Prepare release v2.0.0

Disable collect data by default.
Fix error in the documentation for CLI configuration example
2025-09-05 01:44:24 +03:00 · 2019-09-16 18:28:04 +02:00 · 2019-09-16 17:26:06 +02:00 · 2019-09-16 16:36:03 +02:00 · 2019-09-16 15:34:05 +02:00 · 2019-09-16 15:18:06 +02:00
6368 changed files with 138738 additions and 1878469 deletions
--- a/.gitattributes
+++ b/.gitattributes
@@ -0,0 +1 @@
 # vendor/github.com/go-acme/lego/providers/dns/cloudxns/cloudxns.go eol=crlf
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -0,0 +1,24 @@
 provider/kubernetes/**  @containous/kubernetes
 provider/rancher/**     @containous/rancher
 provider/marathon/**    @containous/marathon
 provider/docker/**      @containous/docker
 docs/user-guide/kubernetes.md       @containous/kubernetes
 docs/user-guide/marathon.md         @containous/marathon
 docs/user-guide/swarm.md            @containous/docker
 docs/user-guide/swarm-mode.md       @containous/docker
 docs/configuration/backends/docker.md       @containous/docker
 docs/configuration/backends/kubernetes.md   @containous/kubernetes
 docs/configuration/backends/marathon.md     @containous/marathon
 docs/configuration/backends/rancher.md      @containous/rancher
 examples/k8s/                   @containous/kubernetes
 examples/compose-k8s.yaml       @containous/kubernetes
 examples/k8s.namespace.yaml     @containous/kubernetes
 examples/compose-rancher.yml    @containous/rancher
 examples/compose-marathon.yml   @containous/marathon
 vendor/github.com/gambol99/go-marathon  @containous/marathon
 vendor/github.com/rancher               @containous/rancher
 vendor/k8s.io/                          @containous/kubernetes
--- a/.github/CONTRIBUTING.md
+++ b/.github/CONTRIBUTING.md
@@ -1,150 +0,0 @@
 # Contributing
 ### Building
 You need either [Docker](https://github.com/docker/docker) and `make` (Method 1), or `go` (Method 2) in order to build traefik. For changes to its dependencies, the `glide` dependency management tool and `glide-vc` plugin are required.
 #### Method 1: Using `Docker` and `Makefile`
 You need to run the `binary` target. This will create binaries for Linux platform in the `dist` folder.
 ```bash
 $ make binary
 docker build -t "traefik-dev:no-more-godep-ever" -f build.Dockerfile .
 Sending build context to Docker daemon 295.3 MB
 Step 0 : FROM golang:1.7
 ---> 8c6473912976
 Step 1 : RUN go get github.com/Masterminds/glide
 [...]
 docker run --rm  -v "/var/run/docker.sock:/var/run/docker.sock" -it -e OS_ARCH_ARG -e OS_PLATFORM_ARG -e TESTFLAGS -v "/home/emile/dev/go/src/github.com/containous/traefik/"dist":/go/src/github.com/containous/traefik/"dist"" "traefik-dev:no-more-godep-ever" ./script/make.sh generate binary
 ---> Making bundle: generate (in .)
 removed 'gen.go'
 ---> Making bundle: binary (in .)
 $ ls dist/
 traefik*
 ```
 #### Method 2: Using `go`
 ###### Setting up your `go` environment
 - You need `go` v1.7+
 - It is recommended you clone Træfik into a directory like `~/go/src/github.com/containous/traefik` (This is the official golang workspace hierarchy, and will allow dependencies to resolve properly)
 - This will allow your `GOPATH` and `PATH` variable to be set to `~/go` via:
 ```bash
 $ export GOPATH=~/go
 $ export PATH=$PATH:$GOPATH/bin
 ```
 This can be verified via `$ go env`
 - You will want to add those 2 export lines to your `.bashrc` or `.bash_profile`
 - You need `go-bindata` to be able to use `go generate` command (needed to build) : `$ go get github.com/jteeuwen/go-bindata/...` (Please note, the ellipses are required)
 #### Setting up `glide` and `glide-vc` for dependency management
 - Glide is not required for building; however, it is necessary to modify dependencies (i.e., add, update, or remove third-party packages)
 - Glide can be installed either via homebrew: `$ brew install glide` or via the official glide script: `$ curl https://glide.sh/get | sh`
 - The glide plugin `glide-vc` must be installed from source: `go get github.com/sgotti/glide-vc`
 If you want to add a dependency, use `$ glide get` to have glide put it into the vendor folder and update the glide manifest/lock files (`glide.yaml` and `glide.lock`, respectively). A following `glide-vc` run should be triggered to trim down the size of the vendor folder. The final result must be committed into VCS.
 Dependencies for the integration tests in the `integration` folder are managed in a separate `integration/glide.yaml` file using the same toolset.
 Care must be taken to choose the right arguments to `glide` when dealing with either main or integration test dependencies, or otherwise risk ending up with a broken build. For that reason, the helper script `script/glide.sh` encapsulates the gory details and conveniently calls `glide-vc` as well. Call it without parameters for basic usage instructions.
 Here's a full example:
 ```bash
 # install the new main dependency github.com/foo/bar and minimize vendor size
 $ ./script/glide.sh get github.com/foo/bar
 # install another dependency, this time for the integration tests
 $ ( cd integration && ../script/glide.sh get github.com/baz/quuz )
 # generate (Only required to integrate other components such as web dashboard)
 $ go generate
 # Standard go build
 $ go build
 # Using gox to build multiple platform
 $ gox "linux darwin" "386 amd64 arm" \
    -output="dist/traefik_{{.OS}}-{{.Arch}}" \
    ./cmd/traefik
 # run other commands like tests
 ```
 ### Tests
 ##### Method 1: `Docker` and `make`
 You can run unit tests using the `test-unit` target and the
 integration test using the `test-integration` target.
 ```bash
 $ make test-unit
 docker build -t "traefik-dev:your-feature-branch" -f build.Dockerfile .
 # […]
 docker run --rm -it -e OS_ARCH_ARG -e OS_PLATFORM_ARG -e TESTFLAGS -v "/home/vincent/src/github/vdemeester/traefik/dist:/go/src/github.com/containous/traefik/dist" "traefik-dev:your-feature-branch" ./script/make.sh generate test-unit
 ---> Making bundle: generate (in .)
 removed 'gen.go'
 ---> Making bundle: test-unit (in .)
 + go test -cover -coverprofile=cover.out .
 ok      github.com/containous/traefik   0.005s  coverage: 4.1% of statements
 Test success
 ```
 For development purposes, you can specify which tests to run by using:
 ```bash
 # Run every tests in the MyTest suite
 TESTFLAGS="-check.f MyTestSuite" make test-integration
 # Run the test "MyTest" in the MyTest suite
 TESTFLAGS="-check.f MyTestSuite.MyTest" make test-integration
 # Run every tests starting with "My", in the MyTest suite
 TESTFLAGS="-check.f MyTestSuite.My" make test-integration
 # Run every tests ending with "Test", in the MyTest suite
 TESTFLAGS="-check.f MyTestSuite.*Test" make test-integration
 ```
 More: https://labix.org/gocheck
 ##### Method 2: `go`
 - Tests can be run from the cloned directory, by `$ go test ./...` which should return `ok` similar to:
 ```
 ok      _/home/vincent/src/github/vdemeester/traefik    0.004s
 ```
 ### Documentation
 The [documentation site](http://docs.traefik.io/) is built with [mkdocs](http://mkdocs.org/)
 First make sure you have python and pip installed
 ```shell
 $ python --version
 Python 2.7.2
 $ pip --version
 pip 1.5.2
 ```
 Then install mkdocs with pip
 ```shell
 $ pip install mkdocs
 ```
 To test documentation locally run `mkdocs serve` in the root directory, this should start a server locally to preview your changes.
 ```shell
 $ mkdocs serve
 INFO    -  Building documentation...
 WARNING -  Config value: 'theme'. Warning: The theme 'united' will be removed in an upcoming MkDocs release. See http://www.mkdocs.org/about/release-notes/ for more details
 INFO    -  Cleaning site directory
 [I 160505 22:31:24 server:281] Serving on http://127.0.0.1:8000
 [I 160505 22:31:24 handlers:59] Start watching changes
 [I 160505 22:31:24 handlers:61] Start detecting changes
 ```
--- a/.github/ISSUE_TEMPLATE.md
+++ b/.github/ISSUE_TEMPLATE.md
@@ -1,32 +1,46 @@
 <!--
-PLEASE READ THIS MESSAGE.
+DO NOT FILE ISSUES FOR GENERAL SUPPORT QUESTIONS.
-Please keep in mind that the GitHub issue tracker is not intended as a general support forum, but for reporting bugs and feature requests.
+The issue tracker is for reporting bugs and feature requests only.
 For end-user related support questions, please refer to one of the following:
-For other type of questions, consider using one of:
+- the Traefik community forum: https://community.containo.us/
- the Traefik community Slack channel: https://traefik.herokuapp.com
+-->
- StackOverflow: https://stackoverflow.com/questions/tagged/traefik
+
 ### Do you want to request a *feature* or report a *bug*?
 <!--
 If you intend to ask a support question: DO NOT FILE AN ISSUE.
 -->
 ### Did you try using a 1.7.x configuration for the version 2.0?
 - [ ] Yes
 - [ ] No
 <!--
 If you just checked the "Yes" box, be aware that this is probably not a bug. The configurations between 1.X and 2.X are NOT compatible. Please have a look here https://docs.traefik.io/v2.0/getting-started/configuration-overview/.
 -->
 ### What did you do?
 <!--
 HOW TO WRITE A GOOD ISSUE?
- if it's possible use the command `traefik bug`. See https://www.youtube.com/watch?v=Lyz62L8m93I. 
+- Respect the issue template as much as possible.
- The title must be short and descriptive.
+- The title should be short and descriptive.
- Explain the conditions which led you to write this issue: the context.
+- Explain the conditions which led you to report this issue: the context.
 - The context should lead to something, an idea or a problem that you’re facing.
 - Remain clear and concise.
 - Format your messages to help the reader focus on what matters and understand the structure of your message, use Markdown syntax https://help.github.com/articles/github-flavored-markdown
 -->
 ### Do you want to request a *feature* or report a *bug*?
 ### What did you do?
 ### What did you expect to see?
@@ -37,6 +51,16 @@ HOW TO WRITE A GOOD ISSUE?
 ### Output of `traefik version`: (_What version of Traefik are you using?_)
 <!--
 For the Traefik Docker image:
    docker run [IMAGE] version
    ex: docker run traefik version
 For the alpine Traefik Docker image:
    docker run [IMAGE] traefik version
    ex: docker run traefik traefik version
 -->
 ```
 (paste your output here)
 ```
@@ -51,7 +75,7 @@ Add more configuration information here.
 -->
-### If applicable, please paste the log output in debug mode (`--debug` switch)
+### If applicable, please paste the log output at DEBUG level (`--log.level=DEBUG` switch)
 ```
 (paste your output here)
--- a/.github/ISSUE_TEMPLATE/Bug_report.md
+++ b/.github/ISSUE_TEMPLATE/Bug_report.md
@@ -0,0 +1,87 @@
 ---
 name: Bug report
 about: Create a report to help us improve
 ---
 <!--
 DO NOT FILE ISSUES FOR GENERAL SUPPORT QUESTIONS.
 The issue tracker is for reporting bugs and feature requests only.
 For end-user related support questions, please refer to one of the following:
 - the Traefik community forum: https://community.containo.us/
 -->
 ### Do you want to request a *feature* or report a *bug*?
 Bug
 ### Did you try using a 1.7.x configuration for the version 2.0?
 - [ ] Yes
 - [ ] No
 <!--
 If you just checked the "Yes" box, be aware that this is probably not a bug. The configurations between 1.X and 2.X are NOT compatible. Please have a look here https://docs.traefik.io/v2.0/getting-started/configuration-overview/.
 -->
 ### What did you do?
 <!--
 HOW TO WRITE A GOOD BUG REPORT?
 - Respect the issue template as much as possible.
 - The title should be short and descriptive.
 - Explain the conditions which led you to report this issue: the context.
 - The context should lead to something, an idea or a problem that you’re facing.
 - Remain clear and concise.
 - Format your messages to help the reader focus on what matters and understand the structure of your message, use Markdown syntax https://help.github.com/articles/github-flavored-markdown
 -->
 ### What did you expect to see?
 ### What did you see instead?
 ### Output of `traefik version`: (_What version of Traefik are you using?_)
 <!--
 For the Traefik Docker image:
    docker run [IMAGE] version
    ex: docker run traefik version
 For the alpine Traefik Docker image:
    docker run [IMAGE] traefik version
    ex: docker run traefik traefik version
 -->
 ```
 (paste your output here)
 ```
 ### What is your environment & configuration (arguments, toml, provider, platform, ...)?
 ```toml
 # (paste your configuration here)
 ```
 <!--
 Add more configuration information here.
 -->
 ### If applicable, please paste the log output in DEBUG level (`--log.level=DEBUG` switch)
 ```
 (paste your output here)
 ```
--- a/.github/ISSUE_TEMPLATE/Feature_request.md
+++ b/.github/ISSUE_TEMPLATE/Feature_request.md
@@ -0,0 +1,35 @@
 ---
 name: Feature request
 about: Suggest an idea for this project
 ---
 <!--
 DO NOT FILE ISSUES FOR GENERAL SUPPORT QUESTIONS.
 The issue tracker is for reporting bugs and feature requests only.
 For end-user related support questions, please refer to one of the following:
 - the Traefik community forum: https://community.containo.us/
 -->
 ### Do you want to request a *feature* or report a *bug*?
 Feature
 ### What did you expect to see?
 <!--
 HOW TO WRITE A GOOD ISSUE?
 - Respect the issue template as much as possible.
 - The title should be short and descriptive.
 - Explain the conditions which led you to report this issue: the context.
 - The context should lead to something, an idea or a problem that you’re facing.
 - Remain clear and concise.
 - Format your messages to help the reader focus on what matters and understand the structure of your message, use Markdown syntax https://help.github.com/articles/github-flavored-markdown
 -->
--- a/.github/PULL_REQUEST_TEMPLATE.md
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@@ -12,12 +12,25 @@ HOW TO WRITE A GOOD PULL REQUEST?
 - Write useful descriptions and titles.
 - Address review comments in terms of additional commits.
 - Do not amend/squash existing ones unless the PR is trivial.
- Read the contributing guide: https://github.com/containous/traefik/blob/master/.github/CONTRIBUTING.md.
+- Read the contributing guide: https://github.com/containous/traefik/blob/master/CONTRIBUTING.md.
 -->
-### Description
+### What does this PR do?
-<!--
+<!-- A brief description of the change being made with this pull request. -->
-Briefly describe the pull request in a few paragraphs.
+
-->
+
 ### Motivation
 <!-- What inspired you to submit this pull request? -->
 ### More
 - [ ] Added/updated tests
 - [ ] Added/updated documentation
 ### Additional Notes
 <!-- Anything else we should know when reviewing? -->
--- a/.github/PULL_REQUEST_TEMPLATE/mergeback.md
+++ b/.github/PULL_REQUEST_TEMPLATE/mergeback.md
@@ -0,0 +1,7 @@
 ### What does this PR do?
 Merge v{{.Version}} into master
 ### Motivation
 Be sync.
--- a/.github/PULL_REQUEST_TEMPLATE/release.md
+++ b/.github/PULL_REQUEST_TEMPLATE/release.md
@@ -0,0 +1,7 @@
 ### What does this PR do?
 Prepare release v{{.Version}}.
 ### Motivation
 Create a new release.
--- a/.github/cpr.sh
+++ b/.github/cpr.sh
@@ -1,26 +0,0 @@
 #!/bin/sh
 #
 # git config --global alias.cpr '!sh .github/cpr.sh'
 set -e # stop on error
 usage="$(basename "$0") pr -- Checkout a Pull Request locally"
 if [ "$#" -ne 1 ]; then
    echo "Illegal number of parameters"
    echo "$usage" >&2
    exit 1
 fi
 command -v jq >/dev/null 2>&1 || { echo "I require jq but it's not installed.  Aborting." >&2; exit 1; }
 set -x # echo on
 initial=$(git rev-parse --abbrev-ref HEAD)
 pr=$1
 remote=$(curl -s https://api.github.com/repos/containous/traefik/pulls/$pr | jq -r .head.repo.owner.login)
 branch=$(curl -s https://api.github.com/repos/containous/traefik/pulls/$pr | jq -r .head.ref)
 git remote add $remote git@github.com:$remote/traefik.git
 git fetch $remote $branch
 git checkout -t -b "$pr--$branch" $remote/$branch
--- a/.github/rmpr.sh
+++ b/.github/rmpr.sh
@@ -1,27 +0,0 @@
 #!/bin/sh
 #
 # git config --global alias.rmpr '!sh .github/rmpr.sh'
 set -e # stop on error
 usage="$(basename "$0") pr -- remove a Pull Request local branch & remote"
 if [ "$#" -ne 1 ]; then
    echo "Illegal number of parameters"
    echo "$usage" >&2
    exit 1
 fi
 command -v jq >/dev/null 2>&1 || { echo "I require jq but it's not installed.  Aborting." >&2; exit 1; }
 set -x # echo on
 initial=$(git rev-parse --abbrev-ref HEAD)
 pr=$1
 remote=$(curl -s https://api.github.com/repos/containous/traefik/pulls/$pr | jq -r .head.repo.owner.login)
 branch=$(curl -s https://api.github.com/repos/containous/traefik/pulls/$pr | jq -r .head.ref)
 # clean
 git checkout $initial
 git branch -D "$pr--$branch"
 git remote remove $remote
--- a/.github/rpr.sh
+++ b/.github/rpr.sh
@@ -1,36 +0,0 @@
 #!/bin/sh
 #
 # git config --global alias.rpr '!sh .github/rpr.sh'
 set -e # stop on error
 usage="$(basename "$0") pr remote/branch -- rebase a Pull Request against a remote branch"
 if [ "$#" -ne 2 ]; then
    echo "Illegal number of parameters"
    echo "$usage" >&2
    exit 1
 fi
 command -v jq >/dev/null 2>&1 || { echo "I require jq but it's not installed.  Aborting." >&2; exit 1; }
 set -x # echo on
 initial=$(git rev-parse --abbrev-ref HEAD)
 pr=$1
 base=$2
 remote=$(curl -s https://api.github.com/repos/containous/traefik/pulls/$pr | jq -r .head.repo.owner.login)
 branch=$(curl -s https://api.github.com/repos/containous/traefik/pulls/$pr | jq -r .head.ref)
 clean ()
 {
    git checkout $initial
    .github/rmpr.sh $pr
 }
 trap clean EXIT
 .github/cpr.sh $pr
 git rebase $base
 git push --force-with-lease $remote "$pr--$branch"
--- a/.gitignore
+++ b/.gitignore
@@ -1,13 +1,18 @@
-/dist
+.idea/
-/autogen/gen.go
+.intellij/
 .idea
 .intellij
 *.iml
 .vscode/
 .DS_Store
 /dist
 /webui/.tmp/
 /site/
 /docs/site/
 /static/
 /autogen/
 /traefik
 /traefik.toml
-/static/
+/traefik.yml
 .vscode/
 /site/
 *.log
 *.exe
-.DS_Store
+cover.out
 vendor/
--- a/.golangci.toml
+++ b/.golangci.toml
@@ -0,0 +1,90 @@
 [run]
  deadline = "10m"
  skip-files = []
 [linters-settings]
  [linters-settings.govet]
    check-shadowing = false
  [linters-settings.golint]
    min-confidence = 0.0
  [linters-settings.gocyclo]
    min-complexity = 14.0
  [linters-settings.maligned]
    suggest-new = true
  [linters-settings.goconst]
    min-len = 3.0
    min-occurrences = 4.0
  [linters-settings.misspell]
    locale = "US"
  [linters-settings.funlen]
    lines = 230 # default 60
    statements = 120 # default 40
 [linters]
  enable-all = true
  disable = [
    "gocyclo", # FIXME must be fixed
    "gosec",
    "dupl",
    "maligned",
    "lll",
    "unparam",
    "prealloc",
    "scopelint",
    "gochecknoinits",
    "gochecknoglobals",
    "bodyclose", # Too many false-positive and panics.
  ]
 [issues]
  exclude-use-default = false
  max-per-linter = 0
  max-same-issues = 0
  exclude = [
    "SA1019: http.CloseNotifier is deprecated: the CloseNotifier interface predates Go's context package. New code should use Request.Context instead.", # FIXME must be fixed
    "Error return value of .((os\\.)?std(out|err)\\..*|.*Close|.*Flush|os\\.Remove(All)?|.*printf?|os\\.(Un)?Setenv). is not checked",
    "should have a package comment, unless it's in another file for this package",
  ]
 [[issues.exclude-rules]]
    path = "(.+)_test.go"
    linters = ["goconst", "funlen"]
 [[issues.exclude-rules]]
    path = "integration/.+_test.go"
    text = "Error return value of `cmd\\.Process\\.Kill` is not checked"
 [[issues.exclude-rules]]
    path = "integration/(consul_catalog_test|constraint_test).go"
    text = "Error return value of `(s.deregisterService|s.deregisterAgentService)` is not checked"
 [[issues.exclude-rules]]
    path = "integration/grpc_test.go"
    text = "Error return value of `closer` is not checked"
 [[issues.exclude-rules]]
    path = "pkg/h2c/h2c.go"
    text = "Error return value of `rw.Write` is not checked"
 [[issues.exclude-rules]]
    path = "pkg/middlewares/recovery/recovery.go"
    text = "`logger` can be `github.com/stretchr/testify/assert.TestingT`"
 [[issues.exclude-rules]]
    path = "pkg/provider/docker/builder_test.go"
    text = "(U1000: func )?`(.+)` is unused"
 [[issues.exclude-rules]]
    path = "pkg/provider/kubernetes/builder_(endpoint|service)_test.go"
    text = "(U1000: func )?`(.+)` is unused"
 [[issues.exclude-rules]]
    path = "pkg/config/parser/.+_test.go"
    text = "U1000: field `(foo|fuu)` is unused"
 [[issues.exclude-rules]]
    path = "pkg/server/service/bufferpool.go"
    text = "SA6002: argument should be pointer-like to avoid allocations"
 [[issues.exclude-rules]]
    path = "cmd/configuration.go"
    text = "string `traefik` has (\\d) occurrences, make it a constant"
 [[issues.exclude-rules]] # FIXME must be fixed
    path = "cmd/context.go"
    text = "S1000: should use a simple channel send/receive instead of `select` with a single case"
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@@ -0,0 +1,58 @@
 project_name: traefik
 before:
  hooks:
    - go generate
 builds:
  - binary: traefik
    main: ./cmd/traefik/traefik.go
    env:
      - CGO_ENABLED=0
    ldflags:
      - -s -w -X github.com/containous/traefik/v2/pkg/version.Version={{.Version}} -X github.com/containous/traefik/v2/pkg/version.Codename={{.Env.CODENAME}} -X github.com/containous/traefik/v2/pkg/version.BuildDate={{.Date}}
    goos:
      - linux
      - darwin
      - windows
      - freebsd
      - openbsd
    goarch:
      - amd64
      - 386
      - arm
      - arm64
      - ppc64le
    goarm:
      - 7
      - 6
      - 5
    ignore:
      - goos: darwin
        goarch: 386
      - goos: openbsd
        goarch: arm
      - goos: freebsd
        goarch: arm
 changelog:
  skip: true
 archives:
  - id: traefik
    name_template: '{{ .ProjectName }}_v{{ .Version }}_{{ .Os }}_{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}'
    format: tar.gz
    format_overrides:
      - goos: windows
        format: zip
    files:
      - LICENSE.md
      - CHANGELOG.md
 checksum:
  name_template: "{{ .ProjectName }}_v{{ .Version }}_checksums.txt"
 release:
  disable: true
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -1,10 +0,0 @@
 -   repo: git://github.com/pre-commit/pre-commit-hooks
    sha: 44e1753f98b0da305332abe26856c3e621c5c439
    hooks:
    -   id: detect-private-key
 -   repo: git://github.com/containous/pre-commit-hooks
    sha: 35e641b5107671e94102b0ce909648559e568d61
    hooks:
    -   id: goFmt
    -   id: goLint
    -   id: goErrcheck
--- a/.semaphoreci/cleanup.sh
+++ b/.semaphoreci/cleanup.sh
@@ -0,0 +1,4 @@
 #!/usr/bin/env bash
 set -e
 sudo rm -rf static
--- a/.semaphoreci/golang.sh
+++ b/.semaphoreci/golang.sh
@@ -0,0 +1,20 @@
 #!/usr/bin/env bash
 set -e
 curl -O https://dl.google.com/go/go"${GO_VERSION}".linux-amd64.tar.gz
 tar -xvf go"${GO_VERSION}".linux-amd64.tar.gz
 rm -rf go"${GO_VERSION}".linux-amd64.tar.gz
 sudo mkdir -p /usr/local/golang/"${GO_VERSION}"/go
 sudo mv go /usr/local/golang/"${GO_VERSION}"/
 sudo rm /usr/local/bin/go
 sudo chmod +x /usr/local/golang/"${GO_VERSION}"/go/bin/go
 sudo ln -s /usr/local/golang/"${GO_VERSION}"/go/bin/go /usr/local/bin/go
 export GOROOT="/usr/local/golang/${GO_VERSION}/go"
 export GOTOOLDIR="/usr/local/golang/${GO_VERSION}/go/pkg/tool/linux_amd64"
 go version
--- a/.semaphoreci/job1.sh
+++ b/.semaphoreci/job1.sh
@@ -0,0 +1,6 @@
 #!/usr/bin/env bash
 set -e
 if [ -n "$SHOULD_TEST" ]; then ci_retry make pull-images; fi
 if [ -n "$SHOULD_TEST" ]; then ci_retry make test-integration; fi
--- a/.semaphoreci/job2.sh
+++ b/.semaphoreci/job2.sh
@@ -0,0 +1,8 @@
 #!/usr/bin/env bash
 set -e
 ci_retry make validate
 if [ -n "$SHOULD_TEST" ]; then ci_retry make test-unit; fi
 if [ -n "$SHOULD_TEST" ]; then make -j"${N_MAKE_JOBS}" crossbinary-default-parallel; fi
--- a/.semaphoreci/setup.sh
+++ b/.semaphoreci/setup.sh
@@ -1,11 +1,35 @@
-#!/usr/bin/env bash
+# For personnal CI
-set -e
+# mv /home/runner/workspace/src/github.com/<username>/ /home/runner/workspace/src/github.com/containous/
 # cd /home/runner/workspace/src/github.com/containous/traefik/
 for s in apache2 cassandra elasticsearch memcached mysql mongod postgresql sphinxsearch rethinkdb rabbitmq-server redis-server; do sudo service $s stop; done
 sudo swapoff -a
 sudo dd if=/dev/zero of=/swapfile bs=1M count=3072
 sudo mkswap /swapfile
 sudo swapon /swapfile
 sudo rm -rf /home/runner/.rbenv
 sudo rm -rf /usr/local/golang/{1.4.3,1.5.4,1.6.4,1.7.6,1.8.6,1.9.7,1.10.3,1.11}
 #export DOCKER_VERSION=18.06.3
 source .semaphoreci/vars
 if [ -z "${PULL_REQUEST_NUMBER}" ]; then SHOULD_TEST="-*-"; else TEMP_STORAGE=$(curl --silent https://patch-diff.githubusercontent.com/raw/containous/traefik/pull/${PULL_REQUEST_NUMBER}.diff | patch --dry-run -p1 -R || true); fi
 echo ${SHOULD_TEST}
 if [ -n "$TEMP_STORAGE" ]; then SHOULD_TEST=$(echo "$TEMP_STORAGE" | grep -Ev '(.md|.yaml|.yml)' || :); fi
 echo ${TEMP_STORAGE}
 echo ${SHOULD_TEST}
 #if [ -n "$SHOULD_TEST" ]; then sudo -E apt-get -yq update; fi
 #if [ -n "$SHOULD_TEST" ]; then sudo -E apt-get -yq --no-install-suggests --no-install-recommends --force-yes install docker-ce=${DOCKER_VERSION}*; fi
 if [ -n "$SHOULD_TEST" ]; then docker version; fi
 export GO_VERSION=1.12
 if [ -f "./go.mod" ]; then GO_VERSION="$(grep '^go .*' go.mod | awk '{print $2}')"; export GO_VERSION; fi
 #if [ "${GO_VERSION}" == '1.13' ]; then export GO_VERSION=1.13rc2; fi
 echo "Selected Go version: ${GO_VERSION}"
-sudo -E apt-get -yq update
+if [ -f "./.semaphoreci/golang.sh" ]; then ./.semaphoreci/golang.sh; fi
-sudo -E apt-get -yq --no-install-suggests --no-install-recommends --force-yes install docker-ce=${DOCKER_VERSION}*
+if [ -f "./.semaphoreci/golang.sh" ]; then export GOROOT="/usr/local/golang/${GO_VERSION}/go"; fi
-docker version
+if [ -f "./.semaphoreci/golang.sh" ]; then export GOTOOLDIR="/usr/local/golang/${GO_VERSION}/go/pkg/tool/linux_amd64"; fi
 go version
-pip install --user -r requirements.txt
+if [ -f "./go.mod" ]; then export GO111MODULE=on; fi
 if [ -f "./go.mod" ]; then export GOPROXY=https://proxy.golang.org; fi
 if [ -f "./go.mod" ]; then go mod download; fi
-make pull-images
+df
 ci_retry make validate
--- a/.semaphoreci/tests.sh
+++ b/.semaphoreci/tests.sh
@@ -1,6 +0,0 @@
 #!/usr/bin/env bash
 set -e
 make test-unit
 ci_retry make test-integration
 make -j${N_MAKE_JOBS} crossbinary-default-parallel
--- a/.semaphoreci/vars
+++ b/.semaphoreci/vars
@@ -1,8 +1,6 @@
 #!/usr/bin/env bash
 set -e
 export secure='btt4r13t09gQlHb6gYrvGC2yGCMMHfnp1Mz1RQedc4Mpf/FfT8aE6xmK2a2i9CCvskjrP0t/BFaS4yxIURjnFRn+ugQIEa0pLspB9UJArW/vgOSpIWM9/OQ/fg8z5XuMxN6Md4DL1/iLypMNSageA1x0TRdt89+D1N1dALpg5XRCXLFbC84TLi0gjlFuib9ibPKzEhLT+anCRJ6iZMzeupDSoaCVbAtJMoDvXw4+4AcRZ1+k4MybBLyCib5boaEOt4pTT88mz4Kk0YaMwPVJyg9Qv36VqyUcPS09Yd95LuyVQ4+tZt8Y1ccbIzULsK+sLM3hLCzxlmlpN3dQBlZJiiRtQde0mgGAKyC0P0A1XjuDTywcsa5edB+fTk1Dsewz9xZ9V0NmMz8t+UNZnaSsAPga9i86jULbXUUwMVSzVRc+Xgx02liB/8qI1xYC9FM6ilStt7rn7mF0k3KbiWhcptgeXjO6Lah9FjEKd5w4MXsdUSTi/86rQaLo+kj+XdaTrXCTulKHyRyQEUj+8V1w0oVz7pcGjePHd7y5oU9ByifVQy6sytuFBfRZvugM5bKHo+i0pcWvixrZS42DrzwxZJsspANOvqSe5ifVbvOkfUppQdCBIwptxV5N1b49XPKU3W/w34QJ8xGmKp3TFA7WwVCztriFHjPgiRpB3EG99Bg='
 export REPO='containous/traefik'
 if VERSION=$(git describe --exact-match --abbrev=0 --tags);
@@ -12,7 +10,7 @@ else
  export VERSION=''
 fi
-export CODENAME=raclette
+export CODENAME=montdor
 export N_MAKE_JOBS=2
@@ -26,8 +24,8 @@ function ci_retry {
    until [ $n -ge $NRETRY ]
    do
        "$@" && break
-        n=$[$n+1]
+        n=$((n+1))
-        echo "$@ failed, attempt ${n}/${NRETRY}"
+        echo "${*} failed, attempt ${n}/${NRETRY}"
        sleep $NSLEEP
    done
@@ -36,4 +34,3 @@ function ci_retry {
 }
 export -f ci_retry
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,19 +1,22 @@
 sudo: required
 dist: trusty
 git:
  depth: false
 services:
  - docker
 env:
  global:
-    - secure: btt4r13t09gQlHb6gYrvGC2yGCMMHfnp1Mz1RQedc4Mpf/FfT8aE6xmK2a2i9CCvskjrP0t/BFaS4yxIURjnFRn+ugQIEa0pLspB9UJArW/vgOSpIWM9/OQ/fg8z5XuMxN6Md4DL1/iLypMNSageA1x0TRdt89+D1N1dALpg5XRCXLFbC84TLi0gjlFuib9ibPKzEhLT+anCRJ6iZMzeupDSoaCVbAtJMoDvXw4+4AcRZ1+k4MybBLyCib5boaEOt4pTT88mz4Kk0YaMwPVJyg9Qv36VqyUcPS09Yd95LuyVQ4+tZt8Y1ccbIzULsK+sLM3hLCzxlmlpN3dQBlZJiiRtQde0mgGAKyC0P0A1XjuDTywcsa5edB+fTk1Dsewz9xZ9V0NmMz8t+UNZnaSsAPga9i86jULbXUUwMVSzVRc+Xgx02liB/8qI1xYC9FM6ilStt7rn7mF0k3KbiWhcptgeXjO6Lah9FjEKd5w4MXsdUSTi/86rQaLo+kj+XdaTrXCTulKHyRyQEUj+8V1w0oVz7pcGjePHd7y5oU9ByifVQy6sytuFBfRZvugM5bKHo+i0pcWvixrZS42DrzwxZJsspANOvqSe5ifVbvOkfUppQdCBIwptxV5N1b49XPKU3W/w34QJ8xGmKp3TFA7WwVCztriFHjPgiRpB3EG99Bg=
+    - REPO=$TRAVIS_REPO_SLUG
-    - REPO: $TRAVIS_REPO_SLUG
+    - VERSION=$TRAVIS_TAG
-    - VERSION: $TRAVIS_TAG
+    - CODENAME=montdor
-    - CODENAME: raclette
+    - GO111MODULE=on
    - N_MAKE_JOBS: 2
 script:
 - echo "Skipping tests... (Tests are executed on SemaphoreCI)"
 - if [ "$TRAVIS_PULL_REQUEST" != "false" ]; then make docs; fi
 before_deploy:
  - >
@@ -22,21 +25,15 @@ before_deploy:
      sudo -E apt-get -yq update;
      sudo -E apt-get -yq --no-install-suggests --no-install-recommends --force-yes install docker-ce=${DOCKER_VERSION}*;
      docker version;
-      pip install --user -r requirements.txt;
+      make build-image;
-      make -j${N_MAKE_JOBS} crossbinary-parallel;
+      if [ "$TRAVIS_TAG" ]; then
-      make image;
+        make release-packages;
-      mkdocs build --clean;
+      fi;
-      tar cfz dist/traefik-${VERSION}.src.tar.gz --exclude-vcs --exclude dist .;
+      curl -sfL https://raw.githubusercontent.com/containous/structor/master/godownloader.sh | bash -s -- -b "${GOPATH}/bin" ${STRUCTOR_VERSION}
      structor -o containous -r traefik --dockerfile-url="https://raw.githubusercontent.com/containous/traefik/v1.7/docs.Dockerfile" --menu.js-url="https://raw.githubusercontent.com/containous/structor/master/traefik-menu.js.gotmpl" --rqts-url="https://raw.githubusercontent.com/containous/structor/master/requirements-override.txt" --force-edit-url --exp-branch=master --debug;
    fi
 deploy:
  - provider: pages
    edge: true
    github_token: ${GITHUB_TOKEN}
    local_dir: site
    skip_cleanup: true
    on:
      repo: containous/traefik
      tags: true
  - provider: releases
    api_key: ${GITHUB_TOKEN}
    file: dist/traefik*
@@ -51,8 +48,11 @@ deploy:
    on:
      repo: containous/traefik
      tags: true
-  - provider: script
+  - provider: pages
-    script: sh script/deploy-docker.sh
+    edge: false
    github_token: ${GITHUB_TOKEN}
    local_dir: site
    skip_cleanup: true
    on:
      repo: containous/traefik
      all_branches: true
--- a/.travis/traefik.id_rsa.enc
+++ b/.travis/traefik.id_rsa.enc
--- a/.travis/traefiker_rsa.enc
+++ b/.travis/traefiker_rsa.enc
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
--- a/CODE_OF_CONDUCT.md
+++ b/CODE_OF_CONDUCT.md
@@ -2,17 +2,11 @@
 ## Our Pledge
-In the interest of fostering an open and welcoming environment, we as
+In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience,nationality, personal appearance, race, religion, or sexual identity and orientation.
 contributors and maintainers pledge to making participation in our project and
 our community a harassment-free experience for everyone, regardless of age, body
 size, disability, ethnicity, gender identity and expression, level of experience,
 nationality, personal appearance, race, religion, or sexual identity and
 orientation.
 ## Our Standards
-Examples of behavior that contributes to creating a positive environment
+Examples of behavior that contributes to creating a positive environment include:
 include:
 * Using welcoming and inclusive language
 * Being respectful of differing viewpoints and experiences
@@ -22,53 +16,36 @@ include:
 Examples of unacceptable behavior by participants include:
-* The use of sexualized language or imagery and unwelcome sexual attention or
+* The use of sexualized language or imagery and unwelcome sexual attention or advances
 advances
 * Trolling, insulting/derogatory comments, and personal or political attacks
 * Public or private harassment
-* Publishing others' private information, such as a physical or electronic
+* Publishing others' private information, such as a physical or electronic address, without explicit permission
-  address, without explicit permission
+* Other conduct which could reasonably be considered inappropriate in a professional setting
 * Other conduct which could reasonably be considered inappropriate in a
  professional setting
 ## Our Responsibilities
-Project maintainers are responsible for clarifying the standards of acceptable
+Project maintainers are responsible for clarifying the standards of acceptable behavior and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behavior.
 behavior and are expected to take appropriate and fair corrective action in
 response to any instances of unacceptable behavior.
-Project maintainers have the right and responsibility to remove, edit, or
+Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviors that they deem inappropriate, threatening, offensive, or harmful.
 reject comments, commits, code, wiki edits, issues, and other contributions
 that are not aligned to this Code of Conduct, or to ban temporarily or
 permanently any contributor for other behaviors that they deem inappropriate,
 threatening, offensive, or harmful.
 ## Scope
-This Code of Conduct applies both within project spaces and in public spaces
+This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. 
-when an individual is representing the project or its community. Examples of
+Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. 
-representing a project or community include using an official project e-mail
+Representation of a project may be further defined and clarified by project maintainers.
 address, posting via an official social media account, or acting as an appointed
 representative at an online or offline event. Representation of a project may be
 further defined and clarified by project maintainers.
 ## Enforcement
-Instances of abusive, harassing, or otherwise unacceptable behavior may be
+Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project team at contact@containo.us
-reported by contacting the project team at contact@containo.us
+All complaints will be reviewed and investigated and will result in a response that is deemed necessary and appropriate to the circumstances. 
-All complaints will be reviewed and investigated and will result in a response that
+The project team is obligated to maintain confidentiality with regard to the reporter of an incident. 
 is deemed necessary and appropriate to the circumstances. The project team is
 obligated to maintain confidentiality with regard to the reporter of an incident.
 Further details of specific enforcement policies may be posted separately.
-Project maintainers who do not follow or enforce the Code of Conduct in good
+Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership.
 faith may face temporary or permanent repercussions as determined by other
 members of the project's leadership.
 ## Attribution
-This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4,
+This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, available at [http://contributor-covenant.org/version/1/4][version]
 available at [http://contributor-covenant.org/version/1/4][version]
 [homepage]: http://contributor-covenant.org
-[version]: http://contributor-covenant.org/version/1/4/
+[version]: http://contributor-covenant.org/version/1/4/
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -0,0 +1,3 @@
 # Contributing
 See <https://docs.traefik.io/v2.0/contributing/thank-you/>.
--- a/1
+++ b/1
@@ -2,4 +2,5 @@ FROM scratch
 COPY script/ca-certificates.crt /etc/ssl/certs/
 COPY dist/traefik /
 EXPOSE 80
 VOLUME ["/tmp"]
 ENTRYPOINT ["/traefik"]
--- a/LICENSE.md
+++ b/LICENSE.md
@@ -1,6 +1,6 @@
 The MIT License (MIT)
-Copyright (c) 2016-2017 Containous SAS
+Copyright (c) 2016-2018 Containous SAS
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
--- a/197
+++ b/197
@@ -1,4 +1,22 @@
-.PHONY: all
+.PHONY: all docs docs-serve
 SRCS = $(shell git ls-files '*.go' | grep -v '^vendor/')
 TAG_NAME := $(shell git tag -l --contains HEAD)
 SHA := $(shell git rev-parse HEAD)
 VERSION_GIT := $(if $(TAG_NAME),$(TAG_NAME),$(SHA))
 VERSION := $(if $(VERSION),$(VERSION),$(VERSION_GIT))
 BIND_DIR := "dist"
 GIT_BRANCH := $(subst heads/,,$(shell git rev-parse --abbrev-ref HEAD 2>/dev/null))
 TRAEFIK_DEV_IMAGE := traefik-dev$(if $(GIT_BRANCH),:$(subst /,-,$(GIT_BRANCH)))
 REPONAME := $(shell echo $(REPO) | tr '[:upper:]' '[:lower:]')
 TRAEFIK_IMAGE := $(if $(REPONAME),$(REPONAME),"containous/traefik")
 INTEGRATION_OPTS := $(if $(MAKE_DOCKER_HOST),-e "DOCKER_HOST=$(MAKE_DOCKER_HOST)", -e "TEST_CONTAINER=1" -v "/var/run/docker.sock:/var/run/docker.sock")
 DOCKER_BUILD_ARGS := $(if $(DOCKER_VERSION), "--build-arg=DOCKER_VERSION=$(DOCKER_VERSION)",)
 TRAEFIK_ENVS := \
 	-e OS_ARCH_ARG \
@@ -7,108 +25,127 @@ TRAEFIK_ENVS := \
 	-e VERBOSE \
 	-e VERSION \
 	-e CODENAME \
-	-e TESTDIRS
+	-e TESTDIRS \
 	-e CI \
 	-e CONTAINER=DOCKER		# Indicator for integration tests that we are running inside a container.
 SRCS = $(shell git ls-files '*.go' | grep -v '^vendor/' | grep -v '^integration/vendor/')
 BIND_DIR := "dist"
 TRAEFIK_MOUNT := -v "$(CURDIR)/$(BIND_DIR):/go/src/github.com/containous/traefik/$(BIND_DIR)"
 GIT_BRANCH := $(subst heads/,,$(shell git rev-parse --abbrev-ref HEAD 2>/dev/null))
 TRAEFIK_DEV_IMAGE := traefik-dev$(if $(GIT_BRANCH),:$(GIT_BRANCH))
 REPONAME := $(shell echo $(REPO) | tr '[:upper:]' '[:lower:]')
 TRAEFIK_IMAGE := $(if $(REPONAME),$(REPONAME),"containous/traefik")
 INTEGRATION_OPTS := $(if $(MAKE_DOCKER_HOST),-e "DOCKER_HOST=$(MAKE_DOCKER_HOST)", -v "/var/run/docker.sock:/var/run/docker.sock")
 DOCKER_BUILD_ARGS := $(if $(DOCKER_VERSION), "--build-arg=DOCKER_VERSION=$(DOCKER_VERSION)",)
 DOCKER_RUN_OPTS := $(TRAEFIK_ENVS) $(TRAEFIK_MOUNT) "$(TRAEFIK_DEV_IMAGE)"
 DOCKER_RUN_TRAEFIK := docker run $(INTEGRATION_OPTS) -it $(DOCKER_RUN_OPTS)
 DOCKER_RUN_TRAEFIK_NOTTY := docker run $(INTEGRATION_OPTS) -i $(DOCKER_RUN_OPTS)
-
+PRE_TARGET ?= build-dev-image
 print-%: ; @echo $*=$($*)
 default: binary
-all: generate-webui build ## validate all checks, build linux binary, run all tests\ncross non-linux binaries
+## Build Dev Docker image
-	$(DOCKER_RUN_TRAEFIK) ./script/make.sh
+build-dev-image: dist
 binary: generate-webui build ## build the linux binary
 	$(DOCKER_RUN_TRAEFIK) ./script/make.sh generate binary
 crossbinary: generate-webui build ## cross build the non-linux binaries
 	$(DOCKER_RUN_TRAEFIK) ./script/make.sh generate crossbinary
 crossbinary-parallel:
 	$(MAKE) generate-webui
 	$(MAKE) build crossbinary-default crossbinary-others
 crossbinary-default: generate-webui build
 	$(DOCKER_RUN_TRAEFIK_NOTTY) ./script/make.sh generate crossbinary-default
 crossbinary-default-parallel:
 	$(MAKE) generate-webui
 	$(MAKE) build crossbinary-default
 crossbinary-others: generate-webui build
 	$(DOCKER_RUN_TRAEFIK_NOTTY) ./script/make.sh generate crossbinary-others
 crossbinary-others-parallel:
 	$(MAKE) generate-webui
 	$(MAKE) build crossbinary-others
 test: build ## run the unit and integration tests
 	$(DOCKER_RUN_TRAEFIK) ./script/make.sh generate test-unit binary test-integration
 test-unit: build ## run the unit tests
 	$(DOCKER_RUN_TRAEFIK) ./script/make.sh generate test-unit
 test-integration: build ## run the integration tests
 	$(DOCKER_RUN_TRAEFIK) ./script/make.sh generate binary test-integration
 validate: build  ## validate gofmt, golint and go vet
 	$(DOCKER_RUN_TRAEFIK) ./script/make.sh  validate-glide validate-gofmt validate-govet validate-golint validate-misspell validate-vendor
 build: dist
 	docker build $(DOCKER_BUILD_ARGS) -t "$(TRAEFIK_DEV_IMAGE)" -f build.Dockerfile .
-build-webui:
+## Build Dev Docker image without cache
-	docker build -t traefik-webui -f webui/Dockerfile webui
+build-dev-image-no-cache: dist
 build-no-cache: dist
 	docker build --no-cache -t "$(TRAEFIK_DEV_IMAGE)" -f build.Dockerfile .
-shell: build ## start a shell inside the build env
+## Create the "dist" directory
 	$(DOCKER_RUN_TRAEFIK) /bin/bash
 image: binary ## build a docker traefik image
 	docker build -t $(TRAEFIK_IMAGE) .
 dist:
 	mkdir dist
-run-dev:
+## Build WebUI Docker image
-	go generate
+build-webui-image:
-	go build
+	docker build -t traefik-webui -f webui/Dockerfile webui
 	./traefik
-generate-webui: build-webui
+## Generate WebUI
 generate-webui: build-webui-image
 	if [ ! -d "static" ]; then \
 		mkdir -p static; \
-		docker run --rm -v "$$PWD/static":'/src/static' traefik-webui npm run build; \
+		docker run --rm -v "$$PWD/static":'/src/static' traefik-webui npm run build:nc; \
 		docker run --rm -v "$$PWD/static":'/src/static' traefik-webui chown -R $(shell id -u):$(shell id -g) ../static; \
 		echo 'For more informations show `webui/readme.md`' > $$PWD/static/DONT-EDIT-FILES-IN-THIS-DIRECTORY.md; \
 	fi
-lint:
+## Build the linux binary
-	script/validate-golint
+binary: generate-webui $(PRE_TARGET)
 	$(if $(PRE_TARGET),$(DOCKER_RUN_TRAEFIK)) ./script/make.sh generate binary
 ## Build the binary for the standard plaforms (linux, darwin, windows)
 crossbinary-default: generate-webui build-dev-image
 	$(DOCKER_RUN_TRAEFIK_NOTTY) ./script/make.sh generate crossbinary-default
 ## Build the binary for the standard plaforms (linux, darwin, windows) in parallel
 crossbinary-default-parallel:
 	$(MAKE) generate-webui
 	$(MAKE) build-dev-image crossbinary-default
 ## Run the unit and integration tests
 test: build-dev-image
 	$(DOCKER_RUN_TRAEFIK) ./script/make.sh generate test-unit binary test-integration
 ## Run the unit tests
 test-unit: $(PRE_TARGET)
 	$(if $(PRE_TARGET),$(DOCKER_RUN_TRAEFIK)) ./script/make.sh generate test-unit
 ## Pull all images for integration tests
 pull-images:
 	grep --no-filename -E '^\s+image:' ./integration/resources/compose/*.yml | awk '{print $$2}' | sort | uniq | xargs -P 6 -n 1 docker pull
 ## Run the integration tests
 test-integration: $(PRE_TARGET)
 	$(if $(PRE_TARGET),$(DOCKER_RUN_TRAEFIK),TEST_CONTAINER=1) ./script/make.sh generate binary test-integration
 	TEST_HOST=1 ./script/make.sh test-integration
 ## Validate code and docs
 validate-files: $(PRE_TARGET)
 	$(if $(PRE_TARGET),$(DOCKER_RUN_TRAEFIK)) ./script/make.sh generate validate-lint validate-misspell
 	bash $(CURDIR)/script/validate-shell-script.sh
 ## Validate code, docs, and vendor
 validate: $(PRE_TARGET)
 	$(if $(PRE_TARGET),$(DOCKER_RUN_TRAEFIK)) ./script/make.sh generate validate-lint validate-misspell validate-vendor
 	bash $(CURDIR)/script/validate-shell-script.sh
 ## Clean up static directory and build a Docker Traefik image
 build-image: binary
 	rm -rf static
 	docker build -t $(TRAEFIK_IMAGE) .
 ## Build a Docker Traefik image
 build-image-dirty: binary
 	docker build -t $(TRAEFIK_IMAGE) .
 ## Start a shell inside the build env
 shell: build-dev-image
 	$(DOCKER_RUN_TRAEFIK) /bin/bash
 ## Build documentation site
 docs:
 	make -C ./docs docs
 ## Serve the documentation site localy
 docs-serve:
 	make -C ./docs docs-serve
 ## Generate CRD clientset
 generate-crd:
 	./script/update-generated-crd-code.sh
 ## Create packages for the release
 release-packages: generate-webui build-dev-image
 	rm -rf dist
 	$(DOCKER_RUN_TRAEFIK_NOTTY) goreleaser release --skip-publish
 	$(DOCKER_RUN_TRAEFIK_NOTTY) tar cfz dist/traefik-${VERSION}.src.tar.gz \
 		--exclude-vcs \
 		--exclude .idea \
 		--exclude .travis \
 		--exclude .semaphoreci \
 		--exclude .github \
 		--exclude dist .
 	$(DOCKER_RUN_TRAEFIK_NOTTY) chown -R $(shell id -u):$(shell id -g) dist/
 ## Format the Code
 fmt:
 	gofmt -s -l -w $(SRCS)
-pull-images:
+run-dev:
-	for f in $(shell find ./integration/resources/compose/ -type f); do \
+	go generate
-		docker-compose -f $$f pull; \
+	GO111MODULE=on go build ./cmd/traefik
-	done
+	./traefik
 help: ## this help
 	@awk 'BEGIN {FS = ":.*?## "} /^[a-zA-Z_-]+:.*?## / {sub("\\\\n",sprintf("\n%22c"," "), $$2);printf "\033[36m%-20s\033[0m %s\n", $$1, $$2}' $(MAKEFILE_LIST)
--- a/README.md
+++ b/README.md
@@ -1,147 +1,176 @@
 <p align="center">
-<img src="docs/img/traefik.logo.png" alt="Træfik" title="Træfik" />
+<img src="docs/content/assets/img/traefik.logo.png" alt="Traefik" title="Traefik" />
 </p>
-[![Build Status](https://travis-ci.org/containous/traefik.svg?branch=master)](https://travis-ci.org/containous/traefik)
+[![Build Status SemaphoreCI](https://semaphoreci.com/api/v1/containous/traefik/branches/master/shields_badge.svg)](https://semaphoreci.com/containous/traefik)
 [![Docs](https://img.shields.io/badge/docs-current-brightgreen.svg)](https://docs.traefik.io)
 [![Go Report Card](https://goreportcard.com/badge/containous/traefik)](http://goreportcard.com/report/containous/traefik)
 [![](https://images.microbadger.com/badges/image/traefik.svg)](https://microbadger.com/images/traefik)
 [![License](https://img.shields.io/badge/license-MIT-blue.svg)](https://github.com/containous/traefik/blob/master/LICENSE.md)
-[![Join the chat at https://traefik.herokuapp.com](https://img.shields.io/badge/style-register-green.svg?style=social&label=Slack)](https://traefik.herokuapp.com)
+[![Join the community support forum at https://community.containo.us/](https://img.shields.io/badge/style-register-green.svg?style=social&label=Discourse)](https://community.containo.us/)
-[![Twitter](https://img.shields.io/twitter/follow/traefikproxy.svg?style=social)](https://twitter.com/intent/follow?screen_name=traefikproxy)
+[![Twitter](https://img.shields.io/twitter/follow/traefik.svg?style=social)](https://twitter.com/intent/follow?screen_name=traefik)
-Træfik (pronounced like [traffic](https://speak-ipa.bearbin.net/speak.cgi?speak=%CB%88tr%C3%A6f%C9%AAk)) is a modern HTTP reverse proxy and load balancer made to deploy microservices with ease.
+Traefik (pronounced _traffic_) is a modern HTTP reverse proxy and load balancer that makes deploying microservices easy.
-It supports several backends ([Docker](https://www.docker.com/), [Swarm](https://docs.docker.com/swarm), [Kubernetes](http://kubernetes.io), [Marathon](https://mesosphere.github.io/marathon/), [Mesos](https://github.com/apache/mesos), [Consul](https://www.consul.io/), [Etcd](https://coreos.com/etcd/), [Zookeeper](https://zookeeper.apache.org), [BoltDB](https://github.com/boltdb/bolt), [Eureka](https://github.com/Netflix/eureka), [Amazon DynamoDB](https://aws.amazon.com/dynamodb/), Rest API, file...) to manage its configuration automatically and dynamically.
+Traefik integrates with your existing infrastructure components ([Docker](https://www.docker.com/), [Swarm mode](https://docs.docker.com/engine/swarm/), [Kubernetes](https://kubernetes.io), [Marathon](https://mesosphere.github.io/marathon/), [Consul](https://www.consul.io/), [Etcd](https://coreos.com/etcd/), [Rancher](https://rancher.com), [Amazon ECS](https://aws.amazon.com/ecs), ...) and configures itself automatically and dynamically.
 Pointing Traefik at your orchestrator should be the _only_ configuration step you need.
 ---
 . **[Overview](#overview)** .
 **[Features](#features)** .
 **[Supported backends](#supported-backends)** .
 **[Quickstart](#quickstart)** .
 **[Web UI](#web-ui)** .
 **[Documentation](#documentation)** .
 . **[Support](#support)** .
 **[Release cycle](#release-cycle)** .
 **[Contributing](#contributing)** .
 **[Maintainers](#maintainers)** .
 **[Credits](#credits)** .
 ---
 :warning: Please be aware that the old configurations for Traefik v1.X are NOT compatible with the v2.X config as of now. If you're testing out v2, please ensure you are using a [v2 configuration](https://docs.traefik.io/v2.0/).
 ## Overview
-Imagine that you have deployed a bunch of microservices on your infrastructure. You probably used a service registry (like etcd or consul) and/or an orchestrator (swarm, Mesos/Marathon) to manage all these services.
+Imagine that you have deployed a bunch of microservices with the help of an orchestrator (like Swarm or Kubernetes) or a service registry (like etcd or consul).
-If you want your users to access some of your microservices from the Internet, you will have to use a reverse proxy and configure it using virtual hosts or prefix paths:
+Now you want users to access these microservices, and you need a reverse proxy.
- domain `api.domain.com` will point the microservice `api` in your private network
+Traditional reverse-proxies require that you configure _each_ route that will connect paths and subdomains to _each_ microservice. 
- path `domain.com/web` will point the microservice `web` in your private network
+In an environment where you add, remove, kill, upgrade, or scale your services _many_ times a day, the task of keeping the routes up to date becomes tedious. 
 - domain `backoffice.domain.com` will point the microservices `backoffice` in your private network, load-balancing between your multiple instances
-But a microservices architecture is dynamic... Services are added, removed, killed or upgraded often, eventually several times a day.
+**This is when Traefik can help you!**
-Traditional reverse-proxies are not natively dynamic. You can't change their configuration and hot-reload easily.
+Traefik listens to your service registry/orchestrator API and instantly generates the routes so your microservices are connected to the outside world -- without further intervention from your part. 
-Here enters Træfik.
+**Run Traefik and let it do the work for you!** 
-
+_(But if you'd rather configure some of your routes manually, Traefik supports that too!)_
 ![Architecture](docs/img/architecture.png)
 Træfik can listen to your service registry/orchestrator API, and knows each time a microservice is added, removed, killed or upgraded, and can generate its configuration automatically.
 Routes to your services will be created instantly.
 Run it and forget it!
 ![Architecture](docs/content/assets/img/traefik-architecture.png)
 ## Features
- [It's fast](http://docs.traefik.io/benchmarks)
+- Continuously updates its configuration (No restarts!)
- No dependency hell, single binary made with go
+- Supports multiple load balancing algorithms
- Rest API
+- Provides HTTPS to your microservices by leveraging [Let's Encrypt](https://letsencrypt.org)  (wildcard certificates support)
- Multiple backends supported: Docker, Swarm, Kubernetes, Marathon, Mesos, Consul, Etcd, and more to come
+- Circuit breakers, retry
- Watchers for backends, can listen for changes in backends to apply a new configuration automatically
+- See the magic through its clean web UI
- Hot-reloading of configuration. No need to restart the process
+- Websocket, HTTP/2, GRPC ready
- Graceful shutdown http connections
+- Provides metrics (Rest, Prometheus, Datadog, Statsd, InfluxDB)
- Circuit breakers on backends
+- Keeps access logs (JSON, CLF)
- Round Robin, rebalancer load-balancers
+- Fast
- Rest Metrics
+- Exposes a Rest API
- [Tiny](https://microbadger.com/images/traefik) [official](https://hub.docker.com/r/_/traefik/) docker image included
+- Packaged as a single binary file (made with :heart: with go) and available as a [tiny](https://microbadger.com/images/traefik) [official](https://hub.docker.com/r/_/traefik/) docker image
- SSL backends support
+
- SSL frontend support (with SNI)
+
- Clean AngularJS Web UI
+## Supported Backends
- Websocket support
+
- HTTP/2 support
+- [Docker](https://docs.traefik.io/configuration/backends/docker) / [Swarm mode](https://docs.traefik.io/configuration/backends/docker#docker-swarm-mode)
- Retry request if network error
+- [Kubernetes](https://docs.traefik.io/configuration/backends/kubernetes)
- [Let's Encrypt](https://letsencrypt.org) support (Automatic HTTPS with renewal)
+- [Mesos](https://docs.traefik.io/configuration/backends/mesos) / [Marathon](https://docs.traefik.io/configuration/backends/marathon)
- High Availability with cluster mode
+- [Rancher](https://docs.traefik.io/configuration/backends/rancher) (API, Metadata)
 - [Azure Service Fabric](https://docs.traefik.io/configuration/backends/servicefabric)
 - [Consul Catalog](https://docs.traefik.io/configuration/backends/consulcatalog)
 - [Consul](https://docs.traefik.io/configuration/backends/consul) / [Etcd](https://docs.traefik.io/configuration/backends/etcd) / [Zookeeper](https://docs.traefik.io/configuration/backends/zookeeper) / [BoltDB](https://docs.traefik.io/configuration/backends/boltdb)
 - [Eureka](https://docs.traefik.io/configuration/backends/eureka)
 - [Amazon ECS](https://docs.traefik.io/configuration/backends/ecs)
 - [Amazon DynamoDB](https://docs.traefik.io/configuration/backends/dynamodb)
 - [File](https://docs.traefik.io/configuration/backends/file)
 - [Rest](https://docs.traefik.io/configuration/backends/rest)
 ## Quickstart
-You can have a quick look at Træfik in this [Katacoda tutorial](https://www.katacoda.com/courses/traefik/deploy-load-balancer) that shows how to load balance requests between multiple Docker containers.
+To get your hands on Traefik, you can use the [5-Minute Quickstart](http://docs.traefik.io/#the-traefik-quickstart-using-docker) in our documentation (you will need Docker).
 Here is a talk given by [Ed Robinson](https://github.com/errm) at the [ContainerCamp UK](https://container.camp) conference.
 You will learn fundamental Træfik features and see some demos with Kubernetes.
 [![Traefik ContainerCamp UK](http://img.youtube.com/vi/aFtpIShV60I/0.jpg)](https://www.youtube.com/watch?v=aFtpIShV60I)
 Here is a talk (in French) given by [Emile Vauge](https://github.com/emilevauge) at the [Devoxx France 2016](http://www.devoxx.fr) conference. 
 You will learn fundamental Træfik features and see some demos with Docker, Mesos/Marathon and Let's Encrypt. 
 [![Traefik Devoxx France](http://img.youtube.com/vi/QvAz9mVx5TI/0.jpg)](http://www.youtube.com/watch?v=QvAz9mVx5TI)
 ## Web UI
-You can access the simple HTML frontend of Træfik.
+You can access the simple HTML frontend of Traefik.
-![Web UI Providers](docs/img/web.frontend.png)
+![Web UI Providers](docs/content/assets/img/webui-dashboard.png)
 ![Web UI Health](docs/img/traefik-health.png)
-## Plumbing
+## Documentation
- [Oxy](https://github.com/vulcand/oxy): an awesome proxy library made by Mailgun guys
+You can find the complete documentation at [https://docs.traefik.io](https://docs.traefik.io).
- [Gorilla mux](https://github.com/gorilla/mux): famous request router
+A collection of contributions around Traefik can be found at [https://awesome.traefik.io](https://awesome.traefik.io).
 - [Negroni](https://github.com/codegangsta/negroni): web middlewares made simple
 - [Lego](https://github.com/xenolf/lego): the best [Let's Encrypt](https://letsencrypt.org) library in go
-## Test it
+:warning: If you're testing out v2, please ensure you are using the [v2 documentation](https://docs.traefik.io/v2.0/).
- The simple way: grab the latest binary from the [releases](https://github.com/containous/traefik/releases) page and just run it with the [sample configuration file](https://raw.githubusercontent.com/containous/traefik/master/traefik.sample.toml):
+## Support
 To get community support, you can:
 - join the Traefik community forum: [![Join the chat at https://community.containo.us/](https://img.shields.io/badge/style-register-green.svg?style=social&label=Discourse)](https://community.containo.us/)
 If you need commercial support, please contact [Containo.us](https://containo.us) by mail: <mailto:support@containo.us>.
 ## Download
 - Grab the latest binary from the [releases](https://github.com/containous/traefik/releases) page and run it with the [sample configuration file](https://raw.githubusercontent.com/containous/traefik/master/traefik.sample.toml):
 ```shell
 ./traefik --configFile=traefik.toml
 ```
- Use the tiny Docker image:
+- Or use the official tiny Docker image and run it with the [sample configuration file](https://raw.githubusercontent.com/containous/traefik/master/traefik.sample.toml):
 ```shell
 docker run -d -p 8080:8080 -p 80:80 -v $PWD/traefik.toml:/etc/traefik/traefik.toml traefik
 ```
- From sources:
+- Or get the sources:
 ```shell
 git clone https://github.com/containous/traefik
 ```
-## Documentation
+## Introductory Videos
-You can find the complete documentation [here](https://docs.traefik.io).
+:warning: Please be aware that these videos are for v1.X. The old configurations for Traefik v1.X are NOT compatible with Traefik v2. If you're testing out v2, please ensure you are using a [v2 configuration](https://docs.traefik.io/v2.0/).
-## Contributing
+Here is a talk given by [Emile Vauge](https://github.com/emilevauge) at GopherCon 2017.
 You will learn Traefik basics in less than 10 minutes.
-Please refer to [this section](.github/CONTRIBUTING.md).
+[![Traefik GopherCon 2017](https://img.youtube.com/vi/RgudiksfL-k/0.jpg)](https://www.youtube.com/watch?v=RgudiksfL-k)
-## Code Of Conduct
+Here is a talk given by [Ed Robinson](https://github.com/errm) at [ContainerCamp UK](https://container.camp) conference.
 You will learn fundamental Traefik features and see some demos with Kubernetes.
-Please note that this project is released with a [Contributor Code of Conduct](CODE_OF_CONDUCT.md). By participating in this project you agree to abide by its terms.
+[![Traefik ContainerCamp UK](https://img.youtube.com/vi/aFtpIShV60I/0.jpg)](https://www.youtube.com/watch?v=aFtpIShV60I)
 ## Support
 You can join [![Join the chat at https://traefik.herokuapp.com](https://img.shields.io/badge/style-register-green.svg?style=social&label=Slack)](https://traefik.herokuapp.com) to get basic support.
 If you prefer commercial support, please contact [containo.us](https://containo.us) by mail: <mailto:support@containo.us>.
 ## Maintainers
- Emile Vauge [@emilevauge](https://github.com/emilevauge)
+[Information about process and maintainers](docs/content/contributing/maintainers.md)
- Vincent Demeester [@vdemeester](https://github.com/vdemeester)
+
- Russell Clare [@Russell-IO](https://github.com/Russell-IO)
+## Contributing
- Ed Robinson [@errm](https://github.com/errm)
+
- Daniel Tomcej [@dtomcej](https://github.com/dtomcej)
+If you'd like to contribute to the project, refer to the [contributing documentation](CONTRIBUTING.md).
- Manuel Laufenberg [@SantoDE](https://github.com/SantoDE)
+
- Thomas Recloux [@trecloux](https://github.com/trecloux)
+Please note that this project is released with a [Contributor Code of Conduct](CODE_OF_CONDUCT.md).
- Timo Reimann [@timoreimann](https://github.com/timoreimann)
+By participating in this project, you agree to abide by its terms.
 ## Release Cycle
 - We release a new version (e.g. 1.1.0, 1.2.0, 1.3.0) every other month.
 - Release Candidates are available before the release (e.g. 1.1.0-rc1, 1.1.0-rc2, 1.1.0-rc3, 1.1.0-rc4, before 1.1.0)
 - Bug-fixes (e.g. 1.1.1, 1.1.2, 1.2.1, 1.2.3) are released as needed (no additional features are delivered in those versions, bug-fixes only)
 Each version is supported until the next one is released (e.g. 1.1.x will be supported until 1.2.0 is out)
 We use [Semantic Versioning](http://semver.org/)
 ## Mailing lists
 - General announcements, new releases: mail at news+subscribe@traefik.io or on [the online viewer](https://groups.google.com/a/traefik.io/forum/#!forum/news)
 - Security announcements: mail at security+subscribe@traefik.io or on [the online viewer](https://groups.google.com/a/traefik.io/forum/#!forum/security).
 ## Credits
-Kudos to [Peka](http://peka.byethost11.com/photoblog/) for his awesome work on the logo ![logo](docs/img/traefik.icon.png).
+Kudos to [Peka](http://peka.byethost11.com/photoblog/) for his awesome work on the logo ![logo](docs/content/assets/img/traefik.icon.png).
-Traefik's logo licensed under the Creative Commons 3.0 Attributions license.
+
 Traefik's logo is licensed under the Creative Commons 3.0 Attributions license.
 Traefik's logo was inspired by the gopher stickers made by Takuya Ueda (https://twitter.com/tenntenn).
-The original Go gopher was designed by Renee French (http://reneefrench.blogspot.com/).
+The original Go gopher was designed by Renee French (http://reneefrench.blogspot.com/).
--- a/acme/account.go
+++ b/acme/account.go
@@ -1,245 +0,0 @@
 package acme
 import (
 	"crypto"
 	"crypto/rand"
 	"crypto/rsa"
 	"crypto/tls"
 	"crypto/x509"
 	"errors"
 	"reflect"
 	"sort"
 	"strings"
 	"sync"
 	"time"
 	"github.com/containous/traefik/log"
 	"github.com/xenolf/lego/acme"
 )
 // Account is used to store lets encrypt registration info
 type Account struct {
 	Email              string
 	Registration       *acme.RegistrationResource
 	PrivateKey         []byte
 	DomainsCertificate DomainsCertificates
 	ChallengeCerts     map[string]*ChallengeCert
 }
 // ChallengeCert stores a challenge certificate
 type ChallengeCert struct {
 	Certificate []byte
 	PrivateKey  []byte
 	certificate *tls.Certificate
 }
 // Init inits acccount struct
 func (a *Account) Init() error {
 	err := a.DomainsCertificate.Init()
 	if err != nil {
 		return err
 	}
 	for _, cert := range a.ChallengeCerts {
 		if cert.certificate == nil {
 			certificate, err := tls.X509KeyPair(cert.Certificate, cert.PrivateKey)
 			if err != nil {
 				return err
 			}
 			cert.certificate = &certificate
 		}
 		if cert.certificate.Leaf == nil {
 			leaf, err := x509.ParseCertificate(cert.certificate.Certificate[0])
 			if err != nil {
 				return err
 			}
 			cert.certificate.Leaf = leaf
 		}
 	}
 	return nil
 }
 // NewAccount creates an account
 func NewAccount(email string) (*Account, error) {
 	// Create a user. New accounts need an email and private key to start
 	privateKey, err := rsa.GenerateKey(rand.Reader, 4096)
 	if err != nil {
 		return nil, err
 	}
 	domainsCerts := DomainsCertificates{Certs: []*DomainsCertificate{}}
 	domainsCerts.Init()
 	return &Account{
 		Email:              email,
 		PrivateKey:         x509.MarshalPKCS1PrivateKey(privateKey),
 		DomainsCertificate: DomainsCertificates{Certs: domainsCerts.Certs},
 		ChallengeCerts:     map[string]*ChallengeCert{}}, nil
 }
 // GetEmail returns email
 func (a *Account) GetEmail() string {
 	return a.Email
 }
 // GetRegistration returns lets encrypt registration resource
 func (a *Account) GetRegistration() *acme.RegistrationResource {
 	return a.Registration
 }
 // GetPrivateKey returns private key
 func (a *Account) GetPrivateKey() crypto.PrivateKey {
 	if privateKey, err := x509.ParsePKCS1PrivateKey(a.PrivateKey); err == nil {
 		return privateKey
 	}
 	log.Errorf("Cannot unmarshall private key %+v", a.PrivateKey)
 	return nil
 }
 // Certificate is used to store certificate info
 type Certificate struct {
 	Domain        string
 	CertURL       string
 	CertStableURL string
 	PrivateKey    []byte
 	Certificate   []byte
 }
 // DomainsCertificates stores a certificate for multiple domains
 type DomainsCertificates struct {
 	Certs []*DomainsCertificate
 	lock  sync.RWMutex
 }
 func (dc *DomainsCertificates) Len() int {
 	return len(dc.Certs)
 }
 func (dc *DomainsCertificates) Swap(i, j int) {
 	dc.Certs[i], dc.Certs[j] = dc.Certs[j], dc.Certs[i]
 }
 func (dc *DomainsCertificates) Less(i, j int) bool {
 	if reflect.DeepEqual(dc.Certs[i].Domains, dc.Certs[j].Domains) {
 		return dc.Certs[i].tlsCert.Leaf.NotAfter.After(dc.Certs[j].tlsCert.Leaf.NotAfter)
 	}
 	if dc.Certs[i].Domains.Main == dc.Certs[j].Domains.Main {
 		return strings.Join(dc.Certs[i].Domains.SANs, ",") < strings.Join(dc.Certs[j].Domains.SANs, ",")
 	}
 	return dc.Certs[i].Domains.Main < dc.Certs[j].Domains.Main
 }
 func (dc *DomainsCertificates) removeDuplicates() {
 	sort.Sort(dc)
 	for i := 0; i < len(dc.Certs); i++ {
 		for i2 := i + 1; i2 < len(dc.Certs); i2++ {
 			if reflect.DeepEqual(dc.Certs[i].Domains, dc.Certs[i2].Domains) {
 				// delete
 				log.Warnf("Remove duplicate cert: %+v, expiration :%s", dc.Certs[i2].Domains, dc.Certs[i2].tlsCert.Leaf.NotAfter.String())
 				dc.Certs = append(dc.Certs[:i2], dc.Certs[i2+1:]...)
 				i2--
 			}
 		}
 	}
 }
 // Init inits DomainsCertificates
 func (dc *DomainsCertificates) Init() error {
 	dc.lock.Lock()
 	defer dc.lock.Unlock()
 	for _, domainsCertificate := range dc.Certs {
 		tlsCert, err := tls.X509KeyPair(domainsCertificate.Certificate.Certificate, domainsCertificate.Certificate.PrivateKey)
 		if err != nil {
 			return err
 		}
 		domainsCertificate.tlsCert = &tlsCert
 		if domainsCertificate.tlsCert.Leaf == nil {
 			leaf, err := x509.ParseCertificate(domainsCertificate.tlsCert.Certificate[0])
 			if err != nil {
 				return err
 			}
 			domainsCertificate.tlsCert.Leaf = leaf
 		}
 	}
 	dc.removeDuplicates()
 	return nil
 }
 func (dc *DomainsCertificates) renewCertificates(acmeCert *Certificate, domain Domain) error {
 	dc.lock.Lock()
 	defer dc.lock.Unlock()
 	for _, domainsCertificate := range dc.Certs {
 		if reflect.DeepEqual(domain, domainsCertificate.Domains) {
 			tlsCert, err := tls.X509KeyPair(acmeCert.Certificate, acmeCert.PrivateKey)
 			if err != nil {
 				return err
 			}
 			domainsCertificate.Certificate = acmeCert
 			domainsCertificate.tlsCert = &tlsCert
 			return nil
 		}
 	}
 	return errors.New("Certificate to renew not found for domain " + domain.Main)
 }
 func (dc *DomainsCertificates) addCertificateForDomains(acmeCert *Certificate, domain Domain) (*DomainsCertificate, error) {
 	dc.lock.Lock()
 	defer dc.lock.Unlock()
 	tlsCert, err := tls.X509KeyPair(acmeCert.Certificate, acmeCert.PrivateKey)
 	if err != nil {
 		return nil, err
 	}
 	cert := DomainsCertificate{Domains: domain, Certificate: acmeCert, tlsCert: &tlsCert}
 	dc.Certs = append(dc.Certs, &cert)
 	return &cert, nil
 }
 func (dc *DomainsCertificates) getCertificateForDomain(domainToFind string) (*DomainsCertificate, bool) {
 	dc.lock.RLock()
 	defer dc.lock.RUnlock()
 	for _, domainsCertificate := range dc.Certs {
 		domains := []string{}
 		domains = append(domains, domainsCertificate.Domains.Main)
 		domains = append(domains, domainsCertificate.Domains.SANs...)
 		for _, domain := range domains {
 			if domain == domainToFind {
 				return domainsCertificate, true
 			}
 		}
 	}
 	return nil, false
 }
 func (dc *DomainsCertificates) exists(domainToFind Domain) (*DomainsCertificate, bool) {
 	dc.lock.RLock()
 	defer dc.lock.RUnlock()
 	for _, domainsCertificate := range dc.Certs {
 		if reflect.DeepEqual(domainToFind, domainsCertificate.Domains) {
 			return domainsCertificate, true
 		}
 	}
 	return nil, false
 }
 // DomainsCertificate contains a certificate for multiple domains
 type DomainsCertificate struct {
 	Domains     Domain
 	Certificate *Certificate
 	tlsCert     *tls.Certificate
 }
 func (dc *DomainsCertificate) needRenew() bool {
 	for _, c := range dc.tlsCert.Certificate {
 		crt, err := x509.ParseCertificate(c)
 		if err != nil {
 			// If there's an error, we assume the cert is broken, and needs update
 			return true
 		}
 		// <= 30 days left, renew certificate
 		if crt.NotAfter.Before(time.Now().Add(time.Duration(24 * 30 * time.Hour))) {
 			return true
 		}
 	}
 	return false
 }
--- a/acme/acme.go
+++ b/acme/acme.go
@@ -1,635 +0,0 @@
 package acme
 import (
 	"context"
 	"crypto/tls"
 	"errors"
 	"fmt"
 	"io/ioutil"
 	fmtlog "log"
 	"os"
 	"regexp"
 	"strings"
 	"time"
 	"github.com/BurntSushi/ty/fun"
 	"github.com/cenk/backoff"
 	"github.com/containous/staert"
 	"github.com/containous/traefik/cluster"
 	"github.com/containous/traefik/log"
 	"github.com/containous/traefik/safe"
 	"github.com/containous/traefik/types"
 	"github.com/eapache/channels"
 	"github.com/xenolf/lego/acme"
 	"github.com/xenolf/lego/providers/dns"
 )
 var (
 	// OSCPMustStaple enables OSCP stapling as from https://github.com/xenolf/lego/issues/270
 	OSCPMustStaple = false
 )
 // ACME allows to connect to lets encrypt and retrieve certs
 type ACME struct {
 	Email               string   `description:"Email address used for registration"`
 	Domains             []Domain `description:"SANs (alternative domains) to each main domain using format: --acme.domains='main.com,san1.com,san2.com' --acme.domains='main.net,san1.net,san2.net'"`
 	Storage             string   `description:"File or key used for certificates storage."`
 	StorageFile         string   // deprecated
 	OnDemand            bool     `description:"Enable on demand certificate. This will request a certificate from Let's Encrypt during the first TLS handshake for a hostname that does not yet have a certificate."`
 	OnHostRule          bool     `description:"Enable certificate generation on frontends Host rules."`
 	CAServer            string   `description:"CA server to use."`
 	EntryPoint          string   `description:"Entrypoint to proxy acme challenge to."`
 	DNSProvider         string   `description:"Use a DNS based challenge provider rather than HTTPS."`
 	DelayDontCheckDNS   int      `description:"Assume DNS propagates after a delay in seconds rather than finding and querying nameservers."`
 	ACMELogging         bool     `description:"Enable debug logging of ACME actions."`
 	client              *acme.Client
 	defaultCertificate  *tls.Certificate
 	store               cluster.Store
 	challengeProvider   *challengeProvider
 	checkOnDemandDomain func(domain string) bool
 	jobs                *channels.InfiniteChannel
 	TLSConfig           *tls.Config `description:"TLS config in case wildcard certs are used"`
 }
 //Domains parse []Domain
 type Domains []Domain
 //Set []Domain
 func (ds *Domains) Set(str string) error {
 	fargs := func(c rune) bool {
 		return c == ',' || c == ';'
 	}
 	// get function
 	slice := strings.FieldsFunc(str, fargs)
 	if len(slice) < 1 {
 		return fmt.Errorf("Parse error ACME.Domain. Imposible to parse %s", str)
 	}
 	d := Domain{
 		Main: slice[0],
 		SANs: []string{},
 	}
 	if len(slice) > 1 {
 		d.SANs = slice[1:]
 	}
 	*ds = append(*ds, d)
 	return nil
 }
 //Get []Domain
 func (ds *Domains) Get() interface{} { return []Domain(*ds) }
 //String returns []Domain in string
 func (ds *Domains) String() string { return fmt.Sprintf("%+v", *ds) }
 //SetValue sets []Domain into the parser
 func (ds *Domains) SetValue(val interface{}) {
 	*ds = Domains(val.([]Domain))
 }
 // Domain holds a domain name with SANs
 type Domain struct {
 	Main string
 	SANs []string
 }
 func (a *ACME) init() error {
 	if a.ACMELogging {
 		acme.Logger = fmtlog.New(os.Stderr, "legolog: ", fmtlog.LstdFlags)
 	} else {
 		acme.Logger = fmtlog.New(ioutil.Discard, "", 0)
 	}
 	// no certificates in TLS config, so we add a default one
 	cert, err := generateDefaultCertificate()
 	if err != nil {
 		return err
 	}
 	a.defaultCertificate = cert
 	// TODO: to remove in the futurs
 	if len(a.StorageFile) > 0 && len(a.Storage) == 0 {
 		log.Warnf("ACME.StorageFile is deprecated, use ACME.Storage instead")
 		a.Storage = a.StorageFile
 	}
 	a.jobs = channels.NewInfiniteChannel()
 	return nil
 }
 // CreateClusterConfig creates a tls.config using ACME configuration in cluster mode
 func (a *ACME) CreateClusterConfig(leadership *cluster.Leadership, tlsConfig *tls.Config, checkOnDemandDomain func(domain string) bool) error {
 	err := a.init()
 	if err != nil {
 		return err
 	}
 	if len(a.Storage) == 0 {
 		return errors.New("Empty Store, please provide a key for certs storage")
 	}
 	a.checkOnDemandDomain = checkOnDemandDomain
 	tlsConfig.Certificates = append(tlsConfig.Certificates, *a.defaultCertificate)
 	tlsConfig.GetCertificate = a.getCertificate
 	a.TLSConfig = tlsConfig
 	listener := func(object cluster.Object) error {
 		account := object.(*Account)
 		account.Init()
 		if !leadership.IsLeader() {
 			a.client, err = a.buildACMEClient(account)
 			if err != nil {
 				log.Errorf("Error building ACME client %+v: %s", object, err.Error())
 			}
 		}
 		return nil
 	}
 	datastore, err := cluster.NewDataStore(
 		leadership.Pool.Ctx(),
 		staert.KvSource{
 			Store:  leadership.Store,
 			Prefix: a.Storage,
 		},
 		&Account{},
 		listener)
 	if err != nil {
 		return err
 	}
 	a.store = datastore
 	a.challengeProvider = &challengeProvider{store: a.store}
 	ticker := time.NewTicker(24 * time.Hour)
 	leadership.Pool.AddGoCtx(func(ctx context.Context) {
 		log.Infof("Starting ACME renew job...")
 		defer log.Infof("Stopped ACME renew job...")
 		for {
 			select {
 			case <-ctx.Done():
 				return
 			case <-ticker.C:
 				a.renewCertificates()
 			}
 		}
 	})
 	leadership.AddListener(func(elected bool) error {
 		if elected {
 			object, err := a.store.Load()
 			if err != nil {
 				return err
 			}
 			transaction, object, err := a.store.Begin()
 			if err != nil {
 				return err
 			}
 			account := object.(*Account)
 			account.Init()
 			var needRegister bool
 			if account == nil || len(account.Email) == 0 {
 				account, err = NewAccount(a.Email)
 				if err != nil {
 					return err
 				}
 				needRegister = true
 			}
 			if err != nil {
 				return err
 			}
 			a.client, err = a.buildACMEClient(account)
 			if err != nil {
 				return err
 			}
 			if needRegister {
 				// New users will need to register; be sure to save it
 				log.Debugf("Register...")
 				reg, err := a.client.Register()
 				if err != nil {
 					return err
 				}
 				account.Registration = reg
 			}
 			// The client has a URL to the current Let's Encrypt Subscriber
 			// Agreement. The user will need to agree to it.
 			log.Debugf("AgreeToTOS...")
 			err = a.client.AgreeToTOS()
 			if err != nil {
 				// Let's Encrypt Subscriber Agreement renew ?
 				reg, err := a.client.QueryRegistration()
 				if err != nil {
 					return err
 				}
 				account.Registration = reg
 				err = a.client.AgreeToTOS()
 				if err != nil {
 					log.Errorf("Error sending ACME agreement to TOS: %+v: %s", account, err.Error())
 				}
 			}
 			err = transaction.Commit(account)
 			if err != nil {
 				return err
 			}
 			a.retrieveCertificates()
 			a.renewCertificates()
 			a.runJobs()
 		}
 		return nil
 	})
 	return nil
 }
 // CreateLocalConfig creates a tls.config using local ACME configuration
 func (a *ACME) CreateLocalConfig(tlsConfig *tls.Config, checkOnDemandDomain func(domain string) bool) error {
 	err := a.init()
 	if err != nil {
 		return err
 	}
 	if len(a.Storage) == 0 {
 		return errors.New("Empty Store, please provide a filename for certs storage")
 	}
 	a.checkOnDemandDomain = checkOnDemandDomain
 	tlsConfig.Certificates = append(tlsConfig.Certificates, *a.defaultCertificate)
 	tlsConfig.GetCertificate = a.getCertificate
 	a.TLSConfig = tlsConfig
 	localStore := NewLocalStore(a.Storage)
 	a.store = localStore
 	a.challengeProvider = &challengeProvider{store: a.store}
 	var needRegister bool
 	var account *Account
 	if fileInfo, fileErr := os.Stat(a.Storage); fileErr == nil && fileInfo.Size() != 0 {
 		log.Infof("Loading ACME Account...")
 		// load account
 		object, err := localStore.Load()
 		if err != nil {
 			return err
 		}
 		account = object.(*Account)
 	} else {
 		log.Infof("Generating ACME Account...")
 		account, err = NewAccount(a.Email)
 		if err != nil {
 			return err
 		}
 		needRegister = true
 	}
 	a.client, err = a.buildACMEClient(account)
 	if err != nil {
 		return err
 	}
 	if needRegister {
 		// New users will need to register; be sure to save it
 		log.Infof("Register...")
 		reg, err := a.client.Register()
 		if err != nil {
 			return err
 		}
 		account.Registration = reg
 	}
 	// The client has a URL to the current Let's Encrypt Subscriber
 	// Agreement. The user will need to agree to it.
 	log.Debugf("AgreeToTOS...")
 	err = a.client.AgreeToTOS()
 	if err != nil {
 		// Let's Encrypt Subscriber Agreement renew ?
 		reg, err := a.client.QueryRegistration()
 		if err != nil {
 			return err
 		}
 		account.Registration = reg
 		err = a.client.AgreeToTOS()
 		if err != nil {
 			log.Errorf("Error sending ACME agreement to TOS: %+v: %s", account, err.Error())
 		}
 	}
 	// save account
 	transaction, _, err := a.store.Begin()
 	if err != nil {
 		return err
 	}
 	err = transaction.Commit(account)
 	if err != nil {
 		return err
 	}
 	a.retrieveCertificates()
 	a.renewCertificates()
 	a.runJobs()
 	ticker := time.NewTicker(24 * time.Hour)
 	safe.Go(func() {
 		for range ticker.C {
 			a.renewCertificates()
 		}
 	})
 	return nil
 }
 func (a *ACME) getCertificate(clientHello *tls.ClientHelloInfo) (*tls.Certificate, error) {
 	domain := types.CanonicalDomain(clientHello.ServerName)
 	account := a.store.Get().(*Account)
 	if providedCertificate := a.getProvidedCertificate([]string{domain}); providedCertificate != nil {
 		return providedCertificate, nil
 	}
 	if challengeCert, ok := a.challengeProvider.getCertificate(domain); ok {
 		log.Debugf("ACME got challenge %s", domain)
 		return challengeCert, nil
 	}
 	if domainCert, ok := account.DomainsCertificate.getCertificateForDomain(domain); ok {
 		log.Debugf("ACME got domain cert %s", domain)
 		return domainCert.tlsCert, nil
 	}
 	if a.OnDemand {
 		if a.checkOnDemandDomain != nil && !a.checkOnDemandDomain(domain) {
 			return nil, nil
 		}
 		return a.loadCertificateOnDemand(clientHello)
 	}
 	log.Debugf("ACME got nothing %s", domain)
 	return nil, nil
 }
 func (a *ACME) retrieveCertificates() {
 	a.jobs.In() <- func() {
 		log.Infof("Retrieving ACME certificates...")
 		for _, domain := range a.Domains {
 			// check if cert isn't already loaded
 			account := a.store.Get().(*Account)
 			if _, exists := account.DomainsCertificate.exists(domain); !exists {
 				domains := []string{}
 				domains = append(domains, domain.Main)
 				domains = append(domains, domain.SANs...)
 				certificateResource, err := a.getDomainsCertificates(domains)
 				if err != nil {
 					log.Errorf("Error getting ACME certificate for domain %s: %s", domains, err.Error())
 					continue
 				}
 				transaction, object, err := a.store.Begin()
 				if err != nil {
 					log.Errorf("Error creating ACME store transaction from domain %s: %s", domain, err.Error())
 					continue
 				}
 				account = object.(*Account)
 				_, err = account.DomainsCertificate.addCertificateForDomains(certificateResource, domain)
 				if err != nil {
 					log.Errorf("Error adding ACME certificate for domain %s: %s", domains, err.Error())
 					continue
 				}
 				if err = transaction.Commit(account); err != nil {
 					log.Errorf("Error Saving ACME account %+v: %s", account, err.Error())
 					continue
 				}
 			}
 		}
 		log.Infof("Retrieved ACME certificates")
 	}
 }
 func (a *ACME) renewCertificates() {
 	a.jobs.In() <- func() {
 		log.Debugf("Testing certificate renew...")
 		account := a.store.Get().(*Account)
 		for _, certificateResource := range account.DomainsCertificate.Certs {
 			if certificateResource.needRenew() {
 				log.Debugf("Renewing certificate %+v", certificateResource.Domains)
 				renewedCert, err := a.client.RenewCertificate(acme.CertificateResource{
 					Domain:        certificateResource.Certificate.Domain,
 					CertURL:       certificateResource.Certificate.CertURL,
 					CertStableURL: certificateResource.Certificate.CertStableURL,
 					PrivateKey:    certificateResource.Certificate.PrivateKey,
 					Certificate:   certificateResource.Certificate.Certificate,
 				}, true, OSCPMustStaple)
 				if err != nil {
 					log.Errorf("Error renewing certificate: %v", err)
 					continue
 				}
 				log.Debugf("Renewed certificate %+v", certificateResource.Domains)
 				renewedACMECert := &Certificate{
 					Domain:        renewedCert.Domain,
 					CertURL:       renewedCert.CertURL,
 					CertStableURL: renewedCert.CertStableURL,
 					PrivateKey:    renewedCert.PrivateKey,
 					Certificate:   renewedCert.Certificate,
 				}
 				transaction, object, err := a.store.Begin()
 				if err != nil {
 					log.Errorf("Error renewing certificate: %v", err)
 					continue
 				}
 				account = object.(*Account)
 				err = account.DomainsCertificate.renewCertificates(renewedACMECert, certificateResource.Domains)
 				if err != nil {
 					log.Errorf("Error renewing certificate: %v", err)
 					continue
 				}
 				if err = transaction.Commit(account); err != nil {
 					log.Errorf("Error Saving ACME account %+v: %s", account, err.Error())
 					continue
 				}
 			}
 		}
 	}
 }
 func dnsOverrideDelay(delay int) error {
 	var err error
 	if delay > 0 {
 		log.Debugf("Delaying %d seconds rather than validating DNS propagation", delay)
 		acme.PreCheckDNS = func(_, _ string) (bool, error) {
 			time.Sleep(time.Duration(delay) * time.Second)
 			return true, nil
 		}
 	} else if delay < 0 {
 		err = fmt.Errorf("Invalid negative DelayDontCheckDNS: %d", delay)
 	}
 	return err
 }
 func (a *ACME) buildACMEClient(account *Account) (*acme.Client, error) {
 	log.Debugf("Building ACME client...")
 	caServer := "https://acme-v01.api.letsencrypt.org/directory"
 	if len(a.CAServer) > 0 {
 		caServer = a.CAServer
 	}
 	client, err := acme.NewClient(caServer, account, acme.RSA4096)
 	if err != nil {
 		return nil, err
 	}
 	if len(a.DNSProvider) > 0 {
 		log.Debugf("Using DNS Challenge provider: %s", a.DNSProvider)
 		err = dnsOverrideDelay(a.DelayDontCheckDNS)
 		if err != nil {
 			return nil, err
 		}
 		var provider acme.ChallengeProvider
 		provider, err = dns.NewDNSChallengeProviderByName(a.DNSProvider)
 		if err != nil {
 			return nil, err
 		}
 		client.ExcludeChallenges([]acme.Challenge{acme.HTTP01, acme.TLSSNI01})
 		err = client.SetChallengeProvider(acme.DNS01, provider)
 	} else {
 		client.ExcludeChallenges([]acme.Challenge{acme.HTTP01, acme.DNS01})
 		err = client.SetChallengeProvider(acme.TLSSNI01, a.challengeProvider)
 	}
 	if err != nil {
 		return nil, err
 	}
 	return client, nil
 }
 func (a *ACME) loadCertificateOnDemand(clientHello *tls.ClientHelloInfo) (*tls.Certificate, error) {
 	domain := types.CanonicalDomain(clientHello.ServerName)
 	account := a.store.Get().(*Account)
 	if certificateResource, ok := account.DomainsCertificate.getCertificateForDomain(domain); ok {
 		return certificateResource.tlsCert, nil
 	}
 	certificate, err := a.getDomainsCertificates([]string{domain})
 	if err != nil {
 		return nil, err
 	}
 	log.Debugf("Got certificate on demand for domain %s", domain)
 	transaction, object, err := a.store.Begin()
 	if err != nil {
 		return nil, err
 	}
 	account = object.(*Account)
 	cert, err := account.DomainsCertificate.addCertificateForDomains(certificate, Domain{Main: domain})
 	if err != nil {
 		return nil, err
 	}
 	if err = transaction.Commit(account); err != nil {
 		return nil, err
 	}
 	return cert.tlsCert, nil
 }
 // LoadCertificateForDomains loads certificates from ACME for given domains
 func (a *ACME) LoadCertificateForDomains(domains []string) {
 	a.jobs.In() <- func() {
 		log.Debugf("LoadCertificateForDomains %v...", domains)
 		if len(domains) == 0 {
 			// no domain
 			return
 		}
 		domains = fun.Map(types.CanonicalDomain, domains).([]string)
 		// Check provided certificates
 		if a.getProvidedCertificate(domains) != nil {
 			return
 		}
 		operation := func() error {
 			if a.client == nil {
 				return fmt.Errorf("ACME client still not built")
 			}
 			return nil
 		}
 		notify := func(err error, time time.Duration) {
 			log.Errorf("Error getting ACME client: %v, retrying in %s", err, time)
 		}
 		ebo := backoff.NewExponentialBackOff()
 		ebo.MaxElapsedTime = 30 * time.Second
 		err := backoff.RetryNotify(safe.OperationWithRecover(operation), ebo, notify)
 		if err != nil {
 			log.Errorf("Error getting ACME client: %v", err)
 			return
 		}
 		account := a.store.Get().(*Account)
 		var domain Domain
 		if len(domains) > 1 {
 			domain = Domain{Main: domains[0], SANs: domains[1:]}
 		} else {
 			domain = Domain{Main: domains[0]}
 		}
 		if _, exists := account.DomainsCertificate.exists(domain); exists {
 			// domain already exists
 			return
 		}
 		certificate, err := a.getDomainsCertificates(domains)
 		if err != nil {
 			log.Errorf("Error getting ACME certificates %+v : %v", domains, err)
 			return
 		}
 		log.Debugf("Got certificate for domains %+v", domains)
 		transaction, object, err := a.store.Begin()
 		if err != nil {
 			log.Errorf("Error creating transaction %+v : %v", domains, err)
 			return
 		}
 		account = object.(*Account)
 		_, err = account.DomainsCertificate.addCertificateForDomains(certificate, domain)
 		if err != nil {
 			log.Errorf("Error adding ACME certificates %+v : %v", domains, err)
 			return
 		}
 		if err = transaction.Commit(account); err != nil {
 			log.Errorf("Error Saving ACME account %+v: %v", account, err)
 			return
 		}
 	}
 }
 // Get provided certificate which check a domains list (Main and SANs)
 func (a *ACME) getProvidedCertificate(domains []string) *tls.Certificate {
 	// Use regex to test for provided certs that might have been added into TLSConfig
 	providedCertMatch := false
 	log.Debugf("Look for provided certificate to validate %s...", domains)
 	for k := range a.TLSConfig.NameToCertificate {
 		selector := "^" + strings.Replace(k, "*.", "[^\\.]*\\.?", -1) + "$"
 		for _, domainToCheck := range domains {
 			providedCertMatch, _ = regexp.MatchString(selector, domainToCheck)
 			if !providedCertMatch {
 				break
 			}
 		}
 		if providedCertMatch {
 			log.Debugf("Got provided certificate for domains %s", domains)
 			return a.TLSConfig.NameToCertificate[k]
 		}
 	}
 	log.Debugf("No provided certificate found for domains %s, get ACME certificate.", domains)
 	return nil
 }
 func (a *ACME) getDomainsCertificates(domains []string) (*Certificate, error) {
 	domains = fun.Map(types.CanonicalDomain, domains).([]string)
 	log.Debugf("Loading ACME certificates %s...", domains)
 	bundle := true
 	certificate, failures := a.client.ObtainCertificate(domains, bundle, nil, OSCPMustStaple)
 	if len(failures) > 0 {
 		log.Error(failures)
 		return nil, fmt.Errorf("Cannot obtain certificates %s+v", failures)
 	}
 	log.Debugf("Loaded ACME certificates %s", domains)
 	return &Certificate{
 		Domain:        certificate.Domain,
 		CertURL:       certificate.CertURL,
 		CertStableURL: certificate.CertStableURL,
 		PrivateKey:    certificate.PrivateKey,
 		Certificate:   certificate.Certificate,
 	}, nil
 }
 func (a *ACME) runJobs() {
 	safe.Go(func() {
 		for job := range a.jobs.Out() {
 			function := job.(func())
 			function()
 		}
 	})
 }
--- a/acme/acme_test.go
+++ b/acme/acme_test.go
@@ -1,296 +0,0 @@
 package acme
 import (
 	"crypto/tls"
 	"encoding/base64"
 	"net/http"
 	"net/http/httptest"
 	"reflect"
 	"sync"
 	"testing"
 	"time"
 	"github.com/stretchr/testify/assert"
 	"github.com/xenolf/lego/acme"
 )
 func TestDomainsSet(t *testing.T) {
 	checkMap := map[string]Domains{
 		"":                                   {},
 		"foo.com":                            {Domain{Main: "foo.com", SANs: []string{}}},
 		"foo.com,bar.net":                    {Domain{Main: "foo.com", SANs: []string{"bar.net"}}},
 		"foo.com,bar1.net,bar2.net,bar3.net": {Domain{Main: "foo.com", SANs: []string{"bar1.net", "bar2.net", "bar3.net"}}},
 	}
 	for in, check := range checkMap {
 		ds := Domains{}
 		ds.Set(in)
 		if !reflect.DeepEqual(check, ds) {
 			t.Errorf("Expected %+v\nGot %+v", check, ds)
 		}
 	}
 }
 func TestDomainsSetAppend(t *testing.T) {
 	inSlice := []string{
 		"",
 		"foo1.com",
 		"foo2.com,bar.net",
 		"foo3.com,bar1.net,bar2.net,bar3.net",
 	}
 	checkSlice := []Domains{
 		{},
 		{
 			Domain{
 				Main: "foo1.com",
 				SANs: []string{}}},
 		{
 			Domain{
 				Main: "foo1.com",
 				SANs: []string{}},
 			Domain{
 				Main: "foo2.com",
 				SANs: []string{"bar.net"}}},
 		{
 			Domain{
 				Main: "foo1.com",
 				SANs: []string{}},
 			Domain{
 				Main: "foo2.com",
 				SANs: []string{"bar.net"}},
 			Domain{Main: "foo3.com",
 				SANs: []string{"bar1.net", "bar2.net", "bar3.net"}}},
 	}
 	ds := Domains{}
 	for i, in := range inSlice {
 		ds.Set(in)
 		if !reflect.DeepEqual(checkSlice[i], ds) {
 			t.Errorf("Expected  %s %+v\nGot %+v", in, checkSlice[i], ds)
 		}
 	}
 }
 func TestCertificatesRenew(t *testing.T) {
 	foo1Cert, foo1Key, _ := generateKeyPair("foo1.com", time.Now())
 	foo2Cert, foo2Key, _ := generateKeyPair("foo2.com", time.Now())
 	domainsCertificates := DomainsCertificates{
 		lock: sync.RWMutex{},
 		Certs: []*DomainsCertificate{
 			{
 				Domains: Domain{
 					Main: "foo1.com",
 					SANs: []string{}},
 				Certificate: &Certificate{
 					Domain:        "foo1.com",
 					CertURL:       "url",
 					CertStableURL: "url",
 					PrivateKey:    foo1Key,
 					Certificate:   foo1Cert,
 				},
 			},
 			{
 				Domains: Domain{
 					Main: "foo2.com",
 					SANs: []string{}},
 				Certificate: &Certificate{
 					Domain:        "foo2.com",
 					CertURL:       "url",
 					CertStableURL: "url",
 					PrivateKey:    foo2Key,
 					Certificate:   foo2Cert,
 				},
 			},
 		},
 	}
 	foo1Cert, foo1Key, _ = generateKeyPair("foo1.com", time.Now())
 	newCertificate := &Certificate{
 		Domain:        "foo1.com",
 		CertURL:       "url",
 		CertStableURL: "url",
 		PrivateKey:    foo1Key,
 		Certificate:   foo1Cert,
 	}
 	err := domainsCertificates.renewCertificates(
 		newCertificate,
 		Domain{
 			Main: "foo1.com",
 			SANs: []string{}})
 	if err != nil {
 		t.Errorf("Error in renewCertificates :%v", err)
 	}
 	if len(domainsCertificates.Certs) != 2 {
 		t.Errorf("Expected domainsCertificates length %d %+v\nGot %+v", 2, domainsCertificates.Certs, len(domainsCertificates.Certs))
 	}
 	if !reflect.DeepEqual(domainsCertificates.Certs[0].Certificate, newCertificate) {
 		t.Errorf("Expected new certificate %+v \nGot %+v", newCertificate, domainsCertificates.Certs[0].Certificate)
 	}
 }
 func TestRemoveDuplicates(t *testing.T) {
 	now := time.Now()
 	fooCert, fooKey, _ := generateKeyPair("foo.com", now)
 	foo24Cert, foo24Key, _ := generateKeyPair("foo.com", now.Add(24*time.Hour))
 	foo48Cert, foo48Key, _ := generateKeyPair("foo.com", now.Add(48*time.Hour))
 	barCert, barKey, _ := generateKeyPair("bar.com", now)
 	domainsCertificates := DomainsCertificates{
 		lock: sync.RWMutex{},
 		Certs: []*DomainsCertificate{
 			{
 				Domains: Domain{
 					Main: "foo.com",
 					SANs: []string{}},
 				Certificate: &Certificate{
 					Domain:        "foo.com",
 					CertURL:       "url",
 					CertStableURL: "url",
 					PrivateKey:    foo24Key,
 					Certificate:   foo24Cert,
 				},
 			},
 			{
 				Domains: Domain{
 					Main: "foo.com",
 					SANs: []string{}},
 				Certificate: &Certificate{
 					Domain:        "foo.com",
 					CertURL:       "url",
 					CertStableURL: "url",
 					PrivateKey:    foo48Key,
 					Certificate:   foo48Cert,
 				},
 			},
 			{
 				Domains: Domain{
 					Main: "foo.com",
 					SANs: []string{}},
 				Certificate: &Certificate{
 					Domain:        "foo.com",
 					CertURL:       "url",
 					CertStableURL: "url",
 					PrivateKey:    fooKey,
 					Certificate:   fooCert,
 				},
 			},
 			{
 				Domains: Domain{
 					Main: "bar.com",
 					SANs: []string{}},
 				Certificate: &Certificate{
 					Domain:        "bar.com",
 					CertURL:       "url",
 					CertStableURL: "url",
 					PrivateKey:    barKey,
 					Certificate:   barCert,
 				},
 			},
 			{
 				Domains: Domain{
 					Main: "foo.com",
 					SANs: []string{}},
 				Certificate: &Certificate{
 					Domain:        "foo.com",
 					CertURL:       "url",
 					CertStableURL: "url",
 					PrivateKey:    foo48Key,
 					Certificate:   foo48Cert,
 				},
 			},
 		},
 	}
 	domainsCertificates.Init()
 	if len(domainsCertificates.Certs) != 2 {
 		t.Errorf("Expected domainsCertificates length %d %+v\nGot %+v", 2, domainsCertificates.Certs, len(domainsCertificates.Certs))
 	}
 	for _, cert := range domainsCertificates.Certs {
 		switch cert.Domains.Main {
 		case "bar.com":
 			continue
 		case "foo.com":
 			if !cert.tlsCert.Leaf.NotAfter.Equal(now.Add(48 * time.Hour).Truncate(1 * time.Second)) {
 				t.Errorf("Bad expiration %s date for domain %+v, now %s", cert.tlsCert.Leaf.NotAfter.String(), cert, now.Add(48*time.Hour).Truncate(1*time.Second).String())
 			}
 		default:
 			t.Errorf("Unknown domain %+v", cert)
 		}
 	}
 }
 func TestNoPreCheckOverride(t *testing.T) {
 	acme.PreCheckDNS = nil // Irreversable - but not expecting real calls into this during testing process
 	err := dnsOverrideDelay(0)
 	if err != nil {
 		t.Errorf("Error in dnsOverrideDelay :%v", err)
 	}
 	if acme.PreCheckDNS != nil {
 		t.Errorf("Unexpected change to acme.PreCheckDNS when leaving DNS verification as is.")
 	}
 }
 func TestSillyPreCheckOverride(t *testing.T) {
 	err := dnsOverrideDelay(-5)
 	if err == nil {
 		t.Errorf("Missing expected error in dnsOverrideDelay!")
 	}
 }
 func TestPreCheckOverride(t *testing.T) {
 	acme.PreCheckDNS = nil // Irreversable - but not expecting real calls into this during testing process
 	err := dnsOverrideDelay(5)
 	if err != nil {
 		t.Errorf("Error in dnsOverrideDelay :%v", err)
 	}
 	if acme.PreCheckDNS == nil {
 		t.Errorf("No change to acme.PreCheckDNS when meant to be adding enforcing override function.")
 	}
 }
 func TestAcmeClientCreation(t *testing.T) {
 	acme.PreCheckDNS = nil // Irreversable - but not expecting real calls into this during testing process
 	// Lengthy setup to avoid external web requests - oh for easier golang testing!
 	account := &Account{Email: "f@f"}
 	account.PrivateKey, _ = base64.StdEncoding.DecodeString(`
 MIIBPAIBAAJBAMp2Ni92FfEur+CAvFkgC12LT4l9D53ApbBpDaXaJkzzks+KsLw9zyAxvlrfAyTCQ
 7tDnEnIltAXyQ0uOFUUdcMCAwEAAQJAK1FbipATZcT9cGVa5x7KD7usytftLW14heQUPXYNV80r/3
 lmnpvjL06dffRpwkYeN8DATQF/QOcy3NNNGDw/4QIhAPAKmiZFxA/qmRXsuU8Zhlzf16WrNZ68K64
 asn/h3qZrAiEA1+wFR3WXCPIolOvd7AHjfgcTKQNkoMPywU4FYUNQ1AkCIQDv8yk0qPjckD6HVCPJ
 llJh9MC0svjevGtNlxJoE3lmEQIhAKXy1wfZ32/XtcrnENPvi6lzxI0T94X7s5pP3aCoPPoJAiEAl
 cijFkALeQp/qyeXdFld2v9gUN3eCgljgcl0QweRoIc=---`)
 	ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
 		w.Write([]byte(`{
 "new-authz": "https://foo/acme/new-authz",
 "new-cert": "https://foo/acme/new-cert",
 "new-reg": "https://foo/acme/new-reg",
 "revoke-cert": "https://foo/acme/revoke-cert"
 }`))
 	}))
 	defer ts.Close()
 	a := ACME{DNSProvider: "manual", DelayDontCheckDNS: 10, CAServer: ts.URL}
 	client, err := a.buildACMEClient(account)
 	if err != nil {
 		t.Errorf("Error in buildACMEClient: %v", err)
 	}
 	if client == nil {
 		t.Errorf("No client from buildACMEClient!")
 	}
 	if acme.PreCheckDNS == nil {
 		t.Errorf("No change to acme.PreCheckDNS when meant to be adding enforcing override function.")
 	}
 }
 func TestAcme_getProvidedCertificate(t *testing.T) {
 	mm := make(map[string]*tls.Certificate)
 	mm["*.containo.us"] = &tls.Certificate{}
 	mm["traefik.acme.io"] = &tls.Certificate{}
 	a := ACME{TLSConfig: &tls.Config{NameToCertificate: mm}}
 	domains := []string{"traefik.containo.us", "trae.containo.us"}
 	certificate := a.getProvidedCertificate(domains)
 	assert.NotNil(t, certificate)
 	domains = []string{"traefik.acme.io", "trae.acme.io"}
 	certificate = a.getProvidedCertificate(domains)
 	assert.Nil(t, certificate)
 }
--- a/acme/challengeProvider.go
+++ b/acme/challengeProvider.go
@@ -1,97 +0,0 @@
 package acme
 import (
 	"crypto/tls"
 	"fmt"
 	"strings"
 	"sync"
 	"time"
 	"github.com/cenk/backoff"
 	"github.com/containous/traefik/cluster"
 	"github.com/containous/traefik/log"
 	"github.com/containous/traefik/safe"
 	"github.com/xenolf/lego/acme"
 )
 var _ acme.ChallengeProviderTimeout = (*challengeProvider)(nil)
 type challengeProvider struct {
 	store cluster.Store
 	lock  sync.RWMutex
 }
 func (c *challengeProvider) getCertificate(domain string) (cert *tls.Certificate, exists bool) {
 	log.Debugf("Challenge GetCertificate %s", domain)
 	if !strings.HasSuffix(domain, ".acme.invalid") {
 		return nil, false
 	}
 	c.lock.RLock()
 	defer c.lock.RUnlock()
 	account := c.store.Get().(*Account)
 	if account.ChallengeCerts == nil {
 		return nil, false
 	}
 	account.Init()
 	var result *tls.Certificate
 	operation := func() error {
 		for _, cert := range account.ChallengeCerts {
 			for _, dns := range cert.certificate.Leaf.DNSNames {
 				if domain == dns {
 					result = cert.certificate
 					return nil
 				}
 			}
 		}
 		return fmt.Errorf("Cannot find challenge cert for domain %s", domain)
 	}
 	notify := func(err error, time time.Duration) {
 		log.Errorf("Error getting cert: %v, retrying in %s", err, time)
 	}
 	ebo := backoff.NewExponentialBackOff()
 	ebo.MaxElapsedTime = 60 * time.Second
 	err := backoff.RetryNotify(safe.OperationWithRecover(operation), ebo, notify)
 	if err != nil {
 		log.Errorf("Error getting cert: %v", err)
 		return nil, false
 	}
 	return result, true
 }
 func (c *challengeProvider) Present(domain, token, keyAuth string) error {
 	log.Debugf("Challenge Present %s", domain)
 	cert, _, err := TLSSNI01ChallengeCert(keyAuth)
 	if err != nil {
 		return err
 	}
 	c.lock.Lock()
 	defer c.lock.Unlock()
 	transaction, object, err := c.store.Begin()
 	if err != nil {
 		return err
 	}
 	account := object.(*Account)
 	if account.ChallengeCerts == nil {
 		account.ChallengeCerts = map[string]*ChallengeCert{}
 	}
 	account.ChallengeCerts[domain] = &cert
 	return transaction.Commit(account)
 }
 func (c *challengeProvider) CleanUp(domain, token, keyAuth string) error {
 	log.Debugf("Challenge CleanUp %s", domain)
 	c.lock.Lock()
 	defer c.lock.Unlock()
 	transaction, object, err := c.store.Begin()
 	if err != nil {
 		return err
 	}
 	account := object.(*Account)
 	delete(account.ChallengeCerts, domain)
 	return transaction.Commit(account)
 }
 func (c *challengeProvider) Timeout() (timeout, interval time.Duration) {
 	return 60 * time.Second, 5 * time.Second
 }
--- a/acme/crypto.go
+++ b/acme/crypto.go
@@ -1,135 +0,0 @@
 package acme
 import (
 	"crypto"
 	"crypto/ecdsa"
 	"crypto/rand"
 	"crypto/rsa"
 	"crypto/sha256"
 	"crypto/tls"
 	"crypto/x509"
 	"crypto/x509/pkix"
 	"encoding/hex"
 	"encoding/pem"
 	"fmt"
 	"math/big"
 	"time"
 )
 func generateDefaultCertificate() (*tls.Certificate, error) {
 	randomBytes := make([]byte, 100)
 	_, err := rand.Read(randomBytes)
 	if err != nil {
 		return nil, err
 	}
 	zBytes := sha256.Sum256(randomBytes)
 	z := hex.EncodeToString(zBytes[:sha256.Size])
 	domain := fmt.Sprintf("%s.%s.traefik.default", z[:32], z[32:])
 	certPEM, keyPEM, err := generateKeyPair(domain, time.Time{})
 	if err != nil {
 		return nil, err
 	}
 	certificate, err := tls.X509KeyPair(certPEM, keyPEM)
 	if err != nil {
 		return nil, err
 	}
 	return &certificate, nil
 }
 func generateKeyPair(domain string, expiration time.Time) ([]byte, []byte, error) {
 	rsaPrivKey, err := rsa.GenerateKey(rand.Reader, 2048)
 	if err != nil {
 		return nil, nil, err
 	}
 	keyPEM := pem.EncodeToMemory(&pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(rsaPrivKey)})
 	certPEM, err := generatePemCert(rsaPrivKey, domain, expiration)
 	if err != nil {
 		return nil, nil, err
 	}
 	return certPEM, keyPEM, nil
 }
 func generatePemCert(privKey *rsa.PrivateKey, domain string, expiration time.Time) ([]byte, error) {
 	derBytes, err := generateDerCert(privKey, expiration, domain)
 	if err != nil {
 		return nil, err
 	}
 	return pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: derBytes}), nil
 }
 func generateDerCert(privKey *rsa.PrivateKey, expiration time.Time, domain string) ([]byte, error) {
 	serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
 	serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)
 	if err != nil {
 		return nil, err
 	}
 	if expiration.IsZero() {
 		expiration = time.Now().Add(365)
 	}
 	template := x509.Certificate{
 		SerialNumber: serialNumber,
 		Subject: pkix.Name{
 			CommonName: "TRAEFIK DEFAULT CERT",
 		},
 		NotBefore: time.Now(),
 		NotAfter:  expiration,
 		KeyUsage:              x509.KeyUsageKeyEncipherment,
 		BasicConstraintsValid: true,
 		DNSNames:              []string{domain},
 	}
 	return x509.CreateCertificate(rand.Reader, &template, &template, &privKey.PublicKey, privKey)
 }
 // TLSSNI01ChallengeCert returns a certificate and target domain for the `tls-sni-01` challenge
 func TLSSNI01ChallengeCert(keyAuth string) (ChallengeCert, string, error) {
 	// generate a new RSA key for the certificates
 	var tempPrivKey crypto.PrivateKey
 	tempPrivKey, err := rsa.GenerateKey(rand.Reader, 2048)
 	if err != nil {
 		return ChallengeCert{}, "", err
 	}
 	rsaPrivKey := tempPrivKey.(*rsa.PrivateKey)
 	rsaPrivPEM := pemEncode(rsaPrivKey)
 	zBytes := sha256.Sum256([]byte(keyAuth))
 	z := hex.EncodeToString(zBytes[:sha256.Size])
 	domain := fmt.Sprintf("%s.%s.acme.invalid", z[:32], z[32:])
 	tempCertPEM, err := generatePemCert(rsaPrivKey, domain, time.Time{})
 	if err != nil {
 		return ChallengeCert{}, "", err
 	}
 	certificate, err := tls.X509KeyPair(tempCertPEM, rsaPrivPEM)
 	if err != nil {
 		return ChallengeCert{}, "", err
 	}
 	return ChallengeCert{Certificate: tempCertPEM, PrivateKey: rsaPrivPEM, certificate: &certificate}, domain, nil
 }
 func pemEncode(data interface{}) []byte {
 	var pemBlock *pem.Block
 	switch key := data.(type) {
 	case *ecdsa.PrivateKey:
 		keyBytes, _ := x509.MarshalECPrivateKey(key)
 		pemBlock = &pem.Block{Type: "EC PRIVATE KEY", Bytes: keyBytes}
 	case *rsa.PrivateKey:
 		pemBlock = &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(key)}
 		break
 	case *x509.CertificateRequest:
 		pemBlock = &pem.Block{Type: "CERTIFICATE REQUEST", Bytes: key.Raw}
 		break
 	case []byte:
 		pemBlock = &pem.Block{Type: "CERTIFICATE", Bytes: []byte(data.([]byte))}
 	}
 	return pem.EncodeToMemory(pemBlock)
 }
--- a/acme/localStore.go
+++ b/acme/localStore.go
@@ -1,97 +0,0 @@
 package acme
 import (
 	"encoding/json"
 	"fmt"
 	"io/ioutil"
 	"os"
 	"sync"
 	"github.com/containous/traefik/cluster"
 	"github.com/containous/traefik/log"
 )
 var _ cluster.Store = (*LocalStore)(nil)
 // LocalStore is a store using a file as storage
 type LocalStore struct {
 	file        string
 	storageLock sync.RWMutex
 	account     *Account
 }
 // NewLocalStore create a LocalStore
 func NewLocalStore(file string) *LocalStore {
 	return &LocalStore{
 		file: file,
 	}
 }
 // Get atomically a struct from the file storage
 func (s *LocalStore) Get() cluster.Object {
 	s.storageLock.RLock()
 	defer s.storageLock.RUnlock()
 	return s.account
 }
 // Load loads file into store
 func (s *LocalStore) Load() (cluster.Object, error) {
 	s.storageLock.Lock()
 	defer s.storageLock.Unlock()
 	account := &Account{}
 	err := checkPermissions(s.file)
 	if err != nil {
 		return nil, err
 	}
 	f, err := os.Open(s.file)
 	if err != nil {
 		return nil, err
 	}
 	defer f.Close()
 	file, err := ioutil.ReadAll(f)
 	if err != nil {
 		return nil, err
 	}
 	if err := json.Unmarshal(file, &account); err != nil {
 		return nil, err
 	}
 	account.Init()
 	s.account = account
 	log.Infof("Loaded ACME config from store %s", s.file)
 	return account, nil
 }
 // Begin creates a transaction with the KV store.
 func (s *LocalStore) Begin() (cluster.Transaction, cluster.Object, error) {
 	s.storageLock.Lock()
 	return &localTransaction{LocalStore: s}, s.account, nil
 }
 var _ cluster.Transaction = (*localTransaction)(nil)
 type localTransaction struct {
 	*LocalStore
 	dirty bool
 }
 // Commit allows to set an object in the file storage
 func (t *localTransaction) Commit(object cluster.Object) error {
 	t.LocalStore.account = object.(*Account)
 	defer t.storageLock.Unlock()
 	if t.dirty {
 		return fmt.Errorf("transaction already used, please begin a new one")
 	}
 	// write account to file
 	data, err := json.MarshalIndent(object, "", "  ")
 	if err != nil {
 		return err
 	}
 	err = ioutil.WriteFile(t.file, data, 0600)
 	if err != nil {
 		return err
 	}
 	t.dirty = true
 	return nil
 }
--- a/acme/localStore_unix.go
+++ b/acme/localStore_unix.go
@@ -1,25 +0,0 @@
 // +build !windows
 package acme
 import (
 	"fmt"
 	"os"
 )
 // Check file permissions
 func checkPermissions(name string) error {
 	f, err := os.Open(name)
 	if err != nil {
 		return err
 	}
 	defer f.Close()
 	fi, err := f.Stat()
 	if err != nil {
 		return err
 	}
 	if fi.Mode().Perm()&0077 != 0 {
 		return fmt.Errorf("permissions %o for %s are too open, please use 600", fi.Mode().Perm(), name)
 	}
 	return nil
 }
--- a/acme/localStore_windows.go
+++ b/acme/localStore_windows.go
@@ -1,6 +0,0 @@
 package acme
 // Do not check file permissions on Windows right now
 func checkPermissions(name string) error {
 	return nil
 }
--- a/build.Dockerfile
+++ b/build.Dockerfile
@@ -1,35 +1,37 @@
-FROM golang:1.8
+FROM golang:1.13-alpine
-# Install a more recent version of mercurial to avoid mismatching results
+RUN apk --update upgrade \
-# between glide run on a decently updated host system and the build container.
+    && apk --no-cache --no-progress add git mercurial bash gcc musl-dev curl tar ca-certificates tzdata \
-RUN awk '$1 ~ "^deb" { $3 = $3 "-backports"; print; exit }' /etc/apt/sources.list > /etc/apt/sources.list.d/backports.list && \
+    && update-ca-certificates \
-  DEBIAN_FRONTEND=noninteractive apt-get update && \
+    && rm -rf /var/cache/apk/*
  DEBIAN_FRONTEND=noninteractive apt-get install -t jessie-backports --yes --no-install-recommends mercurial=3.9.1-1~bpo8+1 && \
  rm -fr /var/lib/apt/lists/
 RUN go get github.com/jteeuwen/go-bindata/... \
 && go get github.com/golang/lint/golint \
 && go get github.com/kisielk/errcheck \
 && go get github.com/client9/misspell/cmd/misspell \
 && go get github.com/mattfarina/glide-hash \
 && go get github.com/sgotti/glide-vc
 # Which docker version to test on
-ARG DOCKER_VERSION=17.03.1
+ARG DOCKER_VERSION=18.09.7
 # Which glide version to test on
 ARG GLIDE_VERSION=v0.12.3
 # Download glide
 RUN mkdir -p /usr/local/bin \
    && curl -fL https://github.com/Masterminds/glide/releases/download/${GLIDE_VERSION}/glide-${GLIDE_VERSION}-linux-amd64.tar.gz \
    | tar -xzC /usr/local/bin --transform 's#^.+/##x'
 # Download docker
 RUN mkdir -p /usr/local/bin \
-    && curl -fL https://get.docker.com/builds/Linux/x86_64/docker-${DOCKER_VERSION}-ce.tgz \
+    && curl -fL https://download.docker.com/linux/static/stable/x86_64/docker-${DOCKER_VERSION}.tgz \
    | tar -xzC /usr/local/bin --transform 's#^.+/##x'
 # Download go-bindata binary to bin folder in $GOPATH
 RUN mkdir -p /usr/local/bin \
    && curl -fsSL -o /usr/local/bin/go-bindata https://github.com/containous/go-bindata/releases/download/v1.0.0/go-bindata \
    && chmod +x /usr/local/bin/go-bindata
 # Download golangci-lint binary to bin folder in $GOPATH
 RUN curl -sfL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh | bash -s -- -b $GOPATH/bin v1.18.0
 # Download golangci-lint and misspell binary to bin folder in $GOPATH
 RUN GO111MODULE=off go get github.com/client9/misspell/cmd/misspell
 # Download goreleaser binary to bin folder in $GOPATH
 RUN curl -sfL https://install.goreleaser.com/github.com/goreleaser/goreleaser.sh | sh
 WORKDIR /go/src/github.com/containous/traefik
 # Download go modules
 COPY go.mod .
 COPY go.sum .
 RUN GO111MODULE=on GOPROXY=https://proxy.golang.org go mod download
 COPY . /go/src/github.com/containous/traefik
--- a/cluster/datastore.go
+++ b/cluster/datastore.go
@@ -1,255 +0,0 @@
 package cluster
 import (
 	"context"
 	"encoding/json"
 	"fmt"
 	"sync"
 	"time"
 	"github.com/cenk/backoff"
 	"github.com/containous/staert"
 	"github.com/containous/traefik/job"
 	"github.com/containous/traefik/log"
 	"github.com/containous/traefik/safe"
 	"github.com/docker/libkv/store"
 	"github.com/satori/go.uuid"
 )
 // Metadata stores Object plus metadata
 type Metadata struct {
 	object Object
 	Object []byte
 	Lock   string
 }
 // NewMetadata returns new Metadata
 func NewMetadata(object Object) *Metadata {
 	return &Metadata{object: object}
 }
 // Marshall marshalls object
 func (m *Metadata) Marshall() error {
 	var err error
 	m.Object, err = json.Marshal(m.object)
 	return err
 }
 func (m *Metadata) unmarshall() error {
 	if len(m.Object) == 0 {
 		return nil
 	}
 	return json.Unmarshal(m.Object, m.object)
 }
 // Listener is called when Object has been changed in KV store
 type Listener func(Object) error
 var _ Store = (*Datastore)(nil)
 // Datastore holds a struct synced in a KV store
 type Datastore struct {
 	kv        staert.KvSource
 	ctx       context.Context
 	localLock *sync.RWMutex
 	meta      *Metadata
 	lockKey   string
 	listener  Listener
 }
 // NewDataStore creates a Datastore
 func NewDataStore(ctx context.Context, kvSource staert.KvSource, object Object, listener Listener) (*Datastore, error) {
 	datastore := Datastore{
 		kv:        kvSource,
 		ctx:       ctx,
 		meta:      &Metadata{object: object},
 		lockKey:   kvSource.Prefix + "/lock",
 		localLock: &sync.RWMutex{},
 		listener:  listener,
 	}
 	err := datastore.watchChanges()
 	if err != nil {
 		return nil, err
 	}
 	return &datastore, nil
 }
 func (d *Datastore) watchChanges() error {
 	stopCh := make(chan struct{})
 	kvCh, err := d.kv.Watch(d.lockKey, stopCh)
 	if err != nil {
 		return err
 	}
 	go func() {
 		ctx, cancel := context.WithCancel(d.ctx)
 		operation := func() error {
 			for {
 				select {
 				case <-ctx.Done():
 					stopCh <- struct{}{}
 					return nil
 				case _, ok := <-kvCh:
 					if !ok {
 						cancel()
 						return err
 					}
 					err = d.reload()
 					if err != nil {
 						return err
 					}
 					// log.Debugf("Datastore object change received: %+v", d.meta)
 					if d.listener != nil {
 						err := d.listener(d.meta.object)
 						if err != nil {
 							log.Errorf("Error calling datastore listener: %s", err)
 						}
 					}
 				}
 			}
 		}
 		notify := func(err error, time time.Duration) {
 			log.Errorf("Error in watch datastore: %+v, retrying in %s", err, time)
 		}
 		err := backoff.RetryNotify(safe.OperationWithRecover(operation), job.NewBackOff(backoff.NewExponentialBackOff()), notify)
 		if err != nil {
 			log.Errorf("Error in watch datastore: %v", err)
 		}
 	}()
 	return nil
 }
 func (d *Datastore) reload() error {
 	log.Debugf("Datastore reload")
 	d.localLock.Lock()
 	err := d.kv.LoadConfig(d.meta)
 	if err != nil {
 		d.localLock.Unlock()
 		return err
 	}
 	err = d.meta.unmarshall()
 	if err != nil {
 		d.localLock.Unlock()
 		return err
 	}
 	d.localLock.Unlock()
 	return nil
 }
 // Begin creates a transaction with the KV store.
 func (d *Datastore) Begin() (Transaction, Object, error) {
 	id := uuid.NewV4().String()
 	log.Debugf("Transaction %s begins", id)
 	remoteLock, err := d.kv.NewLock(d.lockKey, &store.LockOptions{TTL: 20 * time.Second, Value: []byte(id)})
 	if err != nil {
 		return nil, nil, err
 	}
 	stopCh := make(chan struct{})
 	ctx, cancel := context.WithCancel(d.ctx)
 	var errLock error
 	go func() {
 		_, errLock = remoteLock.Lock(stopCh)
 		cancel()
 	}()
 	select {
 	case <-ctx.Done():
 		if errLock != nil {
 			return nil, nil, errLock
 		}
 	case <-d.ctx.Done():
 		stopCh <- struct{}{}
 		return nil, nil, d.ctx.Err()
 	}
 	// we got the lock! Now make sure we are synced with KV store
 	operation := func() error {
 		meta := d.get()
 		if meta.Lock != id {
 			return fmt.Errorf("Object lock value: expected %s, got %s", id, meta.Lock)
 		}
 		return nil
 	}
 	notify := func(err error, time time.Duration) {
 		log.Errorf("Datastore sync error: %v, retrying in %s", err, time)
 		err = d.reload()
 		if err != nil {
 			log.Errorf("Error reloading: %+v", err)
 		}
 	}
 	ebo := backoff.NewExponentialBackOff()
 	ebo.MaxElapsedTime = 60 * time.Second
 	err = backoff.RetryNotify(safe.OperationWithRecover(operation), ebo, notify)
 	if err != nil {
 		return nil, nil, fmt.Errorf("Datastore cannot sync: %v", err)
 	}
 	// we synced with KV store, we can now return Setter
 	return &datastoreTransaction{
 		Datastore:  d,
 		remoteLock: remoteLock,
 		id:         id,
 	}, d.meta.object, nil
 }
 func (d *Datastore) get() *Metadata {
 	d.localLock.RLock()
 	defer d.localLock.RUnlock()
 	return d.meta
 }
 // Load load atomically a struct from the KV store
 func (d *Datastore) Load() (Object, error) {
 	d.localLock.Lock()
 	defer d.localLock.Unlock()
 	err := d.kv.LoadConfig(d.meta)
 	if err != nil {
 		return nil, err
 	}
 	err = d.meta.unmarshall()
 	if err != nil {
 		return nil, err
 	}
 	return d.meta.object, nil
 }
 // Get atomically a struct from the KV store
 func (d *Datastore) Get() Object {
 	d.localLock.RLock()
 	defer d.localLock.RUnlock()
 	return d.meta.object
 }
 var _ Transaction = (*datastoreTransaction)(nil)
 type datastoreTransaction struct {
 	*Datastore
 	remoteLock store.Locker
 	dirty      bool
 	id         string
 }
 // Commit allows to set an object in the KV store
 func (s *datastoreTransaction) Commit(object Object) error {
 	s.localLock.Lock()
 	defer s.localLock.Unlock()
 	if s.dirty {
 		return fmt.Errorf("Transaction already used, please begin a new one")
 	}
 	s.Datastore.meta.object = object
 	err := s.Datastore.meta.Marshall()
 	if err != nil {
 		return fmt.Errorf("Marshall error: %s", err)
 	}
 	err = s.kv.StoreConfig(s.Datastore.meta)
 	if err != nil {
 		return fmt.Errorf("StoreConfig error: %s", err)
 	}
 	err = s.remoteLock.Unlock()
 	if err != nil {
 		return fmt.Errorf("Unlock error: %s", err)
 	}
 	s.dirty = true
 	log.Debugf("Transaction committed %s", s.id)
 	return nil
 }
--- a/cluster/leadership.go
+++ b/cluster/leadership.go
@@ -1,104 +0,0 @@
 package cluster
 import (
 	"context"
 	"time"
 	"github.com/cenk/backoff"
 	"github.com/containous/traefik/log"
 	"github.com/containous/traefik/safe"
 	"github.com/containous/traefik/types"
 	"github.com/docker/leadership"
 )
 // Leadership allows leadership election using a KV store
 type Leadership struct {
 	*safe.Pool
 	*types.Cluster
 	candidate *leadership.Candidate
 	leader    *safe.Safe
 	listeners []LeaderListener
 }
 // NewLeadership creates a leadership
 func NewLeadership(ctx context.Context, cluster *types.Cluster) *Leadership {
 	return &Leadership{
 		Pool:      safe.NewPool(ctx),
 		Cluster:   cluster,
 		candidate: leadership.NewCandidate(cluster.Store, cluster.Store.Prefix+"/leader", cluster.Node, 20*time.Second),
 		listeners: []LeaderListener{},
 		leader:    safe.New(false),
 	}
 }
 // LeaderListener is called when leadership has changed
 type LeaderListener func(elected bool) error
 // Participate tries to be a leader
 func (l *Leadership) Participate(pool *safe.Pool) {
 	pool.GoCtx(func(ctx context.Context) {
 		log.Debugf("Node %s running for election", l.Cluster.Node)
 		defer log.Debugf("Node %s no more running for election", l.Cluster.Node)
 		backOff := backoff.NewExponentialBackOff()
 		operation := func() error {
 			return l.run(ctx, l.candidate)
 		}
 		notify := func(err error, time time.Duration) {
 			log.Errorf("Leadership election error %+v, retrying in %s", err, time)
 		}
 		err := backoff.RetryNotify(safe.OperationWithRecover(operation), backOff, notify)
 		if err != nil {
 			log.Errorf("Cannot elect leadership %+v", err)
 		}
 	})
 }
 // AddListener adds a leadership listerner
 func (l *Leadership) AddListener(listener LeaderListener) {
 	l.listeners = append(l.listeners, listener)
 }
 // Resign resigns from being a leader
 func (l *Leadership) Resign() {
 	l.candidate.Resign()
 	log.Infof("Node %s resigned", l.Cluster.Node)
 }
 func (l *Leadership) run(ctx context.Context, candidate *leadership.Candidate) error {
 	electedCh, errCh := candidate.RunForElection()
 	for {
 		select {
 		case elected := <-electedCh:
 			l.onElection(elected)
 		case err := <-errCh:
 			return err
 		case <-ctx.Done():
 			l.candidate.Resign()
 			return nil
 		}
 	}
 }
 func (l *Leadership) onElection(elected bool) {
 	if elected {
 		log.Infof("Node %s elected leader ♚", l.Cluster.Node)
 		l.leader.Set(true)
 		l.Start()
 	} else {
 		log.Infof("Node %s elected slave ♝", l.Cluster.Node)
 		l.leader.Set(false)
 		l.Stop()
 	}
 	for _, listener := range l.listeners {
 		err := listener(elected)
 		if err != nil {
 			log.Errorf("Error calling Leadership listener: %s", err)
 		}
 	}
 }
 // IsLeader returns true if current node is leader
 func (l *Leadership) IsLeader() bool {
 	return l.leader.Get().(bool)
 }
--- a/cluster/store.go
+++ b/cluster/store.go
@@ -1,16 +0,0 @@
 package cluster
 // Object is the struct to store
 type Object interface{}
 // Store is a generic interface to represents a storage
 type Store interface {
 	Load() (Object, error)
 	Get() Object
 	Begin() (Transaction, Object, error)
 }
 // Transaction allows to set a struct in the KV store
 type Transaction interface {
 	Commit(object Object) error
 }
--- a/cmd/configuration.go
+++ b/cmd/configuration.go
@@ -0,0 +1,34 @@
 package cmd
 import (
 	"time"
 	"github.com/containous/traefik/v2/pkg/config/static"
 	"github.com/containous/traefik/v2/pkg/types"
 )
 // TraefikCmdConfiguration wraps the static configuration and extra parameters.
 type TraefikCmdConfiguration struct {
 	static.Configuration `export:"true"`
 	// ConfigFile is the path to the configuration file.
 	ConfigFile string `description:"Configuration file to use. If specified all other flags are ignored." export:"true"`
 }
 // NewTraefikConfiguration creates a TraefikCmdConfiguration with default values.
 func NewTraefikConfiguration() *TraefikCmdConfiguration {
 	return &TraefikCmdConfiguration{
 		Configuration: static.Configuration{
 			Global: &static.Global{
 				CheckNewVersion: true,
 			},
 			EntryPoints: make(static.EntryPoints),
 			Providers: &static.Providers{
 				ProvidersThrottleDuration: types.Duration(2 * time.Second),
 			},
 			ServersTransport: &static.ServersTransport{
 				MaxIdleConnsPerHost: 200,
 			},
 		},
 		ConfigFile: "",
 	}
 }
--- a/cmd/context.go
+++ b/cmd/context.go
@@ -0,0 +1,22 @@
 package cmd
 import (
 	"context"
 	"os"
 	"os/signal"
 	"syscall"
 )
 // ContextWithSignal creates a context canceled when SIGINT or SIGTERM are notified
 func ContextWithSignal(ctx context.Context) context.Context {
 	newCtx, cancel := context.WithCancel(ctx)
 	signals := make(chan os.Signal)
 	signal.Notify(signals, syscall.SIGINT, syscall.SIGTERM)
 	go func() {
 		select {
 		case <-signals:
 			cancel()
 		}
 	}()
 	return newCtx
 }
--- a/cmd/healthcheck/healthcheck.go
+++ b/cmd/healthcheck/healthcheck.go
@@ -0,0 +1,74 @@
 package healthcheck
 import (
 	"errors"
 	"fmt"
 	"net/http"
 	"os"
 	"time"
 	"github.com/containous/traefik/v2/pkg/cli"
 	"github.com/containous/traefik/v2/pkg/config/static"
 )
 // NewCmd builds a new HealthCheck command.
 func NewCmd(traefikConfiguration *static.Configuration, loaders []cli.ResourceLoader) *cli.Command {
 	return &cli.Command{
 		Name:          "healthcheck",
 		Description:   `Calls Traefik /ping to check the health of Traefik (the API must be enabled).`,
 		Configuration: traefikConfiguration,
 		Run:           runCmd(traefikConfiguration),
 		Resources:     loaders,
 	}
 }
 func runCmd(traefikConfiguration *static.Configuration) func(_ []string) error {
 	return func(_ []string) error {
 		traefikConfiguration.SetEffectiveConfiguration()
 		resp, errPing := Do(*traefikConfiguration)
 		if resp != nil {
 			resp.Body.Close()
 		}
 		if errPing != nil {
 			fmt.Printf("Error calling healthcheck: %s\n", errPing)
 			os.Exit(1)
 		}
 		if resp.StatusCode != http.StatusOK {
 			fmt.Printf("Bad healthcheck status: %s\n", resp.Status)
 			os.Exit(1)
 		}
 		fmt.Printf("OK: %s\n", resp.Request.URL)
 		os.Exit(0)
 		return nil
 	}
 }
 // Do try to do a healthcheck
 func Do(staticConfiguration static.Configuration) (*http.Response, error) {
 	if staticConfiguration.Ping == nil {
 		return nil, errors.New("please enable `ping` to use health check")
 	}
 	pingEntryPoint, ok := staticConfiguration.EntryPoints["traefik"]
 	if !ok {
 		return nil, errors.New("missing `ping` entrypoint")
 	}
 	client := &http.Client{Timeout: 5 * time.Second}
 	protocol := "http"
 	// FIXME Handle TLS on ping etc...
 	// if pingEntryPoint.TLS != nil {
 	// 	protocol = "https"
 	// 	tr := &http.Transport{
 	// 		TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
 	// 	}
 	// 	client.Transport = tr
 	// }
 	path := "/"
 	return client.Head(protocol + "://" + pingEntryPoint.Address + path + "ping")
 }
--- a/cmd/traefik/bug.go
+++ b/cmd/traefik/bug.go
@@ -1,152 +0,0 @@
 package main
 import (
 	"bytes"
 	"encoding/json"
 	"fmt"
 	"net/url"
 	"os/exec"
 	"regexp"
 	"runtime"
 	"text/template"
 	"github.com/containous/flaeg"
 	"github.com/mvdan/xurls"
 )
 var (
 	bugtracker  = "https://github.com/containous/traefik/issues/new"
 	bugTemplate = `<!--
 PLEASE READ THIS MESSAGE.
 Please keep in mind that the GitHub issue tracker is not intended as a general support forum, but for reporting bugs and feature requests.
 For other type of questions, consider using one of:
 - the Traefik community Slack channel: https://traefik.herokuapp.com
 - StackOverflow: https://stackoverflow.com/questions/tagged/traefik
 HOW TO WRITE A GOOD ISSUE?
 - if it's possible use the command` + "`" + `traefik bug` + "`" + `. See https://www.youtube.com/watch?v=Lyz62L8m93I.
 - The title must be short and descriptive.
 - Explain the conditions which led you to write this issue: the context.
 - The context should lead to something, an idea or a problem that you’re facing.
 - Remain clear and concise.
 - Format your messages to help the reader focus on what matters and understand the structure of your message, use Markdown syntax https://help.github.com/articles/github-flavored-markdown
 -->
 ### Do you want to request a *feature* or report a *bug*?
 ### What did you do?
 ### What did you expect to see?
 ### What did you see instead?
 ### Output of ` + "`" + `traefik version` + "`" + `: (_What version of Traefik are you using?_)
 ` + "```" + `
 {{.Version}}
 ` + "```" + `
 ### What is your environment & configuration (arguments, toml, provider, platform, ...)?
 ` + "```" + `toml
 {{.Configuration}}
 ` + "```" + `
 <!--
 Add more configuration information here.
 -->
 ### If applicable, please paste the log output in debug mode (` + "`" + `--debug` + "`" + ` switch)
 ` + "```" + `
 (paste your output here)
 ` + "```" + `
 `
 )
 // newBugCmd builds a new Bug command
 func newBugCmd(traefikConfiguration interface{}, traefikPointersConfiguration interface{}) *flaeg.Command {
 	//version Command init
 	return &flaeg.Command{
 		Name:                  "bug",
 		Description:           `Report an issue on Traefik bugtracker`,
 		Config:                traefikConfiguration,
 		DefaultPointersConfig: traefikPointersConfiguration,
 		Run: func() error {
 			var version bytes.Buffer
 			if err := getVersionPrint(&version); err != nil {
 				return err
 			}
 			tmpl, err := template.New("").Parse(bugTemplate)
 			if err != nil {
 				return err
 			}
 			configJSON, err := json.MarshalIndent(traefikConfiguration, "", " ")
 			if err != nil {
 				return err
 			}
 			v := struct {
 				Version       string
 				Configuration string
 			}{
 				Version:       version.String(),
 				Configuration: anonymize(string(configJSON)),
 			}
 			var bug bytes.Buffer
 			if err := tmpl.Execute(&bug, v); err != nil {
 				return err
 			}
 			body := bug.String()
 			URL := bugtracker + "?body=" + url.QueryEscape(body)
 			if err := openBrowser(URL); err != nil {
 				fmt.Print("Please file a new issue at " + bugtracker + " using this template:\n\n")
 				fmt.Print(body)
 			}
 			return nil
 		},
 		Metadata: map[string]string{
 			"parseAllSources": "true",
 		},
 	}
 }
 func openBrowser(URL string) error {
 	var err error
 	switch runtime.GOOS {
 	case "linux":
 		err = exec.Command("xdg-open", URL).Start()
 	case "windows":
 		err = exec.Command("rundll32", "url.dll,FileProtocolHandler", URL).Start()
 	case "darwin":
 		err = exec.Command("open", URL).Start()
 	default:
 		err = fmt.Errorf("unsupported platform")
 	}
 	return err
 }
 func anonymize(input string) string {
 	replace := "xxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
 	mailExp := regexp.MustCompile(`\w[-._\w]*\w@\w[-._\w]*\w\.\w{2,3}"`)
 	return xurls.Relaxed.ReplaceAllString(mailExp.ReplaceAllString(input, replace), replace)
 }
--- a/cmd/traefik/traefik.go
+++ b/cmd/traefik/traefik.go
@@ -1,313 +1,315 @@
 package main
 import (
-	"crypto/tls"
+	"context"
 	"encoding/json"
 	"fmt"
-	fmtlog "log"
+	stdlog "log"
 	"net/http"
 	"os"
 	"path/filepath"
 	"reflect"
 	"runtime"
 	"strings"
 	"time"
-	"github.com/Sirupsen/logrus"
+	"github.com/containous/traefik/v2/autogen/genstatic"
-	"github.com/containous/flaeg"
+	"github.com/containous/traefik/v2/cmd"
-	"github.com/containous/staert"
+	"github.com/containous/traefik/v2/cmd/healthcheck"
-	"github.com/containous/traefik/acme"
+	cmdVersion "github.com/containous/traefik/v2/cmd/version"
-	"github.com/containous/traefik/cluster"
+	"github.com/containous/traefik/v2/pkg/cli"
-	"github.com/containous/traefik/log"
+	"github.com/containous/traefik/v2/pkg/collector"
-	"github.com/containous/traefik/middlewares"
+	"github.com/containous/traefik/v2/pkg/config/dynamic"
-	"github.com/containous/traefik/provider/kubernetes"
+	"github.com/containous/traefik/v2/pkg/config/static"
-	"github.com/containous/traefik/safe"
+	"github.com/containous/traefik/v2/pkg/log"
-	"github.com/containous/traefik/server"
+	"github.com/containous/traefik/v2/pkg/provider/acme"
-	"github.com/containous/traefik/types"
+	"github.com/containous/traefik/v2/pkg/provider/aggregator"
-	"github.com/containous/traefik/version"
+	"github.com/containous/traefik/v2/pkg/safe"
 	"github.com/containous/traefik/v2/pkg/server"
 	"github.com/containous/traefik/v2/pkg/server/router"
 	traefiktls "github.com/containous/traefik/v2/pkg/tls"
 	"github.com/containous/traefik/v2/pkg/version"
 	"github.com/coreos/go-systemd/daemon"
-	"github.com/docker/libkv/store"
+	assetfs "github.com/elazarl/go-bindata-assetfs"
-	"github.com/satori/go.uuid"
+	"github.com/sirupsen/logrus"
 	"github.com/vulcand/oxy/roundrobin"
 )
 func main() {
-	runtime.GOMAXPROCS(runtime.NumCPU())
+	// traefik config inits
 	tConfig := cmd.NewTraefikConfiguration()
-	//traefik config inits
+	loaders := []cli.ResourceLoader{&cli.FileLoader{}, &cli.FlagLoader{}, &cli.EnvLoader{}}
-	traefikConfiguration := server.NewTraefikConfiguration()
+
-	traefikPointersConfiguration := server.NewTraefikDefaultPointersConfiguration()
+	cmdTraefik := &cli.Command{
 	//traefik Command init
 	traefikCmd := &flaeg.Command{
 		Name: "traefik",
-		Description: `traefik is a modern HTTP reverse proxy and load balancer made to deploy microservices with ease.
+		Description: `Traefik is a modern HTTP reverse proxy and load balancer made to deploy microservices with ease.
 Complete documentation is available at https://traefik.io`,
-		Config:                traefikConfiguration,
+		Configuration: tConfig,
-		DefaultPointersConfig: traefikPointersConfiguration,
+		Resources:     loaders,
-		Run: func() error {
+		Run: func(_ []string) error {
-			run(traefikConfiguration)
+			return runCmd(&tConfig.Configuration)
 			return nil
 		},
 	}
-	//storeconfig Command init
+	err := cmdTraefik.AddCommand(healthcheck.NewCmd(&tConfig.Configuration, loaders))
 	var kv *staert.KvSource
 	var err error
 	storeconfigCmd := &flaeg.Command{
 		Name:                  "storeconfig",
 		Description:           `Store the static traefik configuration into a Key-value stores. Traefik will not start.`,
 		Config:                traefikConfiguration,
 		DefaultPointersConfig: traefikPointersConfiguration,
 		Run: func() error {
 			if kv == nil {
 				return fmt.Errorf("Error using command storeconfig, no Key-value store defined")
 			}
 			jsonConf, err := json.Marshal(traefikConfiguration.GlobalConfiguration)
 			if err != nil {
 				return err
 			}
 			fmtlog.Printf("Storing configuration: %s\n", jsonConf)
 			err = kv.StoreConfig(traefikConfiguration.GlobalConfiguration)
 			if err != nil {
 				return err
 			}
 			if traefikConfiguration.GlobalConfiguration.ACME != nil && len(traefikConfiguration.GlobalConfiguration.ACME.StorageFile) > 0 {
 				// convert ACME json file to KV store
 				store := acme.NewLocalStore(traefikConfiguration.GlobalConfiguration.ACME.StorageFile)
 				object, err := store.Load()
 				if err != nil {
 					return err
 				}
 				meta := cluster.NewMetadata(object)
 				err = meta.Marshall()
 				if err != nil {
 					return err
 				}
 				source := staert.KvSource{
 					Store:  kv,
 					Prefix: traefikConfiguration.GlobalConfiguration.ACME.Storage,
 				}
 				err = source.StoreConfig(meta)
 				if err != nil {
 					return err
 				}
 			}
 			return nil
 		},
 		Metadata: map[string]string{
 			"parseAllSources": "true",
 		},
 	}
 	//init flaeg source
 	f := flaeg.New(traefikCmd, os.Args[1:])
 	//add custom parsers
 	f.AddParser(reflect.TypeOf(server.EntryPoints{}), &server.EntryPoints{})
 	f.AddParser(reflect.TypeOf(server.DefaultEntryPoints{}), &server.DefaultEntryPoints{})
 	f.AddParser(reflect.TypeOf(types.Constraints{}), &types.Constraints{})
 	f.AddParser(reflect.TypeOf(kubernetes.Namespaces{}), &kubernetes.Namespaces{})
 	f.AddParser(reflect.TypeOf([]acme.Domain{}), &acme.Domains{})
 	f.AddParser(reflect.TypeOf(types.Buckets{}), &types.Buckets{})
 	//add commands
 	f.AddCommand(newVersionCmd())
 	f.AddCommand(newBugCmd(traefikConfiguration, traefikPointersConfiguration))
 	f.AddCommand(storeconfigCmd)
 	usedCmd, err := f.GetCommand()
 	if err != nil {
-		fmtlog.Println(err)
+		stdlog.Println(err)
-		os.Exit(-1)
+		os.Exit(1)
 	}
-	if _, err := f.Parse(usedCmd); err != nil {
+	err = cmdTraefik.AddCommand(cmdVersion.NewCmd())
 		fmtlog.Printf("Error parsing command: %s\n", err)
 		os.Exit(-1)
 	}
 	//staert init
 	s := staert.NewStaert(traefikCmd)
 	//init toml source
 	toml := staert.NewTomlSource("traefik", []string{traefikConfiguration.ConfigFile, "/etc/traefik/", "$HOME/.traefik/", "."})
 	//add sources to staert
 	s.AddSource(toml)
 	s.AddSource(f)
 	if _, err := s.LoadConfig(); err != nil {
 		fmtlog.Println(fmt.Errorf("Error reading TOML config file %s : %s", toml.ConfigFileUsed(), err))
 		os.Exit(-1)
 	}
 	traefikConfiguration.ConfigFile = toml.ConfigFileUsed()
 	kv, err = CreateKvSource(traefikConfiguration)
 	if err != nil {
-		fmtlog.Printf("Error creating kv store: %s\n", err)
+		stdlog.Println(err)
-		os.Exit(-1)
+		os.Exit(1)
 	}
-	// IF a KV Store is enable and no sub-command called in args
+	err = cli.Execute(cmdTraefik)
-	if kv != nil && usedCmd == traefikCmd {
+	if err != nil {
-		if traefikConfiguration.Cluster == nil {
+		stdlog.Println(err)
-			traefikConfiguration.Cluster = &types.Cluster{Node: uuid.NewV4().String()}
+		os.Exit(1)
 		}
 		if traefikConfiguration.Cluster.Store == nil {
 			traefikConfiguration.Cluster.Store = &types.Store{Prefix: kv.Prefix, Store: kv.Store}
 		}
 		s.AddSource(kv)
 		if _, err := s.LoadConfig(); err != nil {
 			fmtlog.Printf("Error loading configuration: %s\n", err)
 			os.Exit(-1)
 		}
 	}
 	if err := s.Run(); err != nil {
 		fmtlog.Printf("Error running traefik: %s\n", err)
 		os.Exit(-1)
 	}
 	os.Exit(0)
 }
-func run(traefikConfiguration *server.TraefikConfiguration) {
+func runCmd(staticConfiguration *static.Configuration) error {
-	fmtlog.SetFlags(fmtlog.Lshortfile | fmtlog.LstdFlags)
+	configureLogging(staticConfiguration)
-	// load global configuration
+	http.DefaultTransport.(*http.Transport).Proxy = http.ProxyFromEnvironment
 	globalConfiguration := traefikConfiguration.GlobalConfiguration
-	http.DefaultTransport.(*http.Transport).MaxIdleConnsPerHost = globalConfiguration.MaxIdleConnsPerHost
+	if err := roundrobin.SetDefaultWeight(0); err != nil {
-	if globalConfiguration.InsecureSkipVerify {
+		log.WithoutContext().Errorf("Could not set roundrobin default weight: %v", err)
 		http.DefaultTransport.(*http.Transport).TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
 	}
 	loggerMiddleware := middlewares.NewLogger(globalConfiguration.AccessLogsFile)
 	defer loggerMiddleware.Close()
 	if globalConfiguration.File != nil && len(globalConfiguration.File.Filename) == 0 {
 		// no filename, setting to global config file
 		if len(traefikConfiguration.ConfigFile) != 0 {
 			globalConfiguration.File.Filename = traefikConfiguration.ConfigFile
 		} else {
 			log.Errorln("Error using file configuration backend, no filename defined")
 		}
 	}
-	if len(globalConfiguration.EntryPoints) == 0 {
+	staticConfiguration.SetEffectiveConfiguration()
-		globalConfiguration.EntryPoints = map[string]*server.EntryPoint{"http": {Address: ":80"}}
+	if err := staticConfiguration.ValidateConfiguration(); err != nil {
-		globalConfiguration.DefaultEntryPoints = []string{"http"}
+		return err
 	}
-	if globalConfiguration.Debug {
+	log.WithoutContext().Infof("Traefik version %s built on %s", version.Version, version.BuildDate)
 		globalConfiguration.LogLevel = "DEBUG"
 	}
-	// logging
+	jsonConf, err := json.Marshal(staticConfiguration)
 	level, err := logrus.ParseLevel(strings.ToLower(globalConfiguration.LogLevel))
 	if err != nil {
-		log.Error("Error getting level", err)
+		log.WithoutContext().Errorf("Could not marshal static configuration: %v", err)
-	}
+		log.WithoutContext().Debugf("Static configuration loaded [struct] %#v", staticConfiguration)
 	log.SetLevel(level)
 	if len(globalConfiguration.TraefikLogsFile) > 0 {
 		dir := filepath.Dir(globalConfiguration.TraefikLogsFile)
 		err := os.MkdirAll(dir, 0755)
 		if err != nil {
 			log.Errorf("Failed to create log path %s: %s", dir, err)
 		}
 		fi, err := os.OpenFile(globalConfiguration.TraefikLogsFile, os.O_RDWR|os.O_CREATE|os.O_APPEND, 0666)
 		defer func() {
 			if err := fi.Close(); err != nil {
 				log.Error("Error closing file", err)
 			}
 		}()
 		if err != nil {
 			log.Error("Error opening file", err)
 		} else {
 			log.SetOutput(fi)
 			log.SetFormatter(&logrus.TextFormatter{DisableColors: true, FullTimestamp: true, DisableSorting: true})
 		}
 	} else {
-		log.SetFormatter(&logrus.TextFormatter{FullTimestamp: true, DisableSorting: true})
+		log.WithoutContext().Debugf("Static configuration loaded %s", string(jsonConf))
 	}
 	jsonConf, _ := json.Marshal(globalConfiguration)
 	log.Infof("Traefik version %s built on %s", version.Version, version.BuildDate)
-	if globalConfiguration.CheckNewVersion {
+	if staticConfiguration.API != nil && staticConfiguration.API.Dashboard {
-		ticker := time.NewTicker(24 * time.Hour)
+		staticConfiguration.API.DashboardAssets = &assetfs.AssetFS{Asset: genstatic.Asset, AssetInfo: genstatic.AssetInfo, AssetDir: genstatic.AssetDir, Prefix: "static"}
-		safe.Go(func() {
+	}
-			version.CheckNewVersion()
+
-			for {
+	if staticConfiguration.Global.CheckNewVersion {
-				select {
+		checkNewVersion()
-				case <-ticker.C:
+	}
-					version.CheckNewVersion()
+
-				}
+	stats(staticConfiguration)
 	providerAggregator := aggregator.NewProviderAggregator(*staticConfiguration.Providers)
 	tlsManager := traefiktls.NewManager()
 	acmeProviders := initACMEProvider(staticConfiguration, &providerAggregator, tlsManager)
 	serverEntryPointsTCP := make(server.TCPEntryPoints)
 	for entryPointName, config := range staticConfiguration.EntryPoints {
 		ctx := log.With(context.Background(), log.Str(log.EntryPointName, entryPointName))
 		serverEntryPointsTCP[entryPointName], err = server.NewTCPEntryPoint(ctx, config)
 		if err != nil {
 			return fmt.Errorf("error while building entryPoint %s: %v", entryPointName, err)
 		}
 		serverEntryPointsTCP[entryPointName].RouteAppenderFactory = router.NewRouteAppenderFactory(*staticConfiguration, entryPointName, acmeProviders)
 	}
 	svr := server.NewServer(*staticConfiguration, providerAggregator, serverEntryPointsTCP, tlsManager)
 	resolverNames := map[string]struct{}{}
 	for _, p := range acmeProviders {
 		resolverNames[p.ResolverName] = struct{}{}
 		svr.AddListener(p.ListenConfiguration)
 	}
 	svr.AddListener(func(config dynamic.Configuration) {
 		for rtName, rt := range config.HTTP.Routers {
 			if rt.TLS == nil || rt.TLS.CertResolver == "" {
 				continue
 			}
-		})
+
 			if _, ok := resolverNames[rt.TLS.CertResolver]; !ok {
 				log.WithoutContext().Errorf("the router %s uses a non-existent resolver: %s", rtName, rt.TLS.CertResolver)
 			}
 		}
 	})
 	ctx := cmd.ContextWithSignal(context.Background())
 	if staticConfiguration.Ping != nil {
 		staticConfiguration.Ping.WithContext(ctx)
 	}
-	if len(traefikConfiguration.ConfigFile) != 0 {
+	svr.Start(ctx)
 		log.Infof("Using TOML configuration file %s", traefikConfiguration.ConfigFile)
 	}
 	log.Debugf("Global configuration loaded %s", string(jsonConf))
 	svr := server.NewServer(globalConfiguration)
 	svr.Start()
 	defer svr.Close()
 	sent, err := daemon.SdNotify(false, "READY=1")
 	if !sent && err != nil {
-		log.Error("Fail to notify", err)
+		log.WithoutContext().Errorf("Failed to notify: %v", err)
 	}
 	t, err := daemon.SdWatchdogEnabled(false)
 	if err != nil {
-		log.Error("Problem with watchdog", err)
+		log.WithoutContext().Errorf("Could not enable Watchdog: %v", err)
 	} else if t != 0 {
 		// Send a ping each half time given
-		t = t / 2
+		t /= 2
-		log.Info("Watchdog activated with timer each ", t)
+		log.WithoutContext().Infof("Watchdog activated with timer duration %s", t)
 		safe.Go(func() {
 			tick := time.Tick(t)
 			for range tick {
-				if ok, _ := daemon.SdNotify(false, "WATCHDOG=1"); !ok {
+				resp, errHealthCheck := healthcheck.Do(*staticConfiguration)
-					log.Error("Fail to tick watchdog")
+				if resp != nil {
 					resp.Body.Close()
 				}
 				if staticConfiguration.Ping == nil || errHealthCheck == nil {
 					if ok, _ := daemon.SdNotify(false, "WATCHDOG=1"); !ok {
 						log.WithoutContext().Error("Fail to tick watchdog")
 					}
 				} else {
 					log.WithoutContext().Error(errHealthCheck)
 				}
 			}
 		})
 	}
 	svr.Wait()
-	log.Info("Shutting down")
+	log.WithoutContext().Info("Shutting down")
 	logrus.Exit(0)
 	return nil
 }
-// CreateKvSource creates KvSource
+// initACMEProvider creates an acme provider from the ACME part of globalConfiguration
-// TLS support is enable for Consul and Etcd backends
+func initACMEProvider(c *static.Configuration, providerAggregator *aggregator.ProviderAggregator, tlsManager *traefiktls.Manager) []*acme.Provider {
-func CreateKvSource(traefikConfiguration *server.TraefikConfiguration) (*staert.KvSource, error) {
+	challengeStore := acme.NewLocalChallengeStore()
-	var kv *staert.KvSource
+	localStores := map[string]*acme.LocalStore{}
 	var store store.Store
 	var err error
-	switch {
+	var resolvers []*acme.Provider
-	case traefikConfiguration.Consul != nil:
+	for name, resolver := range c.CertificatesResolvers {
-		store, err = traefikConfiguration.Consul.CreateStore()
+		if resolver.ACME != nil {
-		kv = &staert.KvSource{
+			if localStores[resolver.ACME.Storage] == nil {
-			Store:  store,
+				localStores[resolver.ACME.Storage] = acme.NewLocalStore(resolver.ACME.Storage)
-			Prefix: traefikConfiguration.Consul.Prefix,
+			}
-		}
+
-	case traefikConfiguration.Etcd != nil:
+			p := &acme.Provider{
-		store, err = traefikConfiguration.Etcd.CreateStore()
+				Configuration:  resolver.ACME,
-		kv = &staert.KvSource{
+				Store:          localStores[resolver.ACME.Storage],
-			Store:  store,
+				ChallengeStore: challengeStore,
-			Prefix: traefikConfiguration.Etcd.Prefix,
+				ResolverName:   name,
-		}
+			}
-	case traefikConfiguration.Zookeeper != nil:
+
-		store, err = traefikConfiguration.Zookeeper.CreateStore()
+			if err := providerAggregator.AddProvider(p); err != nil {
-		kv = &staert.KvSource{
+				log.WithoutContext().Errorf("Unable to add ACME provider to the providers list: %v", err)
-			Store:  store,
+				continue
-			Prefix: traefikConfiguration.Zookeeper.Prefix,
+			}
-		}
+			p.SetTLSManager(tlsManager)
-	case traefikConfiguration.Boltdb != nil:
+			if p.TLSChallenge != nil {
-		store, err = traefikConfiguration.Boltdb.CreateStore()
+				tlsManager.TLSAlpnGetter = p.GetTLSALPNCertificate
-		kv = &staert.KvSource{
+			}
-			Store:  store,
+			p.SetConfigListenerChan(make(chan dynamic.Configuration))
-			Prefix: traefikConfiguration.Boltdb.Prefix,
+			resolvers = append(resolvers, p)
 		}
 	}
-	return kv, err
+	return resolvers
 }
 func configureLogging(staticConfiguration *static.Configuration) {
 	// configure default log flags
 	stdlog.SetFlags(stdlog.Lshortfile | stdlog.LstdFlags)
 	// configure log level
 	// an explicitly defined log level always has precedence. if none is
 	// given and debug mode is disabled, the default is ERROR, and DEBUG
 	// otherwise.
 	levelStr := "error"
 	if staticConfiguration.Log != nil && staticConfiguration.Log.Level != "" {
 		levelStr = strings.ToLower(staticConfiguration.Log.Level)
 	}
 	level, err := logrus.ParseLevel(levelStr)
 	if err != nil {
 		log.WithoutContext().Errorf("Error getting level: %v", err)
 	}
 	log.SetLevel(level)
 	var logFile string
 	if staticConfiguration.Log != nil && len(staticConfiguration.Log.FilePath) > 0 {
 		logFile = staticConfiguration.Log.FilePath
 	}
 	// configure log format
 	var formatter logrus.Formatter
 	if staticConfiguration.Log != nil && staticConfiguration.Log.Format == "json" {
 		formatter = &logrus.JSONFormatter{}
 	} else {
 		disableColors := len(logFile) > 0
 		formatter = &logrus.TextFormatter{DisableColors: disableColors, FullTimestamp: true, DisableSorting: true}
 	}
 	log.SetFormatter(formatter)
 	if len(logFile) > 0 {
 		dir := filepath.Dir(logFile)
 		if err := os.MkdirAll(dir, 0755); err != nil {
 			log.WithoutContext().Errorf("Failed to create log path %s: %s", dir, err)
 		}
 		err = log.OpenFile(logFile)
 		logrus.RegisterExitHandler(func() {
 			if err := log.CloseFile(); err != nil {
 				log.WithoutContext().Errorf("Error while closing log: %v", err)
 			}
 		})
 		if err != nil {
 			log.WithoutContext().Errorf("Error while opening log file %s: %v", logFile, err)
 		}
 	}
 }
 func checkNewVersion() {
 	ticker := time.Tick(24 * time.Hour)
 	safe.Go(func() {
 		for time.Sleep(10 * time.Minute); ; <-ticker {
 			version.CheckNewVersion()
 		}
 	})
 }
 func stats(staticConfiguration *static.Configuration) {
 	logger := log.WithoutContext()
 	if staticConfiguration.Global.SendAnonymousUsage {
 		logger.Info(`Stats collection is enabled.`)
 		logger.Info(`Many thanks for contributing to Traefik's improvement by allowing us to receive anonymous information from your configuration.`)
 		logger.Info(`Help us improve Traefik by leaving this feature on :)`)
 		logger.Info(`More details on: https://docs.traefik.io/v2.0/contributing/data-collection/`)
 		collect(staticConfiguration)
 	} else {
 		logger.Info(`
 Stats collection is disabled.
 Help us improve Traefik by turning this feature on :)
 More details on: https://docs.traefik.io/v2.0/contributing/data-collection/
 `)
 	}
 }
 func collect(staticConfiguration *static.Configuration) {
 	ticker := time.Tick(24 * time.Hour)
 	safe.Go(func() {
 		for time.Sleep(10 * time.Minute); ; <-ticker {
 			if err := collector.Collect(staticConfiguration); err != nil {
 				log.WithoutContext().Debug(err)
 			}
 		}
 	})
 }
--- a/cmd/traefik/version.go
+++ b/cmd/traefik/version.go
@@ -1,63 +0,0 @@
 package main
 import (
 	"fmt"
 	"io"
 	"os"
 	"runtime"
 	"text/template"
 	"github.com/containous/flaeg"
 	"github.com/containous/traefik/version"
 )
 var versionTemplate = `Version:      {{.Version}}
 Codename:     {{.Codename}}
 Go version:   {{.GoVersion}}
 Built:        {{.BuildTime}}
 OS/Arch:      {{.Os}}/{{.Arch}}`
 // newVersionCmd builds a new Version command
 func newVersionCmd() *flaeg.Command {
 	//version Command init
 	return &flaeg.Command{
 		Name:                  "version",
 		Description:           `Print version`,
 		Config:                struct{}{},
 		DefaultPointersConfig: struct{}{},
 		Run: func() error {
 			if err := getVersionPrint(os.Stdout); err != nil {
 				return err
 			}
 			fmt.Printf("\n")
 			return nil
 		},
 	}
 }
 func getVersionPrint(wr io.Writer) error {
 	tmpl, err := template.New("").Parse(versionTemplate)
 	if err != nil {
 		return err
 	}
 	v := struct {
 		Version   string
 		Codename  string
 		GoVersion string
 		BuildTime string
 		Os        string
 		Arch      string
 	}{
 		Version:   version.Version,
 		Codename:  version.Codename,
 		GoVersion: runtime.Version(),
 		BuildTime: version.BuildDate,
 		Os:        runtime.GOOS,
 		Arch:      runtime.GOARCH,
 	}
 	return tmpl.Execute(wr, v)
 }
--- a/cmd/version/version.go
+++ b/cmd/version/version.go
@@ -0,0 +1,60 @@
 package version
 import (
 	"fmt"
 	"io"
 	"os"
 	"runtime"
 	"text/template"
 	"github.com/containous/traefik/v2/pkg/cli"
 	"github.com/containous/traefik/v2/pkg/version"
 )
 var versionTemplate = `Version:      {{.Version}}
 Codename:     {{.Codename}}
 Go version:   {{.GoVersion}}
 Built:        {{.BuildTime}}
 OS/Arch:      {{.Os}}/{{.Arch}}`
 // NewCmd builds a new Version command
 func NewCmd() *cli.Command {
 	return &cli.Command{
 		Name:          "version",
 		Description:   `Shows the current Traefik version.`,
 		Configuration: nil,
 		Run: func(_ []string) error {
 			if err := GetPrint(os.Stdout); err != nil {
 				return err
 			}
 			fmt.Print("\n")
 			return nil
 		},
 	}
 }
 // GetPrint write Printable version
 func GetPrint(wr io.Writer) error {
 	tmpl, err := template.New("").Parse(versionTemplate)
 	if err != nil {
 		return err
 	}
 	v := struct {
 		Version   string
 		Codename  string
 		GoVersion string
 		BuildTime string
 		Os        string
 		Arch      string
 	}{
 		Version:   version.Version,
 		Codename:  version.Codename,
 		GoVersion: runtime.Version(),
 		BuildTime: version.BuildDate,
 		Os:        runtime.GOOS,
 		Arch:      runtime.GOARCH,
 	}
 	return tmpl.Execute(wr, v)
 }
--- a/contrib/grafana/traefik-kubernetes.json
+++ b/contrib/grafana/traefik-kubernetes.json
--- a/contrib/grafana/traefik.json
+++ b/contrib/grafana/traefik.json
--- a/contrib/systemd/traefik.service
+++ b/contrib/systemd/traefik.service
@@ -1,11 +1,41 @@
 [Unit]
 Description=Traefik
 Documentation=https://docs.traefik.io
 #After=network-online.target
 #AssertFileIsExecutable=/usr/bin/traefik
 #AssertPathExists=/etc/traefik/traefik.toml
 [Service]
 # Run traefik as its own user (create new user with: useradd -r -s /bin/false -U -M traefik)
 #User=traefik
 #AmbientCapabilities=CAP_NET_BIND_SERVICE
 # configure service behavior
 Type=notify
-ExecStart=/usr/bin/traefik --configFile=/etc/traefik.toml
+#ExecStart=/usr/bin/traefik --configFile=/etc/traefik/traefik.toml
 Restart=always
 WatchdogSec=1s
 # lock down system access
 # prohibit any operating system and configuration modification
 #ProtectSystem=strict
 # create separate, new (and empty) /tmp and /var/tmp filesystems
 #PrivateTmp=true
 # make /home directories inaccessible
 #ProtectHome=true
 # turns off access to physical devices (/dev/...)
 #PrivateDevices=true
 # make kernel settings (procfs and sysfs) read-only
 #ProtectKernelTunables=true
 # make cgroups /sys/fs/cgroup read-only
 #ProtectControlGroups=true
 # allow writing of acme.json
 #ReadWritePaths=/etc/traefik/acme.json
 # depending on log and entrypoint configuration, you may need to allow writing to other paths, too
 # limit number of processes in this unit
 #LimitNPROC=1
 [Install]
 WantedBy=multi-user.target
--- a/docs/.dockerignore
+++ b/docs/.dockerignore
@@ -0,0 +1 @@
 site/
--- a/docs/.markdownlint.json
+++ b/docs/.markdownlint.json
@@ -0,0 +1,11 @@
 {
    "no-hard-tabs": false,
    "MD007": { "indent": 4 },
    "MD009": false,
    "MD013": false,
    "MD024": false,
    "MD026": false,
    "MD033": false,
    "MD034": false,
    "MD036": false
 }
--- a/docs/Makefile
+++ b/docs/Makefile
@@ -0,0 +1,52 @@
 #######
 # This Makefile contains all targets related to the documentation
 #######
 DOCS_VERIFY_SKIP ?= false
 DOCS_LINT_SKIP ?= false
 TRAEFIK_DOCS_BUILD_IMAGE ?= traefik-docs
 TRAEFIK_DOCS_CHECK_IMAGE ?= $(TRAEFIK_DOCS_BUILD_IMAGE)-check
 SITE_DIR := $(CURDIR)/site
 DOCKER_RUN_DOC_PORT := 8000
 DOCKER_RUN_DOC_MOUNTS := -v $(CURDIR):/mkdocs 
 DOCKER_RUN_DOC_OPTS := --rm $(DOCKER_RUN_DOC_MOUNTS) -p $(DOCKER_RUN_DOC_PORT):8000
 # Default: generates the documentation into $(SITE_DIR)
 docs: docs-clean docs-image docs-lint docs-build docs-verify
 # Writer Mode: build and serve docs on http://localhost:8000 with livereload
 docs-serve: docs-image
 	docker run  $(DOCKER_RUN_DOC_OPTS) $(TRAEFIK_DOCS_BUILD_IMAGE) mkdocs serve
 # Utilities Targets for each step
 docs-image:
 	docker build -t $(TRAEFIK_DOCS_BUILD_IMAGE) -f docs.Dockerfile ./
 docs-build: docs-image
 	docker run $(DOCKER_RUN_DOC_OPTS) $(TRAEFIK_DOCS_BUILD_IMAGE) sh -c "mkdocs build \
 		&& chown -R $(shell id -u):$(shell id -g) ./site"
 docs-verify: docs-build
 	@if [ "$(DOCS_VERIFY_SKIP)" != "true" ]; then \
 		docker build -t $(TRAEFIK_DOCS_CHECK_IMAGE) -f check.Dockerfile ./; \
 		docker run --rm -v $(CURDIR):/app $(TRAEFIK_DOCS_CHECK_IMAGE) /verify.sh; \
 	else \
 		echo "DOCS_VERIFY_SKIP is true: no verification done."; \
 	fi
 docs-lint:
 	@if [ "$(DOCS_LINT_SKIP)" != "true" ]; then \
 		docker build -t $(TRAEFIK_DOCS_CHECK_IMAGE) -f check.Dockerfile ./ && \
 		docker run --rm -v $(CURDIR):/app $(TRAEFIK_DOCS_CHECK_IMAGE) /lint.sh; \
 	else \
 		echo "DOCS_LINT_SKIP is true: no linting done."; \
 	fi
 docs-clean:
 	rm -rf $(SITE_DIR)
 .PHONY: all docs-verify docs docs-clean docs-build docs-lint
--- a/docs/basics.md
+++ b/docs/basics.md
@@ -1,442 +0,0 @@
 # Concepts
 Let's take our example from the [overview](https://docs.traefik.io/#overview) again:
 > Imagine that you have deployed a bunch of microservices on your infrastructure. You probably used a service registry (like etcd or consul) and/or an orchestrator (swarm, Mesos/Marathon) to manage all these services.
 > If you want your users to access some of your microservices from the Internet, you will have to use a reverse proxy and configure it using virtual hosts or prefix paths:
 > - domain `api.domain.com` will point the microservice `api` in your private network
 > - path `domain.com/web` will point the microservice `web` in your private network
 > - domain `backoffice.domain.com` will point the microservices `backoffice` in your private network, load-balancing between your multiple instances
 > ![Architecture](img/architecture.png)
 Let's zoom on Træfik and have an overview of its internal architecture:
 ![Architecture](img/internal.png)
 - Incoming requests end on [entrypoints](#entrypoints), as the name suggests, they are the network entry points into Træfik (listening port, SSL, traffic redirection...).
 - Traffic is then forwarded to a matching [frontend](#frontends). A frontend defines routes from [entrypoints](#entrypoints) to [backends](#backends).
 Routes are created using requests fields (`Host`, `Path`, `Headers`...) and can match or not a request.
 - The [frontend](#frontends) will then send the request to a [backend](#backends). A backend can be composed by one or more [servers](#servers), and by a load-balancing strategy.
 - Finally, the [server](#servers) will forward the request to the corresponding microservice in the private network.
 ## Entrypoints
 Entrypoints are the network entry points into Træfik.
 They can be defined using:
 - a port (80, 443...)
 - SSL (Certificates, Keys, authentication with a client certificate signed by a trusted CA...)
 - redirection to another entrypoint (redirect `HTTP` to `HTTPS`)
 Here is an example of entrypoints definition:
 ```toml
 [entryPoints]
  [entryPoints.http]
  address = ":80"
    [entryPoints.http.redirect]
    entryPoint = "https"
  [entryPoints.https]
  address = ":443"
    [entryPoints.https.tls]
      [[entryPoints.https.tls.certificates]]
      certFile = "tests/traefik.crt"
      keyFile = "tests/traefik.key"
 ```
 - Two entrypoints are defined `http` and `https`.
 - `http` listens on port `80` and `https` on port `443`.
 - We enable SSL on `https` by giving a certificate and a key.
 - We also redirect all the traffic from entrypoint `http` to `https`.
 And here is another example with client certificate authentication:
 ```toml
 [entryPoints]
  [entryPoints.https]
  address = ":443"
  [entryPoints.https.tls]
  clientCAFiles = ["tests/clientca1.crt", "tests/clientca2.crt"]
    [[entryPoints.https.tls.certificates]]
    certFile = "tests/traefik.crt"
    keyFile = "tests/traefik.key"
 ```
 - We enable SSL on `https` by giving a certificate and a key.
 - One or several files containing Certificate Authorities in PEM format are added.
 - It is possible to have multiple CA:s in the same file or keep them in separate files.
 ## Frontends
 A frontend consists of a set of rules that determine how incoming requests are forwarded from an entrypoint to a backend.
 Rules may be classified in one of two groups: Modifiers and matchers.
 ### Modifiers
 Modifier rules only modify the request. They do not have any impact on routing decisions being made.
 Following is the list of existing modifier rules:
 - `AddPrefix: /products`: Add path prefix to the existing request path prior to forwarding the request to the backend.
 - `ReplacePath: /serverless-path`: Replaces the path and adds the old path to the `X-Replaced-Path` header. Useful for mapping to AWS Lambda or Google Cloud Functions.
 ### Matchers
 Matcher rules determine if a particular request should be forwarded to a backend.
 Separate multiple rule values by `,` (comma) in order to enable ANY semantics (i.e., forward a request if any rule matches). Does not work for `Headers` and `HeadersRegexp`.
 Separate multiple rule values by `;` (semicolon) in order to enable ALL semantics (i.e., forward a request if all rules match).
 You can optionally enable `passHostHeader` to forward client `Host` header to the backend.
 Following is the list of existing matcher rules along with examples:
 - `Headers: Content-Type, application/json`: Match HTTP header. It accepts a comma-separated key/value pair where both key and value must be literals.
 - `HeadersRegexp: Content-Type, application/(text|json)`: Match HTTP header. It accepts a comma-separated key/value pair where the key must be a literal and the value may be a literal or a regular expression.
 - `Host: traefik.io, www.traefik.io`: Match request host. It accepts a sequence of literal hosts.
 - `HostRegexp: traefik.io, {subdomain:[a-z]+}.traefik.io`: Match request host. It accepts a sequence of literal and regular expression hosts.
 - `Method: GET, POST, PUT`: Match request HTTP method. It accepts a sequence of HTTP methods.
 - `Path: /products/, /articles/{category}/{id:[0-9]+}`: Match exact request path. It accepts a sequence of literal and regular expression paths.
 - `PathStrip: /products/`: Match exact path and strip off the path prior to forwarding the request to the backend. It accepts a sequence of literal paths.
 - `PathStripRegex: /articles/{category}/{id:[0-9]+}`: Match exact path and strip off the path prior to forwarding the request to the backend. It accepts a sequence of literal and regular expression paths.
 - `PathPrefix: /products/, /articles/{category}/{id:[0-9]+}`: Match request prefix path. It accepts a sequence of literal and regular expression prefix paths.
 - `PathPrefixStrip: /products/`: Match request prefix path and strip off the path prefix prior to forwarding the request to the backend. It accepts a sequence of literal prefix paths. Starting with Traefik 1.3, the stripped prefix path will be available in the `X-Forwarded-Prefix` header.
 - `PathPrefixStripRegex: /articles/{category}/{id:[0-9]+}`: Match request prefix path and strip off the path prefix prior to forwarding the request to the backend. It accepts a sequence of literal and regular expression prefix paths. Starting with Traefik 1.3, the stripped prefix path will be available in the `X-Forwarded-Prefix` header.
 In order to use regular expressions with Host and Path matchers, you must declare an arbitrarily named variable followed by the colon-separated regular expression, all enclosed in curly braces. Any pattern supported by [Go's regexp package](https://golang.org/pkg/regexp/) may be used. Example: `/posts/{id:[0-9]+}`.
 (Note that the variable has no special meaning; however, it is required by the gorilla/mux dependency which embeds the regular expression and defines the syntax.)
 #### Path Matcher Usage Guidelines
 This section explains when to use the various path matchers.
 Use `Path` if your backend listens on the exact path only. For instance, `Path: /products` would match `/products` but not `/products/shoes`.
 Use a `*Prefix*` matcher if your backend listens on a particular base path but also serves requests on sub-paths. For instance, `PathPrefix: /products` would match `/products` but also `/products/shoes` and `/products/shirts`. Since the path is forwarded as-is, your backend is expected to listen on `/products`.
 Use a `*Strip` matcher if your backend listens on the root path (`/`) but should be routeable on a specific prefix. For instance, `PathPrefixStrip: /products` would match `/products` but also `/products/shoes` and `/products/shirts`. Since the path is stripped prior to forwarding, your backend is expected to listen on `/`.
 If your backend is serving assets (e.g., images or Javascript files), chances are it must return properly constructed relative URLs. Continuing on the example, the backend should return `/products/shoes/image.png` (and not `/images.png` which Traefik would likely not be able to associate with the same backend). The `X-Forwarded-Prefix` header (available since Traefik 1.3) can be queried to build such URLs dynamically.
 Instead of distinguishing your backends by path only, you can add a Host matcher to the mix. That way, namespacing of your backends happens on the basis of hosts in addition to paths.
 ### Examples
 Here is an example of frontends definition:
 ```toml
 [frontends]
  [frontends.frontend1]
  backend = "backend2"
    [frontends.frontend1.routes.test_1]
    rule = "Host:test.localhost,test2.localhost"
  [frontends.frontend2]
  backend = "backend1"
  passHostHeader = true
  priority = 10
  entrypoints = ["https"] # overrides defaultEntryPoints
    [frontends.frontend2.routes.test_1]
    rule = "HostRegexp:localhost,{subdomain:[a-z]+}.localhost"
  [frontends.frontend3]
  backend = "backend2"
    [frontends.frontend3.routes.test_1]
    rule = "Host:test3.localhost;Path:/test"
 ```
 - Three frontends are defined: `frontend1`, `frontend2` and `frontend3`
 - `frontend1` will forward the traffic to the `backend2` if the rule `Host:test.localhost,test2.localhost` is matched
 - `frontend2` will forward the traffic to the `backend1` if the rule `Host:localhost,{subdomain:[a-z]+}.localhost` is matched (forwarding client `Host` header to the backend)
 - `frontend3` will forward the traffic to the `backend2` if the rules `Host:test3.localhost` **AND** `Path:/test` are matched
 ### Combining multiple rules
 As seen in the previous example, you can combine multiple rules.
 In TOML file, you can use multiple routes:
 ```toml
 [frontends.frontend3]
 backend = "backend2"
  [frontends.frontend3.routes.test_1]
  rule = "Host:test3.localhost"
  [frontends.frontend3.routes.test_2]
  rule = "Path:/test"
 ```
 Here `frontend3` will forward the traffic to the `backend2` if the rules `Host:test3.localhost` **AND** `Path:/test` are matched.
 You can also use the notation using a `;` separator, same result:
 ```toml
 [frontends.frontend3]
 backend = "backend2"
  [frontends.frontend3.routes.test_1]
  rule = "Host:test3.localhost;Path:/test"
 ```
 Finally, you can create a rule to bind multiple domains or Path to a frontend, using the `,` separator:
 ```toml
 [frontends.frontend2]
   [frontends.frontend2.routes.test_1]
   rule = "Host:test1.localhost,test2.localhost"
 [frontends.frontend3]
 backend = "backend2"
  [frontends.frontend3.routes.test_1]
  rule = "Path:/test1,/test2"
 ```
 ### Rules Order
 When combining `Modifier` rules with `Matcher` rules, it is important to remember that `Modifier` rules **ALWAYS** apply after the `Matcher` rules.  
 The following rules are both `Matchers` and `Modifiers`, so the `Matcher` portion of the rule will apply first, and the `Modifier` will apply later.
 - `PathStrip`
 - `PathStripRegex`
 - `PathPrefixStrip`
 - `PathPrefixStripRegex`
 `Modifiers` will be applied in a pre-determined order regardless of their order in the `rule` configuration section.
 1. `PathStrip`
 2. `PathPrefixStrip`
 3. `PathStripRegex`
 4. `PathPrefixStripRegex`
 5. `AddPrefix`
 6. `ReplacePath` 
 ### Priorities
 By default, routes will be sorted (in descending order) using rules length (to avoid path overlap):
 `PathPrefix:/12345` will be matched before `PathPrefix:/1234` that will be matched before `PathPrefix:/1`.
 You can customize priority by frontend:
 ```toml
 [frontends]
  [frontends.frontend1]
  backend = "backend1"
  priority = 10
  passHostHeader = true
    [frontends.frontend1.routes.test_1]
    rule = "PathPrefix:/to"
  [frontends.frontend2]
  priority = 5
  backend = "backend2"
  passHostHeader = true
    [frontends.frontend2.routes.test_1]
    rule = "PathPrefix:/toto"
 ```
 Here, `frontend1` will be matched before `frontend2` (`10 > 5`).
 ## Backends
 A backend is responsible to load-balance the traffic coming from one or more frontends to a set of http servers.
 Various methods of load-balancing are supported:
 - `wrr`: Weighted Round Robin
 - `drr`: Dynamic Round Robin: increases weights on servers that perform better than others. It also rolls back to original weights if the servers have changed.
 A circuit breaker can also be applied to a backend, preventing high loads on failing servers.
 Initial state is Standby. CB observes the statistics and does not modify the request.
 In case the condition matches, CB enters Tripped state, where it responds with predefined code or redirects to another frontend.
 Once Tripped timer expires, CB enters Recovering state and resets all stats.
 In case the condition does not match and recovery timer expires, CB enters Standby state.
 It can be configured using:
 - Methods: `LatencyAtQuantileMS`, `NetworkErrorRatio`, `ResponseCodeRatio`
 - Operators:  `AND`, `OR`, `EQ`, `NEQ`, `LT`, `LE`, `GT`, `GE`
 For example:
 - `NetworkErrorRatio() > 0.5`: watch error ratio over 10 second sliding window for a frontend
 - `LatencyAtQuantileMS(50.0) > 50`:  watch latency at quantile in milliseconds.
 - `ResponseCodeRatio(500, 600, 0, 600) > 0.5`: ratio of response codes in range [500-600) to  [0-600)
 To proactively prevent backends from being overwhelmed with high load, a maximum connection limit can
 also be applied to each backend.
 Maximum connections can be configured by specifying an integer value for `maxconn.amount` and
 `maxconn.extractorfunc` which is a strategy used to determine how to categorize requests in order to
 evaluate the maximum connections.
 For example:
 ```toml
 [backends]
  [backends.backend1]
    [backends.backend1.maxconn]
       amount = 10
       extractorfunc = "request.host"
 ```
 - `backend1` will return `HTTP code 429 Too Many Requests` if there are already 10 requests in progress for the same Host header.
 - Another possible value for `extractorfunc` is `client.ip` which will categorize requests based on client source ip.
 - Lastly `extractorfunc` can take the value of `request.header.ANY_HEADER` which will categorize requests based on `ANY_HEADER` that you provide.
 Sticky sessions are supported with both load balancers. When sticky sessions are enabled, a cookie called `_TRAEFIK_BACKEND` is set on the initial
 request. On subsequent requests, the client will be directed to the backend stored in the cookie if it is still healthy. If not, a new backend
 will be assigned.
 For example:
 ```toml
 [backends]
  [backends.backend1]
    [backends.backend1.loadbalancer]
      sticky = true
 ```
 A health check can be configured in order to remove a backend from LB rotation
 as long as it keeps returning HTTP status codes other than 200 OK to HTTP GET
 requests periodically carried out by Traefik. The check is defined by a path
 appended to the backend URL and an interval (given in a format understood by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration)) specifying how
 often the health check should be executed (the default being 30 seconds). Each
 backend must respond to the health check within 5 seconds.
 A recovering backend returning 200 OK responses again is being returned to the
 LB rotation pool.
 For example:
 ```toml
 [backends]
  [backends.backend1]
    [backends.backend1.healthcheck]
      path = "/health"
      interval = "10s"
 ```
 ## Servers
 Servers are simply defined using a `URL`. You can also apply a custom `weight` to each server (this will be used by load-balancing).
 Here is an example of backends and servers definition:
 ```toml
 [backends]
  [backends.backend1]
    [backends.backend1.circuitbreaker]
      expression = "NetworkErrorRatio() > 0.5"
    [backends.backend1.servers.server1]
    url = "http://172.17.0.2:80"
    weight = 10
    [backends.backend1.servers.server2]
    url = "http://172.17.0.3:80"
    weight = 1
  [backends.backend2]
    [backends.backend2.LoadBalancer]
      method = "drr"
    [backends.backend2.servers.server1]
    url = "http://172.17.0.4:80"
    weight = 1
    [backends.backend2.servers.server2]
    url = "http://172.17.0.5:80"
    weight = 2
 ```
 - Two backends are defined: `backend1` and `backend2`
 - `backend1` will forward the traffic to two servers: `http://172.17.0.2:80"` with weight `10` and `http://172.17.0.3:80` with weight `1` using default `wrr` load-balancing strategy.
 - `backend2` will forward the traffic to two servers: `http://172.17.0.4:80"` with weight `1` and `http://172.17.0.5:80` with weight `2` using `drr` load-balancing strategy.
 - a circuit breaker is added on `backend1` using the expression `NetworkErrorRatio() > 0.5`: watch error ratio over 10 second sliding window
 # Configuration
 Træfik's configuration has two parts: 
 - The [static Træfik configuration](/basics#static-trfk-configuration) which is loaded only at the beginning. 
 - The [dynamic Træfik configuration](/basics#dynamic-trfk-configuration) which can be hot-reloaded (no need to restart the process).
 ## Static Træfik configuration
 The static configuration is the global configuration which is setting up connections to configuration backends and entrypoints. 
 Træfik can be configured using many configuration sources with the following precedence order. 
 Each item takes precedence over the item below it:
 - [Key-value Store](/basics/#key-value-stores)
 - [Arguments](/basics/#arguments)
 - [Configuration file](/basics/#configuration-file)
 - Default
 It means that arguments override configuration file, and Key-value Store overrides arguments.
 ### Configuration file
 By default, Træfik will try to find a `traefik.toml` in the following places:
 - `/etc/traefik/`
 - `$HOME/.traefik/`
 - `.` *the working directory*
 You can override this by setting a `configFile` argument:
 ```bash
 $ traefik --configFile=foo/bar/myconfigfile.toml
 ```
 Please refer to the [global configuration](/toml/#global-configuration) section to get documentation on it.
 ### Arguments
 Each argument (and command) is described in the help section:
 ```bash
 $ traefik --help
 ```
 Note that all default values will be displayed as well.
 ### Key-value stores
 Træfik supports several Key-value stores:
 - [Consul](https://consul.io)
 - [etcd](https://coreos.com/etcd/)
 - [ZooKeeper](https://zookeeper.apache.org/) 
 - [boltdb](https://github.com/boltdb/bolt)
 Please refer to the [User Guide Key-value store configuration](/user-guide/kv-config/) section to get documentation on it.
 ## Dynamic Træfik configuration
 The dynamic configuration concerns : 
 - [Frontends](/basics/#frontends)
 - [Backends](/basics/#backends) 
 - [Servers](/basics/#servers) 
 Træfik can hot-reload those rules which could be provided by [multiple configuration backends](/toml/#configuration-backends).
 We only need to enable `watch` option to make Træfik watch configuration backend changes and generate its configuration automatically.
 Routes to services will be created and updated instantly at any changes.
 Please refer to the [configuration backends](/toml/#configuration-backends) section to get documentation on it.
 # Commands
 Usage: `traefik [command] [--flag=flag_argument]`
 List of Træfik available commands with description :                                                             
 - `version` : Print version 
 - `storeconfig` : Store the static traefik configuration into a Key-value stores. Please refer to the [Store Træfik configuration](/user-guide/kv-config/#store-trfk-configuration) section to get documentation on it.
 Each command may have related flags. 
 All those related flags will be displayed with :
 ```bash
 $ traefik [command] --help
 ```
 Note that each command is described at the beginning of the help section:
 ```bash
 $ traefik --help
 ```
--- a/docs/benchmarks.md
+++ b/docs/benchmarks.md
@@ -1,213 +0,0 @@
 # Benchmarks
 ## Configuration
 I would like to thanks [vincentbernat](https://github.com/vincentbernat) from [exoscale.ch](https://www.exoscale.ch) who kindly provided the infrastructure needed for the benchmarks.
 I used 4 VMs for the tests with the following configuration:
 - 32 GB RAM
 - 8 CPU Cores
 - 10 GB SSD
 - Ubuntu 14.04 LTS 64-bit
 ## Setup
 1. One VM used to launch the benchmarking tool [wrk](https://github.com/wg/wrk)
 2. One VM for traefik (v1.0.0-beta.416) / nginx (v1.4.6)
 3. Two VMs for 2 backend servers in go [whoami](https://github.com/emilevauge/whoamI/)
 Each VM has been tuned using the following limits:
 ```bash
 sysctl -w fs.file-max="9999999"
 sysctl -w fs.nr_open="9999999"
 sysctl -w net.core.netdev_max_backlog="4096"
 sysctl -w net.core.rmem_max="16777216"
 sysctl -w net.core.somaxconn="65535"
 sysctl -w net.core.wmem_max="16777216"
 sysctl -w net.ipv4.ip_local_port_range="1025       65535"
 sysctl -w net.ipv4.tcp_fin_timeout="30"
 sysctl -w net.ipv4.tcp_keepalive_time="30"
 sysctl -w net.ipv4.tcp_max_syn_backlog="20480"
 sysctl -w net.ipv4.tcp_max_tw_buckets="400000"
 sysctl -w net.ipv4.tcp_no_metrics_save="1"
 sysctl -w net.ipv4.tcp_syn_retries="2"
 sysctl -w net.ipv4.tcp_synack_retries="2"
 sysctl -w net.ipv4.tcp_tw_recycle="1"
 sysctl -w net.ipv4.tcp_tw_reuse="1"
 sysctl -w vm.min_free_kbytes="65536"
 sysctl -w vm.overcommit_memory="1"
 ulimit -n 9999999
 ```
 ### Nginx
 Here is the config Nginx file use `/etc/nginx/nginx.conf`:
 ```
 user www-data;
 worker_processes auto;
 worker_rlimit_nofile 200000;
 pid /var/run/nginx.pid;
 events {
    worker_connections 10000;
    use epoll;
    multi_accept on;
 }
 http {
    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 300;
    keepalive_requests 10000;
    types_hash_max_size 2048;
    open_file_cache max=200000 inactive=300s; 
    open_file_cache_valid 300s; 
    open_file_cache_min_uses 2;
    open_file_cache_errors on;
    server_tokens off;
    dav_methods off;
    include /etc/nginx/mime.types;
    default_type application/octet-stream;
    access_log /var/log/nginx/access.log combined;
    error_log /var/log/nginx/error.log warn;
    gzip off;
    gzip_vary off;
    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*.conf;
 }
 ```
 Here is the Nginx vhost file used:
 ```
 upstream whoami {
    server IP-whoami1:80;
    server IP-whoami2:80;
    keepalive 300;
 }
 server {
    listen 8001;
    server_name test.traefik;
    access_log off;
    error_log /dev/null crit;
    if ($host != "test.traefik") {
        return 404;
    }
    location / {
        proxy_pass http://whoami;
        proxy_http_version 1.1;
        proxy_set_header Connection "";
 	proxy_set_header  X-Forwarded-Host $host;
    }
 }
 ```
 ### Traefik
 Here is the `traefik.toml` file used:
 ```toml
 MaxIdleConnsPerHost = 100000
 defaultEntryPoints = ["http"]
 [entryPoints]
  [entryPoints.http]
  address = ":8000"
 [file]
 [backends]
  [backends.backend1]
    [backends.backend1.servers.server1]
    url = "http://IP-whoami1:80"
    weight = 1
    [backends.backend1.servers.server2]
    url = "http://IP-whoami2:80"
    weight = 1
 [frontends]
  [frontends.frontend1]
  backend = "backend1"
    [frontends.frontend1.routes.test_1]
    rule = "Host: test.traefik"
 ```
 ## Results
 ### whoami:
 ```shell
 wrk -t20 -c1000 -d60s -H "Host: test.traefik" --latency  http://IP-whoami:80/bench
 Running 1m test @ http://IP-whoami:80/bench
  20 threads and 1000 connections
  Thread Stats   Avg      Stdev     Max   +/- Stdev
    Latency    70.28ms  134.72ms   1.91s    89.94%
    Req/Sec     2.92k   742.42     8.78k    68.80%
  Latency Distribution
     50%   10.63ms
     75%   75.64ms
     90%  205.65ms
     99%  668.28ms
  3476705 requests in 1.00m, 384.61MB read
  Socket errors: connect 0, read 0, write 0, timeout 103
 Requests/sec:  57894.35
 Transfer/sec:      6.40MB
 ```
 ### nginx:
 ```shell
 wrk -t20 -c1000 -d60s -H "Host: test.traefik" --latency  http://IP-nginx:8001/bench
 Running 1m test @ http://IP-nginx:8001/bench
  20 threads and 1000 connections
  Thread Stats   Avg      Stdev     Max   +/- Stdev
    Latency   101.25ms  180.09ms   1.99s    89.34%
    Req/Sec     1.69k   567.69     9.39k    72.62%
  Latency Distribution
     50%   15.46ms
     75%  129.11ms
     90%  302.44ms
     99%  846.59ms
  2018427 requests in 1.00m, 298.36MB read
  Socket errors: connect 0, read 0, write 0, timeout 90
 Requests/sec:  33591.67
 Transfer/sec:      4.97MB
 ```
 ### traefik:
 ```shell
 wrk -t20 -c1000 -d60s -H "Host: test.traefik" --latency  http://IP-traefik:8000/bench
 Running 1m test @ http://IP-traefik:8000/bench
  20 threads and 1000 connections
  Thread Stats   Avg      Stdev     Max   +/- Stdev
    Latency    91.72ms  150.43ms   2.00s    90.50%
    Req/Sec     1.43k   266.37     2.97k    69.77%
  Latency Distribution
     50%   19.74ms
     75%  121.98ms
     90%  237.39ms
     99%  687.49ms
  1705073 requests in 1.00m, 188.63MB read
  Socket errors: connect 0, read 0, write 0, timeout 7
 Requests/sec:  28392.44
 Transfer/sec:      3.14MB
 ```
 ## Conclusion
 Traefik is obviously slower than Nginx, but not so much: Traefik can serve 28392 requests/sec and Nginx 33591 requests/sec which gives a ratio of 85%.
 Not bad for young project :) !
 Some areas of possible improvements:
 - Use [GO_REUSEPORT](https://github.com/kavu/go_reuseport) listener
 - Run a separate server instance per CPU core with `GOMAXPROCS=1` (it appears during benchmarks that there is a lot more context switches with traefik than with nginx)
--- a/docs/check.Dockerfile
+++ b/docs/check.Dockerfile
@@ -0,0 +1,43 @@
 FROM alpine:3.9 as alpine
 # The "build-dependencies" virtual package provides build tools for html-proofer installation.
 # It compile ruby-nokogiri, because alpine native version is always out of date
 # This virtual package is cleaned at the end.
 RUN apk --no-cache --no-progress add \
    libcurl \
    ruby \
    ruby-bigdecimal \
    ruby-etc \
    ruby-ffi \
    ruby-json \
  && apk add --no-cache --virtual build-dependencies \
    build-base \
    libcurl \
    libxml2-dev \
    libxslt-dev \
    ruby-dev \
  && gem install --no-document html-proofer -v 3.10.2 \
  && apk del build-dependencies
 # After Ruby, some NodeJS YAY!
 RUN apk --no-cache --no-progress add \
    git \
    nodejs \
    npm \
  && npm install markdownlint@0.12.0 markdownlint-cli@0.13.0 --global
 # Finally the shell tools we need for later
 # tini helps to terminate properly all the parallelized tasks when sending CTRL-C
 RUN apk --no-cache --no-progress add \
    ca-certificates \
    curl \
    tini
 COPY ./scripts/verify.sh /verify.sh
 COPY ./scripts/lint.sh /lint.sh
 WORKDIR /app
 VOLUME ["/tmp","/app"]
 ENTRYPOINT ["/sbin/tini","-g","sh"]
--- a/docs/content/assets/img/architecture-overview.png
+++ b/docs/content/assets/img/architecture-overview.png
--- a/docs/content/assets/img/entrypoints.png
+++ b/docs/content/assets/img/entrypoints.png
--- a/docs/content/assets/img/middleware/addprefix.png
+++ b/docs/content/assets/img/middleware/addprefix.png
--- a/docs/content/assets/img/middleware/authforward.png
+++ b/docs/content/assets/img/middleware/authforward.png
--- a/docs/content/assets/img/middleware/basicauth.png
+++ b/docs/content/assets/img/middleware/basicauth.png
--- a/docs/content/assets/img/middleware/buffering.png
+++ b/docs/content/assets/img/middleware/buffering.png
--- a/docs/content/assets/img/middleware/chain.png
+++ b/docs/content/assets/img/middleware/chain.png
--- a/docs/content/assets/img/middleware/circuitbreaker.png
+++ b/docs/content/assets/img/middleware/circuitbreaker.png
--- a/docs/content/assets/img/middleware/compress.png
+++ b/docs/content/assets/img/middleware/compress.png
--- a/docs/content/assets/img/middleware/digestauth.png
+++ b/docs/content/assets/img/middleware/digestauth.png
--- a/docs/content/assets/img/middleware/errorpages.png
+++ b/docs/content/assets/img/middleware/errorpages.png
--- a/docs/content/assets/img/middleware/headers.png
+++ b/docs/content/assets/img/middleware/headers.png
--- a/docs/content/assets/img/middleware/inflightreq.png
+++ b/docs/content/assets/img/middleware/inflightreq.png
--- a/docs/content/assets/img/middleware/ipwhitelist.png
+++ b/docs/content/assets/img/middleware/ipwhitelist.png
--- a/docs/content/assets/img/middleware/overview.png
+++ b/docs/content/assets/img/middleware/overview.png
--- a/docs/content/assets/img/providers.png
+++ b/docs/content/assets/img/providers.png
--- a/docs/content/assets/img/providers/docker.png
+++ b/docs/content/assets/img/providers/docker.png
--- a/docs/content/assets/img/providers/rancher.png
+++ b/docs/content/assets/img/providers/rancher.png
--- a/docs/content/assets/img/quickstart-diagram.png
+++ b/docs/content/assets/img/quickstart-diagram.png
--- a/docs/content/assets/img/routers.png
+++ b/docs/content/assets/img/routers.png
--- a/docs/content/assets/img/services.png
+++ b/docs/content/assets/img/services.png
--- a/docs/content/assets/img/static-dynamic-configuration.png
+++ b/docs/content/assets/img/static-dynamic-configuration.png
--- a/docs/content/assets/img/traefik-architecture.png
+++ b/docs/content/assets/img/traefik-architecture.png
--- a/docs/content/assets/img/traefik-concepts-1.png
+++ b/docs/content/assets/img/traefik-concepts-1.png
--- a/docs/content/assets/img/traefik-concepts-2.png
+++ b/docs/content/assets/img/traefik-concepts-2.png
--- a/docs/content/assets/img/traefik.icon.png
+++ b/docs/content/assets/img/traefik.icon.png
--- a/docs/content/assets/img/traefik.logo.png
+++ b/docs/content/assets/img/traefik.logo.png
--- a/docs/content/assets/img/user-guides/grpc.svg
+++ b/docs/content/assets/img/user-guides/grpc.svg
--- a/docs/content/assets/img/webui-dashboard.png
+++ b/docs/content/assets/img/webui-dashboard.png
--- a/docs/content/assets/js/extra.js
+++ b/docs/content/assets/js/extra.js
@@ -0,0 +1,4 @@
 /* Highlight */
 (function(hljs) {
    hljs.initHighlightingOnLoad();
 })(hljs);
--- a/docs/content/assets/js/hljs/LICENSE
+++ b/docs/content/assets/js/hljs/LICENSE
@@ -0,0 +1,24 @@
 Copyright (c) 2006, Ivan Sagalaev
 All rights reserved.
 Redistribution and use in source and binary forms, with or without
 modification, are permitted provided that the following conditions are met:
    * Redistributions of source code must retain the above copyright
      notice, this list of conditions and the following disclaimer.
    * Redistributions in binary form must reproduce the above copyright
      notice, this list of conditions and the following disclaimer in the
      documentation and/or other materials provided with the distribution.
    * Neither the name of highlight.js nor the names of its contributors 
      may be used to endorse or promote products derived from this software 
      without specific prior written permission.
 THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND ANY
 EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
 WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
 DISCLAIMED. IN NO EVENT SHALL THE REGENTS AND CONTRIBUTORS BE LIABLE FOR ANY
 DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
 (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
 ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
 SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
--- a/docs/content/assets/js/hljs/highlight.pack.js
+++ b/docs/content/assets/js/hljs/highlight.pack.js
--- a/docs/content/assets/styles/atom-one-light.css
+++ b/docs/content/assets/styles/atom-one-light.css
@@ -0,0 +1,96 @@
 /*
 Atom One Light by Daniel Gamage
 Original One Light Syntax theme from https://github.com/atom/one-light-syntax
 base:    #fafafa
 mono-1:  #383a42
 mono-2:  #686b77
 mono-3:  #a0a1a7
 hue-1:   #0184bb
 hue-2:   #4078f2
 hue-3:   #a626a4
 hue-4:   #50a14f
 hue-5:   #e45649
 hue-5-2: #c91243
 hue-6:   #986801
 hue-6-2: #c18401
 */
 .hljs {
  display: block;
  overflow-x: auto;
  padding: 0.5em;
  color: #383a42;
  background: #fafafa;
 }
 .hljs-comment,
 .hljs-quote {
  color: #a0a1a7;
  font-style: italic;
 }
 .hljs-doctag,
 .hljs-keyword,
 .hljs-formula {
  color: #a626a4;
 }
 .hljs-section,
 .hljs-name,
 .hljs-selector-tag,
 .hljs-deletion,
 .hljs-subst {
  color: #e45649;
 }
 .hljs-literal {
  color: #0184bb;
 }
 .hljs-string,
 .hljs-regexp,
 .hljs-addition,
 .hljs-attribute,
 .hljs-meta-string {
  color: #50a14f;
 }
 .hljs-built_in,
 .hljs-class .hljs-title {
  color: #c18401;
 }
 .hljs-attr,
 .hljs-variable,
 .hljs-template-variable,
 .hljs-type,
 .hljs-selector-class,
 .hljs-selector-attr,
 .hljs-selector-pseudo,
 .hljs-number {
  color: #986801;
 }
 .hljs-symbol,
 .hljs-bullet,
 .hljs-link,
 .hljs-meta,
 .hljs-selector-id,
 .hljs-title {
  color: #4078f2;
 }
 .hljs-emphasis {
  font-style: italic;
 }
 .hljs-strong {
  font-weight: bold;
 }
 .hljs-link {
  text-decoration: underline;
 }
--- a/docs/content/assets/styles/extra.css
+++ b/docs/content/assets/styles/extra.css
@@ -0,0 +1,63 @@
@import url('https://fonts.googleapis.com/css?family=Noto+Sans|Noto+Serif');
 .md-logo img {
    background-color: white;
    border-radius: 50%;
    width: 30px;
    height: 30px;
 }
 /* Fix for Chrome */
 .md-typeset__table td code {
    word-break: unset;
 }
 .md-typeset__table tr :nth-child(1) {
    word-wrap: break-word;
    max-width: 30em;
 }
 body {
    font-family: 'Noto Sans', sans-serif;
 }
 h1 {
    font-weight: bold !important;
    color: rgba(0,0,0,.9) !important;
 }
 h2 {
    font-weight: bold !important;
 }
 h3 {
    font-weight: bold !important;
 }
 .md-typeset h5 {
    text-transform: none;
 }
 figcaption {
    text-align: center;
    font-size: 0.8em;
    font-style: italic;
    color: #8D909F;
 }
 p.subtitle {
    color: rgba(0,0,0,.54);
    padding-top: 0;
    margin-top: -2em;
    font-weight: bold;
    font-size: 1.25em;
 }
 .markdown-body .task-list-item {
    list-style-type: none !important;
 }
 .markdown-body .task-list-item input[type="checkbox"] {
    margin: 0 4px 0.25em -20px;
    vertical-align: middle;
 }
--- a/docs/content/contributing/advocating.md
+++ b/docs/content/contributing/advocating.md
@@ -0,0 +1,10 @@
 # Advocating
 Spread the Love & Tell Us about It
 {: .subtitle }
 There are many ways to contribute to the project, and there is one that always spark joy: when we see/read about users talking about how Traefik helps them solve their problems.
 If you're talking about Traefik, [let us know](https://blog.containo.us/spread-the-love-ba5a40aa72e7) and we'll promote your enthusiasm!
 Also, if you've written about Traefik or shared useful information you'd like to promote, feel free to add links in the [dedicated wiki page on Github](https://github.com/containous/traefik/wiki/Awesome-Traefik).
--- a/docs/content/contributing/building-testing.md
+++ b/docs/content/contributing/building-testing.md
@@ -0,0 +1,173 @@
 # Building and Testing
 Compile and Test Your Own Traefik!
 {: .subtitle }
 So you want to build your own Traefik binary from the sources?
 Let's see how.
 ## Building
 You need either [Docker](https://github.com/docker/docker) and `make` (Method 1), or `go` (Method 2) in order to build Traefik.
 For changes to its dependencies, the `dep` dependency management tool is required.
 ### Method 1: Using `Docker` and `Makefile`
 Run make with the `binary` target.
 This will create binaries for the Linux platform in the `dist` folder.
 ```bash
 $ make binary
 docker build -t traefik-webui -f webui/Dockerfile webui
 Sending build context to Docker daemon  2.686MB
 Step 1/11 : FROM node:8.15.0
 ---> 1f6c34f7921c
 [...]
 Successfully built ce4ff439c06a
 Successfully tagged traefik-webui:latest
 [...]
 docker build  -t "traefik-dev:4475--feature-documentation" -f build.Dockerfile .
 Sending build context to Docker daemon    279MB
 Step 1/10 : FROM golang:1.13-alpine
 ---> f4bfb3d22bda
 [...]
 Successfully built 5c3c1a911277
 Successfully tagged traefik-dev:4475--feature-documentation
 docker run  -e "TEST_CONTAINER=1" -v "/var/run/docker.sock:/var/run/docker.sock" -it -e OS_ARCH_ARG -e OS_PLATFORM_ARG -e TESTFLAGS -e VERBOSE -e VERSION -e CODENAME -e TESTDIRS -e CI -e CONTAINER=DOCKER		 -v "/home/ldez/sources/go/src/github.com/containous/traefik/"dist":/go/src/github.com/containous/traefik/"dist"" "traefik-dev:4475--feature-documentation" ./script/make.sh generate binary
 ---> Making bundle: generate (in .)
 removed 'autogen/genstatic/gen.go'
 ---> Making bundle: binary (in .)
 $ ls dist/
 traefik*
 ```
 The following targets can be executed outside Docker by setting the variable `PRE_TARGET` to an empty string (we don't recommend that):
 - `test-unit`
 - `test-integration`
 - `validate`
 - `binary` (the webUI is still generated by using Docker)
 ex:
 ```bash
 PRE_TARGET= make test-unit
 ```
 ### Method 2: Using `go`
 Requirements:
 - `go` v1.13+
 - environment variable `GO111MODULE=on`
 !!! tip "Source Directory"
    It is recommended that you clone Traefik into the `~/go/src/github.com/containous/traefik` directory.
    This is the official golang workspace hierarchy that will allow dependencies to be properly resolved.
 !!! note "Environment"
    Set your `GOPATH` and `PATH` variable to be set to `~/go` via:
    ```bash
    export GOPATH=~/go
    export PATH=$PATH:$GOPATH/bin
    ```
    For convenience, add `GOPATH` and `PATH` to your `.bashrc` or `.bash_profile`
    Verify your environment is setup properly by running `$ go env`.
    Depending on your OS and environment, you should see an output similar to:
    ```bash
    GOARCH="amd64"
    GOBIN=""
    GOEXE=""
    GOHOSTARCH="amd64"
    GOHOSTOS="linux"
    GOOS="linux"
    GOPATH="/home/<yourusername>/go"
    GORACE=""
    ## ... and the list goes on
    ```
 #### Build Traefik
 Once you've set up your go environment and cloned the source repository, you can build Traefik.
 Beforehand, you need to get `go-bindata` (the first time) in order to be able to use the `go generate` command (which is part of the build process).
 ```bash
 cd ~/go/src/github.com/containous/traefik
 # Get go-bindata. (Important: the ellipses are required.)
 GO111MODULE=off go get github.com/containous/go-bindata/...
 # Let's build
 # generate
 # (required to merge non-code components into the final binary, such as the web dashboard and the provider's templates)
 go generate
 # Standard go build
 go build ./cmd/traefik
 ```
 You will find the Traefik executable (`traefik`) in the `~/go/src/github.com/containous/traefik` directory.
 ### Updating the templates
 If you happen to update the provider's templates (located in `/templates`), you must run `go generate` to update the `autogen` package.
 ## Testing
 ### Method 1: `Docker` and `make`
 Run unit tests using the `test-unit` target.
 Run integration tests using the `test-integration` target.
 Run all tests (unit and integration) using the `test` target.
 ```bash
 $ make test-unit
 docker build -t "traefik-dev:your-feature-branch" -f build.Dockerfile .
 # […]
 docker run --rm -it -e OS_ARCH_ARG -e OS_PLATFORM_ARG -e TESTFLAGS -v "/home/user/go/src/github/containous/traefik/dist:/go/src/github.com/containous/traefik/dist" "traefik-dev:your-feature-branch" ./script/make.sh generate test-unit
 ---> Making bundle: generate (in .)
 removed 'gen.go'
 ---> Making bundle: test-unit (in .)
 + go test -cover -coverprofile=cover.out .
 ok      github.com/containous/traefik   0.005s  coverage: 4.1% of statements
 Test success
 ```
 For development purposes, you can specify which tests to run by using (only works the `test-integration` target):
 ```bash
 # Run every tests in the MyTest suite
 TESTFLAGS="-check.f MyTestSuite" make test-integration
 # Run the test "MyTest" in the MyTest suite
 TESTFLAGS="-check.f MyTestSuite.MyTest" make test-integration
 # Run every tests starting with "My", in the MyTest suite
 TESTFLAGS="-check.f MyTestSuite.My" make test-integration
 # Run every tests ending with "Test", in the MyTest suite
 TESTFLAGS="-check.f MyTestSuite.*Test" make test-integration
 ```
 More: https://labix.org/gocheck
 ### Method 2: `go`
 Unit tests can be run from the cloned directory using `$ go test ./...` which should return `ok`, similar to:
 ```test
 ok      _/home/user/go/src/github/containous/traefik    0.004s
 ```
 Integration tests must be run from the `integration/` directory and require the `-integration` switch: `$ cd integration && go test -integration ./...`.
--- a/docs/content/contributing/data-collection.md
+++ b/docs/content/contributing/data-collection.md
@@ -0,0 +1,98 @@
 # Data Collection
 Understanding How Traefik is Being Used
 {: .subtitle }
 ## Configuration Example
 Understanding how you use Traefik is very important to us: it helps us improve the solution in many different ways.  
 For this very reason, the sendAnonymousUsage option is mandatory: we want you to take time to consider whether or not you wish to share anonymous data with us so we can benefit from your experience and use cases.
 !!! example "Enabling Data Collection"
    ```toml tab="File (TOML)"
    [global]
      # Send anonymous usage data
      sendAnonymousUsage = true
    ```
    ```yaml tab="File (YAML)"
    global:
      # Send anonymous usage data
      sendAnonymousUsage: true
    ```
    ```bash tab="CLI"
    # Send anonymous usage data
    --global.sendAnonymousUsage
    ```
 ## Collected Data
 This feature comes from the public proposal [here](https://github.com/containous/traefik/issues/2369).
 In order to help us learn more about how Traefik is being used and improve it, we collect anonymous usage statistics from running instances.
 Those data help us prioritize our developments and focus on what's important for our users (for example, which provider is popular, and which is not).
 ### What's collected / when ?
 Once a day (the first call begins 10 minutes after the start of Traefik), we collect:
 - the Traefik version number
 - a hash of the configuration
 - an **anonymized version** of the static configuration (token, user name, password, URL, IP, domain, email, etc, are removed).
 !!! note
    We do not collect the dynamic configuration information (routers & services).
    We do not collect these data to run advertising programs.
    We do not sell these data to third-parties.
 ### Example of Collected Data
 ??? example "Original configuration"
    ```toml
    [entryPoints]
      [entryPoints.web]
         address = ":80"
    [api]
    [providers.docker]
      endpoint = "tcp://10.10.10.10:2375"
      exposedByDefault = true
      swarmMode = true
      [providers.docker.TLS]
        ca = "dockerCA"
        cert = "dockerCert"
        key = "dockerKey"
        insecureSkipVerify = true
    ```
 ??? example "Resulting Obfuscated Configuration"
    ```toml
    [entryPoints]
      [entryPoints.web]
        address = ":80"
    [api]
    [providers.docker]
      endpoint = "xxxx"
      exposedByDefault = true
      swarmMode = true
      [providers.docker.TLS]
        ca = "xxxx"
        cert = "xxxx"
        key = "xxxx"
        insecureSkipVerify = false
    ```
 ## The Code for Data Collection
 If you want to dig into more details, here is the source code of the collecting system: [collector.go](https://github.com/containous/traefik/blob/master/pkg/collector/collector.go)
 By default we anonymize all configuration fields, except fields tagged with `export=true`.
--- a/docs/content/contributing/documentation.md
+++ b/docs/content/contributing/documentation.md
@@ -0,0 +1,100 @@
 # Documentation
 Features Are Better When You Know How to Use Them
 {: .subtitle }
 You've found something unclear in the documentation and want to give a try at explaining it better?
 Let's see how.
 ## Building Documentation
 ### General
 This [documentation](https://docs.traefik.io/) is built with [mkdocs](https://mkdocs.org/).
 ### Method 1: `Docker` and `make`
 You can build the documentation and test it locally (with live reloading), using the `docs` target:
 ```bash
 $ make docs
 docker build -t traefik-docs -f docs.Dockerfile .
 # […]
 docker run  --rm -v /home/user/go/github/containous/traefik:/mkdocs -p 8000:8000 traefik-docs mkdocs serve
 # […]
 [I 170828 20:47:48 server:283] Serving on http://0.0.0.0:8000
 [I 170828 20:47:48 handlers:60] Start watching changes
 [I 170828 20:47:48 handlers:62] Start detecting changes
 ```
 !!! tip "Default URL"
    Your local documentation server will run by default on [http://127.0.0.1:8000](http://127.0.0.1:8000).
 If you only want to build the documentation without serving it locally, you can use the following command:
 ```bash
 $ make docs-build
 ...
 ```
 ### Method 2: `mkdocs`
 First, make sure you have `python` and `pip` installed.
 ```bash
 $ python --version
 Python 2.7.2
 $ pip --version
 pip 1.5.2
 ```
 Then, install mkdocs with `pip`.
 ```bash
 pip install --user -r requirements.txt
 ```
 To build the documentation locally and serve it locally, run `mkdocs serve` from the root directory.
 This will start a local server.
 ```bash
 $ mkdocs serve
 INFO    -  Building documentation...
 INFO    -  Cleaning site directory
 [I 160505 22:31:24 server:281] Serving on http://127.0.0.1:8000
 [I 160505 22:31:24 handlers:59] Start watching changes
 [I 160505 22:31:24 handlers:61] Start detecting changes
 ```
 ### Check the Documentation
 To check that the documentation meets standard expectations (no dead links, html markup validity, ...), use the `docs-verify` target.
 ```bash
 $ make docs-verify
 docker build -t traefik-docs-verify ./script/docs-verify-docker-image ## Build Validator image
 ...
 docker run --rm -v /home/travis/build/containous/traefik:/app traefik-docs-verify ## Check for dead links and w3c compliance
 === Checking HTML content...
 Running ["HtmlCheck", "ImageCheck", "ScriptCheck", "LinkCheck"] on /app/site/basics/index.html on *.html...
 ```
 !!! note "Clean & Verify"
    If you've made changes to the documentation, it's safter to clean it before verifying it. 
    ```bash
    $ make docs-clean docs-verify
    ...
    ```
 !!! note "Disabling Documentation Verification"
    Verification can be disabled by setting the environment variable `DOCS_VERIFY_SKIP` to `true`:
    ```shell
    DOCS_VERIFY_SKIP=true make docs-verify
    ...
    DOCS_LINT_SKIP is true: no linting done.
    ```
--- a/docs/content/contributing/maintainers.md
+++ b/docs/content/contributing/maintainers.md
@@ -0,0 +1,176 @@
 # Maintainers
 ## The team
 * Emile Vauge [@emilevauge](https://github.com/emilevauge)
 * Vincent Demeester [@vdemeester](https://github.com/vdemeester)
 * Ed Robinson [@errm](https://github.com/errm)
 * Daniel Tomcej [@dtomcej](https://github.com/dtomcej)
 * Manuel Zapf [@SantoDE](https://github.com/SantoDE)
 * Timo Reimann [@timoreimann](https://github.com/timoreimann)
 * Ludovic Fernandez [@ldez](https://github.com/ldez)
 * Julien Salleyron [@juliens](https://github.com/juliens)
 * Nicolas Mengin [@nmengin](https://github.com/nmengin)
 * Marco Jantke [@marco-jantke](https://github.com/marco-jantke)
 * Michaël Matur [@mmatur](https://github.com/mmatur)
 * Gérald Croës [@geraldcroes](https://github.com/geraldcroes)
 * Jean-Baptiste Doumenjou [@jbdoumenjou](https://github.com/jbdoumenjou)
 * Damien Duportal [@dduportal](https://github.com/dduportal)
 * Mathieu Lonjaret [@mpl](https://github.com/mpl)
 ## Contributions Daily Meeting
 * 3 Maintainers should attend to a Contributions Daily Meeting where we sort and label new issues ([is:issue label:status/0-needs-triage](https://github.com/containous/traefik/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3Astatus%2F0-needs-triage+)), and review every Pull Requests
 * Every pull request should be checked during the Contributions Daily Meeting
    * Even if it’s already assigned
    * Even PR labelled with `contributor/waiting-for-corrections` or `contributor/waiting-for-feedback`
 * Issues labeled with `priority/P0` and `priority/P1` should be assigned.
 * Modifying an issue or a pull request (labels, assignees, milestone) is only possible:
    * During the Contributions Daily Meeting
    * By an assigned maintainer
    * In case of emergency, if a change proposal is approved by 2 other maintainers (on Slack, Discord, Discourse, etc)
 ## PR review process:
 * The status `needs-design-review` is only used in complex/heavy/tricky PRs.
 * From `1` to `2`: 1 comment that says “design LGTM” (by a senior maintainer).
 * From `2` to `3`: 3 LGTM approvals by any maintainer.
 * If needed, a specific maintainer familiar with a particular domain can be requested for the review.
 * If a PR has been implemented in pair programming, one peer's LGTM goes into the review for free
 * Amending someone else's pull request is authorized only in emergency, if a rebase is needed, or if the initial contributor is silent
 We use [PRM](https://github.com/ldez/prm) to manage locally pull requests.
 ## Bots
 ### [Myrmica Lobicornis](https://github.com/containous/lobicornis/)
 Update and Merge Pull Request.
 The maintainer giving the final LGTM must add the `status/3-needs-merge` label to trigger the merge bot.
 By default, a squash-rebase merge will be carried out.
 To preserve commits, add `bot/merge-method-rebase` before `status/3-needs-merge`.
 The status `status/4-merge-in-progress` is only used by the bot.
 If the bot is not able to perform the merge, the label `bot/need-human-merge` is added.  
 In such a situation, solve the conflicts/CI/... and then remove the label `bot/need-human-merge`.
 To prevent the bot from automatically merging a PR, add the label `bot/no-merge`.
 The label `bot/light-review` decreases the number of required LGTM from 3 to 1.
 This label is used when:
 * Updating the vendors from previously reviewed PRs
 * Merging branches into the master
 * Preparing the release
 ### [Myrmica Bibikoffi](https://github.com/containous/bibikoffi/)
 * closes stale issues [cron]
    * use some criterion as number of days between creation, last update, labels, ...
 ### [Myrmica Aloba](https://github.com/containous/aloba)
 Manage GitHub labels.
 * Add labels on new PR [GitHub WebHook]
 * Add milestone to a new PR based on a branch version (1.4, 1.3, ...) [GitHub WebHook]
 * Add and remove `contributor/waiting-for-corrections` label when a review request changes [GitHub WebHook]
 * Weekly report of PR status on Slack (CaptainPR) [cron]
 ## Labels
 A maintainer that looks at an issue/PR must define its `kind/*`, `area/*`, and `status/*`.
 ### Status - Workflow
 The `status/*` labels represent the desired state in the workflow.
 * `status/0-needs-triage`: all the new issues and PRs have this status. _[bot only]_
 * `status/1-needs-design-review`: needs a design review. **(only for PR)**
 * `status/2-needs-review`: needs a code/documentation review. **(only for PR)**
 * `status/3-needs-merge`: ready to merge. **(only for PR)**
 * `status/4-merge-in-progress`: merge is in progress. _[bot only]_
 ### Contributor
 * `contributor/need-more-information`: we need more information from the contributor in order to analyze a problem.
 * `contributor/waiting-for-feedback`: we need the contributor to give us feedback.
 * `contributor/waiting-for-corrections`: we need the contributor to take actions in order to move forward with a PR. **(only for PR)** _[bot, humans]_
 * `contributor/needs-resolve-conflicts`: use it only when there is some conflicts (and an automatic rebase is not possible). **(only for PR)** _[bot, humans]_
 ### Kind
 * `kind/enhancement`: a new or improved feature.
 * `kind/question`: a question. **(only for issue)**
 * `kind/proposal`: a proposal that needs to be discussed.
    * _Proposal issues_ are design proposals
    * _Proposal PRs_ are technical prototypes that need to be refined with multiple contributors.
 * `kind/bug/possible`: a possible bug that needs analysis before it is confirmed or fixed. **(only for issues)**
 * `kind/bug/confirmed`: a confirmed bug (reproducible). **(only for issues)**
 * `kind/bug/fix`: a bug fix. **(only for PR)**
 ### Resolution
 * `resolution/duplicate`: a duplicate issue/PR.
 * `resolution/declined`: declined (Rule #1 of open-source: no is temporary, yes is forever).
 * `WIP`: Work In Progress. **(only for PR)**
 ### Platform
 * `platform/windows`: Windows related.
 ### Area
 * `area/acme`: ACME related.
 * `area/api`: Traefik API related.
 * `area/authentication`: Authentication related.
 * `area/cluster`: Traefik clustering related.
 * `area/documentation`: Documentation related.
 * `area/infrastructure`: CI or Traefik building scripts related.
 * `area/healthcheck`: Health-check related.
 * `area/logs`: Logs related.
 * `area/middleware`: Middleware related.
 * `area/middleware/metrics`: Metrics related. (Prometheus, StatsD, ...)
 * `area/middleware/tracing`: Tracing related. (Jaeger, Zipkin, ...)
 * `area/oxy`: Oxy related.
 * `area/provider`: related to all providers.
 * `area/provider/boltdb`: Boltd DB related.
 * `area/provider/consul`: Consul related.
 * `area/provider/docker`: Docker and Swarm related.
 * `area/provider/ecs`: ECS related.
 * `area/provider/etcd`: Etcd related.
 * `area/provider/eureka`: Eureka related.
 * `area/provider/file`: file provider related.
 * `area/provider/k8s`: Kubernetes related.
 * `area/provider/kv`: KV related.
 * `area/provider/marathon`: Marathon related.
 * `area/provider/mesos`: Mesos related.
 * `area/provider/rancher`: Rancher related.
 * `area/provider/servicefabric`: Azure service fabric related.
 * `area/provider/zk`: Zoo Keeper related.
 * `area/rules`: Rules related.
 * `area/server`: Server related.
 * `area/sticky-session`: Sticky session related.
 * `area/tls`: TLS related.
 * `area/websocket`: WebSocket related.
 * `area/webui`: Web UI related.
 ### Issues Priority
 * `priority/P0`: needs hot fix.
 * `priority/P1`: need to be fixed in next release.
 * `priority/P2`: need to be fixed in the future.
 * `priority/P3`: maybe.
 ### PR size
 Automatically set by a bot.
 * `size/S`: small PR.
 * `size/M`: medium PR.
 * `size/L`: Large PR.
--- a/Show More
+++ b/Show More
		`@@ -0,0 +1 @@`
							`# vendor/github.com/go-acme/lego/providers/dns/cloudxns/cloudxns.go eol=crlf`
		`@@ -0,0 +1,3 @@`
							`# Contributing`

							`See <https://docs.traefik.io/v2.0/contributing/thank-you/>.`