Prepare release v1.6.0

Document custom k8s ingress class usage in guide.
Add redirect section.
2025-09-06 05:44:21 +03:00 · 2018-04-30 23:20:05 +02:00 · 2018-04-30 20:28:03 +02:00 · 2018-04-30 12:28:03 +02:00 · 2018-04-30 12:08:03 +02:00 · 2018-04-30 09:24:04 +02:00
486 changed files with 42511 additions and 23559 deletions
--- a/.gitattributes
+++ b/.gitattributes
@@ -1,2 +1 @@
-vendor/github.com/xenolf/lego/providers/dns/cloudxns/cloudxns.go eol=crlf
-
+# vendor/github.com/xenolf/lego/providers/dns/cloudxns/cloudxns.go eol=crlf
--- a/.github/ISSUE_TEMPLATE.md
+++ b/.github/ISSUE_TEMPLATE.md
@@ -46,6 +46,10 @@ HOW TO WRITE A GOOD ISSUE?
 For the Traefik Docker image:
    docker run [IMAGE] version
    ex: docker run traefik version
+
+For the alpine Traefik Docker image:
+    docker run [IMAGE] traefik version
+    ex: docker run traefik traefik version
 -->

 ```
--- a/.github/ISSUE_TEMPLATE/bugs.md
+++ b/.github/ISSUE_TEMPLATE/bugs.md
@@ -44,6 +44,10 @@ HOW TO WRITE A GOOD ISSUE?
 For the Traefik Docker image:
    docker run [IMAGE] version
    ex: docker run traefik version
+
+For the alpine Traefik Docker image:
+    docker run [IMAGE] traefik version
+    ex: docker run traefik traefik version
 -->

 ```
--- a/.gitignore
+++ b/.gitignore
@@ -6,6 +6,7 @@
 /traefik
 /traefik.toml
 /static/
+/webui/.tmp/
 .vscode/
 /site/
 *.log
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,256 @@
 # Change Log

+## [v1.6.0](https://github.com/containous/traefik/tree/v1.6.0) (2018-04-30)
+[All Commits](https://github.com/containous/traefik/compare/v1.5.0-rc1...v1.6.0)
+
+**Enhancements:**
+- **[acme]** Create backup file during migration from ACME V1 to ACME V2 ([#3191](https://github.com/containous/traefik/pull/3191) by [nmengin](https://github.com/nmengin))
+- **[acme]** Generate wildcard certificate with SANs in ACME ([#3167](https://github.com/containous/traefik/pull/3167) by [nmengin](https://github.com/nmengin))
+- **[acme]** ACME V2 Integration ([#3063](https://github.com/containous/traefik/pull/3063) by [nmengin](https://github.com/nmengin))
+- **[acme]** Create ACME Provider ([#2889](https://github.com/containous/traefik/pull/2889) by [nmengin](https://github.com/nmengin))
+- **[acme]** Bump Lego Version for GoDaddy DNS Provider ([#2482](https://github.com/containous/traefik/pull/2482) by [sjawhar](https://github.com/sjawhar))
+- **[acme]** Delete TLS-SNI-01 challenge from ACME ([#2971](https://github.com/containous/traefik/pull/2971) by [nmengin](https://github.com/nmengin))
+- **[acme]** Simplify storing renewed acme certificate ([#2614](https://github.com/containous/traefik/pull/2614) by [ferhatelmas](https://github.com/ferhatelmas))
+- **[acme]** Update Lego (Gandi API v5, cloudxns, ...) ([#2844](https://github.com/containous/traefik/pull/2844) by [ldez](https://github.com/ldez))
+- **[acme]** Remove acme provider dependency in server ([#3225](https://github.com/containous/traefik/pull/3225) by [Juliens](https://github.com/Juliens))
+- **[api,cluster]** Added cluster/leader endpoint ([#3009](https://github.com/containous/traefik/pull/3009) by [aantono](https://github.com/aantono))
+- **[api,cluster]** Improved cluster api to include the current leader node ([#3100](https://github.com/containous/traefik/pull/3100) by [aantono](https://github.com/aantono))
+- **[authentication]** Forward Authentication: add X-Forwarded-Uri ([#2398](https://github.com/containous/traefik/pull/2398) by [sebastianbauer](https://github.com/sebastianbauer))
+- **[boltdb,consul,etcd,kv,zk]** Add all available configuration to KV Backend ([#2652](https://github.com/containous/traefik/pull/2652) by [ldez](https://github.com/ldez))
+- **[boltdb,consul,etcd,kv,zk]** homogenization of templates: KV ([#2661](https://github.com/containous/traefik/pull/2661) by [ldez](https://github.com/ldez))
+- **[boltdb,consul,etcd,kv,zk]** Homogenization of the providers (part 1):  KV ([#2616](https://github.com/containous/traefik/pull/2616) by [ldez](https://github.com/ldez))
+- **[consul,consulcatalog]** Homogenization of templates: Consul Catalog ([#2668](https://github.com/containous/traefik/pull/2668) by [ldez](https://github.com/ldez))
+- **[consul,consulcatalog]** Split consul and consul catalog. ([#2655](https://github.com/containous/traefik/pull/2655) by [ldez](https://github.com/ldez))
+- **[consulcatalog,ecs,mesos]** Factorize labels managements. ([#3099](https://github.com/containous/traefik/pull/3099) by [ldez](https://github.com/ldez))
+- **[consulcatalog]** TLS Support for ConsulCatalog ([#2900](https://github.com/containous/traefik/pull/2900) by [mmatur](https://github.com/mmatur))
+- **[consulcatalog]** Check for endpoints while detecting Consul service changes ([#2882](https://github.com/containous/traefik/pull/2882) by [caseycs](https://github.com/caseycs))
+- **[consulcatalog]** Add all available tags to Consul Catalog Backend ([#2646](https://github.com/containous/traefik/pull/2646) by [ldez](https://github.com/ldez))
+- **[docker,docker/swarm]** Fix support for macvlan driver in docker provider ([#2827](https://github.com/containous/traefik/pull/2827) by [mmatur](https://github.com/mmatur))
+- **[docker,marathon,rancher]** Segments Labels: Rancher &amp; Marathon ([#3073](https://github.com/containous/traefik/pull/3073) by [ldez](https://github.com/ldez))
+- **[docker]** Custom headers by service labels for docker backends ([#2514](https://github.com/containous/traefik/pull/2514) by [Tiscs](https://github.com/Tiscs))
+- **[docker]** Homogenization of templates: Docker ([#2659](https://github.com/containous/traefik/pull/2659) by [ldez](https://github.com/ldez))
+- **[docker]** Add all available labels to Docker Backend ([#2584](https://github.com/containous/traefik/pull/2584) by [ldez](https://github.com/ldez))
+- **[docker]** Segment labels: Docker ([#3055](https://github.com/containous/traefik/pull/3055) by [ldez](https://github.com/ldez))
+- **[dynamodb,ecs]** Upgrade AWS SKD to version v1.13.1 ([#2908](https://github.com/containous/traefik/pull/2908) by [mmatur](https://github.com/mmatur))
+- **[ecs]** Factorize labels managements. ([#3159](https://github.com/containous/traefik/pull/3159) by [ldez](https://github.com/ldez))
+- **[ecs]** Homogenization of templates: ECS ([#2663](https://github.com/containous/traefik/pull/2663) by [ldez](https://github.com/ldez))
+- **[ecs]** Add all available labels to ECS Backend ([#2605](https://github.com/containous/traefik/pull/2605) by [ldez](https://github.com/ldez))
+- **[eureka]** Homogenization of templates: Eureka  ([#2846](https://github.com/containous/traefik/pull/2846) by [ldez](https://github.com/ldez))
+- **[eureka]** Replace Delay by RefreshSecond in Eureka ([#2972](https://github.com/containous/traefik/pull/2972) by [ldez](https://github.com/ldez))
+- **[file]** Added support for templates to file provider ([#2991](https://github.com/containous/traefik/pull/2991) by [aantono](https://github.com/aantono))
+- **[healthcheck]** Toggle /ping to artificially return unhealthy response on SIGTERM during requestAcceptGraceTimeout interval ([#3062](https://github.com/containous/traefik/pull/3062) by [ravilr](https://github.com/ravilr))
+- **[healthcheck]** Add HTTP headers to healthcheck. ([#3047](https://github.com/containous/traefik/pull/3047) by [zetaab](https://github.com/zetaab))
+- **[healthcheck]** Improve logging output for failing healthchecks ([#2443](https://github.com/containous/traefik/pull/2443) by [marco-jantke](https://github.com/marco-jantke))
+- **[k8s,tls]** Add support for fetching k8s Ingress TLS data from secrets ([#2439](https://github.com/containous/traefik/pull/2439) by [gopenguin](https://github.com/gopenguin))
+- **[k8s]** Builders in k8s tests ([#2513](https://github.com/containous/traefik/pull/2513) by [ldez](https://github.com/ldez))
+- **[k8s]** Support multi-port services. ([#3121](https://github.com/containous/traefik/pull/3121) by [timoreimann](https://github.com/timoreimann))
+- **[k8s]** Bump kubernetes/client-go ([#2848](https://github.com/containous/traefik/pull/2848) by [yue9944882](https://github.com/yue9944882))
+- **[k8s]** Add all available annotations to k8s Backend ([#2612](https://github.com/containous/traefik/pull/2612) by [ldez](https://github.com/ldez))
+- **[k8s]** Allow custom value for kubernetes.io/ingress.class annotation ([#2222](https://github.com/containous/traefik/pull/2222) by [yuvipanda](https://github.com/yuvipanda))
+- **[k8s]** Introduce k8s informer factory ([#2867](https://github.com/containous/traefik/pull/2867) by [yue9944882](https://github.com/yue9944882))
+- **[k8s]** Add app-root annotation support for kubernetes ingress ([#2522](https://github.com/containous/traefik/pull/2522) by [yue9944882](https://github.com/yue9944882))
+- **[logs,middleware]** Add access log filter for retry attempts ([#3042](https://github.com/containous/traefik/pull/3042) by [marco-jantke](https://github.com/marco-jantke))
+- **[logs,middleware]** Ultimate Access log filter ([#2988](https://github.com/containous/traefik/pull/2988) by [mmatur](https://github.com/mmatur))
+- **[logs,middleware]** Add username in accesslog ([#2111](https://github.com/containous/traefik/pull/2111) by [bastiaanb](https://github.com/bastiaanb))
+- **[logs]** Display file log when test fails. ([#2801](https://github.com/containous/traefik/pull/2801) by [ldez](https://github.com/ldez))
+- **[logs]** Allow overriding the log level in debug mode. ([#3050](https://github.com/containous/traefik/pull/3050) by [timoreimann](https://github.com/timoreimann))
+- **[marathon]** Remove health check filter from Marathon tasks. ([#2817](https://github.com/containous/traefik/pull/2817) by [timoreimann](https://github.com/timoreimann))
+- **[marathon]** homogenization of templates: Marathon ([#2665](https://github.com/containous/traefik/pull/2665) by [ldez](https://github.com/ldez))
+- **[marathon]** Add all available labels to Marathon Backend ([#2602](https://github.com/containous/traefik/pull/2602) by [ldez](https://github.com/ldez))
+- **[mesos]** Add all available labels to Mesos Backend  ([#2687](https://github.com/containous/traefik/pull/2687) by [ldez](https://github.com/ldez))
+- **[metrics]** Added missing metrics to registry for DataDog and StatsD ([#2890](https://github.com/containous/traefik/pull/2890) by [aantono](https://github.com/aantono))
+- **[metrics]** Extend metrics and rebuild prometheus exporting logic ([#2567](https://github.com/containous/traefik/pull/2567) by [marco-jantke](https://github.com/marco-jantke))
+- **[metrics]** Remove unnecessary conversion ([#2850](https://github.com/containous/traefik/pull/2850) by [ferhatelmas](https://github.com/ferhatelmas))
+- **[metrics]** Added entrypoint metrics to influxdb ([#2992](https://github.com/containous/traefik/pull/2992) by [adityacs](https://github.com/adityacs))
+- **[middleware,consul,consulcatalog,docker,ecs,k8s,marathon,mesos,rancher]** New option in secure middleware ([#2958](https://github.com/containous/traefik/pull/2958) by [mmatur](https://github.com/mmatur))
+- **[middleware,consulcatalog,docker,ecs,k8s,kv,marathon,mesos,rancher]** Ability to use &#34;X-Forwarded-For&#34; as a source of IP for white list. ([#3070](https://github.com/containous/traefik/pull/3070) by [ldez](https://github.com/ldez))
+- **[middleware,docker]** Use pointer of error pages ([#2607](https://github.com/containous/traefik/pull/2607) by [ldez](https://github.com/ldez))
+- **[middleware,provider]** Redirection: permanent move option. ([#2774](https://github.com/containous/traefik/pull/2774) by [ldez](https://github.com/ldez))
+- **[middleware]** Add tests on IPWhiteLister. ([#3106](https://github.com/containous/traefik/pull/3106) by [ldez](https://github.com/ldez))
+- **[middleware]** Add new options to the CLI entrypoint definition.  ([#2799](https://github.com/containous/traefik/pull/2799) by [ldez](https://github.com/ldez))
+- **[middleware]** Change port of traefik for error pages integration test ([#2907](https://github.com/containous/traefik/pull/2907) by [mmatur](https://github.com/mmatur))
+- **[middleware]** Request buffering middleware ([#2217](https://github.com/containous/traefik/pull/2217) by [harnash](https://github.com/harnash))
+- **[middleware]** Remove unnecessary returns in tracing setup ([#2880](https://github.com/containous/traefik/pull/2880) by [ferhatelmas](https://github.com/ferhatelmas))
+- **[middleware]** Extract internal router creation from server ([#3204](https://github.com/containous/traefik/pull/3204) by [Juliens](https://github.com/Juliens))
+- **[provider]** Homogenization of the providers (part 1) ([#2518](https://github.com/containous/traefik/pull/2518) by [ldez](https://github.com/ldez))
+- **[provider]** No error pages must return nil. ([#2610](https://github.com/containous/traefik/pull/2610) by [ldez](https://github.com/ldez))
+- **[rancher]** Add all available labels to Rancher Backend ([#2601](https://github.com/containous/traefik/pull/2601) by [ldez](https://github.com/ldez))
+- **[rancher]** Homogenization of templates: Rancher ([#2662](https://github.com/containous/traefik/pull/2662) by [ldez](https://github.com/ldez))
+- **[rules]** Externalize Træfik rules in a dedicated package ([#2933](https://github.com/containous/traefik/pull/2933) by [nmengin](https://github.com/nmengin))
+- **[servicefabric]** Use shared label system ([#3197](https://github.com/containous/traefik/pull/3197) by [ldez](https://github.com/ldez))
+- **[servicefabric]** Add white list for Service Fabric ([#3079](https://github.com/containous/traefik/pull/3079) by [ldez](https://github.com/ldez))
+- **[servicefabric]** Update Service Fabric backend. ([#3064](https://github.com/containous/traefik/pull/3064) by [ldez](https://github.com/ldez))
+- **[servicefabric]** Add HTTP headers to healthcheck. ([#3205](https://github.com/containous/traefik/pull/3205) by [ldez](https://github.com/ldez))
+- **[tls]** Support TLS MinVersion and CipherSuite as CLI option. ([#3107](https://github.com/containous/traefik/pull/3107) by [ldez](https://github.com/ldez))
+- **[tls]** Use default entryPoints when certificates are added with no entryPoints. ([#2534](https://github.com/containous/traefik/pull/2534) by [nmengin](https://github.com/nmengin))
+- **[tracing]** Opentracing support ([#2587](https://github.com/containous/traefik/pull/2587) by [mmatur](https://github.com/mmatur))
+- **[tracing]** Handle zipkin collector creation ([#2860](https://github.com/containous/traefik/pull/2860) by [ferhatelmas](https://github.com/ferhatelmas))
+- **[webui]** New web ui ([#2226](https://github.com/containous/traefik/pull/2226) by [jkuri](https://github.com/jkuri))
+- **[webui]** Add status code text to webui bar chart tooltip ([#2639](https://github.com/containous/traefik/pull/2639) by [wader](https://github.com/wader))
+- Separate command from the main package ([#2951](https://github.com/containous/traefik/pull/2951) by [Juliens](https://github.com/Juliens))
+- Logger and Leaks ([#2847](https://github.com/containous/traefik/pull/2847) by [ldez](https://github.com/ldez))
+- Use context in Server ([#3007](https://github.com/containous/traefik/pull/3007) by [Juliens](https://github.com/Juliens))
+
+**Bug fixes:**
+- **[acme]** Update lego. ([#3158](https://github.com/containous/traefik/pull/3158) by [ldez](https://github.com/ldez))
+- **[acme]** Fix panic with wrong ACME configuration ([#3084](https://github.com/containous/traefik/pull/3084) by [nmengin](https://github.com/nmengin))
+- **[acme]** Minor updates to dumpcerts.sh ([#3116](https://github.com/containous/traefik/pull/3116) by [mathuin](https://github.com/mathuin))
+- **[acme]** Add ACME certificates only on ACME EntryPoint ([#3136](https://github.com/containous/traefik/pull/3136) by [nmengin](https://github.com/nmengin))
+- **[acme]** Add TTL and custom Timeout in DigitalOcean DNS provider  ([#3143](https://github.com/containous/traefik/pull/3143) by [ldez](https://github.com/ldez))
+- **[acme]** Fix acme.json file automatic creation ([#3156](https://github.com/containous/traefik/pull/3156) by [nmengin](https://github.com/nmengin))
+- **[acme]** Fix wildcard match to ACME domains in cluster mode ([#3080](https://github.com/containous/traefik/pull/3080) by [oldmantaiter](https://github.com/oldmantaiter))
+- **[acme]** Check all the C/N and SANs of provided certificates before generating ACME certificates in ACME provider ([#2970](https://github.com/containous/traefik/pull/2970) by [nmengin](https://github.com/nmengin))
+- **[acme]** Does not generate ACME certificate if domain is checked by dynamic certificate ([#3238](https://github.com/containous/traefik/pull/3238) by [Juliens](https://github.com/Juliens))
+- **[api,cluster]** Moved /api/cluster/leadership handler under public routes (requires no authentication) ([#3101](https://github.com/containous/traefik/pull/3101) by [aantono](https://github.com/aantono))
+- **[authentication,middleware]** Forward auth: copy response headers when auth failed. ([#3207](https://github.com/containous/traefik/pull/3207) by [ldez](https://github.com/ldez))
+- **[consul,docker,ecs,eureka,k8s,kv,marathon,mesos,rancher]** Server weight zero ([#3130](https://github.com/containous/traefik/pull/3130) by [ldez](https://github.com/ldez))
+- **[docker,marathon,mesos,rancher]** Fix:  label &#39;traefik.domain&#39; ([#3201](https://github.com/containous/traefik/pull/3201) by [ldez](https://github.com/ldez))
+- **[docker,k8s,marathon]** Fix custom headers template ([#2622](https://github.com/containous/traefik/pull/2622) by [ldez](https://github.com/ldez))
+- **[docker,rancher]** Ignore server for container with empty IP address. ([#3213](https://github.com/containous/traefik/pull/3213) by [ldez](https://github.com/ldez))
+- **[docker,rancher]** Frontend rule and segment labels. ([#3091](https://github.com/containous/traefik/pull/3091) by [ldez](https://github.com/ldez))
+- **[docker]** Fix multiple frontends with docker-compose --scale ([#3190](https://github.com/containous/traefik/pull/3190) by [jbdoumenjou](https://github.com/jbdoumenjou))
+- **[k8s]** Fixes prefixed annotations support. ([#3110](https://github.com/containous/traefik/pull/3110) by [ldez](https://github.com/ldez))
+- **[k8s]** Limit label selector to Ingress factory. ([#3137](https://github.com/containous/traefik/pull/3137) by [timoreimann](https://github.com/timoreimann))
+- **[k8s]** Missing annotation prefix support. ([#2915](https://github.com/containous/traefik/pull/2915) by [ldez](https://github.com/ldez))
+- **[k8s]** Remove hardcoded frontend prefix in Kubernetes template ([#2914](https://github.com/containous/traefik/pull/2914) by [psalaberria002](https://github.com/psalaberria002))
+- **[logs,middleware]** Fix bad access log ([#2682](https://github.com/containous/traefik/pull/2682) by [mmatur](https://github.com/mmatur))
+- **[marathon]** Several apps with same backend name in Marathon. ([#3109](https://github.com/containous/traefik/pull/3109) by [ldez](https://github.com/ldez))
+- **[mesos]** fix: overflow on 32 bits arch. ([#3127](https://github.com/containous/traefik/pull/3127) by [ldez](https://github.com/ldez))
+- **[metrics]** Fix duplicated tags in InfluxDB ([#3189](https://github.com/containous/traefik/pull/3189) by [mmatur](https://github.com/mmatur))
+- **[middleware,consul,consulcatalog,docker,ecs,kv,marathon,mesos,rancher]** Fix: error pages ([#3138](https://github.com/containous/traefik/pull/3138) by [ldez](https://github.com/ldez))
+- **[middleware,tracing]** Fix nil value when tracing is enabled ([#3192](https://github.com/containous/traefik/pull/3192) by [mmatur](https://github.com/mmatur))
+- **[middleware,tracing]** Fix &lt;nil&gt; tracer value in KV ([#2911](https://github.com/containous/traefik/pull/2911) by [mmatur](https://github.com/mmatur))
+- **[middleware]** Fix panic in atomic on ARM and x86-32 platforms ([#3195](https://github.com/containous/traefik/pull/3195) by [mmatur](https://github.com/mmatur))
+- **[middleware]** Redirect to HTTPS first before basic auth if header redirect (secure) is set ([#3187](https://github.com/containous/traefik/pull/3187) by [SantoDE](https://github.com/SantoDE))
+- **[middleware]** Fix error pages redirect and headers. ([#3217](https://github.com/containous/traefik/pull/3217) by [ldez](https://github.com/ldez))
+- **[middleware]** Fix whitelist and XFF. ([#3211](https://github.com/containous/traefik/pull/3211) by [ldez](https://github.com/ldez))
+- **[middleware]** Use responseModifier to override secure headers ([#2946](https://github.com/containous/traefik/pull/2946) by [mmatur](https://github.com/mmatur))
+- **[middleware]** Correct conditional setting of buffering retry expression. ([#2865](https://github.com/containous/traefik/pull/2865) by [ldez](https://github.com/ldez))
+- **[middleware]** Fix high memory usage in retry middleware ([#2740](https://github.com/containous/traefik/pull/2740) by [marco-jantke](https://github.com/marco-jantke))
+- **[provider]** Add some missing quotes in templates ([#2973](https://github.com/containous/traefik/pull/2973) by [ldez](https://github.com/ldez))
+- **[servicefabric]** Fix backend name for stateful service and more. ([#3183](https://github.com/containous/traefik/pull/3183) by [ldez](https://github.com/ldez))
+- **[tracing]** Tracing statusCodeTracker need to implement CloseNotify ([#2733](https://github.com/containous/traefik/pull/2733) by [mmatur](https://github.com/mmatur))
+- **[tracing]** Fix missing configuration for jaeger reporter ([#2720](https://github.com/containous/traefik/pull/2720) by [mmatur](https://github.com/mmatur))
+- **[tracing]** Fix integration tests in tracing ([#2759](https://github.com/containous/traefik/pull/2759) by [mmatur](https://github.com/mmatur))
+- **[webui]** Remove useless ACME tab from UI. ([#3154](https://github.com/containous/traefik/pull/3154) by [ldez](https://github.com/ldez))
+- **[webui]** Add redirect section. ([#3243](https://github.com/containous/traefik/pull/3243) by [ldez](https://github.com/ldez))
+- Remove unnecessary mutex usage in health checks ([#2726](https://github.com/containous/traefik/pull/2726) by [marco-jantke](https://github.com/marco-jantke))
+- Add missing argument in log. ([#3188](https://github.com/containous/traefik/pull/3188) by [chemidy](https://github.com/chemidy))
+
+**Documentation:**
+- **[docker]** Add default values for some Docker labels ([#2604](https://github.com/containous/traefik/pull/2604) by [ldez](https://github.com/ldez))
+- **[file]** Add documentation about Templating in backend file ([#3223](https://github.com/containous/traefik/pull/3223) by [nmengin](https://github.com/nmengin))
+- **[k8s]** Update kubernetes.md ([#3093](https://github.com/containous/traefik/pull/3093) by [rdrgporto](https://github.com/rdrgporto))
+- **[k8s]** Update kubernetes.md ([#3171](https://github.com/containous/traefik/pull/3171) by [andreyfedoseev](https://github.com/andreyfedoseev))
+- **[k8s]** Document custom k8s ingress class usage in guide. ([#3242](https://github.com/containous/traefik/pull/3242) by [timoreimann](https://github.com/timoreimann))
+- **[k8s]** Update traefik-ds.yaml with --api command line parameter ([#2803](https://github.com/containous/traefik/pull/2803) by [maniankara](https://github.com/maniankara))
+- **[k8s]** Remove web provider in example ([#2807](https://github.com/containous/traefik/pull/2807) by [pigletfly](https://github.com/pigletfly))
+- **[k8s]** Drop capabilities in Kubernetes DaemonSet example ([#3028](https://github.com/containous/traefik/pull/3028) by [nogoegst](https://github.com/nogoegst))
+- **[k8s]** Docs: Fix typos in k8s user-guide ([#2898](https://github.com/containous/traefik/pull/2898) by [cez81](https://github.com/cez81))
+- **[k8s]** Change boolean annotation values to string ([#2839](https://github.com/containous/traefik/pull/2839) by [hobti01](https://github.com/hobti01))
+- **[provider]** Fix template version documentation. ([#3184](https://github.com/containous/traefik/pull/3184) by [ldez](https://github.com/ldez))
+- **[provider]** Cleaning labels/annotations documentation. ([#3245](https://github.com/containous/traefik/pull/3245) by [ldez](https://github.com/ldez))
+- **[provider]** Split security labels and custom labels documentation. ([#2872](https://github.com/containous/traefik/pull/2872) by [ldez](https://github.com/ldez))
+- **[provider]** Remove non-supported label. ([#3065](https://github.com/containous/traefik/pull/3065) by [ldez](https://github.com/ldez))
+- **[provider]** Remove obsolete paragraph about error pages. ([#2608](https://github.com/containous/traefik/pull/2608) by [ldez](https://github.com/ldez))
+- **[servicefabric]** Update SF white list documentation section. ([#3082](https://github.com/containous/traefik/pull/3082) by [ldez](https://github.com/ldez))
+- **[servicefabric]** Add SF to supported backends in docs ([#3033](https://github.com/containous/traefik/pull/3033) by [lawrencegripper](https://github.com/lawrencegripper))
+- **[tracing]** Add Tracing entry in the documentation. ([#2713](https://github.com/containous/traefik/pull/2713) by [ldez](https://github.com/ldez))
+- **[tracing]** Fix documentation for tracing with Jaeger ([#3227](https://github.com/containous/traefik/pull/3227) by [mmatur](https://github.com/mmatur))
+- **[webui]** doc: update Traefik images. ([#3241](https://github.com/containous/traefik/pull/3241) by [ldez](https://github.com/ldez))
+- Fix typo in doc for rate limit label ([#2790](https://github.com/containous/traefik/pull/2790) by [mmatur](https://github.com/mmatur))
+- Fix typo in documentation ([#3215](https://github.com/containous/traefik/pull/3215) by [arnaslu](https://github.com/arnaslu))
+- Update some examples ([#3150](https://github.com/containous/traefik/pull/3150) by [zaporylie](https://github.com/zaporylie))
+- Normalize parameter names in configs ([#3132](https://github.com/containous/traefik/pull/3132) by [kachkaev](https://github.com/kachkaev))
+- Fixed documentation urls on README.md ([#3102](https://github.com/containous/traefik/pull/3102) by [emir](https://github.com/emir))
+- Minor improvements to documentation ([#3221](https://github.com/containous/traefik/pull/3221) by [colincoller](https://github.com/colincoller))
+- Fix basic documentation ([#3086](https://github.com/containous/traefik/pull/3086) by [mmatur](https://github.com/mmatur))
+- Fix typo and tweak formatting in quickstart ([#3250](https://github.com/containous/traefik/pull/3250) by [alexymik](https://github.com/alexymik))
+- Prepare release v1.6.0-rc5 ([#3179](https://github.com/containous/traefik/pull/3179) by [Juliens](https://github.com/Juliens))
+- Prepare release v1.6.0-rc6 ([#3199](https://github.com/containous/traefik/pull/3199) by [mmatur](https://github.com/mmatur))
+- Prepare release v1.6.0-rc4 ([#3126](https://github.com/containous/traefik/pull/3126) by [ldez](https://github.com/ldez))
+- Prepare release v1.6.0-rc3 ([#3096](https://github.com/containous/traefik/pull/3096) by [ldez](https://github.com/ldez))
+- Prepare release v1.6.0-rc2 ([#3087](https://github.com/containous/traefik/pull/3087) by [nmengin](https://github.com/nmengin))
+- Prepare release v1.6.0-rc1 ([#3078](https://github.com/containous/traefik/pull/3078) by [Juliens](https://github.com/Juliens))
+
+**Misc:**
+- **[oxy]** Disable closeNotify when method GET for http pipelining ([#3108](https://github.com/containous/traefik/pull/3108) by [Juliens](https://github.com/Juliens))
+- **[boltdb,consul,etcd,kv,zk]** Migrate from libkv to valkeyrie library ([#2743](https://github.com/containous/traefik/pull/2743) by [nmengin](https://github.com/nmengin))
+- Fix Service Fabric docs to use v1.6 labels ([#3209](https://github.com/containous/traefik/pull/3209) by [jjcollinge](https://github.com/jjcollinge))
+- Merge v1.6.0-rc6 into master ([#3203](https://github.com/containous/traefik/pull/3203) by [ldez](https://github.com/ldez))
+- Merge v1.6.0-rc5 into master  ([#3180](https://github.com/containous/traefik/pull/3180) by [ldez](https://github.com/ldez))
+- Merge v1.6.0-rc4 into master  ([#3129](https://github.com/containous/traefik/pull/3129) by [ldez](https://github.com/ldez))
+- Merge v1.5.4 into master  ([#3024](https://github.com/containous/traefik/pull/3024) by [ldez](https://github.com/ldez))
+- Merge v1.5.3 into master ([#2943](https://github.com/containous/traefik/pull/2943) by [ldez](https://github.com/ldez))
+- Merge v1.5.2 into master  ([#2843](https://github.com/containous/traefik/pull/2843) by [ldez](https://github.com/ldez))
+- Merge v1.5.1 into master ([#2781](https://github.com/containous/traefik/pull/2781) by [ldez](https://github.com/ldez))
+- Merge v1.5.0-rc5 into master ([#2708](https://github.com/containous/traefik/pull/2708) by [ldez](https://github.com/ldez))
+- Merge v1.5.0-rc3 into master ([#2600](https://github.com/containous/traefik/pull/2600) by [ldez](https://github.com/ldez))
+- Merge v1.5.0-rc2 into master ([#2536](https://github.com/containous/traefik/pull/2536) by [ldez](https://github.com/ldez))
+- Drop unnecessary type conversions ([#2583](https://github.com/containous/traefik/pull/2583) by [ferhatelmas](https://github.com/ferhatelmas))
+- Code simplification ([#2516](https://github.com/containous/traefik/pull/2516) by [ferhatelmas](https://github.com/ferhatelmas))
+
+## [v1.6.0-rc6](https://github.com/containous/traefik/tree/v1.6.0-rc6) (2018-04-17)
+[All Commits](https://github.com/containous/traefik/compare/v1.6.0-rc5...v1.6.0-rc6)
+
+**Enhancements:**
+- **[acme]** Create backup file during migration from ACME V1 to ACME V2 ([#3191](https://github.com/containous/traefik/pull/3191) by [nmengin](https://github.com/nmengin))
+- **[servicefabric]** Use shared label system ([#3197](https://github.com/containous/traefik/pull/3197) by [ldez](https://github.com/ldez))
+
+**Bug fixes:**
+- **[docker]** Fix multiple frontends with docker-compose --scale ([#3190](https://github.com/containous/traefik/pull/3190) by [jbdoumenjou](https://github.com/jbdoumenjou))
+- **[metrics]** Fix duplicated tags in InfluxDB ([#3189](https://github.com/containous/traefik/pull/3189) by [mmatur](https://github.com/mmatur))
+- **[middleware,tracing]** Fix nil value when tracing is enabled ([#3192](https://github.com/containous/traefik/pull/3192) by [mmatur](https://github.com/mmatur))
+- **[middleware]** Fix panic in atomic on ARM and x86-32 platforms ([#3195](https://github.com/containous/traefik/pull/3195) by [mmatur](https://github.com/mmatur))
+- **[middleware]** Redirect to HTTPS first before basic auth if header redirect (secure) is set ([#3187](https://github.com/containous/traefik/pull/3187) by [SantoDE](https://github.com/SantoDE))
+- **[servicefabric]** Fix backend name for stateful service and more. ([#3183](https://github.com/containous/traefik/pull/3183) by [ldez](https://github.com/ldez))
+- Add missing argument in log. ([#3188](https://github.com/containous/traefik/pull/3188) by [chemidy](https://github.com/chemidy))
+
+**Documentation:**
+- **[provider]** Fix template version documentation. ([#3184](https://github.com/containous/traefik/pull/3184) by [ldez](https://github.com/ldez))
+
+## [v1.6.0-rc5](https://github.com/containous/traefik/tree/v1.6.0-rc5) (2018-04-12)
+[All Commits](https://github.com/containous/traefik/compare/v1.6.0-rc4...v1.6.0-rc5)
+
+**Enhancements:**
+- **[acme]** Generate wildcard certificate with SANs in ACME ([#3167](https://github.com/containous/traefik/pull/3167) by [nmengin](https://github.com/nmengin))
+- **[ecs]** Factorize labels managements. ([#3159](https://github.com/containous/traefik/pull/3159) by [ldez](https://github.com/ldez))
+
+**Bug fixes:**
+- **[acme]** Update lego. ([#3158](https://github.com/containous/traefik/pull/3158) by [ldez](https://github.com/ldez))
+- **[acme]** Fix acme.json file automatic creation ([#3156](https://github.com/containous/traefik/pull/3156) by [nmengin](https://github.com/nmengin))
+- **[acme]** Minor updates to dumpcerts.sh ([#3116](https://github.com/containous/traefik/pull/3116) by [mathuin](https://github.com/mathuin))
+- **[acme]** Add TTL and custom Timeout in DigitalOcean DNS provider  ([#3143](https://github.com/containous/traefik/pull/3143) by [ldez](https://github.com/ldez))
+- **[acme]** Add ACME certificates only on ACME EntryPoint ([#3136](https://github.com/containous/traefik/pull/3136) by [nmengin](https://github.com/nmengin))
+- **[consul,docker,ecs,eureka,k8s,kv,marathon,mesos,rancher]** Server weight zero ([#3130](https://github.com/containous/traefik/pull/3130) by [ldez](https://github.com/ldez))
+- **[k8s]** Limit label selector to Ingress factory. ([#3137](https://github.com/containous/traefik/pull/3137) by [timoreimann](https://github.com/timoreimann))
+- **[middleware,consul,consulcatalog,docker,ecs,kv,marathon,mesos,rancher]** Fix: error pages ([#3138](https://github.com/containous/traefik/pull/3138) by [ldez](https://github.com/ldez))
+- **[webui]** Remove useless ACME tab from UI. ([#3154](https://github.com/containous/traefik/pull/3154) by [ldez](https://github.com/ldez))
+
+**Documentation:**
+- **[k8s]** Update kubernetes.md ([#3171](https://github.com/containous/traefik/pull/3171) by [andreyfedoseev](https://github.com/andreyfedoseev))
+- Update some examples ([#3150](https://github.com/containous/traefik/pull/3150) by [zaporylie](https://github.com/zaporylie))
+- Normalize parameter names in configs ([#3132](https://github.com/containous/traefik/pull/3132) by [kachkaev](https://github.com/kachkaev))
+
+**Misc:**
+- **[oxy]** Disable closeNotify when method GET for http pipelining ([#3108](https://github.com/containous/traefik/pull/3108) by [Juliens](https://github.com/Juliens))
+
+## [v1.6.0-rc4](https://github.com/containous/traefik/tree/v1.6.0-rc4) (2018-04-04)
+[All Commits](https://github.com/containous/traefik/compare/v1.6.0-rc3...v1.6.0-rc4)
+
+**Enhancements:**
+- **[consulcatalog,ecs,mesos]** Factorize labels managements. ([#3099](https://github.com/containous/traefik/pull/3099) by [ldez](https://github.com/ldez))
+- **[middleware]** Add tests on IPWhiteLister. ([#3106](https://github.com/containous/traefik/pull/3106) by [ldez](https://github.com/ldez))
+
+**Bug fixes:**
+- **[api,cluster]** Moved /api/cluster/leadership handler under public routes (requires no authentication) ([#3101](https://github.com/containous/traefik/pull/3101) by [aantono](https://github.com/aantono))
+- **[k8s]** Fixes prefixed annotations support. ([#3110](https://github.com/containous/traefik/pull/3110) by [ldez](https://github.com/ldez))
+- **[marathon]** Several apps with same backend name in Marathon. ([#3109](https://github.com/containous/traefik/pull/3109) by [ldez](https://github.com/ldez))
+
+**Documentation:**
+- **[k8s]** Update kubernetes.md ([#3093](https://github.com/containous/traefik/pull/3093) by [rdrgporto](https://github.com/rdrgporto))
+- Fixed documentation urls on README.md ([#3102](https://github.com/containous/traefik/pull/3102) by [emir](https://github.com/emir))
+
 ## [v1.6.0-rc3](https://github.com/containous/traefik/tree/v1.6.0-rc3) (2018-03-28)
 [All Commits](https://github.com/containous/traefik/compare/v1.6.0-rc2...v1.6.0-rc3)

--- a/Gopkg.lock
+++ b/Gopkg.lock
@@ -24,8 +24,12 @@

 [[projects]]
  name = "github.com/Azure/azure-sdk-for-go"
-  packages = ["arm/dns"]
-  revision = "f7bb4db3ea4c73dc58bd284c38ea644a79324be0"
+  packages = [
+    "services/dns/mgmt/2017-09-01/dns",
+    "version"
+  ]
+  revision = "068ec4d616be5b2175509bf1fb3e4c8ea160d5c8"
+  version = "v15.0.1"

 [[projects]]
  branch = "master"
@@ -45,8 +49,8 @@
    "autorest/date",
    "autorest/to"
  ]
-  revision = "f6be1abbb5abd0517522f850dd785990d373da7e"
-  version = "v9.0.0"
+  revision = "9ad9326b278af8fa5cc67c30c0ce9a58cc0862b2"
+  version = "v10.6.0"

 [[projects]]
  branch = "master"
@@ -140,6 +144,17 @@
  ]
  revision = "063d875e3c5fd734fa2aa12fac83829f62acfc70"

+[[projects]]
+  name = "github.com/akamai/AkamaiOPEN-edgegrid-golang"
+  packages = [
+    "client-v1",
+    "configdns-v1",
+    "edgegrid",
+    "jsonhooks-v1"
+  ]
+  revision = "a494eba1efa1f38338393727dff63389a6a66534"
+  version = "v0.6.0"
+
 [[projects]]
  name = "github.com/aokoli/goutils"
  packages = ["."]
@@ -193,6 +208,7 @@
    "service/dynamodb/dynamodbiface",
    "service/ec2",
    "service/ecs",
+    "service/lightsail",
    "service/route53",
    "service/sts"
  ]
@@ -247,8 +263,8 @@
 [[projects]]
  name = "github.com/containous/traefik-extra-service-fabric"
  packages = ["."]
-  revision = "29a6d70ad0f15175efbaa5fd93d8afdd8b373b93"
-  version = "v1.1.1"
+  revision = "2889df8d4f84315e6e527588554ed0ce9d062305"
+  version = "v1.1.5"

 [[projects]]
  name = "github.com/coreos/bbolt"
@@ -300,8 +316,8 @@
 [[projects]]
  name = "github.com/dgrijalva/jwt-go"
  packages = ["."]
-  revision = "d2709f9f1f31ebcda9651b03077758c1f3a0018c"
-  version = "v3.0.0"
+  revision = "06ea1031745cb8b3dab3f6a236daf2b0aa468b7e"
+  version = "v3.2.0"

 [[projects]]
  name = "github.com/dnsimple/dnsimple-go"
@@ -553,8 +569,8 @@
    "metrics/statsd",
    "util/conn"
  ]
-  revision = "f66b0e13579bfc5a48b9e2a94b1209c107ea1f41"
-  version = "v0.3.0"
+  revision = "ca4112baa34cb55091301bdc13b1420a122b1b9e"
+  version = "v0.7.0"

 [[projects]]
  name = "github.com/go-logfmt/logfmt"
@@ -745,7 +761,6 @@
  version = "v1.3.7"

 [[projects]]
-  branch = "master"
  name = "github.com/jjcollinge/servicefabric"
  packages = ["."]
  revision = "8eebe170fa1ba25d3dfb928b3f86a7313b13b9fe"
@@ -914,6 +929,12 @@
  packages = ["."]
  revision = "db96455566f05ffe42bd6ac671f05eeb1152b45d"

+[[projects]]
+  branch = "master"
+  name = "github.com/namedotcom/go"
+  packages = ["namecom"]
+  revision = "08470befbe04613bd4b44cb6978b05d50294c4d4"
+
 [[projects]]
  branch = "master"
  name = "github.com/ogier/pflag"
@@ -1120,6 +1141,12 @@
  ]
  revision = "37e84520dcf74488f67654f9c775b9752c232dc1"

+[[projects]]
+  branch = "master"
+  name = "github.com/tuvistavie/securerandom"
+  packages = ["."]
+  revision = "15512123a948d62f6361bd84818e11f2ad84059a"
+
 [[projects]]
  name = "github.com/tv42/zbase32"
  packages = ["."]
@@ -1188,7 +1215,7 @@
    "roundrobin",
    "utils"
  ]
-  revision = "dacf34285ce530b272e9fe04d2f45f52e6374e36"
+  revision = "6956548a7fa4272adeadf828455109c53933ea86"

 [[projects]]
  name = "github.com/vulcand/predicate"
@@ -1214,28 +1241,34 @@
  revision = "0c8571ac0ce161a5feb57375a9cdf148c98c0f70"

 [[projects]]
-  branch = "acmev2"
+  branch = "containous-fork"
  name = "github.com/xenolf/lego"
  packages = [
-    "acme",
    "acmev2",
    "providers/dns",
    "providers/dns/auroradns",
    "providers/dns/azure",
+    "providers/dns/bluecat",
    "providers/dns/cloudflare",
    "providers/dns/cloudxns",
    "providers/dns/digitalocean",
    "providers/dns/dnsimple",
    "providers/dns/dnsmadeeasy",
    "providers/dns/dnspod",
+    "providers/dns/duckdns",
    "providers/dns/dyn",
+    "providers/dns/exec",
    "providers/dns/exoscale",
+    "providers/dns/fastdns",
    "providers/dns/gandi",
    "providers/dns/gandiv5",
+    "providers/dns/glesys",
    "providers/dns/godaddy",
    "providers/dns/googlecloud",
+    "providers/dns/lightsail",
    "providers/dns/linode",
    "providers/dns/namecheap",
+    "providers/dns/namedotcom",
    "providers/dns/ns1",
    "providers/dns/otc",
    "providers/dns/ovh",
@@ -1245,7 +1278,8 @@
    "providers/dns/route53",
    "providers/dns/vultr"
  ]
-  revision = "a149e7d6506feb4003da7093cbf818c6b75ed4a4"
+  revision = "2817d2131186742bc98830c73a5d9c255b3f4537"
+  source = "github.com/containous/lego"

 [[projects]]
  branch = "master"
@@ -1403,6 +1437,12 @@
  revision = "5b3e00af70a9484542169a976dcab8d03e601a17"
  version = "v1.30.0"

+[[projects]]
+  branch = "v1"
+  name = "gopkg.in/mattes/go-expand-tilde.v1"
+  packages = ["."]
+  revision = "cb884138e64c9a8bf5c7d6106d74b0fca082df0c"
+
 [[projects]]
  name = "gopkg.in/ns1/ns1-go.v2"
  packages = [
@@ -1415,16 +1455,6 @@
  ]
  revision = "c563826f4cbef9c11bebeb9f20a3f7afe9c1e2f4"

-[[projects]]
-  name = "gopkg.in/square/go-jose.v1"
-  packages = [
-    ".",
-    "cipher",
-    "json"
-  ]
-  revision = "aa2e30fdd1fe9dd3394119af66451ae790d50e0d"
-  version = "v1.1.0"
-
 [[projects]]
  name = "gopkg.in/square/go-jose.v2"
  packages = [
@@ -1644,6 +1674,6 @@
 [solve-meta]
  analyzer-name = "dep"
  analyzer-version = 1
-  inputs-digest = "593d67272ac35ca0fa59df7f2ac077a81ea842b3181b00acffa20553bfe6f2e0"
+  inputs-digest = "c7d91203842be1915ca08a31917a079489bff7ffc6f2e494330e9556b4730a06"
  solver-name = "gps-cdcl"
  solver-version = 1
--- a/Gopkg.toml
+++ b/Gopkg.toml
@@ -66,7 +66,7 @@

 [[constraint]]
  name = "github.com/containous/traefik-extra-service-fabric"
-  version = "1.1.1"
+  version = "1.1.5"

 [[constraint]]
  name = "github.com/coreos/go-systemd"
@@ -97,7 +97,7 @@

 [[constraint]]
  name = "github.com/go-kit/kit"
-  version = "0.3.0"
+  version = "0.7.0"

 [[constraint]]
  branch = "master"
@@ -181,8 +181,9 @@
  name = "github.com/vulcand/oxy"

 [[constraint]]
-  branch = "acmev2"
+  branch = "containous-fork"
  name = "github.com/xenolf/lego"
+  source = "github.com/containous/lego"

 [[constraint]]
  name = "google.golang.org/grpc"
--- a/README.md
+++ b/README.md
@@ -70,18 +70,18 @@ _(But if you'd rather configure some of your routes manually, Træfik supports t

 ## Supported Backends

- [Docker](docs/configuration/backends/docker/) / [Swarm mode](docs/configuration/backends/docker/#docker-swarm-mode)
- [Kubernetes](docs/configuration/backends/kubernetes/)
- [Mesos](docs/configuration/backends/mesos/) / [Marathon](docs/configuration/backends/marathon/)
- [Rancher](docs/configuration/backends/rancher/) (API, Metadata)
- [Service Fabric](docs/configuration/backends/servicefabric/)
- [Consul Catalog](docs/configuration/backends/consulcatalog/)
- [Consul](docs/configuration/backends/consul/) / [Etcd](docs/configuration/backends/etcd/) / [Zookeeper](docs/configuration/backends/zookeeper/) / [BoltDB](docs/configuration/backends/boltdb/)
- [Eureka](docs/configuration/backends/eureka/)
- [Amazon ECS](docs/configuration/backends/ecs/)
- [Amazon DynamoDB](docs/configuration/backends/dynamodb/)
- [File](docs/configuration/backends/file/)
- [Rest](docs/configuration/backends/rest/)
+- [Docker](https://docs.traefik.io/configuration/backends/docker) / [Swarm mode](https://docs.traefik.io/configuration/backends/docker#docker-swarm-mode)
+- [Kubernetes](https://docs.traefik.io/configuration/backends/kubernetes)
+- [Mesos](https://docs.traefik.io/configuration/backends/mesos) / [Marathon](https://docs.traefik.io/configuration/backends/marathon)
+- [Rancher](https://docs.traefik.io/configuration/backends/rancher) (API, Metadata)
+- [Azure Service Fabric](https://docs.traefik.io/configuration/backends/servicefabric)
+- [Consul Catalog](https://docs.traefik.io/configuration/backends/consulcatalog)
+- [Consul](https://docs.traefik.io/configuration/backends/consul) / [Etcd](https://docs.traefik.io/configuration/backends/etcd) / [Zookeeper](https://docs.traefik.io/configuration/backends/zookeeper) / [BoltDB](https://docs.traefik.io/configuration/backends/boltdb)
+- [Eureka](https://docs.traefik.io/configuration/backends/eureka)
+- [Amazon ECS](https://docs.traefik.io/configuration/backends/ecs)
+- [Amazon DynamoDB](https://docs.traefik.io/configuration/backends/dynamodb)
+- [File](https://docs.traefik.io/configuration/backends/file)
+- [Rest](https://docs.traefik.io/configuration/backends/rest)

 ## Quickstart

--- a/acme/acme.go
+++ b/acme/acme.go
@@ -26,7 +26,7 @@ import (
 	"github.com/containous/traefik/tls/generate"
 	"github.com/containous/traefik/types"
 	"github.com/eapache/channels"
-	"github.com/xenolf/lego/acmev2"
+	acme "github.com/xenolf/lego/acmev2"
 	"github.com/xenolf/lego/providers/dns"
 )

@@ -62,20 +62,6 @@ type ACME struct {
 }

 func (a *ACME) init() error {
-	// FIXME temporary fix, waiting for https://github.com/xenolf/lego/pull/478
-	acme.HTTPClient = http.Client{
-		Transport: &http.Transport{
-			Proxy: http.ProxyFromEnvironment,
-			Dial: (&net.Dialer{
-				Timeout:   30 * time.Second,
-				KeepAlive: 30 * time.Second,
-			}).Dial,
-			TLSHandshakeTimeout:   15 * time.Second,
-			ResponseHeaderTimeout: 15 * time.Second,
-			ExpectContinueTimeout: 1 * time.Second,
-		},
-	}
-
 	if a.ACMELogging {
 		acme.Logger = fmtlog.New(os.Stderr, "legolog: ", fmtlog.LstdFlags)
 	} else {
@@ -651,6 +637,7 @@ func (a *ACME) runJobs() {

 // getValidDomains checks if given domain is allowed to generate a ACME certificate and return it
 func (a *ACME) getValidDomains(domains []string, wildcardAllowed bool) ([]string, error) {
+	// Check if the domains array is empty or contains only one empty value
 	if len(domains) == 0 || (len(domains) == 1 && len(domains[0]) == 0) {
 		return nil, errors.New("unable to generate a certificate when no domain is given")
 	}
@@ -663,15 +650,14 @@ func (a *ACME) getValidDomains(domains []string, wildcardAllowed bool) ([]string
 		if a.DNSChallenge == nil && len(a.DNSProvider) == 0 {
 			return nil, fmt.Errorf("unable to generate a wildcard certificate for domain %q : ACME needs a DNSChallenge", strings.Join(domains, ","))
 		}
-
-		if len(domains) > 1 {
-			return nil, fmt.Errorf("unable to generate a wildcard certificate for domain %q : SANs are not allowed", strings.Join(domains, ","))
+		if strings.HasPrefix(domains[0], "*.*") {
+			return nil, fmt.Errorf("unable to generate a wildcard certificate for domain %q : ACME does not allow '*.*' wildcard domain", strings.Join(domains, ","))
 		}
-	} else {
-		for _, san := range domains[1:] {
-			if strings.HasPrefix(san, "*") {
-				return nil, fmt.Errorf("unable to generate a certificate in ACME provider for domains %q: SANs can not be a wildcard domain", strings.Join(domains, ","))
-			}
+	}
+	for _, san := range domains[1:] {
+		if strings.HasPrefix(san, "*") {
+			return nil, fmt.Errorf("unable to generate a certificate for domains %q: SANs can not be a wildcard domain", strings.Join(domains, ","))
+
 		}
 	}

@@ -710,31 +696,37 @@ func (a *ACME) deleteUnnecessaryDomains() {
 					keepDomain = false
 				}
 				break
-			} else if strings.HasPrefix(domain.Main, "*") && domain.SANs == nil {
-				// Check if domains can be validated by the wildcard domain
-
-				var newDomainsToCheck []string
-
-				// Check if domains can be validated by the wildcard domain
-				domainsMap := make(map[string]*tls.Certificate)
-				domainsMap[domain.Main] = &tls.Certificate{}
-
-				for _, domainProcessed := range domainToCheck.ToStrArray() {
-					if isDomainAlreadyChecked(domainProcessed, domainsMap) {
-						log.Warnf("Domain %q will not be processed by ACME because it is validated by the wildcard %q", domainProcessed, domain.Main)
-						continue
-					}
-					newDomainsToCheck = append(newDomainsToCheck, domainProcessed)
-				}
-
-				// Delete the domain if both Main and SANs can be validated by the wildcard domain
-				// otherwise keep the unchecked values
-				if newDomainsToCheck == nil {
-					keepDomain = false
-					break
-				}
-				domainToCheck.Set(newDomainsToCheck)
 			}
+
+			var newDomainsToCheck []string
+
+			// Check if domains can be validated by the wildcard domain
+			domainsMap := make(map[string]*tls.Certificate)
+			domainsMap[domain.Main] = &tls.Certificate{}
+			if len(domain.SANs) > 0 {
+				domainsMap[strings.Join(domain.SANs, ",")] = &tls.Certificate{}
+			}
+
+			for _, domainProcessed := range domainToCheck.ToStrArray() {
+				if idxDomain < idxDomainToCheck && isDomainAlreadyChecked(domainProcessed, domainsMap) {
+					// The domain is duplicated in a CN
+					log.Warnf("Domain %q is duplicated in the configuration or validated by the domain %v. It will be processed once.", domainProcessed, domain)
+					continue
+				} else if domain.Main != domainProcessed && strings.HasPrefix(domain.Main, "*") && types.MatchDomain(domainProcessed, domain.Main) {
+					// Check if a wildcard can validate the domain
+					log.Warnf("Domain %q will not be processed by ACME provider because it is validated by the wildcard %q", domainProcessed, domain.Main)
+					continue
+				}
+				newDomainsToCheck = append(newDomainsToCheck, domainProcessed)
+			}
+
+			// Delete the domain if both Main and SANs can be validated by the wildcard domain
+			// otherwise keep the unchecked values
+			if newDomainsToCheck == nil {
+				keepDomain = false
+				break
+			}
+			domainToCheck.Set(newDomainsToCheck)
 		}

 		if keepDomain {
--- a/acme/acme_test.go
+++ b/acme/acme_test.go
@@ -14,7 +14,7 @@ import (
 	"github.com/containous/traefik/tls/generate"
 	"github.com/containous/traefik/types"
 	"github.com/stretchr/testify/assert"
-	"github.com/xenolf/lego/acmev2"
+	acme "github.com/xenolf/lego/acmev2"
 )

 func TestDomainsSet(t *testing.T) {
@@ -417,11 +417,27 @@ func TestAcme_getValidDomain(t *testing.T) {
 			expectedDomains: nil,
 		},
 		{
-			desc:            "unexpected SANs",
-			domains:         []string{"*.traefik.wtf", "foo.traefik.wtf"},
+			desc:            "unauthorized wildcard with SAN",
+			domains:         []string{"*.*.traefik.wtf", "foo.traefik.wtf"},
 			dnsChallenge:    &acmeprovider.DNSChallenge{},
 			wildcardAllowed: true,
-			expectedErr:     "unable to generate a wildcard certificate for domain \"*.traefik.wtf,foo.traefik.wtf\" : SANs are not allowed",
+			expectedErr:     "unable to generate a wildcard certificate for domain \"*.*.traefik.wtf,foo.traefik.wtf\" : ACME does not allow '*.*' wildcard domain",
+			expectedDomains: nil,
+		},
+		{
+			desc:            "wildcard with SANs",
+			domains:         []string{"*.traefik.wtf", "traefik.wtf"},
+			dnsChallenge:    &acmeprovider.DNSChallenge{},
+			wildcardAllowed: true,
+			expectedErr:     "",
+			expectedDomains: []string{"*.traefik.wtf", "traefik.wtf"},
+		},
+		{
+			desc:            "unexpected SANs",
+			domains:         []string{"*.traefik.wtf", "*.acme.wtf"},
+			dnsChallenge:    &acmeprovider.DNSChallenge{},
+			wildcardAllowed: true,
+			expectedErr:     "unable to generate a certificate for domains \"*.traefik.wtf,*.acme.wtf\": SANs can not be a wildcard domain",
 			expectedDomains: nil,
 		},
 	}
--- a/acme/localStore.go
+++ b/acme/localStore.go
@@ -26,7 +26,7 @@ func NewLocalStore(file string) *LocalStore {
 func (s *LocalStore) Get() (*Account, error) {
 	account := &Account{}

-	hasData, err := checkFile(s.file)
+	hasData, err := acme.CheckFile(s.file)
 	if err != nil {
 		return nil, err
 	}
@@ -46,38 +46,42 @@ func (s *LocalStore) Get() (*Account, error) {
 		if err := json.Unmarshal(file, &account); err != nil {
 			return nil, err
 		}
-
-		// Check if ACME Account is in ACME V1 format
-		if account != nil && account.Registration != nil {
-			isOldRegistration, err := regexp.MatchString(acme.RegistrationURLPathV1Regexp, account.Registration.URI)
-			if err != nil {
-				return nil, err
-			}
-
-			if isOldRegistration {
-				account.Email = ""
-				account.Registration = nil
-				account.PrivateKey = nil
-			}
-		}
 	}

 	return account, nil
 }

+// RemoveAccountV1Values removes ACME account V1 values
+func RemoveAccountV1Values(account *Account) error {
+	// Check if ACME Account is in ACME V1 format
+	if account != nil && account.Registration != nil {
+		isOldRegistration, err := regexp.MatchString(acme.RegistrationURLPathV1Regexp, account.Registration.URI)
+		if err != nil {
+			return err
+		}
+
+		if isOldRegistration {
+			account.Email = ""
+			account.Registration = nil
+			account.PrivateKey = nil
+		}
+	}
+	return nil
+}
+
 // ConvertToNewFormat converts old acme.json format to the new one and store the result into the file (used for the backward compatibility)
 func ConvertToNewFormat(fileName string) {
 	localStore := acme.NewLocalStore(fileName)

 	storeAccount, err := localStore.GetAccount()
 	if err != nil {
-		log.Warnf("Failed to read new account, ACME data conversion is not available : %v", err)
+		log.Errorf("Failed to read new account, ACME data conversion is not available : %v", err)
 		return
 	}

 	storeCertificates, err := localStore.GetCertificates()
 	if err != nil {
-		log.Warnf("Failed to read new certificates, ACME data conversion is not available : %v", err)
+		log.Errorf("Failed to read new certificates, ACME data conversion is not available : %v", err)
 		return
 	}

@@ -86,13 +90,25 @@ func ConvertToNewFormat(fileName string) {

 		account, err := localStore.Get()
 		if err != nil {
-			log.Warnf("Failed to read old account, ACME data conversion is not available : %v", err)
+			log.Errorf("Failed to read old account, ACME data conversion is not available : %v", err)
 			return
 		}

 		// Convert ACME data from old to new format
 		newAccount := &acme.Account{}
 		if account != nil && len(account.Email) > 0 {
+			err = backupACMEFile(fileName, account)
+			if err != nil {
+				log.Errorf("Unable to create a backup for the V1 formatted ACME file: %s", err.Error())
+				return
+			}
+
+			err = RemoveAccountV1Values(account)
+			if err != nil {
+				log.Errorf("Unable to remove ACME Account V1 values: %s", err.Error())
+				return
+			}
+
 			newAccount = &acme.Account{
 				PrivateKey:   account.PrivateKey,
 				Registration: account.Registration,
@@ -107,8 +123,8 @@ func ConvertToNewFormat(fileName string) {
 					Domain:      cert.Domains,
 				})
 			}
-			// If account is in the old format, storeCertificates is nil or empty
-			// and has to be initialized
+
+			// If account is in the old format, storeCertificates is nil or empty and has to be initialized
 			storeCertificates = newCertificates
 		}

@@ -119,7 +135,16 @@ func ConvertToNewFormat(fileName string) {
 	}
 }

-// FromNewToOldFormat converts new acme.json format to the old one (used for the backward compatibility)
+func backupACMEFile(originalFileName string, account interface{}) error {
+	// write account to file
+	data, err := json.MarshalIndent(account, "", "  ")
+	if err != nil {
+		return err
+	}
+	return ioutil.WriteFile(originalFileName+".bak", data, 0600)
+}
+
+// FromNewToOldFormat converts new acme account to the old one (used for the backward compatibility)
 func FromNewToOldFormat(fileName string) (*Account, error) {
 	localStore := acme.NewLocalStore(fileName)

--- a/api/dashboard.go
+++ b/api/dashboard.go
@@ -14,9 +14,19 @@ type DashboardHandler struct{}
 // AddRoutes add dashboard routes on a router
 func (g DashboardHandler) AddRoutes(router *mux.Router) {
 	// Expose dashboard
-	router.Methods(http.MethodGet).Path("/").HandlerFunc(func(response http.ResponseWriter, request *http.Request) {
-		http.Redirect(response, request, request.Header.Get("X-Forwarded-Prefix")+"/dashboard/", 302)
-	})
-	router.Methods(http.MethodGet).PathPrefix("/dashboard/").
+	router.Methods(http.MethodGet).
+		Path("/").
+		HandlerFunc(func(response http.ResponseWriter, request *http.Request) {
+			http.Redirect(response, request, request.Header.Get("X-Forwarded-Prefix")+"/dashboard/", 302)
+		})
+
+	router.Methods(http.MethodGet).
+		Path("/dashboard/status").
+		HandlerFunc(func(response http.ResponseWriter, request *http.Request) {
+			http.Redirect(response, request, "/dashboard/", 302)
+		})
+
+	router.Methods(http.MethodGet).
+		PathPrefix("/dashboard/").
 		Handler(http.StripPrefix("/dashboard/", http.FileServer(&assetfs.AssetFS{Asset: genstatic.Asset, AssetInfo: genstatic.AssetInfo, AssetDir: genstatic.AssetDir, Prefix: "static"})))
 }
--- a/autogen/gentemplates/gen.go
+++ b/autogen/gentemplates/gen.go
@@ -1,14 +1,17 @@
 // Code generated by go-bindata.
 // sources:
+// templates/consul_catalog-v1.tmpl
 // templates/consul_catalog.tmpl
 // templates/docker-v1.tmpl
 // templates/docker.tmpl
+// templates/ecs-v1.tmpl
 // templates/ecs.tmpl
 // templates/eureka.tmpl
 // templates/kubernetes.tmpl
 // templates/kv.tmpl
 // templates/marathon-v1.tmpl
 // templates/marathon.tmpl
+// templates/mesos-v1.tmpl
 // templates/mesos.tmpl
 // templates/notFound.tmpl
 // templates/rancher-v1.tmpl
@@ -57,17 +60,90 @@ func (fi bindataFileInfo) Sys() interface{} {
 	return nil
 }

+var _templatesConsul_catalogV1Tmpl = []byte(`[backends]
+{{range $index, $node := .Nodes }}
+  [backends."backend-{{ getBackend $node }}".servers."{{ getBackendName $node $index }}"]
+    url = "{{ getAttribute "protocol" $node.Service.Tags "http" }}://{{ getBackendAddress $node }}:{{ $node.Service.Port }}"
+    {{ $weight := getAttribute "backend.weight" $node.Service.Tags "0" }}
+    {{with $weight }}
+      weight = {{ $weight }}
+    {{end}}
+{{end}}
+
+{{range .Services }}
+  {{ $service := .ServiceName }}
+
+  {{ $circuitBreaker := getAttribute "backend.circuitbreaker" .Attributes "" }}
+  {{with $circuitBreaker }}
+  [backends."backend-{{ $service }}".circuitbreaker]
+    expression = "{{ $circuitBreaker }}"
+  {{end}}
+
+  [backends."backend-{{ $service }}".loadbalancer]
+    method = "{{ getAttribute "backend.loadbalancer" .Attributes "wrr" }}"
+    sticky = {{ getSticky .Attributes }}
+    {{if hasStickinessLabel .Attributes }}
+    [backends."backend-{{ $service }}".loadbalancer.stickiness]
+      cookieName = "{{ getStickinessCookieName .Attributes }}"
+    {{end}}
+
+  {{if hasMaxconnAttributes .Attributes }}
+  [backends."backend-{{ $service }}".maxconn]
+    amount = {{ getAttribute "backend.maxconn.amount" .Attributes "" }}
+    extractorfunc = "{{ getAttribute "backend.maxconn.extractorfunc" .Attributes "" }}"
+  {{end}}
+
+{{end}}
+
+[frontends]
+{{range .Services }}
+  [frontends."frontend-{{ .ServiceName }}"]
+  backend = "backend-{{ .ServiceName }}"
+  passHostHeader = {{ getAttribute "frontend.passHostHeader" .Attributes "true" }}
+  priority = {{ getAttribute "frontend.priority" .Attributes "0" }}
+
+  {{ $entryPoints := getAttribute "frontend.entrypoints" .Attributes "" }}
+  {{with $entryPoints }}
+    entrypoints = [{{range getEntryPoints $entryPoints }}
+      "{{ . }}",
+    {{end}}]
+  {{end}}
+
+  basicAuth = [{{range getBasicAuth .Attributes }}
+  "{{ . }}",
+  {{end}}]
+
+  [frontends."frontend-{{ .ServiceName }}".routes."route-host-{{ .ServiceName }}"]
+    rule = "{{ getFrontendRule . }}"
+{{end}}
+`)
+
+func templatesConsul_catalogV1TmplBytes() ([]byte, error) {
+	return _templatesConsul_catalogV1Tmpl, nil
+}
+
+func templatesConsul_catalogV1Tmpl() (*asset, error) {
+	bytes, err := templatesConsul_catalogV1TmplBytes()
+	if err != nil {
+		return nil, err
+	}
+
+	info := bindataFileInfo{name: "templates/consul_catalog-v1.tmpl", size: 0, mode: os.FileMode(0), modTime: time.Unix(0, 0)}
+	a := &asset{bytes: bytes, info: info}
+	return a, nil
+}
+
 var _templatesConsul_catalogTmpl = []byte(`[backends]
 {{range $service := .Services}}
  {{ $backendName := getServiceBackendName $service }}

-  {{ $circuitBreaker := getCircuitBreaker $service.Attributes }}
+  {{ $circuitBreaker := getCircuitBreaker $service.TraefikLabels }}
  {{if $circuitBreaker }}
  [backends."backend-{{ $backendName }}".circuitBreaker]
    expression = "{{ $circuitBreaker.Expression }}"
  {{end}}

-  {{ $loadBalancer := getLoadBalancer $service.Attributes }}
+  {{ $loadBalancer := getLoadBalancer $service.TraefikLabels }}
  {{if $loadBalancer }}
  [backends."backend-{{ $backendName }}".loadBalancer]
    method = "{{ $loadBalancer.Method }}"
@@ -78,14 +154,14 @@ var _templatesConsul_catalogTmpl = []byte(`[backends]
    {{end}}
  {{end}}

-  {{ $maxConn := getMaxConn $service.Attributes }}
+  {{ $maxConn := getMaxConn $service.TraefikLabels }}
  {{if $maxConn }}
  [backends."backend-{{ $backendName }}".maxConn]
    extractorFunc = "{{ $maxConn.ExtractorFunc }}"
    amount = {{ $maxConn.Amount }}
  {{end}}

-  {{ $healthCheck := getHealthCheck $service.Attributes }}
+  {{ $healthCheck := getHealthCheck $service.TraefikLabels }}
  {{if $healthCheck }}
  [backends."backend-{{ $backendName }}".healthCheck]
    path = "{{ $healthCheck.Path }}"
@@ -93,7 +169,7 @@ var _templatesConsul_catalogTmpl = []byte(`[backends]
    interval = "{{ $healthCheck.Interval }}"
  {{end}}

-  {{ $buffering := getBuffering $service.Attributes }}
+  {{ $buffering := getBuffering $service.TraefikLabels }}
  {{if $buffering }}
  [backends."backend-{{ $backendName }}".buffering]
    maxRequestBodyBytes = {{ $buffering.MaxRequestBodyBytes }}
@@ -105,10 +181,10 @@ var _templatesConsul_catalogTmpl = []byte(`[backends]

 {{end}}
 {{range $index, $node := .Nodes}}
-
+  {{ $server := getServer $node }}
  [backends."backend-{{ getNodeBackendName $node }}".servers."{{ getServerName $node $index }}"]
-    url = "{{ getProtocol $node.Service.Tags }}://{{ getBackendAddress $node }}:{{ $node.Service.Port }}"
-    weight = {{ getWeight $node.Service.Tags }}
+    url = "{{ $server.URL }}"
+    weight = {{ $server.Weight }}

 {{end}}

@@ -117,19 +193,19 @@ var _templatesConsul_catalogTmpl = []byte(`[backends]

  [frontends."frontend-{{ $service.ServiceName }}"]
    backend = "backend-{{ getServiceBackendName $service }}"
-    priority = {{ getPriority $service.Attributes }}
-    passHostHeader = {{ getPassHostHeader $service.Attributes }}
-    passTLSCert = {{ getPassTLSCert $service.Attributes }}
+    priority = {{ getPriority $service.TraefikLabels }}
+    passHostHeader = {{ getPassHostHeader $service.TraefikLabels }}
+    passTLSCert = {{ getPassTLSCert $service.TraefikLabels }}

-    entryPoints = [{{range getFrontEndEntryPoints $service.Attributes }}
+    entryPoints = [{{range getFrontEndEntryPoints $service.TraefikLabels }}
      "{{.}}",
      {{end}}]

-    basicAuth = [{{range getBasicAuth $service.Attributes }}
+    basicAuth = [{{range getBasicAuth $service.TraefikLabels }}
      "{{.}}",
      {{end}}]

-    {{ $whitelist := getWhiteList $service.Attributes }}
+    {{ $whitelist := getWhiteList $service.TraefikLabels }}
    {{if $whitelist }}
    [frontends."frontend-{{ $service.ServiceName }}".whiteList]
      sourceRange = [{{range $whitelist.SourceRange }}
@@ -138,7 +214,7 @@ var _templatesConsul_catalogTmpl = []byte(`[backends]
      useXForwardedFor = {{ $whitelist.UseXForwardedFor }}
    {{end}}

-    {{ $redirect := getRedirect $service.Attributes }}
+    {{ $redirect := getRedirect $service.TraefikLabels }}
    {{if $redirect }}
    [frontends."frontend-{{ $service.ServiceName }}".redirect]
      entryPoint = "{{ $redirect.EntryPoint }}"
@@ -147,34 +223,33 @@ var _templatesConsul_catalogTmpl = []byte(`[backends]
      permanent = {{ $redirect.Permanent }}
    {{end}}

-    {{if hasErrorPages $service.Attributes }}
+    {{ $errorPages := getErrorPages $service.TraefikLabels }}
+    {{if $errorPages }}
    [frontends."frontend-{{ $service.ServiceName }}".errors]
-      {{range $pageName, $page := getErrorPages $service.Attributes }}
+      {{range $pageName, $page := $errorPages }}
      [frontends."frontend-{{ $service.ServiceName }}".errors."{{ $pageName }}"]
        status = [{{range $page.Status }}
          "{{.}}",
          {{end}}]
-        backend = "{{ $page.Backend }}"
+        backend = "backend-{{ $page.Backend }}"
        query = "{{ $page.Query }}"
      {{end}}
    {{end}}

-    {{if hasRateLimit $service.Attributes }}
-    {{ $rateLimit := getRateLimit $service.Attributes }}
+    {{ $rateLimit := getRateLimit $service.TraefikLabels }}
+    {{if $rateLimit }}
    [frontends."frontend-{{ $service.ServiceName }}".rateLimit]
      extractorFunc = "{{ $rateLimit.ExtractorFunc }}"
-
      [frontends."frontend-{{ $service.ServiceName }}".rateLimit.rateSet]
-        {{range $limitName, $limit := $rateLimit.RateSet }}
+        {{ range $limitName, $limit := $rateLimit.RateSet }}
        [frontends."frontend-{{ $service.ServiceName }}".rateLimit.rateSet."{{ $limitName }}"]
          period = "{{ $limit.Period }}"
          average = {{ $limit.Average }}
          burst = {{ $limit.Burst }}
        {{end}}
-
    {{end}}

-    {{ $headers := getHeaders $service.Attributes }}
+    {{ $headers := getHeaders $service.TraefikLabels }}
    {{if $headers }}
    [frontends."frontend-{{ $service.ServiceName }}".headers]
      SSLRedirect = {{ $headers.SSLRedirect }}
@@ -557,7 +632,7 @@ var _templatesDockerTmpl = []byte(`{{$backendServers := .Servers}}
        status = [{{range $page.Status }}
          "{{.}}",
          {{end}}]
-        backend = "{{ $page.Backend }}"
+        backend = "backend-{{ $page.Backend }}"
        query = "{{ $page.Query }}"
      {{end}}
    {{end}}
@@ -651,17 +726,77 @@ func templatesDockerTmpl() (*asset, error) {
 	return a, nil
 }

+var _templatesEcsV1Tmpl = []byte(`[backends]
+{{range $serviceName, $instances := .Services }}
+  [backends."backend-{{ $serviceName }}".loadBalancer]
+    method = "{{ getLoadBalancerMethod $instances }}"
+    sticky = {{ getLoadBalancerSticky $instances }}
+
+    {{if hasStickinessLabel $instances }}
+    [backends."backend-{{ $serviceName }}".loadBalancer.stickiness]
+      cookieName = "{{ getStickinessCookieName $instances }}"
+    {{end}}
+
+    {{ if hasHealthCheckLabels $instances }}
+    [backends."backend-{{ $serviceName }}".healthCheck]
+      path = "{{ getHealthCheckPath $instances }}"
+      interval = "{{ getHealthCheckInterval $instances }}"
+    {{end}}
+
+    {{range $index, $i := $instances }}
+    [backends."backend-{{ $i.Name }}".servers."server-{{ $i.Name }}{{ $i.ID }}"]
+      url = "{{ getProtocol $i }}://{{ getHost $i }}:{{ getPort $i }}"
+      weight = {{ getWeight $i }}
+    {{end}}
+{{end}}
+
+[frontends]
+{{range $serviceName, $instances := .Services}}
+{{range filterFrontends $instances }}
+  [frontends."frontend-{{ $serviceName }}"]
+    backend = "backend-{{ $serviceName }}"
+    passHostHeader = {{ getPassHostHeader . }}
+    priority = {{ getPriority . }}
+
+    entryPoints = [{{range  getEntryPoints . }}
+      "{{.}}",
+      {{end}}]
+
+    basicAuth = [{{range getBasicAuth . }}
+      "{{.}}",
+    {{end}}]
+
+    [frontends."frontend-{{ $serviceName }}".routes."route-frontend-{{ $serviceName }}"]
+      rule = "{{getFrontendRule .}}"
+{{end}}
+{{end}}`)
+
+func templatesEcsV1TmplBytes() ([]byte, error) {
+	return _templatesEcsV1Tmpl, nil
+}
+
+func templatesEcsV1Tmpl() (*asset, error) {
+	bytes, err := templatesEcsV1TmplBytes()
+	if err != nil {
+		return nil, err
+	}
+
+	info := bindataFileInfo{name: "templates/ecs-v1.tmpl", size: 0, mode: os.FileMode(0), modTime: time.Unix(0, 0)}
+	a := &asset{bytes: bytes, info: info}
+	return a, nil
+}
+
 var _templatesEcsTmpl = []byte(`[backends]
 {{range $serviceName, $instances := .Services }}
  {{ $firstInstance := index $instances 0 }}

-  {{ $circuitBreaker := getCircuitBreaker $firstInstance }}
+  {{ $circuitBreaker := getCircuitBreaker $firstInstance.TraefikLabels }}
  {{if $circuitBreaker }}
  [backends."backend-{{ $serviceName }}".circuitBreaker]
    expression = "{{ $circuitBreaker.Expression }}"
  {{end}}

-  {{ $loadBalancer := getLoadBalancer $firstInstance }}
+  {{ $loadBalancer := getLoadBalancer $firstInstance.TraefikLabels }}
  {{if $loadBalancer }}
  [backends."backend-{{ $serviceName }}".loadBalancer]
    method = "{{ $loadBalancer.Method }}"
@@ -672,14 +807,14 @@ var _templatesEcsTmpl = []byte(`[backends]
    {{end}}
  {{end}}

-  {{ $maxConn := getMaxConn $firstInstance }}
+  {{ $maxConn := getMaxConn $firstInstance.TraefikLabels }}
  {{if $maxConn }}
  [backends."backend-{{ $serviceName }}".maxConn]
    extractorFunc = "{{ $maxConn.ExtractorFunc }}"
    amount = {{ $maxConn.Amount }}
  {{end}}

-  {{ $healthCheck := getHealthCheck $firstInstance }}
+  {{ $healthCheck := getHealthCheck $firstInstance.TraefikLabels }}
  {{if $healthCheck }}
  [backends."backend-{{ $serviceName }}".healthCheck]
    path = "{{ $healthCheck.Path }}"
@@ -687,7 +822,7 @@ var _templatesEcsTmpl = []byte(`[backends]
    interval = "{{ $healthCheck.Interval }}"
  {{end}}

-  {{ $buffering := getBuffering $firstInstance }}
+  {{ $buffering := getBuffering $firstInstance.TraefikLabels }}
  {{if $buffering }}
  [backends."backend-{{ $serviceName }}".buffering]
    maxRequestBodyBytes = {{ $buffering.MaxRequestBodyBytes }}
@@ -711,19 +846,19 @@ var _templatesEcsTmpl = []byte(`[backends]

  [frontends."frontend-{{ $serviceName }}"]
    backend = "backend-{{ $serviceName }}"
-    priority = {{ getPriority $instance }}
-    passHostHeader = {{ getPassHostHeader $instance }}
-    passTLSCert = {{ getPassTLSCert $instance }}
+    priority = {{ getPriority $instance.TraefikLabels }}
+    passHostHeader = {{ getPassHostHeader $instance.TraefikLabels }}
+    passTLSCert = {{ getPassTLSCert $instance.TraefikLabels }}

-    entryPoints = [{{range getEntryPoints $instance }}
+    entryPoints = [{{range getEntryPoints $instance.TraefikLabels }}
      "{{.}}",
      {{end}}]

-    basicAuth = [{{range getBasicAuth $instance }}
+    basicAuth = [{{range getBasicAuth $instance.TraefikLabels }}
      "{{.}}",
      {{end}}]

-    {{ $whitelist := getWhiteList $instance }}
+    {{ $whitelist := getWhiteList $instance.TraefikLabels }}
    {{if $whitelist }}
    [frontends."frontend-{{ $serviceName }}".whiteList]
      sourceRange = [{{range $whitelist.SourceRange }}
@@ -732,7 +867,7 @@ var _templatesEcsTmpl = []byte(`[backends]
      useXForwardedFor = {{ $whitelist.UseXForwardedFor }}
    {{end}}

-    {{ $redirect := getRedirect $instance }}
+    {{ $redirect := getRedirect $instance.TraefikLabels }}
    {{if $redirect }}
    [frontends."frontend-{{ $serviceName }}".redirect]
      entryPoint = "{{ $redirect.EntryPoint }}"
@@ -741,7 +876,7 @@ var _templatesEcsTmpl = []byte(`[backends]
      permanent = {{ $redirect.Permanent }}
    {{end}}

-    {{ $errorPages := getErrorPages $instance }}
+    {{ $errorPages := getErrorPages $instance.TraefikLabels }}
    {{if $errorPages }}
    [frontends."frontend-{{ $serviceName }}".errors]
      {{range $pageName, $page := $errorPages }}
@@ -749,12 +884,12 @@ var _templatesEcsTmpl = []byte(`[backends]
        status = [{{range $page.Status }}
          "{{.}}",
          {{end}}]
-        backend = "{{ $page.Backend }}"
+        backend = "backend-{{ $page.Backend }}"
        query = "{{ $page.Query }}"
      {{end}}
    {{end}}

-    {{ $rateLimit := getRateLimit $instance }}
+    {{ $rateLimit := getRateLimit $instance.TraefikLabels }}
    {{if $rateLimit }}
    [frontends."frontend-{{ $serviceName }}".rateLimit]
      extractorFunc = "{{ $rateLimit.ExtractorFunc }}"
@@ -767,7 +902,7 @@ var _templatesEcsTmpl = []byte(`[backends]
        {{end}}
    {{end}}

-    {{ $headers := getHeaders $instance }}
+    {{ $headers := getHeaders $instance.TraefikLabels }}
    {{if $headers }}
    [frontends."frontend-{{ $serviceName }}".headers]
      SSLRedirect = {{ $headers.SSLRedirect }}
@@ -822,7 +957,7 @@ var _templatesEcsTmpl = []byte(`[backends]
    {{end}}

    [frontends."frontend-{{ $serviceName }}".routes."route-frontend-{{ $serviceName }}"]
-      rule = "{{getFrontendRule $instance}}"
+      rule = "{{ getFrontendRule $instance }}"

 {{end}}
 {{end}}`)
@@ -1355,8 +1490,7 @@ func templatesMarathonV1Tmpl() (*asset, error) {
 var _templatesMarathonTmpl = []byte(`{{ $apps := .Applications }}

 [backends]
-{{range $app := $apps }}
-  {{ $backendName := getBackendName $app }}
+{{range $backendName, $app := $apps }}

  [backends."{{ $backendName }}"]

@@ -1411,11 +1545,11 @@ var _templatesMarathonTmpl = []byte(`{{ $apps := .Applications }}
 {{end}}

 [frontends]
-{{range $app := $apps }}
+{{range $backendName, $app := $apps }}
  {{ $frontendName := getFrontendName $app }}

  [frontends."{{ $frontendName }}"]
-    backend = "{{ getBackendName $app }}"
+    backend = "{{ $backendName }}"
    priority = {{ getPriority $app.SegmentLabels }}
    passHostHeader = {{ getPassHostHeader $app.SegmentLabels }}
    passTLSCert = {{ getPassTLSCert $app.SegmentLabels }}
@@ -1454,7 +1588,7 @@ var _templatesMarathonTmpl = []byte(`{{ $apps := .Applications }}
        status = [{{range $page.Status }}
          "{{.}}",
          {{end}}]
-        backend = "{{ $page.Backend }}"
+        backend = "backend{{ $page.Backend }}"
        query = "{{ $page.Query }}"
      {{end}}
    {{end}}
@@ -1547,6 +1681,50 @@ func templatesMarathonTmpl() (*asset, error) {
 	return a, nil
 }

+var _templatesMesosV1Tmpl = []byte(`{{$apps := .Applications}}
+
+[backends]
+{{range .Tasks}}
+
+  [backends."backend-{{ getBackend . $apps }}".servers."server-{{ getID . }}"]
+    url = "{{ getProtocol . $apps }}://{{ getHost . }}:{{ getPort . $apps }}"
+    weight = {{ getWeight . $apps }}
+
+{{end}}
+
+[frontends]
+{{range .Applications}}
+
+  [frontends."frontend-{{getFrontEndName . }}"]
+    backend = "backend-{{ getFrontendBackend . }}"
+    passHostHeader = {{ getPassHostHeader . }}
+    priority = {{ getPriority . }}
+
+    entryPoints = [{{range getEntryPoints . }}
+      "{{.}}",
+      {{end}}]
+
+    [frontends."frontend-{{ getFrontEndName . }}".routes."route-host-{{ getFrontEndName . }}"]
+    rule = "{{ getFrontendRule . }}"
+
+{{end}}
+`)
+
+func templatesMesosV1TmplBytes() ([]byte, error) {
+	return _templatesMesosV1Tmpl, nil
+}
+
+func templatesMesosV1Tmpl() (*asset, error) {
+	bytes, err := templatesMesosV1TmplBytes()
+	if err != nil {
+		return nil, err
+	}
+
+	info := bindataFileInfo{name: "templates/mesos-v1.tmpl", size: 0, mode: os.FileMode(0), modTime: time.Unix(0, 0)}
+	a := &asset{bytes: bytes, info: info}
+	return a, nil
+}
+
 var _templatesMesosTmpl = []byte(`[backends]
 {{range $applicationName, $tasks := .ApplicationsTasks }}
  {{ $app := index $tasks 0 }}
@@ -1554,13 +1732,13 @@ var _templatesMesosTmpl = []byte(`[backends]

  [backends."backend-{{ $backendName }}"]

-  {{ $circuitBreaker := getCircuitBreaker $app }}
+  {{ $circuitBreaker := getCircuitBreaker $app.TraefikLabels }}
  {{if $circuitBreaker }}
  [backends."backend-{{ $backendName }}".circuitBreaker]
    expression = "{{ $circuitBreaker.Expression }}"
  {{end}}

-  {{ $loadBalancer := getLoadBalancer $app }}
+  {{ $loadBalancer := getLoadBalancer $app.TraefikLabels }}
  {{if $loadBalancer }}
    [backends."backend-{{ $backendName }}".loadBalancer]
      method = "{{ $loadBalancer.Method }}"
@@ -1571,14 +1749,14 @@ var _templatesMesosTmpl = []byte(`[backends]
      {{end}}
  {{end}}

-  {{ $maxConn := getMaxConn $app }}
+  {{ $maxConn := getMaxConn $app.TraefikLabels }}
  {{if $maxConn }}
  [backends."backend-{{ $backendName }}".maxConn]
    extractorFunc = "{{ $maxConn.ExtractorFunc }}"
    amount = {{ $maxConn.Amount }}
  {{end}}

-  {{ $healthCheck := getHealthCheck $app }}
+  {{ $healthCheck := getHealthCheck $app.TraefikLabels }}
  {{if $healthCheck }}
  [backends."backend-{{ $backendName }}".healthCheck]
    path = "{{ $healthCheck.Path }}"
@@ -1586,7 +1764,7 @@ var _templatesMesosTmpl = []byte(`[backends]
    interval = "{{ $healthCheck.Interval }}"
  {{end}}

-  {{ $buffering := getBuffering $app }}
+  {{ $buffering := getBuffering $app.TraefikLabels }}
  {{if $buffering }}
  [backends."backend-{{ $backendName }}".buffering]
    maxRequestBodyBytes = {{ $buffering.MaxRequestBodyBytes }}
@@ -1610,19 +1788,19 @@ var _templatesMesosTmpl = []byte(`[backends]

  [frontends."frontend-{{ $frontendName }}"]
    backend = "backend-{{ getBackendName $app }}"
-    priority = {{ getPriority $app }}
-    passHostHeader = {{ getPassHostHeader $app }}
-    passTLSCert = {{ getPassTLSCert $app }}
+    priority = {{ getPriority $app.TraefikLabels }}
+    passHostHeader = {{ getPassHostHeader $app.TraefikLabels }}
+    passTLSCert = {{ getPassTLSCert $app.TraefikLabels }}

-    entryPoints = [{{range getEntryPoints $app }}
+    entryPoints = [{{range getEntryPoints $app.TraefikLabels }}
      "{{.}}",
      {{end}}]

-    basicAuth = [{{range getBasicAuth $app }}
+    basicAuth = [{{range getBasicAuth $app.TraefikLabels }}
      "{{.}}",
      {{end}}]

-    {{ $whitelist := getWhiteList $app }}
+    {{ $whitelist := getWhiteList $app.TraefikLabels }}
    {{if $whitelist }}
    [frontends."frontend-{{ $frontendName }}".whiteList]
      sourceRange = [{{range $whitelist.SourceRange }}
@@ -1631,7 +1809,7 @@ var _templatesMesosTmpl = []byte(`[backends]
      useXForwardedFor = {{ $whitelist.UseXForwardedFor }}
    {{end}}

-    {{ $redirect := getRedirect $app }}
+    {{ $redirect := getRedirect $app.TraefikLabels }}
    {{if $redirect }}
    [frontends."frontend-{{ $frontendName }}".redirect]
      entryPoint = "{{ $redirect.EntryPoint }}"
@@ -1640,7 +1818,7 @@ var _templatesMesosTmpl = []byte(`[backends]
      permanent = {{ $redirect.Permanent }}
    {{end}}

-    {{ $errorPages := getErrorPages $app }}
+    {{ $errorPages := getErrorPages $app.TraefikLabels }}
    {{if $errorPages }}
    [frontends."frontend-{{ $frontendName }}".errors]
      {{range $pageName, $page := $errorPages }}
@@ -1648,12 +1826,12 @@ var _templatesMesosTmpl = []byte(`[backends]
        status = [{{range $page.Status }}
        "{{.}}",
        {{end}}]
-        backend = "{{ $page.Backend }}"
+        backend = "backend-{{ $page.Backend }}"
        query = "{{ $page.Query }}"
      {{end}}
    {{end}}

-    {{ $rateLimit := getRateLimit $app }}
+    {{ $rateLimit := getRateLimit $app.TraefikLabels }}
    {{if $rateLimit }}
    [frontends."frontend-{{ $frontendName }}".rateLimit]
      extractorFunc = "{{ $rateLimit.ExtractorFunc }}"
@@ -1666,7 +1844,7 @@ var _templatesMesosTmpl = []byte(`[backends]
        {{end}}
    {{end}}

-    {{ $headers := getHeaders $app }}
+    {{ $headers := getHeaders $app.TraefikLabels }}
    {{if $headers }}
    [frontends."frontend-{{ $frontendName }}".headers]
      SSLRedirect = {{ $headers.SSLRedirect }}
@@ -1939,7 +2117,7 @@ var _templatesRancherTmpl = []byte(`{{ $backendServers := .Backends }}
        status = [{{range $page.Status }}
        "{{.}}",
        {{end}}]
-        backend = "{{ $page.Backend }}"
+        backend = "backend-{{ $page.Backend }}"
        query = "{{ $page.Query }}"
      {{end}}
    {{end}}
@@ -2084,19 +2262,22 @@ func AssetNames() []string {

 // _bindata is a table, holding each asset generator, mapped to its name.
 var _bindata = map[string]func() (*asset, error){
-	"templates/consul_catalog.tmpl": templatesConsul_catalogTmpl,
-	"templates/docker-v1.tmpl":      templatesDockerV1Tmpl,
-	"templates/docker.tmpl":         templatesDockerTmpl,
-	"templates/ecs.tmpl":            templatesEcsTmpl,
-	"templates/eureka.tmpl":         templatesEurekaTmpl,
-	"templates/kubernetes.tmpl":     templatesKubernetesTmpl,
-	"templates/kv.tmpl":             templatesKvTmpl,
-	"templates/marathon-v1.tmpl":    templatesMarathonV1Tmpl,
-	"templates/marathon.tmpl":       templatesMarathonTmpl,
-	"templates/mesos.tmpl":          templatesMesosTmpl,
-	"templates/notFound.tmpl":       templatesNotfoundTmpl,
-	"templates/rancher-v1.tmpl":     templatesRancherV1Tmpl,
-	"templates/rancher.tmpl":        templatesRancherTmpl,
+	"templates/consul_catalog-v1.tmpl": templatesConsul_catalogV1Tmpl,
+	"templates/consul_catalog.tmpl":    templatesConsul_catalogTmpl,
+	"templates/docker-v1.tmpl":         templatesDockerV1Tmpl,
+	"templates/docker.tmpl":            templatesDockerTmpl,
+	"templates/ecs-v1.tmpl":            templatesEcsV1Tmpl,
+	"templates/ecs.tmpl":               templatesEcsTmpl,
+	"templates/eureka.tmpl":            templatesEurekaTmpl,
+	"templates/kubernetes.tmpl":        templatesKubernetesTmpl,
+	"templates/kv.tmpl":                templatesKvTmpl,
+	"templates/marathon-v1.tmpl":       templatesMarathonV1Tmpl,
+	"templates/marathon.tmpl":          templatesMarathonTmpl,
+	"templates/mesos-v1.tmpl":          templatesMesosV1Tmpl,
+	"templates/mesos.tmpl":             templatesMesosTmpl,
+	"templates/notFound.tmpl":          templatesNotfoundTmpl,
+	"templates/rancher-v1.tmpl":        templatesRancherV1Tmpl,
+	"templates/rancher.tmpl":           templatesRancherTmpl,
 }

 // AssetDir returns the file names below a certain
@@ -2141,19 +2322,22 @@ type bintree struct {

 var _bintree = &bintree{nil, map[string]*bintree{
 	"templates": {nil, map[string]*bintree{
-		"consul_catalog.tmpl": {templatesConsul_catalogTmpl, map[string]*bintree{}},
-		"docker-v1.tmpl":      {templatesDockerV1Tmpl, map[string]*bintree{}},
-		"docker.tmpl":         {templatesDockerTmpl, map[string]*bintree{}},
-		"ecs.tmpl":            {templatesEcsTmpl, map[string]*bintree{}},
-		"eureka.tmpl":         {templatesEurekaTmpl, map[string]*bintree{}},
-		"kubernetes.tmpl":     {templatesKubernetesTmpl, map[string]*bintree{}},
-		"kv.tmpl":             {templatesKvTmpl, map[string]*bintree{}},
-		"marathon-v1.tmpl":    {templatesMarathonV1Tmpl, map[string]*bintree{}},
-		"marathon.tmpl":       {templatesMarathonTmpl, map[string]*bintree{}},
-		"mesos.tmpl":          {templatesMesosTmpl, map[string]*bintree{}},
-		"notFound.tmpl":       {templatesNotfoundTmpl, map[string]*bintree{}},
-		"rancher-v1.tmpl":     {templatesRancherV1Tmpl, map[string]*bintree{}},
-		"rancher.tmpl":        {templatesRancherTmpl, map[string]*bintree{}},
+		"consul_catalog-v1.tmpl": {templatesConsul_catalogV1Tmpl, map[string]*bintree{}},
+		"consul_catalog.tmpl":    {templatesConsul_catalogTmpl, map[string]*bintree{}},
+		"docker-v1.tmpl":         {templatesDockerV1Tmpl, map[string]*bintree{}},
+		"docker.tmpl":            {templatesDockerTmpl, map[string]*bintree{}},
+		"ecs-v1.tmpl":            {templatesEcsV1Tmpl, map[string]*bintree{}},
+		"ecs.tmpl":               {templatesEcsTmpl, map[string]*bintree{}},
+		"eureka.tmpl":            {templatesEurekaTmpl, map[string]*bintree{}},
+		"kubernetes.tmpl":        {templatesKubernetesTmpl, map[string]*bintree{}},
+		"kv.tmpl":                {templatesKvTmpl, map[string]*bintree{}},
+		"marathon-v1.tmpl":       {templatesMarathonV1Tmpl, map[string]*bintree{}},
+		"marathon.tmpl":          {templatesMarathonTmpl, map[string]*bintree{}},
+		"mesos-v1.tmpl":          {templatesMesosV1Tmpl, map[string]*bintree{}},
+		"mesos.tmpl":             {templatesMesosTmpl, map[string]*bintree{}},
+		"notFound.tmpl":          {templatesNotfoundTmpl, map[string]*bintree{}},
+		"rancher-v1.tmpl":        {templatesRancherV1Tmpl, map[string]*bintree{}},
+		"rancher.tmpl":           {templatesRancherTmpl, map[string]*bintree{}},
 	}},
 }}

--- a/cmd/configuration.go
+++ b/cmd/configuration.go
@@ -220,7 +220,7 @@ func NewTraefikDefaultPointersConfiguration() *TraefikConfiguration {
 			SamplingServerURL:  "http://localhost:5778/sampling",
 			SamplingType:       "const",
 			SamplingParam:      1.0,
-			LocalAgentHostPort: "127.0.0.1:6832",
+			LocalAgentHostPort: "127.0.0.1:6831",
 		},
 		Zipkin: &zipkin.Config{
 			HTTPEndpoint: "http://localhost:9411/api/v1/spans",
--- a/cmd/storeconfig/storeconfig.go
+++ b/cmd/storeconfig/storeconfig.go
@@ -134,10 +134,16 @@ func migrateACMEData(fileName string) (*acme.Account, error) {
 		if accountFromNewFormat == nil {
 			// convert ACME json file to KV store (used for backward compatibility)
 			localStore := acme.NewLocalStore(fileName)
+
 			account, err = localStore.Get()
 			if err != nil {
 				return nil, err
 			}
+
+			err = acme.RemoveAccountV1Values(account)
+			if err != nil {
+				return nil, err
+			}
 		} else {
 			account = accountFromNewFormat
 		}
--- a/cmd/traefik/traefik.go
+++ b/cmd/traefik/traefik.go
@@ -35,6 +35,7 @@ import (
 	"github.com/coreos/go-systemd/daemon"
 	"github.com/ogier/pflag"
 	"github.com/sirupsen/logrus"
+	"github.com/vulcand/oxy/roundrobin"
 )

 func main() {
@@ -155,6 +156,10 @@ func runCmd(globalConfiguration *configuration.GlobalConfiguration, configFile s

 	http.DefaultTransport.(*http.Transport).Proxy = http.ProxyFromEnvironment

+	if globalConfiguration.AllowMinWeightZero {
+		roundrobin.SetDefaultWeight(0)
+	}
+
 	globalConfiguration.SetEffectiveConfiguration(configFile)
 	globalConfiguration.ValidateConfiguration()

--- a/configuration/configuration.go
+++ b/configuration/configuration.go
@@ -11,6 +11,8 @@ import (
 	"github.com/containous/traefik/api"
 	"github.com/containous/traefik/log"
 	"github.com/containous/traefik/middlewares/tracing"
+	"github.com/containous/traefik/middlewares/tracing/jaeger"
+	"github.com/containous/traefik/middlewares/tracing/zipkin"
 	"github.com/containous/traefik/ping"
 	acmeprovider "github.com/containous/traefik/provider/acme"
 	"github.com/containous/traefik/provider/boltdb"
@@ -78,6 +80,7 @@ type GlobalConfiguration struct {
 	HealthCheck               *HealthCheckConfig      `description:"Health check parameters" export:"true"`
 	RespondingTimeouts        *RespondingTimeouts     `description:"Timeouts for incoming requests to the Traefik instance" export:"true"`
 	ForwardingTimeouts        *ForwardingTimeouts     `description:"Timeouts for requests forwarded to the backend servers" export:"true"`
+	AllowMinWeightZero        bool                    `description:"Allow weight to take 0 as minimum real value." export:"true"`         // Deprecated
 	Web                       *WebCompatibility       `description:"(Deprecated) Enable Web backend with default settings" export:"true"` // Deprecated
 	Docker                    *docker.Provider        `description:"Enable Docker backend with default settings" export:"true"`
 	File                      *file.Provider          `description:"Enable File backend with default settings" export:"true"`
@@ -230,6 +233,15 @@ func (gc *GlobalConfiguration) SetEffectiveConfiguration(configFile string) {
 		}
 	}

+	if gc.Mesos != nil {
+		if len(gc.Mesos.Filename) != 0 && gc.Mesos.TemplateVersion != 2 {
+			log.Warn("Template version 1 is deprecated, please use version 2, see TemplateVersion.")
+			gc.Mesos.TemplateVersion = 1
+		} else {
+			gc.Mesos.TemplateVersion = 2
+		}
+	}
+
 	if gc.Eureka != nil {
 		if gc.Eureka.Delay != 0 {
 			log.Warn("Delay has been deprecated -- please use RefreshSeconds")
@@ -237,6 +249,24 @@ func (gc *GlobalConfiguration) SetEffectiveConfiguration(configFile string) {
 		}
 	}

+	if gc.ECS != nil {
+		if len(gc.ECS.Filename) != 0 && gc.ECS.TemplateVersion != 2 {
+			log.Warn("Template version 1 is deprecated, please use version 2, see TemplateVersion.")
+			gc.ECS.TemplateVersion = 1
+		} else {
+			gc.ECS.TemplateVersion = 2
+		}
+	}
+
+	if gc.ConsulCatalog != nil {
+		if len(gc.ConsulCatalog.Filename) != 0 && gc.ConsulCatalog.TemplateVersion != 2 {
+			log.Warn("Template version 1 is deprecated, please use version 2, see TemplateVersion.")
+			gc.ConsulCatalog.TemplateVersion = 1
+		} else {
+			gc.ConsulCatalog.TemplateVersion = 2
+		}
+	}
+
 	if gc.Rancher != nil {
 		if len(gc.Rancher.Filename) != 0 && gc.Rancher.TemplateVersion != 2 {
 			log.Warn("Template version 1 is deprecated, please use version 2, see TemplateVersion.")
@@ -285,6 +315,43 @@ func (gc *GlobalConfiguration) SetEffectiveConfiguration(configFile string) {
 	}

 	gc.initACMEProvider()
+	gc.initTracing()
+}
+
+func (gc *GlobalConfiguration) initTracing() {
+	if gc.Tracing != nil {
+		switch gc.Tracing.Backend {
+		case jaeger.Name:
+			if gc.Tracing.Jaeger == nil {
+				gc.Tracing.Jaeger = &jaeger.Config{
+					SamplingServerURL:  "http://localhost:5778/sampling",
+					SamplingType:       "const",
+					SamplingParam:      1.0,
+					LocalAgentHostPort: "127.0.0.1:6831",
+				}
+			}
+			if gc.Tracing.Zipkin != nil {
+				log.Warn("Zipkin configuration will be ignored")
+				gc.Tracing.Zipkin = nil
+			}
+		case zipkin.Name:
+			if gc.Tracing.Zipkin == nil {
+				gc.Tracing.Zipkin = &zipkin.Config{
+					HTTPEndpoint: "http://localhost:9411/api/v1/spans",
+					SameSpan:     false,
+					ID128Bit:     true,
+					Debug:        false,
+				}
+			}
+			if gc.Tracing.Jaeger != nil {
+				log.Warn("Jaeger configuration will be ignored")
+				gc.Tracing.Jaeger = nil
+			}
+		default:
+			log.Warnf("Unknown tracer %q", gc.Tracing.Backend)
+			return
+		}
+	}
 }

 func (gc *GlobalConfiguration) initACMEProvider() {
--- a/configuration/configuration_test.go
+++ b/configuration/configuration_test.go
@@ -5,14 +5,18 @@ import (
 	"time"

 	"github.com/containous/flaeg"
+	"github.com/containous/traefik/middlewares/tracing"
+	"github.com/containous/traefik/middlewares/tracing/jaeger"
+	"github.com/containous/traefik/middlewares/tracing/zipkin"
 	"github.com/containous/traefik/provider"
 	"github.com/containous/traefik/provider/file"
+	"github.com/stretchr/testify/assert"
 )

 const defaultConfigFile = "traefik.toml"

 func TestSetEffectiveConfigurationGraceTimeout(t *testing.T) {
-	tests := []struct {
+	testCases := []struct {
 		desc                  string
 		legacyGraceTimeout    time.Duration
 		lifeCycleGraceTimeout time.Duration
@@ -37,10 +41,11 @@ func TestSetEffectiveConfigurationGraceTimeout(t *testing.T) {
 		},
 	}

-	for _, test := range tests {
+	for _, test := range testCases {
 		test := test
 		t.Run(test.desc, func(t *testing.T) {
 			t.Parallel()
+
 			gc := &GlobalConfiguration{
 				GraceTimeOut: flaeg.Duration(test.legacyGraceTimeout),
 			}
@@ -52,17 +57,14 @@ func TestSetEffectiveConfigurationGraceTimeout(t *testing.T) {

 			gc.SetEffectiveConfiguration(defaultConfigFile)

-			gotGraceTimeout := time.Duration(gc.LifeCycle.GraceTimeOut)
-			if gotGraceTimeout != test.wantGraceTimeout {
-				t.Fatalf("got effective grace timeout %d, want %d", gotGraceTimeout, test.wantGraceTimeout)
-			}
+			assert.Equal(t, test.wantGraceTimeout, time.Duration(gc.LifeCycle.GraceTimeOut))

 		})
 	}
 }

 func TestSetEffectiveConfigurationFileProviderFilename(t *testing.T) {
-	tests := []struct {
+	testCases := []struct {
 		desc                     string
 		fileProvider             *file.Provider
 		wantFileProviderFilename string
@@ -84,20 +86,128 @@ func TestSetEffectiveConfigurationFileProviderFilename(t *testing.T) {
 		},
 	}

-	for _, test := range tests {
+	for _, test := range testCases {
 		test := test
 		t.Run(test.desc, func(t *testing.T) {
 			t.Parallel()
+
 			gc := &GlobalConfiguration{
 				File: test.fileProvider,
 			}

 			gc.SetEffectiveConfiguration(defaultConfigFile)

-			gotFileProviderFilename := gc.File.Filename
-			if gotFileProviderFilename != test.wantFileProviderFilename {
-				t.Fatalf("got file provider file name %q, want %q", gotFileProviderFilename, test.wantFileProviderFilename)
-			}
+			assert.Equal(t, test.wantFileProviderFilename, gc.File.Filename)
+		})
+	}
+}
+
+func TestSetEffectiveConfigurationTracing(t *testing.T) {
+	testCases := []struct {
+		desc     string
+		tracing  *tracing.Tracing
+		expected *tracing.Tracing
+	}{
+		{
+			desc:     "no tracing configuration",
+			tracing:  &tracing.Tracing{},
+			expected: &tracing.Tracing{},
+		},
+		{
+			desc: "tracing bad backend name",
+			tracing: &tracing.Tracing{
+				Backend: "powpow",
+			},
+			expected: &tracing.Tracing{
+				Backend: "powpow",
+			},
+		},
+		{
+			desc: "tracing jaeger backend name",
+			tracing: &tracing.Tracing{
+				Backend: "jaeger",
+				Zipkin: &zipkin.Config{
+					HTTPEndpoint: "http://localhost:9411/api/v1/spans",
+					SameSpan:     false,
+					ID128Bit:     true,
+					Debug:        false,
+				},
+			},
+			expected: &tracing.Tracing{
+				Backend: "jaeger",
+				Jaeger: &jaeger.Config{
+					SamplingServerURL:  "http://localhost:5778/sampling",
+					SamplingType:       "const",
+					SamplingParam:      1.0,
+					LocalAgentHostPort: "127.0.0.1:6831",
+				},
+				Zipkin: nil,
+			},
+		},
+		{
+			desc: "tracing zipkin backend name",
+			tracing: &tracing.Tracing{
+				Backend: "zipkin",
+				Jaeger: &jaeger.Config{
+					SamplingServerURL:  "http://localhost:5778/sampling",
+					SamplingType:       "const",
+					SamplingParam:      1.0,
+					LocalAgentHostPort: "127.0.0.1:6831",
+				},
+			},
+			expected: &tracing.Tracing{
+				Backend: "zipkin",
+				Jaeger:  nil,
+				Zipkin: &zipkin.Config{
+					HTTPEndpoint: "http://localhost:9411/api/v1/spans",
+					SameSpan:     false,
+					ID128Bit:     true,
+					Debug:        false,
+				},
+			},
+		},
+		{
+			desc: "tracing zipkin backend name value override",
+			tracing: &tracing.Tracing{
+				Backend: "zipkin",
+				Jaeger: &jaeger.Config{
+					SamplingServerURL:  "http://localhost:5778/sampling",
+					SamplingType:       "const",
+					SamplingParam:      1.0,
+					LocalAgentHostPort: "127.0.0.1:6831",
+				},
+				Zipkin: &zipkin.Config{
+					HTTPEndpoint: "http://powpow:9411/api/v1/spans",
+					SameSpan:     true,
+					ID128Bit:     true,
+					Debug:        true,
+				},
+			},
+			expected: &tracing.Tracing{
+				Backend: "zipkin",
+				Jaeger:  nil,
+				Zipkin: &zipkin.Config{
+					HTTPEndpoint: "http://powpow:9411/api/v1/spans",
+					SameSpan:     true,
+					ID128Bit:     true,
+					Debug:        true,
+				},
+			},
+		},
+	}
+
+	for _, test := range testCases {
+		test := test
+		t.Run(test.desc, func(t *testing.T) {
+			t.Parallel()
+
+			gc := &GlobalConfiguration{
+				Tracing: test.tracing,
+			}
+
+			gc.SetEffectiveConfiguration(defaultConfigFile)
+
+			assert.Equal(t, test.expected, gc.Tracing)
 		})
 	}
 }
--- a/contrib/scripts/dumpcerts.sh
+++ b/contrib/scripts/dumpcerts.sh
@@ -66,7 +66,7 @@ ${USAGE}" >&2

 bad_acme() {
 	echo "
-There was a problem parsing your acme.json file. $1
+There was a problem parsing your acme.json file.

 ${USAGE}" >&2
 	exit 2
--- a/docs/basics.md
+++ b/docs/basics.md
@@ -170,7 +170,7 @@ Here is an example of frontends definition:

 - Three frontends are defined: `frontend1`, `frontend2` and `frontend3`
 - `frontend1` will forward the traffic to the `backend2` if the rule `Host:test.localhost,test2.localhost` is matched
- `frontend2` will forward the traffic to the `backend1` if the rule `Host:localhost,{subdomain:[a-z]+}.localhost` is matched (forwarding client `Host` header to the backend)
+- `frontend2` will forward the traffic to the `backend1` if the rule `HostRegexp:localhost,{subdomain:[a-z]+}.localhost` is matched (forwarding client `Host` header to the backend)
 - `frontend3` will forward the traffic to the `backend2` if the rules `Host:test3.localhost` **AND** `Path:/test` are matched

 #### Combining multiple rules
@@ -262,7 +262,7 @@ This allows for setting headers such as `X-Script-Name` to be added to the reque
 !!! warning
    If the custom header name is the same as one header name of the request or response, it will be replaced.

-In this example, all matches to the path `/cheese` will have the `X-Script-Name` header added to the proxied request, and the `X-Custom-Response-Header` added to the response.
+In this example, all matches to the path `/cheese` will have the `X-Script-Name` header added to the proxied request and the `X-Custom-Response-Header` header added to the response.

 ```toml
 [frontends]
@@ -276,7 +276,7 @@ In this example, all matches to the path `/cheese` will have the `X-Script-Name`
    rule = "PathPrefixStrip:/cheese"
 ```

-In this second  example, all matches to the path `/cheese` will have the `X-Script-Name` header added to the proxied request, the `X-Custom-Request-Header` removed to the request and the `X-Custom-Response-Header` removed to the response.
+In this second  example, all matches to the path `/cheese` will have the `X-Script-Name` header added to the proxied request, the `X-Custom-Request-Header` header removed from the request, and the `X-Custom-Response-Header` header removed from the response.

 ```toml
 [frontends]
@@ -323,12 +323,49 @@ In this example, traffic routed through the first frontend will have the `X-Fram

 A backend is responsible to load-balance the traffic coming from one or more frontends to a set of http servers.

+#### Servers
+
+Servers are simply defined using a `url`. You can also apply a custom `weight` to each server (this will be used by load-balancing).
+
+!!! note
+    Paths in `url` are ignored. Use `Modifier` to specify paths instead.
+
+Here is an example of backends and servers definition:
+
+```toml
+[backends]
+  [backends.backend1]
+    # ...
+    [backends.backend1.servers.server1]
+    url = "http://172.17.0.2:80"
+    weight = 10
+    [backends.backend1.servers.server2]
+    url = "http://172.17.0.3:80"
+    weight = 1
+  [backends.backend2]
+    # ...
+    [backends.backend2.servers.server1]
+    url = "http://172.17.0.4:80"
+    weight = 1
+    [backends.backend2.servers.server2]
+    url = "http://172.17.0.5:80"
+    weight = 2
+```
+
+- Two backends are defined: `backend1` and `backend2`
+- `backend1` will forward the traffic to two servers: `http://172.17.0.2:80"` with weight `10` and `http://172.17.0.3:80` with weight `1`.
+- `backend2` will forward the traffic to two servers: `http://172.17.0.4:80"` with weight `1` and `http://172.17.0.5:80` with weight `2`.
+
+#### Load-balancing
+
 Various methods of load-balancing are supported:

 - `wrr`: Weighted Round Robin.
 - `drr`: Dynamic Round Robin: increases weights on servers that perform better than others.
    It also rolls back to original weights if the servers have changed.

+#### Circuit breakers
+
 A circuit breaker can also be applied to a backend, preventing high loads on failing servers.
 Initial state is Standby. CB observes the statistics and does not modify the request.
 In case the condition matches, CB enters Tripped state, where it responds with predefined code or redirects to another frontend.
@@ -346,6 +383,26 @@ For example:
 - `LatencyAtQuantileMS(50.0) > 50`:  watch latency at quantile in milliseconds.
 - `ResponseCodeRatio(500, 600, 0, 600) > 0.5`: ratio of response codes in ranges [500-600) and [0-600).

+Here is an example of backends and servers definition:
+
+```toml
+[backends]
+  [backends.backend1]
+    [backends.backend1.circuitbreaker]
+    expression = "NetworkErrorRatio() > 0.5"
+    [backends.backend1.servers.server1]
+    url = "http://172.17.0.2:80"
+    weight = 10
+    [backends.backend1.servers.server2]
+    url = "http://172.17.0.3:80"
+    weight = 1
+```
+
+- `backend1` will forward the traffic to two servers: `http://172.17.0.2:80"` with weight `10` and `http://172.17.0.3:80` with weight `1` using default `wrr` load-balancing strategy.
+- a circuit breaker is added on `backend1` using the expression `NetworkErrorRatio() > 0.5`: watch error ratio over 10 second sliding window
+
+#### Maximum connections
+
 To proactively prevent backends from being overwhelmed with high load, a maximum connection limit can also be applied to each backend.

 Maximum connections can be configured by specifying an integer value for `maxconn.amount` and `maxconn.extractorfunc` which is a strategy used to determine how to categorize requests in order to evaluate the maximum connections.
@@ -357,13 +414,14 @@ For example:
    [backends.backend1.maxconn]
       amount = 10
       extractorfunc = "request.host"
+   # ...
 ```

 - `backend1` will return `HTTP code 429 Too Many Requests` if there are already 10 requests in progress for the same Host header.
 - Another possible value for `extractorfunc` is `client.ip` which will categorize requests based on client source ip.
 - Lastly `extractorfunc` can take the value of `request.header.ANY_HEADER` which will categorize requests based on `ANY_HEADER` that you provide.

-### Sticky sessions
+#### Sticky sessions

 Sticky sessions are supported with both load balancers.  
 When sticky sessions are enabled, a cookie is set on the initial request.
@@ -371,7 +429,6 @@ The default cookie name is an abbreviation of a sha1 (ex: `_1d52e`).
 On subsequent requests, the client will be directed to the backend stored in the cookie if it is still healthy.
 If not, a new backend will be assigned.

-
 ```toml
 [backends]
  [backends.backend1]
@@ -395,10 +452,10 @@ The deprecated way:
      sticky = true
 ```

-### Health Check
+#### Health Check

 A health check can be configured in order to remove a backend from LB rotation as long as it keeps returning HTTP status codes other than `200 OK` to HTTP GET requests periodically carried out by Traefik.  
-The check is defined by a pathappended to the backend URL and an interval (given in a format understood by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration)) specifying how often the health check should be executed (the default being 30 seconds).
+The check is defined by a path appended to the backend URL and an interval (given in a format understood by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration)) specifying how often the health check should be executed (the default being 30 seconds).
 Each backend must respond to the health check within 5 seconds.  
 By default, the port of the backend server is used, however, this may be overridden.

@@ -424,43 +481,6 @@ To use a different port for the healthcheck:
    port = 8080
 ```

-### Servers
-
-Servers are simply defined using a `url`. You can also apply a custom `weight` to each server (this will be used by load-balancing).
-
-!!! note
-    Paths in `url` are ignored. Use `Modifier` to specify paths instead.
-
-Here is an example of backends and servers definition:
-
-```toml
-[backends]
-  [backends.backend1]
-    [backends.backend1.circuitbreaker]
-    expression = "NetworkErrorRatio() > 0.5"
-    [backends.backend1.servers.server1]
-    url = "http://172.17.0.2:80"
-    weight = 10
-    [backends.backend1.servers.server2]
-    url = "http://172.17.0.3:80"
-    weight = 1
-  [backends.backend2]
-    [backends.backend2.LoadBalancer]
-    method = "drr"
-    [backends.backend2.servers.server1]
-    url = "http://172.17.0.4:80"
-    weight = 1
-    [backends.backend2.servers.server2]
-    url = "http://172.17.0.5:80"
-    weight = 2
-```
-
- Two backends are defined: `backend1` and `backend2`
- `backend1` will forward the traffic to two servers: `http://172.17.0.2:80"` with weight `10` and `http://172.17.0.3:80` with weight `1` using default `wrr` load-balancing strategy.
- `backend2` will forward the traffic to two servers: `http://172.17.0.4:80"` with weight `1` and `http://172.17.0.5:80` with weight `2` using `drr` load-balancing strategy.
- a circuit breaker is added on `backend1` using the expression `NetworkErrorRatio() > 0.5`: watch error ratio over 10 second sliding window
-
-
 ## Configuration

 Træfik's configuration has two parts:
@@ -645,18 +665,18 @@ Once a day (the first call begins 10 minutes after the start of Træfik), we col
  swarmMode = true

  [Docker.TLS]
-    CA = "dockerCA"
-    Cert = "dockerCert"
-    Key = "dockerKey"
-    InsecureSkipVerify = true
+    ca = "dockerCA"
+    cert = "dockerCert"
+    key = "dockerKey"
+    insecureSkipVerify = true

 [ECS]
-  Domain = "foo.bar"
-  ExposedByDefault = true
-  Clusters = ["foo-bar"]
-  Region = "us-west-2"
-  AccessKeyID = "AccessKeyID"
-  SecretAccessKey = "SecretAccessKey"
+  domain = "foo.bar"
+  exposedByDefault = true
+  clusters = ["foo-bar"]
+  region = "us-west-2"
+  accessKeyID = "AccessKeyID"
+  secretAccessKey = "SecretAccessKey"
 ```

 - Obfuscated and anonymous configuration:
@@ -669,24 +689,24 @@ Once a day (the first call begins 10 minutes after the start of Træfik), we col
 [api]

 [Docker]
-  Endpoint = "xxxx"
-  Domain = "xxxx"
-  ExposedByDefault = true
-  SwarmMode = true
+  endpoint = "xxxx"
+  domain = "xxxx"
+  exposedByDefault = true
+  swarmMode = true

  [Docker.TLS]
-    CA = "xxxx"
-    Cert = "xxxx"
-    Key = "xxxx"
-    InsecureSkipVerify = false
+    ca = "xxxx"
+    cert = "xxxx"
+    key = "xxxx"
+    insecureSkipVerify = false

 [ECS]
-  Domain = "xxxx"
-  ExposedByDefault = true
-  Clusters = []
-  Region = "us-west-2"
-  AccessKeyID = "xxxx"
-  SecretAccessKey = "xxxx"
+  domain = "xxxx"
+  exposedByDefault = true
+  clusters = []
+  region = "us-west-2"
+  accessKeyID = "xxxx"
+  secretAccessKey = "xxxx"
 ```

 ### Show me the code !
--- a/docs/benchmarks.md
+++ b/docs/benchmarks.md
@@ -118,7 +118,7 @@ server {
 Here is the `traefik.toml` file used:

 ```toml
-MaxIdleConnsPerHost = 100000
+maxIdleConnsPerHost = 100000
 defaultEntryPoints = ["http"]

 [entryPoints]
--- a/docs/configuration/acme.md
+++ b/docs/configuration/acme.md
@@ -112,7 +112,7 @@ entryPoint = "https"
  #
  entryPoint = "http"

-# Use a DNS-01/DNS-02 acme challenge rather than HTTP-01 challenge.
+# Use a DNS-01/DNS-01 acme challenge rather than HTTP-01 challenge.
 # Note : Mandatory for wildcard certificates generation.
 #
 # Optional
@@ -264,7 +264,7 @@ defaultEntryPoints = ["http", "https"]

 ### `dnsChallenge`

-Use `DNS-01/DNS-02` challenge to generate/renew ACME certificates.
+Use `DNS-01/DNS-01` challenge to generate/renew ACME certificates.

 ```toml
 [acme]
@@ -276,7 +276,7 @@ Use `DNS-01/DNS-02` challenge to generate/renew ACME certificates.
 ```

 !!! note
-    ACME wildcard certificates can only be generated thanks to a `DNS-02` challenge.
+    ACME wildcard certificates can only be generated thanks to a `DNS-01` challenge.

 #### `provider`

@@ -286,21 +286,28 @@ Select the provider that matches the DNS domain that will host the challenge TXT
 |--------------------------------------------------------|----------------|---------------------------------------------------------------------------------------------------------------------------|
 | [Auroradns](https://www.pcextreme.com/aurora/dns)      | `auroradns`    | `AURORA_USER_ID`, `AURORA_KEY`, `AURORA_ENDPOINT`                                                                         |
 | [Azure](https://azure.microsoft.com/services/dns/)     | `azure`        | `AZURE_CLIENT_ID`, `AZURE_CLIENT_SECRET`, `AZURE_SUBSCRIPTION_ID`, `AZURE_TENANT_ID`, `AZURE_RESOURCE_GROUP`              |
+| [Blue Cat](https://www.bluecatnetworks.com/)           | `bluecat`      | `BLUECAT_SERVER_URL`, `BLUECAT_USER_NAME`, `BLUECAT_PASSWORD`, `BLUECAT_CONFIG_NAME`, `BLUECAT_DNS_VIEW`                  |
 | [Cloudflare](https://www.cloudflare.com)               | `cloudflare`   | `CLOUDFLARE_EMAIL`, `CLOUDFLARE_API_KEY` - The Cloudflare `Global API Key` needs to be used and not the `Origin CA Key`   |
 | [CloudXNS](https://www.cloudxns.net)                   | `cloudxns`     | `CLOUDXNS_API_KEY`, `CLOUDXNS_SECRET_KEY`                                                                                 |
 | [DigitalOcean](https://www.digitalocean.com)           | `digitalocean` | `DO_AUTH_TOKEN`                                                                                                           |
 | [DNSimple](https://dnsimple.com)                       | `dnsimple`     | `DNSIMPLE_OAUTH_TOKEN`, `DNSIMPLE_BASE_URL`                                                                               |
 | [DNS Made Easy](https://dnsmadeeasy.com)               | `dnsmadeeasy`  | `DNSMADEEASY_API_KEY`, `DNSMADEEASY_API_SECRET`, `DNSMADEEASY_SANDBOX`                                                    |
 | [DNSPod](http://www.dnspod.net/)                       | `dnspod`       | `DNSPOD_API_KEY`                                                                                                          |
+| [Duck DNS](https://www.duckdns.org/)                   | `duckdns`      | `DUCKDNS_TOKEN`                                                                                                           |
 | [Dyn](https://dyn.com)                                 | `dyn`          | `DYN_CUSTOMER_NAME`, `DYN_USER_NAME`, `DYN_PASSWORD`                                                                      |
+| External Program                                       | `exec`         | `EXEC_PATH`                                                                                                               |
 | [Exoscale](https://www.exoscale.ch)                    | `exoscale`     | `EXOSCALE_API_KEY`, `EXOSCALE_API_SECRET`, `EXOSCALE_ENDPOINT`                                                            |
+| [Fast DNS](https://www.akamai.com/)                    | `fastdns`      | `AKAMAI_CLIENT_TOKEN`,  `AKAMAI_CLIENT_SECRET`,  `AKAMAI_ACCESS_TOKEN`                                                    |
 | [Gandi](https://www.gandi.net)                         | `gandi`        | `GANDI_API_KEY`                                                                                                           |
 | [Gandi V5](http://doc.livedns.gandi.net)               | `gandiv5`      | `GANDIV5_API_KEY`                                                                                                         |
+| [Glesys](https://glesys.com/)                          | `glesys`       | `GLESYS_API_USER`, `GLESYS_API_KEY`, `GLESYS_DOMAIN`                                                                      |
 | [GoDaddy](https://godaddy.com/domains)                 | `godaddy`      | `GODADDY_API_KEY`, `GODADDY_API_SECRET`                                                                                   |
 | [Google Cloud DNS](https://cloud.google.com/dns/docs/) | `gcloud`       | `GCE_PROJECT`, `GCE_SERVICE_ACCOUNT_FILE`                                                                                 |
+| [Lightsail](https://aws.amazon.com/lightsail/)         | `lightsail`    | `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `DNS_ZONE`                                                                  |
 | [Linode](https://www.linode.com)                       | `linode`       | `LINODE_API_KEY`                                                                                                          |
 | manual                                                 | -              | none, but run Træfik interactively & turn on `acmeLogging` to see instructions & press <kbd>Enter</kbd>.                  |
 | [Namecheap](https://www.namecheap.com)                 | `namecheap`    | `NAMECHEAP_API_USER`, `NAMECHEAP_API_KEY`                                                                                 |
+| [name.com](https://www.name.com/)                      | `namedotcom`   | `NAMECOM_USERNAME`, `NAMECOM_API_TOKEN`, `NAMECOM_SERVER`                                                                 |
 | [Ns1](https://ns1.com/)                                | `ns1`          | `NS1_API_KEY`                                                                                                             |
 | [Open Telekom Cloud](https://cloud.telekom.de/en/)     | `otc`          | `OTC_DOMAIN_NAME`, `OTC_USER_NAME`, `OTC_PASSWORD`, `OTC_PROJECT_NAME`, `OTC_IDENTITY_ENDPOINT`                           |
 | [OVH](https://www.ovh.com)                             | `ovh`          | `OVH_ENDPOINT`, `OVH_APPLICATION_KEY`, `OVH_APPLICATION_SECRET`, `OVH_CONSUMER_KEY`                                       |
@@ -390,14 +397,18 @@ CA server to use.
  main = "local3.com"
 [[acme.domains]]
  main = "*.local4.com"
+  sans = ["local4.com", "test1.test1.local4.com"]
 # ...
 ```

 #### Wildcard domains

-Wildcard domain has to be defined as a main domain **with no SANs** (alternative domains).
+Wildcard domain has to be defined as a main domain.
 All domains must have A/AAAA records pointing to Træfik.

+Due to ACME limitation, it's not possible to define a wildcard as a SAN (alternative domains).
+It's neither possible to define a wildcard on a wildcard domain (for example `*.*.local.com`).
+
 !!! warning
    Note that Let's Encrypt has [rate limiting](https://letsencrypt.org/docs/rate-limits).

@@ -428,9 +439,9 @@ Each domain & SANs will lead to a certificate request.
 [ACME V2](https://community.letsencrypt.org/t/acme-v2-and-wildcard-certificate-support-is-live/55579) allows wildcard certificate support.
 However, this feature needs a specific configuration.

-### DNS-02 Challenge
+### DNS-01 Challenge

-As described in [Let's Encrypt post](https://community.letsencrypt.org/t/staging-endpoint-for-acme-v2/49605), wildcard certificates can only be generated through a `DNS-02`Challenge.
+As described in [Let's Encrypt post](https://community.letsencrypt.org/t/staging-endpoint-for-acme-v2/49605), wildcard certificates can only be generated through a `DNS-01` Challenge.
 This challenge is linked to the Træfik option `acme.dnsChallenge`.

 ```toml
@@ -447,16 +458,99 @@ For more information about this option, please refer to the [dnsChallenge sectio
 ### Wildcard domain

 Wildcard domains can currently be provided only by to the `acme.domains` option.
-Theses domains can not have SANs.

 ```toml
 [acme]
 # ...
 [[acme.domains]]
-  main = "*local1.com"
+  main = "*.local1.com"
+  sans = ["local1.com"]
 [[acme.domains]]
  main = "*.local2.com"
 # ...
 ```

 For more information about this option, please refer to the [domains section](/configuration/acme/#domains).
+
+### Limitations
+
+Let's Encrypt wildcard support have some limitations to take into account :
+
+- Wildcard domain can not be a SAN (alternative domain),
+- Wildcard domain on a wildcard domain is forbidden (for example `*.*.local.com`),
+- A DNS-01 Challenge is executed for each domain (CN and SANs), DNS provider can not manage correctly this behavior as explained in the [DNS provider support section](/configuration/acme/#dns-provider-support)
+
+
+### DNS provider support
+
+All DNS providers allow creating ACME wildcard certificates.
+However, many troubles can appear for wildcard domains with SANs.
+
+If a wildcard domain is defined with it root domain as SAN, as described below, 2 DNS-01 Challenges will be executed.
+
+```toml
+[acme]
+# ...
+[[acme.domains]]
+  main = "*.local1.com"
+  sans = ["local1.com"]
+# ...
+```
+
+When a DNS-01 Challenge is done, Let's Encrypt checks if a TXT record is created with a given name and a given value.
+When a certificate is generated for a wildcard domain is defined with it root domain as SAN, the requested TXT record name for both the wildcard domain and the root domain is the same.
+
+The [DNS RFC](https://community.letsencrypt.org/t/wildcard-issuance-two-txt-records-for-the-same-name/54528/2) allows this behavior.
+But all DNS providers keep TXT records values in a cache with a TTL.
+In function of the parameters given by the Træfik ACME client library ([LEGO](https://github.com/xenolf/lego)), the TXT record TTL can be superior to challenge Timeout.
+In that event, the DNS-01 Challenge will not work correctly.
+ 
+[LEGO](https://github.com/xenolf/lego) will involve in the way to be adapted to all of DNS providers.
+Meanwhile, the table described below contains all the DNS providers supported by Træfik and indicates if they allow generating certificates for a wildcard domain and its root domain.
+Do not hesitate to complete it.
+
+| Provider Name                                          | Provider code  | Wildcard and Root Domain Support |
+|--------------------------------------------------------|----------------|----------------------------------|
+| [Auroradns](https://www.pcextreme.com/aurora/dns)      | `auroradns`    | Not tested yet                   |
+| [Azure](https://azure.microsoft.com/services/dns/)     | `azure`        | Not tested yet                   |
+| [Blue Cat](https://www.bluecatnetworks.com/)           | `bluecat`      | Not tested yet                   |
+| [Cloudflare](https://www.cloudflare.com)               | `cloudflare`   | YES                              |
+| [CloudXNS](https://www.cloudxns.net)                   | `cloudxns`     | Not tested yet                   |
+| [DigitalOcean](https://www.digitalocean.com)           | `digitalocean` | YES                              |
+| [DNSimple](https://dnsimple.com)                       | `dnsimple`     | Not tested yet                   |
+| [DNS Made Easy](https://dnsmadeeasy.com)               | `dnsmadeeasy`  | Not tested yet                   |
+| [DNSPod](http://www.dnspod.net/)                       | `dnspod`       | Not tested yet                   |
+| [Duck DNS](https://www.duckdns.org/)                   | `duckdns`      | Not tested yet                   |
+| [Dyn](https://dyn.com)                                 | `dyn`          | Not tested yet                   |
+| External Program                                       | `exec`         | Not tested yet                   |
+| [Exoscale](https://www.exoscale.ch)                    | `exoscale`     | Not tested yet                   |
+| [Fast DNS](https://www.akamai.com/)                    | `fastdns`      | Not tested yet                   |
+| [Gandi](https://www.gandi.net)                         | `gandi`        | Not tested yet                   |
+| [Gandi V5](http://doc.livedns.gandi.net)               | `gandiv5`      | Not tested yet                   |
+| [Glesys](https://glesys.com/)                          | `glesys`       | Not tested yet                   |
+| [GoDaddy](https://godaddy.com/domains)                 | `godaddy`      | Not tested yet                   |
+| [Google Cloud DNS](https://cloud.google.com/dns/docs/) | `gcloud`       | YES                              |
+| [Lightsail](https://aws.amazon.com/lightsail/)         | `lightsail`    | Not tested yet                   |
+| [Linode](https://www.linode.com)                       | `linode`       | Not tested yet                   |
+| manual                                                 | -              | YES                              |
+| [Namecheap](https://www.namecheap.com)                 | `namecheap`    | Not tested yet                   |
+| [name.com](https://www.name.com/)                      | `namedotcom`   | Not tested yet                   |
+| [Ns1](https://ns1.com/)                                | `ns1`          | Not tested yet                   |
+| [Open Telekom Cloud](https://cloud.telekom.de/en/)     | `otc`          | Not tested yet                   |
+| [OVH](https://www.ovh.com)                             | `ovh`          | YES                              |
+| [PowerDNS](https://www.powerdns.com)                   | `pdns`         | Not tested yet                   |
+| [Rackspace](https://www.rackspace.com/cloud/dns)       | `rackspace`    | Not tested yet                   |
+| [RFC2136](https://tools.ietf.org/html/rfc2136)         | `rfc2136`      | Not tested yet                   |
+| [Route 53](https://aws.amazon.com/route53/)            | `route53`      | YES                              |
+| [VULTR](https://www.vultr.com)                         | `vultr`        | Not tested yet                   |
+
+## ACME V2 migration
+
+During migration from ACME V1 to ACME V2 with a storage file, a backup is created with the content of the ACME V1 file.
+To obtain the name of the backup file, Træfik concatenates the option `acme.storage` and the suffix `.bak`.
+
+For example : if `acme.storage` value is `/etc/traefik/acme/acme.json`, the backup file will be named `/etc/traefik/acme/acme.json.bak`.
+
+!!! note
+    When Træfik is launched in a container, do not forget to create a volume of the parent folder to get the backup file on the host.
+    Otherwise, the backup file will be deleted when the container will be stopped and Træfik will not generate it again.
--- a/docs/configuration/backends/boltdb.md
+++ b/docs/configuration/backends/boltdb.md
@@ -53,7 +53,7 @@ filename = "boltdb.tmpl"
 #    ca = "/etc/ssl/ca.crt"
 #    cert = "/etc/ssl/boltdb.crt"
 #    key = "/etc/ssl/boltdb.key"
-#    insecureskipverify = true
+#    insecureSkipVerify = true
 ```

 To enable constraints see [backend-specific constraints section](/configuration/commons/#backend-specific).
--- a/docs/configuration/backends/consul.md
+++ b/docs/configuration/backends/consul.md
@@ -53,7 +53,7 @@ prefix = "traefik"
 #    ca = "/etc/ssl/ca.crt"
 #    cert = "/etc/ssl/consul.crt"
 #    key = "/etc/ssl/consul.key"
-#    insecureskipverify = true
+#    insecureSkipVerify = true
 ```

 To enable constraints see [backend-specific constraints section](/configuration/commons/#backend-specific).
--- a/docs/configuration/backends/consulcatalog.md
+++ b/docs/configuration/backends/consulcatalog.md
@@ -57,7 +57,23 @@ prefix = "traefik"
 #    ca = "/etc/ssl/ca.crt"
 #    cert = "/etc/ssl/consul.crt"
 #    key = "/etc/ssl/consul.key"
-#    insecureskipverify = true
+#    insecureSkipVerify = true
+
+# Override default configuration template.
+# For advanced users :)
+#
+# Optional
+#
+# filename = "consulcatalog.tmpl"
+
+# Override template version
+# For advanced users :)
+#
+# Optional
+# - "1": previous template version (must be used only with older custom templates, see "filename")
+# - "2": current template version (must be used to force template version when "filename" is used)
+#
+# templateVersion = 2
 ```

 This backend will create routes matching on hostname based on the service name used in Consul.
@@ -74,7 +90,6 @@ Additional settings can be defined using Consul Catalog tags.
 | Label                                                       | Description                                                                                                                                                                                                            |
 |-------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
 | `<prefix>.enable=false`                                     | Disable this container in Træfik.                                                                                                                                                                                      |
-| `<prefix>.port=80`                                          | Register this port. Useful when the container exposes multiples ports.                                                                                                                                                 |
 | `<prefix>.protocol=https`                                   | Override the default `http` protocol.                                                                                                                                                                                  |
 | `<prefix>.weight=10`                                        | Assign this weight to the container.                                                                                                                                                                                   |
 | `traefik.backend.buffering.maxRequestBodyBytes=0`           | See [buffering](/configuration/commons/#buffering) section.                                                                                                                                                            |
@@ -130,7 +145,17 @@ Additional settings can be defined using Consul Catalog tags.
 | Label                                                     | Description                                                                                                                                                                                         |
 |-----------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
 | `<prefix>.frontend.headers.allowedHosts=EXPR`             | Provides a list of allowed hosts that requests will be processed.<br>Format: `Host1,Host2`                                                                                                          |
+| `<prefix>.frontend.headers.browserXSSFilter=true`         | Adds the X-XSS-Protection header with the value `1; mode=block`.                                                                                                                                    |
+| `<prefix>.frontend.headers.contentSecurityPolicy=VALUE`   | Adds CSP Header with the custom value.                                                                                                                                                              |
+| `<prefix>.frontend.headers.contentTypeNosniff=true`       | Adds the `X-Content-Type-Options` header with the value `nosniff`.                                                                                                                                  |
+| `<prefix>.frontend.headers.customBrowserXSSValue=VALUE`   | Set custom value for X-XSS-Protection header. This overrides the BrowserXssFilter option.                                                                                                           |
+| `<prefix>.frontend.headers.customFrameOptionsValue=VALUE` | Overrides the `X-Frame-Options` header with the custom value.                                                                                                                                       |
+| `<prefix>.frontend.headers.forceSTSHeader=false`          | Adds the STS  header to non-SSL requests.                                                                                                                                                           |
+| `<prefix>.frontend.headers.frameDeny=false`               | Adds the `X-Frame-Options` header with the value of `DENY`.                                                                                                                                         |
 | `<prefix>.frontend.headers.hostsProxyHeaders=EXPR`        | Provides a list of headers that the proxied hostname may be stored.<br>Format: `HEADER1,HEADER2`                                                                                                    |
+| `<prefix>.frontend.headers.isDevelopment=false`           | This will cause the `AllowedHosts`, `SSLRedirect`, and `STSSeconds`/`STSIncludeSubdomains` options to be ignored during development.<br>When deploying to production, be sure to set this to false. |
+| `<prefix>.frontend.headers.publicKey=VALUE`               | Adds pinned HTST public key header.                                                                                                                                                                 |
+| `<prefix>.frontend.headers.referrerPolicy=VALUE`          | Adds referrer policy  header.                                                                                                                                                                       |
 | `<prefix>.frontend.headers.SSLRedirect=true`              | Forces the frontend to redirect to SSL if a non-SSL request is sent.                                                                                                                                |
 | `<prefix>.frontend.headers.SSLTemporaryRedirect=true`     | Forces the frontend to redirect to SSL if a non-SSL request is sent, but by sending a 302 instead of a 301.                                                                                         |
 | `<prefix>.frontend.headers.SSLHost=HOST`                  | This setting configures the hostname that redirects will be based on. Default is "", which is the same host as the request.                                                                         |
@@ -138,16 +163,6 @@ Additional settings can be defined using Consul Catalog tags.
 | `<prefix>.frontend.headers.STSSeconds=315360000`          | Sets the max-age of the STS header.                                                                                                                                                                 |
 | `<prefix>.frontend.headers.STSIncludeSubdomains=true`     | Adds the `IncludeSubdomains` section of the STS  header.                                                                                                                                            |
 | `<prefix>.frontend.headers.STSPreload=true`               | Adds the preload flag to the STS  header.                                                                                                                                                           |
-| `<prefix>.frontend.headers.forceSTSHeader=false`          | Adds the STS  header to non-SSL requests.                                                                                                                                                           |
-| `<prefix>.frontend.headers.frameDeny=false`               | Adds the `X-Frame-Options` header with the value of `DENY`.                                                                                                                                         |
-| `<prefix>.frontend.headers.customFrameOptionsValue=VALUE` | Overrides the `X-Frame-Options` header with the custom value.                                                                                                                                       |
-| `<prefix>.frontend.headers.contentTypeNosniff=true`       | Adds the `X-Content-Type-Options` header with the value `nosniff`.                                                                                                                                  |
-| `<prefix>.frontend.headers.browserXSSFilter=true`         | Adds the X-XSS-Protection header with the value `1; mode=block`.                                                                                                                                    |
-| `<prefix>.frontend.headers.customBrowserXSSValue=VALUE`   | Set custom value for X-XSS-Protection header. This overrides the BrowserXssFilter option.                                                                                                           |
-| `<prefix>.frontend.headers.contentSecurityPolicy=VALUE`   | Adds CSP Header with the custom value.                                                                                                                                                              |
-| `<prefix>.frontend.headers.publicKey=VALUE`               | Adds pinned HTST public key header.                                                                                                                                                                 |
-| `<prefix>.frontend.headers.referrerPolicy=VALUE`          | Adds referrer policy  header.                                                                                                                                                                       |
-| `<prefix>.frontend.headers.isDevelopment=false`           | This will cause the `AllowedHosts`, `SSLRedirect`, and `STSSeconds`/`STSIncludeSubdomains` options to be ignored during development.<br>When deploying to production, be sure to set this to false. |

 ### Examples

--- a/docs/configuration/backends/docker.md
+++ b/docs/configuration/backends/docker.md
@@ -46,7 +46,7 @@ watch = true
 # - "1": previous template version (must be used only with older custom templates, see "filename")
 # - "2": current template version (must be used to force template version when "filename" is used)
 #
-# templateVersion = "2"
+# templateVersion = 2

 # Expose containers by default in Traefik.
 # If set to false, containers that don't have `traefik.enable=true` will be ignored.
@@ -54,7 +54,7 @@ watch = true
 # Optional
 # Default: true
 #
-exposedbydefault = true
+exposedByDefault = true

 # Use the IP address from the binded port instead of the inner network one.
 # For specific use-case :)
@@ -69,7 +69,7 @@ usebindportip = true
 # Optional
 # Default: false
 #
-swarmmode = false
+swarmMode = false

 # Enable docker TLS connection.
 #
@@ -79,7 +79,7 @@ swarmmode = false
 #  ca = "/etc/ssl/ca.crt"
 #  cert = "/etc/ssl/docker.crt"
 #  key = "/etc/ssl/docker.key"
-#  insecureskipverify = true
+#  insecureSkipVerify = true
 ```

 To enable constraints see [backend-specific constraints section](/configuration/commons/#backend-specific).
@@ -89,7 +89,7 @@ To enable constraints see [backend-specific constraints section](/configuration/

 ```toml
 ################################################################
-# Docker Swarmmode configuration backend
+# Docker Swarm Mode configuration backend
 ################################################################

 # Enable Docker configuration backend.
@@ -123,7 +123,7 @@ watch = true
 # Optional
 # Default: false
 #
-swarmmode = true
+swarmMode = true

 # Override default configuration template.
 # For advanced users :)
@@ -139,14 +139,14 @@ swarmmode = true
 # - "1": previous template version (must be used only with older custom templates, see "filename")
 # - "2": current template version (must be used to force template version when "filename" is used)
 #
-# templateVersion = "2"
+# templateVersion = 2

 # Expose services by default in Traefik.
 #
 # Optional
 # Default: true
 #
-exposedbydefault = false
+exposedByDefault = false

 # Enable docker TLS connection.
 #
@@ -156,7 +156,7 @@ exposedbydefault = false
 #  ca = "/etc/ssl/ca.crt"
 #  cert = "/etc/ssl/docker.crt"
 #  key = "/etc/ssl/docker.key"
-#  insecureskipverify = true
+#  insecureSkipVerify = true
 ```

 To enable constraints see [backend-specific constraints section](/configuration/commons/#backend-specific).
@@ -196,6 +196,7 @@ Labels can be used on containers to override default behavior.
 | Label                                                      | Description                                                                                                                                                                                                               |
 |------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
 | `traefik.docker.network`                                   | Set the docker network to use for connections to this container. [1]                                                                                                                                                      |
+| `traefik.domain`                                           | Default domain used for frontend rules.                                                                                                                                                                                   |
 | `traefik.enable=false`                                     | Disable this container in Træfik                                                                                                                                                                                          |
 | `traefik.port=80`                                          | Register this port. Useful when the container exposes multiples ports.                                                                                                                                                    |
 | `traefik.protocol=https`                                   | Override the default `http` protocol                                                                                                                                                                                      |
@@ -254,7 +255,17 @@ Or if your service references external network use it's name instead.
 | Label                                                    | Description                                                                                                                                                                                         |
 |----------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
 | `traefik.frontend.headers.allowedHosts=EXPR`             | Provides a list of allowed hosts that requests will be processed.<br>Format: `Host1,Host2`                                                                                                          |
+| `traefik.frontend.headers.browserXSSFilter=true`         | Adds the X-XSS-Protection header with the value `1; mode=block`.                                                                                                                                    |
+| `traefik.frontend.headers.contentSecurityPolicy=VALUE`   | Adds CSP Header with the custom value.                                                                                                                                                              |
+| `traefik.frontend.headers.contentTypeNosniff=true`       | Adds the `X-Content-Type-Options` header with the value `nosniff`.                                                                                                                                  |
+| `traefik.frontend.headers.customBrowserXSSValue=VALUE`   | Set custom value for X-XSS-Protection header. This overrides the BrowserXssFilter option.                                                                                                           |
+| `traefik.frontend.headers.customFrameOptionsValue=VALUE` | Overrides the `X-Frame-Options` header with the custom value.                                                                                                                                       |
+| `traefik.frontend.headers.forceSTSHeader=false`          | Adds the STS  header to non-SSL requests.                                                                                                                                                           |
+| `traefik.frontend.headers.frameDeny=false`               | Adds the `X-Frame-Options` header with the value of `DENY`.                                                                                                                                         |
 | `traefik.frontend.headers.hostsProxyHeaders=EXPR `       | Provides a list of headers that the proxied hostname may be stored.<br>Format: `HEADER1,HEADER2`                                                                                                    |
+| `traefik.frontend.headers.isDevelopment=false`           | This will cause the `AllowedHosts`, `SSLRedirect`, and `STSSeconds`/`STSIncludeSubdomains` options to be ignored during development.<br>When deploying to production, be sure to set this to false. |
+| `traefik.frontend.headers.publicKey=VALUE`               | Adds pinned HTST public key header.                                                                                                                                                                 |
+| `traefik.frontend.headers.referrerPolicy=VALUE`          | Adds referrer policy  header.                                                                                                                                                                       |
 | `traefik.frontend.headers.SSLRedirect=true`              | Forces the frontend to redirect to SSL if a non-SSL request is sent.                                                                                                                                |
 | `traefik.frontend.headers.SSLTemporaryRedirect=true`     | Forces the frontend to redirect to SSL if a non-SSL request is sent, but by sending a 302 instead of a 301.                                                                                         |
 | `traefik.frontend.headers.SSLHost=HOST`                  | This setting configures the hostname that redirects will be based on. Default is "", which is the same host as the request.                                                                         |
@@ -262,16 +273,6 @@ Or if your service references external network use it's name instead.
 | `traefik.frontend.headers.STSSeconds=315360000`          | Sets the max-age of the STS header.                                                                                                                                                                 |
 | `traefik.frontend.headers.STSIncludeSubdomains=true`     | Adds the `IncludeSubdomains` section of the STS  header.                                                                                                                                            |
 | `traefik.frontend.headers.STSPreload=true`               | Adds the preload flag to the STS  header.                                                                                                                                                           |
-| `traefik.frontend.headers.forceSTSHeader=false`          | Adds the STS  header to non-SSL requests.                                                                                                                                                           |
-| `traefik.frontend.headers.frameDeny=false`               | Adds the `X-Frame-Options` header with the value of `DENY`.                                                                                                                                         |
-| `traefik.frontend.headers.customFrameOptionsValue=VALUE` | Overrides the `X-Frame-Options` header with the custom value.                                                                                                                                       |
-| `traefik.frontend.headers.contentTypeNosniff=true`       | Adds the `X-Content-Type-Options` header with the value `nosniff`.                                                                                                                                  |
-| `traefik.frontend.headers.browserXSSFilter=true`         | Adds the X-XSS-Protection header with the value `1; mode=block`.                                                                                                                                    |
-| `traefik.frontend.headers.customBrowserXSSValue=VALUE`   | Set custom value for X-XSS-Protection header. This overrides the BrowserXssFilter option.                                                                                                           |
-| `traefik.frontend.headers.contentSecurityPolicy=VALUE`   | Adds CSP Header with the custom value.                                                                                                                                                              |
-| `traefik.frontend.headers.publicKey=VALUE`               | Adds pinned HTST public key header.                                                                                                                                                                 |
-| `traefik.frontend.headers.referrerPolicy=VALUE`          | Adds referrer policy  header.                                                                                                                                                                       |
-| `traefik.frontend.headers.isDevelopment=false`           | This will cause the `AllowedHosts`, `SSLRedirect`, and `STSSeconds`/`STSIncludeSubdomains` options to be ignored during development.<br>When deploying to production, be sure to set this to false. |

 ### On containers with Multiple Ports (segment labels)

@@ -281,62 +282,63 @@ You can define as many segments as ports exposed in a container.

 Segment labels override the default behavior.

-| Label                                                                     | Description                                                                                      |
-|---------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------|
-| `traefik.<segment_name>.port=PORT`                                        | Overrides `traefik.port`. If several ports need to be exposed, the segment labels could be used. |
-| `traefik.<segment_name>.protocol`                                         | Overrides `traefik.protocol`.                                                                    |
-| `traefik.<segment_name>.weight`                                           | Assign this segment weight. Overrides `traefik.weight`.                                          |
-| `traefik.<segment_name>.frontend.auth.basic`                              | Sets a Basic Auth for that frontend                                                              |
-| `traefik.<segment_name>.frontend.backend=BACKEND`                         | Assign this segment frontend to `BACKEND`. Default is to assign to the segment backend.          |
-| `traefik.<segment_name>.frontend.entryPoints`                             | Overrides `traefik.frontend.entrypoints`                                                         |
-| `traefik.<segment_name>.frontend.errors.<name>.backend=NAME`              | See [custom error pages](/configuration/commons/#custom-error-pages) section.                    |
-| `traefik.<segment_name>.frontend.errors.<name>.query=PATH`                | See [custom error pages](/configuration/commons/#custom-error-pages) section.                    |
-| `traefik.<segment_name>.frontend.errors.<name>.status=RANGE`              | See [custom error pages](/configuration/commons/#custom-error-pages) section.                    |
-| `traefik.<segment_name>.frontend.passHostHeader`                          | Overrides `traefik.frontend.passHostHeader`.                                                     |
-| `traefik.<segment_name>.frontend.passTLSCert`                             | Overrides `traefik.frontend.passTLSCert`.                                                        |
-| `traefik.<segment_name>.frontend.priority`                                | Overrides `traefik.frontend.priority`.                                                           |
-| `traefik.<segment_name>.frontend.rateLimit.extractorFunc=EXP`             | See [rate limiting](/configuration/commons/#rate-limiting) section.                              |
-| `traefik.<segment_name>.frontend.rateLimit.rateSet.<name>.period=6`       | See [rate limiting](/configuration/commons/#rate-limiting) section.                              |
-| `traefik.<segment_name>.frontend.rateLimit.rateSet.<name>.average=6`      | See [rate limiting](/configuration/commons/#rate-limiting) section.                              |
-| `traefik.<segment_name>.frontend.rateLimit.rateSet.<name>.burst=6`        | See [rate limiting](/configuration/commons/#rate-limiting) section.                              |
-| `traefik.<segment_name>.frontend.redirect.entryPoint=https`               | Overrides `traefik.frontend.redirect.entryPoint`.                                                |
-| `traefik.<segment_name>.frontend.redirect.regex=^http://localhost/(.*)`   | Overrides `traefik.frontend.redirect.regex`.                                                     |
-| `traefik.<segment_name>.frontend.redirect.replacement=http://mydomain/$1` | Overrides `traefik.frontend.redirect.replacement`.                                               |
-| `traefik.<segment_name>.frontend.redirect.permanent=true`                 | Return 301 instead of 302.                                                                       |
-| `traefik.<segment_name>.frontend.rule`                                    | Overrides `traefik.frontend.rule`.                                                               |
-| `traefik.<segment_name>.frontend.whiteList.sourceRange=RANGE`             | Overrides `traefik.frontend.whiteList.sourceRange`.                                              |
-| `traefik.<segment_name>.frontend.whiteList.useXForwardedFor=true`         | Overrides `traefik.frontend.whiteList.useXForwardedFor`.                                         |
+| Label                                                                     | Description                                                 |
+|---------------------------------------------------------------------------|-------------------------------------------------------------|
+| `traefik.<segment_name>.domain=DOMAIN`                                    | Same as `traefik.domain`                                    |
+| `traefik.<segment_name>.port=PORT`                                        | Same as `traefik.port`                                      |
+| `traefik.<segment_name>.protocol=http`                                    | Same as `traefik.protocol`                                  |
+| `traefik.<segment_name>.weight=10`                                        | Same as `traefik.weight`                                    |
+| `traefik.<segment_name>.frontend.auth.basic=EXPR`                         | Same as `traefik.frontend.auth.basic`                       |
+| `traefik.<segment_name>.frontend.backend=BACKEND`                         | Same as `traefik.frontend.backend`                          |
+| `traefik.<segment_name>.frontend.entryPoints=https`                       | Same as `traefik.frontend.entryPoints`                      |
+| `traefik.<segment_name>.frontend.errors.<name>.backend=NAME`              | Same as `traefik.frontend.errors.<name>.backend`            |
+| `traefik.<segment_name>.frontend.errors.<name>.query=PATH`                | Same as `traefik.frontend.errors.<name>.query`              |
+| `traefik.<segment_name>.frontend.errors.<name>.status=RANGE`              | Same as `traefik.frontend.errors.<name>.status`             |
+| `traefik.<segment_name>.frontend.passHostHeader=true`                     | Same as `traefik.frontend.passHostHeader`                   |
+| `traefik.<segment_name>.frontend.passTLSCert=true`                        | Same as `traefik.frontend.passTLSCert`                      |
+| `traefik.<segment_name>.frontend.priority=10`                             | Same as `traefik.frontend.priority`                         |
+| `traefik.<segment_name>.frontend.rateLimit.extractorFunc=EXP`             | Same as `traefik.frontend.rateLimit.extractorFunc`          |
+| `traefik.<segment_name>.frontend.rateLimit.rateSet.<name>.period=6`       | Same as `traefik.frontend.rateLimit.rateSet.<name>.period`  |
+| `traefik.<segment_name>.frontend.rateLimit.rateSet.<name>.average=6`      | Same as `traefik.frontend.rateLimit.rateSet.<name>.average` |
+| `traefik.<segment_name>.frontend.rateLimit.rateSet.<name>.burst=6`        | Same as `traefik.frontend.rateLimit.rateSet.<name>.burst`   |
+| `traefik.<segment_name>.frontend.redirect.entryPoint=https`               | Same as `traefik.frontend.redirect.entryPoint`              |
+| `traefik.<segment_name>.frontend.redirect.regex=^http://localhost/(.*)`   | Same as `traefik.frontend.redirect.regex`                   |
+| `traefik.<segment_name>.frontend.redirect.replacement=http://mydomain/$1` | Same as `traefik.frontend.redirect.replacement`             |
+| `traefik.<segment_name>.frontend.redirect.permanent=true`                 | Same as `traefik.frontend.redirect.permanent`               |
+| `traefik.<segment_name>.frontend.rule=EXP`                                | Same as `traefik.frontend.rule`                             |
+| `traefik.<segment_name>.frontend.whiteList.sourceRange=RANGE`             | Same as `traefik.frontend.whiteList.sourceRange`            |
+| `traefik.<segment_name>.frontend.whiteList.useXForwardedFor=true`         | Same as `traefik.frontend.whiteList.useXForwardedFor`       |

 #### Custom Headers

-| Label                                                                | Description                                                                                                                                                                         |
-|----------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| `traefik.<segment_name>.frontend.headers.customRequestHeaders=EXPR ` | Provides the container with custom request headers that will be appended to each request forwarded to the container.<br>Format: <code>HEADER:value&vert;&vert;HEADER2:value2</code> |
-| `traefik.<segment_name>.frontend.headers.customResponseHeaders=EXPR` | Appends the headers to each response returned by the container, before forwarding the response to the client.<br>Format: <code>HEADER:value&vert;&vert;HEADER2:value2</code>        |
+| Label                                                                | Description                                              |
+|----------------------------------------------------------------------|----------------------------------------------------------|
+| `traefik.<segment_name>.frontend.headers.customRequestHeaders=EXPR ` | Same as `traefik.frontend.headers.customRequestHeaders`  |
+| `traefik.<segment_name>.frontend.headers.customResponseHeaders=EXPR` | Same as `traefik.frontend.headers.customResponseHeaders` |

 #### Security Headers

-| Label                                                                   | Description                                                                                                                                                                                         |
-|-------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| `traefik.<segment_name>.frontend.headers.allowedHosts=EXPR`             | Provides a list of allowed hosts that requests will be processed.<br>Format: `Host1,Host2`                                                                                                          |
-| `traefik.<segment_name>.frontend.headers.hostsProxyHeaders=EXPR `       | Provides a list of headers that the proxied hostname may be stored.<br>Format: `HEADER1,HEADER2`                                                                                                    |
-| `traefik.<segment_name>.frontend.headers.SSLRedirect=true`              | Forces the frontend to redirect to SSL if a non-SSL request is sent.                                                                                                                                |
-| `traefik.<segment_name>.frontend.headers.SSLTemporaryRedirect=true`     | Forces the frontend to redirect to SSL if a non-SSL request is sent, but by sending a 302 instead of a 301.                                                                                         |
-| `traefik.<segment_name>.frontend.headers.SSLHost=HOST`                  | This setting configures the hostname that redirects will be based on. Default is "", which is the same host as the request.                                                                         |
-| `traefik.<segment_name>.frontend.headers.SSLProxyHeaders=EXPR`          | Header combinations that would signify a proper SSL Request (Such as `X-Forwarded-For:https`).<br>Format:  <code>HEADER:value&vert;&vert;HEADER2:value2</code>                                      |
-| `traefik.<segment_name>.frontend.headers.STSSeconds=315360000`          | Sets the max-age of the STS header.                                                                                                                                                                 |
-| `traefik.<segment_name>.frontend.headers.STSIncludeSubdomains=true`     | Adds the `IncludeSubdomains` section of the STS  header.                                                                                                                                            |
-| `traefik.<segment_name>.frontend.headers.STSPreload=true`               | Adds the preload flag to the STS  header.                                                                                                                                                           |
-| `traefik.<segment_name>.frontend.headers.forceSTSHeader=false`          | Adds the STS  header to non-SSL requests.                                                                                                                                                           |
-| `traefik.<segment_name>.frontend.headers.frameDeny=false`               | Adds the `X-Frame-Options` header with the value of `DENY`.                                                                                                                                         |
-| `traefik.<segment_name>.frontend.headers.customFrameOptionsValue=VALUE` | Overrides the `X-Frame-Options` header with the custom value.                                                                                                                                       |
-| `traefik.<segment_name>.frontend.headers.contentTypeNosniff=true`       | Adds the `X-Content-Type-Options` header with the value `nosniff`.                                                                                                                                  |
-| `traefik.<segment_name>.frontend.headers.browserXSSFilter=true`         | Adds the X-XSS-Protection header with the value `1; mode=block`.                                                                                                                                    |
-| `traefik.<segment_name>.frontend.headers.customBrowserXSSValue=VALUE`   | Set custom value for X-XSS-Protection header. This overrides the BrowserXssFilter option.                                                                                                           |
-| `traefik.<segment_name>.frontend.headers.contentSecurityPolicy=VALUE`   | Adds CSP Header with the custom value.                                                                                                                                                              |
-| `traefik.<segment_name>.frontend.headers.publicKey=VALUE`               | Adds pinned HTST public key header.                                                                                                                                                                 |
-| `traefik.<segment_name>.frontend.headers.referrerPolicy=VALUE`          | Adds referrer policy  header.                                                                                                                                                                       |
-| `traefik.<segment_name>.frontend.headers.isDevelopment=false`           | This will cause the `AllowedHosts`, `SSLRedirect`, and `STSSeconds`/`STSIncludeSubdomains` options to be ignored during development.<br>When deploying to production, be sure to set this to false. |
+| Label                                                                   | Description                                                  |
+|-------------------------------------------------------------------------|--------------------------------------------------------------|
+| `traefik.<segment_name>.frontend.headers.allowedHosts=EXPR`             | Same as `traefik.frontend.headers.allowedHosts`              |
+| `traefik.<segment_name>.frontend.headers.browserXSSFilter=true`         | Same as `traefik.frontend.headers.browserXSSFilter`          |
+| `traefik.<segment_name>.frontend.headers.contentSecurityPolicy=VALUE`   | Same as `traefik.frontend.headers.contentSecurityPolicy`     |
+| `traefik.<segment_name>.frontend.headers.contentTypeNosniff=true`       | Same as `traefik.frontend.headers.contentTypeNosniff`        |
+| `traefik.<segment_name>.frontend.headers.customBrowserXSSValue=VALUE`   | Same as `traefik.frontend.headers.customBrowserXSSValue`     |
+| `traefik.<segment_name>.frontend.headers.customFrameOptionsValue=VALUE` | Same as `traefik.frontend.headers.customFrameOptionsValue`   |
+| `traefik.<segment_name>.frontend.headers.forceSTSHeader=false`          | Same as `traefik.frontend.headers.forceSTSHeader`            |
+| `traefik.<segment_name>.frontend.headers.frameDeny=false`               | Same as `traefik.frontend.headers.frameDeny`                 |
+| `traefik.<segment_name>.frontend.headers.hostsProxyHeaders=EXPR`        | Same as `traefik.frontend.headers.hostsProxyHeaders`         |
+| `traefik.<segment_name>.frontend.headers.isDevelopment=false`           | Same as `traefik.frontend.headers.isDevelopment`             |
+| `traefik.<segment_name>.frontend.headers.publicKey=VALUE`               | Same as `traefik.frontend.headers.publicKey`                 |
+| `traefik.<segment_name>.frontend.headers.referrerPolicy=VALUE`          | Same as `traefik.frontend.headers.referrerPolicy`            |
+| `traefik.<segment_name>.frontend.headers.SSLRedirect=true`              | Same as `traefik.frontend.headers.SSLRedirect`               |
+| `traefik.<segment_name>.frontend.headers.SSLTemporaryRedirect=true`     | Same as `traefik.frontend.headers.SSLTemporaryRedirect`      |
+| `traefik.<segment_name>.frontend.headers.SSLHost=HOST`                  | Same as `traefik.frontend.headers.SSLHost`                   |
+| `traefik.<segment_name>.frontend.headers.SSLProxyHeaders=EXPR`          | Same as `traefik.frontend.headers.SSLProxyHeaders=EXPR`      |
+| `traefik.<segment_name>.frontend.headers.STSSeconds=315360000`          | Same as `traefik.frontend.headers.STSSeconds=315360000`      |
+| `traefik.<segment_name>.frontend.headers.STSIncludeSubdomains=true`     | Same as `traefik.frontend.headers.STSIncludeSubdomains=true` |
+| `traefik.<segment_name>.frontend.headers.STSPreload=true`               | Same as `traefik.frontend.headers.STSPreload=true`           |

 !!! note
    If a label is defined both as a `container label` and a `segment label` (for example `traefik.<segment_name>.port=PORT` and `traefik.port=PORT` ), the `segment label` is used to defined the `<segment_name>` property (`port` in the example).
--- a/docs/configuration/backends/dynamodb.md
+++ b/docs/configuration/backends/dynamodb.md
@@ -39,13 +39,13 @@ watch = true
 #
 refreshSeconds = 15

-# AccessKeyID to use when connecting to AWS.
+# Access Key ID to use when connecting to AWS.
 #
 # Optional
 #
 accessKeyID = "abc"

-# SecretAccessKey to use when connecting to AWS.
+# Secret Access Key to use when connecting to AWS.
 #
 # Optional
 #
--- a/docs/configuration/backends/ecs.md
+++ b/docs/configuration/backends/ecs.md
@@ -33,6 +33,7 @@ clusters = ["default"]
 watch = true

 # Default domain used.
+# Can be overridden by setting the "traefik.domain" label.
 #
 # Optional
 # Default: ""
@@ -66,13 +67,13 @@ exposedByDefault = false
 #
 region = "us-east-1"

-# AccessKeyID to use when connecting to AWS.
+# Access Key ID to use when connecting to AWS.
 #
 # Optional
 #
 accessKeyID = "abc"

-# SecretAccessKey to use when connecting to AWS.
+# Secret Access Key to use when connecting to AWS.
 #
 # Optional
 #
@@ -84,9 +85,18 @@ secretAccessKey = "123"
 # Optional
 #
 # filename = "ecs.tmpl"
+
+# Override template version
+# For advanced users :)
+#
+# Optional
+# - "1": previous template version (must be used only with older custom templates, see "filename")
+# - "2": current template version (must be used to force template version when "filename" is used)
+#
+# templateVersion = 2
 ```

-If `AccessKeyID`/`SecretAccessKey` is not given credentials will be resolved in the following order:
+If `accessKeyID`/`secretAccessKey` is not given credentials will be resolved in the following order:

 - From environment variables; `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, and `AWS_SESSION_TOKEN`.
 - Shared credentials, determined by `AWS_PROFILE` and `AWS_SHARED_CREDENTIALS_FILE`, defaults to `default` and `~/.aws/credentials`.
@@ -126,6 +136,7 @@ Labels can be used on task containers to override default behaviour:

 | Label                                                      | Description                                                                                                                                                                                                            |
 |------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| `traefik.domain`                                           | Default domain used for frontend rules.                                                                                                                                                                                |
 | `traefik.enable=false`                                     | Disable this container in Træfik                                                                                                                                                                                       |
 | `traefik.port=80`                                          | Override the default `port` value. Overrides `NetworkBindings` from Docker Container                                                                                                                                   |
 | `traefik.protocol=https`                                   | Override the default `http` protocol                                                                                                                                                                                   |
@@ -178,7 +189,17 @@ Labels can be used on task containers to override default behaviour:
 | Label                                                    | Description                                                                                                                                                                                         |
 |----------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
 | `traefik.frontend.headers.allowedHosts=EXPR`             | Provides a list of allowed hosts that requests will be processed.<br>Format: `Host1,Host2`                                                                                                          |
+| `traefik.frontend.headers.browserXSSFilter=true`         | Adds the X-XSS-Protection header with the value `1; mode=block`.                                                                                                                                    |
+| `traefik.frontend.headers.contentSecurityPolicy=VALUE`   | Adds CSP Header with the custom value.                                                                                                                                                              |
+| `traefik.frontend.headers.contentTypeNosniff=true`       | Adds the `X-Content-Type-Options` header with the value `nosniff`.                                                                                                                                  |
+| `traefik.frontend.headers.customBrowserXSSValue=VALUE`   | Set custom value for X-XSS-Protection header. This overrides the BrowserXssFilter option.                                                                                                           |
+| `traefik.frontend.headers.customFrameOptionsValue=VALUE` | Overrides the `X-Frame-Options` header with the custom value.                                                                                                                                       |
+| `traefik.frontend.headers.forceSTSHeader=false`          | Adds the STS  header to non-SSL requests.                                                                                                                                                           |
+| `traefik.frontend.headers.frameDeny=false`               | Adds the `X-Frame-Options` header with the value of `DENY`.                                                                                                                                         |
 | `traefik.frontend.headers.hostsProxyHeaders=EXPR `       | Provides a list of headers that the proxied hostname may be stored.<br>Format: `HEADER1,HEADER2`                                                                                                    |
+| `traefik.frontend.headers.publicKey=VALUE`               | Adds pinned HTST public key header.                                                                                                                                                                 |
+| `traefik.frontend.headers.referrerPolicy=VALUE`          | Adds referrer policy  header.                                                                                                                                                                       |
+| `traefik.frontend.headers.isDevelopment=false`           | This will cause the `AllowedHosts`, `SSLRedirect`, and `STSSeconds`/`STSIncludeSubdomains` options to be ignored during development.<br>When deploying to production, be sure to set this to false. |
 | `traefik.frontend.headers.SSLRedirect=true`              | Forces the frontend to redirect to SSL if a non-SSL request is sent.                                                                                                                                |
 | `traefik.frontend.headers.SSLTemporaryRedirect=true`     | Forces the frontend to redirect to SSL if a non-SSL request is sent, but by sending a 302 instead of a 301.                                                                                         |
 | `traefik.frontend.headers.SSLHost=HOST`                  | This setting configures the hostname that redirects will be based on. Default is "", which is the same host as the request.                                                                         |
@@ -186,13 +207,3 @@ Labels can be used on task containers to override default behaviour:
 | `traefik.frontend.headers.STSSeconds=315360000`          | Sets the max-age of the STS header.                                                                                                                                                                 |
 | `traefik.frontend.headers.STSIncludeSubdomains=true`     | Adds the `IncludeSubdomains` section of the STS  header.                                                                                                                                            |
 | `traefik.frontend.headers.STSPreload=true`               | Adds the preload flag to the STS  header.                                                                                                                                                           |
-| `traefik.frontend.headers.forceSTSHeader=false`          | Adds the STS  header to non-SSL requests.                                                                                                                                                           |
-| `traefik.frontend.headers.frameDeny=false`               | Adds the `X-Frame-Options` header with the value of `DENY`.                                                                                                                                         |
-| `traefik.frontend.headers.customFrameOptionsValue=VALUE` | Overrides the `X-Frame-Options` header with the custom value.                                                                                                                                       |
-| `traefik.frontend.headers.contentTypeNosniff=true`       | Adds the `X-Content-Type-Options` header with the value `nosniff`.                                                                                                                                  |
-| `traefik.frontend.headers.browserXSSFilter=true`         | Adds the X-XSS-Protection header with the value `1; mode=block`.                                                                                                                                    |
-| `traefik.frontend.headers.customBrowserXSSValue=VALUE`   | Set custom value for X-XSS-Protection header. This overrides the BrowserXssFilter option.                                                                                                           |
-| `traefik.frontend.headers.contentSecurityPolicy=VALUE`   | Adds CSP Header with the custom value.                                                                                                                                                              |
-| `traefik.frontend.headers.publicKey=VALUE`               | Adds pinned HTST public key header.                                                                                                                                                                 |
-| `traefik.frontend.headers.referrerPolicy=VALUE`          | Adds referrer policy  header.                                                                                                                                                                       |
-| `traefik.frontend.headers.isDevelopment=false`           | This will cause the `AllowedHosts`, `SSLRedirect`, and `STSSeconds`/`STSIncludeSubdomains` options to be ignored during development.<br>When deploying to production, be sure to set this to false. |
--- a/docs/configuration/backends/etcd.md
+++ b/docs/configuration/backends/etcd.md
@@ -63,7 +63,7 @@ useAPIV3 = true
 #    ca = "/etc/ssl/ca.crt"
 #    cert = "/etc/ssl/etcd.crt"
 #    key = "/etc/ssl/etcd.key"
-#    insecureskipverify = true
+#    insecureSkipVerify = true
 ```

 To enable constraints see [backend-specific constraints section](/configuration/commons/#backend-specific).
--- a/docs/configuration/backends/file.md
+++ b/docs/configuration/backends/file.md
@@ -140,19 +140,20 @@ Træfik can be configured with a file.
  # ...
 ```

-## Configuration mode
+## Configuration Mode

-You have three choices:
+You have two choices:

- [Simple](/configuration/backends/file/#simple)
- [Rules in a Separate File](/configuration/backends/file/#rules-in-a-separate-file)
- [Multiple `.toml` Files](/configuration/backends/file/#multiple-toml-files)
+- [Rules in Træfik configuration file](/configuration/backends/file/#rules-in-trfik-configuration-file)
+- [Rules in dedicated files](/configuration/backends/file/#rules-in-dedicated-files)

 To enable the file backend, you must either pass the `--file` option to the Træfik binary or put the `[file]` section (with or without inner settings) in the configuration file.

 The configuration file allows managing both backends/frontends and HTTPS certificates (which are not [Let's Encrypt](https://letsencrypt.org) certificates generated through Træfik).

-### Simple
+TOML templating can be used if rules are not defined in the Træfik configuration file.
+
+### Rules in Træfik Configuration File

 Add your configuration at the end of the global configuration file `traefik.toml`:

@@ -197,9 +198,16 @@ defaultEntryPoints = ["http", "https"]
    Adding certificates directly to the entryPoint is still maintained but certificates declared in this way cannot be managed dynamically.
    It's recommended to use the file provider to declare certificates.

-### Rules in a Separate File
+!!! warning
+    TOML templating cannot be used if rules are defined in the Træfik configuration file.

-Put your rules in a separate file, for example `rules.toml`:
+### Rules in Dedicated Files
+
+Træfik allows defining rules in one or more separate files.
+
+#### One Separate File
+
+You have to specify the file path in the `file.filename` option.

 ```toml
 # traefik.toml
@@ -213,8 +221,31 @@ defaultEntryPoints = ["http", "https"]

 [file]
  filename = "rules.toml"
+  watch = true
 ```

+The option `file.watch` allows Træfik to watch file changes automatically.
+
+#### Multiple Separated Files
+
+You could have multiple `.toml` files in a directory (and recursively in its sub-directories):
+
+```toml
+[file]
+  directory = "/path/to/config/"
+  watch = true
+```
+
+The option `file.watch` allows Træfik to watch file changes automatically.
+
+#### Separate Files Content
+
+If you are defining rules in one or more separate files, you can use two formats.
+
+##### Simple Format
+
+Backends, Frontends and TLS certificates are defined one at time, as described in the file `rules.toml`:
+
 ```toml
 # rules.toml
 [backends]
@@ -239,18 +270,34 @@ defaultEntryPoints = ["http", "https"]
  # ...
 ```

-### Multiple `.toml` Files
+##### TOML Templating

-You could have multiple `.toml` files in a directory (and recursively in its sub-directories):
+!!! warning
+    TOML templating can only be used **if rules are defined in one or more separate files**.
+    Templating will not work in the Træfik configuration file.
+
+Træfik allows using TOML templating.
+
+Thus, it's possible to define easily lot of Backends, Frontends and TLS certificates as described in the file `template-rules.toml` :

 ```toml
-[file]
-  directory = "/path/to/config/"
-```
+# template-rules.toml
+[backends]
+{{ range $i, $e := until 100 }}
+  [backends.backend{{ $e }}]
+    #...
+{{ end }}

-If you want Træfik to watch file changes automatically, just add:
+[frontends]
+{{ range $i, $e := until 100 }}
+  [frontends.frontend{{ $e }}]
+    #...
+{{ end }}

-```toml
-[file]
-  watch = true
+
+# HTTPS certificate
+{{ range $i, $e := until 100 }}
+[[tls]]
+    #...
+{{ end }}
 ```
--- a/docs/configuration/backends/kubernetes.md
+++ b/docs/configuration/backends/kubernetes.md
@@ -114,7 +114,7 @@ If the service port defined in the ingress spec is 443, then the backend communi
 !!! note
    Please note that by enabling TLS communication between traefik and your pods, you will have to have trusted certificates that have the proper trust chain and IP subject name. 
    If this is not an option, you may need to skip TLS certificate verification.
-    See the [InsecureSkipVerify](/configuration/commons/#main-section) setting for more details.
+    See the [insecureSkipVerify](/configuration/commons/#main-section) setting for more details.

 ## Annotations

@@ -218,28 +218,28 @@ The following security annotations are applicable on the Ingress object:
 |                        Annotation                         |                                                                                             Description                                                                                             |
 | ----------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
 | `ingress.kubernetes.io/allowed-hosts: EXPR`               | Provides a list of allowed hosts that requests will be processed. Format: `Host1,Host2`                                                                                                             |
+| `ingress.kubernetes.io/browser-xss-filter: "true"`        | Adds the X-XSS-Protection header with the value `1; mode=block`.                                                                                                                                    |
+| `ingress.kubernetes.io/content-security-policy: VALUE`    | Adds CSP Header with the custom value.                                                                                                                                                              |
+| `ingress.kubernetes.io/content-type-nosniff: "true"`      | Adds the `X-Content-Type-Options` header with the value `nosniff`.                                                                                                                                  |
+| `ingress.kubernetes.io/custom-browser-xss-value: VALUE`   | Set custom value for X-XSS-Protection header. This overrides the BrowserXssFilter option.                                                                                                           |
+| `ingress.kubernetes.io/custom-frame-options-value: VALUE` | Overrides the `X-Frame-Options` header with the custom value.                                                                                                                                       |
+| `ingress.kubernetes.io/force-hsts: "false"`               | Adds the STS  header to non-SSL requests.                                                                                                                                                           |
+| `ingress.kubernetes.io/frame-deny: "false"`               | Adds the `X-Frame-Options` header with the value of `DENY`.                                                                                                                                         |
+| `ingress.kubernetes.io/hsts-max-age: "315360000"`         | Sets the max-age of the HSTS header.                                                                                                                                                                |
+| `ingress.kubernetes.io/hsts-include-subdomains: "true"`   | Adds the IncludeSubdomains section of the STS  header.                                                                                                                                              |
+| `ingress.kubernetes.io/hsts-preload: "true"`              | Adds the preload flag to the HSTS  header.                                                                                                                                                          |
+| `ingress.kubernetes.io/is-development: "false"`           | This will cause the `AllowedHosts`, `SSLRedirect`, and `STSSeconds`/`STSIncludeSubdomains` options to be ignored during development.<br>When deploying to production, be sure to set this to false. |
 | `ingress.kubernetes.io/proxy-headers: EXPR`               | Provides a list of headers that the proxied hostname may be stored. Format:  `HEADER1,HEADER2`                                                                                                      |
+| `ingress.kubernetes.io/public-key: VALUE`                 | Adds pinned HTST public key header.                                                                                                                                                                 |
+| `ingress.kubernetes.io/referrer-policy: VALUE`            | Adds referrer policy  header.                                                                                                                                                                       |
 | `ingress.kubernetes.io/ssl-redirect: "true"`              | Forces the frontend to redirect to SSL if a non-SSL request is sent.                                                                                                                                |
 | `ingress.kubernetes.io/ssl-temporary-redirect: "true"`    | Forces the frontend to redirect to SSL if a non-SSL request is sent, but by sending a 302 instead of a 301.                                                                                         |
 | `ingress.kubernetes.io/ssl-host: HOST`                    | This setting configures the hostname that redirects will be based on. Default is "", which is the same host as the request.                                                                         |
 | `ingress.kubernetes.io/ssl-proxy-headers: EXPR`           | Header combinations that would signify a proper SSL Request (Such as `X-Forwarded-For:https`). Format: <code>HEADER:value&vert;&vert;HEADER2:value2</code>                                          |
-| `ingress.kubernetes.io/hsts-max-age: "315360000"`         | Sets the max-age of the HSTS header.                                                                                                                                                                |
-| `ingress.kubernetes.io/hsts-include-subdomains: "true"`   | Adds the IncludeSubdomains section of the STS  header.                                                                                                                                              |
-| `ingress.kubernetes.io/hsts-preload: "true"`              | Adds the preload flag to the HSTS  header.                                                                                                                                                          |
-| `ingress.kubernetes.io/force-hsts: "false"`               | Adds the STS  header to non-SSL requests.                                                                                                                                                           |
-| `ingress.kubernetes.io/frame-deny: "false"`               | Adds the `X-Frame-Options` header with the value of `DENY`.                                                                                                                                         |
-| `ingress.kubernetes.io/custom-frame-options-value: VALUE` | Overrides the `X-Frame-Options` header with the custom value.                                                                                                                                       |
-| `ingress.kubernetes.io/content-type-nosniff: "true"`      | Adds the `X-Content-Type-Options` header with the value `nosniff`.                                                                                                                                  |
-| `ingress.kubernetes.io/browser-xss-filter: "true"`        | Adds the X-XSS-Protection header with the value `1; mode=block`.                                                                                                                                    |
-| `ingress.kubernetes.io/custom-browser-xss-value: VALUE`   | Set custom value for X-XSS-Protection header. This overrides the BrowserXssFilter option.                                                                                                           |
-| `ingress.kubernetes.io/content-security-policy: VALUE`    | Adds CSP Header with the custom value.                                                                                                                                                              |
-| `ingress.kubernetes.io/public-key: VALUE`                 | Adds pinned HTST public key header.                                                                                                                                                                 |
-| `ingress.kubernetes.io/referrer-policy: VALUE`            | Adds referrer policy  header.                                                                                                                                                                       |
-| `ingress.kubernetes.io/is-development: "false"`           | This will cause the `AllowedHosts`, `SSLRedirect`, and `STSSeconds`/`STSIncludeSubdomains` options to be ignored during development.<br>When deploying to production, be sure to set this to false. |

 ### Authentication

-Is possible to add additional authentication annotations to the Ingress object.
+Additional authentication annotations can be added to the Ingress object.
 The source of the authentication is a Secret object that contains the credentials.

 | Annotation                                    | Description                                                                                                 |
@@ -253,3 +253,12 @@ The following limitations hold:

 - The realm is not configurable; the only supported (and default) value is `traefik`.
 - The Secret must contain a single file only.
+
+### TLS certificates management
+
+TLS certificates can be managed in Secrets objects.
+More information are available in the  [User Guide](/user-guide/kubernetes/#add-a-tls-certificate-to-the-ingress).
+
+!!! note
+    Only TLS certificates provided by users can be stored in Kubernetes Secrets.
+    [Let's Encrypt](https://letsencrypt.org) certificates cannot be managed in Kubernets Secrets yet. 
--- a/docs/configuration/backends/marathon.md
+++ b/docs/configuration/backends/marathon.md
@@ -52,7 +52,7 @@ domain = "marathon.localhost"
 # - "1": previous template version (must be used only with older custom templates, see "filename")
 # - "2": current template version (must be used to force template version when "filename" is used)
 #
-# templateVersion = "2"
+# templateVersion = 2

 # Expose Marathon apps by default in Traefik.
 #
@@ -103,7 +103,7 @@ domain = "marathon.localhost"
 #    CA = "/etc/ssl/ca.crt"
 #    Cert = "/etc/ssl/marathon.cert"
 #    Key = "/etc/ssl/marathon.key"
-#    InsecureSkipVerify = true
+#    insecureSkipVerify = true

 # DCOSToken for DCOS environment.
 # This will override the Authorization header.
@@ -171,6 +171,7 @@ The following labels can be defined on Marathon applications. They adjust the be

 | Label                                                      | Description                                                                                                                                                                                                            |
 |------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| `traefik.domain`                                           | Default domain used for frontend rules.                                                                                                                                                                                |
 | `traefik.enable=false`                                     | Disable this container in Træfik                                                                                                                                                                                       |
 | `traefik.port=80`                                          | Register this port. Useful when the container exposes multiples ports.                                                                                                                                                 |
 | `traefik.portIndex=1`                                      | Register port by index in the application's ports array. Useful when the application exposes multiple ports.                                                                                                           |
@@ -225,7 +226,17 @@ The following labels can be defined on Marathon applications. They adjust the be
 | Label                                                    | Description                                                                                                                                                                                         |
 |----------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
 | `traefik.frontend.headers.allowedHosts=EXPR`             | Provides a list of allowed hosts that requests will be processed.<br>Format: `Host1,Host2`                                                                                                          |
+| `traefik.frontend.headers.browserXSSFilter=true`         | Adds the X-XSS-Protection header with the value `1; mode=block`.                                                                                                                                    |
+| `traefik.frontend.headers.contentSecurityPolicy=VALUE`   | Adds CSP Header with the custom value.                                                                                                                                                              |
+| `traefik.frontend.headers.contentTypeNosniff=true`       | Adds the `X-Content-Type-Options` header with the value `nosniff`.                                                                                                                                  |
+| `traefik.frontend.headers.customBrowserXSSValue=VALUE`   | Set custom value for X-XSS-Protection header. This overrides the BrowserXssFilter option.                                                                                                           |
+| `traefik.frontend.headers.customFrameOptionsValue=VALUE` | Overrides the `X-Frame-Options` header with the custom value.                                                                                                                                       |
+| `traefik.frontend.headers.forceSTSHeader=false`          | Adds the STS  header to non-SSL requests.                                                                                                                                                           |
+| `traefik.frontend.headers.frameDeny=false`               | Adds the `X-Frame-Options` header with the value of `DENY`.                                                                                                                                         |
 | `traefik.frontend.headers.hostsProxyHeaders=EXPR `       | Provides a list of headers that the proxied hostname may be stored.<br>Format: `HEADER1,HEADER2`                                                                                                    |
+| `traefik.frontend.headers.isDevelopment=false`           | This will cause the `AllowedHosts`, `SSLRedirect`, and `STSSeconds`/`STSIncludeSubdomains` options to be ignored during development.<br>When deploying to production, be sure to set this to false. |
+| `traefik.frontend.headers.publicKey=VALUE`               | Adds pinned HTST public key header.                                                                                                                                                                 |
+| `traefik.frontend.headers.referrerPolicy=VALUE`          | Adds referrer policy  header.                                                                                                                                                                       |
 | `traefik.frontend.headers.SSLRedirect=true`              | Forces the frontend to redirect to SSL if a non-SSL request is sent.                                                                                                                                |
 | `traefik.frontend.headers.SSLTemporaryRedirect=true`     | Forces the frontend to redirect to SSL if a non-SSL request is sent, but by sending a 302 instead of a 301.                                                                                         |
 | `traefik.frontend.headers.SSLHost=HOST`                  | This setting configures the hostname that redirects will be based on. Default is "", which is the same host as the request.                                                                         |
@@ -233,16 +244,6 @@ The following labels can be defined on Marathon applications. They adjust the be
 | `traefik.frontend.headers.STSSeconds=315360000`          | Sets the max-age of the STS header.                                                                                                                                                                 |
 | `traefik.frontend.headers.STSIncludeSubdomains=true`     | Adds the `IncludeSubdomains` section of the STS  header.                                                                                                                                            |
 | `traefik.frontend.headers.STSPreload=true`               | Adds the preload flag to the STS  header.                                                                                                                                                           |
-| `traefik.frontend.headers.forceSTSHeader=false`          | Adds the STS  header to non-SSL requests.                                                                                                                                                           |
-| `traefik.frontend.headers.frameDeny=false`               | Adds the `X-Frame-Options` header with the value of `DENY`.                                                                                                                                         |
-| `traefik.frontend.headers.customFrameOptionsValue=VALUE` | Overrides the `X-Frame-Options` header with the custom value.                                                                                                                                       |
-| `traefik.frontend.headers.contentTypeNosniff=true`       | Adds the `X-Content-Type-Options` header with the value `nosniff`.                                                                                                                                  |
-| `traefik.frontend.headers.browserXSSFilter=true`         | Adds the X-XSS-Protection header with the value `1; mode=block`.                                                                                                                                    |
-| `traefik.frontend.headers.customBrowserXSSValue=VALUE`   | Set custom value for X-XSS-Protection header. This overrides the BrowserXssFilter option.                                                                                                           |
-| `traefik.frontend.headers.contentSecurityPolicy=VALUE`   | Adds CSP Header with the custom value.                                                                                                                                                              |
-| `traefik.frontend.headers.publicKey=VALUE`               | Adds pinned HTST public key header.                                                                                                                                                                 |
-| `traefik.frontend.headers.referrerPolicy=VALUE`          | Adds referrer policy  header.                                                                                                                                                                       |
-| `traefik.frontend.headers.isDevelopment=false`           | This will cause the `AllowedHosts`, `SSLRedirect`, and `STSSeconds`/`STSIncludeSubdomains` options to be ignored during development.<br>When deploying to production, be sure to set this to false. |

 ### Applications with Multiple Ports (segment labels)

@@ -252,61 +253,61 @@ You can define as many segments as ports exposed in an application.

 Segment labels override the default behavior.

-| Label                                                                     | Description                                                                                          |
-|---------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------|
-| `traefik.<segment_name>.portIndex=1`                                      | Create a service binding with frontend/backend using this port index. Overrides `traefik.portIndex`. |
-| `traefik.<segment_name>.port=PORT`                                        | Overrides `traefik.port`. If several ports need to be exposed, the service labels could be used.     |
-| `traefik.<segment_name>.protocol=http`                                    | Overrides `traefik.protocol`.                                                                        |
-| `traefik.<segment_name>.weight=10`                                        | Assign this service weight. Overrides `traefik.weight`.                                              |
-| `traefik.<segment_name>.frontend.auth.basic=EXPR`                         | Sets a Basic Auth for that frontend                                                                  |
-| `traefik.<segment_name>.frontend.backend=BACKEND`                         | Assign this service frontend to `BACKEND`. Default is to assign to the service backend.              |
-| `traefik.<segment_name>.frontend.entryPoints=https`                       | Overrides `traefik.frontend.entrypoints`                                                             |
-| `traefik.<segment_name>.frontend.errors.<name>.backend=NAME`              | See [custom error pages](/configuration/commons/#custom-error-pages) section.                        |
-| `traefik.<segment_name>.frontend.errors.<name>.query=PATH`                | See [custom error pages](/configuration/commons/#custom-error-pages) section.                        |
-| `traefik.<segment_name>.frontend.errors.<name>.status=RANGE`              | See [custom error pages](/configuration/commons/#custom-error-pages) section.                        |
-| `traefik.<segment_name>.frontend.passHostHeader=true`                     | Overrides `traefik.frontend.passHostHeader`.                                                         |
-| `traefik.<segment_name>.frontend.passTLSCert=true`                        | Overrides `traefik.frontend.passTLSCert`.                                                            |
-| `traefik.<segment_name>.frontend.priority=10`                             | Overrides `traefik.frontend.priority`.                                                               |
-| `traefik.<segment_name>.frontend.rateLimit.extractorFunc=EXP`             | See [rate limiting](/configuration/commons/#rate-limiting) section.                                  |
-| `traefik.<segment_name>.frontend.rateLimit.rateSet.<name>.period=6`       | See [rate limiting](/configuration/commons/#rate-limiting) section.                                  |
-| `traefik.<segment_name>.frontend.rateLimit.rateSet.<name>.average=6`      | See [rate limiting](/configuration/commons/#rate-limiting) section.                                  |
-| `traefik.<segment_name>.frontend.rateLimit.rateSet.<name>.burst=6`        | See [rate limiting](/configuration/commons/#rate-limiting) section.                                  |
-| `traefik.<segment_name>.frontend.redirect.entryPoint=https`               | Overrides `traefik.frontend.redirect.entryPoint`.                                                    |
-| `traefik.<segment_name>.frontend.redirect.regex=^http://localhost/(.*)`   | Overrides `traefik.frontend.redirect.regex`.                                                         |
-| `traefik.<segment_name>.frontend.redirect.replacement=http://mydomain/$1` | Overrides `traefik.frontend.redirect.replacement`.                                                   |
-| `traefik.<segment_name>.frontend.redirect.permanent=true`                 | Return 301 instead of 302.                                                                           |
-| `traefik.<segment_name>.frontend.rule=EXP`                                | Overrides `traefik.frontend.rule`. Default: `{service_name}.{sub_domain}.{domain}`                   |
-| `traefik.<segment_name>.frontend.whitelistSourceRange=RANGE`              | Overrides `traefik.frontend.whitelistSourceRange`.                                                   |
-| `traefik.<segment_name>.frontend.whiteList.sourceRange=RANGE`             | Overrides `traefik.frontend.whiteList.sourceRange`.                                                  |
-| `traefik.<segment_name>.frontend.whiteList.useXForwardedFor=true`         | Use `X-Forwarded-For` header as valid source of IP for the white list.                               |
+| Label                                                                     | Description                                                 |
+|---------------------------------------------------------------------------|-------------------------------------------------------------|
+| `traefik.<segment_name>.domain=DOMAIN`                                    | Same as `traefik.domain`                                    |
+| `traefik.<segment_name>.portIndex=1`                                      | Same as `traefik.portIndex`                                 |
+| `traefik.<segment_name>.port=PORT`                                        | Same as `traefik.port`                                      |
+| `traefik.<segment_name>.protocol=http`                                    | Same as `traefik.protocol`                                  |
+| `traefik.<segment_name>.weight=10`                                        | Same as `traefik.weight`                                    |
+| `traefik.<segment_name>.frontend.auth.basic=EXPR`                         | Same as `traefik.frontend.auth.basic`                       |
+| `traefik.<segment_name>.frontend.backend=BACKEND`                         | Same as `traefik.frontend.backend`                          |
+| `traefik.<segment_name>.frontend.entryPoints=https`                       | Same as `traefik.frontend.entryPoints`                      |
+| `traefik.<segment_name>.frontend.errors.<name>.backend=NAME`              | Same as `traefik.frontend.errors.<name>.backend`            |
+| `traefik.<segment_name>.frontend.errors.<name>.query=PATH`                | Same as `traefik.frontend.errors.<name>.query`              |
+| `traefik.<segment_name>.frontend.errors.<name>.status=RANGE`              | Same as `traefik.frontend.errors.<name>.status`             |
+| `traefik.<segment_name>.frontend.passHostHeader=true`                     | Same as `traefik.frontend.passHostHeader`                   |
+| `traefik.<segment_name>.frontend.passTLSCert=true`                        | Same as `traefik.frontend.passTLSCert`                      |
+| `traefik.<segment_name>.frontend.priority=10`                             | Same as `traefik.frontend.priority`                         |
+| `traefik.<segment_name>.frontend.rateLimit.extractorFunc=EXP`             | Same as `traefik.frontend.rateLimit.extractorFunc`          |
+| `traefik.<segment_name>.frontend.rateLimit.rateSet.<name>.period=6`       | Same as `traefik.frontend.rateLimit.rateSet.<name>.period`  |
+| `traefik.<segment_name>.frontend.rateLimit.rateSet.<name>.average=6`      | Same as `traefik.frontend.rateLimit.rateSet.<name>.average` |
+| `traefik.<segment_name>.frontend.rateLimit.rateSet.<name>.burst=6`        | Same as `traefik.frontend.rateLimit.rateSet.<name>.burst`   |
+| `traefik.<segment_name>.frontend.redirect.entryPoint=https`               | Same as `traefik.frontend.redirect.entryPoint`              |
+| `traefik.<segment_name>.frontend.redirect.regex=^http://localhost/(.*)`   | Same as `traefik.frontend.redirect.regex`                   |
+| `traefik.<segment_name>.frontend.redirect.replacement=http://mydomain/$1` | Same as `traefik.frontend.redirect.replacement`             |
+| `traefik.<segment_name>.frontend.redirect.permanent=true`                 | Same as `traefik.frontend.redirect.permanent`               |
+| `traefik.<segment_name>.frontend.rule=EXP`                                | Same as `traefik.frontend.rule`                             |
+| `traefik.<segment_name>.frontend.whiteList.sourceRange=RANGE`             | Same as `traefik.frontend.whiteList.sourceRange`            |
+| `traefik.<segment_name>.frontend.whiteList.useXForwardedFor=true`         | Same as `traefik.frontend.whiteList.useXForwardedFor`       |

 #### Custom Headers

-| Label                                                                | Description                                                                                                                                                                         |
-|----------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| `traefik.<segment_name>.frontend.headers.customRequestHeaders=EXPR ` | Provides the container with custom request headers that will be appended to each request forwarded to the container.<br>Format: <code>HEADER:value&vert;&vert;HEADER2:value2</code> |
-| `traefik.<segment_name>.frontend.headers.customResponseHeaders=EXPR` | Appends the headers to each response returned by the container, before forwarding the response to the client.<br>Format: <code>HEADER:value&vert;&vert;HEADER2:value2</code>        |
+| Label                                                                | Description                                              |
+|----------------------------------------------------------------------|----------------------------------------------------------|
+| `traefik.<segment_name>.frontend.headers.customRequestHeaders=EXPR ` | Same as `traefik.frontend.headers.customRequestHeaders`  |
+| `traefik.<segment_name>.frontend.headers.customResponseHeaders=EXPR` | Same as `traefik.frontend.headers.customResponseHeaders` |

 #### Security Headers

-| Label                                                                   | Description                                                                                                                                                                                         |
-|-------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| `traefik.<segment_name>.frontend.headers.allowedHosts=EXPR`             | Provides a list of allowed hosts that requests will be processed.<br>Format: `Host1,Host2`                                                                                                          |
-| `traefik.<segment_name>.frontend.headers.hostsProxyHeaders=EXPR `       | Provides a list of headers that the proxied hostname may be stored.<br>Format: `HEADER1,HEADER2`                                                                                                    |
-| `traefik.<segment_name>.frontend.headers.SSLRedirect=true`              | Forces the frontend to redirect to SSL if a non-SSL request is sent.                                                                                                                                |
-| `traefik.<segment_name>.frontend.headers.SSLTemporaryRedirect=true`     | Forces the frontend to redirect to SSL if a non-SSL request is sent, but by sending a 302 instead of a 301.                                                                                         |
-| `traefik.<segment_name>.frontend.headers.SSLHost=HOST`                  | This setting configures the hostname that redirects will be based on. Default is "", which is the same host as the request.                                                                         |
-| `traefik.<segment_name>.frontend.headers.SSLProxyHeaders=EXPR`          | Header combinations that would signify a proper SSL Request (Such as `X-Forwarded-For:https`).<br>Format:  <code>HEADER:value&vert;&vert;HEADER2:value2</code>                                      |
-| `traefik.<segment_name>.frontend.headers.STSSeconds=315360000`          | Sets the max-age of the STS header.                                                                                                                                                                 |
-| `traefik.<segment_name>.frontend.headers.STSIncludeSubdomains=true`     | Adds the `IncludeSubdomains` section of the STS  header.                                                                                                                                            |
-| `traefik.<segment_name>.frontend.headers.STSPreload=true`               | Adds the preload flag to the STS  header.                                                                                                                                                           |
-| `traefik.<segment_name>.frontend.headers.forceSTSHeader=false`          | Adds the STS  header to non-SSL requests.                                                                                                                                                           |
-| `traefik.<segment_name>.frontend.headers.frameDeny=false`               | Adds the `X-Frame-Options` header with the value of `DENY`.                                                                                                                                         |
-| `traefik.<segment_name>.frontend.headers.customFrameOptionsValue=VALUE` | Overrides the `X-Frame-Options` header with the custom value.                                                                                                                                       |
-| `traefik.<segment_name>.frontend.headers.contentTypeNosniff=true`       | Adds the `X-Content-Type-Options` header with the value `nosniff`.                                                                                                                                  |
-| `traefik.<segment_name>.frontend.headers.browserXSSFilter=true`         | Adds the X-XSS-Protection header with the value `1; mode=block`.                                                                                                                                    |
-| `traefik.<segment_name>.frontend.headers.customBrowserXSSValue=VALUE`   | Set custom value for X-XSS-Protection header. This overrides the BrowserXssFilter option.                                                                                                           |
-| `traefik.<segment_name>.frontend.headers.contentSecurityPolicy=VALUE`   | Adds CSP Header with the custom value.                                                                                                                                                              |
-| `traefik.<segment_name>.frontend.headers.publicKey=VALUE`               | Adds pinned HTST public key header.                                                                                                                                                                 |
-| `traefik.<segment_name>.frontend.headers.referrerPolicy=VALUE`          | Adds referrer policy  header.                                                                                                                                                                       |
-| `traefik.<segment_name>.frontend.headers.isDevelopment=false`           | This will cause the `AllowedHosts`, `SSLRedirect`, and `STSSeconds`/`STSIncludeSubdomains` options to be ignored during development.<br>When deploying to production, be sure to set this to false. |
+| Label                                                                   | Description                                                  |
+|-------------------------------------------------------------------------|--------------------------------------------------------------|
+| `traefik.<segment_name>.frontend.headers.allowedHosts=EXPR`             | Same as `traefik.frontend.headers.allowedHosts`              |
+| `traefik.<segment_name>.frontend.headers.browserXSSFilter=true`         | Same as `traefik.frontend.headers.browserXSSFilter`          |
+| `traefik.<segment_name>.frontend.headers.contentSecurityPolicy=VALUE`   | Same as `traefik.frontend.headers.contentSecurityPolicy`     |
+| `traefik.<segment_name>.frontend.headers.contentTypeNosniff=true`       | Same as `traefik.frontend.headers.contentTypeNosniff`        |
+| `traefik.<segment_name>.frontend.headers.customBrowserXSSValue=VALUE`   | Same as `traefik.frontend.headers.customBrowserXSSValue`     |
+| `traefik.<segment_name>.frontend.headers.customFrameOptionsValue=VALUE` | Same as `traefik.frontend.headers.customFrameOptionsValue`   |
+| `traefik.<segment_name>.frontend.headers.forceSTSHeader=false`          | Same as `traefik.frontend.headers.forceSTSHeader`            |
+| `traefik.<segment_name>.frontend.headers.frameDeny=false`               | Same as `traefik.frontend.headers.frameDeny`                 |
+| `traefik.<segment_name>.frontend.headers.hostsProxyHeaders=EXPR`        | Same as `traefik.frontend.headers.hostsProxyHeaders`         |
+| `traefik.<segment_name>.frontend.headers.isDevelopment=false`           | Same as `traefik.frontend.headers.isDevelopment`             |
+| `traefik.<segment_name>.frontend.headers.publicKey=VALUE`               | Same as `traefik.frontend.headers.publicKey`                 |
+| `traefik.<segment_name>.frontend.headers.referrerPolicy=VALUE`          | Same as `traefik.frontend.headers.referrerPolicy`            |
+| `traefik.<segment_name>.frontend.headers.SSLRedirect=true`              | Same as `traefik.frontend.headers.SSLRedirect`               |
+| `traefik.<segment_name>.frontend.headers.SSLTemporaryRedirect=true`     | Same as `traefik.frontend.headers.SSLTemporaryRedirect`      |
+| `traefik.<segment_name>.frontend.headers.SSLHost=HOST`                  | Same as `traefik.frontend.headers.SSLHost`                   |
+| `traefik.<segment_name>.frontend.headers.SSLProxyHeaders=EXPR`          | Same as `traefik.frontend.headers.SSLProxyHeaders=EXPR`      |
+| `traefik.<segment_name>.frontend.headers.STSSeconds=315360000`          | Same as `traefik.frontend.headers.STSSeconds=315360000`      |
+| `traefik.<segment_name>.frontend.headers.STSIncludeSubdomains=true`     | Same as `traefik.frontend.headers.STSIncludeSubdomains=true` |
+| `traefik.<segment_name>.frontend.headers.STSPreload=true`               | Same as `traefik.frontend.headers.STSPreload=true`           |
--- a/docs/configuration/backends/mesos.md
+++ b/docs/configuration/backends/mesos.md
@@ -34,6 +34,13 @@ watch = true
 #
 domain = "mesos.localhost"

+# Expose Mesos apps by default in Traefik.
+#
+# Optional
+# Default: true
+#
+# exposedByDefault = false
+
 # Override default configuration template.
 # For advanced users :)
 #
@@ -41,46 +48,48 @@ domain = "mesos.localhost"
 #
 # filename = "mesos.tmpl"

-# Expose Mesos apps by default in Traefik.
+# Override template version
+# For advanced users :)
 #
 # Optional
-# Default: true
+# - "1": previous template version (must be used only with older custom templates, see "filename")
+# - "2": current template version (must be used to force template version when "filename" is used)
 #
-# ExposedByDefault = false
+# templateVersion = 2

 # TLS client configuration. https://golang.org/pkg/crypto/tls/#Config
 #
 # Optional
 #
 # [mesos.TLS]
-# InsecureSkipVerify = true
+# insecureSkipVerify = true

 # Zookeeper timeout (in seconds).
 #
 # Optional
 # Default: 30
 #
-# ZkDetectionTimeout = 30
+# zkDetectionTimeout = 30

 # Polling interval (in seconds).
 #
 # Optional
 # Default: 30
 #
-# RefreshSeconds = 30
+# refreshSeconds = 30

 # IP sources (e.g. host, docker, mesos, netinfo).
 #
 # Optional
 #
-# IPSources = "host"
+# ipSources = "host"

 # HTTP Timeout (in seconds).
 #
 # Optional
 # Default: 30
 #
-# StateTimeoutSecond = "30"
+# stateTimeoutSecond = "30"

 # Convert groups to subdomains.
 # Default behavior: /foo/bar/myapp => foo-bar-myapp.{defaultDomain}
@@ -90,14 +99,16 @@ domain = "mesos.localhost"
 # Default: false
 #
 # groupsAsSubDomains = true
+
 ```

-## Labels: overriding default behaviour
+## Labels: overriding default behavior

-The following labels can be defined on Mesos tasks. They adjust the behaviour for the entire application.
+The following labels can be defined on Mesos tasks. They adjust the behavior for the entire application.

 | Label                                                      | Description                                                                                                                                                                                                            |
 |------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| `traefik.domain`                                           | Default domain used for frontend rules.                                                                                                                                                                                |
 | `traefik.enable=false`                                     | Disable this container in Træfik                                                                                                                                                                                       |
 | `traefik.port=80`                                          | Register this port. Useful when the container exposes multiples ports.                                                                                                                                                 |
 | `traefik.portIndex=1`                                      | Register port by index in the application's ports array. Useful when the application exposes multiple ports.                                                                                                           |
@@ -150,7 +161,17 @@ The following labels can be defined on Mesos tasks. They adjust the behaviour fo
 | Label                                                    | Description                                                                                                                                                                                         |
 |----------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
 | `traefik.frontend.headers.allowedHosts=EXPR`             | Provides a list of allowed hosts that requests will be processed.<br>Format: `Host1,Host2`                                                                                                          |
+| `traefik.frontend.headers.browserXSSFilter=true`         | Adds the X-XSS-Protection header with the value `1; mode=block`.                                                                                                                                    |
+| `traefik.frontend.headers.contentSecurityPolicy=VALUE`   | Adds CSP Header with the custom value.                                                                                                                                                              |
+| `traefik.frontend.headers.contentTypeNosniff=true`       | Adds the `X-Content-Type-Options` header with the value `nosniff`.                                                                                                                                  |
+| `traefik.frontend.headers.customBrowserXSSValue=VALUE`   | Set custom value for X-XSS-Protection header. This overrides the BrowserXssFilter option.                                                                                                           |
+| `traefik.frontend.headers.customFrameOptionsValue=VALUE` | Overrides the `X-Frame-Options` header with the custom value.                                                                                                                                       |
+| `traefik.frontend.headers.forceSTSHeader=false`          | Adds the STS  header to non-SSL requests.                                                                                                                                                           |
+| `traefik.frontend.headers.frameDeny=false`               | Adds the `X-Frame-Options` header with the value of `DENY`.                                                                                                                                         |
 | `traefik.frontend.headers.hostsProxyHeaders=EXPR `       | Provides a list of headers that the proxied hostname may be stored.<br>Format: `HEADER1,HEADER2`                                                                                                    |
+| `traefik.frontend.headers.isDevelopment=false`           | This will cause the `AllowedHosts`, `SSLRedirect`, and `STSSeconds`/`STSIncludeSubdomains` options to be ignored during development.<br>When deploying to production, be sure to set this to false. |
+| `traefik.frontend.headers.publicKey=VALUE`               | Adds pinned HTST public key header.                                                                                                                                                                 |
+| `traefik.frontend.headers.referrerPolicy=VALUE`          | Adds referrer policy  header.                                                                                                                                                                       |
 | `traefik.frontend.headers.SSLRedirect=true`              | Forces the frontend to redirect to SSL if a non-SSL request is sent.                                                                                                                                |
 | `traefik.frontend.headers.SSLTemporaryRedirect=true`     | Forces the frontend to redirect to SSL if a non-SSL request is sent, but by sending a 302 instead of a 301.                                                                                         |
 | `traefik.frontend.headers.SSLHost=HOST`                  | This setting configures the hostname that redirects will be based on. Default is "", which is the same host as the request.                                                                         |
@@ -158,13 +179,3 @@ The following labels can be defined on Mesos tasks. They adjust the behaviour fo
 | `traefik.frontend.headers.STSSeconds=315360000`          | Sets the max-age of the STS header.                                                                                                                                                                 |
 | `traefik.frontend.headers.STSIncludeSubdomains=true`     | Adds the `IncludeSubdomains` section of the STS  header.                                                                                                                                            |
 | `traefik.frontend.headers.STSPreload=true`               | Adds the preload flag to the STS  header.                                                                                                                                                           |
-| `traefik.frontend.headers.forceSTSHeader=false`          | Adds the STS  header to non-SSL requests.                                                                                                                                                           |
-| `traefik.frontend.headers.frameDeny=false`               | Adds the `X-Frame-Options` header with the value of `DENY`.                                                                                                                                         |
-| `traefik.frontend.headers.customFrameOptionsValue=VALUE` | Overrides the `X-Frame-Options` header with the custom value.                                                                                                                                       |
-| `traefik.frontend.headers.contentTypeNosniff=true`       | Adds the `X-Content-Type-Options` header with the value `nosniff`.                                                                                                                                  |
-| `traefik.frontend.headers.browserXSSFilter=true`         | Adds the X-XSS-Protection header with the value `1; mode=block`.                                                                                                                                    |
-| `traefik.frontend.headers.customBrowserXSSValue=VALUE`   | Set custom value for X-XSS-Protection header. This overrides the BrowserXssFilter option.                                                                                                           |
-| `traefik.frontend.headers.contentSecurityPolicy=VALUE`   | Adds CSP Header with the custom value.                                                                                                                                                              |
-| `traefik.frontend.headers.publicKey=VALUE`               | Adds pinned HTST public key header.                                                                                                                                                                 |
-| `traefik.frontend.headers.referrerPolicy=VALUE`          | Adds referrer policy  header.                                                                                                                                                                       |
-| `traefik.frontend.headers.isDevelopment=false`           | This will cause the `AllowedHosts`, `SSLRedirect`, and `STSSeconds`/`STSIncludeSubdomains` options to be ignored during development.<br>When deploying to production, be sure to set this to false. |
--- a/docs/configuration/backends/rancher.md
+++ b/docs/configuration/backends/rancher.md
@@ -61,7 +61,7 @@ enableServiceHealthFilter = true
 # - "1": previous template version (must be used only with older custom templates, see "filename")
 # - "2": current template version (must be used to force template version when "filename" is used)
 #
-# templateVersion = "2"
+# templateVersion = 2
 ```

 To enable constraints see [backend-specific constraints section](/configuration/commons/#backend-specific).
@@ -77,7 +77,7 @@ To enable constraints see [backend-specific constraints section](/configuration/
 #
 [rancher.metadata]

-# Poll the Rancher metadata service for changes every `rancher.RefreshSeconds`.
+# Poll the Rancher metadata service for changes every `rancher.refreshSeconds`.
 # NOTE: this is less accurate than the default long polling technique which
 # will provide near instantaneous updates to Traefik
 #
@@ -140,6 +140,7 @@ Labels can be used on task containers to override default behavior:

 | Label                                                      | Description                                                                                                                                                                                                               |
 |------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| `traefik.domain`                                           | Default domain used for frontend rules.                                                                                                                                                                                   |
 | `traefik.enable=false`                                     | Disable this container in Træfik                                                                                                                                                                                          |
 | `traefik.port=80`                                          | Register this port. Useful when the container exposes multiples ports.                                                                                                                                                    |
 | `traefik.protocol=https`                                   | Override the default `http` protocol                                                                                                                                                                                      |
@@ -192,7 +193,17 @@ Labels can be used on task containers to override default behavior:
 | Label                                                    | Description                                                                                                                                                                                         |
 |----------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
 | `traefik.frontend.headers.allowedHosts=EXPR`             | Provides a list of allowed hosts that requests will be processed.<br>Format: `Host1,Host2`                                                                                                          |
-| `traefik.frontend.headers.hostsProxyHeaders=EXPR`        | Provides a list of headers that the proxied hostname may be stored.<br>Format: `HEADER1,HEADER2`                                                                                                    |
+| `traefik.frontend.headers.browserXSSFilter=true`         | Adds the X-XSS-Protection header with the value `1; mode=block`.                                                                                                                                    |
+| `traefik.frontend.headers.contentSecurityPolicy=VALUE`   | Adds CSP Header with the custom value.                                                                                                                                                              |
+| `traefik.frontend.headers.contentTypeNosniff=true`       | Adds the `X-Content-Type-Options` header with the value `nosniff`.                                                                                                                                  |
+| `traefik.frontend.headers.customBrowserXSSValue=VALUE`   | Set custom value for X-XSS-Protection header. This overrides the BrowserXssFilter option.                                                                                                           |
+| `traefik.frontend.headers.customFrameOptionsValue=VALUE` | Overrides the `X-Frame-Options` header with the custom value.                                                                                                                                       |
+| `traefik.frontend.headers.forceSTSHeader=false`          | Adds the STS  header to non-SSL requests.                                                                                                                                                           |
+| `traefik.frontend.headers.frameDeny=false`               | Adds the `X-Frame-Options` header with the value of `DENY`.                                                                                                                                         |
+| `traefik.frontend.headers.hostsProxyHeaders=EXPR `       | Provides a list of headers that the proxied hostname may be stored.<br>Format: `HEADER1,HEADER2`                                                                                                    |
+| `traefik.frontend.headers.isDevelopment=false`           | This will cause the `AllowedHosts`, `SSLRedirect`, and `STSSeconds`/`STSIncludeSubdomains` options to be ignored during development.<br>When deploying to production, be sure to set this to false. |
+| `traefik.frontend.headers.publicKey=VALUE`               | Adds pinned HTST public key header.                                                                                                                                                                 |
+| `traefik.frontend.headers.referrerPolicy=VALUE`          | Adds referrer policy  header.                                                                                                                                                                       |
 | `traefik.frontend.headers.SSLRedirect=true`              | Forces the frontend to redirect to SSL if a non-SSL request is sent.                                                                                                                                |
 | `traefik.frontend.headers.SSLTemporaryRedirect=true`     | Forces the frontend to redirect to SSL if a non-SSL request is sent, but by sending a 302 instead of a 301.                                                                                         |
 | `traefik.frontend.headers.SSLHost=HOST`                  | This setting configures the hostname that redirects will be based on. Default is "", which is the same host as the request.                                                                         |
@@ -200,16 +211,6 @@ Labels can be used on task containers to override default behavior:
 | `traefik.frontend.headers.STSSeconds=315360000`          | Sets the max-age of the STS header.                                                                                                                                                                 |
 | `traefik.frontend.headers.STSIncludeSubdomains=true`     | Adds the `IncludeSubdomains` section of the STS  header.                                                                                                                                            |
 | `traefik.frontend.headers.STSPreload=true`               | Adds the preload flag to the STS  header.                                                                                                                                                           |
-| `traefik.frontend.headers.forceSTSHeader=false`          | Adds the STS  header to non-SSL requests.                                                                                                                                                           |
-| `traefik.frontend.headers.frameDeny=false`               | Adds the `X-Frame-Options` header with the value of `DENY`.                                                                                                                                         |
-| `traefik.frontend.headers.customFrameOptionsValue=VALUE` | Overrides the `X-Frame-Options` header with the custom value.                                                                                                                                       |
-| `traefik.frontend.headers.contentTypeNosniff=true`       | Adds the `X-Content-Type-Options` header with the value `nosniff`.                                                                                                                                  |
-| `traefik.frontend.headers.browserXSSFilter=true`         | Adds the X-XSS-Protection header with the value `1; mode=block`.                                                                                                                                    |
-| `traefik.frontend.headers.customBrowserXSSValue=VALUE`   | Set custom value for X-XSS-Protection header. This overrides the BrowserXssFilter option.                                                                                                           |
-| `traefik.frontend.headers.contentSecurityPolicy=VALUE`   | Adds CSP Header with the custom value.                                                                                                                                                              |
-| `traefik.frontend.headers.publicKey=VALUE`               | Adds pinned HTST public key header.                                                                                                                                                                 |
-| `traefik.frontend.headers.referrerPolicy=VALUE`          | Adds referrer policy  header.                                                                                                                                                                       |
-| `traefik.frontend.headers.isDevelopment=false`           | This will cause the `AllowedHosts`, `SSLRedirect`, and `STSSeconds`/`STSIncludeSubdomains` options to be ignored during development.<br>When deploying to production, be sure to set this to false. |

 ### On containers with Multiple Ports (segment labels)

@@ -219,59 +220,60 @@ You can define as many segments as ports exposed in a container.

 Segment labels override the default behavior.

-| Label                                                                     | Description                                                                                      |
-|---------------------------------------------------------------------------|--------------------------------------------------------------------------------------------------|
-| `traefik.<segment_name>.port=PORT`                                        | Overrides `traefik.port`. If several ports need to be exposed, the segment labels could be used. |
-| `traefik.<segment_name>.protocol`                                         | Overrides `traefik.protocol`.                                                                    |
-| `traefik.<segment_name>.weight`                                           | Assign this segment weight. Overrides `traefik.weight`.                                          |
-| `traefik.<segment_name>.frontend.auth.basic`                              | Sets a Basic Auth for that frontend                                                              |
-| `traefik.<segment_name>.frontend.backend=BACKEND`                         | Assign this segment frontend to `BACKEND`. Default is to assign to the segment backend.          |
-| `traefik.<segment_name>.frontend.entryPoints`                             | Overrides `traefik.frontend.entrypoints`                                                         |
-| `traefik.<segment_name>.frontend.errors.<name>.backend=NAME`              | See [custom error pages](/configuration/commons/#custom-error-pages) section.                    |
-| `traefik.<segment_name>.frontend.errors.<name>.query=PATH`                | See [custom error pages](/configuration/commons/#custom-error-pages) section.                    |
-| `traefik.<segment_name>.frontend.errors.<name>.status=RANGE`              | See [custom error pages](/configuration/commons/#custom-error-pages) section.                    |
-| `traefik.<segment_name>.frontend.passHostHeader`                          | Overrides `traefik.frontend.passHostHeader`.                                                     |
-| `traefik.<segment_name>.frontend.passTLSCert`                             | Overrides `traefik.frontend.passTLSCert`.                                                        |
-| `traefik.<segment_name>.frontend.priority`                                | Overrides `traefik.frontend.priority`.                                                           |
-| `traefik.<segment_name>.frontend.rateLimit.extractorFunc=EXP`             | See [rate limiting](/configuration/commons/#rate-limiting) section.                              |
-| `traefik.<segment_name>.frontend.rateLimit.rateSet.<name>.period=6`       | See [rate limiting](/configuration/commons/#rate-limiting) section.                              |
-| `traefik.<segment_name>.frontend.rateLimit.rateSet.<name>.average=6`      | See [rate limiting](/configuration/commons/#rate-limiting) section.                              |
-| `traefik.<segment_name>.frontend.rateLimit.rateSet.<name>.burst=6`        | See [rate limiting](/configuration/commons/#rate-limiting) section.                              |
-| `traefik.<segment_name>.frontend.redirect.entryPoint=https`               | Overrides `traefik.frontend.redirect.entryPoint`.                                                |
-| `traefik.<segment_name>.frontend.redirect.regex=^http://localhost/(.*)`   | Overrides `traefik.frontend.redirect.regex`.                                                     |
-| `traefik.<segment_name>.frontend.redirect.replacement=http://mydomain/$1` | Overrides `traefik.frontend.redirect.replacement`.                                               |
-| `traefik.<segment_name>.frontend.redirect.permanent=true`                 | Return 301 instead of 302.                                                                       |
-| `traefik.<segment_name>.frontend.rule`                                    | Overrides `traefik.frontend.rule`.                                                               |
-| `traefik.<segment_name>.frontend.whiteList.sourceRange=RANGE`             | Overrides `traefik.frontend.whiteList.sourceRange`.                                              |
-| `traefik.<segment_name>.frontend.whiteList.useXForwardedFor=true`         | Overrides `traefik.frontend.whiteList.useXForwardedFor`.                                         |
+| Label                                                                     | Description                                                 |
+|---------------------------------------------------------------------------|-------------------------------------------------------------|
+| `traefik.<segment_name>.domain=DOMAIN`                                    | Same as `traefik.domain`                                    |
+| `traefik.<segment_name>.port=PORT`                                        | Same as `traefik.port`                                      |
+| `traefik.<segment_name>.protocol=http`                                    | Same as `traefik.protocol`                                  |
+| `traefik.<segment_name>.weight=10`                                        | Same as `traefik.weight`                                    |
+| `traefik.<segment_name>.frontend.auth.basic=EXPR`                         | Same as `traefik.frontend.auth.basic`                       |
+| `traefik.<segment_name>.frontend.backend=BACKEND`                         | Same as `traefik.frontend.backend`                          |
+| `traefik.<segment_name>.frontend.entryPoints=https`                       | Same as `traefik.frontend.entryPoints`                      |
+| `traefik.<segment_name>.frontend.errors.<name>.backend=NAME`              | Same as `traefik.frontend.errors.<name>.backend`            |
+| `traefik.<segment_name>.frontend.errors.<name>.query=PATH`                | Same as `traefik.frontend.errors.<name>.query`              |
+| `traefik.<segment_name>.frontend.errors.<name>.status=RANGE`              | Same as `traefik.frontend.errors.<name>.status`             |
+| `traefik.<segment_name>.frontend.passHostHeader=true`                     | Same as `traefik.frontend.passHostHeader`                   |
+| `traefik.<segment_name>.frontend.passTLSCert=true`                        | Same as `traefik.frontend.passTLSCert`                      |
+| `traefik.<segment_name>.frontend.priority=10`                             | Same as `traefik.frontend.priority`                         |
+| `traefik.<segment_name>.frontend.rateLimit.extractorFunc=EXP`             | Same as `traefik.frontend.rateLimit.extractorFunc`          |
+| `traefik.<segment_name>.frontend.rateLimit.rateSet.<name>.period=6`       | Same as `traefik.frontend.rateLimit.rateSet.<name>.period`  |
+| `traefik.<segment_name>.frontend.rateLimit.rateSet.<name>.average=6`      | Same as `traefik.frontend.rateLimit.rateSet.<name>.average` |
+| `traefik.<segment_name>.frontend.rateLimit.rateSet.<name>.burst=6`        | Same as `traefik.frontend.rateLimit.rateSet.<name>.burst`   |
+| `traefik.<segment_name>.frontend.redirect.entryPoint=https`               | Same as `traefik.frontend.redirect.entryPoint`              |
+| `traefik.<segment_name>.frontend.redirect.regex=^http://localhost/(.*)`   | Same as `traefik.frontend.redirect.regex`                   |
+| `traefik.<segment_name>.frontend.redirect.replacement=http://mydomain/$1` | Same as `traefik.frontend.redirect.replacement`             |
+| `traefik.<segment_name>.frontend.redirect.permanent=true`                 | Same as `traefik.frontend.redirect.permanent`               |
+| `traefik.<segment_name>.frontend.rule=EXP`                                | Same as `traefik.frontend.rule`                             |
+| `traefik.<segment_name>.frontend.whiteList.sourceRange=RANGE`             | Same as `traefik.frontend.whiteList.sourceRange`            |
+| `traefik.<segment_name>.frontend.whiteList.useXForwardedFor=true`         | Same as `traefik.frontend.whiteList.useXForwardedFor`       |

 #### Custom Headers

-| Label                                                                | Description                                                     |
-|----------------------------------------------------------------------|-----------------------------------------------------------------|
-| `traefik.<segment_name>.frontend.headers.customRequestHeaders=EXPR ` | overrides `traefik.frontend.headers.customRequestHeaders=EXPR ` |
-| `traefik.<segment_name>.frontend.headers.customResponseHeaders=EXPR` | overrides `traefik.frontend.headers.customResponseHeaders=EXPR` |
+| Label                                                                | Description                                                |
+|----------------------------------------------------------------------|------------------------------------------------------------|
+| `traefik.<segment_name>.frontend.headers.customRequestHeaders=EXPR ` | overrides `traefik.frontend.headers.customRequestHeaders`  |
+| `traefik.<segment_name>.frontend.headers.customResponseHeaders=EXPR` | overrides `traefik.frontend.headers.customResponseHeaders` |

 #### Security Headers

-| Label                                                                   | Description                                                        |
-|-------------------------------------------------------------------------|--------------------------------------------------------------------|
-| `traefik.<segment_name>.frontend.headers.allowedHosts=EXPR`             | overrides `traefik.frontend.headers.allowedHosts=EXPR`             |
-| `traefik.<segment_name>.frontend.headers.hostsProxyHeaders=EXPR`        | overrides `traefik.frontend.headers.hostsProxyHeaders=EXPR`        |
-| `traefik.<segment_name>.frontend.headers.SSLRedirect=true`              | overrides `traefik.frontend.headers.SSLRedirect=true`              |
-| `traefik.<segment_name>.frontend.headers.SSLTemporaryRedirect=true`     | overrides `traefik.frontend.headers.SSLTemporaryRedirect=true`     |
-| `traefik.<segment_name>.frontend.headers.SSLHost=HOST`                  | overrides `traefik.frontend.headers.SSLHost=HOST`                  |
-| `traefik.<segment_name>.frontend.headers.SSLProxyHeaders=EXPR`          | overrides `traefik.frontend.headers.SSLProxyHeaders=EXPR`          |
-| `traefik.<segment_name>.frontend.headers.STSSeconds=315360000`          | overrides `traefik.frontend.headers.STSSeconds=315360000`          |
-| `traefik.<segment_name>.frontend.headers.STSIncludeSubdomains=true`     | overrides `traefik.frontend.headers.STSIncludeSubdomains=true`     |
-| `traefik.<segment_name>.frontend.headers.STSPreload=true`               | overrides `traefik.frontend.headers.STSPreload=true`               |
-| `traefik.<segment_name>.frontend.headers.forceSTSHeader=false`          | overrides `traefik.frontend.headers.forceSTSHeader=false`          |
-| `traefik.<segment_name>.frontend.headers.frameDeny=false`               | overrides `traefik.frontend.headers.frameDeny=false`               |
-| `traefik.<segment_name>.frontend.headers.customFrameOptionsValue=VALUE` | overrides `traefik.frontend.headers.customFrameOptionsValue=VALUE` |
-| `traefik.<segment_name>.frontend.headers.contentTypeNosniff=true`       | overrides `traefik.frontend.headers.contentTypeNosniff=true`       |
-| `traefik.<segment_name>.frontend.headers.browserXSSFilter=true`         | overrides `traefik.frontend.headers.browserXSSFilter=true`         |
-| `traefik.<segment_name>.frontend.headers.customBrowserXSSValue=VALUE`   | overrides `traefik.frontend.headers.customBrowserXSSValue=VALUE`   |
-| `traefik.<segment_name>.frontend.headers.contentSecurityPolicy=VALUE`   | overrides `traefik.frontend.headers.contentSecurityPolicy=VALUE`   |
-| `traefik.<segment_name>.frontend.headers.publicKey=VALUE`               | overrides `traefik.frontend.headers.publicKey=VALUE`               |
-| `traefik.<segment_name>.frontend.headers.referrerPolicy=VALUE`          | overrides `traefik.frontend.headers.referrerPolicy=VALUE`          |
-| `traefik.<segment_name>.frontend.headers.isDevelopment=false`           | overrides `traefik.frontend.headers.isDevelopment=false`           |
+| Label                                                                   | Description                                                  |
+|-------------------------------------------------------------------------|--------------------------------------------------------------|
+| `traefik.<segment_name>.frontend.headers.allowedHosts=EXPR`             | overrides `traefik.frontend.headers.allowedHosts`            |
+| `traefik.<segment_name>.frontend.headers.browserXSSFilter=true`         | overrides `traefik.frontend.headers.browserXSSFilter`        |
+| `traefik.<segment_name>.frontend.headers.contentSecurityPolicy=VALUE`   | overrides `traefik.frontend.headers.contentSecurityPolicy`   |
+| `traefik.<segment_name>.frontend.headers.contentTypeNosniff=true`       | overrides `traefik.frontend.headers.contentTypeNosniff`      |
+| `traefik.<segment_name>.frontend.headers.customBrowserXSSValue=VALUE`   | overrides `traefik.frontend.headers.customBrowserXSSValue`   |
+| `traefik.<segment_name>.frontend.headers.customFrameOptionsValue=VALUE` | overrides `traefik.frontend.headers.customFrameOptionsValue` |
+| `traefik.<segment_name>.frontend.headers.forceSTSHeader=false`          | overrides `traefik.frontend.headers.forceSTSHeader`          |
+| `traefik.<segment_name>.frontend.headers.frameDeny=false`               | overrides `traefik.frontend.headers.frameDeny`               |
+| `traefik.<segment_name>.frontend.headers.hostsProxyHeaders=EXPR`        | overrides `traefik.frontend.headers.hostsProxyHeaders`       |
+| `traefik.<segment_name>.frontend.headers.isDevelopment=false`           | overrides `traefik.frontend.headers.isDevelopment`           |
+| `traefik.<segment_name>.frontend.headers.publicKey=VALUE`               | overrides `traefik.frontend.headers.publicKey`               |
+| `traefik.<segment_name>.frontend.headers.referrerPolicy=VALUE`          | overrides `traefik.frontend.headers.referrerPolicy`          |
+| `traefik.<segment_name>.frontend.headers.SSLRedirect=true`              | overrides `traefik.frontend.headers.SSLRedirect`             |
+| `traefik.<segment_name>.frontend.headers.SSLTemporaryRedirect=true`     | overrides `traefik.frontend.headers.SSLTemporaryRedirect`    |
+| `traefik.<segment_name>.frontend.headers.SSLHost=HOST`                  | overrides `traefik.frontend.headers.SSLHost`                 |
+| `traefik.<segment_name>.frontend.headers.SSLProxyHeaders=EXPR`          | overrides `traefik.frontend.headers.SSLProxyHeaders`         |
+| `traefik.<segment_name>.frontend.headers.STSSeconds=315360000`          | overrides `traefik.frontend.headers.STSSeconds`              |
+| `traefik.<segment_name>.frontend.headers.STSIncludeSubdomains=true`     | overrides `traefik.frontend.headers.STSIncludeSubdomains`    |
+| `traefik.<segment_name>.frontend.headers.STSPreload=true`               | overrides `traefik.frontend.headers.STSPreload`              |
--- a/docs/configuration/backends/servicefabric.md
+++ b/docs/configuration/backends/servicefabric.md
@@ -1,33 +1,33 @@
-# Service Fabric Backend
+# Azure Service Fabric Backend

-Træfik can be configured to use Service Fabric as a backend configuration.
+Træfik can be configured to use Azure Service Fabric as a backend configuration.

 See [this repository for an example deployment package and further documentation.](https://aka.ms/traefikonsf)

-## Service Fabric
+## Azure Service Fabric

 ```toml
 ################################################################
-# Service Fabric provider
+# Azure Service Fabric provider
 ################################################################

-# Enable Service Fabric configuration backend
+# Enable Azure Service Fabric configuration backend
 [serviceFabric]

-# Service Fabric Management Endpoint
+# Azure Service Fabric Management Endpoint
 #
 # Required
 #
 clusterManagementUrl = "https://localhost:19080"

-# Service Fabric Management Endpoint API Version
+# Azure Service Fabric Management Endpoint API Version
 #
 # Required
 # Default: "3.0"
 #
 apiVersion = "3.0"

-# Service Fabric Polling Interval (in seconds)
+# Azure Service Fabric Polling Interval (in seconds)
 #
 # Required
 # Default: 10
@@ -42,7 +42,7 @@ refreshSeconds = 10
 #   ca = "/etc/ssl/ca.crt"
 #   cert = "/etc/ssl/servicefabric.crt"
 #   key = "/etc/ssl/servicefabric.key"
-#   insecureskipverify = true
+#   insecureSkipVerify = true
 ```

 ## Labels
@@ -61,7 +61,7 @@ Here is an example of an extension setting Træfik labels:
      <Extension Name="Traefik">
        <Labels xmlns="http://schemas.microsoft.com/2015/03/fabact-no-schema">
          <Label Key="traefik.frontend.rule.example2">PathPrefixStrip: /a/path/to/strip</Label>
-          <Label Key="traefik.expose">true</Label>
+          <Label Key="traefik.enable">true</Label> 
          <Label Key="traefik.frontend.passHostHeader">true</Label>
        </Labels>
      </Extension>
--- a/docs/configuration/backends/zookeeper.md
+++ b/docs/configuration/backends/zookeeper.md
@@ -53,7 +53,7 @@ prefix = "traefik"
 #    ca = "/etc/ssl/ca.crt"
 #    cert = "/etc/ssl/zookeeper.crt"
 #    key = "/etc/ssl/zookeeper.key"
-#    insecureskipverify = true
+#    insecureSkipVerify = true
 ```

 To enable constraints see [backend-specific constraints section](/configuration/commons/#backend-specific).
--- a/docs/configuration/commons.md
+++ b/docs/configuration/commons.md
@@ -38,14 +38,14 @@
 # Optional
 # Default: "2s"
 #
-# ProvidersThrottleDuration = "2s"
+# providersThrottleDuration = "2s"

 # Controls the maximum idle (keep-alive) connections to keep per-host.
 #
 # Optional
 # Default: 200
 #
-# MaxIdleConnsPerHost = 200
+# maxIdleConnsPerHost = 200

 # If set to true invalid SSL certificates are accepted for backends.
 # This disables detection of man-in-the-middle attacks so should only be used on secure backend networks.
@@ -53,14 +53,14 @@
 # Optional
 # Default: false
 #
-# InsecureSkipVerify = true
+# insecureSkipVerify = true

-# Register Certificates in the RootCA.
+# Register Certificates in the rootCA.
 #
 # Optional
 # Default: []
 #
-# RootCAs = [ "/mycert.cert" ]
+# rootCAs = [ "/mycert.cert" ]

 # Entrypoints to be used by frontends that do not specify any entrypoint.
 # Each frontend can specify its own entrypoints.
@@ -69,6 +69,15 @@
 # Default: ["http"]
 #
 # defaultEntryPoints = ["http", "https"]
+
+# Allow the use of 0 as server weight.
+# - false: a weight 0 means internally a weight of 1.
+# - true: a weight 0 means internally a weight of 0 (a server with a weight of 0 is removed from the available servers).
+#
+# Optional
+# Default: false
+#
+# AllowMinWeightZero = true
 ```

 - `graceTimeOut`: Duration to give active requests a chance to finish before Traefik stops.  
@@ -76,19 +85,19 @@ Can be provided in a format supported by [time.ParseDuration](https://golang.org
 If no units are provided, the value is parsed assuming seconds.  
 **Note:** in this time frame no new requests are accepted.

- `ProvidersThrottleDuration`: Backends throttle duration: minimum duration in seconds between 2 events from providers before applying a new configuration.
+- `providersThrottleDuration`: Backends throttle duration: minimum duration in seconds between 2 events from providers before applying a new configuration.
 It avoids unnecessary reloads if multiples events are sent in a short amount of time.  
 Can be provided in a format supported by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration) or as raw values (digits).
 If no units are provided, the value is parsed assuming seconds.

- `MaxIdleConnsPerHost`: Controls the maximum idle (keep-alive) connections to keep per-host.  
+- `maxIdleConnsPerHost`: Controls the maximum idle (keep-alive) connections to keep per-host.  
 If zero, `DefaultMaxIdleConnsPerHost` from the Go standard library net/http module is used.
 If you encounter 'too many open files' errors, you can either increase this value or change the `ulimit`.

- `InsecureSkipVerify` : If set to true invalid SSL certificates are accepted for backends.  
+- `insecureSkipVerify` : If set to true invalid SSL certificates are accepted for backends.  
 **Note:** This disables detection of man-in-the-middle attacks so should only be used on secure backend networks.

- `RootCAs`: Register Certificates in the RootCA. This certificates will be use for backends calls.  
+- `rootCAs`: Register Certificates in the RootCA. This certificates will be use for backends calls.  
 **Note** You can use file path or cert content directly

 - `defaultEntryPoints`: Entrypoints to be used by frontends that do not specify any entrypoint.  
@@ -386,24 +395,24 @@ If no units are provided, the value is parsed assuming seconds.

 ### Idle Timeout (deprecated)

-Use [respondingTimeouts](/configuration/commons/#responding-timeouts) instead of `IdleTimeout`.
+Use [respondingTimeouts](/configuration/commons/#responding-timeouts) instead of `idleTimeout`.
 In the case both settings are configured, the deprecated option will be overwritten.

-`IdleTimeout` is the maximum amount of time an idle (keep-alive) connection will remain idle before closing itself.
+`idleTimeout` is the maximum amount of time an idle (keep-alive) connection will remain idle before closing itself.
 This is set to enforce closing of stale client connections.

 Can be provided in a format supported by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration) or as raw values (digits).
 If no units are provided, the value is parsed assuming seconds.

 ```toml
-# IdleTimeout
+# idleTimeout
 #
 # DEPRECATED - see [respondingTimeouts] section.
 #
 # Optional
 # Default: "180s"
 #
-IdleTimeout = "360s"
+idleTimeout = "360s"
 ```


--- a/docs/configuration/entrypoints.md
+++ b/docs/configuration/entrypoints.md
@@ -118,7 +118,7 @@ Compress:true
 WhiteList.SourceRange:10.42.0.0/16,152.89.1.33/32,afed:be44::/16
 WhiteList.UseXForwardedFor:true
 ProxyProtocol.TrustedIPs:192.168.0.1
-ProxyProtocol.Insecure:tue
+ProxyProtocol.Insecure:true
 ForwardedHeaders.TrustedIPs:10.0.0.3/24,20.0.0.3/24
 Auth.Basic.Users:test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0
 Auth.Digest.Users:test:traefik:a2688e031edb4be6a3797f3882655c05,test2:traefik:518845800f9e2bfb1f1f740ec24f074e
--- a/docs/configuration/tracing.md
+++ b/docs/configuration/tracing.md
@@ -15,28 +15,28 @@ Træfik supports two backends: Jaeger and Zipkin.
  #
  # Default: "jaeger"
  #
-  Backend = "jaeger"
+  backend = "jaeger"

  # Service name used in Jaeger backend
  #
  # Default: "traefik"
  #
-  ServiceName = "traefik"
+  serviceName = "traefik"

  [tracing.jaeger]
-    # SamplingServerURL is the address of jaeger-agent's HTTP sampling server
+    # Sampling Server URL is the address of jaeger-agent's HTTP sampling server
    #
    # Default: "http://localhost:5778/sampling"
    #
-    SamplingServerURL = "http://localhost:5778/sampling"
+    samplingServerURL = "http://localhost:5778/sampling"

    # Sampling Type specifies the type of the sampler: const, probabilistic, rateLimiting
    #
    # Default: "const"
    #
-    SamplingType = "const"
+    samplingType = "const"

-    # SamplingParam Param is a value passed to the sampler.
+    # Sampling Param is a value passed to the sampler.
    # Valid values for Param field are:
    #   - for "const" sampler, 0 or 1 for always false/true respectively
    #   - for "probabilistic" sampler, a probability between 0 and 1
@@ -44,15 +44,18 @@ Træfik supports two backends: Jaeger and Zipkin.
    #
    # Default: 1.0
    #
-    SamplingParam = 1.0
+    samplingParam = 1.0

-    # LocalAgentHostPort instructs reporter to send spans to jaeger-agent at this address
+    # Local Agent Host Port instructs reporter to send spans to jaeger-agent at this address
    #
-    # Default: "127.0.0.1:6832"
+    # Default: "127.0.0.1:6831"
    #
-    LocalAgentHostPort = "127.0.0.1:6832"
+    localAgentHostPort = "127.0.0.1:6831"
 ```

+!!! warning
+    Træfik is only able to send data over compact thrift protocol to the [Jaeger agent](https://www.jaegertracing.io/docs/deployment/#agent). 
+
 ## Zipkin

 ```toml
@@ -62,36 +65,36 @@ Træfik supports two backends: Jaeger and Zipkin.
  #
  # Default: "jaeger"
  #
-  Backend = "zipkin"
+  backend = "zipkin"

  # Service name used in Zipkin backend
  #
  # Default: "traefik"
  #
-  ServiceName = "traefik"
+  serviceName = "traefik"

  [tracing.zipkin]
    # Zipking HTTP endpoint used to send data
    #
    # Default: "http://localhost:9411/api/v1/spans"
    #
-    HTTPEndpoint = "http://localhost:9411/api/v1/spans"
+    httpEndpoint = "http://localhost:9411/api/v1/spans"

    # Enable Zipkin debug
    #
    # Default: false
    #
-    Debug = false
+    debug = false

    # Use ZipKin SameSpan RPC style traces
    #
    # Default: false
    #
-    SameSpan = false
+    sameSpan = false

    # Use ZipKin 128 bit root span IDs
    #
    # Default: true
    #
-    ID128Bit = true
+    id128Bit = true
 ```
--- a/docs/img/apollo-logo.png
+++ b/docs/img/apollo-logo.png
--- a/docs/img/asteris.logo.png
+++ b/docs/img/asteris.logo.png
--- a/docs/img/mantl-logo.png
+++ b/docs/img/mantl-logo.png
--- a/docs/img/traefik-health.png
+++ b/docs/img/traefik-health.png
--- a/docs/img/web.frontend.png
+++ b/docs/img/web.frontend.png
--- a/docs/index.md
+++ b/docs/index.md
@@ -19,13 +19,14 @@ Telling Træfik where your orchestrator is could be the _only_ configuration ste
 Imagine that you have deployed a bunch of microservices with the help of an orchestrator (like Swarm or Kubernetes) or a service registry (like etcd or consul).
 Now you want users to access these microservices, and you need a reverse proxy.

-Traditional reverse-proxies require that you configure _each_ route that will connect paths and subdomains to _each_ microservice. In an environment where you add, remove, kill, upgrade, or scale your services _many_ times a day, the task of keeping the routes up to date becomes tedious. 
+Traditional reverse-proxies require that you configure _each_ route that will connect paths and subdomains to _each_ microservice.
+In an environment where you add, remove, kill, upgrade, or scale your services _many_ times a day, the task of keeping the routes up to date becomes tedious.

 **This is when Træfik can help you!**

-Træfik listens to your service registry/orchestrator API and instantly generates the routes so your microservices are connected to the outside world -- without further intervention from your part. 
+Træfik listens to your service registry/orchestrator API and instantly generates the routes so your microservices are connected to the outside world -- without further intervention from your part.

-**Run Træfik and let it do the work for you!** 
+**Run Træfik and let it do the work for you!**
 _(But if you'd rather configure some of your routes manually, Træfik supports that too!)_

 ![Architecture](img/architecture.png)
@@ -52,7 +53,7 @@ _(But if you'd rather configure some of your routes manually, Træfik supports t
 - [Kubernetes](/configuration/backends/kubernetes/)
 - [Mesos](/configuration/backends/mesos/) / [Marathon](/configuration/backends/marathon/)
 - [Rancher](/configuration/backends/rancher/) (API, Metadata)
- [Service Fabric](/configuration/backends/servicefabric/)
+- [Azure Service Fabric](/configuration/backends/servicefabric/)
 - [Consul Catalog](/configuration/backends/consulcatalog/)
 - [Consul](/configuration/backends/consul/) / [Etcd](/configuration/backends/etcd/) / [Zookeeper](/configuration/backends/zookeeper/) / [BoltDB](/configuration/backends/boltdb/)
 - [Eureka](/configuration/backends/eureka/)
@@ -76,13 +77,13 @@ version: '3'

 services:
  reverse-proxy:
-    image: traefik #The official Traefik docker image
-    command: --api --docker #Enables the web UI and tells Træfik to listen to docker
+    image: traefik # The official Traefik docker image
+    command: --api --docker # Enables the web UI and tells Træfik to listen to docker
    ports:
-      - "80:80"     #The HTTP port
-      - "8080:8080" #The Web UI (enabled by --api)
+      - "80:80"     # The HTTP port
+      - "8080:8080" # The Web UI (enabled by --api)
    volumes:
-      - /var/run/docker.sock:/var/run/docker.sock #So that Traefik can listen to the Docker events
+      - /var/run/docker.sock:/var/run/docker.sock # So that Traefik can listen to the Docker events
 ```

 **That's it. Now you can launch Træfik!**
@@ -90,21 +91,21 @@ services:
 Start your `reverse-proxy` with the following command:

 ```shell
-docker-compose up -d reverse-proxy 
+docker-compose up -d reverse-proxy
 ```

 You can open a browser and go to [http://localhost:8080](http://localhost:8080) to see Træfik's dashboard (we'll go back there once we have launched a service in step 2).

-### 2 — Launch a Service — Træfik Detects It and Creates a Route for You 
+### 2 — Launch a Service — Træfik Detects It and Creates a Route for You

-Now that we have a Træfik instance up and running, we will deploy new services. 
+Now that we have a Træfik instance up and running, we will deploy new services.

-Edit your `docker-compose.yml` file and add the following at the end of your file. 
+Edit your `docker-compose.yml` file and add the following at the end of your file.

 ```yaml
-# ... 
+# ...
  whoami:
-    image: emilevauge/whoami #A container that exposes an API to show it's IP address
+    image: emilevauge/whoami # A container that exposes an API to show its IP address
    labels:
      - "traefik.frontend.rule=Host:whoami.docker.localhost"
 ```
@@ -112,7 +113,7 @@ Edit your `docker-compose.yml` file and add the following at the end of your fil
 The above defines `whoami`: a simple web service that outputs information about the machine it is deployed on (its IP address, host, and so on).

 Start the `whoami` service with the following command:
- 
+
 ```shell
 docker-compose up -d whoami
 ```
@@ -135,9 +136,9 @@ IP: 172.27.0.3
 ### 3 — Launch More Instances — Traefik Load Balances Them

 Run more instances of your `whoami` service with the following command:
- 
+
 ```shell
-docker-compose up -d --scale whoami=2 
+docker-compose up -d --scale whoami=2
 ```

 Go back to your browser ([http://localhost:8080](http://localhost:8080)) and see that Træfik has automatically detected the new instance of the container.
@@ -164,9 +165,10 @@ IP: 172.27.0.4

 ### 4 — Enjoy Træfik's Magic

-Now that you have a basic understanding of how Træfik can automatically create the routes to your services and load balance them, it might be time to dive into [the documentation](https://docs.traefik.io/) and let Træfik work for you! Whatever your infrastructure is, there is probably [an available Træfik backend](https://docs.traefik.io/configuration/backends/available) that will do the job. 
+Now that you have a basic understanding of how Træfik can automatically create the routes to your services and load balance them, it might be time to dive into [the documentation](/) and let Træfik work for you!
+Whatever your infrastructure is, there is probably [an available Træfik backend](/#supported-backends) that will do the job.

-Our recommendation would be to see for yourself how simple it is to enable HTTPS with [Træfik's let's encrypt integration](https://docs.traefik.io/user-guide/examples/#lets-encrypt-support) using the dedicated [user guide](https://docs.traefik.io/user-guide/docker-and-lets-encrypt/).
+Our recommendation would be to see for yourself how simple it is to enable HTTPS with [Træfik's let's encrypt integration](/user-guide/examples/#lets-encrypt-support) using the dedicated [user guide](/user-guide/docker-and-lets-encrypt/).

 ## Resources

@@ -196,4 +198,4 @@ Using the tiny Docker image:

 ```shell
 docker run -d -p 8080:8080 -p 80:80 -v $PWD/traefik.toml:/etc/traefik/traefik.toml traefik
-```
+```
--- a/docs/user-guide/cluster-docker-consul.md
+++ b/docs/user-guide/cluster-docker-consul.md
@@ -77,12 +77,12 @@ TL;DR:
 ```shell
 $ traefik \
    --docker \
-    --docker.swarmmode \
+    --docker.swarmMode \
    --docker.domain=mydomain.ca \
    --docker.watch
 ```

-To enable docker and swarm-mode support, you need to add `--docker` and `--docker.swarmmode` flags.
+To enable docker and swarm-mode support, you need to add `--docker` and `--docker.swarmMode` flags.
 To watch docker events, add `--docker.watch`.

 ### Full docker-compose file
@@ -101,11 +101,11 @@ services:
      - "--acme.storage=/etc/traefik/acme/acme.json"
      - "--acme.entryPoint=https"
      - "--acme.httpChallenge.entryPoint=http"
-      - "--acme.OnHostRule=true"
+      - "--acme.onHostRule=true"
      - "--acme.onDemand=false"
      - "--acme.email=contact@mydomain.ca"
      - "--docker"
-      - "--docker.swarmmode"
+      - "--docker.swarmMode"
      - "--docker.domain=mydomain.ca"
      - "--docker.watch"
    volumes:
@@ -211,11 +211,11 @@ services:
      - "--acme.storage=traefik/acme/account"
      - "--acme.entryPoint=https"
      - "--acme.httpChallenge.entryPoint=http"
-      - "--acme.OnHostRule=true"
+      - "--acme.onHostRule=true"
      - "--acme.onDemand=false"
      - "--acme.email=foobar@example.com"
      - "--docker"
-      - "--docker.swarmmode"
+      - "--docker.swarmMode"
      - "--docker.domain=example.com"
      - "--docker.watch"
      - "--consul"
--- a/docs/user-guide/docker-and-lets-encrypt.md
+++ b/docs/user-guide/docker-and-lets-encrypt.md
@@ -50,7 +50,7 @@ version: '2'

 services:
  traefik:
-    image: traefik:1.3.5
+    image: traefik:1.5.4
    restart: always
    ports:
      - 80:80
@@ -97,13 +97,13 @@ defaultEntryPoints = ["https","http"]
 endpoint = "unix:///var/run/docker.sock"
 domain = "my-awesome-app.org"
 watch = true
-exposedbydefault = false
+exposedByDefault = false

 [acme]
 email = "your-email-here@my-awesome-app.org"
 storage = "acme.json"
 entryPoint = "https"
-OnHostRule = true
+onHostRule = true
 [acme.httpChallenge]
 entryPoint = "http"
 ```
@@ -250,7 +250,7 @@ Træfik will create a frontend to listen to incoming HTTP requests which contain
 - Always specify the correct port where the container expects HTTP traffic using `traefik.port` label.  
    If a container exposes multiple ports, Træfik may forward traffic to the wrong port.
    Even if a container only exposes one port, you should always write configuration defensively and explicitly.
- Should you choose to enable the `exposedbydefault` flag in the `traefik.toml` configuration, be aware that all containers that are placed in the same network as Træfik will automatically be reachable from the outside world, for everyone and everyone to see.
+- Should you choose to enable the `exposedByDefault` flag in the `traefik.toml` configuration, be aware that all containers that are placed in the same network as Træfik will automatically be reachable from the outside world, for everyone and everyone to see.
    Usually, this is a bad idea.
 - With the `traefik.frontend.auth.basic` label, it's possible for Træfik to provide a HTTP basic-auth challenge for the endpoints you provide the label for.
 - Træfik has built-in support to automatically export [Prometheus](https://prometheus.io) metrics
--- a/docs/user-guide/examples.md
+++ b/docs/user-guide/examples.md
@@ -89,7 +89,7 @@ This configuration allows generating Let's Encrypt certificates (thanks to `HTTP

 Træfik generates these certificates when it starts and it needs to be restart if new domains are added.

-### OnHostRule option (with HTTP challenge)
+### onHostRule option (with HTTP challenge)

 ```toml
 [entryPoints]
@@ -225,7 +225,7 @@ These variables are described [in this section](/configuration/acme/#provider).

 More information about wildcard certificates are available [in this section](/configuration/acme/#wildcard-domain).

-### OnHostRule option and provided certificates (with HTTP challenge)
+### onHostRule option and provided certificates (with HTTP challenge)

 ```toml
 [entryPoints]
@@ -358,7 +358,7 @@ defaultEntryPoints = ["http"]
    users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/", "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"]
 ```

-## Override the Traefik HTTP server IdleTimeout and/or throttle configurations from re-loading too quickly
+## Override the Traefik HTTP server idleTimeout and/or throttle configurations from re-loading too quickly

 ```toml
 providersThrottleDuration = "5s"
--- a/docs/user-guide/grpc.md
+++ b/docs/user-guide/grpc.md
@@ -45,7 +45,7 @@ At last, we configure our Træfik instance to use both self-signed certificates.
 defaultEntryPoints = ["https"]

 # For secure connection on backend.local
-RootCAs = [ "./backend.cert" ]
+rootCAs = [ "./backend.cert" ]

 [entryPoints]
  [entryPoints.https]
@@ -76,7 +76,7 @@ RootCAs = [ "./backend.cert" ]
 ```

 !!! warning
-    With some backends, the server URLs use the IP, so you may need to configure `InsecureSkipVerify` instead of the `RootCAS` to activate HTTPS without hostname verification.
+    With some backends, the server URLs use the IP, so you may need to configure `insecureSkipVerify` instead of the `rootCAS` to activate HTTPS without hostname verification.

 ## Conclusion

--- a/docs/user-guide/kubernetes.md
+++ b/docs/user-guide/kubernetes.md
@@ -350,7 +350,8 @@ We should now be able to visit [traefik-ui.minikube](http://traefik-ui.minikube)
 ### Add a TLS Certificate to the Ingress

 !!! note
-    For this example to work you need a TLS entrypoint. You don't have to provide a TLS certificate at this point. For more details see [here](/configuration/entrypoints/).
+    For this example to work you need a TLS entrypoint. You don't have to provide a TLS certificate at this point.
+    For more details see [here](/configuration/entrypoints/).

 To setup an HTTPS-protected ingress, you can leverage the TLS feature of the ingress resource.

@@ -371,10 +372,11 @@ spec:
          serviceName: traefik-web-ui
          servicePort: 80
  tls:
-    secretName: traefik-ui-tls-cert
+   - secretName: traefik-ui-tls-cert
 ```

-In addition to the modified ingress you need to provide the TLS certificate via a Kubernetes secret in the same namespace as the ingress. The following two commands will generate a new certificate and create a secret containing the key and cert files.
+In addition to the modified ingress you need to provide the TLS certificate via a Kubernetes secret in the same namespace as the ingress.
+The following two commands will generate a new certificate and create a secret containing the key and cert files.

 ```shell
 openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout tls.key -out tls.crt -subj "/CN=traefik-ui.minikube"
@@ -384,13 +386,16 @@ kubectl -n kube-system create secret tls traefik-ui-tls-cert --key=tls.key --cer
 If there are any errors while loading the TLS section of an ingress, the whole ingress will be skipped.

 !!! note
-    The secret must have two entries named `tls.key`and `tls.crt`. See the [Kubernetes documentation](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) for more details.
+    The secret must have two entries named `tls.key`and `tls.crt`.
+    See the [Kubernetes documentation](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls) for more details.

 !!! note
-    The TLS certificates will be added to all entrypoints defined by the ingress annotation `traefik.frontend.entryPoints`. If no such annotation is provided, the TLS certificates will be added to all TLS-enabled `defaultEntryPoints`.
+    The TLS certificates will be added to all entrypoints defined by the ingress annotation `traefik.frontend.entryPoints`.
+    If no such annotation is provided, the TLS certificates will be added to all TLS-enabled `defaultEntryPoints`.

 !!! note
-    The field `hosts` in the TLS configuration is ignored. Instead, the domains provided by the certificate are used for this purpose. It is recommended to not use wildcard certificates as they will match globally.
+    The field `hosts` in the TLS configuration is ignored. Instead, the domains provided by the certificate are used for this purpose.
+    It is recommended to not use wildcard certificates as they will match globally.

 ## Basic Authentication

@@ -398,7 +403,7 @@ It's possible to protect access to Træfik through basic authentication. (See th

 ### Creating the Secret

-A. Use `htpasswd` to create a file containing the username and the base64-encoded password:
+A. Use `htpasswd` to create a file containing the username and the MD5-encoded password:

 ```shell
 htpasswd -c ./auth myusername
@@ -831,13 +836,21 @@ Sometimes Træfik runs along other Ingress controller implementations. One such

 The `kubernetes.io/ingress.class` annotation can be attached to any Ingress object in order to control whether Træfik should handle it.

-If the annotation is missing, contains an empty value, or the value `traefik`, then the Træfik controller will take responsibility and process the associated Ingress object. If the annotation contains any other value (usually the name of a different Ingress controller), Træfik will ignore the object.
+If the annotation is missing, contains an empty value, or the value `traefik`, then the Træfik controller will take responsibility and process the associated Ingress object.
+If the annotation contains any other value (usually the name of a different Ingress controller), Træfik will ignore the object.
+
+It is also possible to set the `ingressClass` option in Træfik to a particular value.
+If that's the case and the value contains a `traefik` prefix, then only those Ingress objects matching the same value will be processed.
+For instance, setting the option to `traefik-internal` causes Træfik to process Ingress objects with the same `kubernetes.io/ingress.class` annotation value, ignoring all other objects (including those with a `traefik` value, empty value, and missing annotation).

 ### Between multiple Træfik Deployments

-Sometimes multiple Træfik Deployments are supposed to run concurrently. For instance, it is conceivable to have one Deployment deal with internal and another one with external traffic.
+Sometimes multiple Træfik Deployments are supposed to run concurrently.
+For instance, it is conceivable to have one Deployment deal with internal and another one with external traffic.

-For such cases, it is advisable to classify Ingress objects through a label and configure the `labelSelector` option per each Træfik Deployment accordingly. To stick with the internal/external example above, all Ingress objects meant for internal traffic could receive a `traffic-type: internal` label while objects designated for external traffic receive a `traffic-type: external` label. The label selectors on the Træfik Deployments would then be `traffic-type=internal` and `traffic-type=external`, respectively.
+For such cases, it is advisable to classify Ingress objects through a label and configure the `labelSelector` option per each Træfik Deployment accordingly.
+To stick with the internal/external example above, all Ingress objects meant for internal traffic could receive a `traffic-type: internal` label while objects designated for external traffic receive a `traffic-type: external` label.
+The label selectors on the Træfik Deployments would then be `traffic-type=internal` and `traffic-type=external`, respectively.

 ## Production advice

--- a/docs/user-guide/swarm-mode.md
+++ b/docs/user-guide/swarm-mode.md
@@ -87,7 +87,7 @@ docker-machine ssh manager "docker service create \
 	--network traefik-net \
 	traefik \
 	--docker \
-	--docker.swarmmode \
+	--docker.swarmMode \
 	--docker.domain=traefik \
 	--docker.watch \
 	--api"
@@ -101,7 +101,7 @@ Let's explain this command:
 | `--constraint=node.role==manager`                                           | we ask docker to schedule Træfik on a manager node.                                            |
 | `--mount type=bind,source=/var/run/docker.sock,target=/var/run/docker.sock` | we bind mount the docker socket where Træfik is scheduled to be able to speak to the daemon.   |
 | `--network traefik-net`                                                     | we attach the Træfik service (and thus the underlying container) to the `traefik-net` network. |
-| `--docker`                                                                  | enable docker backend, and `--docker.swarmmode` to enable the swarm mode on Træfik.            |
+| `--docker`                                                                  | enable docker backend, and `--docker.swarmMode` to enable the swarm mode on Træfik.            |
 | `--api                                                                      | activate the webUI on port 8080                                                                |


--- a/examples/accessLog/traefik.ab.toml
+++ b/examples/accessLog/traefik.ab.toml
@@ -29,10 +29,13 @@ entryPoint = "api"
      method = "drr"
      [backends.backend.servers.server1]
      url = "http://127.0.0.1:8081"
+      weight = 1
      [backends.backend.servers.server2]
      url = "http://127.0.0.1:8082"
+      weight = 1
      [backends.backend.servers.server3]
      url = "http://127.0.0.1:8083"
+      weight = 1
  [frontends]
    [frontends.frontend]
    backend = "backend"
--- a/examples/accessLog/traefik.example.toml
+++ b/examples/accessLog/traefik.example.toml
@@ -27,18 +27,24 @@ entryPoint = "api"
    [backends.backend1]
      [backends.backend1.servers.server1]
      url = "http://127.0.0.1:8081"
+      weight = 1
+
    [backends.backend2]
      [backends.backend2.LoadBalancer]
      method = "drr"
      [backends.backend2.servers.server1]
      url = "http://127.0.0.1:8082"
+      weight = 1
      [backends.backend2.servers.server2]
      url = "http://127.0.0.1:8083"
+      weight = 1
+
  [frontends]
    [frontends.frontend1]
    backend = "backend1"
      [frontends.frontend1.routes.test_1]
      rule = "Path: /test1"
+
    [frontends.frontend2]
    backend = "backend2"
    passHostHeader = true
--- a/examples/acme/acme.toml
+++ b/examples/acme/acme.toml
@@ -16,7 +16,7 @@ email = "test@traefik.io"
 storage = "/etc/traefik/conf/acme.json"
 entryPoint = "https"
 onDemand = false
-OnHostRule = true
+onHostRule = true
 caServer = "http://traefik.boulder.com:4001/directory"
  [acme.httpChallenge]
  entryPoint="http"
@@ -27,6 +27,6 @@ caServer = "http://traefik.boulder.com:4001/directory"
 endpoint = "unix:///var/run/docker.sock"
 domain = "traefik.localhost.com"
 watch = true
-exposedbydefault = false
+exposedByDefault = false


--- a/examples/cluster/traefik.toml.tmpl
+++ b/examples/cluster/traefik.toml.tmpl
@@ -13,7 +13,7 @@ defaultEntryPoints = ["http", "https"]
 email = "test@traefik.io"
 storage = "traefik/acme/account"
 entryPoint = "https"
-OnHostRule = true
+onHostRule = true
 caServer = "http://traefik.boulder.com:4001/directory"
 [acme.httpChallenge]
 entryPoint="http"
@@ -25,4 +25,4 @@ entryPoint="http"
 endpoint = "unix:///var/run/docker.sock"
 domain = "localhost.com"
 watch = true
-exposedbydefault = false
+exposedByDefault = false
--- a/examples/quickstart/README.md
+++ b/examples/quickstart/README.md
@@ -13,11 +13,11 @@ version: '3'

 services:
  reverse-proxy:
-    image: traefik #The official Traefik docker image
-    command: --api --docker #Enables the web UI and tells Træfik to listen to docker
+    image: traefik # The official Traefik docker image
+    command: --api --docker # Enables the web UI and tells Træfik to listen to docker
    ports:
-      - "80:80"     #The HTTP port
-      - "8080:8080" #The Web UI (enabled by --api)
+      - "80:80"     # The HTTP port
+      - "8080:8080" # The Web UI (enabled by --api)
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock #So that Traefik can listen to the Docker events
 ```
@@ -41,7 +41,7 @@ Edit your `docker-compose.yml` file and add the following at the end of your fil
 ```yaml
 # ... 
  whoami:
-    image: emilevauge/whoami #A container that exposes an API to show it's IP address
+    image: emilevauge/whoami # A container that exposes an API to show its IP address
    labels:
      - "traefik.frontend.rule=Host:whoami.docker.localhost"
 ```
@@ -101,6 +101,7 @@ IP: 172.27.0.4

 ### 4 — Enjoy Træfik's Magic

-Now that you have a basic understanding of how Træfik can automatically create the routes to your services and load balance them, it might be time to dive into [the documentation](https://docs.traefik.io/) and let Træfik work for you! Whatever your infrastructure is, there is probably [an available Træfik backend](https://docs.traefik.io/configuration/backends/available) that will do the job. 
+Now that you have a basic understanding of how Træfik can automatically create the routes to your services and load balance them, it might be time to dive into [the documentation](https://docs.traefik.io/) and let Træfik work for you!
+Whatever your infrastructure is, there is probably [an available Træfik backend](https://docs.traefik.io/#supported-backends) that will do the job.

-Our recommendation would be to see for yourself how simple it is to enable HTTPS with [Træfik's let's encrypt integration](https://docs.traefik.io/user-guide/examples/#lets-encrypt-support) using the dedicated [user guide](https://docs.traefik.io/user-guide/docker-and-lets-encrypt/).
+Our recommendation would be to see for yourself how simple it is to enable HTTPS with [Træfik's let's encrypt integration](https://docs.traefik.io/user-guide/examples/#lets-encrypt-support) using the dedicated [user guide](https://docs.traefik.io/user-guide/docker-and-lets-encrypt/).
--- a/integration/acme_test.go
+++ b/integration/acme_test.go
@@ -195,6 +195,8 @@ func (s *AcmeSuite) retrieveAcmeCertificate(c *check.C, testCase AcmeTestCase) {
 	err := cmd.Start()
 	c.Assert(err, checker.IsNil)
 	defer cmd.Process.Kill()
+	// A real file is needed to have the right mode on acme.json file
+	defer os.Remove("/tmp/acme.json")

 	backend := startTestServer("9010", http.StatusOK)
 	defer backend.Close()
--- a/integration/consul_catalog_test.go
+++ b/integration/consul_catalog_test.go
@@ -6,6 +6,7 @@ import (
 	"time"

 	"github.com/containous/traefik/integration/try"
+	"github.com/containous/traefik/provider/label"
 	"github.com/go-check/check"
 	"github.com/hashicorp/consul/api"
 	checker "github.com/vdemeester/shakers"
@@ -160,7 +161,6 @@ func (s *ConsulCatalogSuite) TestSingleService(c *check.C) {
 	s.deregisterService("test", whoami.NetworkSettings.IPAddress)
 	err = try.Request(req, 10*time.Second, try.StatusCodeIs(http.StatusNotFound), try.HasBody())
 	c.Assert(err, checker.IsNil)
-
 }

 func (s *ConsulCatalogSuite) TestExposedByDefaultFalseSingleService(c *check.C) {
@@ -202,13 +202,12 @@ func (s *ConsulCatalogSuite) TestExposedByDefaultFalseSimpleServiceMultipleNode(
 	defer cmd.Process.Kill()

 	whoami := s.composeProject.Container(c, "whoami1")
-	whoami2 := s.composeProject.Container(c, "whoami2")
-
 	err = s.registerService("test", whoami.NetworkSettings.IPAddress, 80, []string{})
 	c.Assert(err, checker.IsNil, check.Commentf("Error registering service"))
 	defer s.deregisterService("test", whoami.NetworkSettings.IPAddress)

-	err = s.registerService("test", whoami2.NetworkSettings.IPAddress, 80, []string{"traefik.enable=true"})
+	whoami2 := s.composeProject.Container(c, "whoami2")
+	err = s.registerService("test", whoami2.NetworkSettings.IPAddress, 80, []string{label.TraefikEnable + "=true"})
 	c.Assert(err, checker.IsNil, check.Commentf("Error registering service"))
 	defer s.deregisterService("test", whoami2.NetworkSettings.IPAddress)

@@ -326,7 +325,7 @@ func (s *ConsulCatalogSuite) TestBasicAuthSimpleService(c *check.C) {
 	whoami := s.composeProject.Container(c, "whoami1")

 	err = s.registerService("test", whoami.NetworkSettings.IPAddress, 80, []string{
-		"traefik.frontend.auth.basic=test:$2a$06$O5NksJPAcgrC9MuANkSoE.Xe9DSg7KcLLFYNr1Lj6hPcMmvgwxhme,test2:$2y$10$xP1SZ70QbZ4K2bTGKJOhpujkpcLxQcB3kEPF6XAV19IdcqsZTyDEe",
+		label.TraefikFrontendAuthBasic + "=test:$2a$06$O5NksJPAcgrC9MuANkSoE.Xe9DSg7KcLLFYNr1Lj6hPcMmvgwxhme,test2:$2y$10$xP1SZ70QbZ4K2bTGKJOhpujkpcLxQcB3kEPF6XAV19IdcqsZTyDEe",
 	})
 	c.Assert(err, checker.IsNil, check.Commentf("Error registering service"))
 	defer s.deregisterService("test", whoami.NetworkSettings.IPAddress)
@@ -362,7 +361,8 @@ func (s *ConsulCatalogSuite) TestRefreshConfigTagChange(c *check.C) {

 	whoami := s.composeProject.Container(c, "whoami1")

-	err = s.registerService("test", whoami.NetworkSettings.IPAddress, 80, []string{"name=whoami1", "traefik.enable=false", "traefik.backend.circuitbreaker=NetworkErrorRatio() > 0.5"})
+	err = s.registerService("test", whoami.NetworkSettings.IPAddress, 80,
+		[]string{"name=whoami1", label.TraefikEnable + "=false", label.TraefikBackendCircuitBreakerExpression + "=NetworkErrorRatio() > 0.5"})
 	c.Assert(err, checker.IsNil, check.Commentf("Error registering service"))
 	defer s.deregisterService("test", whoami.NetworkSettings.IPAddress)

@@ -370,7 +370,8 @@ func (s *ConsulCatalogSuite) TestRefreshConfigTagChange(c *check.C) {
 		try.BodyContains(whoami.NetworkSettings.IPAddress))
 	c.Assert(err, checker.NotNil)

-	err = s.registerService("test", whoami.NetworkSettings.IPAddress, 80, []string{"name=whoami1", "traefik.enable=true", "traefik.backend.circuitbreaker=ResponseCodeRatio(500, 600, 0, 600) > 0.5"})
+	err = s.registerService("test", whoami.NetworkSettings.IPAddress, 80,
+		[]string{"name=whoami1", label.TraefikEnable + "=true", label.TraefikBackendCircuitBreakerExpression + "=ResponseCodeRatio(500, 600, 0, 600) > 0.5"})
 	c.Assert(err, checker.IsNil, check.Commentf("Error registering service"))

 	req, err := http.NewRequest(http.MethodGet, "http://127.0.0.1:8000/", nil)
@@ -403,16 +404,20 @@ func (s *ConsulCatalogSuite) TestCircuitBreaker(c *check.C) {
 	defer cmd.Process.Kill()

 	whoami := s.composeProject.Container(c, "whoami1")
-	whoami2 := s.composeProject.Container(c, "whoami2")
-	whoami3 := s.composeProject.Container(c, "whoami3")
-
-	err = s.registerService("test", whoami.NetworkSettings.IPAddress, 80, []string{"name=whoami1", "traefik.enable=true", "traefik.backend.circuitbreaker=NetworkErrorRatio() > 0.5"})
+	err = s.registerService("test", whoami.NetworkSettings.IPAddress, 80,
+		[]string{"name=whoami1", label.TraefikEnable + "=true", label.TraefikBackendCircuitBreakerExpression + "=NetworkErrorRatio() > 0.5"})
 	c.Assert(err, checker.IsNil, check.Commentf("Error registering service"))
 	defer s.deregisterService("test", whoami.NetworkSettings.IPAddress)
-	err = s.registerService("test", whoami2.NetworkSettings.IPAddress, 42, []string{"name=whoami2", "traefik.enable=true", "traefik.backend.circuitbreaker=NetworkErrorRatio() > 0.5"})
+
+	whoami2 := s.composeProject.Container(c, "whoami2")
+	err = s.registerService("test", whoami2.NetworkSettings.IPAddress, 42,
+		[]string{"name=whoami2", label.TraefikEnable + "=true", label.TraefikBackendCircuitBreakerExpression + "=NetworkErrorRatio() > 0.5"})
 	c.Assert(err, checker.IsNil, check.Commentf("Error registering service"))
 	defer s.deregisterService("test", whoami2.NetworkSettings.IPAddress)
-	err = s.registerService("test", whoami3.NetworkSettings.IPAddress, 42, []string{"name=whoami3", "traefik.enable=true", "traefik.backend.circuitbreaker=NetworkErrorRatio() > 0.5"})
+
+	whoami3 := s.composeProject.Container(c, "whoami3")
+	err = s.registerService("test", whoami3.NetworkSettings.IPAddress, 42,
+		[]string{"name=whoami3", label.TraefikEnable + "=true", label.TraefikBackendCircuitBreakerExpression + "=NetworkErrorRatio() > 0.5"})
 	c.Assert(err, checker.IsNil, check.Commentf("Error registering service"))
 	defer s.deregisterService("test", whoami3.NetworkSettings.IPAddress)

@@ -452,7 +457,7 @@ func (s *ConsulCatalogSuite) TestRefreshConfigPortChange(c *check.C) {
 	err = try.GetRequest("http://127.0.0.1:8080/api/providers/consul_catalog/backends", 5*time.Second, try.BodyContains(whoami.NetworkSettings.IPAddress))
 	c.Assert(err, checker.IsNil)

-	err = s.registerService("test", whoami.NetworkSettings.IPAddress, 80, []string{"name=whoami1", "traefik.enable=true"})
+	err = s.registerService("test", whoami.NetworkSettings.IPAddress, 80, []string{"name=whoami1", label.TraefikEnable + "=true"})
 	c.Assert(err, checker.IsNil, check.Commentf("Error registering service"))

 	defer s.deregisterService("test", whoami.NetworkSettings.IPAddress)
--- a/integration/consul_test.go
+++ b/integration/consul_test.go
@@ -194,12 +194,14 @@ func (s *ConsulSuite) TestNominalConfiguration(c *check.C) {
 	c.Assert(err, checker.IsNil)

 	req, err = http.NewRequest(http.MethodGet, "http://127.0.0.1:8000/test2", nil)
-	try.Request(req, 500*time.Millisecond, try.StatusCodeIs(http.StatusNotFound))
+	c.Assert(err, checker.IsNil)
+	err = try.Request(req, 500*time.Millisecond, try.StatusCodeIs(http.StatusNotFound))
 	c.Assert(err, checker.IsNil)

 	req, err = http.NewRequest(http.MethodGet, "http://127.0.0.1:8000/", nil)
+	c.Assert(err, checker.IsNil)
 	req.Host = "test2.localhost"
-	try.Request(req, 500*time.Millisecond, try.StatusCodeIs(http.StatusNotFound))
+	err = try.Request(req, 500*time.Millisecond, try.StatusCodeIs(http.StatusNotFound))
 	c.Assert(err, checker.IsNil)
 }

--- a/integration/docker_compose_test.go
+++ b/integration/docker_compose_test.go
@@ -0,0 +1,78 @@
+package integration
+
+import (
+	"encoding/json"
+	"io/ioutil"
+	"net/http"
+	"os"
+	"time"
+
+	"github.com/containous/traefik/integration/try"
+	"github.com/containous/traefik/testhelpers"
+	"github.com/containous/traefik/types"
+	"github.com/go-check/check"
+	checker "github.com/vdemeester/shakers"
+)
+
+const (
+	composeProject = "minimal"
+)
+
+// Docker test suites
+type DockerComposeSuite struct {
+	BaseSuite
+}
+
+func (s *DockerComposeSuite) SetUpSuite(c *check.C) {
+	s.createComposeProject(c, composeProject)
+	s.composeProject.Start(c)
+}
+
+func (s *DockerComposeSuite) TearDownSuite(c *check.C) {
+	// shutdown and delete compose project
+	if s.composeProject != nil {
+		s.composeProject.Stop(c)
+	}
+}
+
+func (s *DockerComposeSuite) TestComposeScale(c *check.C) {
+	var serviceCount = 2
+	var composeService = "whoami1"
+
+	s.composeProject.Scale(c, composeService, serviceCount)
+
+	file := s.adaptFileForHost(c, "fixtures/docker/simple.toml")
+	defer os.Remove(file)
+
+	cmd, display := s.traefikCmd(withConfigFile(file))
+	defer display(c)
+	err := cmd.Start()
+	c.Assert(err, checker.IsNil)
+	defer cmd.Process.Kill()
+
+	req := testhelpers.MustNewRequest(http.MethodGet, "http://127.0.0.1:8000/whoami", nil)
+	req.Host = "my.super.host"
+
+	_, err = try.ResponseUntilStatusCode(req, 1500*time.Millisecond, http.StatusOK)
+	c.Assert(err, checker.IsNil)
+
+	resp, err := http.Get("http://127.0.0.1:8080/api/providers/docker")
+	c.Assert(err, checker.IsNil)
+
+	defer resp.Body.Close()
+	body, err := ioutil.ReadAll(resp.Body)
+	c.Assert(err, checker.IsNil)
+
+	var provider types.Configuration
+	c.Assert(json.Unmarshal(body, &provider), checker.IsNil)
+
+	// check that we have only one backend with n servers
+	c.Assert(provider.Backends, checker.HasLen, 1)
+
+	myBackend := provider.Backends["backend-"+composeService+"-integrationtest"+composeProject]
+	c.Assert(myBackend, checker.NotNil)
+	c.Assert(myBackend.Servers, checker.HasLen, serviceCount)
+
+	// check that we have only one frontend
+	c.Assert(provider.Frontends, checker.HasLen, 1)
+}
--- a/integration/docker_test.go
+++ b/integration/docker_test.go
@@ -99,7 +99,7 @@ func (s *DockerSuite) TestSimpleConfiguration(c *check.C) {
 	defer cmd.Process.Kill()

 	// TODO validate : run on 80
-	// Expected a 404 as we did not comfigure anything
+	// Expected a 404 as we did not configure anything
 	err = try.GetRequest("http://127.0.0.1:8000/", 500*time.Millisecond, try.StatusCodeIs(http.StatusNotFound))
 	c.Assert(err, checker.IsNil)
 }
--- a/integration/fixtures/acme/acme_http01.toml
+++ b/integration/fixtures/acme/acme_http01.toml
@@ -12,10 +12,10 @@ defaultEntryPoints = ["http", "https"]

 [acme]
 email = "test@traefik.io"
-storage = "/dev/null"
+storage = "/tmp/acme.json"
 entryPoint = "https"
 onDemand = {{.OnDemand}}
-OnHostRule = {{.OnHostRule}}
+onHostRule = {{.OnHostRule}}
 caServer = "http://{{.BoulderHost}}:4001/directory"
  [acme.httpchallenge]
  entrypoint="http"
@@ -26,6 +26,7 @@ caServer = "http://{{.BoulderHost}}:4001/directory"
  [backends.backend]
    [backends.backend.servers.server1]
    url = "http://127.0.0.1:9010"
+    weight = 1


 [frontends]
--- a/integration/fixtures/acme/acme_http01_web.toml
+++ b/integration/fixtures/acme/acme_http01_web.toml
@@ -11,10 +11,10 @@ defaultEntryPoints = ["http", "https"]

 [acme]
 email = "test@traefik.io"
-storage = "/dev/null"
+storage = "/tmp/acme.json"
 entryPoint = "https"
 onDemand = {{.OnDemand}}
-OnHostRule = {{.OnHostRule}}
+onHostRule = {{.OnHostRule}}
 caServer = "http://{{.BoulderHost}}:4001/directory"
  [acme.httpchallenge]
  entrypoint="http"
@@ -28,6 +28,7 @@ path="/traefik"
  [backends.backend]
    [backends.backend.servers.server1]
    url = "http://127.0.0.1:9010"
+    weight = 1

 [frontends]
  [frontends.frontend]
--- a/integration/fixtures/acme/acme_provided.toml
+++ b/integration/fixtures/acme/acme_provided.toml
@@ -14,10 +14,10 @@ defaultEntryPoints = ["http", "https"]

 [acme]
 email = "test@traefik.io"
-storage = "/dev/null"
+storage = "/tmp/acme.json"
 entryPoint = "https"
 onDemand = {{.OnDemand}}
-OnHostRule = {{.OnHostRule}}
+onHostRule = {{.OnHostRule}}
 caServer = "http://{{.BoulderHost}}:4001/directory"
 [acme.httpChallenge]
 entryPoint="http"
@@ -28,6 +28,7 @@ entryPoint="http"
  [backends.backend]
    [backends.backend.servers.server1]
    url = "http://127.0.0.1:9010"
+    weight = 1


 [frontends]
--- a/integration/fixtures/acme/acme_provided_dynamic.toml
+++ b/integration/fixtures/acme/acme_provided_dynamic.toml
@@ -12,10 +12,10 @@ defaultEntryPoints = ["http", "https"]

 [acme]
 email = "test@traefik.io"
-storage = "/dev/null"
+storage = "/tmp/acme.json"
 entryPoint = "https"
 onDemand = {{.OnDemand}}
-OnHostRule = {{.OnHostRule}}
+onHostRule = {{.OnHostRule}}
 caServer = "http://{{.BoulderHost}}:4001/directory"
 [acme.httpChallenge]
 entryPoint="http"
--- a/integration/fixtures/acme/certificates.toml
+++ b/integration/fixtures/acme/certificates.toml
@@ -2,6 +2,7 @@
  [backends.backend]
    [backends.backend.servers.server1]
    url = "http://127.0.0.1:9010"
+    weight = 1

 [frontends]
  [frontends.frontend]
--- a/integration/fixtures/acme/no_challenge_acme.toml
+++ b/integration/fixtures/acme/no_challenge_acme.toml
@@ -14,9 +14,9 @@ defaultEntryPoints = ["http", "https"]

 [acme]
 email = "test@traefik.io"
-storage = "/dev/null"
+storage = "/tmp/acme.json"
 entryPoint = "https"
-OnHostRule = true
+onHostRule = true
 caServer = "http://{{.BoulderHost}}:4001/directory"
 # No challenge defined

@@ -26,6 +26,7 @@ caServer = "http://{{.BoulderHost}}:4001/directory"
  [backends.backend]
    [backends.backend.servers.server1]
    url = "http://127.0.0.1:9010"
+    weight = 1


 [frontends]
--- a/integration/fixtures/acme/wrong_acme.toml
+++ b/integration/fixtures/acme/wrong_acme.toml
@@ -14,9 +14,9 @@ defaultEntryPoints = ["http", "https"]

 [acme]
 email = "test@traefik.io"
-storage = "/dev/null"
+storage = "/tmp/acme.json"
 entryPoint = "https"
-OnHostRule = true
+onHostRule = true
 caServer = "http://wrongurl:4001/directory"

 [file]
@@ -25,6 +25,7 @@ caServer = "http://wrongurl:4001/directory"
  [backends.backend]
    [backends.backend.servers.server1]
    url = "http://127.0.0.1:9010"
+    weight = 1


 [frontends]
--- a/integration/fixtures/docker/simple.toml
+++ b/integration/fixtures/docker/simple.toml
@@ -14,4 +14,4 @@ logLevel = "DEBUG"
 endpoint = "{{.DockerHost}}"

 domain = "docker.localhost"
-exposedbydefault = true
+exposedByDefault = true
--- a/integration/fixtures/dynamodb/simple.toml
+++ b/integration/fixtures/dynamodb/simple.toml
@@ -9,10 +9,10 @@ logLevel = "DEBUG"
  address = ":8081"

 [dynamodb]
-  AccessKeyID = "key"
-  SecretAccessKey = "secret"
-  Endpoint = "{{.DynamoURL}}"
-  Region = "us-east-1"
+  accessKeyID = "key"
+  secretAccessKey = "secret"
+  endpoint = "{{.DynamoURL}}"
+  region = "us-east-1"

 [api]
  entryPoint = "api"
--- a/integration/fixtures/error_pages/error.toml
+++ b/integration/fixtures/error_pages/error.toml
@@ -11,17 +11,20 @@ logLevel = "DEBUG"
  [backends.backend1]
    [backends.backend1.servers.server1]
    url = "http://{{.Server1}}:8989474"
+    weight = 1
  [backends.error]
    [backends.error.servers.error]
    url = "http://{{.Server2}}:80"
+    weight = 1
+
 [frontends]
-    [frontends.frontend1]
-    passHostHeader = true
-    backend = "backend1"
-    [frontends.frontend1.routes.test_1]
-    rule = "Host:test.local"
-    [frontends.frontend1.errors]
-        [frontends.frontend1.errors.networks]
-        status = ["500-502", "503-599"]
-        backend = "error"
-        query = "/50x.html"
+  [frontends.frontend1]
+  passHostHeader = true
+  backend = "backend1"
+  [frontends.frontend1.routes.test_1]
+  rule = "Host:test.local"
+  [frontends.frontend1.errors]
+    [frontends.frontend1.errors.networks]
+    status = ["500-502", "503-599"]
+    backend = "error"
+    query = "/50x.html"
--- a/integration/fixtures/error_pages/simple.toml
+++ b/integration/fixtures/error_pages/simple.toml
@@ -11,17 +11,20 @@ logLevel = "DEBUG"
  [backends.backend1]
    [backends.backend1.servers.server1]
    url = "http://{{.Server1}}:80"
+    weight = 1
  [backends.error]
    [backends.error.servers.error]
    url = "http://{{.Server2}}:80"
+    weight = 1
+
 [frontends]
-    [frontends.frontend1]
-    passHostHeader = true
-    backend = "backend1"
+  [frontends.frontend1]
+  passHostHeader = true
+  backend = "backend1"
    [frontends.frontend1.routes.test_1]
    rule = "Host:test.local"
    [frontends.frontend1.errors]
-        [frontends.frontend1.errors.networks]
-        status = ["500-502", "503-599"]
-        backend = "error"
-        query = "/50x.html"
+      [frontends.frontend1.errors.networks]
+      status = ["500-502", "503-599"]
+      backend = "error"
+      query = "/50x.html"
--- a/integration/fixtures/file/dir/simple1.toml
+++ b/integration/fixtures/file/dir/simple1.toml
@@ -3,6 +3,7 @@
  [backends.backend1]
    [backends.backend1.servers.server1]
    url = "http://172.17.0.2:80"
+    weight = 1

 [frontends]
  [frontends.frontend1]
--- a/integration/fixtures/file/dir/simple2.toml
+++ b/integration/fixtures/file/dir/simple2.toml
@@ -3,6 +3,7 @@
  [backends.backend2]
    [backends.backend2.servers.server1]
    url = "http://172.17.0.2:80"
+    weight = 1

 [frontends]
  [frontends.frontend2]
--- a/integration/fixtures/grpc/config.toml
+++ b/integration/fixtures/grpc/config.toml
@@ -1,6 +1,6 @@
 defaultEntryPoints = ["https"]

-RootCAs = [ """{{ .CertContent }}""" ]
+rootCAs = [ """{{ .CertContent }}""" ]

 [entryPoints]
  [entryPoints.https]
@@ -19,6 +19,7 @@ RootCAs = [ """{{ .CertContent }}""" ]
  [backends.backend1]
    [backends.backend1.servers.server1]
    url = "https://127.0.0.1:{{ .GRPCServerPort }}"
+    weight = 1


 [frontends]
--- a/integration/fixtures/grpc/config_insecure.toml
+++ b/integration/fixtures/grpc/config_insecure.toml
@@ -1,6 +1,6 @@
 defaultEntryPoints = ["https"]

-InsecureSkipVerify = true
+insecureSkipVerify = true

 [entryPoints]
  [entryPoints.https]
@@ -19,6 +19,7 @@ InsecureSkipVerify = true
  [backends.backend1]
    [backends.backend1.servers.server1]
    url = "https://127.0.0.1:{{ .GRPCServerPort }}"
+    weight = 1


 [frontends]
--- a/integration/fixtures/healthcheck/multiple-entrypoints-drr.toml
+++ b/integration/fixtures/healthcheck/multiple-entrypoints-drr.toml
@@ -20,8 +20,10 @@ logLevel = "DEBUG"
    interval = "1s"
    [backends.backend1.servers.server1]
    url = "http://{{.Server1}}:80"
+    weight = 1
    [backends.backend1.servers.server2]
    url = "http://{{.Server2}}:80"
+    weight = 1

 [frontends]
  [frontends.frontend1]
--- a/integration/fixtures/healthcheck/multiple-entrypoints-wrr.toml
+++ b/integration/fixtures/healthcheck/multiple-entrypoints-wrr.toml
@@ -20,8 +20,10 @@ logLevel = "DEBUG"
    interval = "1s"
    [backends.backend1.servers.server1]
    url = "http://{{.Server1}}:80"
+    weight = 1
    [backends.backend1.servers.server2]
    url = "http://{{.Server2}}:80"
+    weight = 1

 [frontends]
  [frontends.frontend1]
--- a/integration/fixtures/healthcheck/port_overload.toml
+++ b/integration/fixtures/healthcheck/port_overload.toml
@@ -17,6 +17,7 @@ logLevel = "DEBUG"
    interval = "1s"
    [backends.backend1.servers.server1]
    url = "http://{{.Server1}}:81"
+    weight = 1

 [frontends]
  [frontends.frontend1]
--- a/integration/fixtures/healthcheck/simple.toml
+++ b/integration/fixtures/healthcheck/simple.toml
@@ -16,8 +16,10 @@ logLevel = "DEBUG"
    interval = "1s"
    [backends.backend1.servers.server1]
    url = "http://{{.Server1}}:80"
+    weight = 1
    [backends.backend1.servers.server2]
    url = "http://{{.Server2}}:80"
+    weight = 1

 [frontends]
  [frontends.frontend1]
--- a/integration/fixtures/https/clientca/https_1ca1config.toml
+++ b/integration/fixtures/https/clientca/https_1ca1config.toml
@@ -24,9 +24,11 @@ defaultEntryPoints = ["https"]
  [backends.backend1]
    [backends.backend1.servers.server1]
    url = "http://127.0.0.1:9010"
+    weight = 1
  [backends.backend2]
    [backends.backend2.servers.server1]
    url = "http://127.0.0.1:9020"
+    weight = 1

 [frontends]
  [frontends.frontend1]
--- a/integration/fixtures/https/clientca/https_2ca1config.toml
+++ b/integration/fixtures/https/clientca/https_2ca1config.toml
@@ -23,9 +23,11 @@ defaultEntryPoints = ["https"]
  [backends.backend1]
    [backends.backend1.servers.server1]
    url = "http://127.0.0.1:9010"
+    weight = 1
  [backends.backend2]
    [backends.backend2.servers.server1]
    url = "http://127.0.0.1:9020"
+    weight = 1

 [frontends]
  [frontends.frontend1]
--- a/integration/fixtures/https/clientca/https_2ca2config.toml
+++ b/integration/fixtures/https/clientca/https_2ca2config.toml
@@ -24,9 +24,11 @@ defaultEntryPoints = ["https"]
  [backends.backend1]
    [backends.backend1.servers.server1]
    url = "http://127.0.0.1:9010"
+    weight = 1
  [backends.backend2]
    [backends.backend2.servers.server1]
    url = "http://127.0.0.1:9020"
+    weight = 1

 [frontends]
  [frontends.frontend1]
--- a/integration/fixtures/https/dynamic_https.toml
+++ b/integration/fixtures/https/dynamic_https.toml
@@ -2,9 +2,11 @@
  [backends.backend1]
    [backends.backend1.servers.server1]
    url = "http://127.0.0.1:9010"
+    weight = 1
  [backends.backend2]
    [backends.backend2.servers.server1]
    url = "http://127.0.0.1:9020"
+    weight = 1

 [frontends]
  [frontends.frontend1]
--- a/integration/fixtures/https/https_sni.toml
+++ b/integration/fixtures/https/https_sni.toml
@@ -21,9 +21,11 @@ defaultEntryPoints = ["https"]
  [backends.backend1]
    [backends.backend1.servers.server1]
    url = "http://127.0.0.1:9010"
+    weight = 1
  [backends.backend2]
    [backends.backend2.servers.server1]
    url = "http://127.0.0.1:9020"
+    weight = 1

 [frontends]
  [frontends.frontend1]
--- a/integration/fixtures/https/rootcas/https.toml
+++ b/integration/fixtures/https/rootcas/https.toml
@@ -3,7 +3,7 @@ logLevel = "DEBUG"
 defaultEntryPoints = ["http"]

 # Use certificate in net/internal/testcert.go
-RootCAs =  [ """
+rootCAs =  [ """
 -----BEGIN CERTIFICATE-----
 MIICEzCCAXygAwIBAgIQMIMChMLGrR+QvmQvpwAU6zANBgkqhkiG9w0BAQsFADAS
 MRAwDgYDVQQKEwdBY21lIENvMCAXDTcwMDEwMTAwMDAwMFoYDzIwODQwMTI5MTYw
@@ -32,6 +32,7 @@ fblo6RBxUQ==
  [backends.backend1]
    [backends.backend1.servers.server1]
    url = "{{ .BackendHost }}"
+    weight = 1

 [frontends]
  [frontends.frontend1]
--- a/integration/fixtures/https/rootcas/https_with_file.toml
+++ b/integration/fixtures/https/rootcas/https_with_file.toml
@@ -3,7 +3,7 @@ logLevel = "DEBUG"
 defaultEntryPoints = ["http"]

 # Use certificate in net/internal/testcert.go
-RootCAs =  [ "fixtures/https/rootcas/local.crt"]
+rootCAs =  [ "fixtures/https/rootcas/local.crt"]

 [entryPoints]
  [entryPoints.http]
@@ -17,6 +17,8 @@ RootCAs =  [ "fixtures/https/rootcas/local.crt"]
  [backends.backend1]
    [backends.backend1.servers.server1]
    url = "{{ .BackendHost }}"
+    weight = 1
+
 [frontends]
  [frontends.frontend1]
  backend = "backend1"
--- a/integration/fixtures/log_rotation_config.toml
+++ b/integration/fixtures/log_rotation_config.toml
@@ -27,12 +27,14 @@ entryPoint = "api"
 ################################################################
 # rules
 ################################################################
- [backends]
-   [backends.backend1]
-     [backends.backend1.servers.server1]
-       url = "http://127.0.0.1:8081"
-  [frontends]
-   [frontends.frontend1]
-   backend = "backend1"
-     [frontends.frontend1.routes.test_1]
-     rule = "Path: /test1"
+[backends]
+  [backends.backend1]
+    [backends.backend1.servers.server1]
+    url = "http://127.0.0.1:8081"
+    weight = 1
+
+[frontends]
+  [frontends.frontend1]
+  backend = "backend1"
+   [frontends.frontend1.routes.test_1]
+   rule = "Path: /test1"
--- a/integration/fixtures/multiple_provider.toml
+++ b/integration/fixtures/multiple_provider.toml
@@ -11,7 +11,7 @@ debug=true
 [docker]
 endpoint = "unix:///var/run/docker.sock"
 watch = true
-exposedbydefault = false
+exposedByDefault = false

 [file]
  [frontends]
@@ -19,7 +19,9 @@ exposedbydefault = false
    backend = "backend-test"
  [frontends.frontend-1.routes.test_1]
  rule = "PathPrefix:/file"
+
  [backends]
    [backends.backend-test]
        [backends.backend-test.servers.website]
-            url = "http://{{ .IP }}"
+        url = "http://{{ .IP }}"
+        weight = 1
--- a/integration/fixtures/provideracme/acme.toml
+++ b/integration/fixtures/provideracme/acme.toml
@@ -11,16 +11,16 @@ defaultEntryPoints = ["http", "https"]


 [acme]
-email = "test@traefik.io"
-storage = "/dev/null"
-entryPoint = "https"
-onDemand = {{.OnDemand}}
-OnHostRule = {{.OnHostRule}}
-caServer = "http://{{.BoulderHost}}:4001/directory"
-[acme.httpChallenge]
-entryPoint="http"
-[[acme.domains]]
-main = "traefik.acme.wtf"
+  email = "test@traefik.io"
+  storage = "/tmp/acme.json"
+  entryPoint = "https"
+  onDemand = {{.OnDemand}}
+  onHostRule = {{.OnHostRule}}
+  caServer = "http://{{.BoulderHost}}:4001/directory"
+  [acme.httpChallenge]
+  entryPoint="http"
+  [[acme.domains]]
+  main = "traefik.acme.wtf"


 [api]
@@ -31,6 +31,7 @@ main = "traefik.acme.wtf"
  [backends.backend]
    [backends.backend.servers.server1]
    url = "http://127.0.0.1:9010"
+    weight = 1

 [frontends]
  [frontends.frontend]
--- a/integration/fixtures/provideracme/acme_insan.toml
+++ b/integration/fixtures/provideracme/acme_insan.toml
@@ -11,17 +11,17 @@ defaultEntryPoints = ["http", "https"]


 [acme]
-email = "test@traefik.io"
-storage = "/dev/null"
-entryPoint = "https"
-onDemand = false
-OnHostRule = false
-caServer = "http://{{.BoulderHost}}:4001/directory"
-[acme.httpChallenge]
-entryPoint="http"
-[[acme.domains]]
-main = "acme.wtf"
-sans = [ "traefik.acme.wtf" ]
+  email = "test@traefik.io"
+  storage = "/tmp/acme.json"
+  entryPoint = "https"
+  onDemand = false
+  onHostRule = false
+  caServer = "http://{{.BoulderHost}}:4001/directory"
+  [acme.httpChallenge]
+  entryPoint="http"
+  [[acme.domains]]
+  main = "acme.wtf"
+  sans = [ "traefik.acme.wtf" ]


 [api]
@@ -32,6 +32,7 @@ sans = [ "traefik.acme.wtf" ]
  [backends.backend]
    [backends.backend.servers.server1]
    url = "http://127.0.0.1:9010"
+    weight = 1

 [frontends]
  [frontends.frontend]
--- a/integration/fixtures/provideracme/acme_onhost.toml
+++ b/integration/fixtures/provideracme/acme_onhost.toml
@@ -11,14 +11,14 @@ defaultEntryPoints = ["http", "https"]


 [acme]
-email = "test@traefik.io"
-storage = "/dev/null"
-entryPoint = "https"
-onDemand = {{.OnDemand}}
-OnHostRule = {{.OnHostRule}}
-caServer = "http://{{.BoulderHost}}:4001/directory"
-[acme.httpChallenge]
-entryPoint="http"
+  email = "test@traefik.io"
+  storage = "/tmp/acme.jsonl"
+  entryPoint = "https"
+  onDemand = {{.OnDemand}}
+  onHostRule = {{.OnHostRule}}
+  caServer = "http://{{.BoulderHost}}:4001/directory"
+  [acme.httpChallenge]
+  entryPoint="http"

 [api]

@@ -28,6 +28,7 @@ entryPoint="http"
  [backends.backend]
    [backends.backend.servers.server1]
    url = "http://127.0.0.1:9010"
+    weight = 1

 [frontends]
  [frontends.frontend]
--- a/integration/fixtures/proxy-protocol/with.toml
+++ b/integration/fixtures/proxy-protocol/with.toml
@@ -2,22 +2,23 @@ logLevel = "DEBUG"
 defaultEntryPoints = ["http"]

 [entryPoints]
-[entryPoints.http]
-address = ":8000"
-[entryPoints.http.proxyProtocol]
-trustedIPs = ["{{.HaproxyIP}}"]
+  [entryPoints.http]
+  address = ":8000"
+    [entryPoints.http.proxyProtocol]
+    trustedIPs = ["{{.HaproxyIP}}"]

 [api]

 [file]

 [backends]
-[backends.backend1]
-[backends.backend1.servers.server1]
-url = "http://{{.WhoamiIP}}"
+  [backends.backend1]
+    [backends.backend1.servers.server1]
+    url = "http://{{.WhoamiIP}}"
+    weight = 1

 [frontends]
-[frontends.frontend1]
-backend = "backend1"
-[frontends.frontend1.routes.test_1]
-rule = "Path:/whoami"
+  [frontends.frontend1]
+  backend = "backend1"
+    [frontends.frontend1.routes.test_1]
+    rule = "Path:/whoami"
--- a/integration/fixtures/proxy-protocol/without.toml
+++ b/integration/fixtures/proxy-protocol/without.toml
@@ -2,22 +2,23 @@ logLevel = "DEBUG"
 defaultEntryPoints = ["http"]

 [entryPoints]
-[entryPoints.http]
-address = ":8000"
-[entryPoints.http.proxyProtocol]
-trustedIPs = ["1.2.3.4"]
+  [entryPoints.http]
+  address = ":8000"
+    [entryPoints.http.proxyProtocol]
+    trustedIPs = ["1.2.3.4"]

 [api]

 [file]

 [backends]
-[backends.backend1]
-[backends.backend1.servers.server1]
-url = "http://{{.WhoamiIP}}"
+  [backends.backend1]
+    [backends.backend1.servers.server1]
+    url = "http://{{.WhoamiIP}}"
+    weight = 1

 [frontends]
-[frontends.frontend1]
-backend = "backend1"
-[frontends.frontend1.routes.test_1]
-rule = "Path:/whoami"
+  [frontends.frontend1]
+  backend = "backend1"
+    [frontends.frontend1.routes.test_1]
+    rule = "Path:/whoami"
--- a/integration/fixtures/ratelimit/simple.toml
+++ b/integration/fixtures/ratelimit/simple.toml
@@ -12,19 +12,21 @@ logLevel = "DEBUG"
  [backends.backend1]
    [backends.backend1.servers.server1]
    url = "http://{{.Server1}}:80"
+    weight = 1
+
 [frontends]
-    [frontends.frontend1]
-    passHostHeader = true
-    backend = "backend1"
+  [frontends.frontend1]
+  passHostHeader = true
+  backend = "backend1"
    [frontends.frontend1.routes.test_1]
    rule = "Path:/"
    [frontends.frontend1.ratelimit]
    extractorfunc = "client.ip"
-        [frontends.frontend1.ratelimit.rateset.rateset1]
-        period = "60s"
-        average = 4
-        burst = 5
-        [frontends.frontend1.ratelimit.rateset.rateset2]
-        period = "3s"
-        average = 1
-        burst = 2
+      [frontends.frontend1.ratelimit.rateset.rateset1]
+      period = "60s"
+      average = 4
+      burst = 5
+      [frontends.frontend1.ratelimit.rateset.rateset2]
+      period = "3s"
+      average = 1
+      burst = 2
--- a/integration/fixtures/reqacceptgrace.toml
+++ b/integration/fixtures/reqacceptgrace.toml
@@ -17,6 +17,7 @@ logLevel = "DEBUG"
  [backends.backend]
    [backends.backend.servers.server]
    url = "{{.Server}}"
+    weight = 1

 [frontends]
  [frontends.frontend]
--- a/integration/fixtures/retry/simple.toml
+++ b/integration/fixtures/retry/simple.toml
@@ -15,8 +15,10 @@ logLevel = "DEBUG"
  [backends.backend1]
    [backends.backend1.servers.server1]
    url = "http://{{.WhoamiEndpoint}}:8080" # not valid
+    weight = 1
    [backends.backend1.servers.server2]
    url = "http://{{.WhoamiEndpoint}}:80"
+    weight = 1

 [frontends]
  [frontends.frontend1]
--- a/integration/fixtures/simple_stats.toml
+++ b/integration/fixtures/simple_stats.toml
@@ -5,26 +5,29 @@ debug=true
  address = ":8000"

 [api]
+
 [file]
-   [backends]
-     [backends.backend1]
-       [backends.backend1.servers.server1]
-       url = "{{ .Server1 }}"
+
+  [backends]
+    [backends.backend1]
+      [backends.backend1.servers.server1]
+      url = "{{ .Server1 }}"
+      weight = 1
+
    [backends.backend2]
-       [backends.backend2.servers.server1]
-       url = "{{ .Server2 }}"
+      [backends.backend2.servers.server1]
+      url = "{{ .Server2 }}"
+      weight = 1

-   [frontends]
-     [frontends.frontend1]
-            entrypoints=["http"]
+  [frontends]
+    [frontends.frontend1]
+      entrypoints=["http"]
+      backend = "backend1"
+      [frontends.frontend1.routes.test_1]
+      rule = "PathPrefix:/whoami"

-     backend = "backend1"
-       [frontends.frontend1.routes.test_1]
-       rule = "PathPrefix:/whoami"
-
-   [frontends.frontend2]
-     backend = "backend2"
-            entrypoints=["traefik"]
-
-       [frontends.frontend2.routes.test_1]
-       rule = "PathPrefix:/whoami"
+  [frontends.frontend2]
+    backend = "backend2"
+    entrypoints=["traefik"]
+    [frontends.frontend2.routes.test_1]
+    rule = "PathPrefix:/whoami"
--- a/integration/fixtures/timeout/forwarding_timeouts.toml
+++ b/integration/fixtures/timeout/forwarding_timeouts.toml
@@ -22,9 +22,11 @@ responseHeaderTimeout = "300ms"
    # Non-routable IP address that should always deliver a dial timeout.
    # See: https://stackoverflow.com/questions/100841/artificially-create-a-connection-timeout-error#answer-904609
    url = "http://50.255.255.1"
+    weight = 1
  [backends.backend2]
    [backends.backend2.servers.server2]
    url = "http://{{.TimeoutEndpoint}}:9000"
+    weight = 1

 [frontends]
  [frontends.frontend1]
--- a/integration/fixtures/tracing/simple.toml
+++ b/integration/fixtures/tracing/simple.toml
@@ -6,32 +6,38 @@ debug = true
 [api]

 [entryPoints]
-    [entryPoints.http]
+  [entryPoints.http]
    address = ":8000"

 [tracing]
-    backend = "{{.TracingBackend}}"
-    servicename = "tracing"
+  backend = "{{.TracingBackend}}"
+  servicename = "tracing"
    [tracing.zipkin]
-        HTTPEndpoint = "http://{{.ZipkinIP}}:9411/api/v1/spans"
-        debug = true
+      httpEndpoint = "http://{{.ZipkinIP}}:9411/api/v1/spans"
+      debug = true
    [tracing.jaeger]
-        SamplingType = "const"
-        SamplingParam = 1.0
+      samplingType = "const"
+      samplingParam = 1.0
+
 [retry]
-    attempts = 3
+  attempts = 3
+
 [file]

 [backends]
  [backends.backend1]
    [backends.backend1.servers.server-ratelimit]
      url = "http://{{.WhoAmiIP}}:{{.WhoAmiPort}}"
+      weight = 1
  [backends.backend2]
    [backends.backend2.servers.server-retry]
      url = "http://{{.WhoAmiIP}}:{{.WhoAmiPort}}"
+      weight = 1
  [backends.backend3]
    [backends.backend3.servers.server-auth]
      url = "http://{{.WhoAmiIP}}:{{.WhoAmiPort}}"
+      weight = 1
+
 [frontends]
  [frontends.frontend1]
    passHostHeader = true
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
SALLEYRON Julien	c210ab31d9	Prepare release v1.6.0	2018-04-30 23:20:05 +02:00
Timo Reimann	6c1fa91c70	Document custom k8s ingress class usage in guide.	2018-04-30 20:28:03 +02:00
Ludovic Fernandez	04bab185f6	Add redirect section.	2018-04-30 12:28:03 +02:00
Ludovic Fernandez	2213b4cf37	Cleaning labels/annotations documentation.	2018-04-30 12:08:03 +02:00
Alexy Mikhailichenko	1d770e5636	Fix typo and tweak formatting in quickstart	2018-04-30 09:24:04 +02:00
Ludovic Fernandez	b7e15e0a2c	doc: update Traefik images.	2018-04-27 14:54:03 +02:00
Jan Kuri	9c651ae913	New web ui	2018-04-27 13:12:04 +02:00
Michael	e09d5cb4ec	Fix documentation for tracing with Jaeger	2018-04-24 19:22:03 +02:00
NicoMen	cae353b9f6	Add documentation about Templating in backend file	2018-04-24 18:58:03 +02:00
Ludovic Fernandez	edb5b3d711	Fix whitelist and XFF.	2018-04-23 16:20:05 +02:00
Colin Coller	667a0c41ed	Minor improvements to documentation	2018-04-23 15:56:03 +02:00
Ludovic Fernandez	2975acdc82	Forward auth: copy response headers when auth failed.	2018-04-23 15:28:04 +02:00
Ludovic Fernandez	76dcbe3429	Fix error pages redirect and headers.	2018-04-23 11:28:04 +02:00
Ludovic Fernandez	d8e2d464ad	Remove dead code.	2018-04-23 10:54:03 +02:00
Arnas	5f8bcb0c26	Fix typo in documentation	2018-04-23 10:28:04 +02:00
Ludovic Fernandez	7ef8d6fa10	Ignore server for container with empty IP address.	2018-04-22 09:10:03 +02:00
Fernandez Ludovic	5924a40222	Fix Service Fabric docs to use v1.6 labels.	2018-04-19 20:15:20 +02:00
Fernandez Ludovic	95ce4f5c1e	refactor: minor fixes.	2018-04-18 10:48:03 +02:00
Fernandez Ludovic	f258f20b04	doc: add 'traefik.domain'.	2018-04-18 10:48:03 +02:00
Fernandez Ludovic	7e2ad827aa	fix: used 'traefik.domain' in frontend rule.	2018-04-18 10:48:03 +02:00
Michael	3df588047d	Prepare release v1.6.0-rc6	2018-04-17 13:42:03 +02:00
Ludovic Fernandez	ac0e5cbb29	Use shared label system	2018-04-17 11:18:04 +02:00
Michael	5ab584bc6a	Fix panic in atomic on ARM and x86-32 platforms	2018-04-17 10:32:03 +02:00
NicoMen	a2e03e3bd0	Create backup file during migration from ACME V1 to ACME V2	2018-04-16 19:34:04 +02:00
Jean-Baptiste Doumenjou	f0589b310f	Fix multiple frontends with docker-compose --scale	2018-04-16 18:14:04 +02:00
Michael	8519b0d353	Fix nil value when tracing is enabled	2018-04-16 17:42:03 +02:00
Manuel Zapf	0e3d1e1503	fix: redirect to HTTPS first before basic auth if header redirect (secure) is set	2018-04-16 11:06:03 +02:00
Michael	ebd77f314d	Fix duplicated tags in InfluxDB	2018-04-16 10:28:04 +02:00
Ludovic Fernandez	749d833f65	fix: template version documentation.	2018-04-16 00:34:03 +02:00
Cyrille Hemidy	0373cd6f97	Add missing argument in log.	2018-04-13 19:46:03 +02:00
Ludovic Fernandez	1f3fc8a366	fix: backend name for stateful service and more.	2018-04-13 15:44:04 +02:00
Fernandez Ludovic	89c3930b28	Merge branch 'v1.5' into 'v1.6'	2018-04-13 15:02:29 +02:00
Ludovic Fernandez	29e1e9eef2	fix: backend name for stateful service.	2018-04-13 14:38:03 +02:00
SALLEYRON Julien	85aa1a444a	Prepare release 1.6.0-rc5	2018-04-12 11:44:03 +02:00
Timo Reimann	702876ae7f	Limit label selector to Ingress factory.	2018-04-12 11:14:05 +02:00
NicoMen	7109910f46	Generate wildcard certificate with SANs in ACME	2018-04-11 17:16:07 +02:00
Ludovic Fernandez	8168d2fdc1	Server weight zero	2018-04-11 16:30:04 +02:00
Fernandez Ludovic	edbcd01fbc	Merge branch 'v1.5' into 'v1.6'	2018-04-11 14:20:53 +02:00
Ludovic Fernandez	c99266e961	Fix: error pages	2018-04-11 13:54:03 +02:00
Ludovic Fernandez	f804053736	Factorize labels managements.	2018-04-11 12:26:03 +02:00
Manuel Zapf	2641832304	Default certificate expiry	2018-04-11 10:36:03 +02:00
Andrey Fedoseev	21f6f81914	Update kubernetes.md	2018-04-11 10:34:04 +02:00
Emile Vauge	ccd919aba3	Fix Azure brand	2018-04-10 17:26:04 +02:00
SALLEYRON Julien	2387010556	Disable closeNotify when method GET for http pipelining	2018-04-10 17:24:04 +02:00
Jack Twilley	f35d574759	Minor updates to dumpcerts.sh	2018-04-10 16:52:05 +02:00
NicoMen	3be74bb275	Fix acme.json file automatic creation	2018-04-10 10:52:04 +02:00
Ludovic Fernandez	b1be062437	fix: update lego.	2018-04-09 18:28:03 +02:00
Ludovic Fernandez	2d0d320d05	Remove useless ACME tab from UI.	2018-04-09 16:06:03 +02:00
Jakub Piasecki	1de5111ab5	s/Host/HostRegexp	2018-04-09 11:18:03 +02:00
Ludovic Fernandez	3d530e4747	Command version explanation for alpine image.	2018-04-06 18:14:03 +02:00
Ludovic Fernandez	0ef1b7b683	Fix: Add TTL and custom Timeout in DigitalOcean DNS provider	2018-04-06 17:04:03 +02:00
Alexander Kachkaev	66485e81b4	Normalize parameter names in configs	2018-04-06 09:38:03 +02:00
NicoMen	e74e7cf734	Add ACME certificates only on ACME EntryPoint	2018-04-06 08:44:03 +02:00
Ludovic Fernandez	a19b93c966	fix: overflow on 32 bits arch.	2018-04-04 15:04:04 +02:00
Ludovic Fernandez	f7fd1f2a63	Prepare release v1.6.0-rc4	2018-04-04 14:12:03 +02:00
Ludovic Fernandez	88b71d23db	Several apps with same backend name in Marathon.	2018-04-04 12:28:03 +02:00
Fernandez Ludovic	6845068b82	doc: template version for ECS, Consul Catalog and Mesos.	2018-04-04 11:52:05 +02:00
Fernandez Ludovic	5c0b18efe4	chore: autogen.	2018-04-04 11:52:05 +02:00
Fernandez Ludovic	4b93d040b3	refactor: Mesos labels.	2018-04-04 11:52:05 +02:00
Fernandez Ludovic	ff61cc971e	refactor: Consul Catalog labels.	2018-04-04 11:52:05 +02:00
Fernandez Ludovic	46db91ce73	refactor: ECS labels.	2018-04-04 11:52:05 +02:00
Ludovic Fernandez	5921909ef5	Add tests on IPWhiteLister.	2018-04-03 18:36:03 +02:00
Fernandez Ludovic	1537861c61	Merge branch 'v1.5' into 'v1.6'	2018-04-03 12:12:19 +02:00
jakeprem	1b93551572	Update docker-and-lets-encrypt example to show traefik:1.5.4	2018-04-03 11:14:04 +02:00
Rodrigo	197a5fbcf4	Update kubernetes.md	2018-04-03 10:30:03 +02:00
Alex Antonov	ff32529345	Moved /api/cluster/leadership handler under public routes (requires no authentication)	2018-04-03 10:00:07 +02:00
Ludovic Fernandez	a179c3b399	Fixes prefixed annotations support.	2018-04-03 09:40:04 +02:00
Emir Karşıyakalı	a820585f56	Fixed documentation urls on README.md	2018-03-30 11:18:03 +02:00