github.com/mvdan/xurls
+  version: fa08908f19eca8c491d68c6bd8b4b44faea6daf8
+- name: github.com/NYTimes/gziphandler
+  version: 6710af535839f57c687b62c4c23d649f9545d885
+- name: github.com/ogier/pflag
+  version: 45c278ab3607870051a2ea9040bb85fcb8557481
+- name: github.com/opencontainers/runc
+  version: 1a81e9ab1f138c091fe5c86d0883f87716088527
+  subpackages:
+  - libcontainer/configs
+  - libcontainer/devices
+  - libcontainer/system
+  - libcontainer/user
+- name: github.com/ovh/go-ovh
+  version: a8a4c0bc40e56322142649bda7b2b4bb15145b6e
+  subpackages:
+  - ovh
+- name: github.com/pborman/uuid
+  version: 5007efa264d92316c43112bc573e754bc889b7b1
+- name: github.com/pkg/errors
+  version: bfd5150e4e41705ded2129ec33379de1cb90b513
+- name: github.com/pmezard/go-difflib
+  version: d8ed2627bdf02c080bf22230dbb337003b7aba2d
+  subpackages:
+  - difflib
+- name: github.com/prometheus/client_golang
+  version: c5b7fccd204277076155f10851dad72b76a49317
+  subpackages:
+  - prometheus
+  - prometheus/promhttp
+- name: github.com/prometheus/client_model
+  version: fa8ad6fec33561be4280a8f0514318c79d7f6cb6
+  subpackages:
+  - go
+- name: github.com/prometheus/common
+  version: ffe929a3f4c4faeaa10f2b9535c2b1be3ad15650
+  subpackages:
+  - expfmt
+  - model
+- name: github.com/prometheus/procfs
+  version: 454a56f35412459b5e684fd5ec0f9211b94f002a
+- name: github.com/PuerkitoBio/purell
+  version: 0bcb03f4b4d0a9428594752bd2a3b9aa0a9d4bd4
+- name: github.com/PuerkitoBio/urlesc
+  version: 5bd2802263f21d8788851d5305584c82a5c75d7e
+- name: github.com/pyr/egoscale
+  version: ab4b0d7ff424c462da486aef27f354cdeb29a319
+  subpackages:
+  - src/egoscale
+- name: github.com/rancher/go-rancher
+  version: 5b8f6cc26b355ba03d7611fce3844155b7baf05b
+  subpackages:
+  - client
+- name: github.com/ryanuber/go-glob
+  version: 572520ed46dbddaed19ea3d9541bdd0494163693
+- name: github.com/samuel/go-zookeeper
+  version: e64db453f3512cade908163702045e0f31137843
+  subpackages:
+  - zk
+- name: github.com/satori/go.uuid
+  version: 879c5887cd475cd7864858769793b2ceb0d44feb
+- name: github.com/Sirupsen/logrus
+  version: a283a10442df8dc09befd873fab202bf8a253d6a
+- name: github.com/spf13/pflag
+  version: 5644820622454e71517561946e3d94b9f9db6842
+- name: github.com/streamrail/concurrent-map
+  version: 65a174a3a4188c0b7099acbc6cfa0c53628d3287
+- name: github.com/stretchr/objx
+  version: cbeaeb16a013161a98496fad62933b1d21786672
+- name: github.com/stretchr/testify
+  version: 69483b4bd14f5845b5a1e55bca19e954e827f1d0
+  subpackages:
+  - assert
+  - mock
+- name: github.com/thoas/stats
+  version: 152b5d051953fdb6e45f14b6826962aadc032324
+- name: github.com/timewasted/linode
+  version: 37e84520dcf74488f67654f9c775b9752c232dc1
+  subpackages:
+  - dns
+- name: github.com/tv42/zbase32
+  version: 03389da7e0bf9844767f82690f4d68fc097a1306
+- name: github.com/ugorji/go
+  version: ea9cd21fa0bc41ee4bdd50ac7ed8cbc7ea2ed960
+  subpackages:
+  - codec
+- name: github.com/unrolled/render
+  version: 198ad4d8b8a4612176b804ca10555b222a086b40
+- name: github.com/vdemeester/docker-events
+  version: be74d4929ec1ad118df54349fda4b0cba60f849b
+- name: github.com/vulcand/oxy
+  version: f88530866c561d24a6b5aac49f76d6351b788b9f
+  repo: https://github.com/containous/oxy.git
+  vcs: git
+  subpackages:
+  - cbreaker
+  - connlimit
+  - forward
+  - memmetrics
+  - roundrobin
+  - stream
+  - utils
+- name: github.com/vulcand/predicate
+  version: 19b9dde14240d94c804ae5736ad0e1de10bf8fe6
+- name: github.com/vulcand/route
+  version: cb89d787ddbb1c5849a7ac9f79004c1fd12a4a32
+- name: github.com/vulcand/vulcand
+  version: 42492a3a85e294bdbdd1bcabb8c12769a81ea284
+  subpackages:
+  - conntracker
+  - plugin
+  - plugin/rewrite
+  - router
+- name: github.com/weppos/dnsimple-go
+  version: 65c1ca73cb19baf0f8b2b33219b7f57595a3ccb0
+  subpackages:
+  - dnsimple
+- name: github.com/xenolf/lego
+  version: ce8fb060cb8361a9ff8b5fb7c2347fa907b6fcac
+  subpackages:
+  - acme
+  - providers/dns
+  - providers/dns/auroradns
+  - providers/dns/azure
+  - providers/dns/cloudflare
+  - providers/dns/digitalocean
+  - providers/dns/dnsimple
+  - providers/dns/dnsmadeeasy
+  - providers/dns/dnspod
+  - providers/dns/dyn
+  - providers/dns/exoscale
+  - providers/dns/gandi
+  - providers/dns/googlecloud
+  - providers/dns/linode
+  - providers/dns/namecheap
+  - providers/dns/ns1
+  - providers/dns/ovh
+  - providers/dns/pdns
+  - providers/dns/rackspace
+  - providers/dns/rfc2136
+  - providers/dns/route53
+  - providers/dns/vultr
+- name: golang.org/x/crypto
+  version: 4ed45ec682102c643324fae5dff8dab085b6c300
+  subpackages:
+  - bcrypt
+  - blowfish
+  - ocsp
+- name: golang.org/x/net
+  version: 242b6b35177ec3909636b6cf6a47e8c2c6324b5d
+  subpackages:
+  - context
+  - context/ctxhttp
+  - http2
+  - http2/hpack
+  - idna
+  - lex/httplex
+  - proxy
+  - publicsuffix
+- name: golang.org/x/oauth2
+  version: 3046bc76d6dfd7d3707f6640f85e42d9c4050f50
+  subpackages:
+  - google
+  - internal
+  - jws
+  - jwt
+- name: golang.org/x/sys
+  version: eb2c74142fd19a79b3f237334c7384d5167b1b46
+  subpackages:
+  - unix
+  - windows
+- name: golang.org/x/text
+  version: a49bea13b776691cb1b49873e5d8df96ec74831a
+  repo: https://github.com/golang/text.git
+  vcs: git
+  subpackages:
+  - .
+  - transform
+  - unicode/norm
+  - width
+- name: google.golang.org/api
+  version: 9bf6e6e569ff057f75d9604a46c52928f17d2b54
+  subpackages:
+  - dns/v1
+  - gensupport
+  - googleapi
+  - googleapi/internal/uritemplates
+- name: google.golang.org/appengine
+  version: 12d5545dc1cfa6047a286d5e853841b6471f4c19
+  subpackages:
+  - internal
+  - internal/app_identity
+  - internal/base
+  - internal/datastore
+  - internal/log
+  - internal/modules
+  - internal/remote_api
+  - internal/urlfetch
+  - urlfetch
+- name: google.golang.org/cloud
+  version: f20d6dcccb44ed49de45ae3703312cb46e627db1
+  subpackages:
+  - compute/metadata
+  - internal
+- name: gopkg.in/fsnotify.v1
+  version: a8a77c9133d2d6fd8334f3260d06f60e8d80a5fb
+- name: gopkg.in/inf.v0
+  version: 3887ee99ecf07df5b447e9b00d9c0b2adaa9f3e4
+- name: gopkg.in/ini.v1
+  version: 6f66b0e091edb3c7b380f7c4f0f884274d550b67
+- name: gopkg.in/mgo.v2
+  version: 29cc868a5ca65f401ff318143f9408d02f4799cc
+  subpackages:
+  - bson
+- name: gopkg.in/ns1/ns1-go.v2
+  version: d8d10b7f448291ddbdce48d4594fb1b667014c8b
+  subpackages:
+  - rest
+  - rest/model/account
+  - rest/model/data
+  - rest/model/dns
+  - rest/model/filter
+  - rest/model/monitor
+- name: gopkg.in/square/go-jose.v1
+  version: e3f973b66b91445ec816dd7411ad1b6495a5a2fc
+  subpackages:
+  - cipher
+  - json
+- name: gopkg.in/yaml.v2
+  version: bef53efd0c76e49e6de55ead051f886bea7e9420
+- name: k8s.io/client-go
+  version: 1195e3a8ee1a529d53eed7c624527a68555ddf1f
+  subpackages:
+  - 1.5/discovery
+  - 1.5/kubernetes
+  - 1.5/kubernetes/typed/apps/v1alpha1
+  - 1.5/kubernetes/typed/authentication/v1beta1
+  - 1.5/kubernetes/typed/authorization/v1beta1
+  - 1.5/kubernetes/typed/autoscaling/v1
+  - 1.5/kubernetes/typed/batch/v1
+  - 1.5/kubernetes/typed/certificates/v1alpha1
+  - 1.5/kubernetes/typed/core/v1
+  - 1.5/kubernetes/typed/extensions/v1beta1
+  - 1.5/kubernetes/typed/policy/v1alpha1
+  - 1.5/kubernetes/typed/rbac/v1alpha1
+  - 1.5/kubernetes/typed/storage/v1beta1
+  - 1.5/pkg/api
+  - 1.5/pkg/api/errors
+  - 1.5/pkg/api/install
+  - 1.5/pkg/api/meta
+  - 1.5/pkg/api/meta/metatypes
+  - 1.5/pkg/api/resource
+  - 1.5/pkg/api/unversioned
+  - 1.5/pkg/api/v1
+  - 1.5/pkg/api/validation/path
+  - 1.5/pkg/apimachinery
+  - 1.5/pkg/apimachinery/announced
+  - 1.5/pkg/apimachinery/registered
+  - 1.5/pkg/apis/apps
+  - 1.5/pkg/apis/apps/install
+  - 1.5/pkg/apis/apps/v1alpha1
+  - 1.5/pkg/apis/authentication
+  - 1.5/pkg/apis/authentication/install
+  - 1.5/pkg/apis/authentication/v1beta1
+  - 1.5/pkg/apis/authorization
+  - 1.5/pkg/apis/authorization/install
+  - 1.5/pkg/apis/authorization/v1beta1
+  - 1.5/pkg/apis/autoscaling
+  - 1.5/pkg/apis/autoscaling/install
+  - 1.5/pkg/apis/autoscaling/v1
+  - 1.5/pkg/apis/batch
+  - 1.5/pkg/apis/batch/install
+  - 1.5/pkg/apis/batch/v1
+  - 1.5/pkg/apis/batch/v2alpha1
+  - 1.5/pkg/apis/certificates
+  - 1.5/pkg/apis/certificates/install
+  - 1.5/pkg/apis/certificates/v1alpha1
+  - 1.5/pkg/apis/extensions
+  - 1.5/pkg/apis/extensions/install
+  - 1.5/pkg/apis/extensions/v1beta1
+  - 1.5/pkg/apis/policy
+  - 1.5/pkg/apis/policy/install
+  - 1.5/pkg/apis/policy/v1alpha1
+  - 1.5/pkg/apis/rbac
+  - 1.5/pkg/apis/rbac/install
+  - 1.5/pkg/apis/rbac/v1alpha1
+  - 1.5/pkg/apis/storage
+  - 1.5/pkg/apis/storage/install
+  - 1.5/pkg/apis/storage/v1beta1
+  - 1.5/pkg/auth/user
+  - 1.5/pkg/conversion
+  - 1.5/pkg/conversion/queryparams
+  - 1.5/pkg/fields
+  - 1.5/pkg/genericapiserver/openapi/common
+  - 1.5/pkg/labels
+  - 1.5/pkg/runtime
+  - 1.5/pkg/runtime/serializer
+  - 1.5/pkg/runtime/serializer/json
+  - 1.5/pkg/runtime/serializer/protobuf
+  - 1.5/pkg/runtime/serializer/recognizer
+  - 1.5/pkg/runtime/serializer/streaming
+  - 1.5/pkg/runtime/serializer/versioning
+  - 1.5/pkg/selection
+  - 1.5/pkg/third_party/forked/golang/reflect
+  - 1.5/pkg/types
+  - 1.5/pkg/util
+  - 1.5/pkg/util/cert
+  - 1.5/pkg/util/clock
+  - 1.5/pkg/util/errors
+  - 1.5/pkg/util/flowcontrol
+  - 1.5/pkg/util/framer
+  - 1.5/pkg/util/integer
+  - 1.5/pkg/util/intstr
+  - 1.5/pkg/util/json
+  - 1.5/pkg/util/labels
+  - 1.5/pkg/util/net
+  - 1.5/pkg/util/parsers
+  - 1.5/pkg/util/rand
+  - 1.5/pkg/util/runtime
+  - 1.5/pkg/util/sets
+  - 1.5/pkg/util/uuid
+  - 1.5/pkg/util/validation
+  - 1.5/pkg/util/validation/field
+  - 1.5/pkg/util/wait
+  - 1.5/pkg/util/yaml
+  - 1.5/pkg/version
+  - 1.5/pkg/watch
+  - 1.5/pkg/watch/versioned
+  - 1.5/plugin/pkg/client/auth
+  - 1.5/plugin/pkg/client/auth/gcp
+  - 1.5/plugin/pkg/client/auth/oidc
+  - 1.5/rest
+  - 1.5/tools/cache
+  - 1.5/tools/clientcmd/api
+  - 1.5/tools/metrics
+  - 1.5/transport
+testImports:
+- name: github.com/Azure/go-ansiterm
+  version: fa152c58bc15761d0200cb75fe958b89a9d4888e
+  subpackages:
+  - winterm
+- name: github.com/cloudfoundry-incubator/candiedyaml
+  version: 99c3df83b51532e3615f851d8c2dbb638f5313bf
+- name: github.com/docker/libcompose
+  version: d1876c1d68527a49c0aac22a0b161acc7296b740
+  subpackages:
+  - config
+  - docker
+  - docker/builder
+  - docker/client
+  - docker/network
+  - labels
+  - logger
+  - lookup
+  - project
+  - project/events
+  - project/options
+  - utils
+  - version
+  - yaml
+- name: github.com/flynn/go-shlex
+  version: 3f9db97f856818214da2e1057f8ad84803971cff
+- name: github.com/go-check/check
+  version: 11d3bc7aa68e238947792f30573146a3231fc0f1
+- name: github.com/gorilla/mux
+  version: e444e69cbd2e2e3e0749a2f3c717cec491552bbf
+- name: github.com/libkermit/compose
+  version: cadc5a3b83a15790174bd7fbc75ea2529785e772
+  subpackages:
+  - check
+- name: github.com/libkermit/docker
+  version: 55e3595409924fcfbb850811e5a7cdbe8960a0b7
+- name: github.com/libkermit/docker-check
+  version: cbe0ef03b3d23070eac4d00ba8828f2cc7f7e5a3
+- name: github.com/opencontainers/runtime-spec
+  version: 06479209bdc0d4135911688c18157bd39bd99c22
+  subpackages:
+  - specs-go
+- name: github.com/vbatts/tar-split
+  version: 6810cedb21b2c3d0b9bb8f9af12ff2dc7a2f14df
+  subpackages:
+  - archive/tar
+  - tar/asm
+  - tar/storage
+- name: github.com/vdemeester/shakers
+  version: 24d7f1d6a71aa5d9cbe7390e4afb66b7eef9e1b3
+- name: github.com/xeipuuv/gojsonpointer
+  version: e0fe6f68307607d540ed8eac07a342c33fa1b54a
+- name: github.com/xeipuuv/gojsonreference
+  version: e02fc20de94c78484cd5ffb007f8af96be030a45
+- name: github.com/xeipuuv/gojsonschema
+  version: 00f9fafb54d2244d291b86ab63d12c38bd5c3886
+- name: golang.org/x/time
+  version: a4bde12657593d5e90d0533a3e4fd95e635124cb
+  subpackages:
+  - rate
--- a/glide.yaml
+++ b/glide.yaml
@@ -1,144 +1,141 @@
-package: main
+package: github.com/containous/traefik
 import:
-  - package: github.com/coreos/go-etcd
-    ref:     cc90c7b091275e606ad0ca7102a23fb2072f3f5e
-    subpackages:
-      - etcd
-  - package: github.com/docker/distribution
-    ref:     9038e48c3b982f8e82281ea486f078a73731ac4e
-  - package: github.com/mailgun/log
-    ref:     44874009257d4d47ba9806f1b7f72a32a015e4d8
-  - package: github.com/mailgun/oxy
-    ref:     547c334d658398c05b346c0b79d8f47ba2e1473b
-    subpackages:
-      - cbreaker
-      - forward
-      - memmetrics
-      - roundrobin
-      - utils
-  - package: github.com/hashicorp/consul
-    ref:     de080672fee9e6104572eeea89eccdca135bb918
-    subpackages:
-      - api
-  - package: github.com/samuel/go-zookeeper
-    ref:     fa6674abf3f4580b946a01bf7a1ce4ba8766205b
-    subpackages:
-      - zk
-  - package: github.com/docker/libtrust
-    ref:     9cbd2a1374f46905c68a4eb3694a130610adc62a
-  - package: gopkg.in/check.v1
-    ref:     11d3bc7aa68e238947792f30573146a3231fc0f1
-  - package: golang.org/x/net
-    ref:     d9558e5c97f85372afee28cf2b6059d7d3818919
-    subpackages:
-      - context
-  - package: github.com/gorilla/handlers
-    ref:     40694b40f4a928c062f56849989d3e9cd0570e5f
-  - package: github.com/docker/libkv
-    ref:     3732f7ff1b56057c3158f10bceb1e79133025373
-  - package: github.com/alecthomas/template
-    ref:     b867cc6ab45cece8143cfcc6fc9c77cf3f2c23c0
-  - package: github.com/vdemeester/shakers
-    ref:     8fe734f75f3a70b651cbfbf8a55a009da09e8dc5
-  - package: github.com/alecthomas/units
-    ref:     6b4e7dc5e3143b85ea77909c72caf89416fc2915
-  - package: github.com/gambol99/go-marathon
-    ref:     0ba31bcb0d7633ba1888d744c42990eb15281cf1
-  - package: github.com/mailgun/predicate
-    ref:     cb0bff91a7ab7cf7571e661ff883fc997bc554a3
-  - package: github.com/thoas/stats
-    ref:     54ed61c2b47e263ae2f01b86837b0c4bd1da28e8
-  - package: github.com/samalba/dockerclient
-    ref:     cfb489c624b635251a93e74e1e90eb0959c5367f
-  - package: github.com/Sirupsen/logrus
-    ref:     418b41d23a1bf978c06faea5313ba194650ac088
-  - package: github.com/unrolled/render
-    ref:     26b4e3aac686940fe29521545afad9966ddfc80c
-  - package: github.com/flynn/go-shlex
-    ref:     3f9db97f856818214da2e1057f8ad84803971cff
-  - package: github.com/fsouza/go-dockerclient
-    ref:     0239034d42f665efa17fd77c39f891c2f9f32922
-  - package: github.com/boltdb/bolt
-    ref:     51f99c862475898df9773747d3accd05a7ca33c1
-  - package: gopkg.in/mgo.v2
-    ref:     22287bab4379e1fbf6002fb4eb769888f3fb224c
-    subpackages:
-      - bson
-  - package: github.com/docker/docker
-    ref:     f39987afe8d611407887b3094c03d6ba6a766a67
-    subpackages:
-      - autogen
-      - api
-      - cliconfig
-      - daemon/network
-      - graph/tags
-      - image
-      - opts
-      - pkg/archive
-      - pkg/fileutils
-      - pkg/homedir
-      - pkg/httputils
-      - pkg/ioutils
-      - pkg/jsonmessage
-      - pkg/mflag
-      - pkg/nat
-      - pkg/parsers
-      - pkg/pools
-      - pkg/promise
-      - pkg/random
-      - pkg/stdcopy
-      - pkg/stringid
-      - pkg/symlink
-      - pkg/system
-      - pkg/tarsum
-      - pkg/term
-      - pkg/timeutils
-      - pkg/tlsconfig
-      - pkg/ulimit
-      - pkg/units
-      - pkg/urlutil
-      - pkg/useragent
-      - pkg/version
-      - registry
-      - runconfig
-      - utils
-      - volume
-  - package: github.com/mailgun/timetools
-    ref:     fd192d755b00c968d312d23f521eb0cdc6f66bd0
-  - package: github.com/codegangsta/negroni
-    ref:     c7477ad8e330bef55bf1ebe300cf8aa67c492d1b
-  - package: gopkg.in/yaml.v2
-    ref:     7ad95dd0798a40da1ccdff6dff35fd177b5edf40
-  - package: github.com/opencontainers/runc
-    ref:     4ab132458fc3e9dbeea624153e0331952dc4c8d5
-    subpackages:
-      - libcontainer/user
-  - package: github.com/gorilla/mux
-    ref:     f15e0c49460fd49eebe2bcc8486b05d1bef68d3a
-  - package: github.com/BurntSushi/ty
-    ref:     6add9cd6ad42d389d6ead1dde60b4ad71e46fd74
-  - package: github.com/elazarl/go-bindata-assetfs
-    ref:     d5cac425555ca5cf00694df246e04f05e6a55150
-  - package: github.com/BurntSushi/toml
-    ref:     bd2bdf7f18f849530ef7a1c29a4290217cab32a1
-  - package: gopkg.in/alecthomas/kingpin.v2
-    ref:     639879d6110b1b0409410c7b737ef0bb18325038
-  - package: github.com/docker/libcompose
-    ref:     79ef5d150f053a5b12f16b02d8844ed7cf33611a
-    subpackages:
-      - docker
-      - logger
-      - lookup
-      - project
-      - utils
-  - package: github.com/cenkalti/backoff
-    ref:     4dc77674aceaabba2c7e3da25d4c823edfb73f99
-  - package: gopkg.in/fsnotify.v1
-    ref:     96c060f6a6b7e0d6f75fddd10efeaca3e5d1bcb0
-  - package: github.com/mailgun/manners
-    ref:     37136f736785d7c6aa3b9a27b4b2dd1028ca6d79
-  - package: github.com/gorilla/context
-    ref:     215affda49addc4c8ef7e2534915df2c8c35c6cd
-  - package: github.com/codahale/hdrhistogram
-    ref:     954f16e8b9ef0e5d5189456aa4c1202758e04f17
-  - package: github.com/gorilla/websocket
+- package: github.com/BurntSushi/toml
+- package: github.com/BurntSushi/ty
+  subpackages:
+  - fun
+- package: github.com/Sirupsen/logrus
+- package: github.com/cenk/backoff
+- package: github.com/containous/flaeg
+  version: a731c034dda967333efce5f8d276aeff11f8ff87
+- package: github.com/vulcand/oxy
+  version: f88530866c561d24a6b5aac49f76d6351b788b9f
+  repo: https://github.com/containous/oxy.git
+  vcs: git
+  subpackages:
+  - cbreaker
+  - connlimit
+  - forward
+  - roundrobin
+  - stream
+  - utils
+- package: github.com/containous/staert
+  version: 1e26a71803e428fd933f5f9c8e50a26878f53147
+- package: github.com/docker/engine-api
+  version: v0.4.0
+  subpackages:
+  - client
+  - types
+  - types/events
+  - types/filters
+- package: github.com/docker/go-connections
+  version: v0.2.1
+  subpackages:
+  - sockets
+  - tlsconfig
+- package: github.com/docker/go-units
+  version: 0dadbb0345b35ec7ef35e228dabb8de89a65bf52
+- package: github.com/docker/libkv
+  subpackages:
+  - store
+  - store/boltdb
+  - store/consul
+  - store/etcd
+  - store/zookeeper
+- package: github.com/elazarl/go-bindata-assetfs
+- package: github.com/containous/mux
+- package: github.com/hashicorp/consul
+  subpackages:
+  - api
+- package: github.com/mailgun/manners
+- package: github.com/streamrail/concurrent-map
+- package: github.com/stretchr/testify
+  subpackages:
+  - mock
+- package: github.com/thoas/stats
+  version: 152b5d051953fdb6e45f14b6826962aadc032324
+- package: github.com/unrolled/render
+- package: github.com/vdemeester/docker-events
+  version: be74d4929ec1ad118df54349fda4b0cba60f849b
+- package: github.com/vulcand/vulcand
+  version: 42492a3a85e294bdbdd1bcabb8c12769a81ea284
+  subpackages:
+  - plugin/rewrite
+- package: github.com/xenolf/lego
+  version: ce8fb060cb8361a9ff8b5fb7c2347fa907b6fcac
+  subpackages:
+  - acme
+- package: gopkg.in/fsnotify.v1
+- package: github.com/docker/docker
+  version: v1.13.0
+  subpackages:
+  - namesgenerator
+- package: github.com/mattn/go-shellwords
+- package: github.com/ryanuber/go-glob
+- package: github.com/mesos/mesos-go
+  subpackages:
+  - mesosproto
+  - mesos
+  - upid
+  - mesosutil
+  - detector
+- package: github.com/miekg/dns
+  version: 8060d9f51305bbe024b99679454e62f552cd0b0b
+- package: github.com/mesosphere/mesos-dns
+  version: b47dc4c19f215e98da687b15b4c64e70f629bea5
+  repo: https://github.com/containous/mesos-dns.git
+  vcs: git
+- package: github.com/abbot/go-http-auth
+- package: github.com/NYTimes/gziphandler
+- package: github.com/docker/leadership
+- package: github.com/satori/go.uuid
+  version: ^1.1.0
+- package: k8s.io/client-go
+  version: ^v1.5.0
+- package: github.com/gambol99/go-marathon
+  version: ^0.5.1
+- package: github.com/ArthurHlt/go-eureka-client
+  subpackages:
+  - eureka
+- package: github.com/coreos/go-systemd
+  version: v14
+  subpackages:
+  - daemon
+- package: github.com/google/go-github
+- package: github.com/hashicorp/go-version
+- package: github.com/mvdan/xurls
+- package: github.com/go-kit/kit
+  version: v0.3.0
+  subpackages:
+  - metrics
+- package: github.com/eapache/channels
+  version: v1.1.0
+- package: golang.org/x/net
+  version: 242b6b35177ec3909636b6cf6a47e8c2c6324b5d
+  subpackages:
+  - http2
+  - context
+- package: github.com/docker/distribution
+  version: v2.6.0
+- package: github.com/aws/aws-sdk-go
+  version: v1.6.18
+  subpackages:
+  - aws
+  - aws/credentials
+  - aws/defaults
+  - aws/ec2metadata
+  - aws/endpoints
+  - aws/request
+  - aws/session
+  - service/ec2
+  - service/ecs
+- package: cloud.google.com/go
+  version: v0.6.0
+  subpackages:
+  - compute/metadata
+- package: github.com/gogo/protobuf
+  version: v0.3
+  subpackages:
+  - proto
+- package: github.com/rancher/go-rancher
+  version: 5b8f6cc26b355ba03d7611fce3844155b7baf05b
--- a/healthcheck/healthcheck.go
+++ b/healthcheck/healthcheck.go
@@ -0,0 +1,117 @@
+package healthcheck
+
+import (
+	"context"
+	"net/http"
+	"net/url"
+	"sync"
+	"time"
+
+	"github.com/containous/traefik/log"
+	"github.com/containous/traefik/safe"
+	"github.com/vulcand/oxy/roundrobin"
+)
+
+var singleton *HealthCheck
+var once sync.Once
+
+// GetHealthCheck Get HealtchCheck Singleton
+func GetHealthCheck() *HealthCheck {
+	once.Do(func() {
+		singleton = newHealthCheck()
+	})
+	return singleton
+}
+
+// BackendHealthCheck HealthCheck configuration for a backend
+type BackendHealthCheck struct {
+	Path         string
+	Interval     time.Duration
+	DisabledURLs []*url.URL
+	lb           loadBalancer
+}
+
+var launch = false
+
+//HealthCheck struct
+type HealthCheck struct {
+	Backends map[string]*BackendHealthCheck
+	cancel   context.CancelFunc
+}
+
+type loadBalancer interface {
+	RemoveServer(u *url.URL) error
+	UpsertServer(u *url.URL, options ...roundrobin.ServerOption) error
+	Servers() []*url.URL
+}
+
+func newHealthCheck() *HealthCheck {
+	return &HealthCheck{make(map[string]*BackendHealthCheck), nil}
+}
+
+// NewBackendHealthCheck Instantiate a new BackendHealthCheck
+func NewBackendHealthCheck(URL string, interval time.Duration, lb loadBalancer) *BackendHealthCheck {
+	return &BackendHealthCheck{URL, interval, nil, lb}
+}
+
+//SetBackendsConfiguration set backends configuration
+func (hc *HealthCheck) SetBackendsConfiguration(parentCtx context.Context, backends map[string]*BackendHealthCheck) {
+	hc.Backends = backends
+	if hc.cancel != nil {
+		hc.cancel()
+	}
+	ctx, cancel := context.WithCancel(parentCtx)
+	hc.cancel = cancel
+	hc.execute(ctx)
+}
+
+func (hc *HealthCheck) execute(ctx context.Context) {
+	for backendID, backend := range hc.Backends {
+		currentBackend := backend
+		currentBackendID := backendID
+		safe.Go(func() {
+			for {
+				ticker := time.NewTicker(currentBackend.Interval)
+				select {
+				case <-ctx.Done():
+					log.Debugf("Stopping all current Healthcheck goroutines")
+					return
+				case <-ticker.C:
+					log.Debugf("Refreshing Healthcheck for currentBackend %s ", currentBackendID)
+					enabledURLs := currentBackend.lb.Servers()
+					var newDisabledURLs []*url.URL
+					for _, url := range currentBackend.DisabledURLs {
+						if checkHealth(url, currentBackend.Path) {
+							log.Debugf("HealthCheck is up [%s]: Upsert in server list", url.String())
+							currentBackend.lb.UpsertServer(url, roundrobin.Weight(1))
+						} else {
+							newDisabledURLs = append(newDisabledURLs, url)
+						}
+					}
+					currentBackend.DisabledURLs = newDisabledURLs
+
+					for _, url := range enabledURLs {
+						if !checkHealth(url, currentBackend.Path) {
+							log.Debugf("HealthCheck has failed [%s]: Remove from server list", url.String())
+							currentBackend.lb.RemoveServer(url)
+							currentBackend.DisabledURLs = append(currentBackend.DisabledURLs, url)
+						}
+					}
+
+				}
+			}
+		})
+	}
+}
+
+func checkHealth(serverURL *url.URL, path string) bool {
+	timeout := time.Duration(5 * time.Second)
+	client := http.Client{
+		Timeout: timeout,
+	}
+	resp, err := client.Get(serverURL.String() + path)
+	if err != nil || resp.StatusCode != 200 {
+		return false
+	}
+	return true
+}
--- a/integration/access_log_test.go
+++ b/integration/access_log_test.go
@@ -0,0 +1,106 @@
+package main
+
+import (
+	"fmt"
+	"io/ioutil"
+	"net"
+	"net/http"
+	"net/http/httptest"
+	"os"
+	"os/exec"
+	"regexp"
+	"strings"
+	"time"
+
+	"github.com/go-check/check"
+	shellwords "github.com/mattn/go-shellwords"
+
+	checker "github.com/vdemeester/shakers"
+)
+
+// AccessLogSuite
+type AccessLogSuite struct{ BaseSuite }
+
+func (s *AccessLogSuite) TestAccessLog(c *check.C) {
+	// Ensure working directory is clean
+	os.Remove("access.log")
+	os.Remove("traefik.log")
+
+	// Start Traefik
+	cmd := exec.Command(traefikBinary, "--configFile=fixtures/access_log_config.toml")
+	err := cmd.Start()
+	c.Assert(err, checker.IsNil)
+	defer cmd.Process.Kill()
+	defer os.Remove("access.log")
+	defer os.Remove("traefik.log")
+
+	time.Sleep(500 * time.Millisecond)
+
+	// Verify Traefik started OK
+	traefikLog, err := ioutil.ReadFile("traefik.log")
+	c.Assert(err, checker.IsNil)
+	if len(traefikLog) > 0 {
+		fmt.Printf("%s\n", string(traefikLog))
+		c.Assert(len(traefikLog), checker.Equals, 0)
+	}
+
+	// Start test servers
+	ts1 := startAccessLogServer(8081)
+	defer ts1.Close()
+	ts2 := startAccessLogServer(8082)
+	defer ts2.Close()
+	ts3 := startAccessLogServer(8083)
+	defer ts3.Close()
+
+	// Make some requests
+	_, err = http.Get("http://127.0.0.1:8000/test1")
+	c.Assert(err, checker.IsNil)
+	_, err = http.Get("http://127.0.0.1:8000/test2")
+	c.Assert(err, checker.IsNil)
+	_, err = http.Get("http://127.0.0.1:8000/test2")
+	c.Assert(err, checker.IsNil)
+
+	// Verify access.log output as expected
+	accessLog, err := ioutil.ReadFile("access.log")
+	c.Assert(err, checker.IsNil)
+	lines := strings.Split(string(accessLog), "\n")
+	count := 0
+	for i, line := range lines {
+		if len(line) > 0 {
+			count++
+			tokens, err := shellwords.Parse(line)
+			c.Assert(err, checker.IsNil)
+			c.Assert(len(tokens), checker.Equals, 13)
+			c.Assert(tokens[6], checker.Equals, "200")
+			c.Assert(tokens[9], checker.Equals, fmt.Sprintf("%d", i+1))
+			c.Assert(strings.HasPrefix(tokens[10], "frontend"), checker.True)
+			c.Assert(strings.HasPrefix(tokens[11], "http://127.0.0.1:808"), checker.True)
+			c.Assert(regexp.MustCompile("^\\d+ms$").MatchString(tokens[12]), checker.True)
+		}
+	}
+	c.Assert(count, checker.Equals, 3)
+
+	// Verify no other Traefik problems
+	traefikLog, err = ioutil.ReadFile("traefik.log")
+	c.Assert(err, checker.IsNil)
+	if len(traefikLog) > 0 {
+		fmt.Printf("%s\n", string(traefikLog))
+		c.Assert(len(traefikLog), checker.Equals, 0)
+	}
+}
+
+func startAccessLogServer(port int) (ts *httptest.Server) {
+	handler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+		fmt.Fprintf(w, "Received query %s!\n", r.URL.Path[1:])
+	})
+	if listener, err := net.Listen("tcp", fmt.Sprintf("127.0.0.1:%d", port)); err != nil {
+		panic(err)
+	} else {
+		ts = &httptest.Server{
+			Listener: listener,
+			Config:   &http.Server{Handler: handler},
+		}
+		ts.Start()
+	}
+	return
+}
--- a/integration/acme_test.go
+++ b/integration/acme_test.go
@@ -0,0 +1,92 @@
+package main
+
+import (
+	"crypto/tls"
+	"net/http"
+	"os"
+	"os/exec"
+	"time"
+
+	"github.com/go-check/check"
+
+	"errors"
+	"github.com/containous/traefik/integration/utils"
+	checker "github.com/vdemeester/shakers"
+)
+
+// ACME test suites (using libcompose)
+type AcmeSuite struct {
+	BaseSuite
+}
+
+func (s *AcmeSuite) SetUpSuite(c *check.C) {
+	s.createComposeProject(c, "boulder")
+	s.composeProject.Start(c)
+
+	boulderHost := s.composeProject.Container(c, "boulder").NetworkSettings.IPAddress
+
+	// wait for boulder
+	err := utils.Try(120*time.Second, func() error {
+		resp, err := http.Get("http://" + boulderHost + ":4000/directory")
+		if err != nil {
+			return err
+		}
+		if resp.StatusCode != 200 {
+			return errors.New("Expected http 200 from boulder")
+		}
+		return nil
+	})
+
+	c.Assert(err, checker.IsNil)
+}
+
+func (s *AcmeSuite) TearDownSuite(c *check.C) {
+	// shutdown and delete compose project
+	if s.composeProject != nil {
+		s.composeProject.Stop(c)
+	}
+}
+
+func (s *AcmeSuite) TestRetrieveAcmeCertificate(c *check.C) {
+	boulderHost := s.composeProject.Container(c, "boulder").NetworkSettings.IPAddress
+	file := s.adaptFile(c, "fixtures/acme/acme.toml", struct{ BoulderHost string }{boulderHost})
+	defer os.Remove(file)
+	cmd := exec.Command(traefikBinary, "--configFile="+file)
+	err := cmd.Start()
+	c.Assert(err, checker.IsNil)
+	defer cmd.Process.Kill()
+
+	backend := startTestServer("9010", 200)
+	defer backend.Close()
+
+	tr := &http.Transport{
+		TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
+	}
+	client := &http.Client{Transport: tr}
+
+	// wait for traefik (generating acme account take some seconds)
+	err = utils.Try(30*time.Second, func() error {
+		_, err := client.Get("https://127.0.0.1:5001")
+		if err != nil {
+			return err
+		}
+		return nil
+	})
+	c.Assert(err, checker.IsNil)
+
+	tr = &http.Transport{
+		TLSClientConfig: &tls.Config{
+			InsecureSkipVerify: true,
+			ServerName:         "traefik.acme.wtf",
+		},
+	}
+	client = &http.Client{Transport: tr}
+	req, _ := http.NewRequest("GET", "https://127.0.0.1:5001/", nil)
+	req.Host = "traefik.acme.wtf"
+	req.Header.Set("Host", "traefik.acme.wtf")
+	req.Header.Set("Accept", "*/*")
+	resp, err := client.Do(req)
+	c.Assert(err, checker.IsNil)
+	// Expected a 200
+	c.Assert(resp.StatusCode, checker.Equals, 200)
+}
--- a/integration/basic_test.go
+++ b/integration/basic_test.go
@@ -1,58 +1,51 @@
 package main

 import (
-	"fmt"
 	"net/http"
 	"os/exec"
 	"time"

+	"github.com/go-check/check"
+
+	"bytes"
 	checker "github.com/vdemeester/shakers"
-	check "gopkg.in/check.v1"
 )

 // SimpleSuite
 type SimpleSuite struct{ BaseSuite }

-func (s *SimpleSuite) TestNoOrInexistentConfigShouldFail(c *check.C) {
-	cmd := exec.Command(traefikBinary)
-	output, err := cmd.CombinedOutput()
-
-	c.Assert(err, checker.NotNil)
-	c.Assert(string(output), checker.Contains, "Error reading file: open traefik.toml: no such file or directory")
-
-	nonExistentFile := "non/existent/file.toml"
-	cmd = exec.Command(traefikBinary, nonExistentFile)
-	output, err = cmd.CombinedOutput()
-
-	c.Assert(err, checker.NotNil)
-	c.Assert(string(output), checker.Contains, fmt.Sprintf("Error reading file: open %s: no such file or directory", nonExistentFile))
-}
-
 func (s *SimpleSuite) TestInvalidConfigShouldFail(c *check.C) {
-	cmd := exec.Command(traefikBinary, "fixtures/invalid_configuration.toml")
-	output, err := cmd.CombinedOutput()
+	cmd := exec.Command(traefikBinary, "--configFile=fixtures/invalid_configuration.toml")

-	c.Assert(err, checker.NotNil)
-	c.Assert(string(output), checker.Contains, "Error reading file: Near line 1")
+	var b bytes.Buffer
+	cmd.Stdout = &b
+	cmd.Stderr = &b
+
+	cmd.Start()
+	time.Sleep(500 * time.Millisecond)
+	defer cmd.Process.Kill()
+	output := b.Bytes()
+
+	c.Assert(string(output), checker.Contains, "Near line 0 (last key parsed ''): Bare keys cannot contain '{'")
 }

 func (s *SimpleSuite) TestSimpleDefaultConfig(c *check.C) {
-	cmd := exec.Command(traefikBinary, "fixtures/simple_default.toml")
+	cmd := exec.Command(traefikBinary, "--configFile=fixtures/simple_default.toml")
 	err := cmd.Start()
 	c.Assert(err, checker.IsNil)
 	defer cmd.Process.Kill()

 	time.Sleep(500 * time.Millisecond)
 	// TODO validate : run on 80
-	resp, err := http.Get("http://127.0.0.1/")
+	resp, err := http.Get("http://127.0.0.1:8000/")

-	// Expected a 404 as we did not comfigure anything
+	// Expected a 404 as we did not configure anything
 	c.Assert(err, checker.IsNil)
 	c.Assert(resp.StatusCode, checker.Equals, 404)
 }

 func (s *SimpleSuite) TestWithWebConfig(c *check.C) {
-	cmd := exec.Command(traefikBinary, "fixtures/simple_web.toml")
+	cmd := exec.Command(traefikBinary, "--configFile=fixtures/simple_web.toml")
 	err := cmd.Start()
 	c.Assert(err, checker.IsNil)
 	defer cmd.Process.Kill()
@@ -64,3 +57,34 @@ func (s *SimpleSuite) TestWithWebConfig(c *check.C) {
 	c.Assert(err, checker.IsNil)
 	c.Assert(resp.StatusCode, checker.Equals, 200)
 }
+
+func (s *SimpleSuite) TestDefaultEntryPoints(c *check.C) {
+	cmd := exec.Command(traefikBinary, "--debug")
+
+	var b bytes.Buffer
+	cmd.Stdout = &b
+	cmd.Stderr = &b
+
+	cmd.Start()
+	time.Sleep(500 * time.Millisecond)
+	defer cmd.Process.Kill()
+	output := b.Bytes()
+
+	c.Assert(string(output), checker.Contains, "\\\"DefaultEntryPoints\\\":[\\\"http\\\"]")
+}
+
+func (s *SimpleSuite) TestPrintHelp(c *check.C) {
+	cmd := exec.Command(traefikBinary, "--help")
+
+	var b bytes.Buffer
+	cmd.Stdout = &b
+	cmd.Stderr = &b
+
+	cmd.Start()
+	time.Sleep(500 * time.Millisecond)
+	defer cmd.Process.Kill()
+	output := b.Bytes()
+
+	c.Assert(string(output), checker.Not(checker.Contains), "panic:")
+	c.Assert(string(output), checker.Contains, "Usage:")
+}
--- a/integration/constraint_test.go
+++ b/integration/constraint_test.go
@@ -0,0 +1,209 @@
+package main
+
+import (
+	"net/http"
+	"os/exec"
+	"time"
+
+	"github.com/go-check/check"
+	"github.com/hashicorp/consul/api"
+
+	checker "github.com/vdemeester/shakers"
+)
+
+// Constraint test suite
+type ConstraintSuite struct {
+	BaseSuite
+	consulIP     string
+	consulClient *api.Client
+}
+
+func (s *ConstraintSuite) SetUpSuite(c *check.C) {
+
+	s.createComposeProject(c, "constraints")
+	s.composeProject.Start(c)
+
+	consul := s.composeProject.Container(c, "consul")
+
+	s.consulIP = consul.NetworkSettings.IPAddress
+	config := api.DefaultConfig()
+	config.Address = s.consulIP + ":8500"
+	consulClient, err := api.NewClient(config)
+	if err != nil {
+		c.Fatalf("Error creating consul client")
+	}
+	s.consulClient = consulClient
+
+	// Wait for consul to elect itself leader
+	time.Sleep(2000 * time.Millisecond)
+}
+
+func (s *ConstraintSuite) registerService(name string, address string, port int, tags []string) error {
+	catalog := s.consulClient.Catalog()
+	_, err := catalog.Register(
+		&api.CatalogRegistration{
+			Node:    address,
+			Address: address,
+			Service: &api.AgentService{
+				ID:      name,
+				Service: name,
+				Address: address,
+				Port:    port,
+				Tags:    tags,
+			},
+		},
+		&api.WriteOptions{},
+	)
+	return err
+}
+
+func (s *ConstraintSuite) deregisterService(name string, address string) error {
+	catalog := s.consulClient.Catalog()
+	_, err := catalog.Deregister(
+		&api.CatalogDeregistration{
+			Node:      address,
+			Address:   address,
+			ServiceID: name,
+		},
+		&api.WriteOptions{},
+	)
+	return err
+}
+
+func (s *ConstraintSuite) TestMatchConstraintGlobal(c *check.C) {
+	cmd := exec.Command(traefikBinary, "--consulCatalog", "--consulCatalog.endpoint="+s.consulIP+":8500", "--consulCatalog.domain=consul.localhost", "--configFile=fixtures/consul_catalog/simple.toml", "--constraints=tag==api")
+	err := cmd.Start()
+	c.Assert(err, checker.IsNil)
+	defer cmd.Process.Kill()
+
+	nginx := s.composeProject.Container(c, "nginx")
+
+	err = s.registerService("test", nginx.NetworkSettings.IPAddress, 80, []string{"traefik.tags=api"})
+	c.Assert(err, checker.IsNil, check.Commentf("Error registering service"))
+	defer s.deregisterService("test", nginx.NetworkSettings.IPAddress)
+
+	time.Sleep(5000 * time.Millisecond)
+	client := &http.Client{}
+	req, err := http.NewRequest("GET", "http://127.0.0.1:8000/", nil)
+	c.Assert(err, checker.IsNil)
+	req.Host = "test.consul.localhost"
+	resp, err := client.Do(req)
+
+	c.Assert(err, checker.IsNil)
+	c.Assert(resp.StatusCode, checker.Equals, 200)
+}
+
+func (s *ConstraintSuite) TestDoesNotMatchConstraintGlobal(c *check.C) {
+	cmd := exec.Command(traefikBinary, "--consulCatalog", "--consulCatalog.endpoint="+s.consulIP+":8500", "--consulCatalog.domain=consul.localhost", "--configFile=fixtures/consul_catalog/simple.toml", "--constraints=tag==api")
+	err := cmd.Start()
+	c.Assert(err, checker.IsNil)
+	defer cmd.Process.Kill()
+
+	nginx := s.composeProject.Container(c, "nginx")
+
+	err = s.registerService("test", nginx.NetworkSettings.IPAddress, 80, []string{})
+	c.Assert(err, checker.IsNil, check.Commentf("Error registering service"))
+	defer s.deregisterService("test", nginx.NetworkSettings.IPAddress)
+
+	time.Sleep(5000 * time.Millisecond)
+	client := &http.Client{}
+	req, err := http.NewRequest("GET", "http://127.0.0.1:8000/", nil)
+	c.Assert(err, checker.IsNil)
+	req.Host = "test.consul.localhost"
+	resp, err := client.Do(req)
+
+	c.Assert(err, checker.IsNil)
+	c.Assert(resp.StatusCode, checker.Equals, 404)
+}
+
+func (s *ConstraintSuite) TestMatchConstraintProvider(c *check.C) {
+	cmd := exec.Command(traefikBinary, "--consulCatalog", "--consulCatalog.endpoint="+s.consulIP+":8500", "--consulCatalog.domain=consul.localhost", "--configFile=fixtures/consul_catalog/simple.toml", "--consulCatalog.constraints=tag==api")
+	err := cmd.Start()
+	c.Assert(err, checker.IsNil)
+	defer cmd.Process.Kill()
+
+	nginx := s.composeProject.Container(c, "nginx")
+
+	err = s.registerService("test", nginx.NetworkSettings.IPAddress, 80, []string{"traefik.tags=api"})
+	c.Assert(err, checker.IsNil, check.Commentf("Error registering service"))
+	defer s.deregisterService("test", nginx.NetworkSettings.IPAddress)
+
+	time.Sleep(5000 * time.Millisecond)
+	client := &http.Client{}
+	req, err := http.NewRequest("GET", "http://127.0.0.1:8000/", nil)
+	c.Assert(err, checker.IsNil)
+	req.Host = "test.consul.localhost"
+	resp, err := client.Do(req)
+
+	c.Assert(err, checker.IsNil)
+	c.Assert(resp.StatusCode, checker.Equals, 200)
+}
+
+func (s *ConstraintSuite) TestDoesNotMatchConstraintProvider(c *check.C) {
+	cmd := exec.Command(traefikBinary, "--consulCatalog", "--consulCatalog.endpoint="+s.consulIP+":8500", "--consulCatalog.domain=consul.localhost", "--configFile=fixtures/consul_catalog/simple.toml", "--consulCatalog.constraints=tag==api")
+	err := cmd.Start()
+	c.Assert(err, checker.IsNil)
+	defer cmd.Process.Kill()
+
+	nginx := s.composeProject.Container(c, "nginx")
+
+	err = s.registerService("test", nginx.NetworkSettings.IPAddress, 80, []string{})
+	c.Assert(err, checker.IsNil, check.Commentf("Error registering service"))
+	defer s.deregisterService("test", nginx.NetworkSettings.IPAddress)
+
+	time.Sleep(5000 * time.Millisecond)
+	client := &http.Client{}
+	req, err := http.NewRequest("GET", "http://127.0.0.1:8000/", nil)
+	c.Assert(err, checker.IsNil)
+	req.Host = "test.consul.localhost"
+	resp, err := client.Do(req)
+
+	c.Assert(err, checker.IsNil)
+	c.Assert(resp.StatusCode, checker.Equals, 404)
+}
+
+func (s *ConstraintSuite) TestMatchMultipleConstraint(c *check.C) {
+	cmd := exec.Command(traefikBinary, "--consulCatalog", "--consulCatalog.endpoint="+s.consulIP+":8500", "--consulCatalog.domain=consul.localhost", "--configFile=fixtures/consul_catalog/simple.toml", "--consulCatalog.constraints=tag==api", "--constraints=tag!=us-*")
+	err := cmd.Start()
+	c.Assert(err, checker.IsNil)
+	defer cmd.Process.Kill()
+
+	nginx := s.composeProject.Container(c, "nginx")
+
+	err = s.registerService("test", nginx.NetworkSettings.IPAddress, 80, []string{"traefik.tags=api", "traefik.tags=eu-1"})
+	c.Assert(err, checker.IsNil, check.Commentf("Error registering service"))
+	defer s.deregisterService("test", nginx.NetworkSettings.IPAddress)
+
+	time.Sleep(5000 * time.Millisecond)
+	client := &http.Client{}
+	req, err := http.NewRequest("GET", "http://127.0.0.1:8000/", nil)
+	c.Assert(err, checker.IsNil)
+	req.Host = "test.consul.localhost"
+	resp, err := client.Do(req)
+
+	c.Assert(err, checker.IsNil)
+	c.Assert(resp.StatusCode, checker.Equals, 200)
+}
+
+func (s *ConstraintSuite) TestDoesNotMatchMultipleConstraint(c *check.C) {
+	cmd := exec.Command(traefikBinary, "--consulCatalog", "--consulCatalog.endpoint="+s.consulIP+":8500", "--consulCatalog.domain=consul.localhost", "--configFile=fixtures/consul_catalog/simple.toml", "--consulCatalog.constraints=tag==api", "--constraints=tag!=us-*")
+	err := cmd.Start()
+	c.Assert(err, checker.IsNil)
+	defer cmd.Process.Kill()
+
+	nginx := s.composeProject.Container(c, "nginx")
+
+	err = s.registerService("test", nginx.NetworkSettings.IPAddress, 80, []string{"traefik.tags=api", "traefik.tags=us-1"})
+	c.Assert(err, checker.IsNil, check.Commentf("Error registering service"))
+	defer s.deregisterService("test", nginx.NetworkSettings.IPAddress)
+
+	time.Sleep(5000 * time.Millisecond)
+	client := &http.Client{}
+	req, err := http.NewRequest("GET", "http://127.0.0.1:8000/", nil)
+	c.Assert(err, checker.IsNil)
+	req.Host = "test.consul.localhost"
+	resp, err := client.Do(req)
+
+	c.Assert(err, checker.IsNil)
+	c.Assert(resp.StatusCode, checker.Equals, 404)
+}
--- a/integration/consul_catalog_test.go
+++ b/integration/consul_catalog_test.go
@@ -0,0 +1,113 @@
+package main
+
+import (
+	"io/ioutil"
+	"net/http"
+	"os/exec"
+	"time"
+
+	"github.com/go-check/check"
+	"github.com/hashicorp/consul/api"
+
+	checker "github.com/vdemeester/shakers"
+)
+
+// Consul catalog test suites
+type ConsulCatalogSuite struct {
+	BaseSuite
+	consulIP     string
+	consulClient *api.Client
+}
+
+func (s *ConsulCatalogSuite) SetUpSuite(c *check.C) {
+
+	s.createComposeProject(c, "consul_catalog")
+	s.composeProject.Start(c)
+
+	consul := s.composeProject.Container(c, "consul")
+
+	s.consulIP = consul.NetworkSettings.IPAddress
+	config := api.DefaultConfig()
+	config.Address = s.consulIP + ":8500"
+	consulClient, err := api.NewClient(config)
+	if err != nil {
+		c.Fatalf("Error creating consul client")
+	}
+	s.consulClient = consulClient
+
+	// Wait for consul to elect itself leader
+	time.Sleep(2000 * time.Millisecond)
+}
+
+func (s *ConsulCatalogSuite) registerService(name string, address string, port int, tags []string) error {
+	catalog := s.consulClient.Catalog()
+	_, err := catalog.Register(
+		&api.CatalogRegistration{
+			Node:    address,
+			Address: address,
+			Service: &api.AgentService{
+				ID:      name,
+				Service: name,
+				Address: address,
+				Port:    port,
+				Tags:    tags,
+			},
+		},
+		&api.WriteOptions{},
+	)
+	return err
+}
+
+func (s *ConsulCatalogSuite) deregisterService(name string, address string) error {
+	catalog := s.consulClient.Catalog()
+	_, err := catalog.Deregister(
+		&api.CatalogDeregistration{
+			Node:      address,
+			Address:   address,
+			ServiceID: name,
+		},
+		&api.WriteOptions{},
+	)
+	return err
+}
+
+func (s *ConsulCatalogSuite) TestSimpleConfiguration(c *check.C) {
+	cmd := exec.Command(traefikBinary, "--consulCatalog", "--consulCatalog.endpoint="+s.consulIP+":8500", "--configFile=fixtures/consul_catalog/simple.toml")
+	err := cmd.Start()
+	c.Assert(err, checker.IsNil)
+	defer cmd.Process.Kill()
+
+	time.Sleep(500 * time.Millisecond)
+	// TODO validate : run on 80
+	resp, err := http.Get("http://127.0.0.1:8000/")
+
+	// Expected a 404 as we did not configure anything
+	c.Assert(err, checker.IsNil)
+	c.Assert(resp.StatusCode, checker.Equals, 404)
+}
+
+func (s *ConsulCatalogSuite) TestSingleService(c *check.C) {
+	cmd := exec.Command(traefikBinary, "--consulCatalog", "--consulCatalog.endpoint="+s.consulIP+":8500", "--consulCatalog.domain=consul.localhost", "--configFile=fixtures/consul_catalog/simple.toml")
+	err := cmd.Start()
+	c.Assert(err, checker.IsNil)
+	defer cmd.Process.Kill()
+
+	nginx := s.composeProject.Container(c, "nginx")
+
+	err = s.registerService("test", nginx.NetworkSettings.IPAddress, 80, []string{})
+	c.Assert(err, checker.IsNil, check.Commentf("Error registering service"))
+	defer s.deregisterService("test", nginx.NetworkSettings.IPAddress)
+
+	time.Sleep(5000 * time.Millisecond)
+	client := &http.Client{}
+	req, err := http.NewRequest("GET", "http://127.0.0.1:8000/", nil)
+	c.Assert(err, checker.IsNil)
+	req.Host = "test.consul.localhost"
+	resp, err := client.Do(req)
+
+	c.Assert(err, checker.IsNil)
+	c.Assert(resp.StatusCode, checker.Equals, 200)
+
+	_, err = ioutil.ReadAll(resp.Body)
+	c.Assert(err, checker.IsNil)
+}
--- a/integration/consul_test.go
+++ b/integration/consul_test.go
@@ -5,21 +5,519 @@ import (
 	"os/exec"
 	"time"

+	"context"
+	"github.com/containous/staert"
+	"github.com/docker/libkv"
+	"github.com/docker/libkv/store"
+	"github.com/docker/libkv/store/consul"
+	"github.com/go-check/check"
+
+	"errors"
+	"github.com/containous/traefik/cluster"
+	"github.com/containous/traefik/integration/utils"
+	"github.com/containous/traefik/provider"
 	checker "github.com/vdemeester/shakers"
-	check "gopkg.in/check.v1"
+	"io/ioutil"
+	"os"
+	"strings"
+	"sync"
 )

+// Consul test suites (using libcompose)
+type ConsulSuite struct {
+	BaseSuite
+	kv store.Store
+}
+
+func (s *ConsulSuite) setupConsul(c *check.C) {
+	s.createComposeProject(c, "consul")
+	s.composeProject.Start(c)
+
+	consul.Register()
+	kv, err := libkv.NewStore(
+		store.CONSUL,
+		[]string{s.composeProject.Container(c, "consul").NetworkSettings.IPAddress + ":8500"},
+		&store.Config{
+			ConnectionTimeout: 10 * time.Second,
+		},
+	)
+	if err != nil {
+		c.Fatal("Cannot create store consul")
+	}
+	s.kv = kv
+
+	// wait for consul
+	err = utils.Try(60*time.Second, func() error {
+		_, err := kv.Exists("test")
+		if err != nil {
+			return err
+		}
+		return nil
+	})
+	c.Assert(err, checker.IsNil)
+}
+
+func (s *ConsulSuite) setupConsulTLS(c *check.C) {
+	s.createComposeProject(c, "consul_tls")
+	s.composeProject.Start(c)
+
+	consul.Register()
+	clientTLS := &provider.ClientTLS{
+		CA:                 "resources/tls/ca.cert",
+		Cert:               "resources/tls/consul.cert",
+		Key:                "resources/tls/consul.key",
+		InsecureSkipVerify: true,
+	}
+	TLSConfig, err := clientTLS.CreateTLSConfig()
+	c.Assert(err, checker.IsNil)
+
+	kv, err := libkv.NewStore(
+		store.CONSUL,
+		[]string{s.composeProject.Container(c, "consul").NetworkSettings.IPAddress + ":8585"},
+		&store.Config{
+			ConnectionTimeout: 10 * time.Second,
+			TLS:               TLSConfig,
+		},
+	)
+
+	if err != nil {
+		c.Fatal("Cannot create store consul")
+	}
+	s.kv = kv
+
+	// wait for consul
+	err = utils.Try(60*time.Second, func() error {
+		_, err := kv.Exists("test")
+		if err != nil {
+			return err
+		}
+		return nil
+	})
+	c.Assert(err, checker.IsNil)
+}
+
+func (s *ConsulSuite) TearDownTest(c *check.C) {
+	// shutdown and delete compose project
+	if s.composeProject != nil {
+		s.composeProject.Stop(c)
+	}
+}
+
+func (s *ConsulSuite) TearDownSuite(c *check.C) {}
+
 func (s *ConsulSuite) TestSimpleConfiguration(c *check.C) {
-	cmd := exec.Command(traefikBinary, "fixtures/consul/simple.toml")
+	s.setupConsul(c)
+	consulHost := s.composeProject.Container(c, "consul").NetworkSettings.IPAddress
+	file := s.adaptFile(c, "fixtures/consul/simple.toml", struct{ ConsulHost string }{consulHost})
+	defer os.Remove(file)
+	cmd := exec.Command(traefikBinary, "--configFile="+file)
 	err := cmd.Start()
 	c.Assert(err, checker.IsNil)
 	defer cmd.Process.Kill()

 	time.Sleep(500 * time.Millisecond)
-	// TODO validate : run on 80
-	resp, err := http.Get("http://127.0.0.1/")
+	resp, err := http.Get("http://127.0.0.1:8000/")

-	// Expected a 404 as we did not comfigure anything
+	// Expected a 404 as we did not configure anything
 	c.Assert(err, checker.IsNil)
 	c.Assert(resp.StatusCode, checker.Equals, 404)
 }
+
+func (s *ConsulSuite) TestNominalConfiguration(c *check.C) {
+	s.setupConsul(c)
+	consulHost := s.composeProject.Container(c, "consul").NetworkSettings.IPAddress
+	file := s.adaptFile(c, "fixtures/consul/simple.toml", struct{ ConsulHost string }{consulHost})
+	defer os.Remove(file)
+	cmd := exec.Command(traefikBinary, "--configFile="+file)
+	err := cmd.Start()
+	c.Assert(err, checker.IsNil)
+	defer cmd.Process.Kill()
+
+	whoami1 := s.composeProject.Container(c, "whoami1")
+	whoami2 := s.composeProject.Container(c, "whoami2")
+	whoami3 := s.composeProject.Container(c, "whoami3")
+	whoami4 := s.composeProject.Container(c, "whoami4")
+
+	backend1 := map[string]string{
+		"traefik/backends/backend1/circuitbreaker/expression": "NetworkErrorRatio() > 0.5",
+		"traefik/backends/backend1/servers/server1/url":       "http://" + whoami1.NetworkSettings.IPAddress + ":80",
+		"traefik/backends/backend1/servers/server1/weight":    "10",
+		"traefik/backends/backend1/servers/server2/url":       "http://" + whoami2.NetworkSettings.IPAddress + ":80",
+		"traefik/backends/backend1/servers/server2/weight":    "1",
+	}
+	backend2 := map[string]string{
+		"traefik/backends/backend2/loadbalancer/method":    "drr",
+		"traefik/backends/backend2/servers/server1/url":    "http://" + whoami3.NetworkSettings.IPAddress + ":80",
+		"traefik/backends/backend2/servers/server1/weight": "1",
+		"traefik/backends/backend2/servers/server2/url":    "http://" + whoami4.NetworkSettings.IPAddress + ":80",
+		"traefik/backends/backend2/servers/server2/weight": "2",
+	}
+	frontend1 := map[string]string{
+		"traefik/frontends/frontend1/backend":            "backend2",
+		"traefik/frontends/frontend1/entrypoints":        "http",
+		"traefik/frontends/frontend1/priority":           "1",
+		"traefik/frontends/frontend1/routes/test_1/rule": "Host:test.localhost",
+	}
+	frontend2 := map[string]string{
+		"traefik/frontends/frontend2/backend":            "backend1",
+		"traefik/frontends/frontend2/entrypoints":        "http",
+		"traefik/frontends/frontend2/priority":           "10",
+		"traefik/frontends/frontend2/routes/test_2/rule": "Path:/test",
+	}
+	for key, value := range backend1 {
+		err := s.kv.Put(key, []byte(value), nil)
+		c.Assert(err, checker.IsNil)
+	}
+	for key, value := range backend2 {
+		err := s.kv.Put(key, []byte(value), nil)
+		c.Assert(err, checker.IsNil)
+	}
+	for key, value := range frontend1 {
+		err := s.kv.Put(key, []byte(value), nil)
+		c.Assert(err, checker.IsNil)
+	}
+	for key, value := range frontend2 {
+		err := s.kv.Put(key, []byte(value), nil)
+		c.Assert(err, checker.IsNil)
+	}
+
+	// wait for consul
+	err = utils.Try(60*time.Second, func() error {
+		_, err := s.kv.Exists("traefik/frontends/frontend2/routes/test_2/rule")
+		if err != nil {
+			return err
+		}
+		return nil
+	})
+	c.Assert(err, checker.IsNil)
+
+	// wait for traefik
+	err = utils.TryRequest("http://127.0.0.1:8081/api/providers", 60*time.Second, func(res *http.Response) error {
+		body, err := ioutil.ReadAll(res.Body)
+		if err != nil {
+			return err
+		}
+		if !strings.Contains(string(body), "Path:/test") {
+			return errors.New("Incorrect traefik config")
+		}
+		return nil
+	})
+	c.Assert(err, checker.IsNil)
+
+	client := &http.Client{}
+	req, err := http.NewRequest("GET", "http://127.0.0.1:8000/", nil)
+	c.Assert(err, checker.IsNil)
+	req.Host = "test.localhost"
+	response, err := client.Do(req)
+
+	c.Assert(err, checker.IsNil)
+	c.Assert(response.StatusCode, checker.Equals, 200)
+
+	body, err := ioutil.ReadAll(response.Body)
+	c.Assert(err, checker.IsNil)
+	if !strings.Contains(string(body), whoami3.NetworkSettings.IPAddress) &&
+		!strings.Contains(string(body), whoami4.NetworkSettings.IPAddress) {
+		c.Fail()
+	}
+
+	req, err = http.NewRequest("GET", "http://127.0.0.1:8000/test", nil)
+	c.Assert(err, checker.IsNil)
+	response, err = client.Do(req)
+
+	c.Assert(err, checker.IsNil)
+	c.Assert(response.StatusCode, checker.Equals, 200)
+
+	body, err = ioutil.ReadAll(response.Body)
+	c.Assert(err, checker.IsNil)
+	if !strings.Contains(string(body), whoami1.NetworkSettings.IPAddress) &&
+		!strings.Contains(string(body), whoami2.NetworkSettings.IPAddress) {
+		c.Fail()
+	}
+
+	req, err = http.NewRequest("GET", "http://127.0.0.1:8000/test2", nil)
+	resp, err := client.Do(req)
+	c.Assert(err, checker.IsNil)
+	c.Assert(resp.StatusCode, checker.Equals, 404)
+
+	req, err = http.NewRequest("GET", "http://127.0.0.1:8000/", nil)
+	req.Host = "test2.localhost"
+	resp, err = client.Do(req)
+	c.Assert(err, checker.IsNil)
+	c.Assert(resp.StatusCode, checker.Equals, 404)
+}
+
+func (s *ConsulSuite) TestGlobalConfiguration(c *check.C) {
+	s.setupConsul(c)
+	consulHost := s.composeProject.Container(c, "consul").NetworkSettings.IPAddress
+	err := s.kv.Put("traefik/entrypoints/http/address", []byte(":8001"), nil)
+	c.Assert(err, checker.IsNil)
+
+	// wait for consul
+	err = utils.Try(60*time.Second, func() error {
+		_, err := s.kv.Exists("traefik/entrypoints/http/address")
+		if err != nil {
+			return err
+		}
+		return nil
+	})
+	c.Assert(err, checker.IsNil)
+
+	// start traefik
+	cmd := exec.Command(traefikBinary, "--configFile=fixtures/simple_web.toml", "--consul", "--consul.endpoint="+consulHost+":8500")
+	// cmd.Stdout = os.Stdout
+	// cmd.Stderr = os.Stderr
+
+	err = cmd.Start()
+	c.Assert(err, checker.IsNil)
+	defer cmd.Process.Kill()
+
+	whoami1 := s.composeProject.Container(c, "whoami1")
+	whoami2 := s.composeProject.Container(c, "whoami2")
+	whoami3 := s.composeProject.Container(c, "whoami3")
+	whoami4 := s.composeProject.Container(c, "whoami4")
+
+	backend1 := map[string]string{
+		"traefik/backends/backend1/circuitbreaker/expression": "NetworkErrorRatio() > 0.5",
+		"traefik/backends/backend1/servers/server1/url":       "http://" + whoami1.NetworkSettings.IPAddress + ":80",
+		"traefik/backends/backend1/servers/server1/weight":    "10",
+		"traefik/backends/backend1/servers/server2/url":       "http://" + whoami2.NetworkSettings.IPAddress + ":80",
+		"traefik/backends/backend1/servers/server2/weight":    "1",
+	}
+	backend2 := map[string]string{
+		"traefik/backends/backend2/loadbalancer/method":    "drr",
+		"traefik/backends/backend2/servers/server1/url":    "http://" + whoami3.NetworkSettings.IPAddress + ":80",
+		"traefik/backends/backend2/servers/server1/weight": "1",
+		"traefik/backends/backend2/servers/server2/url":    "http://" + whoami4.NetworkSettings.IPAddress + ":80",
+		"traefik/backends/backend2/servers/server2/weight": "2",
+	}
+	frontend1 := map[string]string{
+		"traefik/frontends/frontend1/backend":            "backend2",
+		"traefik/frontends/frontend1/entrypoints":        "http",
+		"traefik/frontends/frontend1/priority":           "1",
+		"traefik/frontends/frontend1/routes/test_1/rule": "Host:test.localhost",
+	}
+	frontend2 := map[string]string{
+		"traefik/frontends/frontend2/backend":            "backend1",
+		"traefik/frontends/frontend2/entrypoints":        "http",
+		"traefik/frontends/frontend2/priority":           "10",
+		"traefik/frontends/frontend2/routes/test_2/rule": "Path:/test",
+	}
+	for key, value := range backend1 {
+		err := s.kv.Put(key, []byte(value), nil)
+		c.Assert(err, checker.IsNil)
+	}
+	for key, value := range backend2 {
+		err := s.kv.Put(key, []byte(value), nil)
+		c.Assert(err, checker.IsNil)
+	}
+	for key, value := range frontend1 {
+		err := s.kv.Put(key, []byte(value), nil)
+		c.Assert(err, checker.IsNil)
+	}
+	for key, value := range frontend2 {
+		err := s.kv.Put(key, []byte(value), nil)
+		c.Assert(err, checker.IsNil)
+	}
+
+	// wait for consul
+	err = utils.Try(60*time.Second, func() error {
+		_, err := s.kv.Exists("traefik/frontends/frontend2/routes/test_2/rule")
+		if err != nil {
+			return err
+		}
+		return nil
+	})
+	c.Assert(err, checker.IsNil)
+
+	// wait for traefik
+	err = utils.TryRequest("http://127.0.0.1:8080/api/providers", 60*time.Second, func(res *http.Response) error {
+		body, err := ioutil.ReadAll(res.Body)
+		if err != nil {
+			return err
+		}
+		if !strings.Contains(string(body), "Path:/test") {
+			return errors.New("Incorrect traefik config")
+		}
+		return nil
+	})
+	c.Assert(err, checker.IsNil)
+
+	//check
+	client := &http.Client{}
+	req, err := http.NewRequest("GET", "http://127.0.0.1:8001/", nil)
+	c.Assert(err, checker.IsNil)
+	req.Host = "test.localhost"
+	response, err := client.Do(req)
+
+	c.Assert(err, checker.IsNil)
+	c.Assert(response.StatusCode, checker.Equals, 200)
+}
+
+func (s *ConsulSuite) skipTestGlobalConfigurationWithClientTLS(c *check.C) {
+	c.Skip("wait for relative path issue in the composefile")
+	s.setupConsulTLS(c)
+	consulHost := s.composeProject.Container(c, "consul").NetworkSettings.IPAddress
+
+	err := s.kv.Put("traefik/web/address", []byte(":8081"), nil)
+	c.Assert(err, checker.IsNil)
+
+	// wait for consul
+	err = utils.Try(60*time.Second, func() error {
+		_, err := s.kv.Exists("traefik/web/address")
+		if err != nil {
+			return err
+		}
+		return nil
+	})
+	c.Assert(err, checker.IsNil)
+
+	// start traefik
+	cmd := exec.Command(traefikBinary, "--configFile=fixtures/simple_web.toml",
+		"--consul", "--consul.endpoint="+consulHost+":8585",
+		"--consul.tls.ca=resources/tls/ca.cert",
+		"--consul.tls.cert=resources/tls/consul.cert",
+		"--consul.tls.key=resources/tls/consul.key",
+		"--consul.tls.insecureskipverify")
+	// cmd.Stdout = os.Stdout
+	// cmd.Stderr = os.Stderr
+
+	err = cmd.Start()
+	c.Assert(err, checker.IsNil)
+	defer cmd.Process.Kill()
+
+	// wait for traefik
+	err = utils.TryRequest("http://127.0.0.1:8081/api/providers", 60*time.Second, func(res *http.Response) error {
+		_, err := ioutil.ReadAll(res.Body)
+		if err != nil {
+			return err
+		}
+		return nil
+	})
+	c.Assert(err, checker.IsNil)
+
+}
+func (s *ConsulSuite) TestCommandStoreConfig(c *check.C) {
+	s.setupConsul(c)
+	consulHost := s.composeProject.Container(c, "consul").NetworkSettings.IPAddress
+
+	cmd := exec.Command(traefikBinary, "storeconfig", "--configFile=fixtures/simple_web.toml", "--consul.endpoint="+consulHost+":8500")
+	err := cmd.Start()
+	c.Assert(err, checker.IsNil)
+
+	// wait for traefik finish without error
+	cmd.Wait()
+
+	//CHECK
+	checkmap := map[string]string{
+		"/traefik/loglevel":                 "DEBUG",
+		"/traefik/defaultentrypoints/0":     "http",
+		"/traefik/entrypoints/http/address": ":8000",
+		"/traefik/web/address":              ":8080",
+		"/traefik/consul/endpoint":          (consulHost + ":8500"),
+	}
+
+	for key, value := range checkmap {
+		var p *store.KVPair
+		err = utils.Try(60*time.Second, func() error {
+			p, err = s.kv.Get(key)
+			if err != nil {
+				return err
+			}
+			return nil
+		})
+		c.Assert(err, checker.IsNil)
+
+		c.Assert(string(p.Value), checker.Equals, value)
+
+	}
+}
+
+type TestStruct struct {
+	String string
+	Int    int
+}
+
+func (s *ConsulSuite) TestDatastore(c *check.C) {
+	s.setupConsul(c)
+	consulHost := s.composeProject.Container(c, "consul").NetworkSettings.IPAddress
+	kvSource, err := staert.NewKvSource(store.CONSUL, []string{consulHost + ":8500"}, &store.Config{
+		ConnectionTimeout: 10 * time.Second,
+	}, "traefik")
+	c.Assert(err, checker.IsNil)
+
+	ctx := context.Background()
+	datastore1, err := cluster.NewDataStore(ctx, *kvSource, &TestStruct{}, nil)
+	c.Assert(err, checker.IsNil)
+	datastore2, err := cluster.NewDataStore(ctx, *kvSource, &TestStruct{}, nil)
+	c.Assert(err, checker.IsNil)
+
+	setter1, _, err := datastore1.Begin()
+	c.Assert(err, checker.IsNil)
+	err = setter1.Commit(&TestStruct{
+		String: "foo",
+		Int:    1,
+	})
+	c.Assert(err, checker.IsNil)
+	time.Sleep(2 * time.Second)
+	test1 := datastore1.Get().(*TestStruct)
+	c.Assert(test1.String, checker.Equals, "foo")
+
+	test2 := datastore2.Get().(*TestStruct)
+	c.Assert(test2.String, checker.Equals, "foo")
+
+	setter2, _, err := datastore2.Begin()
+	c.Assert(err, checker.IsNil)
+	err = setter2.Commit(&TestStruct{
+		String: "bar",
+		Int:    2,
+	})
+	c.Assert(err, checker.IsNil)
+	time.Sleep(2 * time.Second)
+	test1 = datastore1.Get().(*TestStruct)
+	c.Assert(test1.String, checker.Equals, "bar")
+
+	test2 = datastore2.Get().(*TestStruct)
+	c.Assert(test2.String, checker.Equals, "bar")
+
+	wg := &sync.WaitGroup{}
+	wg.Add(4)
+	go func() {
+		for i := 0; i < 100; i++ {
+			setter1, _, err := datastore1.Begin()
+			c.Assert(err, checker.IsNil)
+			err = setter1.Commit(&TestStruct{
+				String: "datastore1",
+				Int:    i,
+			})
+			c.Assert(err, checker.IsNil)
+		}
+		wg.Done()
+	}()
+	go func() {
+		for i := 0; i < 100; i++ {
+			setter2, _, err := datastore2.Begin()
+			c.Assert(err, checker.IsNil)
+			err = setter2.Commit(&TestStruct{
+				String: "datastore2",
+				Int:    i,
+			})
+			c.Assert(err, checker.IsNil)
+		}
+		wg.Done()
+	}()
+	go func() {
+		for i := 0; i < 100; i++ {
+			test1 := datastore1.Get().(*TestStruct)
+			c.Assert(test1, checker.NotNil)
+		}
+		wg.Done()
+	}()
+	go func() {
+		for i := 0; i < 100; i++ {
+			test2 := datastore2.Get().(*TestStruct)
+			c.Assert(test2, checker.NotNil)
+		}
+		wg.Done()
+	}()
+	wg.Wait()
+}
--- a/integration/docker_test.go
+++ b/integration/docker_test.go
@@ -1,31 +1,190 @@
 package main

 import (
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
 	"net/http"
 	"os"
 	"os/exec"
+	"strings"
 	"time"

+	"github.com/docker/docker/pkg/namesgenerator"
+	"github.com/go-check/check"
+
+	d "github.com/libkermit/docker"
+	docker "github.com/libkermit/docker-check"
 	checker "github.com/vdemeester/shakers"
-	check "gopkg.in/check.v1"
 )

+var (
+	// Label added to started container to identify them as part of the integration test
+	TestLabel = "io.traefik.test"
+
+	// Images to have or pull before the build in order to make it work
+	// FIXME handle this offline but loading them before build
+	RequiredImages = map[string]string{
+		"swarm": "1.0.0",
+		"nginx": "1",
+	}
+)
+
+// Docker test suites
+type DockerSuite struct {
+	BaseSuite
+	project *docker.Project
+}
+
+func (s *DockerSuite) startContainer(c *check.C, image string, args ...string) string {
+	return s.startContainerWithConfig(c, image, d.ContainerConfig{
+		Cmd: args,
+	})
+}
+
+func (s *DockerSuite) startContainerWithLabels(c *check.C, image string, labels map[string]string, args ...string) string {
+	return s.startContainerWithConfig(c, image, d.ContainerConfig{
+		Cmd:    args,
+		Labels: labels,
+	})
+}
+
+func (s *DockerSuite) startContainerWithConfig(c *check.C, image string, config d.ContainerConfig) string {
+	if config.Name == "" {
+		config.Name = namesgenerator.GetRandomName(10)
+	}
+
+	container := s.project.StartWithConfig(c, image, config)
+
+	// FIXME(vdemeester) this is ugly (it's because of the / in front of the name in docker..)
+	return strings.SplitAfter(container.Name, "/")[1]
+}
+
+func (s *DockerSuite) SetUpSuite(c *check.C) {
+	project := docker.NewProjectFromEnv(c)
+	s.project = project
+
+	// Pull required images
+	for repository, tag := range RequiredImages {
+		image := fmt.Sprintf("%s:%s", repository, tag)
+		s.project.Pull(c, image)
+	}
+}
+
+func (s *DockerSuite) TearDownTest(c *check.C) {
+	s.project.Clean(c, os.Getenv("CIRCLECI") != "")
+}
+
 func (s *DockerSuite) TestSimpleConfiguration(c *check.C) {
 	file := s.adaptFileForHost(c, "fixtures/docker/simple.toml")
 	defer os.Remove(file)

-	cmd := exec.Command(traefikBinary, file)
+	cmd := exec.Command(traefikBinary, "--configFile="+file)
 	err := cmd.Start()
 	c.Assert(err, checker.IsNil)
+	defer cmd.Process.Kill()

 	time.Sleep(500 * time.Millisecond)
 	// TODO validate : run on 80
-	resp, err := http.Get("http://127.0.0.1/")
+	resp, err := http.Get("http://127.0.0.1:8000/")

+	c.Assert(err, checker.IsNil)
 	// Expected a 404 as we did not comfigure anything
+	c.Assert(resp.StatusCode, checker.Equals, 404)
+}
+
+func (s *DockerSuite) TestDefaultDockerContainers(c *check.C) {
+	file := s.adaptFileForHost(c, "fixtures/docker/simple.toml")
+	defer os.Remove(file)
+	name := s.startContainer(c, "swarm:1.0.0", "manage", "token://blablabla")
+
+	// Start traefik
+	cmd := exec.Command(traefikBinary, "--configFile="+file)
+	err := cmd.Start()
+	c.Assert(err, checker.IsNil)
+	defer cmd.Process.Kill()
+
+	// FIXME Need to wait than 500 milliseconds more (for swarm or traefik to boot up ?)
+	time.Sleep(1500 * time.Millisecond)
+
+	client := &http.Client{}
+	req, err := http.NewRequest("GET", "http://127.0.0.1:8000/version", nil)
+	c.Assert(err, checker.IsNil)
+	req.Host = fmt.Sprintf("%s.docker.localhost", strings.Replace(name, "_", "-", -1))
+	resp, err := client.Do(req)
+
+	c.Assert(err, checker.IsNil)
+	c.Assert(resp.StatusCode, checker.Equals, 200)
+
+	body, err := ioutil.ReadAll(resp.Body)
+	c.Assert(err, checker.IsNil)
+
+	var version map[string]interface{}
+
+	c.Assert(json.Unmarshal(body, &version), checker.IsNil)
+	c.Assert(version["Version"], checker.Equals, "swarm/1.0.0")
+}
+
+func (s *DockerSuite) TestDockerContainersWithLabels(c *check.C) {
+	file := s.adaptFileForHost(c, "fixtures/docker/simple.toml")
+	defer os.Remove(file)
+	// Start a container with some labels
+	labels := map[string]string{
+		"traefik.frontend.rule": "Host:my.super.host",
+	}
+	s.startContainerWithLabels(c, "swarm:1.0.0", labels, "manage", "token://blabla")
+
+	// Start traefik
+	cmd := exec.Command(traefikBinary, "--configFile="+file)
+	err := cmd.Start()
+	c.Assert(err, checker.IsNil)
+	defer cmd.Process.Kill()
+
+	// FIXME Need to wait than 500 milliseconds more (for swarm or traefik to boot up ?)
+	time.Sleep(1500 * time.Millisecond)
+
+	client := &http.Client{}
+	req, err := http.NewRequest("GET", "http://127.0.0.1:8000/version", nil)
+	c.Assert(err, checker.IsNil)
+	req.Host = fmt.Sprintf("my.super.host")
+	resp, err := client.Do(req)
+
+	c.Assert(err, checker.IsNil)
+	c.Assert(resp.StatusCode, checker.Equals, 200)
+
+	body, err := ioutil.ReadAll(resp.Body)
+	c.Assert(err, checker.IsNil)
+
+	var version map[string]interface{}
+
+	c.Assert(json.Unmarshal(body, &version), checker.IsNil)
+	c.Assert(version["Version"], checker.Equals, "swarm/1.0.0")
+}
+
+func (s *DockerSuite) TestDockerContainersWithOneMissingLabels(c *check.C) {
+	file := s.adaptFileForHost(c, "fixtures/docker/simple.toml")
+	defer os.Remove(file)
+	// Start a container with some labels
+	labels := map[string]string{
+		"traefik.frontend.value": "my.super.host",
+	}
+	s.startContainerWithLabels(c, "swarm:1.0.0", labels, "manage", "token://blabla")
+
+	// Start traefik
+	cmd := exec.Command(traefikBinary, "--configFile="+file)
+	err := cmd.Start()
+	c.Assert(err, checker.IsNil)
+	defer cmd.Process.Kill()
+
+	// FIXME Need to wait than 500 milliseconds more (for swarm or traefik to boot up ?)
+	time.Sleep(1500 * time.Millisecond)
+
+	client := &http.Client{}
+	req, err := http.NewRequest("GET", "http://127.0.0.1:8000/version", nil)
+	c.Assert(err, checker.IsNil)
+	req.Host = fmt.Sprintf("my.super.host")
+	resp, err := client.Do(req)
+
 	c.Assert(err, checker.IsNil)
 	c.Assert(resp.StatusCode, checker.Equals, 404)
-
-	killErr := cmd.Process.Kill()
-	c.Assert(killErr, checker.IsNil)
 }
--- a/integration/etcd_test.go
+++ b/integration/etcd_test.go
@@ -0,0 +1,468 @@
+package main
+
+import (
+	"github.com/go-check/check"
+	"net/http"
+	"os/exec"
+	"time"
+
+	checker "github.com/vdemeester/shakers"
+
+	"crypto/tls"
+	"errors"
+	"fmt"
+	"github.com/containous/traefik/integration/utils"
+	"github.com/docker/libkv"
+	"github.com/docker/libkv/store"
+	"github.com/docker/libkv/store/etcd"
+	"io/ioutil"
+	"os"
+	"strings"
+)
+
+// Etcd test suites (using libcompose)
+type EtcdSuite struct {
+	BaseSuite
+	kv store.Store
+}
+
+func (s *EtcdSuite) SetUpTest(c *check.C) {
+	s.createComposeProject(c, "etcd")
+	s.composeProject.Start(c)
+
+	etcd.Register()
+	url := s.composeProject.Container(c, "etcd").NetworkSettings.IPAddress + ":2379"
+	kv, err := libkv.NewStore(
+		store.ETCD,
+		[]string{url},
+		&store.Config{
+			ConnectionTimeout: 10 * time.Second,
+		},
+	)
+	if err != nil {
+		c.Fatal("Cannot create store etcd")
+	}
+	s.kv = kv
+
+	// wait for etcd
+	err = utils.Try(60*time.Second, func() error {
+		_, err := kv.Exists("test")
+		if err != nil {
+			return fmt.Errorf("Etcd connection error to %s: %v", url, err)
+		}
+		return nil
+	})
+	c.Assert(err, checker.IsNil)
+}
+
+func (s *EtcdSuite) TearDownTest(c *check.C) {
+	// shutdown and delete compose project
+	if s.composeProject != nil {
+		s.composeProject.Stop(c)
+	}
+}
+
+func (s *EtcdSuite) TearDownSuite(c *check.C) {}
+
+func (s *EtcdSuite) TestSimpleConfiguration(c *check.C) {
+	etcdHost := s.composeProject.Container(c, "etcd").NetworkSettings.IPAddress
+	file := s.adaptFile(c, "fixtures/etcd/simple.toml", struct{ EtcdHost string }{etcdHost})
+	defer os.Remove(file)
+	cmd := exec.Command(traefikBinary, "--configFile="+file)
+	err := cmd.Start()
+	c.Assert(err, checker.IsNil)
+	defer cmd.Process.Kill()
+
+	time.Sleep(1000 * time.Millisecond)
+	// TODO validate : run on 80
+	resp, err := http.Get("http://127.0.0.1:8000/")
+
+	// Expected a 404 as we did not configure anything
+	c.Assert(err, checker.IsNil)
+	c.Assert(resp.StatusCode, checker.Equals, 404)
+}
+
+func (s *EtcdSuite) TestNominalConfiguration(c *check.C) {
+	etcdHost := s.composeProject.Container(c, "etcd").NetworkSettings.IPAddress
+	file := s.adaptFile(c, "fixtures/etcd/simple.toml", struct{ EtcdHost string }{etcdHost})
+	defer os.Remove(file)
+	cmd := exec.Command(traefikBinary, "--configFile="+file)
+	err := cmd.Start()
+	c.Assert(err, checker.IsNil)
+	defer cmd.Process.Kill()
+
+	whoami1 := s.composeProject.Container(c, "whoami1")
+	whoami2 := s.composeProject.Container(c, "whoami2")
+	whoami3 := s.composeProject.Container(c, "whoami3")
+	whoami4 := s.composeProject.Container(c, "whoami4")
+
+	backend1 := map[string]string{
+		"/traefik/backends/backend1/circuitbreaker/expression": "NetworkErrorRatio() > 0.5",
+		"/traefik/backends/backend1/servers/server1/url":       "http://" + whoami1.NetworkSettings.IPAddress + ":80",
+		"/traefik/backends/backend1/servers/server1/weight":    "10",
+		"/traefik/backends/backend1/servers/server2/url":       "http://" + whoami2.NetworkSettings.IPAddress + ":80",
+		"/traefik/backends/backend1/servers/server2/weight":    "1",
+	}
+	backend2 := map[string]string{
+		"/traefik/backends/backend2/loadbalancer/method":    "drr",
+		"/traefik/backends/backend2/servers/server1/url":    "http://" + whoami3.NetworkSettings.IPAddress + ":80",
+		"/traefik/backends/backend2/servers/server1/weight": "1",
+		"/traefik/backends/backend2/servers/server2/url":    "http://" + whoami4.NetworkSettings.IPAddress + ":80",
+		"/traefik/backends/backend2/servers/server2/weight": "2",
+	}
+	frontend1 := map[string]string{
+		"/traefik/frontends/frontend1/backend":            "backend2",
+		"/traefik/frontends/frontend1/entrypoints":        "http",
+		"/traefik/frontends/frontend1/priority":           "1",
+		"/traefik/frontends/frontend1/routes/test_1/rule": "Host:test.localhost",
+	}
+	frontend2 := map[string]string{
+		"/traefik/frontends/frontend2/backend":            "backend1",
+		"/traefik/frontends/frontend2/entrypoints":        "http",
+		"/traefik/frontends/frontend2/priority":           "10",
+		"/traefik/frontends/frontend2/routes/test_2/rule": "Path:/test",
+	}
+	for key, value := range backend1 {
+		err := s.kv.Put(key, []byte(value), nil)
+		c.Assert(err, checker.IsNil)
+	}
+	for key, value := range backend2 {
+		err := s.kv.Put(key, []byte(value), nil)
+		c.Assert(err, checker.IsNil)
+	}
+	for key, value := range frontend1 {
+		err := s.kv.Put(key, []byte(value), nil)
+		c.Assert(err, checker.IsNil)
+	}
+	for key, value := range frontend2 {
+		err := s.kv.Put(key, []byte(value), nil)
+		c.Assert(err, checker.IsNil)
+	}
+
+	// wait for etcd
+	err = utils.Try(60*time.Second, func() error {
+		_, err := s.kv.Exists("/traefik/frontends/frontend2/routes/test_2/rule")
+		if err != nil {
+			return err
+		}
+		return nil
+	})
+	c.Assert(err, checker.IsNil)
+
+	// wait for traefik
+	err = utils.TryRequest("http://127.0.0.1:8081/api/providers", 60*time.Second, func(res *http.Response) error {
+		body, err := ioutil.ReadAll(res.Body)
+		if err != nil {
+			return err
+		}
+		if !strings.Contains(string(body), "Path:/test") {
+			return errors.New("Incorrect traefik config")
+		}
+		return nil
+	})
+	c.Assert(err, checker.IsNil)
+
+	client := &http.Client{}
+	req, err := http.NewRequest("GET", "http://127.0.0.1:8000/", nil)
+	c.Assert(err, checker.IsNil)
+	req.Host = "test.localhost"
+	response, err := client.Do(req)
+
+	c.Assert(err, checker.IsNil)
+	c.Assert(response.StatusCode, checker.Equals, 200)
+
+	body, err := ioutil.ReadAll(response.Body)
+	c.Assert(err, checker.IsNil)
+	if !strings.Contains(string(body), whoami3.NetworkSettings.IPAddress) &&
+		!strings.Contains(string(body), whoami4.NetworkSettings.IPAddress) {
+		c.Fail()
+	}
+
+	req, err = http.NewRequest("GET", "http://127.0.0.1:8000/test", nil)
+	c.Assert(err, checker.IsNil)
+	response, err = client.Do(req)
+
+	c.Assert(err, checker.IsNil)
+	c.Assert(response.StatusCode, checker.Equals, 200)
+
+	body, err = ioutil.ReadAll(response.Body)
+	c.Assert(err, checker.IsNil)
+	if !strings.Contains(string(body), whoami1.NetworkSettings.IPAddress) &&
+		!strings.Contains(string(body), whoami2.NetworkSettings.IPAddress) {
+		c.Fail()
+	}
+
+	req, err = http.NewRequest("GET", "http://127.0.0.1:8000/test2", nil)
+	req.Host = "test2.localhost"
+	resp, err := client.Do(req)
+	c.Assert(err, checker.IsNil)
+	c.Assert(resp.StatusCode, checker.Equals, 404)
+
+	req, err = http.NewRequest("GET", "http://127.0.0.1:8000/", nil)
+	resp, err = client.Do(req)
+	c.Assert(err, checker.IsNil)
+	c.Assert(resp.StatusCode, checker.Equals, 404)
+}
+
+func (s *EtcdSuite) TestGlobalConfiguration(c *check.C) {
+	etcdHost := s.composeProject.Container(c, "etcd").NetworkSettings.IPAddress
+	err := s.kv.Put("/traefik/entrypoints/http/address", []byte(":8001"), nil)
+	c.Assert(err, checker.IsNil)
+
+	// wait for etcd
+	err = utils.Try(60*time.Second, func() error {
+		_, err := s.kv.Exists("/traefik/entrypoints/http/address")
+		if err != nil {
+			return err
+		}
+		return nil
+	})
+	c.Assert(err, checker.IsNil)
+
+	// start traefik
+	cmd := exec.Command(traefikBinary, "--configFile=fixtures/simple_web.toml", "--etcd", "--etcd.endpoint="+etcdHost+":4001")
+	// cmd.Stdout = os.Stdout
+	// cmd.Stderr = os.Stderr
+
+	err = cmd.Start()
+	c.Assert(err, checker.IsNil)
+	defer cmd.Process.Kill()
+
+	whoami1 := s.composeProject.Container(c, "whoami1")
+	whoami2 := s.composeProject.Container(c, "whoami2")
+	whoami3 := s.composeProject.Container(c, "whoami3")
+	whoami4 := s.composeProject.Container(c, "whoami4")
+
+	backend1 := map[string]string{
+		"/traefik/backends/backend1/circuitbreaker/expression": "NetworkErrorRatio() > 0.5",
+		"/traefik/backends/backend1/servers/server1/url":       "http://" + whoami1.NetworkSettings.IPAddress + ":80",
+		"/traefik/backends/backend1/servers/server1/weight":    "10",
+		"/traefik/backends/backend1/servers/server2/url":       "http://" + whoami2.NetworkSettings.IPAddress + ":80",
+		"/traefik/backends/backend1/servers/server2/weight":    "1",
+	}
+	backend2 := map[string]string{
+		"/traefik/backends/backend2/loadbalancer/method":    "drr",
+		"/traefik/backends/backend2/servers/server1/url":    "http://" + whoami3.NetworkSettings.IPAddress + ":80",
+		"/traefik/backends/backend2/servers/server1/weight": "1",
+		"/traefik/backends/backend2/servers/server2/url":    "http://" + whoami4.NetworkSettings.IPAddress + ":80",
+		"/traefik/backends/backend2/servers/server2/weight": "2",
+	}
+	frontend1 := map[string]string{
+		"/traefik/frontends/frontend1/backend":            "backend2",
+		"/traefik/frontends/frontend1/entrypoints":        "http",
+		"/traefik/frontends/frontend1/priority":           "1",
+		"/traefik/frontends/frontend1/routes/test_1/rule": "Host:test.localhost",
+	}
+	frontend2 := map[string]string{
+		"/traefik/frontends/frontend2/backend":            "backend1",
+		"/traefik/frontends/frontend2/entrypoints":        "http",
+		"/traefik/frontends/frontend2/priority":           "10",
+		"/traefik/frontends/frontend2/routes/test_2/rule": "Path:/test",
+	}
+	for key, value := range backend1 {
+		err := s.kv.Put(key, []byte(value), nil)
+		c.Assert(err, checker.IsNil)
+	}
+	for key, value := range backend2 {
+		err := s.kv.Put(key, []byte(value), nil)
+		c.Assert(err, checker.IsNil)
+	}
+	for key, value := range frontend1 {
+		err := s.kv.Put(key, []byte(value), nil)
+		c.Assert(err, checker.IsNil)
+	}
+	for key, value := range frontend2 {
+		err := s.kv.Put(key, []byte(value), nil)
+		c.Assert(err, checker.IsNil)
+	}
+
+	// wait for etcd
+	err = utils.Try(60*time.Second, func() error {
+		_, err := s.kv.Exists("/traefik/frontends/frontend2/routes/test_2/rule")
+		if err != nil {
+			return err
+		}
+		return nil
+	})
+	c.Assert(err, checker.IsNil)
+
+	// wait for traefik
+	err = utils.TryRequest("http://127.0.0.1:8080/api/providers", 60*time.Second, func(res *http.Response) error {
+		body, err := ioutil.ReadAll(res.Body)
+		if err != nil {
+			return err
+		}
+		if !strings.Contains(string(body), "Path:/test") {
+			return errors.New("Incorrect traefik config")
+		}
+		return nil
+	})
+	c.Assert(err, checker.IsNil)
+
+	//check
+	client := &http.Client{}
+	req, err := http.NewRequest("GET", "http://127.0.0.1:8001/", nil)
+	c.Assert(err, checker.IsNil)
+	req.Host = "test.localhost"
+	response, err := client.Do(req)
+
+	c.Assert(err, checker.IsNil)
+	c.Assert(response.StatusCode, checker.Equals, 200)
+}
+
+func (s *EtcdSuite) TestCertificatesContentstWithSNIConfigHandshake(c *check.C) {
+	etcdHost := s.composeProject.Container(c, "etcd").NetworkSettings.IPAddress
+	// start traefik
+	cmd := exec.Command(traefikBinary, "--configFile=fixtures/simple_web.toml", "--etcd", "--etcd.endpoint="+etcdHost+":4001")
+	// cmd.Stdout = os.Stdout
+	// cmd.Stderr = os.Stderr
+
+	whoami1 := s.composeProject.Container(c, "whoami1")
+	whoami2 := s.composeProject.Container(c, "whoami2")
+	whoami3 := s.composeProject.Container(c, "whoami3")
+	whoami4 := s.composeProject.Container(c, "whoami4")
+
+	//Copy the contents of the certificate files into ETCD
+	snitestComCert, err := ioutil.ReadFile("fixtures/https/snitest.com.cert")
+	c.Assert(err, checker.IsNil)
+	snitestComKey, err := ioutil.ReadFile("fixtures/https/snitest.com.key")
+	c.Assert(err, checker.IsNil)
+	snitestOrgCert, err := ioutil.ReadFile("fixtures/https/snitest.org.cert")
+	c.Assert(err, checker.IsNil)
+	snitestOrgKey, err := ioutil.ReadFile("fixtures/https/snitest.org.key")
+	c.Assert(err, checker.IsNil)
+
+	globalConfig := map[string]string{
+		"/traefik/entrypoints/https/address":                     ":4443",
+		"/traefik/entrypoints/https/tls/certificates/0/certfile": string(snitestComCert),
+		"/traefik/entrypoints/https/tls/certificates/0/keyfile":  string(snitestComKey),
+		"/traefik/entrypoints/https/tls/certificates/1/certfile": string(snitestOrgCert),
+		"/traefik/entrypoints/https/tls/certificates/1/keyfile":  string(snitestOrgKey),
+		"/traefik/defaultentrypoints/0":                          "https",
+	}
+
+	backend1 := map[string]string{
+		"/traefik/backends/backend1/circuitbreaker/expression": "NetworkErrorRatio() > 0.5",
+		"/traefik/backends/backend1/servers/server1/url":       "http://" + whoami1.NetworkSettings.IPAddress + ":80",
+		"/traefik/backends/backend1/servers/server1/weight":    "10",
+		"/traefik/backends/backend1/servers/server2/url":       "http://" + whoami2.NetworkSettings.IPAddress + ":80",
+		"/traefik/backends/backend1/servers/server2/weight":    "1",
+	}
+	backend2 := map[string]string{
+		"/traefik/backends/backend2/loadbalancer/method":    "drr",
+		"/traefik/backends/backend2/servers/server1/url":    "http://" + whoami3.NetworkSettings.IPAddress + ":80",
+		"/traefik/backends/backend2/servers/server1/weight": "1",
+		"/traefik/backends/backend2/servers/server2/url":    "http://" + whoami4.NetworkSettings.IPAddress + ":80",
+		"/traefik/backends/backend2/servers/server2/weight": "2",
+	}
+	frontend1 := map[string]string{
+		"/traefik/frontends/frontend1/backend":            "backend2",
+		"/traefik/frontends/frontend1/entrypoints":        "http",
+		"/traefik/frontends/frontend1/priority":           "1",
+		"/traefik/frontends/frontend1/routes/test_1/rule": "Host:snitest.com",
+	}
+	frontend2 := map[string]string{
+		"/traefik/frontends/frontend2/backend":            "backend1",
+		"/traefik/frontends/frontend2/entrypoints":        "http",
+		"/traefik/frontends/frontend2/priority":           "10",
+		"/traefik/frontends/frontend2/routes/test_2/rule": "Host:snitest.org",
+	}
+	for key, value := range globalConfig {
+		err := s.kv.Put(key, []byte(value), nil)
+		c.Assert(err, checker.IsNil)
+	}
+	for key, value := range backend1 {
+		err := s.kv.Put(key, []byte(value), nil)
+		c.Assert(err, checker.IsNil)
+	}
+	for key, value := range backend2 {
+		err := s.kv.Put(key, []byte(value), nil)
+		c.Assert(err, checker.IsNil)
+	}
+	for key, value := range frontend1 {
+		err := s.kv.Put(key, []byte(value), nil)
+		c.Assert(err, checker.IsNil)
+	}
+	for key, value := range frontend2 {
+		err := s.kv.Put(key, []byte(value), nil)
+		c.Assert(err, checker.IsNil)
+	}
+
+	// wait for etcd
+	err = utils.Try(60*time.Second, func() error {
+		_, err := s.kv.Exists("/traefik/frontends/frontend2/routes/test_2/rule")
+		if err != nil {
+			return err
+		}
+		return nil
+	})
+	c.Assert(err, checker.IsNil)
+
+	err = cmd.Start()
+	c.Assert(err, checker.IsNil)
+	defer cmd.Process.Kill()
+
+	// wait for traefik
+	err = utils.TryRequest("http://127.0.0.1:8080/api/providers", 60*time.Second, func(res *http.Response) error {
+		body, err := ioutil.ReadAll(res.Body)
+		if err != nil {
+			return err
+		}
+		if !strings.Contains(string(body), "Host:snitest.org") {
+			return errors.New("Incorrect traefik config")
+		}
+		return nil
+	})
+	c.Assert(err, checker.IsNil)
+
+	//check
+	tlsConfig := &tls.Config{
+		InsecureSkipVerify: true,
+		ServerName:         "snitest.com",
+	}
+	conn, err := tls.Dial("tcp", "127.0.0.1:4443", tlsConfig)
+	c.Assert(err, checker.IsNil, check.Commentf("failed to connect to server"))
+
+	defer conn.Close()
+	err = conn.Handshake()
+	c.Assert(err, checker.IsNil, check.Commentf("TLS handshake error"))
+
+	cs := conn.ConnectionState()
+	err = cs.PeerCertificates[0].VerifyHostname("snitest.com")
+	c.Assert(err, checker.IsNil, check.Commentf("certificate did not match SNI servername"))
+}
+
+func (s *EtcdSuite) TestCommandStoreConfig(c *check.C) {
+	etcdHost := s.composeProject.Container(c, "etcd").NetworkSettings.IPAddress
+
+	cmd := exec.Command(traefikBinary, "storeconfig", "--configFile=fixtures/simple_web.toml", "--etcd.endpoint="+etcdHost+":4001")
+	err := cmd.Start()
+	c.Assert(err, checker.IsNil)
+
+	// wait for traefik finish without error
+	cmd.Wait()
+
+	//CHECK
+	checkmap := map[string]string{
+		"/traefik/loglevel":                 "DEBUG",
+		"/traefik/defaultentrypoints/0":     "http",
+		"/traefik/entrypoints/http/address": ":8000",
+		"/traefik/web/address":              ":8080",
+		"/traefik/etcd/endpoint":            (etcdHost + ":4001"),
+	}
+
+	for key, value := range checkmap {
+		var p *store.KVPair
+		err = utils.Try(60*time.Second, func() error {
+			p, err = s.kv.Get(key)
+			if err != nil {
+				return err
+			}
+			return nil
+		})
+		c.Assert(err, checker.IsNil)
+
+		c.Assert(string(p.Value), checker.Equals, value)
+
+	}
+}
--- a/integration/eureka_test.go
+++ b/integration/eureka_test.go
@@ -0,0 +1,111 @@
+package main
+
+import (
+	"bytes"
+	"errors"
+	"io/ioutil"
+	"net/http"
+	"os"
+	"os/exec"
+	"strings"
+	"text/template"
+	"time"
+
+	"github.com/containous/traefik/integration/utils"
+	"github.com/go-check/check"
+
+	checker "github.com/vdemeester/shakers"
+)
+
+// Eureka test suites (using libcompose)
+type EurekaSuite struct{ BaseSuite }
+
+func (s *EurekaSuite) SetUpSuite(c *check.C) {
+	s.createComposeProject(c, "eureka")
+	s.composeProject.Start(c)
+
+}
+
+func (s *EurekaSuite) TestSimpleConfiguration(c *check.C) {
+
+	eurekaHost := s.composeProject.Container(c, "eureka").NetworkSettings.IPAddress
+	whoami1Host := s.composeProject.Container(c, "whoami1").NetworkSettings.IPAddress
+
+	file := s.adaptFile(c, "fixtures/eureka/simple.toml", struct{ EurekaHost string }{eurekaHost})
+	defer os.Remove(file)
+	cmd := exec.Command(traefikBinary, "--configFile="+file)
+	err := cmd.Start()
+	c.Assert(err, checker.IsNil)
+	defer cmd.Process.Kill()
+
+	eurekaURL := "http://" + eurekaHost + ":8761/eureka/apps"
+
+	// wait for eureka
+	err = utils.TryRequest(eurekaURL, 60*time.Second, func(res *http.Response) error {
+		if err != nil {
+			return err
+		}
+		return nil
+	})
+	c.Assert(err, checker.IsNil)
+
+	eurekaTemplate := `
+	{
+    "instance": {
+        "hostName": "{{ .IP }}",
+        "app": "{{ .ID }}",
+        "ipAddr": "{{ .IP }}",
+        "status": "UP",
+        "port": {
+            "$": {{ .Port }},
+            "@enabled": "true"
+        },
+        "dataCenterInfo": {
+            "name": "MyOwn"
+        }
+    }
+	}`
+
+	tmpl, err := template.New("eurekaTemlate").Parse(eurekaTemplate)
+	c.Assert(err, checker.IsNil)
+	buf := new(bytes.Buffer)
+	templateVars := map[string]string{
+		"ID":   "tests-integration-traefik",
+		"IP":   whoami1Host,
+		"Port": "80",
+	}
+	// add in eureka
+	err = tmpl.Execute(buf, templateVars)
+	resp, err := http.Post(eurekaURL+"/tests-integration-traefik", "application/json", strings.NewReader(buf.String()))
+	c.Assert(err, checker.IsNil)
+	c.Assert(resp.StatusCode, checker.Equals, 204)
+
+	// wait for traefik
+	err = utils.TryRequest("http://127.0.0.1:8080/api/providers", 60*time.Second, func(res *http.Response) error {
+		body, err := ioutil.ReadAll(res.Body)
+		if err != nil {
+			return err
+		}
+		if !strings.Contains(string(body), "Host:tests-integration-traefik") {
+			return errors.New("Incorrect traefik config")
+		}
+		return nil
+	})
+	c.Assert(err, checker.IsNil)
+
+	client := &http.Client{}
+	req, err := http.NewRequest("GET", "http://127.0.0.1:8000/", nil)
+	c.Assert(err, checker.IsNil)
+	req.Host = "tests-integration-traefik"
+	resp, err = client.Do(req)
+
+	c.Assert(err, checker.IsNil)
+	c.Assert(resp.StatusCode, checker.Equals, 200)
+
+	// TODO validate : run on 80
+	resp, err = http.Get("http://127.0.0.1:8000/")
+
+	// Expected a 404 as we did not configure anything
+	c.Assert(err, checker.IsNil)
+	c.Assert(resp.StatusCode, checker.Equals, 404)
+}
--- a/integration/file_test.go
+++ b/integration/file_test.go
@@ -5,18 +5,28 @@ import (
 	"os/exec"
 	"time"

+	"github.com/go-check/check"
+
 	checker "github.com/vdemeester/shakers"
-	check "gopkg.in/check.v1"
 )

+// File test suites
+type FileSuite struct{ BaseSuite }
+
+func (s *FileSuite) SetUpSuite(c *check.C) {
+	s.createComposeProject(c, "file")
+
+	s.composeProject.Start(c)
+}
+
 func (s *FileSuite) TestSimpleConfiguration(c *check.C) {
-	cmd := exec.Command(traefikBinary, "fixtures/file/simple.toml")
+	cmd := exec.Command(traefikBinary, "--configFile=fixtures/file/simple.toml")
 	err := cmd.Start()
 	c.Assert(err, checker.IsNil)
 	defer cmd.Process.Kill()

-	time.Sleep(500 * time.Millisecond)
-	resp, err := http.Get("http://127.0.0.1/")
+	time.Sleep(1000 * time.Millisecond)
+	resp, err := http.Get("http://127.0.0.1:8000/")

 	// Expected a 404 as we did not configure anything
 	c.Assert(err, checker.IsNil)
@@ -25,13 +35,13 @@ func (s *FileSuite) TestSimpleConfiguration(c *check.C) {

 // #56 regression test, make sure it does not fail
 func (s *FileSuite) TestSimpleConfigurationNoPanic(c *check.C) {
-	cmd := exec.Command(traefikBinary, "fixtures/file/56-simple-panic.toml")
+	cmd := exec.Command(traefikBinary, "--configFile=fixtures/file/56-simple-panic.toml")
 	err := cmd.Start()
 	c.Assert(err, checker.IsNil)
 	defer cmd.Process.Kill()

-	time.Sleep(500 * time.Millisecond)
-	resp, err := http.Get("http://127.0.0.1/")
+	time.Sleep(1000 * time.Millisecond)
+	resp, err := http.Get("http://127.0.0.1:8000/")

 	// Expected a 404 as we did not configure anything
 	c.Assert(err, checker.IsNil)
--- a/integration/fixtures/access_log_config.toml
+++ b/integration/fixtures/access_log_config.toml
@@ -0,0 +1,46 @@
+################################################################
+# Global configuration
+################################################################
+traefikLogsFile = "traefik.log"
+accessLogsFile = "access.log"
+logLevel = "ERROR"
+defaultEntryPoints = ["http"]
+[entryPoints]
+  [entryPoints.http]
+  address = ":8000"
+
+################################################################
+# Web configuration backend
+################################################################
+[web]
+address = ":7888"
+
+################################################################
+# File configuration backend
+################################################################
+[file]
+
+################################################################
+# rules
+################################################################
+ [backends]
+   [backends.backend1]
+     [backends.backend1.servers.server1]
+       url = "http://127.0.0.1:8081"
+   [backends.backend2]
+     [backends.backend2.LoadBalancer]
+       method = "drr"
+     [backends.backend2.servers.server1]
+       url = "http://127.0.0.1:8082"
+     [backends.backend2.servers.server2]
+       url = "http://127.0.0.1:8083"
+  [frontends]
+   [frontends.frontend1]
+   backend = "backend1"
+     [frontends.frontend1.routes.test_1]
+     rule = "Path: /test1"
+   [frontends.frontend2]
+   backend = "backend2"
+   passHostHeader = true
+     [frontends.frontend2.routes.test_2]
+     rule = "Path: /test2"
--- a/integration/fixtures/acme/acme.toml
+++ b/integration/fixtures/acme/acme.toml
@@ -0,0 +1,32 @@
+logLevel = "DEBUG"
+
+defaultEntryPoints = ["http", "https"]
+
+[entryPoints]
+  [entryPoints.http]
+  address = ":8080"
+  [entryPoints.https]
+  address = ":5001"
+    [entryPoints.https.tls]
+
+
+[acme]
+email = "test@traefik.io"
+storage = "/dev/null"
+entryPoint = "https"
+onDemand = true
+caServer = "http://{{.BoulderHost}}:4000/directory"
+
+[file]
+
+[backends]
+  [backends.backend]
+    [backends.backend.servers.server1]
+    url = "http://127.0.0.1:9010"
+
+
+[frontends]
+  [frontends.frontend]
+  backend = "backend"
+    [frontends.frontend.routes.test]
+    rule = "Host:traefik.acme.wtf"
--- a/integration/fixtures/consul/simple.toml
+++ b/integration/fixtures/consul/simple.toml
@@ -1,11 +1,16 @@
-# Reverse proxy port
-#
-# Optional
-# Default: ":80"
-#
-# port = ":80"
-#
-# LogLevel
+defaultEntryPoints = ["http"]
+
 logLevel = "DEBUG"

+[entryPoints]
+  [entryPoints.http]
+  address = ":8000"
+
+
 [consul]
+  endpoint = "{{.ConsulHost}}:8500"
+  watch = true
+  prefix = "traefik"
+  
+[web]
+  address = ":8081"
--- a/Show More
+++ b/Show More