1
0
mirror of https://github.com/containous/traefik.git synced 2025-10-23 23:33:33 +03:00

Compare commits

...

1522 Commits

Author SHA1 Message Date
Michael
c7cd0df3b3 Prepare release v3.0.0-beta4 2023-10-12 09:48:05 +02:00
mmatur
286181aa61 Merge v2.10 into v3.0 2023-10-11 17:33:55 +02:00
Michael
6a34f238ce Prepare release v2.10.5 2023-10-11 15:50:05 +02:00
Romain
4b2c763cf3 update x/net and grpc/grpc-go
Co-authored-by: Kevin Pollet <pollet.kevin@gmail.com>
Co-authored-by: lbenguigui <lbenguigui@gmail.com>
2023-10-11 12:48:05 +02:00
Dave Bendit
d03d8d53fd Add missing accessControlAllowOriginListRegex to middleware view 2023-10-11 09:52:05 +02:00
Romain
8d0979bfd0 Enable TLS for Consul Connect TCP services
Co-authored-by: Kevin Pollet <pollet.kevin@gmail.com>
2023-09-29 15:26:05 +02:00
Romain
e95fde5652 Fix preflight response status in access logs
Co-authored-by: lbenguigui <lbenguigui@gmail.com>
2023-09-29 12:18:06 +02:00
Niall Newman
ab7993428d Improve CNAME flattening to avoid unnecessary error logging 2023-09-28 12:00:06 +02:00
Romain
b966215e6c Move origin fields capture to service level
Co-authored-by: lbenguigui <lbenguigui@gmail.com>
2023-09-27 15:22:06 +02:00
Harold Ozouf
b786f58f80 fix: false positive in url anonymization 2023-09-26 08:28:25 +02:00
Yakun Sun
173154cf59 Ignore ErrKeyNotFound error for the KV provider 2023-09-25 16:38:07 +02:00
Ludovic Fernandez
4acec60e72 fix: wrong log level 2023-09-25 09:10:05 +02:00
Ludovic Fernandez
c3880a69ca Update quic-go to v0.39.0 2023-09-25 09:08:07 +02:00
Romain
4d63eb30f9 Allow X-Forwarded-For delete operation
Co-authored-by: landrybe <lbenguigui@gmail.com>
2023-09-22 11:00:07 +02:00
Dylan Rodgers
dbc679dc30 Updates business callout in the documentation 2023-09-13 18:38:05 +02:00
Thomas Decaux
fc7f732029 doc: fix accessControlAllowHeaders examples 2023-09-12 23:52:05 +02:00
JabJ
ba912e1a93 Change Arvancloud URL 2023-09-09 15:26:05 +02:00
Weida Hong
3216c8ab10 Adjust forward auth to avoid connection leak 2023-09-09 12:36:05 +02:00
Ludovic Fernandez
561c580701 Update quic-go to v0.38.1 2023-09-05 09:34:05 +02:00
Ludovic Fernandez
3fd5c747a2 Update go-acme/lego to v4.14.0 2023-08-22 10:02:05 +02:00
Ludovic Fernandez
b6b6cef3da Update quic-go to v0.38.0 2023-08-22 09:36:05 +02:00
Ludovic Fernandez
d651d1e7cf Update quic-go to v0.37.6 2023-08-21 09:10:05 +02:00
Ludovic Fernandez
6f22b9e0a7 Update quic-go to v0.37.5 2023-08-17 15:40:05 +02:00
Ludovic Fernandez
f29325c679 Update to go1.21 2023-08-16 17:50:06 +02:00
Ludovic Fernandez
57780d8004 Update go-acme/lego to v4.13.3 2023-08-14 15:30:06 +02:00
Marko Kaznovac
46f4a8541e fix minor typo in swarm example 2023-08-10 05:56:04 +02:00
Romain
1d85515aac Remove healthcheck interval configuration warning 2023-08-08 18:10:05 +02:00
Kevin McConnell
55e00be36e Allow short healthcheck interval with long timeout 2023-08-08 16:40:05 +02:00
Yakun Sun
d6457e6cbb Set sameSite field for wrr load balancer sticky cookie 2023-08-08 15:12:06 +02:00
CleverUnderDog
ca2b9e8e77 Fix GrpcWeb middleware to clear ContentLength after translating to normal gRPC message 2023-08-08 14:48:05 +02:00
Aaron
d948784d38 correct minor typo in crd-acme docs 2023-08-08 10:00:05 +02:00
Michael
1ddb0afb24 fix: reduce disk usage during release
Co-authored-by: Ludovic Fernandez <ldez@users.noreply.github.com>
2023-08-04 12:26:05 +02:00
Ludovic Fernandez
f518676238 Replace old security form by the GitHub report system 2023-07-27 16:50:06 +02:00
Alex Zhang
db3e8a7f5a docs: describe the missing db parameter in redis provider 2023-07-27 16:02:05 +02:00
Ludovic Fernandez
0bd367ebbd Prepare release v2.10.4 2023-07-24 16:44:05 +02:00
Michael
f4dc298406 fix: bad anchor on documentation 2023-07-24 16:18:05 +02:00
Ludovic Fernandez
3f93e9ea71 Remove CodeQL workflow from PR 2023-07-24 14:00:05 +02:00
mmatur
eb585740a1 Merge branch v2.10 into v3.0 2023-07-24 12:58:06 +02:00
Ludovic Fernandez
1709f3854c Update go-acme/lego to v4.13.2 2023-07-24 09:32:05 +02:00
Ludovic Fernandez
ebde81e91c chore: remove dead static configuration references 2023-07-24 08:40:05 +02:00
Ludovic Fernandez
47faae25d7 fix: traceability of the middleware plugins 2023-07-20 15:02:07 +02:00
Ludovic Fernandez
7792d197e6 Update go-acme/lego to v4.13.0 2023-07-20 14:36:07 +02:00
Jorge
deb4235028 Add CodeQL workflow 2023-07-20 04:10:05 +02:00
Fernandez Ludovic
124ee3c48c chore: fix PyYAML version 2023-07-19 21:38:50 +02:00
Ludovic Fernandez
bed6069e82 fix: avoid panic on resource backends 2023-07-19 17:36:06 +02:00
Massimiliano D
e29da5ad65 Updates the Hub tooltip content using a web component and adds an option to disable Hub button 2023-07-19 16:56:05 +02:00
Antony Chazapis
48de3b0230 Add support for RISC-V 2023-07-19 12:34:05 +02:00
Michael
00048a8351 fix: integration test with Go v1.20.6 2023-07-18 18:50:05 +02:00
Ludovic Fernandez
2df5defd36 chore: fix PyYAML version 2023-07-18 18:22:55 +02:00
Michael
aaa763b7af Upgrade docs build stack 2023-07-10 13:48:05 +02:00
Gérald Croës
8a68ece2cc Update maintainers guidelines 2023-07-03 15:10:05 +02:00
Ludovic Fernandez
08b80c20f0 Remove documentation of old swarm options 2023-07-03 09:14:05 +02:00
Ludovic Fernandez
d4daafa468 Fix migration guide heading 2023-06-26 16:02:05 +02:00
Ludovic Fernandez
52d2d959af Prepare release v3.0.0-beta3 2023-06-22 01:18:05 +02:00
Romain
0a35fa096a Improve Kubernetes support documentation
Co-authored-by: Kevin Pollet <pollet.kevin@gmail.com>
2023-06-21 10:06:05 +02:00
Fernandez Ludovic
a7ef965412 Merge branch v2.10 into v3.0 2023-06-20 19:33:05 +02:00
Romain
0a861716d4 Update release documentation 2023-06-20 17:12:05 +02:00
Romain
4fbe9b81ec Remove support of the networking.k8s.io/v1beta1 APIVersion 2023-06-20 10:26:05 +02:00
Romain
5fd6913ee5 Fix OpenTelemetry metrics
Co-authored-by: LandryBe <[lbenguigui@gmail.com](mailto:lbenguigui@gmail.com)>
2023-06-20 09:12:05 +02:00
Ludovic Fernandez
7741c68eaa Prepare release v2.10.3 2023-06-19 18:14:30 +02:00
Ludovic Fernandez
18077ff69a Update go-acme/lego to v4.12.2 2023-06-19 18:08:05 +02:00
Michael
fa555d0d29 fix: Remove unnecessary data on release ci 2023-06-19 17:34:05 +02:00
Jakob Miksch
0e5898b2f8 Minor Typo 2023-06-19 14:36:05 +02:00
Ludovic Fernandez
aae76408e2 Prepare release v2.10.2 2023-06-19 12:00:06 +02:00
green1052
9cc9ed6a0c Fix typo 2023-06-17 21:52:05 +02:00
Michael
fecaec7a4a feat: new endpoint for collect 2023-06-16 23:08:05 +02:00
LandryBe
e62fe64ec9 Encode query semicolons
Co-authored-by: Romain <rtribotte@users.noreply.github.com>
2023-06-15 18:20:06 +02:00
Romain
6885e410f0 Support informational headers in middlewares redefining the response writer.
Co-authored-by: LandryBe <lbenguigui@gmail.com>
2023-06-14 17:42:44 +02:00
Philipp Trulson
68ed875966 Update DataDog tracing dependency to v1.50.1 2023-06-14 17:00:06 +02:00
Romain
d1bdeb3a92 Fix missing trailer with custom errors middleware
Co-authored-by: LandryBe <lbenguigui@gmail.com>
2023-06-14 14:48:05 +02:00
Dylan Rodgers
878e7de56a Add business callouts 2023-06-09 09:18:05 +02:00
Ludovic Fernandez
27353d0740 Update go-acme/lego to v4.12.1 2023-06-07 09:30:05 +02:00
Fernandez Ludovic
606281a4a5 Merge branch v2.10 into v3.0 2023-06-05 11:43:02 +02:00
Ludovic Fernandez
c5f23493ab chore: update linter 2023-06-05 10:24:06 +02:00
Chromo-residuum-opec
db515195f0 docs: fix over-indented yaml configuration of access logs 2023-06-04 08:00:05 +02:00
Ludovic Fernandez
9aa57f362b fix: improve error messages related to plugins 2023-06-02 11:34:06 +02:00
João Silva
6977b68b72 Fix multiple subsets endpoint 2023-05-31 11:40:05 +02:00
Ludovic Fernandez
8d8717d421 Update go-acme/lego to v4.12.0 2023-05-29 13:04:05 +02:00
Fernandez Ludovic
981ad74870 Merge branch v2.10 into v3.0 2023-05-17 11:18:37 +02:00
Erikas
021f37ff71 Do not check for wildcard domains for non DNS challenge 2023-05-16 16:00:06 +02:00
Ludovic Fernandez
511762cbf3 fix: clean code related to Hub 2023-05-15 16:38:05 +02:00
Ludovic Fernandez
466d7461b7 Split Docker provider 2023-05-10 15:28:05 +02:00
Ludovic Fernandez
1522afe2ec doc: add logo for GitHub dark mode 2023-05-10 09:54:05 +02:00
Romain
9c73c4c584 Enable Prometheus provider cleanup when only the router's metrics level is activated
Co-authored-by: Kevin Pollet <pollet.kevin@gmail.com>
2023-05-09 17:38:05 +02:00
Ludovic Fernandez
8f206ce319 Update go-acme/lego to v4.11.0 2023-05-03 10:20:05 +02:00
Romain
65c59c9a09 Add FAQ documentation about TLS certificates 2023-04-28 17:56:05 +02:00
mloiseleur
e044e2b765 chore: update CI base OS 2023-04-28 15:36:05 +02:00
Romain
7805c683e3 Prepare release v2.10.1 2023-04-27 16:46:11 +02:00
Romain
e38c0c3969 Update vulcand/oxy to be5cf38 2023-04-27 16:28:06 +02:00
Fernandez Ludovic
2cebd0a083 Merge branch v2.10 into v3.0 2023-04-26 11:44:44 +02:00
Ludovic Fernandez
c0e03ae17d Update Structor to v1.13.2 2023-04-26 06:54:05 +02:00
Romain
9060522414 Fix v2.10 migration guide 2023-04-25 11:14:05 +02:00
Romain
bb4eb32b1c Prepare release v2.10.0 2023-04-24 15:38:05 +02:00
Massimiliano D
30f991effa Modify the Hub Button 2023-04-18 11:44:05 +02:00
Fernandez Ludovic
fc071a5ebe Merge branch v2.10 into master 2023-04-18 09:20:53 +02:00
Ngọc Long
6082b22922 Update vulcand/oxy to 03de175b3822 2023-04-18 09:16:20 +02:00
Ludovic Fernandez
5635687a3e fix: DeepCopy of PluginConf 2023-04-17 17:22:05 +02:00
Ludovic Fernandez
a3f1009170 chore: update pull request template (#9847) 2023-04-17 15:57:41 +02:00
Fernandez Ludovic
79c5f34156 Merge branch v2.10 into v3.0 2023-04-17 11:58:01 +02:00
Fernandez Ludovic
928db9bc42 chore: update linter 2023-04-17 11:01:26 +02:00
mloiseleur
c4bea197ab More details on for mTLS 2023-04-12 12:10:05 +02:00
mpl
e8878fe6ac Prepare release v2.10.0-rc2 2023-04-07 11:00:06 +02:00
mpl
f344239bef Merge branch 'v2.9' into v2.10 2023-04-06 18:44:23 +02:00
mpl
4ed3964b35 Prepare release v2.9.10 2023-04-06 18:10:03 +02:00
sven
11966c2098 Improve concepts page 2023-04-05 14:44:06 +02:00
sven
0d1bb72306 docs: update wording - add link descriptions 2023-04-05 14:16:06 +02:00
Mátyás Somfai
4c9765b52d Display period setting of the RateLimit middleware in the webui 2023-04-04 18:12:06 +02:00
sven
5f514b0d16 Update Call To Actions 2023-04-04 16:42:06 +02:00
yingshaoxo
01f346f239 Add accessControlAllowHeaders example 2023-04-04 14:36:11 +02:00
Ludovic Fernandez
be1b1a6489 chore: update linter 2023-04-03 10:06:06 +02:00
Ludovic Fernandez
ae65d5ff78 Update Yaegi to v0.15.1 2023-03-30 12:10:05 +02:00
sven
7fc07c31a0 docs: update wording 2023-03-29 17:16:05 +02:00
Ludovic Fernandez
f2eda3aa6d chore: bump k8s.io/client-go from v0.22.1 to v0.26.3 2023-03-27 12:14:05 +02:00
Senan Kelly
ac9d88e5a2 Only warn about missing docker network when network_mode is not host or container 2023-03-24 01:26:07 +01:00
sven
598caf6f78 Adjust quick start 2023-03-22 16:53:41 +01:00
Ludovic Fernandez
77509b0913 fix: decrease parallel build during the release 2023-03-22 16:53:08 +01:00
Ludovic Fernandez
8b47c5adf7 Remove deprecated code 2023-03-22 16:40:06 +01:00
Fernandez Ludovic
a3bcf0f39e Merge branch v2.10 into v3.0 2023-03-22 12:52:38 +01:00
Ludovic Fernandez
be702c2b61 Prepare release v2.10.0-rc1 2023-03-22 11:06:05 +01:00
Fernandez Ludovic
54f6144ef2 Merge branch v2.9 into v2.10 2023-03-21 17:11:20 +01:00
Romain
a020ab640d Prepare release v2.9.9 2023-03-21 16:47:43 +01:00
Fernandez Ludovic
7875826bd9 Merge branch v2.10 into v3.0 2023-03-21 16:45:33 +01:00
Romain
f7be1e97df Support multiple namespaces in the Nomad Provider 2023-03-21 15:50:06 +01:00
Romain
48a2c8e41c Fix Nomad client TLS defaults 2023-03-21 15:32:06 +01:00
mpl
358f47443e hub: get out of experimental.
Co-authored-by: Romain <rtribotte@users.noreply.github.com>
2023-03-20 21:14:05 +01:00
sven
3b9e155807 docs: update order of log levels 2023-03-20 18:56:06 +01:00
Michael
2083e4bc16 feat: use env variable in github actions 2023-03-20 18:30:08 +01:00
Romain
c823879097 Add prometheus metric requests_total with headers
Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com>
2023-03-20 18:06:07 +01:00
Thomas Quinot
4bc2305ed3 Expose ContainerName in Docker provider 2023-03-20 17:42:06 +01:00
Philipp Trulson
99d779a546 Add support to send DataDog traces via Unix Socket 2023-03-20 17:16:08 +01:00
Romain
6e460cd652 Native Kubernetes service load-balancing 2023-03-20 16:46:05 +01:00
mpl
7c2af10bbd Fix open connections metric
Co-authored-by: Romain <rtribotte@users.noreply.github.com>
2023-03-20 16:02:06 +01:00
Romain
7af9d16208 Introduce traefik.io API Group CRDs 2023-03-20 15:38:08 +01:00
Romain
598a257ae1 Remove config reload failure metrics 2023-03-20 15:14:05 +01:00
Aofei Sheng
b3f162a8a6 Fix default configuration settings for Nomad Provider 2023-03-20 10:44:05 +01:00
Romain
4aa3496092 Add HTTP 103 early hints unit test
Co-authored-by: Mathieu Lonjaret <mathieu.lonjaret@gmail.com>
2023-03-17 16:46:06 +01:00
mpl
bbe6a5c07b doc: clarify ratelimit middleware 2023-03-14 14:58:06 +01:00
mpl
20e47d9102 compress: add no compress unit tests 2023-03-02 10:26:05 +01:00
Romain
21c455cf20 Remove User-Agent header removal from ReverseProxy director func 2023-02-28 17:06:05 +01:00
Ludovic Fernandez
667b2a4078 Update vulcand/oxy to a0e9f7ff1040
Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com>
2023-02-27 15:24:21 +01:00
Ludovic Fernandez
4ae07d91a4 Update go-acme/lego to v4.10.2 2023-02-27 09:36:06 +01:00
Raphael Pinto
7bdf13ebdc Correcting variable name 'server address' in TCP Router 2023-02-23 23:38:05 +01:00
Romain
807feef176 Include user-defined default cert for traefik_tls_certs_not_after metric
Co-authored-by: Mathieu Lonjaret <mathieu.lonjaret@gmail.com>
2023-02-23 16:14:06 +01:00
Ludovic Fernandez
7202038649 chore: update to go1.20 2023-02-23 15:06:05 +01:00
Ludovic Fernandez
dd710dbeb7 chore: update quic-go to v0.33.0 2023-02-23 10:54:05 +01:00
Aofei Sheng
f26e250648 Mention PathPrefix matcher changes in V3 Migration Guide 2023-02-16 15:54:05 +01:00
Ben Iofel
80790cba17 Fix yaml indentation in the HTTP3 example 2023-02-16 14:36:05 +01:00
Romain
2e6e5cbd03 Prepare release v2.9.8 2023-02-15 16:02:06 +01:00
romain
241fb5093a Merge current v2.9 into v3.0 2023-02-15 11:29:28 +01:00
Ludovic Fernandez
ab36ea7844 fix: update golang.org/x/net to v0.7.0 2023-02-15 09:56:19 +01:00
Romain
cfef9d9df2 Prepare release v2.9.7 2023-02-14 16:09:19 +01:00
Fernandez Ludovic
9ce69fbdef chore: update some dependencies 2023-02-14 15:44:21 +01:00
Romain
1a6dfe1f6b Adds the support for IPv6 in the TCP HostSNI matcher 2023-02-14 15:04:05 +01:00
Ludovic Fernandez
e053eb6f17 Update go-acme/lego to v4.10.0 2023-02-10 11:36:10 +01:00
mpl
780936eff9 doc: add note about remoteaddr strategy 2023-02-09 17:34:06 +01:00
mpl
0503253cfe doc: add CNAME support and gotchas 2023-02-09 17:12:06 +01:00
Ludovic Fernandez
39331e41a8 Update Yaegi to v0.15.0 2023-02-09 11:52:05 +01:00
Ludovic Fernandez
044dc6a221 fix: go module 2023-02-03 15:24:05 +01:00
Romain
38f5024ed0 Differentiate UDP stream and TCP connection in logs 2023-01-31 16:00:10 +01:00
mpl
479878503d quic-go: bump to 89769f409f 2023-01-31 14:38:05 +01:00
Ludovic Fernandez
6f6c1f7fec Update dependencies 2023-01-30 09:34:44 +01:00
Ludovic Fernandez
e50bf21a84 Update Structor to v1.12.0 2023-01-23 10:44:04 +01:00
Ludovic Fernandez
d66875f903 Update paerser to v0.2.0 2023-01-23 09:34:04 +01:00
Romain
707f84e2e4 Don't log EOF or timeout errors while peeking first bytes in Postgres StartTLS hook 2023-01-12 12:28:04 +01:00
Pedro González Serrano
f94298e867 Fix datasource variable of the Grafana dashboard 2023-01-11 15:16:06 +01:00
Romain
b995a11d63 Prevent panicking when a container has no network interfaces
Co-authored-by: Kevin Pollet <pollet.kevin@gmail.com>
2023-01-11 15:14:05 +01:00
Tom Moulard
e1abf103c0 Add OpenTelemetry in observability overview
Co-authored-by: Romain <rtribotte@users.noreply.github.com>
2023-01-10 17:06:04 +01:00
Paulo Júnior
f01a668d53 feat: update copyright to match new standard 2023-01-09 19:56:04 +01:00
bendre90
8cd4923e72 Added router priority to webui's list and detail page 2023-01-09 17:24:05 +01:00
Tom Moulard
cd90b9761a Merge current v2.9 into v3.0 2023-01-09 16:21:45 +01:00
sven
e82976e001 Add info admonition about routing to k8 services 2023-01-09 16:07:09 +01:00
Tom Moulard
f0f5f41fb9 Fix OpenTelemetry service name
Co-authored-by: Kevin Pollet <pollet.kevin@gmail.com>
2023-01-06 09:10:05 +01:00
hcooper
c9e9e8dee2 Further Let's Encrypt ratelimit warnings 2023-01-04 12:10:05 +01:00
Witold Duranek
0861c47e54 fix no rate limiting if average is 0 2023-01-03 16:16:05 +01:00
Baptiste Mayelle
8bf68b7efd Grafana dashboard showing ms instead of s 2023-01-02 17:34:04 +01:00
Tom Moulard
e1e86763e3 Prevents superfluous WriteHeader call in the error middleware
Co-authored-by: LandryBe <lbenguigui@gmail.com>
2023-01-02 17:00:05 +01:00
kevinpollet
b22aef7fff Merge branch v2.9 into v3.0 2023-01-02 15:20:39 +01:00
Kevin Pollet
b9a175f5c2 Update copyright for 2023 2023-01-02 12:12:05 +01:00
Tom Moulard
a2016a2953 Detect dashboard assets content types
Co-authored-by: Romain <rtribotte@users.noreply.github.com>
2022-12-29 09:46:04 +01:00
Tom Moulard
c38d405cfd Remove containous/mux from HTTP muxer
Co-authored-by: Simon Delicata <simon.delicata@traefik.io>
2022-12-22 17:16:04 +01:00
jandillenkofer
8c98234c07 Add option to the Ingress provider to disable IngressClass lookup 2022-12-22 16:30:05 +01:00
Roman Tomjak
d046af2e91 Add support for HTTPRequestRedirectFilter in k8s Gateway API 2022-12-22 15:02:05 +01:00
Tom Moulard
943238faba Remove InfluxDB v1 metrics middleware 2022-12-19 14:32:04 +01:00
Romain
2b67f1f66f Remove Marathon provider 2022-12-19 11:52:05 +01:00
tfny
943811fad6 Update submitting pull requests to include language about drafts 2022-12-19 11:42:04 +01:00
Tom Moulard
2ad1fd725a Remove Rancher v1 provider 2022-12-19 10:42:05 +01:00
Charlie Haley
7129f03dc9 fix: update opentelemetry dependency versions 2022-12-19 09:54:04 +01:00
Ludovic Fernandez
29b8b6911e fix: sanitize X-Forwarded-Proto header in RedirectScheme middleware
Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com>
2022-12-16 10:34:04 +01:00
mloiseleur
e7baf44a2e doc: Improve TLSStore CRD documentation 2022-12-15 14:32:06 +01:00
mpl
74ef79ea23 mitigate race against server readiness in test
Co-authored-by: Romain <rtribotte@users.noreply.github.com>
2022-12-15 11:18:05 +01:00
mloiseleur
748254b6c5 doc: Update Grafana Official Dashboards 2022-12-13 16:16:06 +01:00
Douglas De Toni Machado
a08a428787 Support HostSNIRegexp in GatewayAPI TLS routes 2022-12-12 16:30:05 +01:00
Simon Delicata
3eeea2bb2b Add TCP Servers Transports support
Co-authored-by: Romain <rtribotte@users.noreply.github.com>
2022-12-09 09:58:05 +01:00
mpl
da93dab828 make file provider more resilient wrt first configuration
Co-authored-by: Romain <rtribotte@users.noreply.github.com>
Co-authored-by: Tom Moulard <tom.moulard@traefik.io>
2022-12-09 09:48:04 +01:00
Ludovic Fernandez
c2dac39da1 fix: detect dashboard content types
Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com>
2022-12-09 08:24:05 +01:00
Tom Moulard
e54ee89330 Prepare release v3.0.0-beta2 2022-12-07 17:26:04 +01:00
Simon Delicata
fdd3f2abef Moves HTTP/3 outside the experimental section 2022-12-07 17:02:05 +01:00
Tom Moulard
517917cd7c Merge current v2.9 into master 2022-12-07 15:55:46 +01:00
Tom Moulard
d97d3a6726 Prepare release v2.9.6 2022-12-07 15:14:05 +01:00
Tom Moulard
6c75052a13 Change traefik cmd error log to error level 2022-12-07 11:34:06 +01:00
Ludovic Fernandez
a8df674dcf fix: flaky tests 2022-12-07 10:56:05 +01:00
Ludovic Fernandez
abd569701f fix: update golang.org/x/net 2022-12-07 10:02:04 +01:00
mpl
7e3fe48b80 Handle broken TLS conf better
Co-authored-by: Jean-Baptiste Doumenjou <925513+jbdoumenjou@users.noreply.github.com>
Co-authored-by: Romain <rtribotte@users.noreply.github.com>
2022-12-06 18:28:05 +01:00
Tom Moulard
8cf9385938 Rework Host and HostRegexp matchers
Co-authored-by: Simon Delicata <simon.delicata@traefik.io>
2022-12-06 10:40:06 +01:00
Romain
519ed8bde5 Prepare release v3.0.0-beta1 2022-12-05 16:58:04 +01:00
romain
46a61ce9c8 Merge remote-tracking branch 'upstream/v2.9' into merge-branch-v2.9-into-master 2022-12-05 15:23:06 +01:00
Ludovic Fernandez
778188ed34 fix: remove logs of the request 2022-12-05 11:30:05 +01:00
Nicolas Mengin
88603810a8 Add information about the Hub Agent 2022-12-01 14:30:06 +01:00
mloiseleur
c7647b4938 doc: Update Helm installation section 2022-12-01 10:10:05 +01:00
Janik
af71443b61 Added networking example 2022-11-30 15:04:05 +01:00
Ludovic Fernandez
c57876c116 Improve provider logs 2022-11-30 09:50:05 +01:00
Tom Moulard
0d81fac3fc Add OpenTelemetry tracing and metrics support 2022-11-29 15:34:05 +01:00
Simon Delicata
db287c4d31 Disable Content-Type auto-detection by default 2022-11-29 11:48:05 +01:00
Antoine
4d86668af3 Update routing syntax
Co-authored-by: Tom Moulard <tom.moulard@traefik.io>
2022-11-28 15:48:05 +01:00
Fernandez Ludovic
b93141992e Merge branch v2.9 into master 2022-11-28 09:01:53 +01:00
Ludovic Fernandez
18d66d7432 Update go-acme/lego to v4.9.1 2022-11-28 08:48:04 +01:00
Simon Delicata
a3e4c85ec0 Remove deprecated options 2022-11-25 10:50:06 +01:00
Ludovic Fernandez
bee86b5ac7 fix: log level 2022-11-25 09:52:04 +01:00
Ludovic Fernandez
0ba51d62fa fix: flaky with shutdown tests 2022-11-24 17:06:07 +01:00
Kevin Pollet
268d1edc8f Fix flaky healthcheck test 2022-11-24 16:32:05 +01:00
Ludovic Fernandez
580e7fa774 fix: flaky tests on the configuration watcher 2022-11-24 16:00:06 +01:00
Romain
7c72780820 Add missing serialNumber passTLSClientCert option to middleware panel 2022-11-24 12:30:05 +01:00
Ali Afsharzadeh
46c266661c Add a status option to the service health check 2022-11-24 11:40:05 +01:00
Fernandez Ludovic
61325d7b91 Merge branch v2.9 into master 2022-11-23 17:30:49 +01:00
Kevin Pollet
68e8eb2435 Update k3s image to rancher/k3s:v1.20.15-k3s1 2022-11-23 17:28:04 +01:00
Kevin Pollet
3f8aa13e68 Fix error when setting ServerUp metric labels 2022-11-23 16:04:05 +01:00
Ludovic Fernandez
08279047ae Improve test logger assertions 2022-11-23 12:14:04 +01:00
Ludovic Fernandez
3dd4968c41 Retry on plugin API calls 2022-11-23 11:42:04 +01:00
Fernandez Ludovic
ba1ca68977 Merge branch v2.9 into master 2022-11-23 09:22:52 +01:00
Ludovic Fernandez
81a5b1b4c8 Increase the timeout on plugin download 2022-11-22 18:30:05 +01:00
Romain
52e6ce95cf Update DataDog tracing dependency to v1.43.1 2022-11-22 15:12:06 +01:00
Jérôme Guiard
d547718fdd Support of allowEmptyServices in TraefikService 2022-11-22 10:18:04 +01:00
Ludovic Fernandez
56f7515ecd New logger for the Traefik logs 2022-11-21 18:36:05 +01:00
mpl
af4e74c39d doc: clarify PathPrefix greediness 2022-11-21 17:30:06 +01:00
xmessi
27c02b5a56 Log TLS client subject 2022-11-21 10:18:05 +01:00
Romain
f6b7940b76 Prepare release v2.9.5 (#9513) 2022-11-17 15:57:23 +01:00
Simon Delicata
f1b91a119d Create a new capture instance for each incoming request
Co-authored-by: Romain <rtribotte@users.noreply.github.com>
2022-11-17 10:26:06 +01:00
Romain
630de7481e Support SNI routing with Postgres STARTTLS connections
Co-authored-by: Michael Kuhnt <michael.kuhnt@daimler.com>
Co-authored-by: Julien Salleyron <julien@containo.us>
Co-authored-by: Mathieu Lonjaret <mathieu.lonjaret@gmail.com>
2022-11-16 15:34:10 +01:00
Julien Salleyron
fadee5e87b Rework servers load-balancer to use the WRR
Co-authored-by: Kevin Pollet <pollet.kevin@gmail.com>
2022-11-16 11:38:07 +01:00
sven
35d8281f4d docs(contributing): enhance wording of building-testing page 2022-11-15 19:34:04 +01:00
Greg
67d9c8da0b Add support for Brotli
Co-authored-by: Mathieu Lonjaret <mathieu.lonjaret@gmail.com>
Co-authored-by: Tom Moulard <tom.moulard@traefik.io>
Co-authored-by: Romain <rtribotte@users.noreply.github.com>
Co-authored-by: Kevin Pollet <pollet.kevin@gmail.com>
2022-11-15 10:56:08 +01:00
sven
00de5c711a docs(contributing): add link descriptions and update wording 2022-11-15 10:28:07 +01:00
Charlie Haley
b935c80dbd docs: update helm repository 2022-11-14 16:04:16 +01:00
tfny
22c6630412 Removes the experimental tag on the Traefik Hub header 2022-11-09 00:12:05 +01:00
mloiseleur
1a1cfd1adc Update and publish official Grafana Dashboard 2022-11-08 15:32:06 +01:00
Ngọc Long
240fb871b6 Support gRPC and gRPC-Web protocol in metrics 2022-11-08 10:52:09 +01:00
Kevin Pollet
b2c4221429 Update vulcand/oxy to v1.4.2 2022-11-07 10:28:08 +01:00
Ludovic Fernandez
d131ef57da chore: update nhooyr.io/websocket 2022-11-03 16:30:08 +01:00
Ludovic Fernandez
97de552e06 chore: update github.com/opencontainers/runc 2022-11-03 16:28:05 +01:00
kevinpollet
281fa25844 Merge branch v2.9 into master 2022-10-28 09:22:36 +02:00
Fernandez Ludovic
454f552691 Prepare release v2.9.4 2022-10-27 20:40:05 +02:00
Fernandez Ludovic
7258048403 Prepare release v2.9.3 2022-10-27 17:50:54 +02:00
Julien Salleyron
bd3eaf4f5e Add GrpcWeb middleware
Co-authored-by: Kevin Pollet <pollet.kevin@gmail.com>
2022-10-27 17:34:06 +02:00
Kevin Pollet
15f7472091 Prepare release v2.9.2 2022-10-27 16:53:16 +02:00
Romain
a041a6b198 Handle capture on redefined http.responseWriters
Co-authored-by: Mathieu Lonjaret <mathieu.lonjaret@gmail.com>
2022-10-27 16:08:06 +02:00
Ludovic Fernandez
7582da9650 Update Yaegi to v0.14.3 2022-10-26 18:22:05 +02:00
Ludovic Fernandez
7a6bfd3336 chore: change TCP middleware package 2022-10-26 17:42:07 +02:00
Wambugu
1b9873cae9 Renaming IPWhiteList to IPAllowList 2022-10-26 17:16:05 +02:00
Fernandez Ludovic
e86f21ae7b Merge branch 'v2.9' into master 2022-10-24 11:24:41 +02:00
Simon Delicata
ccbbd0d766 Remove side effect on default transport tests 2022-10-24 10:52:04 +02:00
Ludovic Fernandez
93212125e3 chore: bump github.com/BurntSushi/toml to v1.2.1 2022-10-23 14:16:05 +02:00
Ludovic Fernandez
be3b798dd6 chore: update actions/cache to v3 2022-10-21 16:08:05 +02:00
sosoba
8128d6ca26 Simplify dashboard rule example 2022-10-18 15:38:12 +02:00
Julien Levesy
194247caae Check if default servers transport spiffe config is not nil 2022-10-18 10:28:07 +02:00
kevinpollet
cd0654026a Merge branch v2.9 into master 2022-10-17 18:53:37 +02:00
Ludovic Fernandez
14ab1514dc chore: update linter 2022-10-17 12:00:10 +02:00
Kevin Pollet
40242294d8 Fix links to gateway API guides 2022-10-17 10:52:08 +02:00
Romain
996eccf5b7 Remove unnecessary linting exclusions 2022-10-14 18:52:08 +02:00
Julien Levesy
b39ce8cc58 Support SPIFFE mTLS between Traefik and Backend servers 2022-10-14 17:16:08 +02:00
Kevin Pollet
e9de061b84 Add v2.9 to release page 2022-10-14 16:04:07 +02:00
Kevin Pollet
33f0aed5ea Support custom headers when fetching configuration through HTTP 2022-10-14 15:10:10 +02:00
Ludovic Fernandez
0ca1c8aac3 fix: redis configuration type 2022-10-13 15:34:09 +02:00
Romain
2c550c284d Remove raw cert escape in PassTLSClientCert middleware 2022-10-13 15:08:08 +02:00
Ludovic Fernandez
87815586be chore: update misspell 2022-10-11 18:18:09 +02:00
mpl
09d6383621 ISSUE_TEMPLATE: clarify maintainers involvement in issues closing 2022-10-11 14:30:08 +02:00
kalle (jag)
188ef84c4f Allow to define default entrypoints (for HTTP/TCP) 2022-10-11 09:36:08 +02:00
kevinpollet
a5c520664a Merge branch v2.9 into master 2022-10-06 16:40:09 +02:00
Tom Moulard
39b0077725 chore: update linter 2022-10-04 20:38:09 +02:00
tony-defa
e2a9caf760 updated go-acme/lego to v4.9.0
Co-authored-by: Ludovic Fernandez <ldez@users.noreply.github.com>
2022-10-04 12:36:09 +02:00
Tom Moulard
bc79796c38 prepare-release-v2.9.1 (#9410) 2022-10-03 16:17:58 +02:00
Tom Moulard
b1db81d8ac Prepare release v2.9.0 (#9409) 2022-10-03 15:43:04 +02:00
Kevin Pollet
38d7011487 Add Tailscale certificate resolver
Co-authored-by: Mathieu Lonjaret <mathieu.lonjaret@gmail.com>
2022-09-30 15:20:08 +02:00
Ludovic Fernandez
ae7db879d9 Prepare release v2.9.0-rc5 2022-09-30 15:02:08 +02:00
Fernandez Ludovic
dd34905ea9 Merge branch v2.8 into v2.9 2022-09-30 12:24:04 +02:00
Ludovic Fernandez
3812e6f3cb Prepare release v2.8.8 2022-09-30 12:03:03 +02:00
John Pekcan
627175694d Fix autoDiscoverClusters option documentation for ECS provider 2022-09-30 10:57:48 +02:00
Boris HUISGEN
82cf6c9577 Fix watch option description for Docker provider 2022-09-30 10:50:09 +02:00
tspearconquest
63a1186d3e Update golang.org/x/net to latest version 2022-09-30 10:22:10 +02:00
Skyler Mäntysaari
f75f636e27 Improve documentation for publishedService and IP options 2022-09-29 10:14:08 +02:00
Ludovic Fernandez
615dc7fd35 Prepare release v2.8.7 2022-09-23 16:22:38 +02:00
Kevin Pollet
52b6b057f0 Prepare release v2.9.0-rc4 2022-09-23 16:01:00 +02:00
Fernandez Ludovic
7b3faef4b3 Merge branch v2.8 into v2.9 2022-09-23 15:28:57 +02:00
Kevin Pollet
7758880f3f Prepare release v2.8.6 2022-09-23 15:24:15 +02:00
Ludovic Fernandez
d04903edb2 fix: query parameter matching with equal 2022-09-23 15:12:29 +02:00
Douglas De Toni Machado
a63d5c95a8 Rework metrics overview page 2022-09-23 11:06:09 +02:00
Ludovic Fernandez
bb66950197 fix: acme panic 2022-09-23 10:42:09 +02:00
Fernandez Ludovic
c4cc30ccc6 Merge branch v2.8 into v2.9 2022-09-23 09:07:13 +02:00
Julien Salleyron
9cd54baca4 Optimize websocket headers handling
Co-authored-by: Kevin Pollet <pollet.kevin@gmail.com>
2022-09-22 10:00:09 +02:00
Ludovic Fernandez
7ac687a0a9 providers: simplify AddServer algorithms 2022-09-21 14:54:08 +02:00
t3hchipmunk
83ae1021f6 fix: UDP loadbalancer tags not being used with Consul Catalog 2022-09-21 14:30:09 +02:00
jjacque
033fccccc7 Support gRPC healthcheck 2022-09-20 16:54:08 +02:00
Michael Hampton
df99a9fb57 Add option to keep only healthy ECS tasks 2022-09-20 15:42:08 +02:00
Romain
67e3bc6380 Add documentation for ECS constraints option 2022-09-20 12:22:08 +02:00
Thomas Harris
d6b69e1347 Support multiple namespaces in the Nomad Provider 2022-09-19 16:26:08 +02:00
romain
4bd055cf97 Merge branch v2.9 into master 2022-09-19 13:52:58 +02:00
Fernandez Ludovic
4b291b2cf8 Merge branch v2.8 into v2.9 2022-09-19 11:53:00 +02:00
Ludovic Fernandez
89870ad539 docs: fix link to RouteNamespaces 2022-09-19 11:26:08 +02:00
Kevin Pollet
5bc03af75f Prepare release v2.9.0-rc3 2022-09-16 16:00:08 +02:00
kevinpollet
30ec5c58fe Merge current v2.8 into v2.9 2022-09-16 14:57:07 +02:00
NEwa-05
a4b447256b Add a note on case insensitive regex matching 2022-09-16 12:16:09 +02:00
Romain
1c9a7b8c61 Add documentation for json schema usage to validate config in the FAQ
Co-authored-by: Kevin Pollet <pollet.kevin@gmail.com>
2022-09-16 09:54:09 +02:00
Ludovic Fernandez
d06573de6c plugins: allow empty config 2022-09-15 11:00:09 +02:00
Fernandez Ludovic
6c2c561d8f Prepare release v2.9.0-rc2 2022-09-14 17:33:51 +02:00
Fernandez Ludovic
e5309a4601 chore: drop Windows arm v5/6/7 2022-09-14 17:29:26 +02:00
Romain
e9f98fb6eb Prepare release v2.9.0-rc1 (#9334) 2022-09-14 16:52:03 +02:00
José Gaspar
b351266b2d Add support for ECS Anywhere 2022-09-14 16:22:08 +02:00
Michael
fd95560c66 fix: shellcheck 2022-09-14 15:10:08 +02:00
Qi
788f8fa951 Make the loadbalancers servers order random
Co-authored-by: Mathieu Lonjaret <mathieu.lonjaret@gmail.com>
Co-authored-by: Romain <rtribotte@users.noreply.github.com>
2022-09-14 14:42:08 +02:00
Romain
89dc466b23 Quiet down TCP RST packet error on read operation 2022-09-14 11:50:08 +02:00
Ludovic Fernandez
ab8d7d2e78 Remove Pilot support 2022-09-14 10:56:08 +02:00
Romain
a002ccfce3 ACME Default Certificate
Co-authored-by: Ludovic Fernandez <ldez@users.noreply.github.com>
Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com>
2022-09-13 20:34:08 +02:00
romain
693d5da1b9 Merge v2.8 into master 2022-09-13 17:17:58 +02:00
Romain
8ddc37d528 Prepare release v2.8.5 2022-09-13 17:13:58 +02:00
Kevin Pollet
0cb2652f51 Update Yaegi to v0.14.2 2022-09-13 15:44:08 +02:00
Fernandez Ludovic
fe8e7ab5b8 docs: update Docker Swarm link 2022-09-12 23:13:11 +02:00
Ludovic Fernandez
d531963f95 Update valkeyrie to v1.0.0 2022-09-12 17:40:09 +02:00
Tom Moulard
d578ed7327 Add traffic size metrics
Co-authored-by: OmarElawady <omarelawady1998@gmail.com>
Co-authored-by: Mathieu Lonjaret <mathieu.lonjaret@gmail.com>
Co-authored-by: Romain <rtribotte@users.noreply.github.com>
2022-09-12 17:10:09 +02:00
Simon Delicata
10528c973a Add Datadog GlobalTags support 2022-09-12 15:14:08 +02:00
Fernandez Ludovic
56a1ed4220 docs: update Docker Swarm Load Balancer link 2022-09-10 01:18:29 +02:00
Dylan Rodgers
37b6edb28c Added resources for businesses 2022-09-09 17:17:53 +02:00
Antoine
44a2b85dba Display default TLS options in the dashboard 2022-09-09 12:46:09 +02:00
MoonLightWatch
77c8d60092 fix: IPv6 addr in square brackets 2022-09-09 10:44:07 +02:00
Nicolas Mengin
b33c8cec0b Update deprecation notes about Pilot 2022-09-08 11:22:08 +02:00
Tom Moulard
52df1d63fe Use IPv6 address 2022-09-08 11:20:09 +02:00
Douglas De Toni Machado
c84378d649 Change default TLS options for more security 2022-09-08 10:56:08 +02:00
Marco Lecheler
12dccc4fdd doc: add healthcheck timeout seconds to value 2022-09-05 17:22:08 +02:00
Romain
32e44816c9 Prepare release v2.8.4 2022-09-02 16:38:08 +02:00
Nicolas Mengin
23c74c9f2e Update deprecation notes about Pilot 2022-09-02 16:00:09 +02:00
Johannes Ballmann
9a82d96e68 Add missing networking apiGroup in Kubernetes RBACs examples and references 2022-09-02 12:18:08 +02:00
Ludovic Fernandez
d9589878fb fix: allow starting Traefik even if plugin services have an issue 2022-09-02 11:44:08 +02:00
romain
703de5331b Merge current v2.8 into master 2022-08-31 18:19:31 +02:00
Romain
d3e4d56a0d Fix Docker provider mem leak on operation retries
Co-authored-by: Mathieu Lonjaret <mathieu.lonjaret@gmail.com>
2022-08-31 18:04:08 +02:00
Ludovic Fernandez
adf82d72ae chore: update linter 2022-08-31 08:24:08 +02:00
Ludovic Fernandez
25027d6df8 fix: don't retry on panic 2022-08-29 11:36:08 +02:00
cui fliter
e56dfeb7d5 fix a typo 2022-08-29 09:24:07 +02:00
Ludovic Fernandez
5ca7fff7f6 doc: fix infobloc documentation 2022-08-25 10:34:09 +02:00
Ben Krieger
dfa1f3fc00 Fix k8s for example for rootCAs serversTransport 2022-08-24 16:16:08 +02:00
Tom Moulard
b26c45af2b chore: update paerser to v0.1.9 2022-08-19 15:58:08 +02:00
kevinpollet
626da4c0ae Merge current v2.8 into master 2022-08-18 14:50:44 +02:00
Tom Moulard
9c02612f65 Update codegen docker image to golang:1.19 2022-08-18 11:24:08 +02:00
Kevin Pollet
b3f4f6bb21 Prepare release v2.8.3 2022-08-12 16:19:31 +02:00
Ludovic Fernandez
2cac58d9c0 Update paeser to v0.1.8 2022-08-12 16:08:07 +02:00
Ludovic Fernandez
a553085689 Add migration guide for v2.8.3 2022-08-12 11:42:10 +02:00
Romain
6dd63e1702 Add missing context in backoff for Marathon 2022-08-12 10:44:08 +02:00
Ludovic Fernandez
868ab7a5c8 fix: update paerser to v0.1.7 2022-08-12 09:48:07 +02:00
Romain
23c26d64ee Prepare release v2.8.2 2022-08-11 16:50:10 +02:00
Romain
63f9ec9c38 Remove request dump from IPWhitelist debug log and tracing message 2022-08-11 16:20:14 +02:00
Kevin Pollet
40db06204b Update valkeyrie to a9a70ee 2022-08-11 15:42:07 +02:00
Romain
4755bb2f33 Control allocation and copy of labelNamesValues type
Co-authored-by: Kevin Pollet <pollet.kevin@gmail.com>
2022-08-11 10:58:09 +02:00
Ludovic Fernandez
45453b20fa chore: update to go1.19 2022-08-09 17:36:08 +02:00
Maxence Moutoussamy
40d2421db9 Add getting started guide for Kubernetes 2022-08-09 16:06:09 +02:00
Douglas De Toni Machado
af749f1864 Add a method option to the service Health Check 2022-08-08 15:22:07 +02:00
longshine
1576ad85b8 Place namespace before name in router key for Ingress 2022-08-04 10:22:08 +02:00
Romain
2a2ea759d1 Support Nomad canary deployment
Co-authored-by: Kevin Pollet <pollet.kevin@gmail.com>
Co-authored-by: Mathieu Lonjaret <mathieu.lonjaret@gmail.com>
2022-08-01 17:52:08 +02:00
Ludovic Fernandez
b4ee7bdcbe Bump paerser to v0.1.6 2022-08-01 15:12:08 +02:00
Mark Ormesher
146991efda Fix wording of default behavior for namespaces option 2022-08-01 10:10:07 +02:00
kevinpollet
ab94bbaece Merge current v2.8 into master 2022-07-25 17:31:51 +02:00
Fernandez Ludovic
5a706296f2 chore: cleanup 2022-07-25 17:22:31 +02:00
tfny
5b3354b8ce Update Thank You page with proper branding and grammar fixes 2022-07-22 09:50:09 +02:00
Tom Moulard
7751fb24eb Update linter 2022-07-19 18:38:09 +02:00
Adrian Freund
f85f3b68aa Add support for reaching containers using host networking on Podman 2022-07-19 16:22:08 +02:00
Tom Moulard
b361608693 Lint markdown files 2022-07-18 12:22:08 +02:00
Tom Moulard
cdda9a18ab Upgrade quic-go to v0.28.0 2022-07-18 11:10:08 +02:00
tfny
3686f95832 Update CONTRIBUTING.md to contain all information in one place 2022-07-18 11:08:08 +02:00
Julien Salleyron
2cb011f595 Fix service up gauge for Prometheus metrics
Co-authored-by: Tom Moulard <tom.moulard@traefik.io>
2022-07-18 10:36:11 +02:00
mpl
b7199a7a9b integration: use VPN for integration tests (for Mac)
Co-authored-by: Kevin Pollet <pollet.kevin@gmail.com>
2022-07-13 18:32:08 +02:00
tfny
14eb56cf30 Update the PR guidelines in Contributing docs 2022-07-13 09:50:08 +02:00
Romain
ff2911d070 Refactor certificate domains matching func 2022-07-12 16:16:08 +02:00
Kevin Pollet
f07fcd3d54 Add missing inline tag for YAML serialization 2022-07-12 12:12:08 +02:00
Simon Delicata
0e4b4c1a31 docs: update plugins doc 2022-07-12 11:48:13 +02:00
Michael
154d8470ab feat: remove netlify 2022-07-12 10:00:08 +02:00
Tom Moulard
c9520480c2 Prepare release v2.8.1 2022-07-11 16:02:09 +02:00
tfny
05c3486347 Update the language for advocating page 2022-07-08 10:28:08 +02:00
Julien Salleyron
0231db05b4 Improve performances when Prometheus metrics are enabled 2022-07-07 18:00:09 +02:00
Dmitry Sharshakov
4dc379c601 Support ALPN for TCP + TLS routers 2022-07-07 16:58:09 +02:00
Maxence Moutoussamy
8f6463ba7a Support forwarded websocket protocol in RedirectScheme
Co-authored-by: Kevin Pollet <pollet.kevin@gmail.com>
2022-07-06 11:54:08 +02:00
Jérôme
aff334ffb4 Add allowEmptyServices for Docker provider 2022-07-06 10:24:08 +02:00
Dylan Rodgers
28da781194 Add callout for anyone using Traefik to manage commercial applications 2022-07-05 10:02:09 +02:00
Maxence Moutoussamy
51a02caea3 Upgrade valkeyrie to v0.4.1 2022-07-04 15:50:09 +02:00
Tom Moulard
839bc7b3a8 Remove -a when building binary 2022-06-30 18:12:08 +02:00
Douglas De Toni Machado
9c79fafeeb Update deprecation notices 2022-06-30 14:34:08 +02:00
kevinpollet
c51e590591 Merge current v2.8 into master 2022-06-30 10:24:37 +02:00
Tom Moulard
9c4b336f3b Prepare release v2.8.0 2022-06-29 17:38:37 +02:00
romain
aa8fda5eae Merge current v2.7 into v2.8 2022-06-29 15:57:57 +02:00
Romain
8b22101236 Prepare release v2.7.3 2022-06-29 15:44:08 +02:00
Kevin Pollet
3c1d5e0393 Move consulcatalog provider to only use health apis
Co-authored-by: Charles Zaffery <czaffery@roblox.com>
2022-06-29 12:04:09 +02:00
mloiseleur
03598d395b Add documentation main, SANs and plugin CRD fields 2022-06-29 11:04:09 +02:00
Jean-Baptiste Doumenjou
9d61cb64a2 Ensure that the Datadog client is cleanly stopped 2022-06-29 10:34:08 +02:00
kevinpollet
ba3f5b318c Merge current v2.8 into master 2022-06-28 09:30:51 +02:00
Romain
62e17c659e Prepare release v2.8.0-rc2 2022-06-27 17:05:11 +02:00
romain
41748c3ae4 Merge current v2.7 into v2.8 2022-06-27 16:12:21 +02:00
Kevin Pollet
65a317010b Prepare release v2.7.2 2022-06-27 15:52:08 +02:00
Julien Salleyron
a887794313 Fix HostRegexp and Query muxers 2022-06-27 15:16:08 +02:00
tomatokoolaid
77e1ce2877 Added useful links for commercial applications 2022-06-27 11:08:08 +02:00
tomatokoolaid
470a4f6e5f Update to improve info section relevance 2022-06-27 10:32:08 +02:00
mloiseleur
94141233f0 Add documentation to Traefik CRD properties
Co-authored-by: Romain <rtribotte@users.noreply.github.com>
Co-authored-by: Kevin Pollet <pollet.kevin@gmail.com>
2022-06-24 12:40:08 +02:00
Maxence Moutoussamy
467c8b31c3 Start polling HTTP provider at the beginning
Co-authored-by: Jason Quigley <jason@onecha.net>
2022-06-24 12:34:08 +02:00
Maxence Moutoussamy
ff17ac53df RedirectScheme redirects based on X-Forwarded-Proto header 2022-06-24 12:04:09 +02:00
burner-account
55ba4356f2 Allow multiple listeners on same port in Gateway API provider 2022-06-23 11:58:09 +02:00
Thomas P
804b0ff2f2 Do not make multiple requests to the same URL for balancer healthcheck 2022-06-22 21:46:08 +02:00
Kevin Pollet
818541d4d7 Update yaegi to v0.13.0 2022-06-21 19:56:08 +02:00
miteshjadia
1b199730d2 docs: add missing info.serialNumber option to PassTLSClientCert middleware 2022-06-21 15:46:08 +02:00
Romain
f8f685193d Load plugin configuration field value from Kubernetes Secret
Co-authored-by: nnlquan <longquan0104@gmail.com>
2022-06-20 15:44:08 +02:00
Kevin Pollet
6e535f8cef Use configured token in the Nomad client 2022-06-20 15:42:09 +02:00
Maxence Moutoussamy
23340c46e6 Add log when missing path in health check 2022-06-20 15:40:13 +02:00
Kevin Pollet
5c15f5fe04 Update DataDog tracing dependency to v1.38.1
Co-authored-by: Romain <rtribotte@users.noreply.github.com>
2022-06-16 17:54:08 +02:00
Roman Tomjak
ba7e9ed788 Add a note on how to handle server first protocols 2022-06-14 12:24:08 +02:00
Romain
9ccc8cfb25 Prepare release v2.8.0-rc1 2022-06-13 17:26:12 +02:00
romain
9810bde68b Merge current v2.7 into master 2022-06-13 15:34:53 +02:00
Romain
251798a778 Prepare release v2.7.1 2022-06-13 15:30:08 +02:00
Ludovic Fernandez
91f4ccf087 Add Traefik Hub button and deprecate Pilot
Co-authored-by: Tom Moulard <tom.moulard@traefik.io>
2022-06-13 11:04:08 +02:00
Ludovic Fernandez
73306a1533 Hub documentation
Co-authored-by: jbdoumenjou <jb.doumenjou@gmail.com>
Co-authored-by: Baptiste Mayelle <baptiste.mayelle@traefik.io>
2022-06-13 10:02:08 +02:00
tfny
b3eb629785 Update the contributing docs for clarity and to encourage community activity 2022-06-10 19:06:10 +02:00
Seth Hoenig
aa0b5466a9 Implement Traefik provider for Nomad orchestrator 2022-06-10 18:32:08 +02:00
Seedy
becee5e393 feat: Reach the catalog of plugins from the Traefik dashboard 2022-06-10 17:08:07 +02:00
Tom Moulard
59e66dfce5 Merge current branch master into v2.7 2022-06-10 16:17:55 +02:00
Ludovic Fernandez
9c59df5e9c fix: invalid placeholder in log message 2022-06-10 16:16:08 +02:00
Tom Moulard
2a88b25712 Update gateway api link from v1alpha1 to v1alpha2 2022-06-10 15:12:08 +02:00
Ludovic Fernandez
b952f814c1 docs: fix rule expression render 2022-06-10 09:24:08 +02:00
Romain
f90e3817e8 Support multiple namespaces for Consul and ConsulCatalog providers
Co-authored-by: Kevin Pollet <pollet.kevin@gmail.com>
2022-06-03 12:00:09 +02:00
Ludovic Fernandez
6d6f8b28d7 Update go-acme/lego to v4.7.0 2022-06-02 13:00:08 +02:00
tfny
118d56fc40 Update the link for contributor swag 2022-06-02 09:36:08 +02:00
romain
f352c34136 Merge current v2.7 into master 2022-06-01 13:39:20 +02:00
Tom Moulard
fbf90e6981 Update Gateway API links 2022-06-01 10:42:08 +02:00
Robert Barbey
607faace07 Fix typo in stripPrefix middleware docs 2022-05-30 14:10:08 +02:00
romain
521109d3f2 Merge current v2.7 into master 2022-05-30 12:14:26 +02:00
Qi
ec25bdb9f9 Add destination address to debug log 2022-05-30 11:14:09 +02:00
mpl
685962545a docs: fix traefik version s/2.6/2.7/ 2022-05-25 18:14:08 +02:00
Romain
34d29e7a10 Prepare release v2.7.0 2022-05-24 18:58:08 +02:00
romain
05f3e60366 Merge branch v2.6 into v2.7 2022-05-24 17:49:39 +02:00
Romain
5aa1220e5a Prepare release v2.6.7 2022-05-24 16:14:08 +02:00
mpl
c1919c6b24 Update Yaegi to v0.12.0 2022-05-23 12:52:08 +02:00
karlosmunjos
6349e2e28c Updated browserXssFilter key to camel case 2022-05-23 10:50:08 +02:00
Maxence Moutoussamy
e642365613 Fix panic when getting certificates with non-existing store
Co-authored-by: Tom Moulard <tom.moulard@traefik.io>
2022-05-19 17:12:08 +02:00
Romain
ac4086d0ac Fix TCP-TLS/HTTPS routing precedence
Co-authored-by: Mathieu Lonjaret <mathieu.lonjaret@gmail.com>
2022-05-19 16:44:14 +02:00
Kevin Pollet
d5ff301d90 Support certificates configuration in TLSStore CRD
Co-authored-by: Romain <rtribotte@users.noreply.github.com>
2022-05-19 16:42:09 +02:00
Douglas De Toni Machado
575d4ab431 Fix initial tcp lookup when address is not available 2022-05-19 16:40:09 +02:00
Ludovic Fernandez
ede2be1f66 fix: skip Provide when TLS is nil 2022-05-19 15:00:16 +02:00
Ludovic Fernandez
d134a993d0 docs: fix default priority of the entrypoint redirection 2022-05-19 08:56:07 +02:00
Baptiste Mayelle
86cc6df374 feat: use dedicated entrypoint for the tunnels
Co-authored-by: Fernandez Ludovic <[ldez@users.noreply.github.com](mailto:ldez@users.noreply.github.com)>
2022-05-18 17:22:08 +02:00
Tom Moulard
32920ca65c Update linter 2022-05-17 15:48:08 +02:00
Kenny Root
3ac708ddcb Fix log statement for ExternalName misconfig 2022-05-16 10:00:08 +02:00
Ikko Ashimine
0dac0c3a5b Fix typo in maintainers guidelines 2022-05-13 09:44:08 +02:00
Ludovic Fernandez
9810120aff Upgrade to oxy v1.4.1 2022-05-11 09:12:08 +02:00
Tom Moulard
ae6e844143 Support URL replacement in errors middleware 2022-05-10 11:00:09 +02:00
Ludovic Fernandez
a34e1c0747 Upgrade to oxy v1.4.0 2022-05-10 09:36:08 +02:00
Maxence Moutoussamy
c29ed24a06 Update jaeger-client-go to v2.30.0 2022-05-10 08:50:09 +02:00
kevinpollet
619621f239 Merge branch v2.6 into v2.7 2022-05-04 10:20:46 +02:00
Kevin Pollet
ff5cd9b592 Prepare Release v2.6.6 2022-05-03 18:53:05 +02:00
Fernandez Ludovic
af855ef7b4 fix: generated placeholder for the webui 2022-05-03 18:46:16 +02:00
Kevin Pollet
6559d63d3c Prepare release v2.6.5 2022-05-03 18:28:08 +02:00
Kevin Pollet
4758cc0c8e Fix clean-webui target 2022-05-03 17:58:08 +02:00
Kevin Pollet
e4ed829661 Prepare release v2.6.4 2022-05-03 16:32:08 +02:00
Ludovic Fernandez
2968e5b61b fix: prevent failure of collected data 2022-05-03 15:54:08 +02:00
Kevin Pollet
7d274e8088 Deprecate caOptional option in client TLS configuration 2022-04-28 14:58:08 +02:00
John Preston
6c2eb6eef3 Filter out ECS anywhere instance IDs 2022-04-28 14:24:08 +02:00
smasset-orange
95257d2ee1 Fix RenewInterval computation in ACME provider 2022-04-26 14:36:08 +02:00
Tom Moulard
707d355d4a Merge branch v2.7 into master 2022-04-21 11:40:16 +02:00
Tom Moulard
73ba7ed2d2 Merge branch v2.6 into v2.7 2022-04-21 10:59:46 +02:00
mpl
55addfefc8 Re-add missing writeheader call in flush
Co-authored-by: Kevin Pollet <pollet.kevin@gmail.com>
2022-04-21 10:42:08 +02:00
mpl
0ecd85cc66 Fix bug for when custom page is large enough
Co-authored-by: Kevin Pollet <pollet.kevin@gmail.com>
2022-04-20 16:42:09 +02:00
Kevin Pollet
a9fe3f98c5 Update Yaegi to v0.11.3 2022-04-20 14:56:09 +02:00
Kevin Pollet
77b2a88819 Fix Traefik community links in GitHub templates 2022-04-20 14:20:08 +02:00
Romain
44621ad28c Fix default for buffering middleware
Co-authored-by: Mathieu Lonjaret <mathieu.lonjaret@gmail.com>
Co-authored-by: Kevin Pollet <pollet.kevin@gmail.com>
2022-04-19 15:32:08 +02:00
Tom Moulard
232e2c1e7d Fix regexp handling in redirect middleware 2022-04-15 17:24:08 +02:00
Tom Moulard
ad3625bef3 Improve documentation Makefile 2022-04-15 16:16:08 +02:00
Ludovic Fernandez
7c4bf602f0 Add title and description metadata to documentation pages 2022-04-15 15:44:08 +02:00
Mathias Zeller
ffdd693ff6 codegen: fix for users with large uids 2022-04-15 15:12:08 +02:00
kahirokunn
85b0a47fe8 docs: fix certificateRefs in dynamic configuration 2022-04-15 13:52:08 +02:00
Aleks Vujić
78822a8015 docs: add default mode for fields.names to access log 2022-04-15 12:48:08 +02:00
Major Hayden
55cef21fbe Move accessLog.fields example to TOML section 2022-04-15 12:16:08 +02:00
Tom Moulard
2691ac1307 Add safe.directory to the build image 2022-04-15 11:56:08 +02:00
Ali Deishidi
a51851247e Preflight requests are not forwarded to services 2022-04-11 17:22:09 +02:00
Ludovic Fernandez
0e532a3634 Update dynamic and static configuration references 2022-04-06 11:06:08 +02:00
Tom Moulard
883422dc21 Upgrade quic-go to v0.27.0 2022-04-06 10:06:13 +02:00
Tom Moulard
c9daf16388 Add .PHONY to Makefile targets 2022-04-05 17:18:07 +02:00
Romain
b22945e185 Remove duplicate error logs 2022-04-05 15:54:07 +02:00
Adrian Lai
71150bcaaf Allow config of additonal CircuitBreaker params 2022-04-05 12:30:08 +02:00
Tom Moulard
8c56d1a338 Allow HTTP/2 max concurrent stream configuration 2022-04-04 11:46:07 +02:00
Romain
a49b537d9c Prepare release v2.7.0-rc2 2022-03-29 17:00:09 +02:00
romain
45328ab719 Merge v2.6 into v2.7 2022-03-29 15:43:10 +02:00
Tom Moulard
4b755dc58d Prepare release v2.6.3 2022-03-29 15:00:09 +02:00
Romain
0f29e893f4 Return TLS unrecognized_name error when no certificate is available 2022-03-28 18:18:08 +02:00
Michael
e3adf93a74 fix: CI release 2022-03-28 17:36:07 +02:00
Sylvain Rabot
0d7d5a0318 Upgrade quic-go to v0.26.0 2022-03-28 17:08:09 +02:00
Tom Moulard
81f88dd998 Freeze python dependencies 2022-03-28 16:22:10 +02:00
Ludovic Fernandez
b6bfa905db Fix slice parsing for plugins 2022-03-28 15:24:08 +02:00
Jean-Baptiste Doumenjou
c0b0f3f0f7 Fix hub tls documentation 2022-03-25 15:42:08 +01:00
Tom Moulard
16d7b89cb1 Fixing dependency to build doc 2022-03-24 21:40:08 +01:00
Tom Moulard
a4560fa20d Prepare release v2.7.0-rc1 2022-03-24 20:54:08 +01:00
Jean-Baptiste Doumenjou
fbdb6e6e78 Add Traefik Hub Integration (Experimental Feature) 2022-03-24 19:44:08 +01:00
romain
8d58f33a28 Merge v2.6 into master 2022-03-24 17:22:56 +01:00
Romain
9398222db7 Prepare release v2.6.2 2022-03-24 17:14:57 +01:00
Douglas De Toni Machado
d2a2362be5 Add a Feature Deprecation page 2022-03-24 12:28:07 +01:00
Ludovic Fernandez
4c0a3721d0 Plugins and token 2022-03-24 08:54:07 +01:00
Nikolay Stankov
ba2d09f6fb Update entrypoint.md to add consistent CLI syntax 2022-03-23 10:38:09 +01:00
Nick Reilingh
7243e65b51 Fix certificates resolver typo 2022-03-23 09:26:08 +01:00
Tom Moulard
3bf4a8fbe2 Merge current v2.6 into master 2022-03-22 15:55:44 +01:00
Ludovic Fernandez
23a6602cbf Bump paerser to v0.1.5 2022-03-22 11:04:08 +01:00
J.Winter
822b94c45d Add default certificate definition example for Kubernetes 2022-03-22 09:56:07 +01:00
lczw
0a776c3fd5 Fix small typo in Redis provider documentation 2022-03-21 17:32:07 +01:00
Tom Moulard
d7378a96ad chore: update linter 2022-03-21 10:42:08 +01:00
Wingy
db4c6111fd Fix fenced code block typo in Buffering middleware page 2022-03-21 10:10:08 +01:00
Romain
2da7fa0397 Add HostSNIRegexp rule matcher for TCP 2022-03-18 16:04:08 +01:00
Tom Moulard
0d58e8d1ad Add Traefik Hub access and remove Pilot access 2022-03-18 11:06:08 +01:00
Daniel Tomcej
dad76e0478 Add muxer for TCP Routers 2022-03-17 18:02:08 +01:00
Tom Moulard
79aab5aab8 Add Failover service
Co-authored-by: Kevin Pollet <pollet.kevin@gmail.com>
2022-03-17 12:02:09 +01:00
Douglas De Toni Machado
b02c651961 Add a deprecation notices section 2022-03-17 10:28:09 +01:00
Nick Reilingh
0617a1b0e0 Fix routing overview examples 2022-03-16 15:00:08 +01:00
Nick Reilingh
06749e71f2 Clarify concepts documentation page 2022-03-15 15:38:08 +01:00
Tom Moulard
6622027c7c Merge current v2.6 into master 2022-03-11 10:07:20 +01:00
Tchoupinax
401c171bbd Add a link to service on router detail view 2022-03-07 16:16:08 +01:00
mpl
a1e766e180 doc: fix, docker uses Label(), not Tag() 2022-03-07 11:48:09 +01:00
Tom Moulard
63bb770b9c Allow empty services in Kubernetes CRD 2022-03-07 11:08:07 +01:00
Tom Moulard
b3de9a040b Add a target that is a real resource to generate-webui 2022-03-04 15:28:07 +01:00
Romain
a59dbc4c79 Adjust rule length in routers documentation 2022-03-04 11:24:07 +01:00
Kevin Pollet
40deefa868 Fix HostRegexp examples 2022-03-04 10:50:07 +01:00
mloiseleur
491de0cf64 Enhance doc on static vs dynamic configuration 2022-03-03 20:18:07 +01:00
Tom Moulard
c7b24f4e9c Replace npm with yarn to install/run the webui 2022-03-03 18:08:07 +01:00
mpl
27a7563e33 Add simpler and faster debug Makefile target 2022-03-03 15:42:08 +01:00
Tom Moulard
25725e9b2f Merge current v2.6 into master 2022-02-21 14:07:27 +01:00
Josh Soref
819de02101 Spelling 2022-02-21 12:40:09 +01:00
Tom Moulard
ce851a5929 Fix struct tag typo 2022-02-21 12:10:08 +01:00
0xflotus
7e390ef516 Fix brand typo 2022-02-21 10:50:08 +01:00
Romain
fb23bd5d26 Fix empty WebUI static assets directory 2022-02-18 15:44:08 +01:00
Ludovic Fernandez
6974f54bfd docs: fix product name 2022-02-15 17:04:34 +01:00
Kevin Pollet
aaf5aa4506 Configure advertised port using h3 server option
Co-authored-by: Romain <rtribotte@users.noreply.github.com>
2022-02-15 16:04:09 +01:00
Ludovic Fernandez
371b6e3c86 chore: update linter 2022-02-15 14:56:53 +01:00
Sylvain Rabot
9297055ad8 Upgrade quic-go to v0.25.0 2022-02-15 10:16:08 +01:00
Sakala Venkata Krishna Rohit
9e96089da6 Add s390x arch support 2022-02-15 10:08:08 +01:00
Tom Moulard
a79868fadc Merge current v2.6 into master 2022-02-15 09:09:16 +01:00
Tom Moulard
84a0810546 Prepare release v2.6.1 2022-02-14 17:44:08 +01:00
Ludovic Fernandez
d9fbb5e25c Use CNAME for SNI check on host header
Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com>
2022-02-14 17:18:08 +01:00
Ludovic Fernandez
e97aa6515b Update test certificates 2022-02-14 14:08:07 +01:00
luckielordie
6bcfba43c8 Rename Datadog span tags 2022-02-10 16:00:09 +01:00
Ludovic Fernandez
0c83ee736c Apply the same approach as the rules system on the TLS configuration choice
Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com>
2022-02-10 10:42:07 +01:00
Dmitry Sharshakov
ca55dfe1c6 Support InfluxDB v2 metrics backend 2022-02-09 15:32:12 +01:00
Tom Moulard
4da33c2bc2 Fix metrics bucket key high cardinality 2022-02-09 09:58:08 +01:00
Sylvain Rabot
2d56be0ebb Fix Kubernetes TCP examples 2022-02-07 15:22:07 +01:00
Richard Kojedzinszky
5780dc2b15 Refactor configuration reload/throttling
Co-authored-by: Mathieu Lonjaret <mathieu.lonjaret@gmail.com>
2022-02-07 11:58:04 +01:00
Tom Moulard
764bf59d4d Merge current v2.6 into master 2022-02-04 14:32:57 +01:00
Tom Moulard
6742dd8454 Fix mixups in metrics documentation 2022-02-03 15:16:12 +01:00
Vladislav Shub
3ac755bd2f Add Hurricane Electric to acme documentation 2022-01-31 13:30:05 +01:00
JasonWang2016
7543709ecf Watch for Consul events to rebuild the dynamic configuration
Co-authored-by: Kevin Pollet <pollet.kevin@gmail.com>
Co-authored-by: Romain <rtribotte@users.noreply.github.com>
2022-01-28 17:16:07 +01:00
Ludovic Fernandez
3ed72c4e46 Add domain to HTTP challenge errors 2022-01-27 10:58:04 +01:00
mpl
477fa15859 Clarify that ACME challenge is mandatory 2022-01-26 18:10:05 +01:00
kevinpollet
1048348ae6 Merge current v2.6 into master 2022-01-25 18:19:40 +01:00
Manuel Zapf
390eb9cb61 Explain a bit more around enabling HTTP3 2022-01-25 10:48:05 +01:00
Romain
5a1c936ede Prepare release v2.6.0 2022-01-24 17:58:04 +01:00
romain
47ad6538f1 Merge current v2.5 into v2.6 2022-01-24 15:42:27 +01:00
Kevin Pollet
9be44d8330 Configure Consul Catalog namespace at client level
Co-authored-by: Romain <rtribotte@users.noreply.github.com>
2022-01-24 15:30:05 +01:00
Ali
a4b354b33f Redact credentials before logging
Co-authored-by: Tom Moulard <tom.moulard@traefik.io>
Co-authored-by: Mathieu Lonjaret <mathieu.lonjaret@gmail.com>
2022-01-24 11:08:05 +01:00
Philippos Slicher
a70b864c55 Fix typo in metrics overview page 2022-01-21 09:54:07 +01:00
Romain
3bd5fc0f90 Prepare release v2.6.0-rc3 2022-01-20 18:58:07 +01:00
Tom Moulard
aabfb792af Merge current v2.5 into v2.6 2022-01-20 17:44:55 +01:00
Romain
e5e48d1cc1 Prepare release v2.5.7 2022-01-20 17:08:07 +01:00
Tom Moulard
42a110dd69 Adjust log level from info to debug
Co-authored-by: rhtenhove <rhtenhove@users.noreply.github.com>
2022-01-20 12:36:08 +01:00
Tom Moulard
64af364b02 Merge current v2.5 into v2.6 2022-01-20 09:48:51 +01:00
Ludovic Fernandez
cf14b8fa92 Update go-acme/lego to v4.6.0 2022-01-20 09:38:07 +01:00
Kevin Pollet
e7dc6ec025 Fix HTTP provider endpoint config example 2022-01-19 19:50:05 +01:00
Kevin Pollet
f29e311b73 Support token authentication for Consul KV 2022-01-19 17:46:11 +01:00
romain
a914ce2bd2 docs: fix instana tracer documentation link 2022-01-19 16:35:06 +01:00
romain
b42a7c89e7 Merge current v2.5 into v2.6 2022-01-19 16:16:18 +01:00
Romain
67483c1b17 Exclude www.cloudxns.net from documentation verification 2022-01-19 16:10:08 +01:00
mpl
4071f1e7f2 Mitigate memory leak 2022-01-17 14:28:05 +01:00
Ludovic Fernandez
577709fff3 fix: middleware plugins memory leak
Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com>
2022-01-14 12:22:06 +01:00
Tom Moulard
8cd45476ac Fix middleware regexp's display 2022-01-13 18:38:06 +01:00
Tom Moulard
cf14504fd5 Prepare release v2.6.0-rc2 2022-01-12 16:40:06 +01:00
Kevin Pollet
b84829336d Support Consul KV Enterprise namespaces
Co-authored-by: Romain <rtribotte@users.noreply.github.com>
2022-01-12 14:42:21 +01:00
Tom Moulard
ba822acb23 Merge current v2.6 into master 2022-01-10 16:17:25 +01:00
Andrii Kushch
d969e59911 Upgrade Instana tracer dependency 2022-01-10 16:08:20 +01:00
Tom Moulard
936b6148ff Merge current v2.5 into v2.6 2022-01-10 14:43:25 +01:00
Martin Rauscher
a9776ceafc Improve regexp matcher documentation 2022-01-10 14:32:04 +01:00
Colin Wilson
e471239955 Remove typo in Kubernetes providers labelSelector examples 2022-01-06 11:58:07 +01:00
Kevin Pollet
2e8156bfaa Update copyright for 2022 2022-01-06 11:34:05 +01:00
Tom Moulard
f5dd233a3b Merge current v2.6 into master 2021-12-29 17:35:32 +01:00
Tom Moulard
48ce6c32c1 Remove go-bindata from semaphore 2021-12-29 17:32:06 +01:00
Tom Moulard
4990239855 Merge current v2.5 into v2.6 2021-12-29 15:08:51 +01:00
Tom Moulard
5e2c929322 Fix broken jaeger documentation link 2021-12-29 15:06:04 +01:00
Tom Moulard
2b5355c849 Update golangci-lint install script 2021-12-23 15:44:05 +01:00
Romain
f21f71786a Prepare release v2.5.6 2021-12-22 17:22:04 +01:00
Tom Moulard
fc7f109cb2 Merge current v2.5 into v2.6 2021-12-22 15:02:51 +01:00
Tom Moulard
a711f0d037 fix: update goreleaser install link to use gist 2021-12-22 14:12:04 +01:00
Ludovic Fernandez
98fc6ca441 Update Yaegi to v0.11.2 2021-12-22 09:24:05 +01:00
ichx
c10f1a3a36 Add missing API endpoints documentation 2021-12-21 14:48:05 +01:00
Tom Moulard
da092e653d Prepare release v2.6.0-rc1 2021-12-20 17:02:06 +01:00
Tom Moulard
bf29417136 Merge current v2.5 into master 2021-12-20 14:43:35 +01:00
Douglas De Toni Machado
79a14ce992 Fix passTLSClientCert CRD example name 2021-12-18 00:52:04 +01:00
Alestrix
99ce26f7b1 Correct documentation in middleware overview 2021-12-17 16:24:06 +01:00
Kevin Pollet
16250361c3 chore: update golang.org/x/net dependency version 2021-12-16 11:52:04 +01:00
Kevin Pollet
be44385b42 fix: process all X-Forwarded-For headers in the request 2021-12-14 15:36:07 +01:00
Tom Moulard
54c77ecb54 Prepare release v2.5.5 2021-12-10 17:52:04 +01:00
tfny
a30f0dcabd Update CODE_OF_CONDUCT.md 2021-12-09 11:00:06 +01:00
Ludovic Fernandez
efef7dce4f plugins: start the go routine before calling Provide 2021-12-08 17:08:05 +01:00
Tom Moulard
1c9e4c6050 doc: align docker configuration example notes in basicauth HTTP middleware 2021-12-07 10:04:05 +01:00
Tom Moulard
89cd9e8ddd Merge current v2.5 into master 2021-12-06 17:39:06 +01:00
Markus Lippert
92093a8c09 Update go-acme/lego to v4.5.3 2021-12-06 15:44:04 +01:00
Kevin Pollet
d970813c20 Support consul enterprise namespaces in consul catalog provider
Co-authored-by: Romain <rtribotte@users.noreply.github.com>
2021-12-03 19:30:07 +01:00
Kevin Pollet
f69982aa9d docs: uniformize client TLS config documentation 2021-12-02 15:42:06 +01:00
Tom Moulard
82fdc569c2 docs: removing typo in consul-catalog provider doc 2021-12-01 15:58:05 +01:00
Tom Moulard
def0c1a526 Update yaegi to v0.11.1 2021-11-30 17:36:06 +01:00
Tom Moulard
93de7cf0c0 feat: add in flight connection middleware 2021-11-29 17:12:06 +01:00
Romain Bailly
ef2d03d96e fix: propagate source criterion config to RateLimit middleware in Kubernetes CRD 2021-11-26 12:10:11 +01:00
Kevin Pollet
321c9421ea chore: update docker/cli and containerd dependency versions 2021-11-25 15:34:06 +01:00
Charlie Haley
5a225b4196 test: upgrade docker-compose
Co-authored-by: Rémi Buisson <remi.buisson@traefik.io>
2021-11-25 11:10:06 +01:00
Pierre-Yves Aillet
95fabeae73 feat: rate-limit ceil Retry-After to superior integer 2021-11-16 16:38:11 +01:00
Gustavo Silva
525a6cf5b2 docs: remove misleading metrics overview configuration 2021-11-16 09:38:12 +01:00
Julien Acroute
27ec0912d5 docs: health check use readiness probe in k8s 2021-11-15 11:14:06 +01:00
Daniel Adams
83a7f10c75 Refactor Exponential Backoff 2021-11-10 15:34:10 +01:00
Pablo Montepagano
0a5c9095ac feat: allow configuration of ACME certificates duration 2021-11-10 12:06:09 +01:00
kerrsmith
0a31225e65 fixed minor spelling error in Regexp Syntax section 2021-11-09 16:50:11 +01:00
Kevin Pollet
db4a92d877 fix: increase UDP read buffer length to max datagram size
Co-authored-by: Tom Moulard <tom.moulard@traefik.io>
2021-11-09 15:12:07 +01:00
Ludovic Fernandez
9df053e3f5 Update yaegi v0.11.0 2021-11-09 14:30:09 +01:00
Tom Moulard
1f17731369 feat: add readIdleTimeout and pingTimeout config options to ServersTransport
Co-authored-by: Kevin Pollet <pollet.kevin@gmail.com>
2021-11-09 12:16:08 +01:00
Kevin Pollet
8e32d1913b Update gateway api provider to v1alpha2
Co-authored-by: Tom Moulard <tom.moulard@traefik.io>
2021-11-09 11:34:06 +01:00
Tom Moulard
e10a82a501 fix: git ignore autogen/ 2021-11-09 03:48:13 +01:00
kevinpollet
ce47f200d5 Merge branch v2.5 into master 2021-11-08 22:41:43 +01:00
Romain
95dc43ce4a Prepare release v2.5.4 2021-11-08 18:36:13 +01:00
Tom Moulard
d91eefa74f fix: TCP/UDP wrr when all servers have a weight set to 0
Co-authored-by: Kevin Pollet <pollet.kevin@gmail.com>
2021-11-08 17:58:12 +01:00
Kevin Pollet
ffdfc13461 docs: fix typo in addRoutersLabels option title 2021-11-08 13:32:10 +01:00
kerrsmith
a13b03ef3d docs: add named groups details to Regexp Syntax section 2021-11-08 10:06:05 +01:00
Tom Moulard
69d504c905 fix: git ignore webui/static/ 2021-11-05 18:02:05 +01:00
CrispyBaguette
bda7e025a2 docs: remove link to microbadger.com 2021-11-05 17:28:06 +01:00
Ludovic Fernandez
596f04eae8 chore: update linter 2021-11-04 09:50:11 +01:00
Kevin Pollet
b39d226fb8 fix: use host's root CA set if ClientTLS ca is not defined
Co-authored-by: Tom Moulard <tom.moulard@traefik.io>
2021-11-03 17:38:07 +01:00
Marc Bihlmaier
20dfb91948 docs: remove quotes in certificatesresolvers CLI examples 2021-10-28 18:14:14 +02:00
Tom Moulard
e033355225 fix: do not validate shell script in node-modules folder 2021-10-27 10:34:05 +02:00
Kevin Pollet
56ed45ae70 docs: remove non-working kind config in IngressRouteTCP/UDP examples 2021-10-26 12:08:12 +02:00
Kevin Pollet
d3ff0c2cd4 fix: do not require a TLS client cert when InsecureSkipVerify is false
Co-authored-by: Tom Moulard <tom.moulard@traefik.io>
2021-10-26 10:54:11 +02:00
Romain
566b205758 Clarify usage for cross provider references in Kubernetes ingress annotations 2021-10-26 10:30:13 +02:00
Tom Moulard
b537ccdb0c doc: update traefik image version 2021-10-25 17:18:12 +02:00
Pedro López Mareque
d9b8435a7d feat: rename networking.k8s.io/v1beta1 to networking.k8s.io/v1 2021-10-21 09:44:12 +02:00
Pedro López Mareque
c0ba4d177f fix: sourceCriterion documentation for InFlightReq and RateLimit middlewares 2021-10-19 14:40:06 +02:00
Anton Kindblad
7377ab7b95 fix(ui): bug parsing weighted service provider name 2021-10-18 14:52:14 +02:00
Tom Moulard
207ac94ed0 Fix remove http scheme urls in documentation 2021-10-08 11:52:05 +02:00
Daniel Tomcej
fe32a7e584 fix: use EscapedPath as header value when RawPath is empty 2021-10-08 11:32:08 +02:00
Aaron Raff
25e12aee14 kubernetes: normalize middleware names in ingress route config 2021-10-07 15:40:05 +02:00
Huan Wang
85dd45cb81 Add prefix to datadog metrics 2021-10-06 17:34:07 +02:00
kevinpollet
32340252b2 Merge branch v2.5 into master 2021-10-06 11:55:12 +02:00
Jack Morgan
5d716f0149 Mention escaping escape characters in YAML for regex usage 2021-10-06 11:36:11 +02:00
Ludovic Fernandez
918a343557 chore: update proxyprotocol and consul 2021-10-04 17:54:10 +02:00
Tom Moulard
969dd088a2 gateway api: support RouteNamespaces
Co-authored-by: Jean-Baptiste Doumenjou <925513+jbdoumenjou@users.noreply.github.com>
2021-10-04 15:46:08 +02:00
Ludovic Fernandez
89001ae9a4 Update go-acme/lego to v4.5.0 2021-10-01 09:20:08 +02:00
Roman Mahrer
c99221fa34 Fix typo in KV providers documentation 2021-09-29 13:22:12 +02:00
Andrii Kushch
9ef3fc84f9 Upgrade Instana tracer and make process profiling configurable 2021-09-29 11:52:08 +02:00
Kevin Pollet
d28bcf24e5 docs: reword tracing config descriptions to be consistent 2021-09-29 10:40:14 +02:00
KallyDev
8d739c411b Move from deprecated ioutil to os and io packages 2021-09-28 15:30:14 +02:00
Kevin Pollet
46c1600ada fix: forward request Host to errors middleware service
Co-authored-by: Romain <rtribotte@users.noreply.github.com>
2021-09-27 17:40:13 +02:00
Kevin Pollet
126b32c579 fix: add missing RequireAnyClientCert value to TLSOption CRD 2021-09-24 11:32:07 +02:00
Tom Moulard
380514941c Merge current v2.5 into master 2021-09-23 16:10:03 +02:00
Max Baumann
61ceb7a32c docs: replace links to French translation of k8s docs with English ones 2021-09-21 16:28:11 +02:00
Lukas Schulte Pelkum
07a3c37a23 Implement customizable minimum body size for compress middleware 2021-09-20 18:00:08 +02:00
Romain
c7e13eb082 Prepare release v2.5.3 2021-09-20 17:30:06 +02:00
Tom Moulard
6906a022ca Add cross namespace verification in Kubernetes CRD 2021-09-20 12:54:05 +02:00
Harald Kraemer
8f0832d340 Add configurable tags to influxdb metrics 2021-09-17 09:08:07 +02:00
Kevin Pollet
bda0dba131 fix: add peerCertURI config to k8s crd provider
Co-authored-by: Jean-Baptiste Doumenjou <925513+jbdoumenjou@users.noreply.github.com>
2021-09-17 08:56:07 +02:00
Romain
76867e39ea Fix ServersTransport reference from IngressRoute service definition
Co-authored-by: Jean-Baptiste Doumenjou <925513+jbdoumenjou@users.noreply.github.com>
2021-09-16 15:12:13 +02:00
Simon Stender Boisen
6f8e8ea252 Ensure disableHTTP2 works with k8s crd 2021-09-16 12:18:08 +02:00
Aaron Raff
8e7881094f docs: add default proxy headers 2021-09-16 11:18:12 +02:00
Ludovic Fernandez
7d09132a5c Update yaegi to v0.10.0 2021-09-16 10:20:07 +02:00
Ludovic Fernandez
6f4a7fb604 chore: upgrade linter 2021-09-16 09:16:07 +02:00
Tom Moulard
6e28db513c Metrics router fix
Co-authored-by: Michael <michael.matur@gmail.com>
Co-authored-by: Romain <rtribotte@users.noreply.github.com>
2021-09-15 17:26:06 +02:00
Kevin Pollet
2084201c8f fix: experimental image build
Co-authored-by: Jean-Baptiste Doumenjou <925513+jbdoumenjou@users.noreply.github.com>
2021-09-15 12:10:06 +02:00
Antoine
70359e5d27 Replace go-bindata with Go embed
Co-authored-by: nrwiersma <nick@wiersma.co.za>
2021-09-15 10:36:14 +02:00
Tom Moulard
a72d124551 Fix certChan defaulting on consul catalog provider 2021-09-14 17:12:12 +02:00
Daniel Tomcej
7ff13c3e3e Support Kubernetes basic-auth secrets
Co-authored-by: Romain <rtribotte@users.noreply.github.com>
2021-09-14 15:16:11 +02:00
Jean-Baptiste Doumenjou
55360c1eaf Add Tom Moulard in maintainers team 2021-09-14 10:42:14 +02:00
valerauko
60ff50a675 Add HTTP3Config 2021-09-10 14:58:13 +02:00
Jean-Baptiste Doumenjou
ba3967aa16 Merge current v2.5 into master 2021-09-10 12:00:24 +02:00
Jean-Baptiste Doumenjou
fffa413121 Fix golang doc URLs 2021-09-10 11:42:07 +02:00
Ricardo Tribaldos
c011bdfdd8 docs: fix error in example (YAML) for TCP middleware whitelist 2021-09-06 09:30:09 +02:00
romain
4235cef1b2 Merge current v2.5 into master 2021-09-03 09:13:34 +02:00
Romain
871e04cb12 Prepare release v2.5.2 2021-09-02 16:46:11 +02:00
Romain
287cebb498 Fix CRDs code and manifests generation 2021-09-02 14:40:08 +02:00
Sylvain Rabot
6c8d200373 Upgrade github.com/lucas-clemente/quic-go to v0.23.0 2021-09-02 12:06:10 +02:00
Anton Gubarev
0ac6f80b50 Fix empty body error in mirror 2021-09-02 10:46:13 +02:00
Romain
2b73860ea5 Adds pathType for v1 ingresses examples 2021-09-02 10:20:12 +02:00
Romain
ddcb003b3b Bump go.elastic.co/apm version to v1.13.1 2021-09-02 09:56:11 +02:00
Romain
be52c5abb1 Fix http scheme urls in documentation 2021-08-31 18:54:06 +02:00
romain
f81ceaef8a Merge current v2.5 into master 2021-08-30 14:51:57 +02:00
Romain
eb6c5fc34d Fix experimental images workflow 2021-08-30 14:24:12 +02:00
Romain
4fc16f26a3 Build experimental images 2021-08-30 12:20:14 +02:00
Romain
234d35f592 Fix alpine docker image to version 3.14 2021-08-30 11:38:12 +02:00
Roopak Venkatakrishnan
352a72a5d7 Update x/sys to support go 1.17 2021-08-25 21:00:11 +02:00
Romain
4d1ce986a6 Bumps alpine docker images to v1.14.1 2021-08-25 11:14:10 +02:00
Romain
531a8ff248 Prepare release v2.5.1 2021-08-20 18:27:12 +02:00
Romain
2644c1f598 Makes ALPN protocols configurable 2021-08-20 18:20:06 +02:00
Julien Salleyron
fa53f7ec85 Conditional CloseNotify in header middleware 2021-08-19 18:02:07 +02:00
Per Osbäck
e05574af58 Adds MiddlewareTCP CRD documentation 2021-08-19 17:00:14 +02:00
euidong
fcfc976b13 Adds ContentType to middleware's overview table 2021-08-19 15:00:11 +02:00
romain
78180a5fa7 Merge current v2.4 into v2.5 2021-08-19 11:45:19 +02:00
Romain
3445abe7ac Fix Kubernetes Gateway API documentation links 2021-08-19 11:18:11 +02:00
Romain
e0b442a48b Prepare release v2.5.0 2021-08-17 18:04:05 +02:00
Romain
bd1c84755b Update Go version to v1.17 2021-08-17 17:20:12 +02:00
Matthias Schneider
a7194e96e0 Fix dashboard title for TCP middlewares 2021-08-17 15:02:15 +02:00
romain
2bd60f9e60 Merge current v2.4 into v2.5 2021-08-17 10:05:22 +02:00
Romain
35a40c8727 Prepare release v2.4.14 2021-08-16 17:26:14 +02:00
Romain
7f62667569 Update mkdocs dependency version 2021-08-16 12:32:07 +02:00
Avtion
fd4ba585ee fix: an example code error in doc 2021-08-16 10:08:08 +02:00
mpl
81eb46e36d Prepare release v2.5.0-rc6 2021-08-13 18:04:15 +02:00
mpl
b7700e77bf Update Go version 2021-08-13 17:42:09 +02:00
Tristan Colgate-McFarlane
e73dd31619 redirect: fix comparison when explicit port request and implicit redirect port
Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com>
Co-authored-by: Ludovic Fernandez <ldez@users.noreply.github.com>
2021-08-11 17:10:12 +02:00
Jean-Baptiste Doumenjou
187ec26d8e Merge current v2.4 into v2.5 2021-08-05 18:09:23 +02:00
Jean-Baptiste Doumenjou
ef9b79f85c Remove unwanted trailing slash in key
Co-authored-by: Mathieu Lonjaret <mathieu.lonjaret@gmail.com>
2021-08-05 18:02:12 +02:00
Jean-Baptiste Doumenjou
32d88a977d Avoid unauthorized midlleware cross namespace reference
Co-authored-by: Mathieu Lonjaret <mathieu.lonjaret@gmail.com>
Co-authored-by: Romain <rtribotte@users.noreply.github.com>
2021-08-05 17:42:08 +02:00
Michael
547c380961 fix: change machine type for release 2021-08-05 10:08:06 +02:00
Fernandez Ludovic
848e23b489 fix: decrease semaphoreci machine type 2021-08-03 20:15:21 +02:00
mmatur
d63cb1b4d6 Prepare release v2.5.0-rc5 2021-08-03 19:58:08 +02:00
mmatur
c45de0d8bc fix: increase semaphoreci machine type 2021-08-03 19:45:33 +02:00
Jean-Baptiste Doumenjou
5c18967f06 Prepare release v2.5.0-rc4 2021-08-03 18:42:11 +02:00
Jean-Baptiste Doumenjou
e78f172f02 Merge current v2.4 into v2.5 2021-08-03 17:04:58 +02:00
mpl
4fc077a5d2 Prepare release v2.4.13 2021-07-30 16:50:07 +02:00
Romain
7f307d60c4 Kubernetes: detect changes for resources other than endpoints 2021-07-30 15:08:10 +02:00
Ludovic Fernandez
b386964abc fix: remove hop-by-hop headers define in connection header beore some middleware
Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com>
2021-07-30 12:20:07 +02:00
Eric
817ac8f256 Add organizationalUnit to passtlscert middleware 2021-07-28 17:42:09 +02:00
romain
c76d58d532 Merge current v2.5 into master 2021-07-28 15:21:46 +02:00
romain
4b456f3b76 Merge current v2.4 into v2.5 2021-07-28 14:40:49 +02:00
Michael
319e3065f0 fix: upgrade k3s version 2021-07-28 14:28:11 +02:00
Michael
a48a8a97a1 fix: restore cache only once 2021-07-27 19:16:06 +02:00
Jean-Baptiste Doumenjou
8be434aaad Prepare release v2.4.12 2021-07-26 18:08:09 +02:00
mpl
d9fc775084 ratelimiter: use correct ttlSeconds value, and always call Set
Co-authored-by: Romain <rtribotte@users.noreply.github.com>
Co-authored-by: Daniel Tomcej <daniel.tomcej@gmail.com>
2021-07-26 17:20:27 +02:00
Tom Moulard
f25139424a Merge remote-tracking branch 'origin/v2.5' into merge-back-v2.5-into-master 2021-07-23 13:14:26 +02:00
Tom Moulard
2d95c37ea4 Merge current v2.4 into v2.5 2021-07-23 11:26:15 +02:00
Michael
e12630ef06 feat: Add new CI system 2021-07-23 11:00:07 +02:00
Jean-Baptiste Doumenjou
48bd279311 Prepare release v2.5.0-rc3 2021-07-20 16:26:08 +02:00
romain
36ffdf548d Merge v2.5 into master 2021-07-20 15:38:53 +02:00
romain
a5b169c563 Merge current v2.4 into v2.5 2021-07-20 14:06:13 +02:00
Romain
bc5e621683 Get Kubernetes server version early 2021-07-20 13:02:10 +02:00
Ludovic Fernandez
1e69939532 Update yaegi to v0.9.21 2021-07-20 11:58:06 +02:00
Tom Moulard
d8156ef625 Fix dashboard to display middleware details 2021-07-20 10:36:06 +02:00
Daniel Tomcej
c2c4dc9b58 Don't remove ingress config on API call failure 2021-07-19 20:06:07 +02:00
Ludovic Fernandez
ffd4e207a4 Downgrade yaegi to v0.9.19 2021-07-19 18:54:04 +02:00
romain
bd3271aff0 Merge current v2.4 into v2.5 2021-07-19 15:18:38 +02:00
Romain
0664f5a9ca Fix KV reference documentation 2021-07-19 14:54:14 +02:00
Tom Moulard
c515ace328 Library change for compress middleware to increase performance 2021-07-19 10:22:14 +02:00
Daniel Tomcej
8d4620dc53 check if defaultcertificate is defined in store 2021-07-19 09:58:14 +02:00
Jean-Baptiste Doumenjou
16f65f669b Update Gateway API version to v0.3.0
Co-authored-by: Tom Moulard <tom.moulard@traefik.io>
2021-07-15 17:20:08 +02:00
Romain
2a2f7f783f Prepare release v2.4.11 2021-07-15 16:48:11 +02:00
Ludovic Fernandez
6ae50389e6 Update code generator for plugin's dyn conf 2021-07-15 15:58:08 +02:00
Jean-Baptiste Doumenjou
87fd51d7ec Fix migration guide 2021-07-15 14:40:13 +02:00
Mohammad Gufran
7e43e5615e Add Support for Consul Connect
Co-authored-by: Florian Apolloner <apollo13@users.noreply.github.com>
2021-07-15 14:02:11 +02:00
Jean-Baptiste Doumenjou
985f8778e9 fix doc verify script (#8266) 2021-07-15 00:09:51 +02:00
romain
3a180e2afc Merge current v2.4 into v2.5 2021-07-13 18:12:29 +02:00
Jean-Baptiste Doumenjou
2f47bb0df6 Prepare release v2.4.10 2021-07-13 16:54:08 +02:00
Daniel Tomcej
7e0f0d9d11 Ignore http 1.0 request host missing errors 2021-07-13 15:30:20 +02:00
Jean-Baptiste Doumenjou
e1f5866989 Detect certificates content modifications
Co-authored-by: Romain <rtribotte@users.noreply.github.com>
Co-authored-by: Mathieu Lonjaret <mathieu.lonjaret@gmail.com>
2021-07-13 14:14:35 +02:00
Daniel Tomcej
3c1ed0d9b2 Disable ExternalName Services by default on Kubernetes providers 2021-07-13 12:54:09 +02:00
Daniel Tomcej
10ab39c33b Add *headers.responseModifier CloseNotify() 2021-07-13 12:28:07 +02:00
Daniel Tomcej
3072354ca5 Disable Cross-Namespace by default for IngressRoute provider 2021-07-13 10:48:05 +02:00
Romain
14499cd6e5 Fix: Add dedicated integration tests targets for CI 2021-07-12 18:32:10 +02:00
Ludovic Fernandez
5d3dc3348e accesslog: multiple times the same header name. 2021-07-09 14:22:13 +02:00
romain
ca2ff214c4 Merge current v2.5 into master 2021-06-30 11:56:49 +02:00
Tom Moulard
f8db285d5d Update generated and reference doc for plugins
Co-authored-by: Romain <rtribotte@users.noreply.github.com>
2021-06-29 17:02:13 +02:00
Fernandez Ludovic
1f880662d6 Prepare release v2.5.0-rc2 2021-06-28 20:43:21 +02:00
Fernandez Ludovic
febab86682 chore: increase goreleaser timeout. 2021-06-28 20:41:51 +02:00
Romain
8070dfef45 Prepare release v2.5.0-rc1 2021-06-28 18:00:12 +02:00
romain
fc69f882c5 Merge current v2.4 into master 2021-06-28 10:07:17 +02:00
mpl
838a8e18d3 healthcheck: add support at the load-balancers of services level
Co-authored-by: Dmitry Sharshakov <d3dx12.xx@gmail.com>
Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com>
Co-authored-by: Jean-Baptiste Doumenjou <925513+jbdoumenjou@users.noreply.github.com>
Co-authored-by: Romain <rtribotte@users.noreply.github.com>
Co-authored-by: Tom Moulard <tom.moulard@traefik.io>
2021-06-25 21:08:11 +02:00
Ludovic Fernandez
5e3e47b484 Local private plugins.
Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com>
2021-06-25 15:50:09 +02:00
Wei Lun
6d8512bda0 Add the list of available provider names 2021-06-24 18:34:05 +02:00
Romain
cd68cbd3ea Fix: malformed Kubernetes resource names and references in tests 2021-06-24 17:32:07 +02:00
Wei Lun
55845c95bb docs: fix invalid subdomain 2021-06-24 11:28:05 +02:00
romain
a243ac4dde Merge current v2.4 into master 2021-06-24 08:53:12 +02:00
Ludovic Fernandez
a01cbb42c7 Convert issue templates to issue forms. 2021-06-24 08:52:13 +02:00
patricia
b5da5760a2 Typos in contributing section 2021-06-23 05:28:09 +02:00
patricia
c190b160e9 fix maintainers-guidelines page title 2021-06-23 00:40:10 +02:00
romain
ce2e02b690 Merge current v2.4 into master 2021-06-22 14:44:56 +02:00
Tobias
5dab09c42b Remove microbadger (Shutdown) 2021-06-22 10:00:11 +02:00
Daniel Tomcej
03b08d67f0 chore: upgrade linter 2021-06-22 00:08:06 +02:00
Jean-Baptiste Doumenjou
5841c9a7a5 Prepare release v2.4.9 2021-06-21 17:00:09 +02:00
Michael
ed9b1bea3f Use github action to check and verify doc 2021-06-21 16:04:13 +02:00
Wei Lun
dca348359b add permissionsPolicy and deprecate featurePolicy 2021-06-21 15:16:13 +02:00
Romain
cf0759a48f Update documentation references 2021-06-21 11:54:08 +02:00
Tom Moulard
c9df233d24 Changing default file format for the snippets from TOML to YAML 2021-06-19 00:08:08 +02:00
Ludovic Fernandez
99a23b0414 Use a dynamic buffer to handle client Hello SNI detection 2021-06-18 19:24:17 +02:00
Daniel Tomcej
95e0633b2f Create buffered signals channel 2021-06-18 18:43:10 +02:00
Maël Valais
5ca210fa60 gateway-api: fix the "values" field in the example of httproute 2021-06-18 18:14:07 +02:00
Michael
2ccdc419d0 Override jaeger configuration with env variables 2021-06-18 18:10:05 +02:00
Andreas Fitzek
9af0e705a5 Update Elastic APM from 1.7.0 to 1.11.0 2021-06-17 09:52:05 +02:00
Rio Kierkels
0a3e40332a Improve CA certificate loading from kubernetes secret 2021-06-14 18:06:10 +02:00
Florian Apolloner
a758d18e51 Fixed BIND_DIR quoting 2021-06-14 16:26:07 +02:00
Richard Kojedzinszky
f15d05b22f tls Manager: do not build a default certificate for ACME challenges store
Co-authored-by: Mathieu Lonjaret <mathieu.lonjaret@gmail.com>
Co-authored-by: Romain <rtribotte@users.noreply.github.com>
2021-06-14 10:06:05 +02:00
Romain
fc9f41b955 Add TCP Middlewares support 2021-06-11 15:30:05 +02:00
Jakub Hajek
fd1eae4f07 Adding formatting to the document. 2021-06-11 12:28:11 +02:00
Romain
51ee77b96f Explains Traefik HTTP response status codes
Co-authored-by: Jean-Baptiste Doumenjou <925513+jbdoumenjou@users.noreply.github.com>
Co-authored-by: Tom Moulard <tom.moulard@traefik.io>
2021-06-11 10:00:14 +02:00
Ludovic Fernandez
b03c5ff5ce Update go-acme/lego to v4.4.0 2021-06-08 23:50:05 +02:00
Moritz E. Beber
521fed1fea Elaborate on possible use of status codes with the errors middleware 2021-06-08 19:02:05 +02:00
Tom Moulard
679def0151 Add routing IP rule matcher
Co-authored-by: Jean-Baptiste Doumenjou <925513+jbdoumenjou@users.noreply.github.com>
Co-authored-by: Romain <rtribotte@users.noreply.github.com>
2021-06-07 18:14:09 +02:00
mpl
2560626419 doc: clarify usage for ratelimit's excludedIPs 2021-06-07 17:46:14 +02:00
Leonardo Araoz
e5024d5d0a Upgrade Node version to LTS on webui folder 2021-06-03 12:00:09 +02:00
Jakub Hajek
c10c7619d3 Adding Maintainers Guidelines 2021-06-02 18:02:06 +02:00
Julien Salleyron
dd04c432e9 Support not in rules definition 2021-05-31 18:58:05 +02:00
Jean-Baptiste Doumenjou
b1fd3b8fc7 fix for review 2021-05-28 17:38:46 +02:00
Wouter Dullaert
456df0fc19 feat: Add ServersTransport annotation to k8s ingress provider 2021-05-28 17:38:46 +02:00
Tom Moulard
526f493e12 Removes headers middleware options 2021-05-28 09:24:14 +02:00
Tom Moulard
5632ee6378 Deprecates ssl redirect headers middleware options 2021-05-28 08:50:09 +02:00
Jakub Coufal
1680f00091 Fix incorrect behaviour with multi-port endpoint subsets 2021-05-28 00:58:07 +02:00
Danshil Kokil Mungur
376b6f90d9 docs: add pilot dashboard flag to static configuration file reference 2021-05-27 12:16:08 +02:00
Ludovic Fernandez
21c0195d29 fix: ACME preferred chain. 2021-05-20 15:08:12 +02:00
Tom Moulard
56f845c71a gatewayapi: adding support for TCPRoute and TLSRoute
Co-authored-by: Jean-Baptiste Doumenjou <925513+jbdoumenjou@users.noreply.github.com>
2021-05-20 11:50:12 +02:00
Sandro
d6d639d4d7 docs: add examples for removing headers 2021-05-17 18:07:25 +02:00
Manuel Zapf
e1e1fd640c Upgrade IngressClass to use v1 over v1Beta on Kube 1.19+ 2021-05-17 16:50:09 +02:00
Douglas De Toni Machado
2408eeceba Fix plugin unzip call on windows 2021-05-17 12:10:09 +02:00
LandryBe
6ae194934d fix: use defaultEntryPoints when no entryPoint is defined in a TCPRouter 2021-05-11 16:46:14 +02:00
Ludovic Fernandez
63ef0f1cee Add plugin's support for provider
Co-authored-by: Julien Salleyron <julien@traefik.io>
2021-05-11 16:14:10 +02:00
Henning
de2437cfec kubernetes: remove logging of changed object with cast 2021-05-10 09:42:06 +02:00
Luca Berneking
32e08f3510 Add k8s provider option to create services without endpoints 2021-05-06 18:12:10 +02:00
Romain
40f21f41e1 Fix ingressRouteTCP external name service examples in documentation 2021-05-06 12:04:08 +02:00
Ludovic Fernandez
ee12424795 Bump paerser to v0.1.4 2021-05-06 09:32:04 +02:00
Tom Moulard
0b48d5d0d2 Fix: regenerate crd 2021-05-05 17:50:04 +02:00
Jorge Arco
080cf98e51 Add router metrics 2021-04-30 10:22:04 +02:00
Tom Moulard
dc8d5ef744 Add a mechanism to format the sticky cookie value
Co-authored-by: Jean-Baptiste Doumenjou <925513+jbdoumenjou@users.noreply.github.com>
2021-04-29 17:56:03 +02:00
Joel Berger
70a02158e5 Add wildcard hostname rule to kubernetes gateway 2021-04-29 17:18:04 +02:00
Henning
ab71dad51a [kubernetes] ignore empty endpoint changes 2021-04-29 16:20:03 +02:00
Tom Moulard
0624cefc10 Merge branch 'master' into mrg-current-v2.4 2021-04-29 14:24:07 +02:00
Tom Moulard
56b26421a5 fix: remove linode link health check 2021-04-29 12:22:03 +02:00
Marc Vertes
ea8ba87aeb doc: fix a syntax error in ratelimit TOML configuration sample 2021-04-27 20:26:04 +02:00
Ludovic Fernandez
08b258a2cb Update Yaegi to v0.9.17 2021-04-27 20:16:04 +02:00
Tom Moulard
ac486d3d1d Merge current branch v2.4 into master 2021-04-21 11:39:53 +02:00
Tom Moulard
e096bf6b62 fix: k8s gateway api link
Co-authored-by: Jean-Baptiste Doumenjou <925513+jbdoumenjou@users.noreply.github.com>
2021-04-21 10:28:03 +02:00
Sylvain Rabot
e28b33b53b Upgrade github.com/lucas-clemente/quic-go 2021-04-18 00:38:03 +02:00
Martin Vizvary
5814ba5322 Kubernetes ingress provider to search via all endpoints 2021-04-15 18:16:04 +02:00
Kevin Crawley
be81ce244e Error span on 5xx only 2021-04-14 12:20:03 +02:00
Jean-Baptiste Doumenjou
d3a3aeb0fc Merge current branch v2.4 into master 2021-04-14 09:51:12 +02:00
Jean-Baptiste Doumenjou
fe6acdf4d2 Fix Kubernetes Gateway API documentation links 2021-04-13 18:26:03 +02:00
Jean-Baptiste Doumenjou
702e0a461a Merge current branch v2.4 into master 2021-04-13 14:17:39 +02:00
Tom Moulard
46d6da4fce Docs: installing deps for html-proofer
Co-authored-by: Jean-Baptiste Doumenjou <925513+jbdoumenjou@users.noreply.github.com>
2021-04-13 14:02:04 +02:00
Clemens Bergmann
aa61835b78 correct annotation option 2021-04-06 17:18:03 +02:00
mpl
2a1e46c8b6 doc: typo fix 2021-04-01 12:05:03 +02:00
Jean-Baptiste Doumenjou
cb4fb973b2 Merge current branch v2.4 into master 2021-03-31 09:43:04 +02:00
Tom Moulard
513f6e9a68 Remove error when HTTProutes is empty
Co-authored-by: Jean-Baptiste Doumenjou <925513+jbdoumenjou@users.noreply.github.com>
2021-03-30 16:32:03 +02:00
Fernandez Ludovic
ad980334d1 doc: remove dead page. 2021-03-30 14:51:30 +02:00
jcuzzi
d13d078351 Add ability to disable HTTP/2 in dynamic config 2021-03-29 14:32:03 +02:00
Tom Moulard
947798b44c Fix ServersTransport documentation 2021-03-29 14:18:03 +02:00
Ludovic Fernandez
ed427616d4 chore: update linter 2021-03-29 09:20:03 +02:00
Romain
297921182c Add metrics documentation
Co-authored-by: Tom Moulard <tom.moulard@traefik.io>
2021-03-25 16:52:04 +01:00
Sylvain Rabot
31a5f3591f Allow to define datadogs metrics endpoint with env vars 2021-03-23 17:48:04 +01:00
Romain
32655b5b16 Prepare release v2.4.8 2021-03-23 16:34:04 +01:00
HMH
8947f85ddd Improve host name resolution for TCP proxy 2021-03-23 11:24:03 +01:00
Romain
a513a05b7a Raise errors for non-ASCII domain names in a router's rules 2021-03-22 21:16:04 +01:00
Tom Moulard
1e716a93ff Adding an option to (de)activate Pilot integration into the Traefik dashboard
Co-authored-by: Jean-Baptiste Doumenjou <925513+jbdoumenjou@users.noreply.github.com>
2021-03-22 19:18:04 +01:00
Fabian
06fc2c505f Doc: improve basic auth middleware httpasswd example 2021-03-22 15:26:03 +01:00
Deepyaman Datta
6fcea91d1f Add missing traefik. prefix across sample config 2021-03-19 09:12:04 +01:00
Tom Moulard
93d099a2f0 Fix travis docker image pulling for docs 2021-03-16 12:08:04 +01:00
Manuel Zapf
29908098e4 Upgrade Ingress Handling to work with networkingv1/Ingress 2021-03-15 11:16:04 +01:00
Corey McGalliard
e5983d96f7 updating docs to remove a no longer needed note 2021-03-15 10:46:03 +01:00
Jean-Baptiste Doumenjou
08e6ae07af Update to gateway-api v0.2.0
Co-authored-by: Romain <rtribotte@users.noreply.github.com>
2021-03-15 09:44:03 +01:00
Matthias Schneider
49b46a9a3f server: updating go-proxyproto with security bugfix from upstream 2021-03-15 09:16:03 +01:00
Ludovic Fernandez
36c316f39c Update go-acme/lego to v4.3.1 2021-03-12 14:38:07 +01:00
Ludovic Fernandez
7e76abc067 Update go-acme/lego to v4.3.0 2021-03-11 09:52:04 +01:00
Jean-Baptiste Doumenjou
702e301990 Merge current branch v2.4 into master 2021-03-09 12:05:08 +01:00
Jean-Baptiste Doumenjou
b1e11f3e88 Prepare release v2.4.7 2021-03-08 18:04:03 +01:00
Ludovic Fernandez
09d5f59701 fix: double close chan on TLS challenge
Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com>
2021-03-08 11:18:04 +01:00
Julien Salleyron
3c8675bb8b Fix flaky tests.
Co-authored-by: Ludovic Fernandez <ldez@users.noreply.github.com>
2021-03-08 09:58:04 +01:00
Ludovic Fernandez
71ca237478 Add new GitHub issue chooser. 2021-03-08 09:40:04 +01:00
dom3k
0e4b6d36fd Use Docker dependency directly without replace directive 2021-03-07 22:26:03 +01:00
Marc Vertes
e898080460 feature: tune transport buffer size to increase performance 2021-03-05 14:30:04 +01:00
Romain
bdba7d3adf Update to go1.16 2021-03-04 20:08:03 +01:00
Tom Moulard
606b43dc51 Clarify doc for ingressclass name in k8s 1.18+ 2021-03-04 09:24:03 +01:00
Ludovic Fernandez
2e7833df49 chore: update linter. 2021-03-04 09:02:03 +01:00
Romain
ec0d03658d Fix ServersTransport documentation
Co-authored-by: mpl <mathieu.lonjaret@gmail.com>
2021-03-03 16:48:04 +01:00
Jean-Baptiste Doumenjou
992d4c1b94 Upgrade the CRD version from apiextensions.k8s.io/v1beta1 to apiextensions.k8s.io/v1
Co-authored-by: kevinpollet <pollet.kevin@gmail.com>
2021-03-03 15:32:04 +01:00
Jean-Baptiste Doumenjou
d2d7cf14e5 Bump paerser to v0.1.2 2021-03-03 12:46:03 +01:00
Tom Moulard
e658712d53 Filter ingress class resources by name
Co-authored-by: SantoDE <manuel.zapf@traefik.io>
2021-03-02 21:34:03 +01:00
Jean-Baptiste Doumenjou
40cd6ada4f Prepare release v2.4.6 2021-03-01 19:14:03 +01:00
wouter bolsterlee
c843c182e4 Address all shellcheck warnings 2021-02-26 14:34:04 +01:00
Tom Moulard
c35a8bdb15 Fixing doc for default value of checknewversion 2021-02-26 10:20:03 +01:00
Julien Salleyron
dd0701dd16 fix: wait for file and internal before applying configurations
Co-authored-by: Ludovic Fernandez <ldez@users.noreply.github.com>
2021-02-25 17:20:04 +01:00
Ludovic Fernandez
32500773b8 Update Yaegi to v0.9.13 2021-02-24 17:06:03 +01:00
Mal Curtis
e7d3f4316f Fix typo in routing/services/index.md 2021-02-22 20:28:05 +01:00
romain
438eec720a Merge v2.4 into master 2021-02-22 09:40:24 +01:00
Vasilis Gerakaris
4b38d7368f Fix reflink typo in file provider documentation 2021-02-19 18:48:03 +01:00
Kevin Pollet
dce6a86900 Fix Kubernetes Gateway API documentation links 2021-02-19 17:16:03 +01:00
Romain
dc9c558c06 Prepare release v2.4.5 2021-02-18 18:04:03 +01:00
Romain
b8a466c571 Prepare release v2.4.4 2021-02-18 15:28:03 +01:00
Manuel Zapf
bae28c5f57 Only allow iframes to be loaded from our domain 2021-02-18 14:54:03 +01:00
romain
1b21f0723f Merge v2.4 into master 2021-02-16 11:12:09 +01:00
Romain
911c439858 Prepare release v2.4.3 2021-02-15 16:52:03 +01:00
Ludovic Fernandez
f81f85cea2 Add missing doc about servers transport. 2021-02-15 12:04:04 +01:00
Michael
1325cc5cd0 Add seo support 2021-02-12 19:08:04 +01:00
Jean-Baptiste Doumenjou
951d61bfcd Apply content type exclusion on response
Co-authored-by: kevinpollet <pollet.kevin@gmail.com>
2021-02-12 12:12:03 +01:00
Brendan Le Glaunec
0937cba870 Provider documentation fixes 2021-02-11 19:04:03 +01:00
Ludovic Fernandez
5597d7633d Fix TLS challenge timeout and validation error
Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com>
2021-02-11 16:32:03 +01:00
Brendan Le Glaunec
502c88ee3f Middleware documentation fixes 2021-02-11 14:34:04 +01:00
Florian Apolloner
5ef6297daa Fixed typo in consul catalog tests. 2021-02-10 14:48:03 +01:00
Matthew Landauer
9e33e23b8b Add HEAD as available option for Method 2021-02-04 17:04:04 +01:00
Jean-Baptiste Doumenjou
16d00ccffb Fix the static reference documentation for the internal redirection router. 2021-02-04 11:44:03 +01:00
Jean-Baptiste Doumenjou
d211437d6c Merge v2.4 into master 2021-02-04 10:40:53 +01:00
Jean-Baptiste Doumenjou
7996a42f76 Allow crossprovider service reference
Co-authored-by: Harold Ozouf <harold.ozouf@gmail.com>
2021-02-02 19:36:04 +01:00
Jean-Baptiste Doumenjou
f482e5e84a Prepare release v2.4.2 2021-02-02 18:06:04 +01:00
Jean-Baptiste Doumenjou
447c3567b4 Fix the redirect entrypoint default priority 2021-02-02 17:42:04 +01:00
Jean-Baptiste Doumenjou
3c5e6fe7f8 Fix the static configuration generation for environment variables 2021-02-02 17:10:03 +01:00
Ludovic Fernandez
bf4a578bbb fix: infinite loop in forwarded header middleware.
Co-authored-by: kevinpollet <pollet.kevin@gmail.com>
2021-02-02 11:40:04 +01:00
Romain
4cabea069d Prepare Release v2.4.1 2021-02-01 17:14:04 +01:00
Romain
c53033a778 Fix aggregator test comment 2021-02-01 16:50:03 +01:00
Rémi BUISSON
ea8642e2a1 fix: reduce pressure of pilot services when errors occurs 2021-02-01 14:42:04 +01:00
Kevin Pollet
73cea2d303 Fix missing serverstransport documentation 2021-02-01 13:58:03 +01:00
Harold Ozouf
96a3468791 Fix servers transport not found 2021-02-01 12:36:03 +01:00
Harold Ozouf
2065f4c003 Fix HTTP challenge router unexpected delayed creation 2021-01-28 16:16:05 +01:00
LandryBe
9a931e4dc9 fix: add support for multiple ingress classes 2021-01-28 15:08:04 +01:00
Gabe Levasseur
49ec62c757 Fix refresh interval option description in consulcatalog provider 2021-01-28 11:10:04 +01:00
Ludovic Fernandez
a371f971fb chore: update linter. 2021-01-28 09:00:03 +01:00
Tim Obezuk
5f9a84fc8b Fix typo in server transports documentation 2021-01-26 09:20:04 +01:00
kevinpollet
2461e36ed4 Merge branch v2.4 into master 2021-01-25 12:42:23 +01:00
Harold Ozouf
1305bf49a5 Fix plugin type on middleware endpoint response 2021-01-25 11:08:04 +01:00
Ludovic Fernandez
da0a16e122 Update go-acme/lego to v4.2.0 2021-01-25 09:28:04 +01:00
Anton Kulikov
fb10687168 fix: YAML syntax in providers docs 2021-01-22 09:02:04 +01:00
Pascal Fautré
f0d78471af Forward Proxy-Authorization header to authentication server 2021-01-21 18:34:04 +01:00
Julien Salleyron
a90b2a672e perf: improve forwarded header and recovery middlewares
Co-authored-by: Ludovic Fernandez <ldez@users.noreply.github.com>
2021-01-21 10:04:04 +01:00
Sune Keller
2bbb6fc427 Update sprig to v3.2.0 2021-01-20 15:10:04 +01:00
kevinpollet
2747e240c1 Merge branch v2.4 into master 2021-01-20 10:50:21 +01:00
Romain
4b370930b5 Mutualize TLS version and cipher code 2021-01-20 04:08:03 +01:00
Kevin Pollet
c74918321d Prepare release v2.4.0 2021-01-19 16:50:04 +01:00
na4ma4
b05a5c818d Add TLS version and cipher to the accessLog 2021-01-19 09:52:06 +01:00
Kevin Pollet
41d22ef17e Improve kubernetes external name service support for UDP 2021-01-19 09:30:05 +01:00
Cirrith
bbee63fcf3 Add named port support to Kubernetes IngressRoute CRDs 2021-01-15 15:54:04 +01:00
Fernandez Ludovic
b1ddd0e038 Merge branch v2.4 into master 2021-01-15 14:21:59 +01:00
Fernandez Ludovic
8c5dc3b5cb Merge branch v2.3 into v2.4 2021-01-15 13:55:30 +01:00
Fernandez Ludovic
afa05329d9 fix: structor latest tag. 2021-01-15 13:21:43 +01:00
Ludovic Fernandez
dbbff393e1 Use GitHub Action to publish documentation. 2021-01-15 13:06:04 +01:00
romain
f742671bbe Merge branch v2.4 into master 2021-01-14 18:29:48 +01:00
romain
0dae829080 Merge branch v2.3 into v2.4 2021-01-14 17:56:52 +01:00
Kevin Pollet
e62a00a3f5 Update copyright year for 2021 2021-01-13 16:50:03 +01:00
Michael
ab4c93dd2f New Traefik Labs doc theme 2021-01-13 11:54:04 +01:00
kevinpollet
ed5321999c Merge branch v2.4 into master 2021-01-13 09:21:20 +01:00
Kevin Pollet
fb21e3bb5c Prepare release v2.4.0-rc2 2021-01-12 16:30:04 +01:00
romain
3595292f7f Merge branch v2.3 into v2.4 2021-01-12 09:21:00 +01:00
Harold Ozouf
47fb6e036a Prepare release v2.3.7 2021-01-11 18:48:03 +01:00
romain
92886c46ea Merge branch v2.3 into v2.4 2021-01-11 16:26:53 +01:00
Sylvere Richard
83fa3f4cc8 Discrepancy in Traefik log levels 2021-01-11 15:42:04 +01:00
Kevin Pollet
c24f75ce0b Update copyright year for 2021 2021-01-08 19:20:04 +01:00
Henning
63929b0341 Compile kubernetes ingress annotation regex only once 2021-01-07 18:56:03 +01:00
Linden Krouse
fc7ec17905 Feature: add udp timeout configuration 2021-01-07 17:16:03 +01:00
Julien Salleyron
e5a01c7cc8 Add HTTP3 support (experimental)
Co-authored-by: Ludovic Fernandez <ldez@users.noreply.github.com>
2021-01-07 14:48:04 +01:00
Michael
0509b6fdb9 Merge branch v2.4 into master 2021-01-06 18:59:45 +01:00
Michael
60d87f3c64 Merge back v2.3 into v2.4 2021-01-06 17:59:03 +01:00
Michael
5d800ba5fe Do a Docker login on Travis 2021-01-06 17:58:04 +01:00
Gian Ortiz
759d17547a Use Datadog tracer environment variables to setup default config 2021-01-06 17:08:03 +01:00
Avdhoot Dendge
d4f0a9ff62 Fix wildcard hostname issue 2021-01-05 12:26:04 +01:00
Anil Kumar Maurya
c4fa96c41e Add ECS to supported providers list 2021-01-04 10:58:03 +01:00
Ludovic Fernandez
f54136b602 chore: update linter. 2020-12-29 10:54:03 +01:00
Kevin Pollet
5dd1728bf8 webui: fix missing custom request and response header names 2020-12-27 20:48:04 +01:00
Robin van Boven
da1c9f48b7 docs: rephrase forwardauth.authRequestHeaders 2020-12-22 15:36:03 +01:00
kevinpollet
0ec0e37532 Merge branch v2.3 into v2.4 2020-12-22 14:23:56 +01:00
Kevin Pollet
544dc2eaa5 docs: fix broken links to docker-compose documentation 2020-12-22 14:20:03 +01:00
Sylvain Rabot
a3327c4430 Add TLS certs expiration metric 2020-12-18 18:44:03 +01:00
kevinpollet
f8ae972e70 Merge branch v2.3 into v2.4 2020-12-18 10:15:01 +01:00
Jean-Baptiste Doumenjou
3ff83fc1f8 Prepare release v2.3.6 2020-12-17 17:02:04 +01:00
Ludovic Fernandez
63f65e5b2a Disable router when a rule has an error 2020-12-17 10:06:03 +01:00
Ludovic Fernandez
3140a4e0cd Prepare release v2.4.0-rc1 2020-12-16 16:42:04 +01:00
romain
31038e0e12 Merge branch v2.3 into master 2020-12-16 15:22:34 +01:00
Icelyn Jennings
ac8e47579b Add missing quotes in errorpages k8s example yaml 2020-12-16 15:20:04 +01:00
Fabian Gruber
ec0075e0d0 Extend marathon port discovery to allow port names as identifier 2020-12-16 12:32:03 +01:00
Emile Vauge
7900d266b1 Add jspdown to maintainers 2020-12-15 17:40:03 +01:00
Romain
c21597c593 Add Kubernetes Gateway Provider
Co-authored-by: Jean-Baptiste Doumenjou <925513+jbdoumenjou@users.noreply.github.com>
2020-12-15 16:40:05 +01:00
romain
ea418aa7d8 Merge branch v2.3 into master 2020-12-15 15:28:00 +01:00
Harold Ozouf
5487015a83 Update Logrus to v1.7.0 2020-12-14 12:56:03 +01:00
Frederic Werner
418cccd307 Add configuration example for access log filePath 2020-12-14 12:34:05 +01:00
Ludovic Fernandez
2a0760412c Update Yaegi to v0.9.8 2020-12-14 12:00:04 +01:00
kevinpollet
eebbe64b36 Merge branch v2.3 into master 2020-12-11 10:58:00 +01:00
Romain
42d8e6d60d Prepare release v2.3.5 2020-12-10 16:48:04 +01:00
Romain
7ba907f261 IngressRoute: add an option to disable cross-namespace routing
Co-authored-by: Jean-Baptiste Doumenjou <925513+jbdoumenjou@users.noreply.github.com>
2020-12-10 14:58:04 +01:00
Harold Ozouf
c72769e2ea Fix TLS options fallback when domain and options are the same
Co-authored-by: Kevin Pollet <pollet.kevin@gmail.com>
2020-12-09 14:16:03 +01:00
Paulo Júnior
02d856b8a5 Documentation: Add spacing to sidebars so the last item is always visible 2020-12-07 18:24:04 +01:00
Ioannis Pinakoulakis
0d15ac8861 Fix UI bug on long service name 2020-12-07 14:14:03 +01:00
Ludovic Fernandez
134a767a7f Update go-acme/lego to v4.1.3 2020-12-04 23:40:03 +01:00
Harold Ozouf
7403b6fb82 Fix concatenation of IPv6 addresses and ports 2020-12-04 20:56:04 +01:00
Harold Ozouf
64a65cadf3 Send anonymized dynamic configuration to Pilot
Co-authored-by: Kevin Pollet <pollet.kevin@gmail.com>
2020-12-03 15:52:05 +01:00
Kevin Crawley
121eaced49 Add example for multiple service per container 2020-12-03 09:36:03 +01:00
Ludovic Fernandez
a488430f23 acme: add external account binding support. 2020-12-01 10:40:05 +01:00
Julien Salleyron
b5db753e11 Improve setup readability.
Co-authored-by: Ludovic Fernandez <ldez@users.noreply.github.com>
2020-12-01 10:04:04 +01:00
Marco Cameriero
b0aa27db31 Display Proxy Protocol version for backend services in web dashboard. 2020-11-30 17:04:03 +01:00
Sergiu Marsavela
512ed086bd Fix typos in migration guide 2020-11-27 11:18:04 +01:00
Kevin Pollet
76e35a09b7 Prepare release v2.3.4 2020-11-24 17:06:04 +01:00
SkapiN
d2c1d39d42 Fix clusters option in ECS provider documentation 2020-11-24 14:50:03 +01:00
Harold Ozouf
e9cccf6504 Do not evaluate templated URL in redirectRegex middleware 2020-11-24 14:16:03 +01:00
Ludovic Fernandez
1c505903ff fix: invalid slice parsing. 2020-11-24 09:40:03 +01:00
Ludovic Fernandez
53ed8e04ae Update go-acme/lego to v4.1.2 2020-11-23 12:00:03 +01:00
kevinpollet
2112de6f15 Merge branch v2.3 into master 2020-11-20 11:30:07 +01:00
Romain
be0845af02 Apply labelSelector as a TweakListOptions for Kubernetes informers 2020-11-20 00:18:04 +01:00
Ludovic Fernandez
f83a57b3da Prepare release v2.3.3 2020-11-19 18:31:09 +01:00
Kevin Pollet
08264749f0 Update Yaegi to v0.9.7 2020-11-19 17:56:03 +01:00
Harold Ozouf
a75819cae3 Filter out Helm secrets from informer caches
Co-authored-by: Kevin Pollet <pollet.kevin@gmail.com>
2020-11-19 14:32:03 +01:00
Ivor Scott
9fb32a47ca Fix grammar in kubernetes ingress controller documentation 2020-11-19 10:04:04 +01:00
Harold Ozouf
4f43c9ebb4 Fix missing allow-empty tag on ECS and Consul Catalog providers
Co-authored-by: Kevin Pollet <pollet.kevin@gmail.com>
2020-11-19 00:12:03 +01:00
Harold Ozouf
9177982334 Fix consul catalog panic when health and services are not in sync
Co-authored-by: Kevin Pollet <pollet.kevin@gmail.com>
2020-11-17 17:30:03 +01:00
Matthias Schneider
84b125bdde added support for tcp proxyProtocol v1&v2 to backend 2020-11-17 13:04:04 +01:00
Yoan Blanc
52eeff9f9f fix: consulcatalog to update before the first interval 2020-11-16 20:44:04 +01:00
Petyo Kunchev
0fcccd35ff /bin/bash replaced with /usr/bin/env bash to match other scripts 2020-11-16 15:38:04 +01:00
Douglas De Toni Machado
598dcf6b62 Improve service name lookup on TCP routers 2020-11-13 12:48:04 +01:00
Alexander Wellbrock
459200dd01 Forwardauth headers 2020-11-10 17:50:04 +01:00
james426759
af22cabc6f Fix docs for TLS 2020-11-10 17:28:04 +01:00
Alessandro Chitolina
920e82f11a fix: translate configured server port into correct mapped host port 2020-11-09 17:12:05 +01:00
Fernandez Ludovic
520fcf82ae Merge branch v2.3 into master. 2020-11-09 00:07:28 +01:00
Ludovic Fernandez
9bdf9e1e02 Update Yaegi to v0.9.5 2020-11-08 23:42:03 +01:00
Ludovic Fernandez
3a45f05e36 Update go-acme/lego to v4.1.0 2020-11-08 23:24:04 +01:00
Neil McAllister
8e3e387be7 Fix Traefik Proxy product nav in docs 2020-11-06 21:56:03 +01:00
Ludovic Fernandez
267d0b7b5a chore: update linter. 2020-11-06 09:26:03 +01:00
Daniel Adams
74d1d55051 Feature: Exponential Backoff in Retry Middleware 2020-11-05 16:14:04 +01:00
Kevin Pollet
3a8cb3f010 Add AccessControlAllowOriginListRegex field to deepcopy 2020-11-05 11:24:03 +01:00
Kevin Pollet
f5b290b093 Add ECS menu to dynamic config reference 2020-11-03 17:40:04 +01:00
Sylvain Rabot
d38d11f02e Set kubernetes client User-Agent to something meaningful 2020-10-30 17:56:03 +01:00
Michael
af04e92cf2 Enable stats collection when pilot is enabled 2020-10-30 16:54:04 +01:00
Michael
4ea1c98ac9 Improve anonymize configuration 2020-10-30 12:44:05 +01:00
Ludovic Fernandez
05333b9579 acme: new HTTP and TLS challenges implementations. 2020-10-29 15:40:04 +01:00
iamolegga
49cdb67ddc Middlewares: add forwardAuth.authResponseHeadersRegex 2020-10-29 15:10:04 +01:00
Luca Guidi
b5198e63c4 Allow to use regular expressions for AccessControlAllowOriginList 2020-10-29 10:52:03 +01:00
Tristan Weil
db007efe00 Ignore errors when setting keepalive period is not supported by the system 2020-10-28 15:32:04 +01:00
Fernandez Ludovic
699cf71652 Merge branch v2.3 into master 2020-10-27 18:39:03 +01:00
Jean-Baptiste Doumenjou
a0c02f62a3 fix: exclude protected link from doc verify 2020-10-27 18:34:04 +01:00
Jean-Baptiste Doumenjou
ff7b814edc fix documentation 2020-10-27 12:46:04 +01:00
Manuel Zapf
015f24a901 Propose kevinpollet to Maintainers 2020-10-26 17:18:04 +01:00
Jean-Baptiste Doumenjou
4fccde84bd Merge current v2.3 branch into master 2020-10-23 14:29:22 +02:00
Ludovic Fernandez
ea459e9af0 fix: update Yaegi to v0.9.4 2020-10-23 11:30:04 +02:00
Andrii Dembitskyi
2dd5a53db2 Add missed tls config for yaml example 2020-10-23 11:00:05 +02:00
Romain
fc97ea7ee0 Use timezone without daylight saving time for logger formatter tests
Co-authored-by: jbdoumenjou <925513+jbdoumenjou@users.noreply.github.com>
2020-10-22 19:52:04 +02:00
Kevin Crawley
582d2540af add links to contributors guide 2020-10-22 12:08:05 +02:00
Tom Matthews
6ad79dcd45 Clarify time-based field units 2020-10-22 11:36:03 +02:00
Tom Matthews
721896ba70 Resolve broken URLs causing make docs to fail 2020-10-20 23:02:04 +02:00
Yeri Pratama
228270414c fix typo in providers overview documentation 2020-10-20 19:02:04 +02:00
Romain
2683df7b5b Fix ingress documentation 2020-10-20 14:16:04 +02:00
Romain
3e61d1f233 Prepare release v2.3.2 2020-10-19 20:22:04 +02:00
Ludovic Fernandez
04c07227f2 fix: Consul Catalog address documentation. 2020-10-19 10:28:03 +02:00
Neil McAllister
2e8d99c5b8 Revise Traefik Pilot documentation section 2020-10-16 11:20:05 +02:00
Ludovic Fernandez
c07301473b fix: update Yaegi to v0.9.4 2020-10-16 11:02:03 +02:00
Andrew Savinykh
b1ba42410b Moving Provider Namespace documentation topic to Configuration Discovery section 2020-10-15 14:54:04 +02:00
Andrew Savinykh
b80f89e3db Adding details about the default TLS options to the documentation 2020-10-15 14:12:04 +02:00
Romain
edb15a9346 fix: kv doc reference 2020-10-13 16:34:04 +02:00
Fernandez Ludovic
714a4d4f2d Merge branch v2.3 into master 2020-10-09 12:41:38 +02:00
Ludovic Fernandez
5c853766e8 fix: flaky integration tests 2020-10-09 09:32:03 +02:00
Romain
3567ae88ad Bump k8s client to v0.19.2 2020-10-08 17:12:04 +02:00
romain
afcec56be4 Merge 'v2.3' into master. 2020-10-08 14:05:10 +02:00
Ludovic Fernandez
d2435cf43b fix: restrict protocol for TLS Challenge. 2020-10-08 13:34:04 +02:00
Michael
556f7608db fix: use provider keytype instead of account keytype. 2020-10-08 12:58:04 +02:00
Jean-Baptiste Doumenjou
a4df4b028e fix: pilot static configuration documentation 2020-10-08 11:36:03 +02:00
Ludovic Fernandez
63683d35fc doc: add YAML sample. 2020-10-08 10:38:05 +02:00
Ludovic Fernandez
495344591f fix: versions in the PR template. 2020-10-08 00:48:03 +02:00
Kevin Pollet
4e508499da Fix containous links in readme 2020-10-07 18:02:04 +02:00
Nikita Konev
326be29568 Filter ForwardAuth request headers 2020-10-07 16:36:04 +02:00
Benjamin Durham
e4a3df3516 Fix broken logo 2020-10-07 10:46:04 +02:00
Matthias Schneider
3506cbd5e9 fix: udp json struct tag 2020-10-02 17:38:04 +02:00
Anton Popovichenko
ab13019bde acme: Fix race condition in LocalStore during saving. 2020-09-30 12:04:04 +02:00
Romain
ddc663eac0 Prepare release v2.3.1 2020-09-29 17:36:04 +02:00
Matthieu Hostache
fc7002fbab Fix blank webui on some browsers 2020-09-28 12:14:04 +02:00
Robin Müller
f2e53a3569 Re-add server up metrics 2020-09-26 13:30:03 +02:00
Damien Goujard
c5b4e589ff Update of the helm repo localisation 2020-09-25 12:18:04 +02:00
Kevin Pollet
5e63ab619e Fix default value of docker client timeout 2020-09-25 09:14:04 +02:00
Ludovic Fernandez
c9bbfa1272 chore: Added configuration files for generating the changelog of a release. 2020-09-25 01:32:03 +02:00
Fernandez Ludovic
050968cbac Merge branch 'v2.3' into master. 2020-09-24 16:17:12 +02:00
Kevin Crawley
8ca0d804d8 restore traefik logo 2020-09-24 16:02:03 +02:00
Ludovic Fernandez
54e5a3607e Removes invalid items in the changelog. 2020-09-24 09:04:04 +02:00
Fernandez Ludovic
cd947ae822 Merge branch 'v2.3' into master 2020-09-23 15:35:31 +02:00
Ludovic Fernandez
2477e18c87 Prepare release v2.3.0 2020-09-23 12:44:04 +02:00
Ludovic Fernandez
ef08e8b8a0 fix: precheck function. 2020-09-23 12:24:03 +02:00
Romain
f59bf16e82 Fix consul catalog router tag example 2020-09-23 11:56:03 +02:00
Romain
118c31eb8d Fix yaml documentation 2020-09-23 11:38:03 +02:00
Fernandez Ludovic
476f16f0aa fix: remove old mixtus call. 2020-09-23 11:08:17 +02:00
Romain
b40d35b779 chore: apply new documentation style.
Co-authored-by: jbdoumenjou <jb.doumenjou@gmail.com>
2020-09-23 10:20:04 +02:00
Ludovic Fernandez
8e016cf672 Prepare release v2.3.0-rc7 2020-09-18 17:20:03 +02:00
Ludovic Fernandez
7e482e9f8b fix: pilot metrics unit for req duration. 2020-09-18 15:36:04 +02:00
Ludovic Fernandez
6445befe87 fix: start of Traefik Pilot 2020-09-18 09:26:03 +02:00
Fernandez Ludovic
86c099d629 Merge branch v2.3 into master 2020-09-17 12:32:18 +02:00
Ludovic Fernandez
79af433381 Prepare release v2.3.0-rc6 2020-09-16 16:02:03 +02:00
Jean-Baptiste Doumenjou
c0f1e74bed chore: move to Traefik organization.
Co-authored-by: Romain <rtribotte@users.noreply.github.com>
2020-09-16 15:46:04 +02:00
Jean-Baptiste Doumenjou
9df89e66e3 Add the ingressclass resource in the ingress RBAC documentation 2020-09-15 18:34:04 +02:00
Ludovic Fernandez
660375d6e4 fix: uint64 alignment in go-kit. 2020-09-15 18:22:04 +02:00
Eli Mallon
498e8545b6 feat: update more than one LoadBalancer ip
Co-authored-by: kevinpollet <pollet.kevin@gmail.com>
2020-09-15 13:48:32 +02:00
Ludovic Fernandez
230c2e5cc2 chore: update linter. 2020-09-15 13:08:03 +02:00
Ludovic Fernandez
3e60863e2d Moves pilot outside the experimental section. 2020-09-15 12:08:03 +02:00
romain
4592626bbb Merge branch v2.2 into v2.3 2020-09-15 10:57:20 +02:00
Matthieu Hostache
b980c87eff Avoid Traefik Pilot iframe code in Traefik webui regarding notifications 2020-09-15 10:26:03 +02:00
Freddy Grieshaber
0f7c322623 Improve documentation for usage of Kubernetes Ingress 2020-09-15 09:46:04 +02:00
Julien Salleyron
76f42a3013 add ServersTransport on services 2020-09-11 15:40:03 +02:00
Jake Howard
93b3d601d5 Fix typo when comparing exported data 2020-09-10 16:44:04 +02:00
Toni Peric
56329e89bb Change wording 2020-09-08 17:52:03 +02:00
kosssi
5c8b8149eb doc: fix typo in health check options 2020-09-08 10:54:04 +02:00
Fernandez Ludovic
6075f7e8fd Merge branch v2.3 into master 2020-09-08 10:48:09 +02:00
Thomas Steinbach
ddf53494f0 fixed typo in buffering.md docs 2020-09-08 10:32:03 +02:00
Romain
cd1f03d4f4 Prepare release v2.3.0-rc5 2020-09-07 18:30:04 +02:00
Fernandez Ludovic
8474a61f21 Merge branch v2.2 into v2.3 2020-09-07 16:30:17 +02:00
Romain
4ad0ab5433 Prepare release v2.2.11 2020-09-07 16:00:03 +02:00
Ludovic Fernandez
66d151df77 Improve plugins builder. 2020-09-07 13:58:03 +02:00
Andrew Savinykh
2045b250fd Clarified hostname documentation for load balancer healthcheck 2020-09-07 10:30:04 +02:00
Pierre Erraud
1dbee90d34 feat: allows to change the Pilot URL in the web UI in dev mode 2020-09-07 10:22:03 +02:00
Ludovic Fernandez
eb7a6d925b fix: header middleware response writer. 2020-09-07 09:26:03 +02:00
Fernandez Ludovic
3678bd5a93 Merge branch v2.2 into v2.3 2020-09-04 21:06:11 +02:00
Jean-Baptiste Doumenjou
2d1a973ee5 Prepare release v2.2.10 2020-09-04 17:40:03 +02:00
Jean-Baptiste Doumenjou
322f7b2ad4 Prepare release 2.2.9 2020-09-04 17:14:03 +02:00
Ludovic Fernandez
41aa2672cd Update go-acme/lego to v4.0.1 2020-09-04 10:52:03 +02:00
Romain
f3090a452a doc: specify HostSNI rule removal only for HTTP routers 2020-09-02 17:16:04 +02:00
Julien Salleyron
52790d3c37 Headers response modifier is directly applied by headers middleware
Co-authored-by: Ludovic Fernandez <ldez@users.noreply.github.com>
2020-09-01 18:16:04 +02:00
Kevin Pollet
3677252e17 Add missing IPStrategy struct tag for YAML 2020-09-01 17:34:04 +02:00
Manuel Zapf
235d1d655d Add example for the IngressClass usage 2020-09-01 10:18:03 +02:00
Sune Keller
29bd6faa18 Support configuring a HTTP client timeout in the Docker provider 2020-08-28 10:02:03 +02:00
Fernandez Ludovic
69c0f38305 Merge branch v2.2 into v2.3 2020-08-27 12:54:50 +02:00
Mathias Petermann
0399d0c4d6 Reorder migrations for v2 minor upgrades 2020-08-27 12:08:03 +02:00
Olivier Lemasle
3db47f0adc Fix & improve Grafana dashboards 2020-08-27 11:38:03 +02:00
Fernandez Ludovic
483e2c43cf Merge branch v2.3 into master 2020-08-26 12:22:39 +02:00
Dakshraj Sharma
3e3b7238e0 doc: Minor language improvement in TLS documentation 2020-08-25 17:10:04 +02:00
Kevin Crawley
532b5865de doc: added tz section to access log 2020-08-25 14:38:04 +02:00
Matthieu Hostache
54b94f29e1 Add ability to dismiss pilot notification 2020-08-24 17:38:24 +02:00
Ludovic Fernandez
b67a7215f6 chore: update linter. 2020-08-21 11:12:04 +02:00
Romain
e424cc7608 Prepare release v2.3.0-rc4 2020-08-19 17:46:05 +02:00
Kevin Pollet
229008e76a docs: add missing apigroup to Kubernetes RBAC 2020-08-19 17:02:04 +02:00
Kevin Pollet
584f4bc596 Update jaeger-client-go dependency to v2.25.0 2020-08-19 15:50:03 +02:00
Ludovic Fernandez
1502d20def chore: move the parser to a dedicated package. 2020-08-17 18:04:03 +02:00
Ludovic Fernandez
eecc2f4dd7 Update to go1.15 2020-08-17 12:02:03 +02:00
ScuttleSE
6fc110a71a doc: fix typo in migration guide 2020-08-15 16:04:03 +02:00
Fernandez Ludovic
ca6b46533a Merge branch v2.2 into v2.3 2020-08-14 12:07:41 +02:00
Ludovic Fernandez
a1fe29347a doc: fix dead link. 2020-08-14 11:36:05 +02:00
Никита Тимофеев
449afea4fc Allows multi-level KV prefixes 2020-08-11 17:42:05 +02:00
Fernandez Ludovic
6e5dd35ee3 Merge branch v2.2 into v2.3 2020-08-11 17:21:44 +02:00
Romain
0d5d14d41a Pilot metrics provider
Co-authored-by: Kevin Pollet <pollet.kevin@gmail.com>
2020-08-10 15:26:04 +02:00
Michael
3a42e457cf Add mixtus for documentation 2020-08-07 16:40:03 +02:00
Kevin Pollet
5b05c990b0 Improve region resolution for ECS provider
Co-authored-by: Romain <rtribotte@users.noreply.github.com>
2020-08-05 11:52:03 +02:00
Antoine Caron
9df0a6208b chore(webui): upgrade nodejs to Node current LTS 2020-08-03 18:18:03 +02:00
NT-florianernst
3214904cc7 kubernetes-crd: fix whitespace in configuration examples 2020-08-03 17:40:07 +02:00
Ludovic Fernandez
ec775a016a doc: replace underscore by hyphen for k8s metadata names. 2020-08-03 17:30:04 +02:00
Matthieu Hostache
a2ca235fee Harmonize docs 2020-07-31 10:56:04 +02:00
Ludovic Fernandez
de458b7357 doc: add security policies. 2020-07-29 12:42:03 +02:00
Fernandez Ludovic
7c039ca223 Merge branch v2.3 into master. 2020-07-29 12:09:30 +02:00
Ludovic Fernandez
3942962ef5 Prepare release v2.3.0-rc3 2020-07-28 19:16:04 +02:00
Fernandez Ludovic
675655d437 Merge branch v2.2 into v2.3 2020-07-28 17:50:35 +02:00
Romain
dafb14ff37 Support Kubernetes Ingress pathType
Co-authored-by: jbdoumenjou <jb.doumenjou@gmail.com>
Co-authored-by: kevinpollet <pollet.kevin@gmail.com>
2020-07-28 17:50:04 +02:00
Ludovic Fernandez
fc52d1cfba Prepare release v2.2.8 2020-07-28 17:34:03 +02:00
Stephan Müller
fdf2a68a11 doc: add name of used key for kubernetes client auth 2020-07-28 17:18:03 +02:00
Michael
3908ef611a Fix documenation for ECS 2020-07-28 10:44:05 +02:00
Ludovic Fernandez
e63db782c1 fix: clean X-Forwarded-Prefix header for the dashboard. 2020-07-28 10:08:03 +02:00
Filip Kszczot
a6c6127e33 spelling(docs/content/routing/providers/docker.md) 2020-07-28 01:02:03 +02:00
jb doumenjou
207d0bec78 Merge v2.2 into v2.3 2020-07-22 15:49:28 +02:00
Kevin Pollet
1443c8d4c6 Add migration documentation for IngressClass 2020-07-21 18:06:04 +02:00
Kevin Pollet
a136c46148 Use semantic versioning to enable ingress class support 2020-07-21 15:32:04 +02:00
Romain
bbbc18fd84 Prepare release 2.2.7 2020-07-20 18:48:04 +02:00
Ludovic Fernandez
2c7f6e4def fix: drop host port to compare with SNI. 2020-07-20 18:32:03 +02:00
Stephen Solka
dcd0cda0c6 prefer NoError/Error over Nil/NotNil 2020-07-19 13:10:03 +02:00
Romain
ff16925f63 Prepare release v2.2.6 2020-07-17 17:54:04 +02:00
Julien Salleyron
0b7aaa3643 Fix domain fronting
Co-authored-by: Ludovic Fernandez <ldez@users.noreply.github.com>
2020-07-17 15:38:04 +02:00
Ludovic Fernandez
44a244b1cb file parser: skip nil value. 2020-07-17 11:04:04 +02:00
Neil McAllister
1dc6f39b55 Update availability info 2020-07-17 10:08:03 +02:00
Mickael Jeanroy
45f52ca29c fix: access logs header names filtering is case insensitive 2020-07-16 17:36:04 +02:00
Manuel Zapf
fae2d93525 Get Entrypoints Port Address without protocol for redirect 2020-07-16 17:18:03 +02:00
Simon Heimberg
25b74ce1f3 Add example for entrypoint on one ip address 2020-07-16 12:38:03 +02:00
Fernandez Ludovic
4957e498af Prepare release v2.3.0-rc2 2020-07-15 22:00:19 +02:00
Fernandez Ludovic
54ca1abd2b fix: goreleaser. 2020-07-15 21:58:16 +02:00
Ludovic Fernandez
8f2951b275 Prepare release v2.3.0-rc1 2020-07-15 20:50:03 +02:00
Neil McAllister
720bef97e6 doc: add pilot and plugins documentation. 2020-07-15 20:14:04 +02:00
Fernandez Ludovic
c42f1b7a50 feat: raw map parser. 2020-07-15 20:14:04 +02:00
Fernandez Ludovic
0186c31d59 feat: plugins integration. 2020-07-15 20:14:04 +02:00
Matthieu Hostache
58bf1a2ca5 feat: Traefik Pilot WebUI 2020-07-15 20:14:04 +02:00
Julien Salleyron
4a31544024 feat: Traefik Pilot integration.
Co-authored-by: Ludovic Fernandez <ldez@users.noreply.github.com>
2020-07-15 20:14:04 +02:00
Daniel Tomcej
cb6ec507e2 Add new ingressClass support to ingress provider
* add new ingressClass

* add doc

* lint

* adjust behavior to look for a class with a specific controller

* remove looking strange test ingressclass

* return nil rather than en empty object

* change documentation

* apply @kevinpollet suggestion

* change order of processIngress to be correct and adjust tests

* review: clean.

* review: clean.

* Fix for review

Co-authored-by: Manuel Zapf <manuel@containo.us>
Co-authored-by: Fernandez Ludovic <ludovic@containo.us>
Co-authored-by: Michael <michael.matur@gmail.com>
2020-07-15 19:18:03 +02:00
Kevin Pollet
1ef93fead7 Add HTTP Provider
* feat: add HTTP provider implementation

* refactor: add SetDefaults and struct tag for the new file parser

* feat: add TLS configuration property

* refactor: rework HTTP provider implementation

* feat: provide config only once if fetched config is unchanged

* style: lint

* ui: add HTTP provider icon

* tests: simplify and fix integration test

* docs: add reference config for file

* docs: move http reference config for file

Co-authored-by: Daniel Tomcej <daniel.tomcej@gmail.com>
2020-07-15 16:56:03 +02:00
Alessandro Chitolina
285ded6e49 Add AWS ECS provider
* add ecs provider

* add ecs docs

* fix test after rebase

* add provider icon

* add missing addProvider call

* Fix for review

* Fix documentation

* Fix for review

* Fix documentation

* fix ctx usage

* autoDiscoverClusters setDefaults false

* Fix for review

* review: doc.

* Fix for review: add ctx in backoff retry

* review: linter.

Co-authored-by: Michael <michael.matur@gmail.com>
Co-authored-by: romain <romain@containo.us>
Co-authored-by: Fernandez Ludovic <ludovic@containo.us>
2020-07-15 16:28:04 +02:00
Fernandez Ludovic
6e4f5821dc Merge branch 'v2.2' into master 2020-07-15 09:37:32 +02:00
Ludovic Fernandez
a3df5b9a94 fix: documentation references. 2020-07-15 09:10:03 +02:00
Romain
04f0ebf776 Prepare release v2.2.5 2020-07-13 18:18:03 +02:00
Romain
0e97a3becd Revert domain fronting fix
* revert domain fronting changes

* reintroduce HostHeader rule

* add doc for removals
2020-07-13 17:58:03 +02:00
John Pekcan
77a0cef9ce fix k8s crd to read contentType middleware into dynamic config
Co-authored-by: John Pekcan <apekcan@ea.com>
2020-07-13 12:30:03 +02:00
Julien Salleyron
143e9b6f9c Fix default value for InsecureSNI when global is not set 2020-07-13 12:06:03 +02:00
Jean-Baptiste Doumenjou
06dcf8d8aa Prepare release v2.2.4 2020-07-10 19:16:04 +02:00
Jean-Baptiste Doumenjou
c315b4e064 Change the default value of insecureSNI
* fix: allow domain fronting by default

* review: typo.

* review: doc.

Co-authored-by: Fernandez Ludovic <ludovic@containo.us>
2020-07-10 18:48:03 +02:00
jb doumenjou
73ca7ad0c1 Merge remote-tracking branch 'upstream/v2.2' into mrg-current-v2.2 2020-07-10 11:23:49 +02:00
Jean-Baptiste Doumenjou
d7f517fbf5 Prepare release v2.2.3 2020-07-09 17:58:03 +02:00
Julien Salleyron
b10cb84f33 Fix panic when using chain middleware. 2020-07-09 10:50:04 +02:00
Jean-Baptiste Doumenjou
a55f0cabdd Prepare release v2.2.2 2020-07-08 17:16:03 +02:00
Douglas De Toni Machado
d73c7ccf50 Fix triggering multiple concurrent requests to ACME 2020-07-08 12:54:04 +02:00
Romain
2b35397169 Disable domain fronting
Co-authored-by: jbdoumenjou <jb.doumenjou@gmail.com>
2020-07-08 12:18:03 +02:00
Douglas De Toni Machado
416c367778 Update Dashboard examples and move it after 'Router Rule' section 2020-07-08 09:26:03 +02:00
Ludovic Fernandez
a20e90aa17 chore: update linter. 2020-07-07 14:42:03 +02:00
Thomas Einwaller
d698eba1e7 added required quotes to domains config
* added required quotes to domains config

otherwise syntax is incorrect

* review.

Co-authored-by: Fernandez Ludovic <ludovic@containo.us>
2020-07-03 15:18:03 +02:00
Ludovic Fernandez
fe8e9414cf Change doc analytics. 2020-07-02 18:20:03 +02:00
Heisenberg74
ed216bea4d Add iOS specific icons
* Add iOS specific icons

* Remove extra line
2020-07-02 14:06:03 +02:00
Ludovic Fernandez
3350b56057 Update go-acme/lego to v3.8.0 2020-07-02 13:56:03 +02:00
Kevin Pollet
4d71f682b3 Fix race condition issues with provided dynamic configuration
* tests: add tests to show race condition on provider config

* fix: store a deep copy of previous provider config

* fix: send a deep copy of provdier config to watcher listener
2020-07-02 11:18:04 +02:00
Bartek Bułat
607cda779d Add missing accessControlAllowOrigin list to middleware view
Headers middleware doesn't support `accessControlAllowOrigin` option
anymore, it should print a list of values from
`accessControlAllowOriginList`.
2020-07-02 10:56:03 +02:00
Yongxin Wang
b61de07ca0 Remove checkStringQuoteValidity in loadIngressRouteConf
* remove checkStringQuoteValidity in loadIngressRouteConf

* remove checkStringQuoteValidity and related tests in crd

* remove checkStringQuoteValidity from ingress and related tests

Co-authored-by: traefiker <30906710+traefiker@users.noreply.github.com>
2020-07-02 10:34:04 +02:00
David Badura
295ed76a1a fix certResolver typo 2020-07-01 14:42:04 +02:00
Léopold Jacquot
7669f41e8e Add custom ping http code when Traefik is terminating 2020-07-01 14:40:04 +02:00
Roger D. Winans
8da051789f Fix statement about lego _FILE env var 2020-07-01 13:16:04 +02:00
Romain
30e0778ed2 Fix sticky cookie ingress annotation doc 2020-07-01 12:58:05 +02:00
Vitaliy Potapov
7b1a256546 Update basicauth.md 2020-07-01 12:28:04 +02:00
Michi Gysel
cc4879fb76 Fix log field names in documentation 2020-07-01 12:14:04 +02:00
Neil McAllister
7c54a45950 Minor fix to Go templating documentation 2020-07-01 12:00:03 +02:00
Daniel Tomcej
73513f8371 Allow multiple secure middlewares to operate independently 2020-07-01 10:42:04 +02:00
Emile Vauge
dabf69abc7 Add rtribotte to maintainers 2020-06-18 17:50:04 +02:00
Romain
8d3d5c068c Provide username in log data on auth failure 2020-06-18 16:02:04 +02:00
Ludovic Fernandez
cb1d0441e9 feat: use parser to load dynamic config from file. 2020-06-17 16:48:04 +02:00
Romain
8d827f98da Fix Headers middleware documentation, usage of proper bool 2020-06-17 10:22:03 +02:00
Romain
e5e46bf4ed Fix ipv6 handling in redirect middleware 2020-06-17 01:10:04 +02:00
mpl
9f32292473 internal handlers: support for response modifiers
Co-authored-by: Julien Salleyron <julien@containo.us>
Co-authored-by: Romain <rtribotte@users.noreply.github.com>
Co-authored-by: Jean-Baptiste Doumenjou <jb.doumenjou@gmail.com>
2020-06-15 12:20:05 +02:00
jb doumenjou
7affeae480 Merge remote-tracking branch 'upstream/v2.2' into mrg-current-v2.2 2020-06-15 11:22:51 +02:00
Jan Christian Grünhage
b0f7b71453 refactor X-Forwarded-Proto 2020-06-10 14:32:03 +02:00
Jean-Baptiste Doumenjou
c0c540dc09 fix a broken link on Docker plugins documentation 2020-06-10 12:22:04 +02:00
František Hána
7694ff1761 Fix v1-> v2 migration: unify domain name in documentation example 2020-06-09 12:18:04 +02:00
cbachert
0d902671e5 Avoid overwriting already received UDP messages 2020-06-08 18:12:04 +02:00
Romain
fb90a7889a Fix doc url for Aurora DNS provider 2020-06-08 13:30:03 +02:00
Douglas De Toni Machado
48c73d6a34 Fix mem leak on UDP connections 2020-06-04 11:04:04 +02:00
Rick Herrick
12e462f383 Update kubernetes-crd.md 2020-06-03 17:24:04 +02:00
Ludovic Fernandez
b7fe55b6be fix: dead link. 2020-06-03 16:22:04 +02:00
Bo Jeanes
a1270d6cc7 Use specified network for "container" network mode 2020-05-28 19:58:04 +02:00
Sergio Maria Matone
f874c389bd fixing typo in Provider KubernetesIngress at Routing documentation 2020-05-27 17:48:04 +02:00
Ondřej Bárta
8c5846c478 Fix healthcheck.interval in docs 2020-05-26 21:54:03 +02:00
Brad Jones
dce807a329 Use "headers" instead of "header" in access log docs 2020-05-26 16:56:04 +02:00
Michael
7928e6d0cd Merge branch 'v2.2' into master 2020-05-18 18:37:11 +02:00
Volker
a98b726263 Fixes config samples regarding forceSlash option 2020-05-18 17:42:04 +02:00
Christian
42ec4e4e98 Fixed incorrect logging parameter in documentation 2020-05-18 17:20:04 +02:00
Julio Castillo
635e3fb9a8 Fix acme.md typo 2020-05-18 17:10:04 +02:00
Daniel Tomcej
5f0b6fde92 Upgrade Client-go to 0.18.2 2020-05-14 18:36:06 +02:00
Lukas Pfannschmidt
04257afab7 Remove redundant paragraph in Kubernetes ingress documentation 2020-05-14 18:22:04 +02:00
mpl
b673969a0f Makefile: be consistent with host.docker.internal on all platforms 2020-05-14 18:00:08 +02:00
Daniel Tomcej
c52c40f061 Improve redirectScheme documentation 2020-05-14 17:30:06 +02:00
Michael
abdb5cc6cb Update Copyright 2020-05-12 19:04:04 +02:00
Ludovic Fernandez
4a6817c64b Update go-acme/lego to v3.7.0 2020-05-11 19:54:04 +02:00
Ludovic Fernandez
328611c619 Update linter 2020-05-11 12:06:07 +02:00
João Neto
f12c27aa7c Improve acme CLI options in Let's Encrypt documentation 2020-05-04 23:36:03 +02:00
Julien Salleyron
e22c62baba Fix wss in x-forwarded-proto 2020-04-30 18:00:04 +02:00
Fernandez Ludovic
6b1158235e Merge branch 'v2.2' into master 2020-04-30 09:28:37 +02:00
Ludovic Fernandez
efcaf64a43 Prepare release v2.2.1 2020-04-29 19:46:04 +02:00
Manuel Zapf
f120301bc8 Disable distribution of the WebUI as PWA 2020-04-29 19:04:04 +02:00
mpl
4da63c9237 ratelimit: do not default to ipstrategy too early 2020-04-29 18:32:05 +02:00
Michael
97294df84f Update the documentation for helm chart 2020-04-29 17:32:05 +02:00
Ludovic Fernandez
de42fc10b5 fix: cookie documentation. 2020-04-29 17:10:05 +02:00
Romain
e5c6b0d4ea Doc middleware compress content type 2020-04-29 11:26:04 +02:00
Marc Bihlmaier
7c7ca7ef2b docs: Update kubernetes-crd-resource.yml 2020-04-28 17:18:04 +02:00
Michael
a813d32c53 Manage case for all Websocket headers 2020-04-27 18:12:04 +02:00
Lukas Haß
2f18e20cb0 Add polling for getOverview in toolbar 2020-04-27 17:48:05 +02:00
yuyicai
2ce2d63bda doc: add apiVersion for "kind: Middleware" 2020-04-27 17:26:06 +02:00
bryfry
367e797d5f fix KV service docs for http:url and tcp:address 2020-04-27 17:18:04 +02:00
Manuel Zapf
4fcf7bf2de Add sentence about the resource namespace and middleware 2020-04-27 11:32:05 +02:00
Ludovic Fernandez
e1d51b51f2 Update go-acme/lego to v3.6.0 2020-04-24 14:58:05 +02:00
MartinKoerner
40b4032ea0 Add Access log chapter for migration v1->v2 2020-04-22 11:12:05 +02:00
Thomas Brandstetter
756aa82aa9 Fix case-sensitive header Sec-Websocket-Version 2020-04-21 17:16:05 +02:00
Frank Brütting
fe5a4a26f8 Edit code indentation for correct alignment 2020-04-17 17:32:04 +02:00
Nicholas Wiersma
2171cb7f3d fix: consider UDP when checking for empty config 2020-04-16 16:18:04 +02:00
Ludovic Fernandez
f55a09862e doc: improve CRD documentation. 2020-04-15 17:38:05 +02:00
Felix SOEDJEDE
d0b21efd36 Added missing text a yaml file in Configuration 2020-04-15 17:26:05 +02:00
Michael
daf4258472 FIx wS heAder 2020-04-14 18:24:04 +02:00
Jan
619bc95b2b Update headers.md 2020-04-14 18:04:04 +02:00
Collin Mutembei
76c2fa6d9a Add link to tracing with elastic 2020-04-14 17:50:05 +02:00
Csaba Apagyi
77bf3ac6ce Fix documentation about api.insecure defaults 2020-04-14 17:38:04 +02:00
Sandro
0d7761f097 Fix typos in documentation 2020-04-08 18:54:03 +02:00
Michael
6c08d0b20b Fix documentation 2020-04-07 18:38:04 +02:00
Michael
148400ae0a Add note about health check in kubernetes 2020-04-07 17:16:03 +02:00
Jean-Baptiste Doumenjou
ac1657d86e Delete an unnecessary warning log 2020-04-03 17:06:06 +02:00
Benjamin Freeman
332c314d53 Fix bad address syntax in Global HTTP to HTTPS redirection v2 TOML 2020-04-02 13:20:05 +02:00
Jake Howard
5c8d386881 It's just the one TLS, actually. 2020-03-31 17:08:05 +02:00
Ludovic Fernandez
6f749c6414 Normalize default names for ConsulCatalog. 2020-03-30 19:12:05 +02:00
Ludovic Fernandez
a6b6e1d101 Change the default priority on the router created by the redirect. 2020-03-30 14:50:05 +02:00
AJ Schmidt
aa68cc2e63 Doc Fix for 2.2 Redirects 2020-03-28 13:02:04 +01:00
Ludovic Fernandez
5560ab28f2 Prepare release v2.2.0 2020-03-25 17:46:04 +01:00
Jean-Baptiste Doumenjou
f624449ccb Delete an unnecessary warning log 2020-03-25 14:32:04 +01:00
mpl
69de5bb828 digest auth: use RequireAuthStale when appropriate 2020-03-25 14:28:04 +01:00
Fernandez Ludovic
b54412e82e Merge branch v2.1 into v2.2 2020-03-24 14:18:39 +01:00
Ludovic Fernandez
dd19fc3f3e Prepare release v2.1.9 2020-03-23 17:40:04 +01:00
Julien Salleyron
dd436a689f Force http/1.1 for upgrade (Traefik v2) 2020-03-23 16:48:06 +01:00
Ludovic Fernandez
ee06778cc2 fix: period field name. 2020-03-23 13:08:04 +01:00
Ludovic Fernandez
b0c7fad81b doc: fix terminationDelay word case. 2020-03-23 11:48:04 +01:00
Ludovic Fernandez
0c28630948 Fix sameSite (Traefik v2) 2020-03-23 11:24:05 +01:00
Marco Vito Moscaritolo
198320be8a Fix tab name 2020-03-21 20:22:04 +01:00
Ludovic Fernandez
da8451c637 Prepare release v2.2.0-rc4 2020-03-19 18:10:05 +01:00
Fernandez Ludovic
f54b8d8847 Merge branch v2.1 into v2.2 2020-03-19 17:53:34 +01:00
Ludovic Fernandez
f4fb758629 Prepare release v2.1.8 2020-03-19 15:46:04 +01:00
Julien Salleyron
b40fa61783 Fix memory leak in metrics
Co-authored-by: Ludovic Fernandez <ldez@users.noreply.github.com>
2020-03-19 13:48:04 +01:00
Maxime Veber
94cd9e5337 Doc: fix wrong name of config format 2020-03-19 00:32:03 +01:00
Ludovic Fernandez
15c9fc4051 Prepare release v2.2.0-rc3 2020-03-18 18:58:04 +01:00
Fernandez Ludovic
2b28607a4e Merge remote-tracking branch 'upstream/v2.1' into v2.2 2020-03-18 18:16:08 +01:00
Fernandez Ludovic
683d5d5a48 chore: skip openbsd/freebsd arm64 2020-03-18 17:21:20 +01:00
Ludovic Fernandez
4f92ef5fa9 Prepare release v2.1.7 2020-03-18 15:50:05 +01:00
Ludovic Fernandez
44221fba49 Fix entry point redirect behavior 2020-03-18 15:48:04 +01:00
mpl
63d7ed74f1 udp: replace concurrently reset timer with ticker
Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com>
2020-03-18 14:50:06 +01:00
Ludovic Fernandez
9012f2d6b1 fix: Ingress TLS support
Co-authored-by: Julien Salleyron <julien@containo.us>
2020-03-18 13:30:04 +01:00
Ludovic Fernandez
09224e4b04 fix: custom Host header. 2020-03-18 00:54:04 +01:00
Maxime Veber
668e6fd610 Fix wrong copy/pasted with service name warning 2020-03-18 00:32:04 +01:00
Ludovic Fernandez
62c3025a76 Access log field quotes. 2020-03-17 12:36:04 +01:00
mpl
6e92c20edb docs: clarify multi-levels stickiness 2020-03-17 12:34:04 +01:00
Ludovic Fernandez
60de577a5f Update go-acme/lego to v3.5.0 2020-03-16 17:28:05 +01:00
Ludovic Fernandez
af58faafae Drop traefik from default entry points. 2020-03-16 16:54:04 +01:00
Ludovic Fernandez
5adf74e6ce doc: Use neutral domains. 2020-03-13 22:50:05 +01:00
Ludovic Fernandez
f4007a342c Improve ping documentation. 2020-03-13 18:12:04 +01:00
Mathieu Debove
672234aaea docs: terminology, replace 'encoded' by 'hashed' 2020-03-13 17:30:04 +01:00
Ludovic Fernandez
f19eebd3cc doc: fix typo. 2020-03-12 09:48:04 +01:00
Darren Shepherd
37fb5298a0 Stop using fork of go-rancher-metadata 2020-03-12 00:00:04 +01:00
Michael
4280af4844 Update traefik install documentation 2020-03-11 18:28:05 +01:00
Ludovic Fernandez
d67e06037e Prepare release v2.2.0-rc2 2020-03-11 18:12:04 +01:00
Emile Vauge
4ce90a7eb4 Remove @dduportal from the maintainers team (#6464) 2020-03-11 13:07:54 +01:00
mpl
4408c634b0 Specify passthrough for TCP/TLS in its own section 2020-03-10 17:28:04 +01:00
John Molakvoæ
df351511de Fix example values for swarmModeRefreshSeconds 2020-03-10 16:08:05 +01:00
robotte
3b85dc9618 Improve kubernetes external name service support
Co-authored-by: jbdoumenjou <jb.doumenjou@gmail.com>
2020-03-10 12:46:05 +01:00
robotte
e511cfe2e4 Improve documentation for kubernetes ingress configuration
Co-authored-by: jbdoumenjou <jb.doumenjou@gmail.com>
2020-03-09 13:48:06 +01:00
Ludovic Fernandez
d0f8c1834d Update migration documentation 2020-03-09 13:22:06 +01:00
Ludovic Fernandez
d02bb28920 Router entry points on reload. 2020-03-09 11:12:05 +01:00
Patrizio Bekerle
99861ac808 Fix broken documentation link 2020-03-06 10:30:06 +01:00
Traefiker Bot
13ebd2c4e4 Update version references. 2020-03-05 21:46:04 +01:00
Fernandez Ludovic
16c4807162 fix: update dockerignore. 2020-03-05 19:50:51 +01:00
Fernandez Ludovic
11aa4a6be0 Prepare release v2.2.0-rc1 2020-03-05 19:12:04 +01:00
Dmytro Tananayskiy
cf7f0f878a Support mirroring request body
Co-authored-by: Mathieu Lonjaret <mathieu.lonjaret@gmail.com>
Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com>
2020-03-05 18:30:07 +01:00
Fernandez Ludovic
09c07f45ee Merge v2.1 into master. 2020-03-05 16:10:23 +01:00
Traefiker Bot
b5d205b78c fix statsd scale for duration based metrics 2020-03-05 15:10:07 +01:00
Traefiker Bot
ad6bf936d5 Add metrics about TLS 2020-03-05 13:30:05 +01:00
Traefiker Bot
a6040c623b Entry point redirection and default routers configuration
Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com>
Co-authored-by: Mathieu Lonjaret <mathieu.lonjaret@gmail.com>
2020-03-05 12:46:05 +01:00
Traefiker Bot
93a7af270f Update the k8s CRD documentation 2020-03-05 11:48:04 +01:00
Traefiker Bot
082fb166a2 Rework access control origin configuration 2020-03-05 08:18:04 +01:00
Ludovic Fernandez
dccc075f2c Add some missing doc. 2020-03-04 16:48:05 +01:00
Ole Rößner
5fdec48854 Added wildcard ACME example 2020-03-04 13:24:05 +01:00
Ludovic Fernandez
fb51ebcba6 Disable default APM tracer. 2020-03-04 00:56:04 +01:00
Julien Salleyron
67e17def56 Revert "Allow fsnotify to reload config files on k8s (or symlinks)" 2020-03-03 18:44:04 +01:00
robotte
353bd3d06f Added support for replacement containing escaped characters
Co-authored-by: Ludovic Fernandez <ldez@users.noreply.github.com>
2020-03-03 16:20:05 +01:00
Hamilton Turner
a7495f711b fix typo 2020-02-29 18:48:04 +01:00
Fernandez Ludovic
e9d0a16a3b Merge 'v2.1' into master 2020-02-29 00:59:18 +01:00
Ludovic Fernandez
5072735866 Prepare release v2.1.6 2020-02-28 18:30:05 +01:00
Ludovic Fernandez
1746ed6e1c Prepare release v2.1.5 2020-02-28 18:02:05 +01:00
Ludovic Fernandez
664cd940c5 fix: YML example of template for the file provider. 2020-02-28 14:52:05 +01:00
Dmitry Sharshakov
389536aff0 Add dark theme for Web UI 2020-02-27 21:30:04 +01:00
Daniel Tomcej
f6c6c2b2c0 Allow fsnotify to reload config files on k8s (or symlinks) 2020-02-26 17:50:07 +01:00
Robin Müller
18d90ecd96 Do not follow redirects for the health check URLs 2020-02-26 17:28:04 +01:00
Ludovic Fernandez
70fdfeb926 Use explicitly the word Kubernetes in the migration guide. 2020-02-26 16:38:05 +01:00
Ludovic Fernandez
8c271cf40c Update to go1.14 2020-02-26 15:30:06 +01:00
Jean-Baptiste Doumenjou
665aeb34b2 Add UDP support in kubernetesCRD provider
Co-authored-by: Mathieu Lonjaret <mathieu.lonjaret@gmail.com>
2020-02-26 12:28:05 +01:00
Ma Zi'ang
98f304f8b0 Use EDF schedule algorithm for WeightedRoundRobin 2020-02-26 11:56:05 +01:00
Matthieu Hostache
7a5d2a3bd9 WebUI: add udp pages 2020-02-26 11:12:05 +01:00
Evan Lurvey
f4d62d3342 Fix docs and code to match in haystack tracing. 2020-02-26 11:10:06 +01:00
Ludovic Fernandez
54df7b0a3c Update go-acme/lego to v3.4.0 2020-02-26 10:36:05 +01:00
Ludovic Fernandez
9795a7c4a9 fix: consul-catalog use port from label instead of item port. 2020-02-25 23:00:04 +01:00
Julien Salleyron
1557fda588 Consider SSLv2 as TLS in order to close the handshake correctly 2020-02-25 17:50:05 +01:00
Julien Salleyron
1e7f34c271 Launch healhcheck only one time instead of two 2020-02-25 16:30:05 +01:00
Michael
d71e8ab7c9 Fix secret informer load 2020-02-25 15:14:04 +01:00
Daniel Tomcej
3b4c8ba439 Use consistent protocol determination 2020-02-25 10:12:04 +01:00
Ludovic Fernandez
336dd1d5ba Update k3s. 2020-02-24 17:56:05 +01:00
Daniel Tomcej
a474e196ea Add TLSStores to Kubernetes CRD 2020-02-24 17:14:06 +01:00
Ludovic Fernandez
101aefbfe8 Update dependencies 2020-02-24 16:06:05 +01:00
Patrick Schaub
e04ebaa364 Fix typo in the godoc of TLS option MaxVersion 2020-02-21 17:48:05 +01:00
Julien Salleyron
bb4de11c51 Add UDP in providers with labels 2020-02-20 22:24:05 +01:00
Ludovic Fernandez
a20a5f1a44 Improvement of the unique name of the router for Ingress. 2020-02-18 17:34:05 +01:00
Ludovic Fernandez
aab7043d45 Add information about filename and directory options. 2020-02-18 17:30:05 +01:00
Julien Salleyron
ee6d28b25e Build all UDP services on an entrypoint 2020-02-17 18:02:04 +01:00
rYR79435
ef504f3eba Remove TLS cipher suites for TLS minVersion 1.3 2020-02-17 17:38:05 +01:00
Bret Fisher
86407871e6 Docs: Clarifying format of ingress endpoint service name 2020-02-17 17:30:06 +01:00
Ludovic Fernandez
76bb2ef60c fix: dashboard example with k8s CRD. 2020-02-17 17:20:05 +01:00
Ludovic Fernandez
beec65938e Improve documentation. 2020-02-17 11:04:04 +01:00
Felipe
1c764052f7 Add http request scheme to logger 2020-02-17 10:46:04 +01:00
Ludovic Fernandez
d501c0786f Early filter of the catalog services. 2020-02-13 10:26:04 +01:00
Jean-Baptiste Doumenjou
322c329c6f fix: use the right error in the log 2020-02-12 18:28:05 +01:00
Daniel Tomcej
7c430e5c9d Allow PreferServerCipherSuites as a TLS Option 2020-02-12 18:06:04 +01:00
Ludovic Fernandez
94b2b6393f Add missing generated element for UDP. 2020-02-12 15:40:06 +01:00
Vyacheslav Matyukhin
4a1d20e8a3 Fix formatting in "Kubernetes Namespace" block 2020-02-12 14:26:05 +01:00
Sylvain Rabot
8762e5160d Let metrics libs handle the atomicity 2020-02-11 16:40:05 +01:00
Ludovic Fernandez
c33348e80c fix: return an error when ping is not enabled. 2020-02-11 16:06:06 +01:00
FuNK3Y
0c90f6afa2 Fix traefik behavior when network_mode is host 2020-02-11 11:56:05 +01:00
mpl
115d42e0f0 UDP support
Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com>
2020-02-11 01:26:04 +01:00
Andrew Parker
6e43ab5897 Don't throw away valid configuration updates 2020-02-10 21:40:06 +01:00
Sylvain Rabot
8988c8f9af Decrease log level for client related error 2020-02-10 18:54:05 +01:00
Fernandez Ludovic
aa21351d0d Merge branch v2.1 into master 2020-02-10 16:47:13 +01:00
Ludovic Fernandez
97109db82b fix: KV flaky tests. 2020-02-10 15:48:06 +01:00
Rowayda Khayri
8bb625adb7 Minor readme improvements 2020-02-10 14:54:05 +01:00
Ludovic Fernandez
ea2d65f8bb Update valkeyrie to fix the support of Redis. 2020-02-10 14:52:05 +01:00
Dmitry Sharshakov
1cf09d91bb Proxy API to Traefik in dev mode 2020-02-10 09:38:04 +01:00
Isaac Newton K
cf2b97b656 Added link to community forum 2020-02-07 17:36:05 +01:00
Ludovic Fernandez
2e8cbd81b4 Prepare release v2.1.4 2020-02-06 17:54:03 +01:00
Daniel Tomcej
b498c7bcbb Properly purge default certificate from stores before logging 2020-02-05 18:46:03 +01:00
silenceshell
e78843bdca fix a typo 2020-02-05 14:08:04 +01:00
Steve Groom
2eaf3136f9 Minor documentation tweaks. 2020-02-04 21:20:04 +01:00
谭九鼎
6b6ab9fe6d readme: update links to use HTTPS 2020-02-04 17:46:03 +01:00
Renee Margaret McConahy
f35b9a4509 Correct a trivial spelling mistake in the documentation. 2020-02-03 22:34:05 +01:00
Julien Salleyron
349ce004f8 don't create http client for each request in forwardAuth middleware 2020-02-03 18:44:03 +01:00
Julien Salleyron
1b63c95c4e Fix kubernetes providers shutdown and clean safe.Pool 2020-02-03 17:56:04 +01:00
Sander Lissenburg
c80d53e7e5 Update install-traefik.md 2020-02-03 17:18:04 +01:00
Ludovic Fernandez
eb2028e0fa Add missing certResolver in IngressRoute examples. 2020-02-03 14:54:06 +01:00
Daniel Tomcej
03689251c5 Allow wildcard hosts in ingress provider 2020-02-03 11:24:06 +01:00
Alan
85c08312be Documentation fix for acme.md CLI 2020-02-02 13:50:03 +01:00
mpl
16288d171c use provider-qualified name when recursing for chain 2020-01-27 10:40:05 +01:00
Ludovic Fernandez
87044c54f4 Improvement of the certificates resolvers logs 2020-01-24 16:30:07 +01:00
Ludovic Fernandez
a4e8d3cb36 doc: use the same entry point name everywhere 2020-01-23 16:36:07 +01:00
Ludovic Fernandez
dce6356d75 fix: etcd provider name. 2020-01-22 18:26:03 +01:00
mpl
c24e74efe3 systematically call updateIngressStatus 2020-01-22 03:44:04 +01:00
Fernandez Ludovic
60e247862a Merge branch v2.1 into master 2020-01-21 18:41:46 +01:00
Ludovic Fernandez
c796cd2250 Prepare release v2.1.3 2020-01-21 18:20:05 +01:00
Julien Salleyron
c296a4a967 Remove Content-Type auto-detection
Co-authored-by: mpl <mathieu.lonjaret@gmail.com>
2020-01-21 18:06:03 +01:00
mpl
24192a3797 fix memleak in safe.Pool
Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com>
2020-01-20 17:42:05 +01:00
Julien Salleyron
f84d947115 Use the calculated port when useBindPortIP is enabled 2020-01-20 15:56:05 +01:00
Ludovic Fernandez
9544dece07 fix: invalid service definition. 2020-01-20 15:28:06 +01:00
Ludovic Fernandez
6c4d7fd377 doc: adds an explanation of the global redirection pattern. 2020-01-20 15:04:09 +01:00
Jan
8d467ddd61 Adding an explanation how to use htpasswd for k8s secret 2020-01-20 13:24:05 +01:00
Ludovic Fernandez
db28ee1ff7 Update golangci-lint version. 2020-01-19 23:00:06 +01:00
Ludovic Fernandez
e378cb410c Update supported providers list. 2020-01-17 17:30:07 +01:00
Simon
144eee7fbf Update go-acme/lego to v3.3.0 2020-01-17 15:20:05 +01:00
Ludovic Fernandez
72e702a15a Support 'networking.k8s.io/v1beta1' ingress apiVersion 2020-01-16 10:14:06 +01:00
Ludovic Fernandez
6b7be462b8 Add Ingress annotations support
Co-authored-by: jbdoumenjou <jb.doumenjou@gmail.com>
2020-01-14 15:48:06 +01:00
Ludovic Fernandez
4329d393e6 Update license date 2020-01-14 15:22:05 +01:00
Jean-Baptiste Doumenjou
4f52691f71 Add namespace attribute on IngressRouteTCP service 2020-01-14 12:14:05 +01:00
Igor Scheller
c132d71684 Fixed typo in k8s doc 2020-01-13 15:54:06 +01:00
Evert Arias
8410f61c73 Fix small typo in user-guides documentation 2020-01-10 21:34:04 +01:00
Ludovic Fernandez
cac76a182e Update APM client. 2020-01-10 11:48:07 +01:00
thatshubham
5b0e93552c Update Marathon.md 2020-01-10 02:40:03 +01:00
tvrg
5eebd04d43 Fix typo in docker routing documentation 2020-01-09 16:34:05 +01:00
mpl
6f4aefffe7 Add period for rate limiter middleware 2020-01-08 11:44:04 +01:00
Sylvain Rabot
377c219fd9 Rename the non-exposed field "count" to "size" 2020-01-07 20:00:05 +01:00
Fernandez Ludovic
da3d814c8b Merge branch 'v2.1' into master 2020-01-07 19:13:48 +01:00
Ludovic Fernandez
4461ecfed1 Prepare release v2.1.2 2020-01-07 16:56:05 +01:00
Gary Kramlich
bd676922c3 k8s Ingress: fix crash on rules with nil http 2020-01-07 16:26:08 +01:00
José Carlos Chávez
49356cadd4 fix(tracing): makes sure tracing headers are being propagated when using forwardAuth 2020-01-07 15:48:07 +01:00
Ludovic Fernandez
c02f222005 Improves error message when a configuration file is empty. 2020-01-07 15:24:05 +01:00
Jean-Baptiste Doumenjou
d3977ce40e Improve documentation about Kubernetes IngressRoute 2020-01-07 11:26:05 +01:00
Jean-Baptiste Doumenjou
7283d7eb2f Log the ignored namespace only when needed 2020-01-07 10:46:04 +01:00
Stanislav Mekhonoshin
48252d284e Allow to run docker from Makefile in non-interactive mode 2020-01-06 16:58:04 +01:00
Julien Salleyron
807dc46ad0 Handle respondingtimeout and better shutdown tests.
Co-authored-by: Mathieu Lonjaret <mathieu.lonjaret@gmail.com>
2020-01-06 16:56:05 +01:00
Tiago Boeing
0837ec9b70 Fix command for use websecure via CLI 2020-01-01 01:56:04 +01:00
Ludovic Fernandez
b380522df8 fix: dashboard redirect loop 2019-12-24 17:36:04 +01:00
Ludovic Fernandez
c127d34d32 fix: Malformed x-b3-traceid Header 2019-12-22 08:24:03 +01:00
der-domi
bc0b97d5d8 Update ipwhitelist.md 2019-12-19 21:38:03 +01:00
Manuel Zapf
431abe79f3 Query consul for service health separately 2019-12-19 11:00:07 +01:00
Dmitry Sharshakov
125470f110 Support SSH connection to Docker 2019-12-18 15:28:04 +01:00
Dmitry Sharshakov
4f669bdd66 Don't set user-agent to Go-http-client/1.1 2019-12-18 11:22:06 +01:00
Ludovic Fernandez
8930236396 fix: invalid label/flag parsing. 2019-12-17 16:10:06 +01:00
Matthieu Hostache
b3c9a50ead Web UI: Polling on tables 2019-12-17 14:52:05 +01:00
Ludovic Fernandez
4d0aee67be doc: remove section about templates 2019-12-17 14:30:06 +01:00
Kenneth Peiruza
b501c6d5bf Added ExternalName https support for Kubernetes CRD, as done in v2.0 2019-12-16 21:48:03 +01:00
Ludovic Fernandez
7dcee38b21 Use consistent name in ACME documentation 2019-12-13 15:46:06 +01:00
Damien Duportal
903c63ac13 add a documentation example for dashboard and api for kubernetes CRD 2019-12-13 10:36:04 +01:00
Ludovic Fernandez
a98c9f99d1 Prepare release v2.1.1 2019-12-12 19:44:04 +01:00
Ludovic Fernandez
7f085df240 chore: update some dependencies 2019-12-12 17:48:05 +01:00
Manuel Zapf
b5ae141fb6 Add Migration Guide for Traefik v2.1 2019-12-12 17:06:05 +01:00
Ludovic Fernandez
7eb866ffee Improve documentation about Traefik build. 2019-12-12 16:32:06 +01:00
mpl
61e59d74e0 CloseNotifier: return pointer instead of value 2019-12-12 15:12:05 +01:00
David
5f50d2e230 Add serial number certificate to forward headers 2019-12-12 00:32:03 +01:00
Matthieu Hostache
3f1484480e Web UI: Take off logic from generic table component 2019-12-11 23:14:04 +01:00
Fernandez Ludovic
2d3fc613ec Merge branch 'v2.1' into master 2019-12-11 22:14:26 +01:00
Ludovic Fernandez
e2982185d6 Prepare release v2.1.0 2019-12-11 18:40:04 +01:00
mpl
bdf4c6723f detect CloseNotify capability in accesslog and metrics 2019-12-10 18:18:04 +01:00
Matthieu Hostache
1d4f10bead Fix http/tcp resources pagination 2019-12-10 17:48:04 +01:00
Ludovic Fernandez
aac3e2d4fb Several documentation fixes 2019-12-10 16:12:06 +01:00
Jean-Baptiste Doumenjou
87dd6badac Use valid condition in the service details panel UI 2019-12-10 15:34:06 +01:00
Dmitry Sharshakov
1b6c7af3eb Fix weighted service provider icon 2019-12-10 15:14:06 +01:00
Fernandez Ludovic
5c091a1871 Merge branch 'v2.0' into v2.1 2019-12-09 18:48:20 +01:00
Ludovic Fernandez
fb3839e096 Prepare release v2.0.7 2019-12-09 18:34:04 +01:00
Damien Duportal
eef3ca0295 Improve documentation for ACME/Let's Encrypt 2019-12-09 18:08:04 +01:00
Ludovic Fernandez
c9dc0226fd fix: flaky Travis builds due to 'not get uid/gid' 2019-12-09 15:52:04 +01:00
Ludovic Fernandez
1a7a3a4233 fix: remove double call to server Close. 2019-12-09 15:14:06 +01:00
Julien Salleyron
d2e458f673 Remove mirroring impact in accesslog 2019-12-09 15:12:06 +01:00
Eugen Mayer
e0f265db15 Make trailing slash more prominent for the "secure dashboard setup" too 2019-12-09 12:32:04 +01:00
Ludovic Fernandez
39a3cefc21 fix: PassClientTLSCert middleware separators and formatting 2019-12-09 12:20:06 +01:00
Jean-Baptiste Doumenjou
89db08eb93 Improve documentation on file provider limitations with file system notifications 2019-12-09 11:48:05 +01:00
Eugen Mayer
f40cf2cd8e The Cloudflare hint for the GLOBAL API KEY for CF MAIL/API_KEY 2019-12-09 11:42:06 +01:00
Daniel Tomcej
50bb69b796 Document LE caveats with Kubernetes on v2 2019-12-09 10:16:05 +01:00
Tim
a7d7c2b98b Fix Docker example in "Strip and Rewrite Path Prefixes" in migration guide 2019-12-06 00:42:04 +01:00
Sebastian Pipping
8dfc0d9dda readme: Fix link to file backend/provider documentation 2019-12-05 21:50:04 +01:00
Antoine
0e6dce7093 Do not stop to listen on tcp listeners on temporary errors 2019-12-04 16:26:05 +01:00
Ludovic Fernandez
ddbf4470a1 fix: debug endpoint when insecure API. 2019-12-04 15:28:07 +01:00
Fernandez Ludovic
829649e905 Merge branch 'v2.1' into master 2019-12-03 10:43:25 +01:00
Ludovic Fernandez
bc063ad773 Merge current v2.0 branch into v2.1 2019-12-03 10:40:05 +01:00
Michael
ef38810425 Upgrade python version to 3.7 for netlify 2019-12-03 10:16:05 +01:00
Ludovic Fernandez
5ccca8d708 Prepare release v2.1.0-rc3 2019-12-02 19:10:04 +01:00
Fernandez Ludovic
89919dbe36 Merge branch 'v2.0' into v2.1 2019-12-02 18:20:29 +01:00
Ludovic Fernandez
ecd51a1428 Prepare release v2.0.6 2019-12-02 18:14:05 +01:00
Brendan Le Glaunec
4cb9eec257 Add custom help function to command 2019-12-02 17:34:06 +01:00
José Carlos Chávez
78097b96c9 Fix extraction for zipkin tracing 2019-12-02 14:18:07 +01:00
mpl
2af8589afd Do not give responsewriter or its headers to asynchronous logging goroutine
Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com>
2019-12-02 03:14:04 +01:00
Ludovic Fernandez
cf1ace3a73 fix: consul catalog constraints. 2019-11-29 17:16:05 +01:00
Jean-Baptiste Doumenjou
efcc9d51d4 Healthcheck managed for all related services
Co-authored-by: Mathieu Lonjaret <mathieu.lonjaret@gmail.com>
2019-11-29 12:40:05 +01:00
Ludovic Fernandez
9b9f4be6a4 Add KV store providers (dynamic configuration only)
Co-authored-by: Jean-Baptiste Doumenjou <jb.doumenjou@gmail.com>
2019-11-28 21:56:04 +01:00
Daniel Tomcej
a87c104172 Remove Request Headers CORS Preflight Requirement 2019-11-28 15:24:06 +01:00
Wagum
028683666d Update deprecated function call in k8s providers 2019-11-28 00:04:04 +01:00
Руслан Корнев
b2c59be8de Update router entrypoint example 2019-11-27 20:08:03 +01:00
Damien Duportal
2685e06528 Add Swarm section to the Docker Provider Documentation 2019-11-27 17:12:04 +01:00
Michael
a99673122e Service registered with same id on Consul Catalog 2019-11-27 16:24:06 +01:00
Damien Duportal
ba49012447 Mention the experimental Helm Chart in the installation section of documentation 2019-11-27 16:02:05 +01:00
Amine Benseddik
fe8b090911 Elastic APM tracer implementation 2019-11-27 16:00:07 +01:00
Matthieu Hostache
c4a38de007 Web UI: Table infinite scroll 2019-11-27 15:06:06 +01:00
Matthieu Hostache
407eda0ba0 Web UI: Avoid unnecessary duplicated api calls 2019-11-27 12:04:05 +01:00
Manuel Zapf
5b1dc0bfbd Change service name in rancher provider to make webui service details view work 2019-11-27 11:12:07 +01:00
Ludovic Fernandez
772b260b37 fix: sub command help 2019-11-27 10:32:06 +01:00
Maxim Fominykh
bd75eddc8e Duration order consistency when multiplying number by time unit 2019-11-26 21:38:03 +01:00
Matthieu Hostache
00db3a0922 Web UI: Avoid some router properties to overflow their container 2019-11-23 23:18:04 +01:00
Matthieu Hostache
2bcc1b7fb4 Web UI: Sync toolbar table state with url query params 2019-11-20 19:02:05 +01:00
Matthieu Hostache
433c848c8d Web UI: Avoid polling on /api/entrypoints 2019-11-20 18:36:04 +01:00
Jean-Baptiste Doumenjou
abdb3b9475 Uses, if it exists, the ping entry point provided in the static configuration
Co-authored-by: Ludovic Fernandez <ldez@users.noreply.github.com>
2019-11-20 18:34:05 +01:00
Matthieu Hostache
9761161163 Web UI: Fix displayed tcp service details 2019-11-20 18:26:10 +01:00
Ludovic Fernandez
e5104021b1 doc: remove double quotes on CLI flags. 2019-11-19 10:18:05 +01:00
Fernandez Ludovic
9ef4f47ba0 fix: changelog. 2019-11-15 22:06:23 +01:00
Ludovic Fernandez
3bbc88f89a Prepare release v2.1.0-rc2 2019-11-15 20:32:03 +01:00
Ludovic Fernandez
bfa61c8f67 fix: use MaxInt32. 2019-11-15 20:14:04 +01:00
Jean-Baptiste Doumenjou
3bdeb75cc2 Prepare release v2.1.0-rc1 2019-11-15 18:44:03 +01:00
Fernandez Ludovic
ca9eaf383a Merge branch 'v2.0' into master 2019-11-15 13:34:41 +01:00
Ludovic Fernandez
42a8d84a1f X-Forwarded-Proto must not skip the redirection. 2019-11-15 12:36:04 +01:00
kolaente
3fd330c2fb Update go-acme/lego to 3.2.0 2019-11-15 12:06:05 +01:00
Pascal Andy
8f340afca1 Add back the security section from v1 2019-11-15 10:48:05 +01:00
Ludovic Fernandez
e28d9426b9 doc: fix wrong acme information 2019-11-15 10:08:05 +01:00
Ludovic Fernandez
b3078b75cd fix: location header rewrite.
Co-authored-by: Daniel Tomcej <daniel.tomcej@gmail.com>
2019-11-15 07:50:04 +01:00
Blake Buthod
424b97994e Fixed spelling error 2019-11-15 00:42:04 +01:00
mpl
f30a52c2dc Support for all services kinds (and sticky) in CRD
Co-authored-by: Jean-Baptiste Doumenjou <jb.doumenjou@gmail.com>
Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com>
2019-11-14 19:28:04 +01:00
Ludovic Fernandez
424e2a9439 Add internal provider
Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com>
2019-11-14 16:40:05 +01:00
Michael
2ee2e29262 Fix empty address for registering service without IP 2019-11-14 11:10:06 +01:00
SKP
ca1d980746 Added configurable prefix for statsd metrics collection 2019-11-12 18:18:04 +01:00
Kelvin Sarink
5a3e325742 Add tls option for Elliptic Curve Preferences 2019-11-03 15:54:04 +01:00
Ludovic Fernandez
c5ec12cd56 feat: add consul catalog options 2019-10-31 11:56:05 +01:00
Ludovic Fernandez
3410541a2f Conditionnal compression based on Content-Type 2019-10-31 11:36:05 +01:00
kmeekva
1f39083555 Add support for MaxVersion in tls.Options 2019-10-29 12:58:05 +01:00
Ludovic Fernandez
5f8fb6c226 fix: Consul Catalog documentation. 2019-10-29 12:32:05 +01:00
Fernandez Ludovic
d66dd01438 Merge branch 'v2.0' into master 2019-10-29 09:52:45 +01:00
Michael
14bdc0e57a Fix consul catalog documentation 2019-10-16 10:36:04 +02:00
Andrew Privalov
7be2db6e86 Add Consul Catalog provider 2019-10-15 17:34:08 +02:00
Michael
d0ed814669 Update jaeger dependencies 2019-10-15 16:30:06 +02:00
Fernandez Ludovic
4e9166759d Merge branch 'v2.0' into master 2019-10-10 00:30:01 +02:00
Fernandez Ludovic
2471f893e7 Merge branch 'v2.0' into master 2019-09-23 17:26:52 +02:00
Fernandez Ludovic
56e0580aa5 Merge branch 'v2.0' into master 2019-09-17 17:37:22 +02:00
Fernandez Ludovic
e4e2a188c5 Merge branch 'v2.0' into master 2019-09-11 15:21:50 +02:00
Fernandez Ludovic
a20a6636b4 Merge v2.0.0-rc1 into master 2019-08-27 01:59:33 +02:00
Fernandez Ludovic
88ebac942e Merge branch 'v2.0' into master. 2019-08-06 21:26:59 +02:00
Fernandez Ludovic
06df6017df Merge branch 'v2.0' into master 2019-07-02 13:35:09 +02:00
Fernandez Ludovic
15b5433f1a Merge branch 'v2.0' into master 2019-06-25 20:16:20 +02:00
Fernandez Ludovic
890d02638b Merge branch v2.0 into master 2019-06-20 11:37:47 +02:00
Fernandez Ludovic
11f04a453e Merge branch v2.0 to master. 2019-04-17 13:49:49 +02:00
Fernandez Ludovic
7baa752a9d Merge 'v2.0.0-alpha3' into master 2019-03-29 15:38:45 +01:00
1633 changed files with 180362 additions and 71631 deletions

View File

@@ -1,3 +1,5 @@
dist/
!dist/traefik
site/
vendor/
.idea/

24
.github/CODEOWNERS vendored
View File

@@ -1,24 +0,0 @@
provider/kubernetes/** @containous/kubernetes
provider/rancher/** @containous/rancher
provider/marathon/** @containous/marathon
provider/docker/** @containous/docker
docs/user-guide/kubernetes.md @containous/kubernetes
docs/user-guide/marathon.md @containous/marathon
docs/user-guide/swarm.md @containous/docker
docs/user-guide/swarm-mode.md @containous/docker
docs/configuration/backends/docker.md @containous/docker
docs/configuration/backends/kubernetes.md @containous/kubernetes
docs/configuration/backends/marathon.md @containous/marathon
docs/configuration/backends/rancher.md @containous/rancher
examples/k8s/ @containous/kubernetes
examples/compose-k8s.yaml @containous/kubernetes
examples/k8s.namespace.yaml @containous/kubernetes
examples/compose-rancher.yml @containous/rancher
examples/compose-marathon.yml @containous/marathon
vendor/github.com/gambol99/go-marathon @containous/marathon
vendor/github.com/rancher @containous/rancher
vendor/k8s.io/ @containous/kubernetes

View File

@@ -8,7 +8,7 @@ DO NOT FILE ISSUES FOR GENERAL SUPPORT QUESTIONS.
The issue tracker is for reporting bugs and feature requests only.
For end-user related support questions, please refer to one of the following:
- the Traefik community forum: https://community.containo.us/
- the Traefik community forum: https://community.traefik.io/
-->
@@ -17,7 +17,7 @@ Bug
<!--
The configurations between 1.X and 2.X are NOT compatible.
Please have a look here https://docs.traefik.io/v2.0/getting-started/configuration-overview/.
Please have a look here https://doc.traefik.io/traefik/getting-started/configuration-overview/.
-->

View File

@@ -1,82 +0,0 @@
---
name: Bug report
about: Create a report to help us improve
---
<!-- PLEASE FOLLOW THE ISSUE TEMPLATE TO HELP TRIAGE AND SUPPORT! -->
### Do you want to request a *feature* or report a *bug*?
<!--
DO NOT FILE ISSUES FOR GENERAL SUPPORT QUESTIONS.
The issue tracker is for reporting bugs and feature requests only.
For end-user related support questions, please refer to one of the following:
- the Traefik community forum: https://community.containo.us/
-->
Bug
<!--
The configurations between 1.X and 2.X are NOT compatible.
Please have a look here https://docs.traefik.io/v2.0/getting-started/configuration-overview/.
-->
### What did you do?
<!--
HOW TO WRITE A GOOD BUG REPORT?
- Respect the issue template as much as possible.
- The title should be short and descriptive.
- Explain the conditions which led you to report this issue: the context.
- The context should lead to something, an idea or a problem that youre facing.
- Remain clear and concise.
- Format your messages to help the reader focus on what matters and understand the structure of your message, use Markdown syntax https://help.github.com/articles/github-flavored-markdown
-->
### What did you expect to see?
### What did you see instead?
### Output of `traefik version`: (_What version of Traefik are you using?_)
<!--
`latest` is not considered as a valid version.
For the Traefik Docker image:
docker run [IMAGE] version
ex: docker run traefik version
-->
```
(paste your output here)
```
### What is your environment & configuration (arguments, toml, provider, platform, ...)?
```toml
# (paste your configuration here)
```
<!--
Add more configuration information here.
-->
### If applicable, please paste the log output in DEBUG level (`--log.level=DEBUG` switch)
```
(paste your output here)
```

View File

@@ -1,35 +0,0 @@
---
name: Feature request
about: Suggest an idea for this project
---
<!-- PLEASE FOLLOW THE ISSUE TEMPLATE TO HELP TRIAGE AND SUPPORT! -->
### Do you want to request a *feature* or report a *bug*?
<!--
DO NOT FILE ISSUES FOR GENERAL SUPPORT QUESTIONS.
The issue tracker is for reporting bugs and feature requests only.
For end-user related support questions, please refer to one of the following:
- the Traefik community forum: https://community.containo.us/
-->
Feature
### What did you expect to see?
<!--
HOW TO WRITE A GOOD ISSUE?
- Respect the issue template as much as possible.
- The title should be short and descriptive.
- Explain the conditions which led you to report this issue: the context.
- The context should lead to something, an idea or a problem that youre facing.
- Remain clear and concise.
- Format your messages to help the reader focus on what matters and understand the structure of your message, use Markdown syntax https://help.github.com/articles/github-flavored-markdown
-->

82
.github/ISSUE_TEMPLATE/bug_report.yml vendored Normal file
View File

@@ -0,0 +1,82 @@
name: Bug Report (Traefik)
description: Create a report to help us improve.
body:
- type: checkboxes
id: terms
attributes:
label: Welcome!
description: |
The issue tracker is for reporting bugs and feature requests only.
For end-user related support questions, please use the [Traefik community forum](https://community.traefik.io/).
All new/updated issues are triaged regularly by the maintainers.
All issues closed by a bot are subsequently double-checked by the maintainers.
DO NOT FILE ISSUES FOR GENERAL SUPPORT QUESTIONS.
options:
- label: Yes, I've searched similar issues on [GitHub](https://github.com/traefik/traefik/issues) and didn't find any.
required: true
- label: Yes, I've searched similar issues on the [Traefik community forum](https://community.traefik.io) and didn't find any.
required: true
- type: textarea
attributes:
label: What did you do?
description: |
How to write a good bug report?
- Respect the issue template as much as possible.
- The title should be short and descriptive.
- Explain the conditions which led you to report this issue: the context.
- The context should lead to something, an idea or a problem that youre facing.
- Remain clear and concise.
- Format your messages to help the reader focus on what matters and understand the structure of your message, use [Markdown syntax](https://help.github.com/articles/github-flavored-markdown)
placeholder: What did you do?
validations:
required: true
- type: textarea
attributes:
label: What did you see instead?
placeholder: What did you see instead?
validations:
required: true
- type: textarea
attributes:
label: What version of Traefik are you using?
description: |
`latest` is not considered as a valid version.
Output of `traefik version`.
For the Traefik Docker image (`docker run [IMAGE] version`), example:
```console
$ docker run traefik version
```
placeholder: Paste your output here.
validations:
required: true
- type: textarea
attributes:
label: What is your environment & configuration?
description: arguments, toml, provider, platform, ...
placeholder: Add information here.
value: |
```yaml
# (paste your configuration here)
```
Add more configuration information here.
validations:
required: true
- type: textarea
attributes:
label: If applicable, please paste the log output in DEBUG level
description: "`--log.level=DEBUG` switch."
placeholder: Paste your output here.
validations:
required: false

8
.github/ISSUE_TEMPLATE/config.yml vendored Normal file
View File

@@ -0,0 +1,8 @@
blank_issues_enabled: false
contact_links:
- name: Traefik Community Support
url: https://community.traefik.io/
about: If you have a question, or are looking for advice, please post on our Discuss forum! The community loves to chime in to help. Happy Coding!
- name: Traefik Helm Chart Issues
url: https://github.com/traefik/traefik-helm-chart
about: Are you submitting an issue or feature enhancement for the Traefik helm chart? Please post in the traefik-helm-chart GitHub Issues.

View File

@@ -0,0 +1,33 @@
name: Feature Request (Traefik)
description: Suggest an idea for this project.
body:
- type: checkboxes
id: terms
attributes:
label: Welcome!
description: |
The issue tracker is for reporting bugs and feature requests only. For end-user related support questions, please refer to one of the following:
- the Traefik community forum: https://community.traefik.io/
DO NOT FILE ISSUES FOR GENERAL SUPPORT QUESTIONS.
options:
- label: Yes, I've searched similar issues on [GitHub](https://github.com/traefik/traefik/issues) and didn't find any.
required: true
- label: Yes, I've searched similar issues on the [Traefik community forum](https://community.traefik.io) and didn't find any.
required: true
- type: textarea
attributes:
label: What did you expect to see?
description: |
How to write a good issue?
- Respect the issue template as much as possible.
- The title should be short and descriptive.
- Explain the conditions which led you to report this issue: the context.
- The context should lead to something, an idea or a problem that youre facing.
- Remain clear and concise.
- Format your messages to help the reader focus on what matters and understand the structure of your message, use [Markdown syntax](https://help.github.com/articles/github-flavored-markdown)
placeholder: What did you expect to see?
validations:
required: true

View File

@@ -2,18 +2,18 @@
PLEASE READ THIS MESSAGE.
Documentation fixes or enhancements:
- for Traefik v1: use branch v1.7
- for Traefik v2: use branch v2.0
- for Traefik v2: use branch v2.10
- for Traefik v3: use branch v3.0
Bug fixes:
- for Traefik v1: use branch v1.7
- for Traefik v2: use branch v2.0
- for Traefik v2: use branch v2.10
- for Traefik v3: use branch v3.0
Enhancements:
- for Traefik v1: we only accept bug fixes
- for Traefik v2: use branch master
- for Traefik v2: we only accept bug fixes
- for Traefik v3: use branch master
HOW TO WRITE A GOOD PULL REQUEST? https://docs.traefik.io/contributing/submitting-pull-requests/
HOW TO WRITE A GOOD PULL REQUEST? https://doc.traefik.io/traefik/contributing/submitting-pull-requests/
-->

79
.github/workflows/build.yaml vendored Normal file
View File

@@ -0,0 +1,79 @@
name: Build Binaries
on:
pull_request:
branches:
- '*'
env:
GO_VERSION: '1.21'
CGO_ENABLED: 0
IN_DOCKER: ""
jobs:
build-webui:
runs-on: ubuntu-20.04
steps:
- name: Check out code
uses: actions/checkout@v2
with:
fetch-depth: 0
- name: Build webui
run: |
make clean-webui generate-webui
tar czvf webui.tar.gz ./webui/static/
- name: Artifact webui
uses: actions/upload-artifact@v2
with:
name: webui.tar.gz
path: webui.tar.gz
build:
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ ubuntu-20.04, macos-latest, windows-latest ]
needs:
- build-webui
defaults:
run:
working-directory: ${{ github.workspace }}/go/src/github.com/traefik/traefik
steps:
- name: Set up Go ${{ env.GO_VERSION }}
uses: actions/setup-go@v2
with:
go-version: ${{ env.GO_VERSION }}
- name: Check out code
uses: actions/checkout@v2
with:
path: go/src/github.com/traefik/traefik
fetch-depth: 0
- name: Cache Go modules
uses: actions/cache@v3
with:
path: |
~/go/pkg/mod
~/.cache/go-build
~/Library/Caches/go-build
'%LocalAppData%\go-build'
key: ${{ runner.os }}-build-go-${{ hashFiles('**/go.sum') }}
restore-keys: ${{ runner.os }}-build-go-
- name: Artifact webui
uses: actions/download-artifact@v2
with:
name: webui.tar.gz
path: ${{ github.workspace }}/go/src/github.com/traefik/traefik
- name: Untar webui
run: tar xvf webui.tar.gz
- name: Build
run: make binary

25
.github/workflows/check_doc.yml vendored Normal file
View File

@@ -0,0 +1,25 @@
name: Check Documentation
on:
pull_request:
branches:
- '*'
jobs:
docs:
name: Check, verify and build documentation
runs-on: ubuntu-20.04
steps:
- name: Check out code
uses: actions/checkout@v2
with:
fetch-depth: 0
- name: Check documentation
run: make docs-pull-images docs
env:
# These variables are not passed to workflows that are triggered by a pull request from a fork.
DOCS_VERIFY_SKIP: ${{ vars.DOCS_VERIFY_SKIP }}
DOCS_LINT_SKIP: ${{ vars.DOCS_LINT_SKIP }}

64
.github/workflows/codeql.yml vendored Normal file
View File

@@ -0,0 +1,64 @@
name: "CodeQL"
on:
push:
branches:
- master
- v*
schedule:
- cron: '11 22 * * 1'
jobs:
analyze:
name: Analyze
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
security-events: write
strategy:
fail-fast: false
matrix:
language: [ 'javascript', 'go' ]
# CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
# Use only 'java' to analyze code written in Java, Kotlin or both
# Use only 'javascript' to analyze code written in JavaScript, TypeScript or both
# Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
steps:
- name: Checkout repository
uses: actions/checkout@v3
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file.
# By default, queries listed here will override any specified in a config file.
# Prefix the list here with "+" to use these queries and those in the config file.
# For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
# queries: security-extended,security-and-quality
# Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/autobuild@v2
# Command-line programs to run using the OS shell.
# 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
# If the Autobuild fails above, remove it and uncomment the following three lines.
# modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
# - run: |
# echo "Run, Build Application using script"
# ./location_of_script_within_repo/buildscript.sh
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2
with:
category: "/language:${{matrix.language}}"

52
.github/workflows/documentation.yml vendored Normal file
View File

@@ -0,0 +1,52 @@
name: Build and Publish Documentation
on:
push:
branches:
- master
- v*
env:
STRUCTOR_VERSION: v1.13.2
MIXTUS_VERSION: v0.4.1
jobs:
docs:
name: Doc Process
runs-on: ubuntu-20.04
if: github.repository == 'traefik/traefik'
steps:
- name: Check out code
uses: actions/checkout@v2
with:
fetch-depth: 0
- name: Login to DockerHub
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Install Structor ${{ env.STRUCTOR_VERSION }}
run: curl -sSfL https://raw.githubusercontent.com/traefik/structor/master/godownloader.sh | sh -s -- -b $HOME/bin ${STRUCTOR_VERSION}
- name: Install Seo-doc
run: curl -sSfL https://raw.githubusercontent.com/traefik/seo-doc/master/godownloader.sh | sh -s -- -b "${HOME}/bin"
- name: Install Mixtus ${{ env.MIXTUS_VERSION }}
run: curl -sSfL https://raw.githubusercontent.com/traefik/mixtus/master/godownloader.sh | sh -s -- -b $HOME/bin ${MIXTUS_VERSION}
- name: Build documentation
run: $HOME/bin/structor -o traefik -r traefik --dockerfile-url="https://raw.githubusercontent.com/traefik/traefik/v1.7/docs.Dockerfile" --menu.js-url="https://raw.githubusercontent.com/traefik/structor/master/traefik-menu.js.gotmpl" --rqts-url="https://raw.githubusercontent.com/traefik/structor/master/requirements-override.txt" --force-edit-url --exp-branch=master --debug
env:
STRUCTOR_LATEST_TAG: ${{ vars.STRUCTOR_LATEST_TAG }}
- name: Apply seo
run: $HOME/bin/seo -path=./site -product=traefik
- name: Publish documentation
run: $HOME/bin/mixtus --dst-doc-path="./traefik" --dst-owner=traefik --dst-repo-name=doc --git-user-email="30906710+traefiker@users.noreply.github.com" --git-user-name=traefiker --src-doc-path="./site" --src-owner=traefik --src-repo-name=traefik
env:
GITHUB_TOKEN: ${{ secrets.GH_TOKEN_REPO }}

37
.github/workflows/experimental.yaml vendored Normal file
View File

@@ -0,0 +1,37 @@
name: Build experimental image on branch
on:
push:
branches:
- master
- v*
jobs:
experimental:
if: github.repository == 'traefik/traefik'
name: Build experimental image on branch
runs-on: ubuntu-20.04
steps:
# https://github.com/marketplace/actions/checkout
- name: Check out code
uses: actions/checkout@v2
with:
fetch-depth: 0
- name: Branch name
run: echo ${GITHUB_REF##*/}
- name: Build docker experimental image
run: docker build -t traefik/traefik:experimental-${GITHUB_REF##*/} -f exp.Dockerfile .
- name: Login to Docker Hub
uses: docker/login-action@v1
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Push to Docker Hub
run: docker push traefik/traefik:experimental-${GITHUB_REF##*/}

46
.github/workflows/test-unit.yaml vendored Normal file
View File

@@ -0,0 +1,46 @@
name: Test Unit
on:
pull_request:
branches:
- '*'
env:
GO_VERSION: '1.21'
IN_DOCKER: ""
jobs:
test-unit:
runs-on: ubuntu-20.04
defaults:
run:
working-directory: ${{ github.workspace }}/go/src/github.com/traefik/traefik
steps:
- name: Set up Go ${{ env.GO_VERSION }}
uses: actions/setup-go@v2
with:
go-version: ${{ env.GO_VERSION }}
- name: Check out code
uses: actions/checkout@v2
with:
path: go/src/github.com/traefik/traefik
fetch-depth: 0
- name: Cache Go modules
uses: actions/cache@v3
with:
path: |
~/go/pkg/mod
~/.cache/go-build
key: ${{ runner.os }}-test-unit-go-${{ hashFiles('**/go.sum') }}
restore-keys: ${{ runner.os }}-test-unit-go-
- name: Avoid generating webui
run: touch webui/static/index.html
- name: Tests
run: make test-unit

97
.github/workflows/validate.yaml vendored Normal file
View File

@@ -0,0 +1,97 @@
name: Validate
on:
pull_request:
branches:
- '*'
env:
GO_VERSION: '1.21'
GOLANGCI_LINT_VERSION: v1.54.1
MISSSPELL_VERSION: v0.4.0
IN_DOCKER: ""
jobs:
validate:
runs-on: ubuntu-20.04
defaults:
run:
working-directory: ${{ github.workspace }}/go/src/github.com/traefik/traefik
steps:
- name: Set up Go ${{ env.GO_VERSION }}
uses: actions/setup-go@v2
with:
go-version: ${{ env.GO_VERSION }}
- name: Check out code
uses: actions/checkout@v2
with:
path: go/src/github.com/traefik/traefik
fetch-depth: 0
- name: Cache Go modules
uses: actions/cache@v3
with:
path: |
~/go/pkg/mod
~/.cache/go-build
key: ${{ runner.os }}-validate-go-${{ hashFiles('**/go.sum') }}
restore-keys: ${{ runner.os }}-validate-go-
- name: Install golangci-lint ${{ env.GOLANGCI_LINT_VERSION }}
run: curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin ${GOLANGCI_LINT_VERSION}
- name: Install missspell ${{ env.MISSSPELL_VERSION }}
run: curl -sfL https://raw.githubusercontent.com/golangci/misspell/master/install-misspell.sh | sh -s -- -b $(go env GOPATH)/bin ${MISSSPELL_VERSION}
- name: Avoid generating webui
run: touch webui/static/index.html
- name: Validate
run: make validate
validate-generate:
runs-on: ubuntu-20.04
defaults:
run:
working-directory: ${{ github.workspace }}/go/src/github.com/traefik/traefik
steps:
- name: Set up Go ${{ env.GO_VERSION }}
uses: actions/setup-go@v2
with:
go-version: ${{ env.GO_VERSION }}
- name: Check out code
uses: actions/checkout@v2
with:
path: go/src/github.com/traefik/traefik
fetch-depth: 0
- name: Cache Go modules
uses: actions/cache@v3
with:
path: |
~/go/pkg/mod
~/.cache/go-build
key: ${{ runner.os }}-validate-generate-go-${{ hashFiles('**/go.sum') }}
restore-keys: ${{ runner.os }}-validate-generate-go-
- name: go generate
run: |
go generate
git diff --exit-code
- name: go mod tidy
run: |
go mod tidy
git diff --exit-code
- name: make generate-crd
run: |
make generate-crd
git diff --exit-code

5
.gitignore vendored
View File

@@ -7,7 +7,6 @@
/webui/.tmp/
/site/
/docs/site/
/static/
/autogen/
/traefik
/traefik.toml
@@ -16,3 +15,7 @@
*.exe
cover.out
vendor/
plugins-storage/
plugins-local/
traefik_changelog.md
integration/tailscale.secret

View File

@@ -1,97 +0,0 @@
[run]
timeout = "10m"
skip-files = []
skip-dirs = [
"pkg/provider/kubernetes/crd/generated/",
]
[linters-settings]
[linters-settings.govet]
check-shadowing = false
[linters-settings.golint]
min-confidence = 0.0
[linters-settings.gocyclo]
min-complexity = 14.0
[linters-settings.maligned]
suggest-new = true
[linters-settings.goconst]
min-len = 3.0
min-occurrences = 4.0
[linters-settings.misspell]
locale = "US"
[linters-settings.funlen]
lines = 230 # default 60
statements = 120 # default 40
[linters]
enable-all = true
disable = [
"gocyclo", # FIXME must be fixed
"gosec",
"dupl",
"maligned",
"lll",
"unparam",
"prealloc",
"scopelint",
"gochecknoinits",
"gochecknoglobals",
"godox",
"gocognit",
"bodyclose", # Too many false-positive and panics.
"wsl", # Too strict
"stylecheck", # skip because report issues related to some generated files.
]
[issues]
exclude-use-default = false
max-per-linter = 0
max-same-issues = 0
exclude = [
"SA1019: http.CloseNotifier is deprecated: the CloseNotifier interface predates Go's context package. New code should use Request.Context instead.", # FIXME must be fixed
"Error return value of .((os\\.)?std(out|err)\\..*|.*Close|.*Flush|os\\.Remove(All)?|.*printf?|os\\.(Un)?Setenv). is not checked",
"should have a package comment, unless it's in another file for this package",
]
[[issues.exclude-rules]]
path = "(.+)_test.go"
linters = ["goconst", "funlen"]
[[issues.exclude-rules]]
path = "integration/.+_test.go"
text = "Error return value of `cmd\\.Process\\.Kill` is not checked"
[[issues.exclude-rules]]
path = "integration/(consul_catalog_test|constraint_test).go"
text = "Error return value of `(s.deregisterService|s.deregisterAgentService)` is not checked"
[[issues.exclude-rules]]
path = "integration/grpc_test.go"
text = "Error return value of `closer` is not checked"
[[issues.exclude-rules]]
path = "pkg/h2c/h2c.go"
text = "Error return value of `rw.Write` is not checked"
[[issues.exclude-rules]]
path = "pkg/middlewares/recovery/recovery.go"
text = "`logger` can be `github.com/stretchr/testify/assert.TestingT`"
[[issues.exclude-rules]]
path = "pkg/provider/docker/builder_test.go"
text = "(U1000: func )?`(.+)` is unused"
[[issues.exclude-rules]]
path = "pkg/provider/kubernetes/builder_(endpoint|service)_test.go"
text = "(U1000: func )?`(.+)` is unused"
[[issues.exclude-rules]]
path = "pkg/config/parser/.+_test.go"
text = "U1000: field `(foo|fuu)` is unused"
[[issues.exclude-rules]]
path = "pkg/server/service/bufferpool.go"
text = "SA6002: argument should be pointer-like to avoid allocations"
[[issues.exclude-rules]]
path = "cmd/configuration.go"
text = "string `traefik` has (\\d) occurrences, make it a constant"
[[issues.exclude-rules]] # FIXME must be fixed
path = "cmd/context.go"
text = "S1000: should use a simple channel send/receive instead of `select` with a single case"

266
.golangci.yml Normal file
View File

@@ -0,0 +1,266 @@
run:
timeout: 10m
skip-files: []
skip-dirs:
- pkg/provider/kubernetes/crd/generated/
linters-settings:
govet:
enable-all: true
disable:
- shadow
- fieldalignment
gocyclo:
min-complexity: 14
goconst:
min-len: 3
min-occurrences: 4
misspell:
locale: US
funlen:
lines: -1
statements: 120
forbidigo:
forbid:
- ^print(ln)?$
- ^spew\.Print(f|ln)?$
- ^spew\.Dump$
depguard:
rules:
main:
deny:
- pkg: "github.com/instana/testify"
desc: not allowed
- pkg: "github.com/pkg/errors"
desc: Should be replaced by standard lib errors package
- pkg: "k8s.io/api/networking/v1beta1"
desc: This API is deprecated
- pkg: "k8s.io/api/extensions/v1beta1"
desc: This API is deprecated
godox:
keywords:
- FIXME
importas:
no-unaliased: true
alias:
- alias: composeapi
pkg: github.com/docker/compose/v2/pkg/api
# Standard Kubernetes rewrites:
- alias: corev1
pkg: "k8s.io/api/core/v1"
- alias: netv1
pkg: "k8s.io/api/networking/v1"
- alias: admv1
pkg: "k8s.io/api/admission/v1"
- alias: admv1beta1
pkg: "k8s.io/api/admission/v1beta1"
- alias: metav1
pkg: "k8s.io/apimachinery/pkg/apis/meta/v1"
- alias: ktypes
pkg: "k8s.io/apimachinery/pkg/types"
- alias: kerror
pkg: "k8s.io/apimachinery/pkg/api/errors"
- alias: kclientset
pkg: "k8s.io/client-go/kubernetes"
- alias: kinformers
pkg: "k8s.io/client-go/informers"
- alias: ktesting
pkg: "k8s.io/client-go/testing"
- alias: kschema
pkg: "k8s.io/apimachinery/pkg/runtime/schema"
- alias: kscheme
pkg: "k8s.io/client-go/kubernetes/scheme"
- alias: kversion
pkg: "k8s.io/apimachinery/pkg/version"
- alias: kubefake
pkg: "k8s.io/client-go/kubernetes/fake"
- alias: discoveryfake
pkg: "k8s.io/client-go/discovery/fake"
# Kubernetes Gateway rewrites:
- alias: gateclientset
pkg: "sigs.k8s.io/gateway-api/pkg/client/clientset/gateway/versioned"
- alias: gateinformers
pkg: "sigs.k8s.io/gateway-api/pkg/client/informers/gateway/externalversions"
- alias: gatev1alpha2
pkg: "sigs.k8s.io/gateway-api/apis/v1alpha2"
# Traefik Kubernetes rewrites:
- alias: containousv1alpha1
pkg: "github.com/traefik/traefik/v3/pkg/provider/kubernetes/crd/traefikcontainous/v1alpha1"
- alias: traefikv1alpha1
pkg: "github.com/traefik/traefik/v3/pkg/provider/kubernetes/crd/traefikio/v1alpha1"
- alias: traefikclientset
pkg: "github.com/traefik/traefik/v3/pkg/provider/kubernetes/crd/generated/clientset/versioned"
- alias: traefikinformers
pkg: "github.com/traefik/traefik/v3/pkg/provider/kubernetes/crd/generated/informers/externalversions"
- alias: traefikscheme
pkg: "github.com/traefik/traefik/v3/pkg/provider/kubernetes/crd/generated/clientset/versioned/scheme"
- alias: traefikcrdfake
pkg: "github.com/traefik/traefik/v3/pkg/provider/kubernetes/crd/generated/clientset/versioned/fake"
tagalign:
align: false
sort: true
order:
- description
- json
- toml
- yaml
- yml
- label
- label-slice-as-struct
- file
- kv
- export
revive:
rules:
- name: struct-tag
- name: blank-imports
- name: context-as-argument
- name: context-keys-type
- name: dot-imports
- name: error-return
- name: error-strings
- name: error-naming
- name: exported
disabled: true
- name: if-return
- name: increment-decrement
- name: var-naming
- name: var-declaration
- name: package-comments
disabled: true
- name: range
- name: receiver-naming
- name: time-naming
- name: unexported-return
- name: indent-error-flow
- name: errorf
- name: empty-block
- name: superfluous-else
- name: unused-parameter
disabled: true
- name: unreachable-code
- name: redefines-builtin-id
gomoddirectives:
replace-allow-list:
- github.com/abbot/go-http-auth
- github.com/go-check/check
- github.com/gorilla/mux
- github.com/mailgun/minheap
- github.com/mailgun/multibuf
- github.com/jaguilar/vt100
linters:
enable-all: true
disable:
- deadcode # deprecated
- exhaustivestruct # deprecated
- golint # deprecated
- ifshort # deprecated
- interfacer # deprecated
- maligned # deprecated
- nosnakecase # deprecated
- scopelint # deprecated
- scopelint # deprecated
- structcheck # deprecated
- varcheck # deprecated
- sqlclosecheck # not relevant (SQL)
- rowserrcheck # not relevant (SQL)
- execinquery # not relevant (SQL)
- cyclop # duplicate of gocyclo
- lll # Not relevant
- gocyclo # FIXME must be fixed
- gocognit # Too strict
- nestif # Too many false-positive.
- prealloc # Too many false-positive.
- makezero # Not relevant
- dupl # Too strict
- gosec # Too strict
- gochecknoinits
- gochecknoglobals
- wsl # Too strict
- nlreturn # Not relevant
- gomnd # Too strict
- stylecheck # skip because report issues related to some generated files.
- testpackage # Too strict
- tparallel # Not relevant
- paralleltest # Not relevant
- exhaustive # Not relevant
- exhaustruct # Not relevant
- goerr113 # Too strict
- wrapcheck # Too strict
- noctx # Too strict
- bodyclose # too many false-positive
- forcetypeassert # Too strict
- tagliatelle # Too strict
- varnamelen # Not relevant
- nilnil # Not relevant
- ireturn # Not relevant
- contextcheck # too many false-positive
- containedctx # too many false-positive
- maintidx # kind of duplicate of gocyclo
- nonamedreturns # Too strict
- gosmopolitan # not relevant
issues:
exclude-use-default: false
max-per-linter: 0
max-same-issues: 0
exclude:
- 'Error return value of .((os\.)?std(out|err)\..*|.*Close|.*Flush|os\.Remove(All)?|.*printf?|os\.(Un)?Setenv). is not checked'
- "should have a package comment, unless it's in another file for this package"
exclude-rules:
- path: '(.+)_test.go'
linters:
- goconst
- funlen
- godot
- path: '(.+)_test.go'
text: ' always receives '
linters:
- unparam
- path: '(.+)\.go'
text: 'struct-tag: unknown option ''inline'' in JSON tag'
linters:
- revive
- path: pkg/server/service/bufferpool.go
text: 'SA6002: argument should be pointer-like to avoid allocations'
- path: pkg/server/middleware/middlewares.go
text: "Function 'buildConstructor' has too many statements"
linters:
- funlen
- path: pkg/logs/haystack.go
linters:
- goprintffuncname
- path: pkg/tracing/tracing.go
text: "printf-like formatting function 'SetErrorWithEvent' should be named 'SetErrorWithEventf'"
linters:
- goprintffuncname
- path: pkg/tls/tlsmanager_test.go
text: 'SA1019: config.ClientCAs.Subjects has been deprecated since Go 1.18'
- path: pkg/types/tls_test.go
text: 'SA1019: tlsConfig.RootCAs.Subjects has been deprecated since Go 1.18'
- path: pkg/provider/kubernetes/(crd|gateway)/client.go
linters:
- interfacebloat
- path: pkg/metrics/metrics.go
linters:
- interfacebloat
- path: integration/healthcheck_test.go
text: 'Duplicate words \(wsp2,\) found'
linters:
- dupword
- path: pkg/types/domain_test.go
text: 'Duplicate words \(sub\) found'
linters:
- dupword
- path: pkg/provider/kubernetes/crd/kubernetes.go
text: "Function 'loadConfigurationFromCRD' has too many statements"
linters:
- funlen
- path: pkg/provider/kubernetes/gateway/client_mock_test.go
text: 'unusedwrite: unused write to field'
linters:
- govet

View File

@@ -1,41 +1,49 @@
project_name: traefik
dist: "./dist/[[ .GOOS ]]"
[[ if eq .GOOS "linux" ]]
before:
hooks:
- go generate
[[ end ]]
builds:
- binary: traefik
main: ./cmd/traefik/traefik.go
main: ./cmd/traefik/
env:
- CGO_ENABLED=0
ldflags:
- -s -w -X github.com/containous/traefik/v2/pkg/version.Version={{.Version}} -X github.com/containous/traefik/v2/pkg/version.Codename={{.Env.CODENAME}} -X github.com/containous/traefik/v2/pkg/version.BuildDate={{.Date}}
- -s -w -X github.com/traefik/traefik/v3/pkg/version.Version={{.Version}} -X github.com/traefik/traefik/v3/pkg/version.Codename={{.Env.CODENAME}} -X github.com/traefik/traefik/v3/pkg/version.BuildDate={{.Date}}
flags:
- -trimpath
goos:
- linux
- darwin
- windows
- freebsd
- openbsd
- "[[ .GOOS ]]"
goarch:
- amd64
- 386
- '386'
- arm
- arm64
- ppc64le
- s390x
- riscv64
goarm:
- 7
- 6
- 5
- '7'
- '6'
ignore:
- goos: darwin
goarch: 386
goarch: '386'
- goos: openbsd
goarch: arm
- goos: openbsd
goarch: arm64
- goos: freebsd
goarch: arm
- goos: freebsd
goarch: arm64
- goos: windows
goarch: arm
changelog:
skip: true

83
.semaphore/semaphore.yml Normal file
View File

@@ -0,0 +1,83 @@
version: v1.0
name: Traefik
agent:
machine:
type: e1-standard-4
os_image: ubuntu2004
fail_fast:
stop:
when: "branch != 'master'"
auto_cancel:
queued:
when: "branch != 'master'"
running:
when: "branch != 'master'"
global_job_config:
prologue:
commands:
- curl -sSfL https://raw.githubusercontent.com/ldez/semgo/master/godownloader.sh | sudo sh -s -- -b "/usr/local/bin"
- sudo semgo go1.21
- export "GOPATH=$(go env GOPATH)"
- export "SEMAPHORE_GIT_DIR=${GOPATH}/src/github.com/traefik/${SEMAPHORE_PROJECT_NAME}"
- export "PATH=${GOPATH}/bin:${PATH}"
- mkdir -vp "${SEMAPHORE_GIT_DIR}" "${GOPATH}/bin"
- export GOPROXY=https://proxy.golang.org,direct
- curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b "${GOPATH}/bin" v1.54.1
- curl -sSfL https://gist.githubusercontent.com/traefiker/6d7ac019c11d011e4f131bb2cca8900e/raw/goreleaser.sh | bash -s -- -b "${GOPATH}/bin"
- checkout
- cache restore traefik-$(checksum go.sum)
blocks:
- name: Test Integration
dependencies: []
run:
when: "branch =~ '.*' OR pull_request =~'.*'"
task:
jobs:
- name: Test Integration
commands:
- make pull-images
- touch webui/static/index.html # Avoid generating webui
- IN_DOCKER="" make binary
- make test-integration
- df -h
epilogue:
always:
commands:
- cache store traefik-$(checksum go.sum) $HOME/go/pkg/mod
- name: Release
dependencies: []
run:
when: "tag =~ '.*'"
task:
agent:
machine:
type: e1-standard-8
os_image: ubuntu2004
secrets:
- name: traefik
env_vars:
- name: GH_VERSION
value: 2.32.1
- name: CODENAME
value: "beaufort"
- name: IN_DOCKER
value: ""
prologue:
commands:
- export VERSION=${SEMAPHORE_GIT_TAG_NAME}
- curl -sSL -o /tmp/gh_${GH_VERSION}_linux_amd64.tar.gz https://github.com/cli/cli/releases/download/v${GH_VERSION}/gh_${GH_VERSION}_linux_amd64.tar.gz
- tar -zxvf /tmp/gh_${GH_VERSION}_linux_amd64.tar.gz -C /tmp
- sudo mv /tmp/gh_${GH_VERSION}_linux_amd64/bin/gh /usr/local/bin/gh
- sudo rm -rf ~/.phpbrew ~/.kerl ~/.sbt ~/.nvm ~/.npm ~/.kiex /usr/lib/jvm /opt/az /opt/firefox /usr/lib/google-cloud-sdk ~/.rbenv ~/.pip_download_cache # Remove unnecessary data.
- sudo service docker stop && sudo umount /var/lib/docker && sudo service docker start # Unmounts the docker disk and the whole system disk is usable.
jobs:
- name: Release
commands:
- make release-packages
- gh release create ${SEMAPHORE_GIT_TAG_NAME} ./dist/**/traefik*.{zip,tar.gz} ./dist/traefik*.{tar.gz,txt} --repo traefik/traefik --title ${SEMAPHORE_GIT_TAG_NAME} --notes ${SEMAPHORE_GIT_TAG_NAME}
- ./script/deploy.sh

View File

@@ -1,4 +0,0 @@
#!/usr/bin/env bash
set -e
sudo rm -rf static

View File

@@ -1,20 +0,0 @@
#!/usr/bin/env bash
set -e
curl -O https://dl.google.com/go/go"${GO_VERSION}".linux-amd64.tar.gz
tar -xvf go"${GO_VERSION}".linux-amd64.tar.gz
rm -rf go"${GO_VERSION}".linux-amd64.tar.gz
sudo mkdir -p /usr/local/golang/"${GO_VERSION}"/go
sudo mv go /usr/local/golang/"${GO_VERSION}"/
sudo rm /usr/local/bin/go
sudo chmod +x /usr/local/golang/"${GO_VERSION}"/go/bin/go
sudo ln -s /usr/local/golang/"${GO_VERSION}"/go/bin/go /usr/local/bin/go
export GOROOT="/usr/local/golang/${GO_VERSION}/go"
export GOTOOLDIR="/usr/local/golang/${GO_VERSION}/go/pkg/tool/linux_amd64"
go version

View File

@@ -1,6 +0,0 @@
#!/usr/bin/env bash
set -e
if [ -n "$SHOULD_TEST" ]; then ci_retry make pull-images; fi
if [ -n "$SHOULD_TEST" ]; then ci_retry make test-integration; fi

View File

@@ -1,8 +0,0 @@
#!/usr/bin/env bash
set -e
ci_retry make validate
if [ -n "$SHOULD_TEST" ]; then ci_retry make test-unit; fi
if [ -n "$SHOULD_TEST" ]; then make -j"${N_MAKE_JOBS}" crossbinary-default-parallel; fi

View File

@@ -1,35 +0,0 @@
# For personnal CI
# mv /home/runner/workspace/src/github.com/<username>/ /home/runner/workspace/src/github.com/containous/
# cd /home/runner/workspace/src/github.com/containous/traefik/
for s in apache2 cassandra elasticsearch memcached mysql mongod postgresql sphinxsearch rethinkdb rabbitmq-server redis-server; do sudo service $s stop; done
sudo swapoff -a
sudo dd if=/dev/zero of=/swapfile bs=1M count=3072
sudo mkswap /swapfile
sudo swapon /swapfile
sudo rm -rf /home/runner/.rbenv
sudo rm -rf /usr/local/golang/{1.4.3,1.5.4,1.6.4,1.7.6,1.8.6,1.9.7,1.10.3,1.11}
#export DOCKER_VERSION=18.06.3
source .semaphoreci/vars
if [ -z "${PULL_REQUEST_NUMBER}" ]; then SHOULD_TEST="-*-"; else TEMP_STORAGE=$(curl --silent https://patch-diff.githubusercontent.com/raw/containous/traefik/pull/${PULL_REQUEST_NUMBER}.diff | patch --dry-run -p1 -R || true); fi
echo ${SHOULD_TEST}
if [ -n "$TEMP_STORAGE" ]; then SHOULD_TEST=$(echo "$TEMP_STORAGE" | grep -Ev '(.md|.yaml|.yml)' || :); fi
echo ${TEMP_STORAGE}
echo ${SHOULD_TEST}
#if [ -n "$SHOULD_TEST" ]; then sudo -E apt-get -yq update; fi
#if [ -n "$SHOULD_TEST" ]; then sudo -E apt-get -yq --no-install-suggests --no-install-recommends --force-yes install docker-ce=${DOCKER_VERSION}*; fi
if [ -n "$SHOULD_TEST" ]; then docker version; fi
export GO_VERSION=1.12
if [ -f "./go.mod" ]; then GO_VERSION="$(grep '^go .*' go.mod | awk '{print $2}')"; export GO_VERSION; fi
#if [ "${GO_VERSION}" == '1.13' ]; then export GO_VERSION=1.13rc2; fi
echo "Selected Go version: ${GO_VERSION}"
if [ -f "./.semaphoreci/golang.sh" ]; then ./.semaphoreci/golang.sh; fi
if [ -f "./.semaphoreci/golang.sh" ]; then export GOROOT="/usr/local/golang/${GO_VERSION}/go"; fi
if [ -f "./.semaphoreci/golang.sh" ]; then export GOTOOLDIR="/usr/local/golang/${GO_VERSION}/go/pkg/tool/linux_amd64"; fi
go version
if [ -f "./go.mod" ]; then export GO111MODULE=on; fi
if [ -f "./go.mod" ]; then export GOPROXY=https://proxy.golang.org; fi
if [ -f "./go.mod" ]; then go mod download; fi
df

View File

@@ -1,36 +0,0 @@
#!/usr/bin/env bash
set -e
export REPO='containous/traefik'
if VERSION=$(git describe --exact-match --abbrev=0 --tags);
then
export VERSION
else
export VERSION=''
fi
export CODENAME=montdor
export N_MAKE_JOBS=2
function ci_retry {
local NRETRY=3
local NSLEEP=5
local n=0
until [ $n -ge $NRETRY ]
do
"$@" && break
n=$((n+1))
echo "${*} failed, attempt ${n}/${NRETRY}"
sleep $NSLEEP
done
[ $n -lt $NRETRY ]
}
export -f ci_retry

View File

@@ -1,58 +0,0 @@
sudo: required
dist: trusty
git:
depth: false
services:
- docker
env:
global:
- REPO=$TRAVIS_REPO_SLUG
- VERSION=$TRAVIS_TAG
- CODENAME=montdor
- GO111MODULE=on
script:
- echo "Skipping tests... (Tests are executed on SemaphoreCI)"
- if [ "$TRAVIS_PULL_REQUEST" != "false" ]; then make docs; fi
before_deploy:
- >
if ! [ "$BEFORE_DEPLOY_RUN" ]; then
export BEFORE_DEPLOY_RUN=1;
sudo -E apt-get -yq update;
sudo -E apt-get -yq --no-install-suggests --no-install-recommends --force-yes install docker-ce=${DOCKER_VERSION}*;
docker version;
make build-image;
if [ "$TRAVIS_TAG" ]; then
make release-packages;
fi;
curl -sfL https://raw.githubusercontent.com/containous/structor/master/godownloader.sh | bash -s -- -b "${GOPATH}/bin" ${STRUCTOR_VERSION}
structor -o containous -r traefik --dockerfile-url="https://raw.githubusercontent.com/containous/traefik/v1.7/docs.Dockerfile" --menu.js-url="https://raw.githubusercontent.com/containous/structor/master/traefik-menu.js.gotmpl" --rqts-url="https://raw.githubusercontent.com/containous/structor/master/requirements-override.txt" --force-edit-url --exp-branch=master --debug;
fi
deploy:
- provider: releases
api_key: ${GITHUB_TOKEN}
file: dist/traefik*
skip_cleanup: true
file_glob: true
on:
repo: containous/traefik
tags: true
- provider: script
script: sh script/deploy.sh
skip_cleanup: true
on:
repo: containous/traefik
tags: true
- provider: pages
edge: false
github_token: ${GITHUB_TOKEN}
local_dir: site
skip_cleanup: true
on:
repo: containous/traefik
all_branches: true

Binary file not shown.

File diff suppressed because it is too large Load Diff

View File

@@ -2,7 +2,7 @@
## Our Pledge
In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience,nationality, personal appearance, race, religion, or sexual identity and orientation.
In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation.
## Our Standards
@@ -30,15 +30,19 @@ Project maintainers have the right and responsibility to remove, edit, or reject
## Scope
This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community.
Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event.
This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or our community.
Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event.
Representation of a project may be further defined and clarified by project maintainers.
## Enforcement
Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project team at contact@containo.us
All complaints will be reviewed and investigated and will result in a response that is deemed necessary and appropriate to the circumstances.
The project team is obligated to maintain confidentiality with regard to the reporter of an incident.
Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project team at contact@traefik.io
All complaints will be reviewed and investigated and will result in a response that is deemed necessary and appropriate to the circumstances.
The project team is obligated to maintain confidentiality with regard to the reporter of an incident.
Further details of specific enforcement policies may be posted separately.
Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership.
@@ -48,4 +52,4 @@ Project maintainers who do not follow or enforce the Code of Conduct in good fai
This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, available at [http://contributor-covenant.org/version/1/4][version]
[homepage]: http://contributor-covenant.org
[version]: http://contributor-covenant.org/version/1/4/
[version]: http://contributor-covenant.org/version/1/4/

View File

@@ -1,4 +1,11 @@
# Contributing
- https://docs.traefik.io/contributing/submitting-pull-requests/
- https://docs.traefik.io/contributing/submitting-issues/
Here are some guidelines that should help to start contributing to the project.
- [Submitting pull Requests](https://doc.traefik.io/traefik/contributing/submitting-pull-requests/)
- [Submitting issues](https://doc.traefik.io/traefik/contributing/submitting-issues/)
- [Submitting security issues](https://doc.traefik.io/traefik/contributing/submitting-security-issues/)
- [Advocating for Traefik](https://doc.traefik.io/traefik/contributing/advocating/)
- [Triage Process](https://github.com/traefik/contributors-guide/blob/master/issue_triage.md)
If you are willing to become a maintainer of the project, please take a look at the [maintainers guidelines](docs/content/contributing/maintainers-guidelines.md).

View File

@@ -1,6 +1,6 @@
The MIT License (MIT)
Copyright (c) 2016-2018 Containous SAS
Copyright (c) 2016-2020 Containous SAS; 2020-2023 Traefik Labs
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal

176
Makefile
View File

@@ -1,5 +1,3 @@
.PHONY: all docs docs-serve
SRCS = $(shell git ls-files '*.go' | grep -v '^vendor/')
TAG_NAME := $(shell git tag -l --contains HEAD)
@@ -7,17 +5,16 @@ SHA := $(shell git rev-parse HEAD)
VERSION_GIT := $(if $(TAG_NAME),$(TAG_NAME),$(SHA))
VERSION := $(if $(VERSION),$(VERSION),$(VERSION_GIT))
BIND_DIR := "dist"
GIT_BRANCH := $(subst heads/,,$(shell git rev-parse --abbrev-ref HEAD 2>/dev/null))
TRAEFIK_DEV_IMAGE := traefik-dev$(if $(GIT_BRANCH),:$(subst /,-,$(GIT_BRANCH)))
REPONAME := $(shell echo $(REPO) | tr '[:upper:]' '[:lower:]')
TRAEFIK_IMAGE := $(if $(REPONAME),$(REPONAME),"containous/traefik")
TRAEFIK_IMAGE := $(if $(REPONAME),$(REPONAME),"traefik/traefik")
INTEGRATION_OPTS := $(if $(MAKE_DOCKER_HOST),-e "DOCKER_HOST=$(MAKE_DOCKER_HOST)", -e "TEST_CONTAINER=1" -v "/var/run/docker.sock:/var/run/docker.sock")
INTEGRATION_OPTS := $(if $(MAKE_DOCKER_HOST),-e "DOCKER_HOST=$(MAKE_DOCKER_HOST)",-v "/var/run/docker.sock:/var/run/docker.sock")
DOCKER_BUILD_ARGS := $(if $(DOCKER_VERSION), "--build-arg=DOCKER_VERSION=$(DOCKER_VERSION)",)
# only used when running in docker
TRAEFIK_ENVS := \
-e OS_ARCH_ARG \
-e OS_PLATFORM_ARG \
@@ -27,124 +24,193 @@ TRAEFIK_ENVS := \
-e CODENAME \
-e TESTDIRS \
-e CI \
-e CONTAINER=DOCKER # Indicator for integration tests that we are running inside a container.
-e IN_DOCKER=true # Indicator for integration tests that we are running inside a container.
TRAEFIK_MOUNT := -v "$(CURDIR)/$(BIND_DIR):/go/src/github.com/containous/traefik/$(BIND_DIR)"
TRAEFIK_MOUNT := -v "$(CURDIR)/dist:/go/src/github.com/traefik/traefik/dist"
DOCKER_RUN_OPTS := $(TRAEFIK_ENVS) $(TRAEFIK_MOUNT) "$(TRAEFIK_DEV_IMAGE)"
DOCKER_RUN_TRAEFIK := docker run $(INTEGRATION_OPTS) -it $(DOCKER_RUN_OPTS)
DOCKER_RUN_TRAEFIK_NOTTY := docker run $(INTEGRATION_OPTS) -i $(DOCKER_RUN_OPTS)
DOCKER_NON_INTERACTIVE ?= false
DOCKER_RUN_TRAEFIK := docker run $(INTEGRATION_OPTS) $(if $(DOCKER_NON_INTERACTIVE), , -it) $(DOCKER_RUN_OPTS)
DOCKER_RUN_TRAEFIK_TEST := docker run --add-host=host.docker.internal:127.0.0.1 --rm --name=traefik --network traefik-test-network -v $(PWD):$(PWD) -w $(PWD) $(INTEGRATION_OPTS) $(if $(DOCKER_NON_INTERACTIVE), , -it) $(DOCKER_RUN_OPTS)
DOCKER_RUN_TRAEFIK_NOTTY := docker run $(INTEGRATION_OPTS) $(if $(DOCKER_NON_INTERACTIVE), , -i) $(DOCKER_RUN_OPTS)
PRE_TARGET ?= build-dev-image
IN_DOCKER ?= true
.PHONY: default
default: binary
## Build Dev Docker image
build-dev-image: dist
docker build $(DOCKER_BUILD_ARGS) -t "$(TRAEFIK_DEV_IMAGE)" -f build.Dockerfile .
## Build Dev Docker image without cache
build-dev-image-no-cache: dist
docker build --no-cache -t "$(TRAEFIK_DEV_IMAGE)" -f build.Dockerfile .
## Create the "dist" directory
dist:
mkdir dist
mkdir -p dist
## Build Dev Docker image
.PHONY: build-dev-image
build-dev-image: dist
ifneq ("$(IN_DOCKER)", "")
docker build $(DOCKER_BUILD_ARGS) -t "$(TRAEFIK_DEV_IMAGE)" --build-arg HOST_PWD="$(PWD)" -f build.Dockerfile .
endif
## Build Dev Docker image without cache
.PHONY: build-dev-image-no-cache
build-dev-image-no-cache: dist
ifneq ("$(IN_DOCKER)", "")
docker build $(DOCKER_BUILD_ARGS) --no-cache -t "$(TRAEFIK_DEV_IMAGE)" --build-arg HOST_PWD="$(PWD)" -f build.Dockerfile .
endif
## Build WebUI Docker image
.PHONY: build-webui-image
build-webui-image:
docker build -t traefik-webui -f webui/Dockerfile webui
## Clean WebUI static generated assets
.PHONY: clean-webui
clean-webui:
rm -r webui/static
mkdir -p webui/static
printf 'For more information see `webui/readme.md`' > webui/static/DONT-EDIT-FILES-IN-THIS-DIRECTORY.md
## Generate WebUI
generate-webui: build-webui-image
if [ ! -d "static" ]; then \
mkdir -p static; \
docker run --rm -v "$$PWD/static":'/src/static' traefik-webui npm run build:nc; \
docker run --rm -v "$$PWD/static":'/src/static' traefik-webui chown -R $(shell id -u):$(shell id -g) ../static; \
echo 'For more informations show `webui/readme.md`' > $$PWD/static/DONT-EDIT-FILES-IN-THIS-DIRECTORY.md; \
fi
webui/static/index.html:
$(MAKE) build-webui-image
docker run --rm -v "$(PWD)/webui/static":'/src/webui/static' traefik-webui npm run build:nc
docker run --rm -v "$(PWD)/webui/static":'/src/webui/static' traefik-webui chown -R $(shell id -u):$(shell id -g) ./static
## Build the linux binary
binary: generate-webui $(PRE_TARGET)
$(if $(PRE_TARGET),$(DOCKER_RUN_TRAEFIK)) ./script/make.sh generate binary
.PHONY: generate-webui
generate-webui: webui/static/index.html
## Build the binary for the standard plaforms (linux, darwin, windows)
## Build the binary
.PHONY: binary
binary: generate-webui build-dev-image
$(if $(IN_DOCKER),$(DOCKER_RUN_TRAEFIK)) ./script/make.sh generate binary
## Build the linux binary locally
.PHONY: binary-debug
binary-debug: generate-webui
GOOS=linux ./script/make.sh binary
## Build the binary for the standard platforms (linux, darwin, windows)
.PHONY: crossbinary-default
crossbinary-default: generate-webui build-dev-image
$(DOCKER_RUN_TRAEFIK_NOTTY) ./script/make.sh generate crossbinary-default
## Build the binary for the standard plaforms (linux, darwin, windows) in parallel
## Build the binary for the standard platforms (linux, darwin, windows) in parallel
.PHONY: crossbinary-default-parallel
crossbinary-default-parallel:
$(MAKE) generate-webui
$(MAKE) build-dev-image crossbinary-default
## Run the unit and integration tests
.PHONY: test
test: build-dev-image
$(DOCKER_RUN_TRAEFIK) ./script/make.sh generate test-unit binary test-integration
-docker network create traefik-test-network --driver bridge --subnet 172.31.42.0/24
trap 'docker network rm traefik-test-network' EXIT; \
$(if $(IN_DOCKER),$(DOCKER_RUN_TRAEFIK_TEST)) ./script/make.sh generate test-unit binary test-integration
## Run the unit tests
test-unit: $(PRE_TARGET)
$(if $(PRE_TARGET),$(DOCKER_RUN_TRAEFIK)) ./script/make.sh generate test-unit
## Pull all images for integration tests
pull-images:
grep --no-filename -E '^\s+image:' ./integration/resources/compose/*.yml | awk '{print $$2}' | sort | uniq | xargs -P 6 -n 1 docker pull
.PHONY: test-unit
test-unit: build-dev-image
-docker network create traefik-test-network --driver bridge --subnet 172.31.42.0/24
trap 'docker network rm traefik-test-network' EXIT; \
$(if $(IN_DOCKER),$(DOCKER_RUN_TRAEFIK_TEST)) ./script/make.sh generate test-unit
## Run the integration tests
test-integration: $(PRE_TARGET)
$(if $(PRE_TARGET),$(DOCKER_RUN_TRAEFIK),TEST_CONTAINER=1) ./script/make.sh generate binary test-integration
TEST_HOST=1 ./script/make.sh test-integration
.PHONY: test-integration
test-integration: build-dev-image
-docker network create traefik-test-network --driver bridge --subnet 172.31.42.0/24
trap 'docker network rm traefik-test-network' EXIT; \
$(if $(IN_DOCKER),$(DOCKER_RUN_TRAEFIK_TEST)) ./script/make.sh generate binary test-integration
## Pull all images for integration tests
.PHONY: pull-images
pull-images:
grep --no-filename -E '^\s+image:' ./integration/resources/compose/*.yml \
| awk '{print $$2}' \
| sort \
| uniq \
| xargs -P 6 -n 1 docker pull
## Validate code and docs
validate-files: $(PRE_TARGET)
$(if $(PRE_TARGET),$(DOCKER_RUN_TRAEFIK)) ./script/make.sh generate validate-lint validate-misspell
.PHONY: validate-files
validate-files: build-dev-image
$(if $(IN_DOCKER),$(DOCKER_RUN_TRAEFIK)) ./script/make.sh generate validate-lint validate-misspell
bash $(CURDIR)/script/validate-shell-script.sh
## Validate code, docs, and vendor
validate: $(PRE_TARGET)
$(if $(PRE_TARGET),$(DOCKER_RUN_TRAEFIK)) ./script/make.sh generate validate-lint validate-misspell validate-vendor
.PHONY: validate
validate: build-dev-image
$(if $(IN_DOCKER),$(DOCKER_RUN_TRAEFIK)) ./script/make.sh generate validate-lint validate-misspell validate-vendor
bash $(CURDIR)/script/validate-shell-script.sh
## Clean up static directory and build a Docker Traefik image
build-image: binary
rm -rf static
.PHONY: build-image
build-image: clean-webui binary
docker build -t $(TRAEFIK_IMAGE) .
## Build a Docker Traefik image
## Build a Docker Traefik image without re-building the webui
.PHONY: build-image-dirty
build-image-dirty: binary
docker build -t $(TRAEFIK_IMAGE) .
## Locally build traefik for linux, then shove it an alpine image, with basic tools.
.PHONY: build-image-debug
build-image-debug: binary-debug
docker build -t $(TRAEFIK_IMAGE) -f debug.Dockerfile .
## Start a shell inside the build env
.PHONY: shell
shell: build-dev-image
$(DOCKER_RUN_TRAEFIK) /bin/bash
## Build documentation site
.PHONY: docs
docs:
make -C ./docs docs
## Serve the documentation site localy
## Serve the documentation site locally
.PHONY: docs-serve
docs-serve:
make -C ./docs docs-serve
## Generate CRD clientset
## Pull image for doc building
.PHONY: docs-pull-images
docs-pull-images:
make -C ./docs docs-pull-images
## Generate CRD clientset and CRD manifests
.PHONY: generate-crd
generate-crd:
./script/update-generated-crd-code.sh
@$(CURDIR)/script/code-gen.sh
## Generate code from dynamic configuration https://github.com/traefik/genconf
.PHONY: generate-genconf
generate-genconf:
go run ./cmd/internal/gen/
## Create packages for the release
.PHONY: release-packages
release-packages: generate-webui build-dev-image
rm -rf dist
$(DOCKER_RUN_TRAEFIK_NOTTY) goreleaser release --skip-publish --timeout="60m"
$(DOCKER_RUN_TRAEFIK_NOTTY) tar cfz dist/traefik-${VERSION}.src.tar.gz \
@- $(foreach os, linux darwin windows freebsd openbsd, \
$(if $(IN_DOCKER),$(DOCKER_RUN_TRAEFIK_NOTTY)) goreleaser release --skip-publish -p 2 --timeout="90m" --config $(shell go run ./internal/release $(os)); \
$(if $(IN_DOCKER),$(DOCKER_RUN_TRAEFIK_NOTTY)) go clean -cache; \
)
$(if $(IN_DOCKER),$(DOCKER_RUN_TRAEFIK_NOTTY)) cat dist/**/*_checksums.txt >> dist/traefik_${VERSION}_checksums.txt
$(if $(IN_DOCKER),$(DOCKER_RUN_TRAEFIK_NOTTY)) rm dist/**/*_checksums.txt
$(if $(IN_DOCKER),$(DOCKER_RUN_TRAEFIK_NOTTY)) tar cfz dist/traefik-${VERSION}.src.tar.gz \
--exclude-vcs \
--exclude .idea \
--exclude .travis \
--exclude .semaphoreci \
--exclude .github \
--exclude dist .
$(DOCKER_RUN_TRAEFIK_NOTTY) chown -R $(shell id -u):$(shell id -g) dist/
$(if $(IN_DOCKER),$(DOCKER_RUN_TRAEFIK_NOTTY)) chown -R $(shell id -u):$(shell id -g) dist/
## Format the Code
.PHONY: fmt
fmt:
gofmt -s -l -w $(SRCS)
.PHONY: run-dev
run-dev:
go generate
GO111MODULE=on go build ./cmd/traefik

View File

@@ -1,19 +1,21 @@
<p align="center">
<img src="docs/content/assets/img/traefik.logo.png" alt="Traefik" title="Traefik" />
<picture>
<source media="(prefers-color-scheme: dark)" srcset="docs/content/assets/img/traefik.logo-dark.png">
<source media="(prefers-color-scheme: light)" srcset="docs/content/assets/img/traefik.logo.png">
<img alt="Traefik" title="Traefik" src="docs/content/assets/img/traefik.logo.png">
</picture>
</p>
[![Build Status SemaphoreCI](https://semaphoreci.com/api/v1/containous/traefik/branches/master/shields_badge.svg)](https://semaphoreci.com/containous/traefik)
[![Docs](https://img.shields.io/badge/docs-current-brightgreen.svg)](https://docs.traefik.io)
[![Go Report Card](https://goreportcard.com/badge/containous/traefik)](http://goreportcard.com/report/containous/traefik)
[![](https://images.microbadger.com/badges/image/traefik.svg)](https://microbadger.com/images/traefik)
[![License](https://img.shields.io/badge/license-MIT-blue.svg)](https://github.com/containous/traefik/blob/master/LICENSE.md)
[![Join the community support forum at https://community.containo.us/](https://img.shields.io/badge/style-register-green.svg?style=social&label=Discourse)](https://community.containo.us/)
[![Docs](https://img.shields.io/badge/docs-current-brightgreen.svg)](https://doc.traefik.io/traefik)
[![Go Report Card](https://goreportcard.com/badge/traefik/traefik)](https://goreportcard.com/report/traefik/traefik)
[![License](https://img.shields.io/badge/license-MIT-blue.svg)](https://github.com/traefik/traefik/blob/master/LICENSE.md)
[![Join the community support forum at https://community.traefik.io/](https://img.shields.io/badge/style-register-green.svg?style=social&label=Discourse)](https://community.traefik.io/)
[![Twitter](https://img.shields.io/twitter/follow/traefik.svg?style=social)](https://twitter.com/intent/follow?screen_name=traefik)
Traefik (pronounced _traffic_) is a modern HTTP reverse proxy and load balancer that makes deploying microservices easy.
Traefik integrates with your existing infrastructure components ([Docker](https://www.docker.com/), [Swarm mode](https://docs.docker.com/engine/swarm/), [Kubernetes](https://kubernetes.io), [Marathon](https://mesosphere.github.io/marathon/), [Consul](https://www.consul.io/), [Etcd](https://coreos.com/etcd/), [Rancher](https://rancher.com), [Amazon ECS](https://aws.amazon.com/ecs), ...) and configures itself automatically and dynamically.
Traefik integrates with your existing infrastructure components ([Docker](https://www.docker.com/), [Swarm mode](https://docs.docker.com/engine/swarm/), [Kubernetes](https://kubernetes.io), [Consul](https://www.consul.io/), [Etcd](https://coreos.com/etcd/), [Rancher v2](https://rancher.com), [Amazon ECS](https://aws.amazon.com/ecs), ...) and configures itself automatically and dynamically.
Pointing Traefik at your orchestrator should be the _only_ configuration step you need.
---
@@ -33,7 +35,7 @@ Pointing Traefik at your orchestrator should be the _only_ configuration step yo
---
:warning: Please be aware that the old configurations for Traefik v1.x are NOT compatible with the v2.x config as of now. If you're running v2, please ensure you are using a [v2 configuration](https://docs.traefik.io/).
:warning: Please be aware that the old configurations for Traefik v1.x are NOT compatible with the v2.x config as of now. If you're running v2, please ensure you are using a [v2 configuration](https://doc.traefik.io/traefik/).
## Overview
@@ -59,25 +61,22 @@ _(But if you'd rather configure some of your routes manually, Traefik supports t
- Provides HTTPS to your microservices by leveraging [Let's Encrypt](https://letsencrypt.org) (wildcard certificates support)
- Circuit breakers, retry
- See the magic through its clean web UI
- Websocket, HTTP/2, GRPC ready
- Provides metrics (Rest, Prometheus, Datadog, Statsd, InfluxDB)
- Websocket, HTTP/2, gRPC ready
- Provides metrics (Rest, Prometheus, Datadog, Statsd, InfluxDB 2.X)
- Keeps access logs (JSON, CLF)
- Fast
- Exposes a Rest API
- Packaged as a single binary file (made with :heart: with go) and available as a [tiny](https://microbadger.com/images/traefik) [official](https://hub.docker.com/r/_/traefik/) docker image
- Packaged as a single binary file (made with :heart: with go) and available as an [official](https://hub.docker.com/r/_/traefik/) docker image
## Supported Backends
- [Docker](https://docs.traefik.io/providers/docker/) / [Swarm mode](https://docs.traefik.io/providers/docker/)
- [Kubernetes](https://docs.traefik.io/providers/kubernetes-crd/)
- [Marathon](https://docs.traefik.io/providers/marathon/)
- [Rancher](https://docs.traefik.io/providers/rancher/) (Metadata)
- [File](https://docs.traefik.io/configuration/backends/file)
- [Docker](https://doc.traefik.io/traefik/providers/docker/) / [Swarm mode](https://doc.traefik.io/traefik/providers/docker/)
- [Kubernetes](https://doc.traefik.io/traefik/providers/kubernetes-crd/)
- [File](https://doc.traefik.io/traefik/providers/file/)
## Quickstart
To get your hands on Traefik, you can use the [5-Minute Quickstart](https://docs.traefik.io/getting-started/quick-start/) in our documentation (you will need Docker).
To get your hands on Traefik, you can use the [5-Minute Quickstart](https://doc.traefik.io/traefik/getting-started/quick-start/) in our documentation (you will need Docker).
## Web UI
@@ -87,28 +86,27 @@ You can access the simple HTML frontend of Traefik.
## Documentation
You can find the complete documentation of Traefik v2 at [https://docs.traefik.io](https://docs.traefik.io).
If you are using Traefik v1, you can find the complete documentation at [https://docs.traefik.io/v1.7/](https://docs.traefik.io/v1.7/)
You can find the complete documentation of Traefik v2 at [https://doc.traefik.io/traefik/](https://doc.traefik.io/traefik/).
A collection of contributions around Traefik can be found at [https://awesome.traefik.io](https://awesome.traefik.io).
## Support
To get community support, you can:
- join the Traefik community forum: [![Join the chat at https://community.containo.us/](https://img.shields.io/badge/style-register-green.svg?style=social&label=Discourse)](https://community.containo.us/)
If you need commercial support, please contact [Containo.us](https://containo.us) by mail: <mailto:support@containo.us>.
- join the Traefik community forum: [![Join the chat at https://community.traefik.io/](https://img.shields.io/badge/style-register-green.svg?style=social&label=Discourse)](https://community.traefik.io/)
If you need commercial support, please contact [Traefik.io](https://traefik.io) by mail: <mailto:support@traefik.io>.
## Download
- Grab the latest binary from the [releases](https://github.com/containous/traefik/releases) page and run it with the [sample configuration file](https://raw.githubusercontent.com/containous/traefik/master/traefik.sample.toml):
- Grab the latest binary from the [releases](https://github.com/traefik/traefik/releases) page and run it with the [sample configuration file](https://raw.githubusercontent.com/traefik/traefik/master/traefik.sample.toml):
```shell
./traefik --configFile=traefik.toml
```
- Or use the official tiny Docker image and run it with the [sample configuration file](https://raw.githubusercontent.com/containous/traefik/master/traefik.sample.toml):
- Or use the official tiny Docker image and run it with the [sample configuration file](https://raw.githubusercontent.com/traefik/traefik/master/traefik.sample.toml):
```shell
docker run -d -p 8080:8080 -p 80:80 -v $PWD/traefik.toml:/etc/traefik/traefik.toml traefik
@@ -117,16 +115,18 @@ docker run -d -p 8080:8080 -p 80:80 -v $PWD/traefik.toml:/etc/traefik/traefik.to
- Or get the sources:
```shell
git clone https://github.com/containous/traefik
git clone https://github.com/traefik/traefik
```
## Introductory Videos
You can find high level and deep dive videos on [videos.containo.us](https://videos.containo.us)
You can find high level and deep dive videos on [videos.traefik.io](https://videos.traefik.io).
## Maintainers
[Information about process and maintainers](docs/content/contributing/maintainers.md)
We are strongly promoting a philosophy of openness and sharing, and firmly standing against the elitist closed approach. Being part of the core team should be accessible to anyone who is motivated and want to be part of that journey!
This [document](docs/content/contributing/maintainers-guidelines.md) describes how to be part of the core team as well as various responsibilities and guidelines for Traefik maintainers.
You can also find more information on our process to review pull requests and manage issues [in this document](docs/content/contributing/maintainers.md).
## Contributing
@@ -137,24 +137,24 @@ By participating in this project, you agree to abide by its terms.
## Release Cycle
- We release a new version (e.g. 1.1.0, 1.2.0, 1.3.0) every other month.
- Release Candidates are available before the release (e.g. 1.1.0-rc1, 1.1.0-rc2, 1.1.0-rc3, 1.1.0-rc4, before 1.1.0)
- Bug-fixes (e.g. 1.1.1, 1.1.2, 1.2.1, 1.2.3) are released as needed (no additional features are delivered in those versions, bug-fixes only)
- We usually release 3/4 new versions (e.g. 1.1.0, 1.2.0, 1.3.0) per year.
- Release Candidates are available before the release (e.g. 1.1.0-rc1, 1.1.0-rc2, 1.1.0-rc3, 1.1.0-rc4, before 1.1.0).
- Bug-fixes (e.g. 1.1.1, 1.1.2, 1.2.1, 1.2.3) are released as needed (no additional features are delivered in those versions, bug-fixes only).
Each version is supported until the next one is released (e.g. 1.1.x will be supported until 1.2.0 is out)
Each version is supported until the next one is released (e.g. 1.1.x will be supported until 1.2.0 is out).
We use [Semantic Versioning](http://semver.org/)
We use [Semantic Versioning](https://semver.org/).
## Mailing lists
## Mailing Lists
- General announcements, new releases: mail at news+subscribe@traefik.io or on [the online viewer](https://groups.google.com/a/traefik.io/forum/#!forum/news)
- General announcements, new releases: mail at news+subscribe@traefik.io or on [the online viewer](https://groups.google.com/a/traefik.io/forum/#!forum/news).
- Security announcements: mail at security+subscribe@traefik.io or on [the online viewer](https://groups.google.com/a/traefik.io/forum/#!forum/security).
## Credits
Kudos to [Peka](http://peka.byethost11.com/photoblog/) for his awesome work on the logo ![logo](docs/content/assets/img/traefik.icon.png).
Kudos to [Peka](http://peka.byethost11.com/photoblog/) for his awesome work on the gopher's logo!.
Traefik's logo is licensed under the Creative Commons 3.0 Attributions license.
The gopher's logo of Traefik is licensed under the Creative Commons 3.0 Attributions license.
Traefik's logo was inspired by the gopher stickers made by Takuya Ueda (https://twitter.com/tenntenn).
The original Go gopher was designed by Renee French (http://reneefrench.blogspot.com/).
The gopher's logo of Traefik was inspired by the gopher stickers made by [Takuya Ueda](https://twitter.com/tenntenn).
The original Go gopher was designed by [Renee French](https://reneefrench.blogspot.com/).

30
SECURITY.md Normal file
View File

@@ -0,0 +1,30 @@
# Security Policy
You can join our security mailing list to be aware of the latest announcements from our security team.
You can subscribe sending a mail to security+subscribe@traefik.io or on [the online viewer](https://groups.google.com/a/traefik.io/forum/#!forum/security).
Reported vulnerabilities can be found on [cve.mitre.org](https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=traefik).
## Supported Versions
- We usually release 3/4 new versions (e.g. 1.1.0, 1.2.0, 1.3.0) per year.
- Release Candidates are available before the release (e.g. 1.1.0-rc1, 1.1.0-rc2, 1.1.0-rc3, 1.1.0-rc4, before 1.1.0).
- Bug-fixes (e.g. 1.1.1, 1.1.2, 1.2.1, 1.2.3) are released as needed (no additional features are delivered in those versions, bug-fixes only).
Each version is supported until the next one is released (e.g. 1.1.x will be supported until 1.2.0 is out).
We use [Semantic Versioning](https://semver.org/).
| Version | Supported |
|-----------|--------------------|
| `2.2.x` | :white_check_mark: |
| `< 2.2.x` | :x: |
| `1.7.x` | :white_check_mark: |
| `< 1.7.x` | :x: |
## Reporting a Vulnerability
We want to keep Traefik safe for everyone.
If you've discovered a security vulnerability in Traefik,
we appreciate your help in disclosing it to us in a responsible manner,
by creating a [security advisory](https://github.com/traefik/traefik/security/advisories).

View File

@@ -1,7 +1,6 @@
FROM golang:1.13-alpine
FROM golang:1.21-alpine
RUN apk --update upgrade \
&& apk --no-cache --no-progress add git mercurial bash gcc musl-dev curl tar ca-certificates tzdata \
RUN apk --no-cache --no-progress add git mercurial bash gcc musl-dev curl tar ca-certificates tzdata \
&& update-ca-certificates \
&& rm -rf /var/cache/apk/*
@@ -13,25 +12,26 @@ RUN mkdir -p /usr/local/bin \
&& curl -fL https://download.docker.com/linux/static/stable/x86_64/docker-${DOCKER_VERSION}.tgz \
| tar -xzC /usr/local/bin --transform 's#^.+/##x'
# Download go-bindata binary to bin folder in $GOPATH
RUN mkdir -p /usr/local/bin \
&& curl -fsSL -o /usr/local/bin/go-bindata https://github.com/containous/go-bindata/releases/download/v1.0.0/go-bindata \
&& chmod +x /usr/local/bin/go-bindata
# Download golangci-lint binary to bin folder in $GOPATH
RUN curl -sfL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh | bash -s -- -b $GOPATH/bin v1.20.0
RUN curl -sfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | bash -s -- -b $GOPATH/bin v1.54.1
# Download golangci-lint and misspell binary to bin folder in $GOPATH
RUN GO111MODULE=off go get github.com/client9/misspell/cmd/misspell
# Download misspell binary to bin folder in $GOPATH
RUN curl -sfL https://raw.githubusercontent.com/golangci/misspell/master/install-misspell.sh | bash -s -- -b $GOPATH/bin v0.4.0
# Download goreleaser binary to bin folder in $GOPATH
RUN curl -sfL https://install.goreleaser.com/github.com/goreleaser/goreleaser.sh | sh
RUN curl -sfL https://gist.githubusercontent.com/traefiker/6d7ac019c11d011e4f131bb2cca8900e/raw/goreleaser.sh | sh
WORKDIR /go/src/github.com/containous/traefik
WORKDIR /go/src/github.com/traefik/traefik
# Because of CVE-2022-24765 (https://github.blog/2022-04-12-git-security-vulnerability-announced/),
# we configure git to allow the Traefik codebase path on the Host for docker in docker usages.
ARG HOST_PWD=""
RUN git config --global --add safe.directory "${HOST_PWD}"
# Download go modules
COPY go.mod .
COPY go.sum .
RUN GO111MODULE=on GOPROXY=https://proxy.golang.org go mod download
COPY . /go/src/github.com/containous/traefik
COPY . /go/src/github.com/traefik/traefik

View File

@@ -3,8 +3,8 @@ package cmd
import (
"time"
"github.com/containous/traefik/v2/pkg/config/static"
"github.com/containous/traefik/v2/pkg/types"
ptypes "github.com/traefik/paerser/types"
"github.com/traefik/traefik/v3/pkg/config/static"
)
// TraefikCmdConfiguration wraps the static configuration and extra parameters.
@@ -23,11 +23,15 @@ func NewTraefikConfiguration() *TraefikCmdConfiguration {
},
EntryPoints: make(static.EntryPoints),
Providers: &static.Providers{
ProvidersThrottleDuration: types.Duration(2 * time.Second),
ProvidersThrottleDuration: ptypes.Duration(2 * time.Second),
},
ServersTransport: &static.ServersTransport{
MaxIdleConnsPerHost: 200,
},
TCPServersTransport: &static.TCPServersTransport{
DialTimeout: ptypes.Duration(30 * time.Second),
DialKeepAlive: ptypes.Duration(15 * time.Second),
},
},
ConfigFile: "",
}

View File

@@ -1,22 +0,0 @@
package cmd
import (
"context"
"os"
"os/signal"
"syscall"
)
// ContextWithSignal creates a context canceled when SIGINT or SIGTERM are notified
func ContextWithSignal(ctx context.Context) context.Context {
newCtx, cancel := context.WithCancel(ctx)
signals := make(chan os.Signal)
signal.Notify(signals, syscall.SIGINT, syscall.SIGTERM)
go func() {
select {
case <-signals:
cancel()
}
}()
return newCtx
}

View File

@@ -7,8 +7,8 @@ import (
"os"
"time"
"github.com/containous/traefik/v2/pkg/cli"
"github.com/containous/traefik/v2/pkg/config/static"
"github.com/traefik/paerser/cli"
"github.com/traefik/traefik/v3/pkg/config/static"
)
// NewCmd builds a new HealthCheck command.
@@ -45,21 +45,26 @@ func runCmd(traefikConfiguration *static.Configuration) func(_ []string) error {
}
}
// Do try to do a healthcheck
// Do try to do a healthcheck.
func Do(staticConfiguration static.Configuration) (*http.Response, error) {
if staticConfiguration.Ping == nil {
return nil, errors.New("please enable `ping` to use health check")
}
pingEntryPoint, ok := staticConfiguration.EntryPoints["traefik"]
ep := staticConfiguration.Ping.EntryPoint
if ep == "" {
ep = "traefik"
}
pingEntryPoint, ok := staticConfiguration.EntryPoints[ep]
if !ok {
return nil, errors.New("missing `ping` entrypoint")
return nil, fmt.Errorf("ping: missing %s entry point", ep)
}
client := &http.Client{Timeout: 5 * time.Second}
protocol := "http"
// FIXME Handle TLS on ping etc...
// TODO Handle TLS on ping etc...
// if pingEntryPoint.TLS != nil {
// protocol = "https"
// tr := &http.Transport{
@@ -70,5 +75,5 @@ func Do(staticConfiguration static.Configuration) (*http.Response, error) {
path := "/"
return client.Head(protocol + "://" + pingEntryPoint.Address + path + "ping")
return client.Head(protocol + "://" + pingEntryPoint.GetAddress() + path + "ping")
}

View File

@@ -0,0 +1,332 @@
package main
import (
"bytes"
"fmt"
"go/format"
"go/importer"
"go/token"
"go/types"
"io"
"log"
"os"
"path"
"path/filepath"
"reflect"
"slices"
"sort"
"strings"
"golang.org/x/tools/imports"
)
// File a kind of AST element that represents a file.
type File struct {
Package string
Imports []string
Elements []Element
}
// Element is a simplified version of a symbol.
type Element struct {
Name string
Value string
}
// Centrifuge a centrifuge.
// Generate Go Structures from Go structures.
type Centrifuge struct {
IncludedImports []string
ExcludedTypes []string
ExcludedFiles []string
TypeCleaner func(types.Type, string) string
PackageCleaner func(string) string
rootPkg string
fileSet *token.FileSet
pkg *types.Package
}
// NewCentrifuge creates a new Centrifuge.
func NewCentrifuge(rootPkg string) (*Centrifuge, error) {
fileSet := token.NewFileSet()
pkg, err := importer.ForCompiler(fileSet, "source", nil).Import(rootPkg)
if err != nil {
return nil, err
}
return &Centrifuge{
fileSet: fileSet,
pkg: pkg,
rootPkg: rootPkg,
TypeCleaner: func(typ types.Type, _ string) string {
return typ.String()
},
PackageCleaner: func(s string) string {
return s
},
}, nil
}
// Run runs the code extraction and the code generation.
func (c Centrifuge) Run(dest string, pkgName string) error {
files := c.run(c.pkg.Scope(), c.rootPkg, pkgName)
err := fileWriter{baseDir: dest}.Write(files)
if err != nil {
return err
}
for _, p := range c.pkg.Imports() {
if slices.Contains(c.IncludedImports, p.Path()) {
fls := c.run(p.Scope(), p.Path(), p.Name())
err = fileWriter{baseDir: filepath.Join(dest, p.Name())}.Write(fls)
if err != nil {
return err
}
}
}
return err
}
func (c Centrifuge) run(sc *types.Scope, rootPkg string, pkgName string) map[string]*File {
files := map[string]*File{}
for _, name := range sc.Names() {
if slices.Contains(c.ExcludedTypes, name) {
continue
}
o := sc.Lookup(name)
if !o.Exported() {
continue
}
filename := filepath.Base(c.fileSet.File(o.Pos()).Name())
if slices.Contains(c.ExcludedFiles, path.Join(rootPkg, filename)) {
continue
}
fl, ok := files[filename]
if !ok {
files[filename] = &File{Package: pkgName}
fl = files[filename]
}
elt := Element{
Name: name,
}
switch ob := o.(type) {
case *types.TypeName:
switch obj := ob.Type().(*types.Named).Underlying().(type) {
case *types.Struct:
elt.Value = c.writeStruct(name, obj, rootPkg, fl)
case *types.Map:
elt.Value = fmt.Sprintf("type %s map[%s]%s\n", name, obj.Key().String(), c.TypeCleaner(obj.Elem(), rootPkg))
case *types.Slice:
elt.Value = fmt.Sprintf("type %s []%v\n", name, c.TypeCleaner(obj.Elem(), rootPkg))
case *types.Basic:
elt.Value = fmt.Sprintf("type %s %v\n", name, obj.Name())
default:
log.Printf("OTHER TYPE::: %s %T\n", name, o.Type().(*types.Named).Underlying())
continue
}
default:
log.Printf("OTHER::: %s %T\n", name, o)
continue
}
if len(elt.Value) > 0 {
fl.Elements = append(fl.Elements, elt)
}
}
return files
}
func (c Centrifuge) writeStruct(name string, obj *types.Struct, rootPkg string, elt *File) string {
b := strings.Builder{}
b.WriteString(fmt.Sprintf("type %s struct {\n", name))
for i := 0; i < obj.NumFields(); i++ {
field := obj.Field(i)
if !field.Exported() {
continue
}
fPkg := c.PackageCleaner(extractPackage(field.Type()))
if fPkg != "" && fPkg != rootPkg {
elt.Imports = append(elt.Imports, fPkg)
}
fType := c.TypeCleaner(field.Type(), rootPkg)
if field.Embedded() {
b.WriteString(fmt.Sprintf("\t%s\n", fType))
continue
}
values, ok := lookupTagValue(obj.Tag(i), "json")
if len(values) > 0 && values[0] == "-" {
continue
}
b.WriteString(fmt.Sprintf("\t%s %s", field.Name(), fType))
if ok {
b.WriteString(fmt.Sprintf(" `json:\"%s\"`", strings.Join(values, ",")))
}
b.WriteString("\n")
}
b.WriteString("}\n")
return b.String()
}
func lookupTagValue(raw, key string) ([]string, bool) {
value, ok := reflect.StructTag(raw).Lookup(key)
if !ok {
return nil, ok
}
values := strings.Split(value, ",")
if len(values) < 1 {
return nil, true
}
return values, true
}
func extractPackage(t types.Type) string {
switch tu := t.(type) {
case *types.Named:
return tu.Obj().Pkg().Path()
case *types.Slice:
if v, ok := tu.Elem().(*types.Named); ok {
return v.Obj().Pkg().Path()
}
return ""
case *types.Map:
if v, ok := tu.Elem().(*types.Named); ok {
return v.Obj().Pkg().Path()
}
return ""
case *types.Pointer:
return extractPackage(tu.Elem())
default:
return ""
}
}
type fileWriter struct {
baseDir string
}
func (f fileWriter) Write(files map[string]*File) error {
err := os.MkdirAll(f.baseDir, 0o755)
if err != nil {
return err
}
for name, file := range files {
err = f.writeFile(name, file)
if err != nil {
return err
}
}
return nil
}
func (f fileWriter) writeFile(name string, desc *File) error {
if len(desc.Elements) == 0 {
return nil
}
filename := filepath.Join(f.baseDir, name)
file, err := os.Create(filename)
if err != nil {
return fmt.Errorf("failed to create file: %w", err)
}
defer func() { _ = file.Close() }()
b := bytes.NewBufferString("package ")
b.WriteString(desc.Package)
b.WriteString("\n")
b.WriteString("// Code generated by centrifuge. DO NOT EDIT.\n")
b.WriteString("\n")
f.writeImports(b, desc.Imports)
b.WriteString("\n")
for _, elt := range desc.Elements {
b.WriteString(elt.Value)
b.WriteString("\n")
}
// gofmt
source, err := format.Source(b.Bytes())
if err != nil {
log.Println(b.String())
return fmt.Errorf("failed to format sources: %w", err)
}
// goimports
process, err := imports.Process(filename, source, nil)
if err != nil {
log.Println(string(source))
return fmt.Errorf("failed to format imports: %w", err)
}
_, err = file.Write(process)
if err != nil {
return err
}
return nil
}
func (f fileWriter) writeImports(b io.StringWriter, imports []string) {
if len(imports) == 0 {
return
}
uniq := map[string]struct{}{}
sort.Strings(imports)
_, _ = b.WriteString("import (\n")
for _, s := range imports {
if _, exist := uniq[s]; exist {
continue
}
uniq[s] = struct{}{}
_, _ = b.WriteString(fmt.Sprintf(` "%s"`+"\n", s))
}
_, _ = b.WriteString(")\n")
}

124
cmd/internal/gen/main.go Normal file
View File

@@ -0,0 +1,124 @@
package main
import (
"fmt"
"go/build"
"go/types"
"log"
"os"
"path"
"path/filepath"
"strings"
)
const rootPkg = "github.com/traefik/traefik/v3/pkg/config/dynamic"
const (
destModuleName = "github.com/traefik/genconf"
destPkg = "dynamic"
)
const marsh = `package %s
import "encoding/json"
type JSONPayload struct {
*Configuration
}
func (c JSONPayload) MarshalJSON() ([]byte, error) {
if c.Configuration == nil {
return nil, nil
}
return json.Marshal(c.Configuration)
}
`
// main generate Go Structures from Go structures.
// Allows to create an external module (destModuleName) used by the plugin's providers
// that contains Go structs of the dynamic configuration and nothing else.
// These Go structs do not have any non-exported fields and do not rely on any external dependencies.
func main() {
dest := filepath.Join(path.Join(build.Default.GOPATH, "src"), destModuleName, destPkg)
log.Println("Output:", dest)
err := run(dest)
if err != nil {
log.Fatal(err)
}
}
func run(dest string) error {
centrifuge, err := NewCentrifuge(rootPkg)
if err != nil {
return err
}
centrifuge.IncludedImports = []string{
"github.com/traefik/traefik/v3/pkg/tls",
"github.com/traefik/traefik/v3/pkg/types",
}
centrifuge.ExcludedTypes = []string{
// tls
"CertificateStore", "Manager",
// dynamic
"Message", "Configurations",
// types
"HTTPCodeRanges", "HostResolverConfig",
}
centrifuge.ExcludedFiles = []string{
"github.com/traefik/traefik/v3/pkg/types/logs.go",
"github.com/traefik/traefik/v3/pkg/types/metrics.go",
}
centrifuge.TypeCleaner = cleanType
centrifuge.PackageCleaner = cleanPackage
err = centrifuge.Run(dest, destPkg)
if err != nil {
return err
}
return os.WriteFile(filepath.Join(dest, "marshaler.go"), []byte(fmt.Sprintf(marsh, destPkg)), 0o666)
}
func cleanType(typ types.Type, base string) string {
if typ.String() == "github.com/traefik/traefik/v3/pkg/tls.FileOrContent" {
return "string"
}
if typ.String() == "[]github.com/traefik/traefik/v3/pkg/tls.FileOrContent" {
return "[]string"
}
if typ.String() == "github.com/traefik/paerser/types.Duration" {
return "string"
}
if strings.Contains(typ.String(), base) {
return strings.ReplaceAll(typ.String(), base+".", "")
}
if strings.Contains(typ.String(), "github.com/traefik/traefik/v3/pkg/") {
return strings.ReplaceAll(typ.String(), "github.com/traefik/traefik/v3/pkg/", "")
}
return typ.String()
}
func cleanPackage(src string) string {
switch src {
case "github.com/traefik/paerser/types":
return ""
case "github.com/traefik/traefik/v3/pkg/tls":
return path.Join(destModuleName, destPkg, "tls")
case "github.com/traefik/traefik/v3/pkg/types":
return path.Join(destModuleName, destPkg, "types")
default:
return src
}
}

89
cmd/traefik/logger.go Normal file
View File

@@ -0,0 +1,89 @@
package main
import (
"io"
stdlog "log"
"os"
"strings"
"time"
"github.com/natefinch/lumberjack"
"github.com/rs/zerolog"
"github.com/rs/zerolog/log"
"github.com/sirupsen/logrus"
"github.com/traefik/traefik/v3/pkg/config/static"
"github.com/traefik/traefik/v3/pkg/logs"
)
func init() {
// hide the first logs before the setup of the logger.
zerolog.SetGlobalLevel(zerolog.ErrorLevel)
}
func setupLogger(staticConfiguration *static.Configuration) {
// configure log format
w := getLogWriter(staticConfiguration)
// configure log level
logLevel := getLogLevel(staticConfiguration)
// create logger
logCtx := zerolog.New(w).With().Timestamp()
if logLevel <= zerolog.DebugLevel {
logCtx = logCtx.Caller()
}
log.Logger = logCtx.Logger().Level(logLevel)
zerolog.DefaultContextLogger = &log.Logger
zerolog.SetGlobalLevel(logLevel)
// Global logrus replacement (related to lib like go-rancher-metadata, docker, etc.)
logrus.StandardLogger().Out = logs.NoLevel(log.Logger, zerolog.DebugLevel)
// configure default standard log.
stdlog.SetFlags(stdlog.Lshortfile | stdlog.LstdFlags)
stdlog.SetOutput(logs.NoLevel(log.Logger, zerolog.DebugLevel))
}
func getLogWriter(staticConfiguration *static.Configuration) io.Writer {
var w io.Writer = os.Stderr
if staticConfiguration.Log != nil && len(staticConfiguration.Log.FilePath) > 0 {
_, _ = os.Create(staticConfiguration.Log.FilePath)
w = &lumberjack.Logger{
Filename: staticConfiguration.Log.FilePath,
MaxSize: staticConfiguration.Log.MaxSize,
MaxBackups: staticConfiguration.Log.MaxBackups,
MaxAge: staticConfiguration.Log.MaxAge,
Compress: true,
}
}
if staticConfiguration.Log == nil || staticConfiguration.Log.Format != "json" {
w = zerolog.ConsoleWriter{
Out: w,
TimeFormat: time.RFC3339,
NoColor: staticConfiguration.Log != nil && (staticConfiguration.Log.NoColor || len(staticConfiguration.Log.FilePath) > 0),
}
}
return w
}
func getLogLevel(staticConfiguration *static.Configuration) zerolog.Level {
levelStr := "error"
if staticConfiguration.Log != nil && staticConfiguration.Log.Level != "" {
levelStr = strings.ToLower(staticConfiguration.Log.Level)
}
logLevel, err := zerolog.ParseLevel(strings.ToLower(levelStr))
if err != nil {
log.Error().Err(err).
Str("logLevel", levelStr).
Msg("Unspecified or invalid log level, setting the level to default (ERROR)...")
logLevel = zerolog.ErrorLevel
}
return logLevel
}

83
cmd/traefik/plugins.go Normal file
View File

@@ -0,0 +1,83 @@
package main
import (
"fmt"
"github.com/traefik/traefik/v3/pkg/config/static"
"github.com/traefik/traefik/v3/pkg/plugins"
)
const outputDir = "./plugins-storage/"
func createPluginBuilder(staticConfiguration *static.Configuration) (*plugins.Builder, error) {
client, plgs, localPlgs, err := initPlugins(staticConfiguration)
if err != nil {
return nil, err
}
return plugins.NewBuilder(client, plgs, localPlgs)
}
func initPlugins(staticCfg *static.Configuration) (*plugins.Client, map[string]plugins.Descriptor, map[string]plugins.LocalDescriptor, error) {
err := checkUniquePluginNames(staticCfg.Experimental)
if err != nil {
return nil, nil, nil, err
}
var client *plugins.Client
plgs := map[string]plugins.Descriptor{}
if hasPlugins(staticCfg) {
opts := plugins.ClientOptions{
Output: outputDir,
}
var err error
client, err = plugins.NewClient(opts)
if err != nil {
return nil, nil, nil, fmt.Errorf("unable to create plugins client: %w", err)
}
err = plugins.SetupRemotePlugins(client, staticCfg.Experimental.Plugins)
if err != nil {
return nil, nil, nil, fmt.Errorf("unable to set up plugins environment: %w", err)
}
plgs = staticCfg.Experimental.Plugins
}
localPlgs := map[string]plugins.LocalDescriptor{}
if hasLocalPlugins(staticCfg) {
err := plugins.SetupLocalPlugins(staticCfg.Experimental.LocalPlugins)
if err != nil {
return nil, nil, nil, err
}
localPlgs = staticCfg.Experimental.LocalPlugins
}
return client, plgs, localPlgs, nil
}
func checkUniquePluginNames(e *static.Experimental) error {
if e == nil {
return nil
}
for s := range e.LocalPlugins {
if _, ok := e.Plugins[s]; ok {
return fmt.Errorf("the plugin's name %q must be unique", s)
}
}
return nil
}
func hasPlugins(staticCfg *static.Configuration) bool {
return staticCfg.Experimental != nil && len(staticCfg.Experimental.Plugins) > 0
}
func hasLocalPlugins(staticCfg *static.Configuration) bool {
return staticCfg.Experimental != nil && len(staticCfg.Experimental.LocalPlugins) > 0
}

View File

@@ -2,42 +2,57 @@ package main
import (
"context"
"crypto/x509"
"encoding/json"
"fmt"
stdlog "log"
"net/http"
"os"
"path/filepath"
"os/signal"
"sort"
"strings"
"syscall"
"time"
"github.com/containous/traefik/v2/autogen/genstatic"
"github.com/containous/traefik/v2/cmd"
"github.com/containous/traefik/v2/cmd/healthcheck"
cmdVersion "github.com/containous/traefik/v2/cmd/version"
"github.com/containous/traefik/v2/pkg/cli"
"github.com/containous/traefik/v2/pkg/collector"
"github.com/containous/traefik/v2/pkg/config/dynamic"
"github.com/containous/traefik/v2/pkg/config/static"
"github.com/containous/traefik/v2/pkg/log"
"github.com/containous/traefik/v2/pkg/provider/acme"
"github.com/containous/traefik/v2/pkg/provider/aggregator"
"github.com/containous/traefik/v2/pkg/safe"
"github.com/containous/traefik/v2/pkg/server"
"github.com/containous/traefik/v2/pkg/server/router"
traefiktls "github.com/containous/traefik/v2/pkg/tls"
"github.com/containous/traefik/v2/pkg/version"
"github.com/coreos/go-systemd/daemon"
assetfs "github.com/elazarl/go-bindata-assetfs"
"github.com/go-acme/lego/v4/challenge"
gokitmetrics "github.com/go-kit/kit/metrics"
"github.com/rs/zerolog/log"
"github.com/sirupsen/logrus"
"github.com/vulcand/oxy/roundrobin"
"github.com/spiffe/go-spiffe/v2/workloadapi"
"github.com/traefik/paerser/cli"
"github.com/traefik/traefik/v3/cmd"
"github.com/traefik/traefik/v3/cmd/healthcheck"
cmdVersion "github.com/traefik/traefik/v3/cmd/version"
tcli "github.com/traefik/traefik/v3/pkg/cli"
"github.com/traefik/traefik/v3/pkg/collector"
"github.com/traefik/traefik/v3/pkg/config/dynamic"
"github.com/traefik/traefik/v3/pkg/config/runtime"
"github.com/traefik/traefik/v3/pkg/config/static"
"github.com/traefik/traefik/v3/pkg/logs"
"github.com/traefik/traefik/v3/pkg/metrics"
"github.com/traefik/traefik/v3/pkg/middlewares/accesslog"
"github.com/traefik/traefik/v3/pkg/provider/acme"
"github.com/traefik/traefik/v3/pkg/provider/aggregator"
"github.com/traefik/traefik/v3/pkg/provider/tailscale"
"github.com/traefik/traefik/v3/pkg/provider/traefik"
"github.com/traefik/traefik/v3/pkg/safe"
"github.com/traefik/traefik/v3/pkg/server"
"github.com/traefik/traefik/v3/pkg/server/middleware"
"github.com/traefik/traefik/v3/pkg/server/service"
"github.com/traefik/traefik/v3/pkg/tcp"
traefiktls "github.com/traefik/traefik/v3/pkg/tls"
"github.com/traefik/traefik/v3/pkg/tracing"
"github.com/traefik/traefik/v3/pkg/tracing/jaeger"
"github.com/traefik/traefik/v3/pkg/types"
"github.com/traefik/traefik/v3/pkg/version"
)
func main() {
// traefik config inits
tConfig := cmd.NewTraefikConfiguration()
loaders := []cli.ResourceLoader{&cli.FileLoader{}, &cli.FlagLoader{}, &cli.EnvLoader{}}
loaders := []cli.ResourceLoader{&tcli.FileLoader{}, &tcli.FlagLoader{}, &tcli.EnvLoader{}}
cmdTraefik := &cli.Command{
Name: "traefik",
@@ -64,39 +79,32 @@ Complete documentation is available at https://traefik.io`,
err = cli.Execute(cmdTraefik)
if err != nil {
stdlog.Println(err)
os.Exit(1)
log.Error().Err(err).Msg("Command error")
logrus.Exit(1)
}
os.Exit(0)
logrus.Exit(0)
}
func runCmd(staticConfiguration *static.Configuration) error {
configureLogging(staticConfiguration)
setupLogger(staticConfiguration)
http.DefaultTransport.(*http.Transport).Proxy = http.ProxyFromEnvironment
if err := roundrobin.SetDefaultWeight(0); err != nil {
log.WithoutContext().Errorf("Could not set roundrobin default weight: %v", err)
}
staticConfiguration.SetEffectiveConfiguration()
if err := staticConfiguration.ValidateConfiguration(); err != nil {
return err
}
log.WithoutContext().Infof("Traefik version %s built on %s", version.Version, version.BuildDate)
log.Info().Str("version", version.Version).
Msgf("Traefik version %s built on %s", version.Version, version.BuildDate)
jsonConf, err := json.Marshal(staticConfiguration)
if err != nil {
log.WithoutContext().Errorf("Could not marshal static configuration: %v", err)
log.WithoutContext().Debugf("Static configuration loaded [struct] %#v", staticConfiguration)
log.Error().Err(err).Msg("Could not marshal static configuration")
log.Debug().Interface("staticConfiguration", staticConfiguration).Msg("Static configuration loaded [struct]")
} else {
log.WithoutContext().Debugf("Static configuration loaded %s", string(jsonConf))
}
if staticConfiguration.API != nil && staticConfiguration.API.Dashboard {
staticConfiguration.API.DashboardAssets = &assetfs.AssetFS{Asset: genstatic.Asset, AssetInfo: genstatic.AssetInfo, AssetDir: genstatic.AssetDir, Prefix: "static"}
log.Debug().RawJSON("staticConfiguration", jsonConf).Msg("Static configuration loaded [json]")
}
if staticConfiguration.Global.CheckNewVersion {
@@ -105,44 +113,12 @@ func runCmd(staticConfiguration *static.Configuration) error {
stats(staticConfiguration)
providerAggregator := aggregator.NewProviderAggregator(*staticConfiguration.Providers)
tlsManager := traefiktls.NewManager()
acmeProviders := initACMEProvider(staticConfiguration, &providerAggregator, tlsManager)
serverEntryPointsTCP := make(server.TCPEntryPoints)
for entryPointName, config := range staticConfiguration.EntryPoints {
ctx := log.With(context.Background(), log.Str(log.EntryPointName, entryPointName))
serverEntryPointsTCP[entryPointName], err = server.NewTCPEntryPoint(ctx, config)
if err != nil {
return fmt.Errorf("error while building entryPoint %s: %v", entryPointName, err)
}
serverEntryPointsTCP[entryPointName].RouteAppenderFactory = router.NewRouteAppenderFactory(*staticConfiguration, entryPointName, acmeProviders)
svr, err := setupServer(staticConfiguration)
if err != nil {
return err
}
svr := server.NewServer(*staticConfiguration, providerAggregator, serverEntryPointsTCP, tlsManager)
resolverNames := map[string]struct{}{}
for _, p := range acmeProviders {
resolverNames[p.ResolverName] = struct{}{}
svr.AddListener(p.ListenConfiguration)
}
svr.AddListener(func(config dynamic.Configuration) {
for rtName, rt := range config.HTTP.Routers {
if rt.TLS == nil || rt.TLS.CertResolver == "" {
continue
}
if _, ok := resolverNames[rt.TLS.CertResolver]; !ok {
log.WithoutContext().Errorf("the router %s uses a non-existent resolver: %s", rtName, rt.TLS.CertResolver)
}
}
})
ctx := cmd.ContextWithSignal(context.Background())
ctx, _ := signal.NotifyContext(context.Background(), syscall.SIGINT, syscall.SIGTERM)
if staticConfiguration.Ping != nil {
staticConfiguration.Ping.WithContext(ctx)
@@ -153,126 +129,513 @@ func runCmd(staticConfiguration *static.Configuration) error {
sent, err := daemon.SdNotify(false, "READY=1")
if !sent && err != nil {
log.WithoutContext().Errorf("Failed to notify: %v", err)
log.Error().Err(err).Msg("Failed to notify")
}
t, err := daemon.SdWatchdogEnabled(false)
if err != nil {
log.WithoutContext().Errorf("Could not enable Watchdog: %v", err)
log.Error().Err(err).Msg("Could not enable Watchdog")
} else if t != 0 {
// Send a ping each half time given
t /= 2
log.WithoutContext().Infof("Watchdog activated with timer duration %s", t)
log.Info().Msgf("Watchdog activated with timer duration %s", t)
safe.Go(func() {
tick := time.Tick(t)
for range tick {
resp, errHealthCheck := healthcheck.Do(*staticConfiguration)
if resp != nil {
resp.Body.Close()
_ = resp.Body.Close()
}
if staticConfiguration.Ping == nil || errHealthCheck == nil {
if ok, _ := daemon.SdNotify(false, "WATCHDOG=1"); !ok {
log.WithoutContext().Error("Fail to tick watchdog")
log.Error().Msg("Fail to tick watchdog")
}
} else {
log.WithoutContext().Error(errHealthCheck)
log.Error().Err(errHealthCheck).Send()
}
}
})
}
svr.Wait()
log.WithoutContext().Info("Shutting down")
logrus.Exit(0)
log.Info().Msg("Shutting down")
return nil
}
// initACMEProvider creates an acme provider from the ACME part of globalConfiguration
func initACMEProvider(c *static.Configuration, providerAggregator *aggregator.ProviderAggregator, tlsManager *traefiktls.Manager) []*acme.Provider {
challengeStore := acme.NewLocalChallengeStore()
func setupServer(staticConfiguration *static.Configuration) (*server.Server, error) {
providerAggregator := aggregator.NewProviderAggregator(*staticConfiguration.Providers)
ctx := context.Background()
routinesPool := safe.NewPool(ctx)
// adds internal provider
err := providerAggregator.AddProvider(traefik.New(*staticConfiguration))
if err != nil {
return nil, err
}
// ACME
tlsManager := traefiktls.NewManager()
httpChallengeProvider := acme.NewChallengeHTTP()
tlsChallengeProvider := acme.NewChallengeTLSALPN()
err = providerAggregator.AddProvider(tlsChallengeProvider)
if err != nil {
return nil, err
}
acmeProviders := initACMEProvider(staticConfiguration, &providerAggregator, tlsManager, httpChallengeProvider, tlsChallengeProvider)
// Tailscale
tsProviders := initTailscaleProviders(staticConfiguration, &providerAggregator)
// Metrics
metricRegistries := registerMetricClients(staticConfiguration.Metrics)
metricsRegistry := metrics.NewMultiRegistry(metricRegistries)
// Entrypoints
serverEntryPointsTCP, err := server.NewTCPEntryPoints(staticConfiguration.EntryPoints, staticConfiguration.HostResolver, metricsRegistry)
if err != nil {
return nil, err
}
serverEntryPointsUDP, err := server.NewUDPEntryPoints(staticConfiguration.EntryPoints)
if err != nil {
return nil, err
}
if staticConfiguration.API != nil {
version.DisableDashboardAd = staticConfiguration.API.DisableDashboardAd
}
// Plugins
pluginBuilder, err := createPluginBuilder(staticConfiguration)
if err != nil {
log.Error().Err(err).Msg("Plugins are disabled because an error has occurred.")
}
// Providers plugins
for name, conf := range staticConfiguration.Providers.Plugin {
if pluginBuilder == nil {
break
}
p, err := pluginBuilder.BuildProvider(name, conf)
if err != nil {
return nil, fmt.Errorf("plugin: failed to build provider: %w", err)
}
err = providerAggregator.AddProvider(p)
if err != nil {
return nil, fmt.Errorf("plugin: failed to add provider: %w", err)
}
}
// Service manager factory
var spiffeX509Source *workloadapi.X509Source
if staticConfiguration.Spiffe != nil && staticConfiguration.Spiffe.WorkloadAPIAddr != "" {
log.Info().Str("workloadAPIAddr", staticConfiguration.Spiffe.WorkloadAPIAddr).
Msg("Waiting on SPIFFE SVID delivery")
spiffeX509Source, err = workloadapi.NewX509Source(
ctx,
workloadapi.WithClientOptions(
workloadapi.WithAddr(
staticConfiguration.Spiffe.WorkloadAPIAddr,
),
),
)
if err != nil {
return nil, fmt.Errorf("unable to create SPIFFE x509 source: %w", err)
}
log.Info().Msg("Successfully obtained SPIFFE SVID.")
}
roundTripperManager := service.NewRoundTripperManager(spiffeX509Source)
dialerManager := tcp.NewDialerManager(spiffeX509Source)
acmeHTTPHandler := getHTTPChallengeHandler(acmeProviders, httpChallengeProvider)
managerFactory := service.NewManagerFactory(*staticConfiguration, routinesPool, metricsRegistry, roundTripperManager, acmeHTTPHandler)
// Router factory
accessLog := setupAccessLog(staticConfiguration.AccessLog)
tracer := setupTracing(staticConfiguration.Tracing)
chainBuilder := middleware.NewChainBuilder(metricsRegistry, accessLog, tracer)
routerFactory := server.NewRouterFactory(*staticConfiguration, managerFactory, tlsManager, chainBuilder, pluginBuilder, metricsRegistry, dialerManager)
// Watcher
watcher := server.NewConfigurationWatcher(
routinesPool,
providerAggregator,
getDefaultsEntrypoints(staticConfiguration),
"internal",
)
// TLS
watcher.AddListener(func(conf dynamic.Configuration) {
ctx := context.Background()
tlsManager.UpdateConfigs(ctx, conf.TLS.Stores, conf.TLS.Options, conf.TLS.Certificates)
gauge := metricsRegistry.TLSCertsNotAfterTimestampGauge()
for _, certificate := range tlsManager.GetServerCertificates() {
appendCertMetric(gauge, certificate)
}
})
// Metrics
watcher.AddListener(func(_ dynamic.Configuration) {
metricsRegistry.ConfigReloadsCounter().Add(1)
metricsRegistry.LastConfigReloadSuccessGauge().Set(float64(time.Now().Unix()))
})
// Server Transports
watcher.AddListener(func(conf dynamic.Configuration) {
roundTripperManager.Update(conf.HTTP.ServersTransports)
dialerManager.Update(conf.TCP.ServersTransports)
})
// Switch router
watcher.AddListener(switchRouter(routerFactory, serverEntryPointsTCP, serverEntryPointsUDP))
// Metrics
if metricsRegistry.IsEpEnabled() || metricsRegistry.IsRouterEnabled() || metricsRegistry.IsSvcEnabled() {
var eps []string
for key := range serverEntryPointsTCP {
eps = append(eps, key)
}
watcher.AddListener(func(conf dynamic.Configuration) {
metrics.OnConfigurationUpdate(conf, eps)
})
}
// TLS challenge
watcher.AddListener(tlsChallengeProvider.ListenConfiguration)
// Certificate Resolvers
resolverNames := map[string]struct{}{}
// ACME
for _, p := range acmeProviders {
resolverNames[p.ResolverName] = struct{}{}
watcher.AddListener(p.ListenConfiguration)
}
// Tailscale
for _, p := range tsProviders {
resolverNames[p.ResolverName] = struct{}{}
watcher.AddListener(p.HandleConfigUpdate)
}
// Certificate resolver logs
watcher.AddListener(func(config dynamic.Configuration) {
for rtName, rt := range config.HTTP.Routers {
if rt.TLS == nil || rt.TLS.CertResolver == "" {
continue
}
if _, ok := resolverNames[rt.TLS.CertResolver]; !ok {
log.Error().Err(err).Str(logs.RouterName, rtName).Str("certificateResolver", rt.TLS.CertResolver).
Msg("Router uses a non-existent certificate resolver")
}
}
})
return server.NewServer(routinesPool, serverEntryPointsTCP, serverEntryPointsUDP, watcher, chainBuilder, accessLog), nil
}
func getHTTPChallengeHandler(acmeProviders []*acme.Provider, httpChallengeProvider http.Handler) http.Handler {
var acmeHTTPHandler http.Handler
for _, p := range acmeProviders {
if p != nil && p.HTTPChallenge != nil {
acmeHTTPHandler = httpChallengeProvider
break
}
}
return acmeHTTPHandler
}
func getDefaultsEntrypoints(staticConfiguration *static.Configuration) []string {
var defaultEntryPoints []string
// Determines if at least one EntryPoint is configured to be used by default.
var hasDefinedDefaults bool
for _, ep := range staticConfiguration.EntryPoints {
if ep.AsDefault {
hasDefinedDefaults = true
break
}
}
for name, cfg := range staticConfiguration.EntryPoints {
// By default all entrypoints are considered.
// If at least one is flagged, then only flagged entrypoints are included.
if hasDefinedDefaults && !cfg.AsDefault {
continue
}
protocol, err := cfg.GetProtocol()
if err != nil {
// Should never happen because Traefik should not start if protocol is invalid.
log.Error().Err(err).Msg("Invalid protocol")
}
if protocol != "udp" && name != static.DefaultInternalEntryPointName {
defaultEntryPoints = append(defaultEntryPoints, name)
}
}
sort.Strings(defaultEntryPoints)
return defaultEntryPoints
}
func switchRouter(routerFactory *server.RouterFactory, serverEntryPointsTCP server.TCPEntryPoints, serverEntryPointsUDP server.UDPEntryPoints) func(conf dynamic.Configuration) {
return func(conf dynamic.Configuration) {
rtConf := runtime.NewConfig(conf)
routers, udpRouters := routerFactory.CreateRouters(rtConf)
serverEntryPointsTCP.Switch(routers)
serverEntryPointsUDP.Switch(udpRouters)
}
}
// initACMEProvider creates and registers acme.Provider instances corresponding to the configured ACME certificate resolvers.
func initACMEProvider(c *static.Configuration, providerAggregator *aggregator.ProviderAggregator, tlsManager *traefiktls.Manager, httpChallengeProvider, tlsChallengeProvider challenge.Provider) []*acme.Provider {
localStores := map[string]*acme.LocalStore{}
var resolvers []*acme.Provider
for name, resolver := range c.CertificatesResolvers {
if resolver.ACME != nil {
if localStores[resolver.ACME.Storage] == nil {
localStores[resolver.ACME.Storage] = acme.NewLocalStore(resolver.ACME.Storage)
}
p := &acme.Provider{
Configuration: resolver.ACME,
Store: localStores[resolver.ACME.Storage],
ChallengeStore: challengeStore,
ResolverName: name,
}
if err := providerAggregator.AddProvider(p); err != nil {
log.WithoutContext().Errorf("Unable to add ACME provider to the providers list: %v", err)
continue
}
p.SetTLSManager(tlsManager)
if p.TLSChallenge != nil {
tlsManager.TLSAlpnGetter = p.GetTLSALPNCertificate
}
p.SetConfigListenerChan(make(chan dynamic.Configuration))
resolvers = append(resolvers, p)
if resolver.ACME == nil {
continue
}
if localStores[resolver.ACME.Storage] == nil {
localStores[resolver.ACME.Storage] = acme.NewLocalStore(resolver.ACME.Storage)
}
p := &acme.Provider{
Configuration: resolver.ACME,
Store: localStores[resolver.ACME.Storage],
ResolverName: name,
HTTPChallengeProvider: httpChallengeProvider,
TLSChallengeProvider: tlsChallengeProvider,
}
if err := providerAggregator.AddProvider(p); err != nil {
log.Error().Err(err).Str("resolver", name).Msg("The ACME resolve is skipped from the resolvers list")
continue
}
p.SetTLSManager(tlsManager)
p.SetConfigListenerChan(make(chan dynamic.Configuration))
resolvers = append(resolvers, p)
}
return resolvers
}
func configureLogging(staticConfiguration *static.Configuration) {
// configure default log flags
stdlog.SetFlags(stdlog.Lshortfile | stdlog.LstdFlags)
// initTailscaleProviders creates and registers tailscale.Provider instances corresponding to the configured Tailscale certificate resolvers.
func initTailscaleProviders(cfg *static.Configuration, providerAggregator *aggregator.ProviderAggregator) []*tailscale.Provider {
var providers []*tailscale.Provider
for name, resolver := range cfg.CertificatesResolvers {
if resolver.Tailscale == nil {
continue
}
// configure log level
// an explicitly defined log level always has precedence. if none is
// given and debug mode is disabled, the default is ERROR, and DEBUG
// otherwise.
levelStr := "error"
if staticConfiguration.Log != nil && staticConfiguration.Log.Level != "" {
levelStr = strings.ToLower(staticConfiguration.Log.Level)
tsProvider := &tailscale.Provider{ResolverName: name}
if err := providerAggregator.AddProvider(tsProvider); err != nil {
log.Error().Err(err).Str(logs.ProviderName, name).Msg("Unable to create Tailscale provider")
continue
}
providers = append(providers, tsProvider)
}
level, err := logrus.ParseLevel(levelStr)
return providers
}
func registerMetricClients(metricsConfig *types.Metrics) []metrics.Registry {
if metricsConfig == nil {
return nil
}
var registries []metrics.Registry
if metricsConfig.Prometheus != nil {
logger := log.With().Str(logs.MetricsProviderName, "prometheus").Logger()
prometheusRegister := metrics.RegisterPrometheus(logger.WithContext(context.Background()), metricsConfig.Prometheus)
if prometheusRegister != nil {
registries = append(registries, prometheusRegister)
logger.Debug().Msg("Configured Prometheus metrics")
}
}
if metricsConfig.Datadog != nil {
logger := log.With().Str(logs.MetricsProviderName, "datadog").Logger()
registries = append(registries, metrics.RegisterDatadog(logger.WithContext(context.Background()), metricsConfig.Datadog))
logger.Debug().
Str("address", metricsConfig.Datadog.Address).
Str("pushInterval", metricsConfig.Datadog.PushInterval.String()).
Msgf("Configured Datadog metrics")
}
if metricsConfig.StatsD != nil {
logger := log.With().Str(logs.MetricsProviderName, "statsd").Logger()
registries = append(registries, metrics.RegisterStatsd(logger.WithContext(context.Background()), metricsConfig.StatsD))
logger.Debug().
Str("address", metricsConfig.StatsD.Address).
Str("pushInterval", metricsConfig.StatsD.PushInterval.String()).
Msg("Configured StatsD metrics")
}
if metricsConfig.InfluxDB2 != nil {
logger := log.With().Str(logs.MetricsProviderName, "influxdb2").Logger()
influxDB2Register := metrics.RegisterInfluxDB2(logger.WithContext(context.Background()), metricsConfig.InfluxDB2)
if influxDB2Register != nil {
registries = append(registries, influxDB2Register)
logger.Debug().
Str("address", metricsConfig.InfluxDB2.Address).
Str("bucket", metricsConfig.InfluxDB2.Bucket).
Str("organization", metricsConfig.InfluxDB2.Org).
Str("pushInterval", metricsConfig.InfluxDB2.PushInterval.String()).
Msg("Configured InfluxDB v2 metrics")
}
}
if metricsConfig.OpenTelemetry != nil {
logger := log.With().Str(logs.MetricsProviderName, "openTelemetry").Logger()
openTelemetryRegistry := metrics.RegisterOpenTelemetry(logger.WithContext(context.Background()), metricsConfig.OpenTelemetry)
if openTelemetryRegistry != nil {
registries = append(registries, openTelemetryRegistry)
logger.Debug().
Str("address", metricsConfig.OpenTelemetry.Address).
Str("pushInterval", metricsConfig.OpenTelemetry.PushInterval.String()).
Msg("Configured OpenTelemetry metrics")
}
}
return registries
}
func appendCertMetric(gauge gokitmetrics.Gauge, certificate *x509.Certificate) {
sort.Strings(certificate.DNSNames)
labels := []string{
"cn", certificate.Subject.CommonName,
"serial", certificate.SerialNumber.String(),
"sans", strings.Join(certificate.DNSNames, ","),
}
notAfter := float64(certificate.NotAfter.Unix())
gauge.With(labels...).Set(notAfter)
}
func setupAccessLog(conf *types.AccessLog) *accesslog.Handler {
if conf == nil {
return nil
}
accessLoggerMiddleware, err := accesslog.NewHandler(conf)
if err != nil {
log.WithoutContext().Errorf("Error getting level: %v", err)
}
log.SetLevel(level)
var logFile string
if staticConfiguration.Log != nil && len(staticConfiguration.Log.FilePath) > 0 {
logFile = staticConfiguration.Log.FilePath
log.Warn().Err(err).Msg("Unable to create access logger")
return nil
}
// configure log format
var formatter logrus.Formatter
if staticConfiguration.Log != nil && staticConfiguration.Log.Format == "json" {
formatter = &logrus.JSONFormatter{}
} else {
disableColors := len(logFile) > 0
formatter = &logrus.TextFormatter{DisableColors: disableColors, FullTimestamp: true, DisableSorting: true}
return accessLoggerMiddleware
}
func setupTracing(conf *static.Tracing) *tracing.Tracing {
if conf == nil {
return nil
}
log.SetFormatter(formatter)
if len(logFile) > 0 {
dir := filepath.Dir(logFile)
var backend tracing.Backend
if err := os.MkdirAll(dir, 0755); err != nil {
log.WithoutContext().Errorf("Failed to create log path %s: %s", dir, err)
}
if conf.Jaeger != nil {
backend = conf.Jaeger
}
err = log.OpenFile(logFile)
logrus.RegisterExitHandler(func() {
if err := log.CloseFile(); err != nil {
log.WithoutContext().Errorf("Error while closing log: %v", err)
}
})
if err != nil {
log.WithoutContext().Errorf("Error while opening log file %s: %v", logFile, err)
if conf.Zipkin != nil {
if backend != nil {
log.Error().Msg("Multiple tracing backend are not supported: cannot create Zipkin backend.")
} else {
backend = conf.Zipkin
}
}
if conf.Datadog != nil {
if backend != nil {
log.Error().Msg("Multiple tracing backend are not supported: cannot create Datadog backend.")
} else {
backend = conf.Datadog
}
}
if conf.Instana != nil {
if backend != nil {
log.Error().Msg("Multiple tracing backend are not supported: cannot create Instana backend.")
} else {
backend = conf.Instana
}
}
if conf.Haystack != nil {
if backend != nil {
log.Error().Msg("Multiple tracing backend are not supported: cannot create Haystack backend.")
} else {
backend = conf.Haystack
}
}
if conf.Elastic != nil {
if backend != nil {
log.Error().Msg("Multiple tracing backend are not supported: cannot create Elastic backend.")
} else {
backend = conf.Elastic
}
}
if conf.OpenTelemetry != nil {
if backend != nil {
log.Error().Msg("Tracing backends are all mutually exclusive: cannot create OpenTelemetry backend.")
} else {
backend = conf.OpenTelemetry
}
}
if backend == nil {
log.Debug().Msg("Could not initialize tracing, using Jaeger by default")
defaultBackend := &jaeger.Config{}
defaultBackend.SetDefaults()
backend = defaultBackend
}
tracer, err := tracing.NewTracing(conf.ServiceName, conf.SpanNameLimit, backend)
if err != nil {
log.Warn().Err(err).Msg("Unable to create tracer")
return nil
}
return tracer
}
func checkNewVersion() {
@@ -285,19 +648,19 @@ func checkNewVersion() {
}
func stats(staticConfiguration *static.Configuration) {
logger := log.WithoutContext()
logger := log.Info()
if staticConfiguration.Global.SendAnonymousUsage {
logger.Info(`Stats collection is enabled.`)
logger.Info(`Many thanks for contributing to Traefik's improvement by allowing us to receive anonymous information from your configuration.`)
logger.Info(`Help us improve Traefik by leaving this feature on :)`)
logger.Info(`More details on: https://docs.traefik.io/v2.0/contributing/data-collection/`)
logger.Msg(`Stats collection is enabled.`)
logger.Msg(`Many thanks for contributing to Traefik's improvement by allowing us to receive anonymous information from your configuration.`)
logger.Msg(`Help us improve Traefik by leaving this feature on :)`)
logger.Msg(`More details on: https://doc.traefik.io/traefik/contributing/data-collection/`)
collect(staticConfiguration)
} else {
logger.Info(`
logger.Msg(`
Stats collection is disabled.
Help us improve Traefik by turning this feature on :)
More details on: https://docs.traefik.io/v2.0/contributing/data-collection/
More details on: https://doc.traefik.io/traefik/contributing/data-collection/
`)
}
}
@@ -307,7 +670,7 @@ func collect(staticConfiguration *static.Configuration) {
safe.Go(func() {
for time.Sleep(10 * time.Minute); ; <-ticker {
if err := collector.Collect(staticConfiguration); err != nil {
log.WithoutContext().Debug(err)
log.Debug().Err(err).Send()
}
}
})

193
cmd/traefik/traefik_test.go Normal file
View File

@@ -0,0 +1,193 @@
package main
import (
"crypto/x509"
"encoding/pem"
"strings"
"testing"
"github.com/go-kit/kit/metrics"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
"github.com/traefik/traefik/v3/pkg/config/static"
)
// FooCert is a PEM-encoded TLS cert.
// generated from src/crypto/tls:
// go run generate_cert.go --rsa-bits 1024 --host foo.org,foo.com --ca --start-date "Jan 1 00:00:00 1970" --duration=1000000h
const fooCert = `-----BEGIN CERTIFICATE-----
MIICHzCCAYigAwIBAgIQXQFLeYRwc5X21t457t2xADANBgkqhkiG9w0BAQsFADAS
MRAwDgYDVQQKEwdBY21lIENvMCAXDTcwMDEwMTAwMDAwMFoYDzIwODQwMTI5MTYw
MDAwWjASMRAwDgYDVQQKEwdBY21lIENvMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
iQKBgQDCjn67GSs/khuGC4GNN+tVo1S+/eSHwr/hWzhfMqO7nYiXkFzmxi+u14CU
Pda6WOeps7T2/oQEFMxKKg7zYOqkLSbjbE0ZfosopaTvEsZm/AZHAAvoOrAsIJOn
SEiwy8h0tLA4z1SNR6rmIVQWyqBZEPAhBTQM1z7tFp48FakCFwIDAQABo3QwcjAO
BgNVHQ8BAf8EBAMCAqQwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0TAQH/BAUw
AwEB/zAdBgNVHQ4EFgQUDHG3ASzeUezElup9zbPpBn/vjogwGwYDVR0RBBQwEoIH
Zm9vLm9yZ4IHZm9vLmNvbTANBgkqhkiG9w0BAQsFAAOBgQBT+VLMbB9u27tBX8Aw
ZrGY3rbNdBGhXVTksrjiF+6ZtDpD3iI56GH9zLxnqvXkgn3u0+Ard5TqF/xmdwVw
NY0V/aWYfcL2G2auBCQrPvM03ozRnVUwVfP23eUzX2ORNHCYhd2ObQx4krrhs7cJ
SWxtKwFlstoXY3K2g9oRD9UxdQ==
-----END CERTIFICATE-----`
// BarCert is a PEM-encoded TLS cert.
// generated from src/crypto/tls:
// go run generate_cert.go --rsa-bits 1024 --host bar.org,bar.com --ca --start-date "Jan 1 00:00:00 1970" --duration=10000h
const barCert = `-----BEGIN CERTIFICATE-----
MIICHTCCAYagAwIBAgIQcuIcNEXzBHPoxna5S6wG4jANBgkqhkiG9w0BAQsFADAS
MRAwDgYDVQQKEwdBY21lIENvMB4XDTcwMDEwMTAwMDAwMFoXDTcxMDIyMTE2MDAw
MFowEjEQMA4GA1UEChMHQWNtZSBDbzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
gYEAqtcrP+KA7D6NjyztGNIPMup9KiBMJ8QL+preog/YHR7SQLO3kGFhpS3WKMab
SzMypC3ZX1PZjBP5ZzwaV3PFbuwlCkPlyxR2lOWmullgI7mjY0TBeYLDIclIzGRp
mpSDDSpkW1ay2iJDSpXjlhmwZr84hrCU7BRTQJo91fdsRTsCAwEAAaN0MHIwDgYD
VR0PAQH/BAQDAgKkMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA8GA1UdEwEB/wQFMAMB
Af8wHQYDVR0OBBYEFK8jnzFQvBAgWtfzOyXY4VSkwrTXMBsGA1UdEQQUMBKCB2Jh
ci5vcmeCB2Jhci5jb20wDQYJKoZIhvcNAQELBQADgYEAJz0ifAExisC/ZSRhWuHz
7qs1i6Nd4+YgEVR8dR71MChP+AMxucY1/ajVjb9xlLys3GPE90TWSdVppabEVjZY
Oq11nPKc50ItTt8dMku6t0JHBmzoGdkN0V4zJCBqdQJxhop8JpYJ0S9CW0eT93h3
ipYQSsmIINGtMXJ8VkP/MlM=
-----END CERTIFICATE-----`
type gaugeMock struct {
metrics map[string]float64
labels string
}
func (g gaugeMock) With(labelValues ...string) metrics.Gauge {
g.labels = strings.Join(labelValues, ",")
return g
}
func (g gaugeMock) Set(value float64) {
g.metrics[g.labels] = value
}
func (g gaugeMock) Add(delta float64) {
panic("implement me")
}
func TestAppendCertMetric(t *testing.T) {
testCases := []struct {
desc string
certs []string
expected map[string]float64
}{
{
desc: "No certs",
certs: []string{},
expected: map[string]float64{},
},
{
desc: "One cert",
certs: []string{fooCert},
expected: map[string]float64{
"cn,,serial,123624926713171615935660664614975025408,sans,foo.com,foo.org": 3.6e+09,
},
},
{
desc: "Two certs",
certs: []string{fooCert, barCert},
expected: map[string]float64{
"cn,,serial,123624926713171615935660664614975025408,sans,foo.com,foo.org": 3.6e+09,
"cn,,serial,152706022658490889223053211416725817058,sans,bar.com,bar.org": 3.6e+07,
},
},
}
for _, test := range testCases {
test := test
t.Run(test.desc, func(t *testing.T) {
t.Parallel()
gauge := &gaugeMock{
metrics: map[string]float64{},
}
for _, cert := range test.certs {
block, _ := pem.Decode([]byte(cert))
parsedCert, err := x509.ParseCertificate(block.Bytes)
require.NoError(t, err)
appendCertMetric(gauge, parsedCert)
}
assert.Equal(t, test.expected, gauge.metrics)
})
}
}
func TestGetDefaultsEntrypoints(t *testing.T) {
testCases := []struct {
desc string
entrypoints static.EntryPoints
expected []string
}{
{
desc: "Skips special names",
entrypoints: map[string]*static.EntryPoint{
"web": {
Address: ":80",
},
"traefik": {
Address: ":8080",
},
"traefikhub-api": {
Address: ":9900",
},
"traefikhub-tunl": {
Address: ":9901",
},
},
expected: []string{"web"},
},
{
desc: "Two EntryPoints not attachable",
entrypoints: map[string]*static.EntryPoint{
"web": {
Address: ":80",
},
"websecure": {
Address: ":443",
},
},
expected: []string{"web", "websecure"},
},
{
desc: "Two EntryPoints only one attachable",
entrypoints: map[string]*static.EntryPoint{
"web": {
Address: ":80",
},
"websecure": {
Address: ":443",
AsDefault: true,
},
},
expected: []string{"websecure"},
},
{
desc: "Two attachable EntryPoints",
entrypoints: map[string]*static.EntryPoint{
"web": {
Address: ":80",
AsDefault: true,
},
"websecure": {
Address: ":443",
AsDefault: true,
},
},
expected: []string{"web", "websecure"},
},
}
for _, test := range testCases {
t.Run(test.desc, func(t *testing.T) {
actual := getDefaultsEntrypoints(&static.Configuration{
EntryPoints: test.entrypoints,
})
assert.ElementsMatch(t, test.expected, actual)
})
}
}

View File

@@ -7,8 +7,8 @@ import (
"runtime"
"text/template"
"github.com/containous/traefik/v2/pkg/cli"
"github.com/containous/traefik/v2/pkg/version"
"github.com/traefik/paerser/cli"
"github.com/traefik/traefik/v3/pkg/version"
)
var versionTemplate = `Version: {{.Version}}
@@ -17,7 +17,7 @@ Go version: {{.GoVersion}}
Built: {{.BuildTime}}
OS/Arch: {{.Os}}/{{.Arch}}`
// NewCmd builds a new Version command
// NewCmd builds a new Version command.
func NewCmd() *cli.Command {
return &cli.Command{
Name: "version",
@@ -33,7 +33,7 @@ func NewCmd() *cli.Command {
}
}
// GetPrint write Printable version
// GetPrint write Printable version.
func GetPrint(wr io.Writer) error {
tmpl, err := template.New("").Parse(versionTemplate)
if err != nil {

File diff suppressed because it is too large Load Diff

File diff suppressed because it is too large Load Diff

View File

@@ -1,6 +1,6 @@
[Unit]
Description=Traefik
Documentation=https://docs.traefik.io
Documentation=https://doc.traefik.io/traefik/
#After=network-online.target
#AssertFileIsExecutable=/usr/bin/traefik
#AssertPathExists=/etc/traefik/traefik.toml

10
debug.Dockerfile Normal file
View File

@@ -0,0 +1,10 @@
FROM alpine:3.14
# Feel free to add below any helpful dependency for debugging.
# iproute2 is for ss.
RUN apk --no-cache --no-progress add bash curl ca-certificates tzdata lsof iproute2 \
&& update-ca-certificates \
&& rm -rf /var/cache/apk/*
COPY dist/traefik /
EXPOSE 80
VOLUME ["/tmp"]
ENTRYPOINT ["/traefik"]

View File

@@ -4,6 +4,7 @@
"MD009": false,
"MD013": false,
"MD024": false,
"MD025": false,
"MD026": false,
"MD033": false,
"MD034": false,

View File

@@ -1,4 +1,3 @@
#######
# This Makefile contains all targets related to the documentation
#######
@@ -12,41 +11,55 @@ TRAEFIK_DOCS_CHECK_IMAGE ?= $(TRAEFIK_DOCS_BUILD_IMAGE)-check
SITE_DIR := $(CURDIR)/site
DOCKER_RUN_DOC_PORT := 8000
DOCKER_RUN_DOC_MOUNTS := -v $(CURDIR):/mkdocs
DOCKER_RUN_DOC_MOUNTS := -v $(CURDIR):/mkdocs
DOCKER_RUN_DOC_OPTS := --rm $(DOCKER_RUN_DOC_MOUNTS) -p $(DOCKER_RUN_DOC_PORT):8000
# Default: generates the documentation into $(SITE_DIR)
.PHONY: docs
docs: docs-clean docs-image docs-lint docs-build docs-verify
# Writer Mode: build and serve docs on http://localhost:8000 with livereload
.PHONY: docs-serve
docs-serve: docs-image
docker run $(DOCKER_RUN_DOC_OPTS) $(TRAEFIK_DOCS_BUILD_IMAGE) mkdocs serve
## Pull image for doc building
.PHONY: docs-pull-images
docs-pull-images:
grep --no-filename -E '^FROM' ./*.Dockerfile \
| awk '{print $$2}' \
| sort \
| uniq \
| xargs -P 6 -n 1 docker pull
# Utilities Targets for each step
.PHONY: docs-image
docs-image:
docker build -t $(TRAEFIK_DOCS_BUILD_IMAGE) -f docs.Dockerfile ./
.PHONY: docs-build
docs-build: docs-image
docker run $(DOCKER_RUN_DOC_OPTS) $(TRAEFIK_DOCS_BUILD_IMAGE) sh -c "mkdocs build \
&& chown -R $(shell id -u):$(shell id -g) ./site"
.PHONY: docs-verify
docs-verify: docs-build
@if [ "$(DOCS_VERIFY_SKIP)" != "true" ]; then \
docker build -t $(TRAEFIK_DOCS_CHECK_IMAGE) -f check.Dockerfile ./; \
docker run --rm -v $(CURDIR):/app $(TRAEFIK_DOCS_CHECK_IMAGE) /verify.sh; \
else \
echo "DOCS_VERIFY_SKIP is true: no verification done."; \
fi
ifneq ("$(DOCS_VERIFY_SKIP)", "true")
docker build -t $(TRAEFIK_DOCS_CHECK_IMAGE) -f check.Dockerfile ./
docker run --rm -v $(CURDIR):/app $(TRAEFIK_DOCS_CHECK_IMAGE) /verify.sh
else
echo "DOCS_VERIFY_SKIP is true: no verification done."
endif
.PHONY: docs-lint
docs-lint:
@if [ "$(DOCS_LINT_SKIP)" != "true" ]; then \
docker build -t $(TRAEFIK_DOCS_CHECK_IMAGE) -f check.Dockerfile ./ && \
docker run --rm -v $(CURDIR):/app $(TRAEFIK_DOCS_CHECK_IMAGE) /lint.sh; \
else \
echo "DOCS_LINT_SKIP is true: no linting done."; \
fi
ifneq ("$(DOCS_LINT_SKIP)", "true")
docker build -t $(TRAEFIK_DOCS_CHECK_IMAGE) -f check.Dockerfile ./
docker run --rm -v $(CURDIR):/app $(TRAEFIK_DOCS_CHECK_IMAGE) /lint.sh
else
echo "DOCS_LINT_SKIP is true: no linting done."
endif
.PHONY: docs-clean
docs-clean:
rm -rf $(SITE_DIR)
.PHONY: all docs-verify docs docs-clean docs-build docs-lint

View File

@@ -1,24 +1,31 @@
FROM alpine:3.10 as alpine
FROM alpine:3.18 as alpine
RUN apk --no-cache --no-progress add \
build-base \
gcompat \
libcurl \
libxml2-dev \
libxslt-dev \
ruby \
ruby-bigdecimal \
ruby-dev \
ruby-etc \
ruby-ffi \
ruby-json \
ruby-nokogiri
RUN gem install html-proofer --version 3.13.0 --no-document -- --use-system-libraries
zlib-dev
RUN gem install nokogiri --version 1.15.3 --no-document -- --use-system-libraries
RUN gem install html-proofer --version 5.0.7 --no-document -- --use-system-libraries
# After Ruby, some NodeJS YAY!
RUN apk --no-cache --no-progress add \
git \
nodejs \
npm \
&& npm install --global \
markdownlint@0.17.2 \
markdownlint-cli@0.19.0
npm
RUN npm install --global \
markdownlint@0.29.0 \
markdownlint-cli@0.35.0
# Finally the shell tools we need for later
# tini helps to terminate properly all the parallelized tasks when sending CTRL-C

View File

@@ -1 +0,0 @@
docs.traefik.io

Binary file not shown.

After

Width:  |  Height:  |  Size: 966 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 58 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 15 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 13 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 289 KiB

After

Width:  |  Height:  |  Size: 284 KiB

Binary file not shown.

Before

Width:  |  Height:  |  Size: 2.0 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 38 KiB

Binary file not shown.

After

Width:  |  Height:  |  Size: 7.6 KiB

File diff suppressed because one or more lines are too long

After

Width:  |  Height:  |  Size: 20 KiB

View File

@@ -1,96 +0,0 @@
/*
Atom One Light by Daniel Gamage
Original One Light Syntax theme from https://github.com/atom/one-light-syntax
base: #fafafa
mono-1: #383a42
mono-2: #686b77
mono-3: #a0a1a7
hue-1: #0184bb
hue-2: #4078f2
hue-3: #a626a4
hue-4: #50a14f
hue-5: #e45649
hue-5-2: #c91243
hue-6: #986801
hue-6-2: #c18401
*/
.hljs {
display: block;
overflow-x: auto;
padding: 0.5em;
color: #383a42;
background: #fafafa;
}
.hljs-comment,
.hljs-quote {
color: #a0a1a7;
font-style: italic;
}
.hljs-doctag,
.hljs-keyword,
.hljs-formula {
color: #a626a4;
}
.hljs-section,
.hljs-name,
.hljs-selector-tag,
.hljs-deletion,
.hljs-subst {
color: #e45649;
}
.hljs-literal {
color: #0184bb;
}
.hljs-string,
.hljs-regexp,
.hljs-addition,
.hljs-attribute,
.hljs-meta-string {
color: #50a14f;
}
.hljs-built_in,
.hljs-class .hljs-title {
color: #c18401;
}
.hljs-attr,
.hljs-variable,
.hljs-template-variable,
.hljs-type,
.hljs-selector-class,
.hljs-selector-attr,
.hljs-selector-pseudo,
.hljs-number {
color: #986801;
}
.hljs-symbol,
.hljs-bullet,
.hljs-link,
.hljs-meta,
.hljs-selector-id,
.hljs-title {
color: #4078f2;
}
.hljs-emphasis {
font-style: italic;
}
.hljs-strong {
font-weight: bold;
}
.hljs-link {
text-decoration: underline;
}

View File

@@ -1,63 +0,0 @@
@import url('https://fonts.googleapis.com/css?family=Noto+Sans|Noto+Serif');
.md-logo img {
background-color: white;
border-radius: 50%;
width: 30px;
height: 30px;
}
/* Fix for Chrome */
.md-typeset__table td code {
word-break: unset;
}
.md-typeset__table tr :nth-child(1) {
word-wrap: break-word;
max-width: 30em;
}
body {
font-family: 'Noto Sans', sans-serif;
}
h1 {
font-weight: bold !important;
color: rgba(0,0,0,.9) !important;
}
h2 {
font-weight: bold !important;
}
h3 {
font-weight: bold !important;
}
.md-typeset h5 {
text-transform: none;
}
figcaption {
text-align: center;
font-size: 0.8em;
font-style: italic;
color: #8D909F;
}
p.subtitle {
color: rgba(0,0,0,.54);
padding-top: 0;
margin-top: -2em;
font-weight: bold;
font-size: 1.25em;
}
.markdown-body .task-list-item {
list-style-type: none !important;
}
.markdown-body .task-list-item input[type="checkbox"] {
margin: 0 4px 0.25em -20px;
vertical-align: middle;
}

View File

@@ -1,10 +1,31 @@
---
title: "Traefik Advocation Documentation"
description: "There are many ways to contribute to Traefik Proxy. If you're talking about Traefik, let us know and we'll promote your enthusiasm!"
---
# Advocating
Spread the Love & Tell Us about It
{: .subtitle }
There are many ways to contribute to the project, and there is one that always spark joy: when we see/read about users talking about how Traefik helps them solve their problems.
Traefik Proxy was started by the community for the community.
You can contribute to the Traefik community in three main ways:
If you're talking about Traefik, [let us know](https://blog.containo.us/spread-the-love-ba5a40aa72e7) and we'll promote your enthusiasm!
**Spread the word!** Guides, videos, blog posts, how-to articles, and showing off your network design all help spread the word about Traefik Proxy
and teach others in the community how to best implement it.
It always sparks joy when users share how Traefik Proxy helps them solve their problems.
If you are talking about Traefik Proxy, [let us know](https://traefik.io/submit-my-contribution/) and we will promote your work and reward your enthusiasm!
If you are giving a talk that includes or is about Traefik Proxy, [let us know](https://traefik.io/submit-my-contribution/) and we will send you swag and stickers for your time at the conference.
If you have written about Traefik or shared useful information you would like to promote, feel free to add links to the [dedicated wiki page on GitHub](https://github.com/traefik/traefik/wiki/Awesome-Traefik).
Also, if you've written about Traefik or shared useful information you'd like to promote, feel free to add links in the [dedicated wiki page on Github](https://github.com/containous/traefik/wiki/Awesome-Traefik).
**Help community members!** Everyone needs a place to share their cool innovations or get help with that pesky bug that only a different pair of eyes seems to be able to see.
Join our [Community Forum](https://community.traefik.io/) where you can ask questions, help out other users, and share your neat configuration examples or snippets.
Top contributors will be asked to join the Ambassador program and get unique swag to celebrate!
**Build cool solutions!** Traefik Proxy would be so much better if only it had…
We love all the wonderful ideas that our users come up with, but we can only build so much.
Luckily, as an open source community, our users can help by [building awesome features](https://github.com/orgs/traefik/projects/9/views/7), enhancements, or bug fixes.
We are a big community, so we do need to prioritize a bit.
That is why we use the tag `contributor/wanted` to let you know which pull requests will make it to the front of the queue for design support and review.
Feel free to grab one of these and run with it.
Top contributors get unique swag to celebrate.

View File

@@ -1,21 +1,33 @@
---
title: "Traefik Building & Testing Documentation"
description: "Compile and test your own Traefik Proxy! Learn how to build your own Traefik binary from the sources, and read the technical documentation."
---
# Building and Testing
Compile and Test Your Own Traefik!
{: .subtitle }
So you want to build your own Traefik binary from the sources?
You want to build your own Traefik binary from the sources?
Let's see how.
## Building
You need either [Docker](https://github.com/docker/docker) and `make` (Method 1), or `go` (Method 2) in order to build Traefik.
You need either [Docker](https://github.com/docker/docker "Link to website of Docker") and `make` (Method 1), or [Go](https://go.dev/ "Link to website of Go") (Method 2) in order to build Traefik.
For changes to its dependencies, the `dep` dependency management tool is required.
### Method 1: Using `Docker` and `Makefile`
Run make with the `binary` target.
```bash
make binary
```
This will create binaries for the Linux platform in the `dist` folder.
In case when you run build on CI, you may probably want to run docker in non-interactive mode. To achieve that define `DOCKER_NON_INTERACTIVE=true` environment variable.
```bash
$ make binary
docker build -t traefik-webui -f webui/Dockerfile webui
@@ -28,12 +40,12 @@ Successfully tagged traefik-webui:latest
[...]
docker build -t "traefik-dev:4475--feature-documentation" -f build.Dockerfile .
Sending build context to Docker daemon 279MB
Step 1/10 : FROM golang:1.13-alpine
Step 1/10 : FROM golang:1.16-alpine
---> f4bfb3d22bda
[...]
Successfully built 5c3c1a911277
Successfully tagged traefik-dev:4475--feature-documentation
docker run -e "TEST_CONTAINER=1" -v "/var/run/docker.sock:/var/run/docker.sock" -it -e OS_ARCH_ARG -e OS_PLATFORM_ARG -e TESTFLAGS -e VERBOSE -e VERSION -e CODENAME -e TESTDIRS -e CI -e CONTAINER=DOCKER -v "/home/ldez/sources/go/src/github.com/containous/traefik/"dist":/go/src/github.com/containous/traefik/"dist"" "traefik-dev:4475--feature-documentation" ./script/make.sh generate binary
docker run -e "TEST_CONTAINER=1" -v "/var/run/docker.sock:/var/run/docker.sock" -it -e OS_ARCH_ARG -e OS_PLATFORM_ARG -e TESTFLAGS -e VERBOSE -e VERSION -e CODENAME -e TESTDIRS -e CI -e CONTAINER=DOCKER -v "/home/ldez/sources/go/src/github.com/traefik/traefik/"dist":/go/src/github.com/traefik/traefik/"dist"" "traefik-dev:4475--feature-documentation" ./script/make.sh generate binary
---> Making bundle: generate (in .)
removed 'autogen/genstatic/gen.go'
@@ -43,7 +55,7 @@ $ ls dist/
traefik*
```
The following targets can be executed outside Docker by setting the variable `PRE_TARGET` to an empty string (we don't recommend that):
The following targets can be executed outside Docker by setting the variable `IN_DOCKER` to an empty string (although be aware that some of the tests might fail in that context):
- `test-unit`
- `test-integration`
@@ -53,20 +65,19 @@ The following targets can be executed outside Docker by setting the variable `PR
ex:
```bash
PRE_TARGET= make test-unit
IN_DOCKER= make test-unit
```
### Method 2: Using `go`
Requirements:
- `go` v1.13+
- `go` v1.16+
- environment variable `GO111MODULE=on`
- go-bindata `GO111MODULE=off go get -u github.com/containous/go-bindata/...`
!!! tip "Source Directory"
It is recommended that you clone Traefik into the `~/go/src/github.com/containous/traefik` directory.
It is recommended that you clone Traefik into the `~/go/src/github.com/traefik/traefik` directory.
This is the official golang workspace hierarchy that will allow dependencies to be properly resolved.
!!! note "Environment"
@@ -98,29 +109,22 @@ Requirements:
#### Build Traefik
Once you've set up your go environment and cloned the source repository, you can build Traefik.
Beforehand, you need to get `go-bindata` (the first time) in order to be able to use the `go generate` command (which is part of the build process).
```bash
cd ~/go/src/github.com/containous/traefik
# Generate UI static files
make clean-webui generate-webui
# Get go-bindata. (Important: the ellipses are required.)
GO111MODULE=off go get github.com/containous/go-bindata/...
# Let's build
# generate
# (required to merge non-code components into the final binary, such as the web dashboard and the provider's templates)
# required to merge non-code components into the final binary,
# such as the web dashboard/UI
go generate
```
```bash
# Standard go build
go build ./cmd/traefik
```
You will find the Traefik executable (`traefik`) in the `~/go/src/github.com/containous/traefik` directory.
### Updating the templates
If you happen to update the provider's templates (located in `/templates`), you must run `go generate` to update the `autogen` package.
You will find the Traefik executable (`traefik`) in the `~/go/src/github.com/traefik/traefik` directory.
## Testing
@@ -134,13 +138,13 @@ Run all tests (unit and integration) using the `test` target.
$ make test-unit
docker build -t "traefik-dev:your-feature-branch" -f build.Dockerfile .
# […]
docker run --rm -it -e OS_ARCH_ARG -e OS_PLATFORM_ARG -e TESTFLAGS -v "/home/user/go/src/github/containous/traefik/dist:/go/src/github.com/containous/traefik/dist" "traefik-dev:your-feature-branch" ./script/make.sh generate test-unit
docker run --rm -it -e OS_ARCH_ARG -e OS_PLATFORM_ARG -e TESTFLAGS -v "/home/user/go/src/github/traefik/traefik/dist:/go/src/github.com/traefik/traefik/dist" "traefik-dev:your-feature-branch" ./script/make.sh generate test-unit
---> Making bundle: generate (in .)
removed 'gen.go'
---> Making bundle: test-unit (in .)
+ go test -cover -coverprofile=cover.out .
ok github.com/containous/traefik 0.005s coverage: 4.1% of statements
ok github.com/traefik/traefik 0.005s coverage: 4.1% of statements
Test success
```
@@ -161,14 +165,14 @@ TESTFLAGS="-check.f MyTestSuite.My" make test-integration
TESTFLAGS="-check.f MyTestSuite.*Test" make test-integration
```
More: https://labix.org/gocheck
Check [gocheck](https://labix.org/gocheck "Link to website of gocheck") for more information.
### Method 2: `go`
Unit tests can be run from the cloned directory using `$ go test ./...` which should return `ok`, similar to:
```test
ok _/home/user/go/src/github/containous/traefik 0.004s
ok _/home/user/go/src/github/traefik/traefik 0.004s
```
Integration tests must be run from the `integration/` directory and require the `-integration` switch: `$ cd integration && go test -integration ./...`.

View File

@@ -1,3 +1,8 @@
---
title: "Traefik Data Collection Documentation"
description: "To learn more about how Traefik is being used and improve it, we collect anonymous usage statistics from running instances. Read the technical documentation."
---
# Data Collection
Understanding How Traefik is Being Used
@@ -5,23 +10,23 @@ Understanding How Traefik is Being Used
## Configuration Example
Understanding how you use Traefik is very important to us: it helps us improve the solution in many different ways.
For this very reason, the sendAnonymousUsage option is mandatory: we want you to take time to consider whether or not you wish to share anonymous data with us so we can benefit from your experience and use cases.
Understanding how you use Traefik is very important to us: it helps us improve the solution in many different ways.
For this very reason, the sendAnonymousUsage option is mandatory: we want you to take time to consider whether or not you wish to share anonymous data with us, so we can benefit from your experience and use cases.
!!! example "Enabling Data Collection"
```toml tab="File (TOML)"
[global]
# Send anonymous usage data
sendAnonymousUsage = true
```
```yaml tab="File (YAML)"
global:
# Send anonymous usage data
sendAnonymousUsage: true
```
```toml tab="File (TOML)"
[global]
# Send anonymous usage data
sendAnonymousUsage = true
```
```bash tab="CLI"
# Send anonymous usage data
--global.sendAnonymousUsage
@@ -29,7 +34,7 @@ For this very reason, the sendAnonymousUsage option is mandatory: we want you to
## Collected Data
This feature comes from the public proposal [here](https://github.com/containous/traefik/issues/2369).
This feature comes from this [public proposal](https://github.com/traefik/traefik/issues/2369).
In order to help us learn more about how Traefik is being used and improve it, we collect anonymous usage statistics from running instances.
Those data help us prioritize our developments and focus on what's important for our users (for example, which provider is popular, and which is not).
@@ -40,56 +45,56 @@ Once a day (the first call begins 10 minutes after the start of Traefik), we col
- the Traefik version number
- a hash of the configuration
- an **anonymized version** of the static configuration (token, user name, password, URL, IP, domain, email, etc, are removed).
- an **anonymized version** of the static configuration (token, username, password, URL, IP, domain, email, etc., are removed).
!!! info
- We do not collect the dynamic configuration information (routers & services).
- We do not collect this data to run advertising programs.
- We do not sell this data to third-parties.
### Example of Collected Data
```toml tab="Original configuration"
[entryPoints]
[entryPoints.web]
address = ":80"
```yaml tab="Original configuration"
entryPoints:
web:
address: ":80"
[api]
api: {}
[providers.docker]
endpoint = "tcp://10.10.10.10:2375"
exposedByDefault = true
swarmMode = true
providers:
docker:
endpoint: "tcp://10.10.10.10:2375"
exposedByDefault: true
[providers.docker.TLS]
ca = "dockerCA"
cert = "dockerCert"
key = "dockerKey"
insecureSkipVerify = true
tls:
ca: dockerCA
cert: dockerCert
key: dockerKey
insecureSkipVerify: true
```
```toml tab="Resulting Obfuscated Configuration"
[entryPoints]
[entryPoints.web]
address = ":80"
```yaml tab="Resulting Obfuscated Configuration"
entryPoints:
web:
address: ":80"
[api]
api: {}
[providers.docker]
endpoint = "xxxx"
exposedByDefault = true
swarmMode = true
providers:
docker:
endpoint: "xxxx"
exposedByDefault: true
[providers.docker.TLS]
ca = "xxxx"
cert = "xxxx"
key = "xxxx"
insecureSkipVerify = false
tls:
ca: xxxx
cert: xxxx
key: xxxx
insecureSkipVerify: true
```
## The Code for Data Collection
If you want to dig into more details, here is the source code of the collecting system: [collector.go](https://github.com/containous/traefik/blob/master/pkg/collector/collector.go)
If you want to dig into more details, here is the source code of the collecting system: [collector.go](https://github.com/traefik/traefik/blob/master/pkg/collector/collector.go)
By default we anonymize all configuration fields, except fields tagged with `export=true`.
By default, we anonymize all configuration fields, except fields tagged with `export=true`.

View File

@@ -1,3 +1,8 @@
---
title: "Traefik Contribution Documentation"
description: "Found something unclear in the Traefik Proxy documentation and want to give a try at explaining it better? Read the guide to building documentation."
---
# Documentation
Features Are Better When You Know How to Use Them
@@ -10,17 +15,21 @@ Let's see how.
### General
This [documentation](https://docs.traefik.io/) is built with [mkdocs](https://mkdocs.org/).
This [documentation](https://doc.traefik.io/traefik/ "Link to the official Traefik documentation") is built with [MkDocs](https://mkdocs.org/ "Link to website of MkDocs").
### Method 1: `Docker` and `make`
You can build the documentation and test it locally (with live reloading), using the `docs` target:
Please make sure you have the following requirements installed:
- [Docker](https://www.docker.com/ "Link to website of Docker")
You can build the documentation and test it locally (with live reloading), using the `docs-serve` target:
```bash
$ make docs
$ make docs-serve
docker build -t traefik-docs -f docs.Dockerfile .
# […]
docker run --rm -v /home/user/go/github/containous/traefik:/mkdocs -p 8000:8000 traefik-docs mkdocs serve
docker run --rm -v /home/user/go/github/traefik/traefik:/mkdocs -p 8000:8000 traefik-docs mkdocs serve
# […]
[I 170828 20:47:48 server:283] Serving on http://0.0.0.0:8000
[I 170828 20:47:48 handlers:60] Start watching changes
@@ -29,7 +38,7 @@ docker run --rm -v /home/user/go/github/containous/traefik:/mkdocs -p 8000:8000
!!! tip "Default URL"
Your local documentation server will run by default on [http://127.0.0.1:8000](http://127.0.0.1:8000).
Your local documentation server will run by default on <http://127.0.0.1:8000>.
If you only want to build the documentation without serving it locally, you can use the following command:
@@ -38,9 +47,12 @@ $ make docs-build
...
```
### Method 2: `mkdocs`
### Method 2: `MkDocs`
First, make sure you have `python` and `pip` installed.
Please make sure you have the following requirements installed:
- [Python](https://www.python.org/ "Link to website of Python")
- [pip](https://pypi.org/project/pip/ "Link to the website of pip on PyPI")
```bash
$ python --version
@@ -49,7 +61,7 @@ $ pip --version
pip 1.5.2
```
Then, install mkdocs with `pip`.
Then, install MkDocs with `pip`.
```bash
pip install --user -r requirements.txt
@@ -75,24 +87,26 @@ To check that the documentation meets standard expectations (no dead links, html
$ make docs-verify
docker build -t traefik-docs-verify ./script/docs-verify-docker-image ## Build Validator image
...
docker run --rm -v /home/travis/build/containous/traefik:/app traefik-docs-verify ## Check for dead links and w3c compliance
docker run --rm -v /home/travis/build/traefik/traefik:/app traefik-docs-verify ## Check for dead links and w3c compliance
=== Checking HTML content...
Running ["HtmlCheck", "ImageCheck", "ScriptCheck", "LinkCheck"] on /app/site/basics/index.html on *.html...
```
!!! note "Clean & Verify"
If you've made changes to the documentation, it's safter to clean it before verifying it.
If you've made changes to the documentation, it's safer to clean it before verifying it.
```bash
$ make docs-clean docs-verify
$ make docs
...
```
Will perform all necessary steps for you.
!!! note "Disabling Documentation Verification"
Verification can be disabled by setting the environment variable `DOCS_VERIFY_SKIP` to `true`:
```shell
DOCS_VERIFY_SKIP=true make docs-verify
...

View File

@@ -0,0 +1,134 @@
---
title: "Traefik Maintainer's Guidelines Documentation"
description: "Interested in contributing more to the community and becoming a Traefik Proxy maintainer? Read the guide to becoming a part of the core team."
---
# Maintainer's Guidelines
![Maintainer's Guidelines](../assets/img/maintainers-guidelines.png)
Note: the document is a work in progress.
Welcome to the Traefik Community.
This document describes how to be part of the core team
together with various responsibilities
and guidelines for Traefik maintainers.
We are strongly promoting a philosophy of openness and sharing,
and firmly standing against the elitist closed approach.
Being part of the core team should be accessible to anyone motivated
and wants to be part of that journey!
## Onboarding Process
If you consider joining our community, please drop us a line using Twitter or leave a note in the issue.
We will schedule a quick call to meet you and learn more about your motivation.
During the call, the team will discuss the process of becoming a maintainer.
We will be happy to answer any questions and explain all your doubts.
## Maintainer's Requirements
Note: you do not have to meet all the listed requirements,
but must have achieved several.
- Enabled [2FA](https://docs.github.com/en/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication) on your GitHub account
- The contributor has opened and successfully run medium to large PRs in the past 6 months.
- The contributor has participated in multiple code reviews of other PRs,
including those of other maintainers and contributors.
- The contributor showed a consistent pattern of helpful, non-threatening, and friendly behavior towards other community members in the past.
- The contributor is active on Traefik Community forums
or other technical forums/boards such as K8S slack, Reddit, StackOverflow, hacker news.
- Have read and accepted the contributor guidelines.
## Maintainer's Responsibilities and Privileges
There are lots of areas where you can contribute to the project,
but we can suggest you start with activities such as:
- PR reviewing.
- According to our guidelines we require you have at least 3 reviewers,
thus you can review a PR and leave the relevant comment if it is necessary.
- Participating in a daily [issue triage](https://github.com/traefik/contributors-guide/blob/master/issue_triage.md).
- The process helps to understand and prioritize the reported issue according to its importance and severity.
This is crucial to learn how our users implement Traefik.
Each of the issues that are labeled as bug/possible bug/confirmed requires a reproducible use case.
You can help in creating a reproducible use case if it has not been added to the issue
or use the sample code provided by the reporter.
Typically, a simple Docker Compose should be enough to reproduce the issue.
- Code contribution.
- Documentation contribution.
- Technical documentation is one of the most important components of the product.
The ability to set up a testing environment in a few minutes,
using the official documentation,
is a game changer.
- You will be listed on our Maintainers GitHub page
and on our website in the section [maintainers](maintainers.md).
- We will be promoting you on social channels (mostly on Twitter).
## Governance
- Roadmap meetings on a regular basis where all maintainers are welcome.
## Communicating
- All of our maintainers are added to the Traefik Maintainers Discord server that belongs to Traefik labs.
Having the team in one place helps us to communicate effectively.
You can reach Traefik core developers directly,
which offers the possibility to discuss issues, pull requests, enhancements more efficiently
and get the feedback almost immediately.
Fewer blockers mean more fun and engaging work.
- On a daily basis, we publish a report that includes all the activities performed during the day.
You are updated in regard to the workload that has been processed including:
working on the new features and enhancements,
activities related to the reported issues and PRs,
other important project-related announcements.
- At 2:15pm CET every Monday and Thursday we review all the created issues that have been reported,
assign them the appropriate *[labels](maintainers.md#labels)*
and prioritize them based on the severity of the problem.
The process is called *[issue triaging](https://github.com/traefik/contributors-guide/blob/master/issue_triage.md)*.
Each of the maintainers is welcome to join the meeting.
For that purpose, we use the Traefik Maintainers Discord server
where you are invited once you have become an official maintainer.
## Maintainers Activity
In order to keep the core team efficient and dynamic,
maintainers' activity and involvement will be reviewed on a regular basis.
- Has the maintainer engaged with the team and the community by meeting two or more of these benchmarks in the past six months?
- Has the maintainer participated in at least two or three maintainer meetings?
- Substantial review of at least one or two PRs from either contributors or maintainers.
- Opened at least one or two bug fixes or feature request PRs
that were eventually merged (or on a trajectory for merge).
- Substantial participation in the Help Wanted program (answered questions, helped identify issues, applied guidelines from the Help Wanted guide to open issues).
- Substantial participation with the community in general.
- Has the maintainer shown a consistent pattern of helpful,
non-threatening,
and friendly behavior towards other people on the maintainer team and with our community?
## Additional Comments for (not only) Maintainers
- Be able to put yourself in users shoes.
- Be open-minded and respectful with other maintainers and other community members.
- Keep the communication public -
if anyone tries to communicate with you directly,
ask politely to move the conversation to a public communication channel.
- Stay away from defensive comments.
- Please try to express your thoughts clearly enough
and note that some of us are not native English speakers.
Try to rephrase your sentences, avoiding mental shortcuts;
none of us is able to predict your thoughts.
- There are a lot of use cases of using Traefik
and even more issues that are difficult to reproduce.
If the issue cant be replicated due to a lack of reproducible case (a simple Docker Compose should be enough) -
set your time limits while working on the issue
and express clearly that you were not able to replicate it.
You can come back later to that case.
- Be proactive.
- Emoji are fine,
but if you express yourself clearly enough they are not necessary.
They will not replace good communication.
- Embrace mentorship.
- Keep in mind that we all have the same intent to improve the project.

View File

@@ -1,6 +1,11 @@
---
title: "Traefik Maintainers Documentation"
description: "Traefik Proxy is an open source software with a thriving community of contributors and maintainers. Read the list of maintainers on this page."
---
# Maintainers
## The team
## The Team
* Emile Vauge [@emilevauge](https://github.com/emilevauge)
* Vincent Demeester [@vdemeester](https://github.com/vdemeester)
@@ -11,75 +16,27 @@
* Ludovic Fernandez [@ldez](https://github.com/ldez)
* Julien Salleyron [@juliens](https://github.com/juliens)
* Nicolas Mengin [@nmengin](https://github.com/nmengin)
* Marco Jantke [@marco-jantke](https://github.com/marco-jantke)
* Marco Jantke [@mjantke](https://github.com/mjeri)
* Michaël Matur [@mmatur](https://github.com/mmatur)
* Gérald Croës [@geraldcroes](https://github.com/geraldcroes)
* Jean-Baptiste Doumenjou [@jbdoumenjou](https://github.com/jbdoumenjou)
* Damien Duportal [@dduportal](https://github.com/dduportal)
* Mathieu Lonjaret [@mpl](https://github.com/mpl)
* Romain Tribotté [@rtribotte](https://github.com/rtribotte)
* Kevin Pollet [@kevinpollet](https://github.com/kevinpollet)
* Harold Ozouf [@jspdown](https://github.com/jspdown)
* Tom Moulard [@tommoulard](https://github.com/tommoulard)
## Contributions Daily Meeting
## Maintainer's Guidelines
* 3 Maintainers should attend to a Contributions Daily Meeting where we sort and label new issues ([is:issue label:status/0-needs-triage](https://github.com/containous/traefik/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3Astatus%2F0-needs-triage+)), and review every Pull Requests
* Every pull request should be checked during the Contributions Daily Meeting
* Even if its already assigned
* Even PR labelled with `contributor/waiting-for-corrections` or `contributor/waiting-for-feedback`
* Issues labeled with `priority/P0` and `priority/P1` should be assigned.
* Modifying an issue or a pull request (labels, assignees, milestone) is only possible:
* During the Contributions Daily Meeting
* By an assigned maintainer
* In case of emergency, if a change proposal is approved by 2 other maintainers (on Slack, Discord, Discourse, etc)
Please read the [maintainer's guidelines](maintainers-guidelines.md)
## PR review process:
## Issue Triage
* The status `needs-design-review` is only used in complex/heavy/tricky PRs.
* From `1` to `2`: 1 comment that says “design LGTM” (by a senior maintainer).
* From `2` to `3`: 3 LGTM approvals by any maintainer.
* If needed, a specific maintainer familiar with a particular domain can be requested for the review.
* If a PR has been implemented in pair programming, one peer's LGTM goes into the review for free
* Amending someone else's pull request is authorized only in emergency, if a rebase is needed, or if the initial contributor is silent
Issues and PRs are triaged daily and the process for triaging may be found under [triaging issues](https://github.com/traefik/contributors-guide/blob/master/issue_triage.md) in our [contributors guide repository](https://github.com/traefik/contributors-guide).
We use [PRM](https://github.com/ldez/prm) to manage locally pull requests.
## PR Review Process
## Bots
### [Myrmica Lobicornis](https://github.com/containous/lobicornis/)
Update and Merge Pull Request.
The maintainer giving the final LGTM must add the `status/3-needs-merge` label to trigger the merge bot.
By default, a squash-rebase merge will be carried out.
To preserve commits, add `bot/merge-method-rebase` before `status/3-needs-merge`.
The status `status/4-merge-in-progress` is only used by the bot.
If the bot is not able to perform the merge, the label `bot/need-human-merge` is added.
In such a situation, solve the conflicts/CI/... and then remove the label `bot/need-human-merge`.
To prevent the bot from automatically merging a PR, add the label `bot/no-merge`.
The label `bot/light-review` decreases the number of required LGTM from 3 to 1.
This label is used when:
* Updating the vendors from previously reviewed PRs
* Merging branches into the master
* Preparing the release
### [Myrmica Bibikoffi](https://github.com/containous/bibikoffi/)
* closes stale issues [cron]
* use some criterion as number of days between creation, last update, labels, ...
### [Myrmica Aloba](https://github.com/containous/aloba)
Manage GitHub labels.
* Add labels on new PR [GitHub WebHook]
* Add milestone to a new PR based on a branch version (1.4, 1.3, ...) [GitHub WebHook]
* Add and remove `contributor/waiting-for-corrections` label when a review request changes [GitHub WebHook]
* Weekly report of PR status on Slack (CaptainPR) [cron]
The process for reviewing PRs may be found under [review guidelines](https://github.com/traefik/contributors-guide/blob/master/review_guidelines.md) in our contributors guide repository.
## Labels
@@ -150,7 +107,6 @@ The `status/*` labels represent the desired state in the workflow.
* `area/provider/kv`: KV related.
* `area/provider/marathon`: Marathon related.
* `area/provider/mesos`: Mesos related.
* `area/provider/rancher`: Rancher related.
* `area/provider/servicefabric`: Azure service fabric related.
* `area/provider/zk`: Zoo Keeper related.
* `area/rules`: Rules related.
@@ -167,7 +123,7 @@ The `status/*` labels represent the desired state in the workflow.
* `priority/P2`: need to be fixed in the future.
* `priority/P3`: maybe.
### PR size
### PR Size
Automatically set by a bot.

View File

@@ -1,44 +1,63 @@
---
title: "Traefik Submitting Issues Documentation"
description: "Help us help you! Learn how to submit an issue, following the guidelines, so the Traefik Proxy team can help. Read the technical documentation."
---
# Submitting Issues
Help Us Help You!
{: .subtitle }
We use the [GitHub issue tracker](https://github.com/containous/traefik/issues) to keep track of issues in Traefik.
Issues are perfect for requesting a feature/enhancement or reporting a suspected bug.
We use the [GitHub issue tracker](https://github.com/traefik/traefik/issues) to keep track of issues in Traefik.
The process of sorting and checking the issues is a daunting task, and requires a lot of work (more than an hour a day ... just for sorting).
To save us some time and get quicker feedback, be sure to follow the guide lines below.
To help us (and other community members) quickly and effortlessly understand what you need,
be sure to follow the guidelines below.
!!! important "Getting Help Vs Reporting an Issue"
The issue tracker is not a general support forum, but a place to report bugs and asks for new features.
For end-user related support questions, try using first:
- the Traefik community forum: [![Join the chat at https://community.containo.us/](https://img.shields.io/badge/style-register-green.svg?style=social&label=Discourse)](https://community.containo.us/)
For end-user related support questions, try using the [Traefik Community Forum](https://community.traefik.io/)
[![Join the chat at https://community.traefik.io/](https://img.shields.io/badge/style-register-green.svg?style=social&label=Traefik%20Community%20Forum)](https://community.traefik.io/)
## Issue Title
The title must be short and descriptive. (~60 characters)
## Description
Examples:
Follow the [issue template](https://github.com/containous/traefik/blob/master/.github/ISSUE_TEMPLATE.md) as much as possible.
Explain us in which conditions you encountered the issue, what is your context.
Remain as clear and concise as possible
Take time to polish the format of your message so we'll enjoy reading it and working on it.
Help the readers focus on what matters, and help them understand the structure of your message (see the [Github Markdown Syntax](https://help.github.com/articles/github-flavored-markdown)).
* Bug: Duplicate requests in access logs
* Feature: Support TCP
## Feature Request
Traefik is an open-source project and aims to be the best edge router possible.
Traefik is an open source project and aims to be the best edge router possible.
Remember when asking for new features that these must be useful to the majority (and not only useful in edge case scenarios, or hack-like setups).
Follow the [issue template](https://github.com/traefik/traefik/blob/master/.github/ISSUE_TEMPLATE/feature-request.yml) as much as possible.
Do you best to explain what you're looking for, and why it would improve Traefik for everyone.
Do your best to explain what you're looking for, and why it would improve Traefik for everyone.
Be detailed and share the use-case(s) to allow us to see the value of your feature request as quickly as possible.
Features with a lot of positive interaction (claps, +1s, conversation about how this would impact them) indicate higher community interest and help us to prioritize.
If you are interested in creating a PR for your feature request, let us know in the issue, so we can work with you.
It can take a lot of work to make sure a PR can integrate with our existing code and planning with the team ahead of time can make sure that your PR can be accepted and merged quickly.
## Issues or Possible Bug Reports
Follow the [issue template](https://github.com/traefik/traefik/blob/master/.github/ISSUE_TEMPLATE/bug_report.yml) as much as possible.
Explain the conditions in which you encountered the issue; what is your context?
Share any logs you may have, and make sure to share the steps it takes to reproduce your issue or bug.
Remain as clear and concise as possible.
Take time to polish the format of your message, so we'll enjoy reading it and working on it.
Help your readers focus on what matters and help them understand the structure of your message (see the [GitHub Markdown Syntax](https://docs.github.com/en/get-started/writing-on-github)).
## International English
Every maintainer / Traefik user is not a native English speaker, so if you feel sometimes that some messages sound rude, remember that it probably is a language barrier problem from someone willing to help you.
Every maintainer / Traefik user is not a native English speaker, so if you sometimes feel that some messages sound rude, remember that it probably is a language barrier problem from someone willing to help you.

View File

@@ -1,45 +1,231 @@
# Submitting Pull Requests
---
title: "Traefik Pull Requests Documentation"
description: "Looking to contribute to Traefik Proxy? This guide will show you the guidelines for submitting a PR in our contributors guide repository."
---
A Quick Guide for Efficient Contributions
{: .subtitle }
# Before You Submit a Pull Request
So you've decide to improve Traefik?
Thank You!
Now the last step is to submit your Pull Request in a way that makes sure it gets the attention it deserves.
This guide is for contributors who already have a pull request to submit.
If you are looking for information on setting up your developer environment
and creating code to contribute to Traefik Proxy or related projects,
see the [development guide](https://docs.traefik.io/contributing/building-testing/).
Let's go though the classic pitfalls to make sure everything is right.
Looking for a way to contribute to Traefik Proxy?
Check out this list of [Priority Issues](https://github.com/traefik/traefik/labels/contributor%2Fwanted),
the [Good First Issue](https://github.com/traefik/traefik/labels/contributor%2Fgood-first-issue) list,
or the list of [confirmed bugs](https://github.com/traefik/traefik/labels/kind%2Fbug%2Fconfirmed) waiting to be remedied.
## Title
## How We Prioritize
The title must be short and descriptive. (~60 characters)
We wish we could review every pull request right away.
Unfortunately, our team has to prioritize pull requests (PRs) for review
(but we are welcoming new [maintainers](https://github.com/traefik/traefik/blob/master/docs/content/contributing/maintainers-guidelines.md) to speed this up,
if you are interested, check it out and apply).
## Description
The PRs we are able to handle fastest are:
Follow the [pull request template](https://github.com/containous/traefik/blob/master/.github/PULL_REQUEST_TEMPLATE.md) as much as possible.
* Documentation updates.
* Bug fixes.
* Enhancements and Features with a `contributor/wanted` tag.
Explain the conditions which led you to write this PR: give us context.
The context should lead to something, an idea or a problem that youre facing.
PRs that take more time to address include:
Remain clear and concise.
* Enhancements or Features without the `contributor/wanted` tag.
Take time to polish the format of your message so we'll enjoy reading it and working on it.
Help the readers focus on what matters, and help them understand the structure of your message (see the [Github Markdown Syntax](https://help.github.com/articles/github-flavored-markdown)).
If you have an idea for an enhancement or feature that you would like to build,
[create an issue](https://github.com/traefik/traefik/issues/new/choose) for it first
and tell us you are interested in writing the PR.
If an issue already exists, definitely comment on it to tell us you are interested in creating a PR.
## PR Content
This will allow us to communicate directly and let you know if it is something we would accept.
- Make it small.
- One feature per Pull Request.
- Write useful descriptions and titles.
- Avoid re-formatting code that is not on the path of your PR.
- Make sure the [code builds](building-testing.md).
- Make sure [all tests pass](building-testing.md).
- Add tests.
- Address review comments in terms of additional commits (and don't amend/squash existing ones unless the PR is trivial).
It also allows us to make sure you have all the information you need during the design phase
so that it can be reviewed and merged quickly.
!!! note "third-party dependencies"
Read more about the [Triage process](https://github.com/traefik/contributors-guide/blob/master/issue_triage.md) in the docs.
If a PR involves changes to third-party dependencies, the commits pertaining to the vendor folder and the manifest/lock file(s) should be committed separated.
## The Pull Request Submit Process
!!! tip "10 Tips for Better Pull Requests"
Merging a PR requires the following steps to be completed before it is merged automatically.
We enjoyed this article, maybe you will too! [10 tips for better pull requests](https://blog.ploeh.dk/2015/01/15/10-tips-for-better-pull-requests/).
* Make sure your pull request adheres to our best practices. These include:
* [Following project conventions](https://github.com/traefik/traefik/blob/master/docs/content/contributing/maintainers-guidelines.md); including using the PR Template.
* Make small pull requests.
* Solve only one problem at a time.
* Comment thoroughly.
* Do not open the PR from an organization repository.
* Keep "allows edit from maintainer" checked.
* Use semantic line breaks for documentation.
* Ensure your PR is not a draft. We do not review drafts, but do answer questions and confer with developers on them as needed.
* Pass the validation check.
* Pass all tests.
* Receive 3 approving reviews maintainers.
## Pull Request Review Cycle
Learn about our [Triage Process](https://github.com/traefik/contributors-guide/blob/master/issue_triage.md),
in short, it looks like this:
* We triage every new PR or comment before entering it into the review process.
* We ensure that all prerequisites for review have been met.
* We check to make sure the use case meets our needs.
* We assign reviewers.
* Design Review.
* This takes longer than other parts of the process.
* We review that there are no obvious conflicts with our codebase.
* Code Review.
* We review the code in-depth and run tests.
* We may ask for changes here.
* During code review, we ask that you be reasonably responsive,
if a PR languishes in code review it is at risk of rejection,
or we may take ownership of the PR and the contributor will become a co-author.
* Merge.
* Success!
!!! note
Occasionally, we may freeze our codebase when working towards a specific feature or goal that could impact other development.
During this time, your pull request could remain unmerged while the release work is completed.
## Run Local Verifications
You must run these local verifications before you submit your pull request to predict the pass or failure of continuous integration.
Your PR will not be reviewed until these are green on the CI.
* `make validate`
* `make pull-images`
* `make test`
## The Testing and Merge Workflow
Pull Requests are managed by the bot [Myrmica Lobicornis](https://github.com/traefik/lobicornis).
This bot is responsible for verifying GitHub Checks (CI, Tests, etc), mergability, and minimum reviews.
In addition, it rebases or merges with the base PR branch if needed.
It performs several other housekeeping items
and you can read more about those on the [README](https://github.com/traefik/lobicornis) for Lobicornis.
The maintainer giving the final LGTM must add the `status/3-needs-merge` label to trigger the merge bot.
By default, a squash-rebase merge will be carried out.
The status `status/4-merge-in-progress` is only used by the bot.
If the bot is not able to perform the merge, the label `bot/need-human-merge` is added.
In such a situation, solve the conflicts/CI/... and then remove the label `bot/need-human-merge`.
To prevent the bot from automatically merging a PR, add the label `bot/no-merge`.
The label `bot/light-review` decreases the number of required LGTM from 3 to 1.
This label can be used when:
* Updating a dependency.
* Merging branches back into the next version branch.
* Submitting minor documentation changes.
* Submitting changelog PRs.
## Why Was My Pull Request Closed?
Traefik Proxy is made by the community for the community,
as such the goal is to engage the community to make Traefik the best reverse proxy available.
Part of this goal is maintaining a lean codebase and ensuring code velocity.
unfortunately, this means that sometimes we will not be able to merge a pull request.
Because we respect the work you did, you will always be told why we are closing your pull request.
If you do not agree with our decision, do not worry; closed pull requests are effortless to recreate,
and little work is lost by closing a pull request that subsequently needs to be reopened.
Your pull request might be closed if:
* Your PR's design conflicts with our existing codebase in such a way that merging is not an option
and the work needed to make your pull request usable is too high.
* To prevent this, make sure you created an issue first
and think about including Traefik Proxy maintainers in your design phase to minimize conflicts.
* Your PR is for an enhancement or feature that we will not use.
* Please remember to create an issue for any pull request **before** you create a PR
to ensure that your goal is something we can merge and that you have any design insight you might need from the team.
* Your PR has been waiting for feedback from the contributor for over 90 days.
## Why is My Pull Request Not Getting Reviewed
A few factors affect how long your pull request might wait for review.
We must prioritize which PRs we focus on.
Our first priority is PRs we have identified as having high community engagement and broad applicability.
We put our top priorities on our roadmap, and you can identify them by the `contributor/wanted` tag.
These PRs will enter our review process the fastest.
Our second priority is bug fixes.
Especially for bugs that have already been tagged with `bug/confirmed`.
These reviews enter the process quickly.
If your PR does not meet the criteria above,
it will take longer for us to review, as any PRs that do meet the criteria above will be prioritized.
Additionally, during the last few weeks of a milestone, we stop reviewing PRs to reduce churn and stabilize.
We will resume after the release.
The second major reason that we deprioritize your PR is that you are not following best practices.
The most common failures to follow best practices are:
* You did not create an issue for the PR you wish to make.
If you do not create an issue before submitting your PR,
we will not be able to answer any design questions and let you know how likely your PR is to be merged.
* You created pull requests that are too large to review.
* Break your pull requests up.
If you can extract whole ideas from your pull request and send those as pull requests of their own,
you should do that instead.
It is better to have many pull requests addressing one thing than one pull request addressing many things.
* Traefik Proxy is a fast-moving codebase — lock in your changes ASAP with your small pull request,
and make merges be someone else's problem.
We want every pull request to be useful on its own,
so use your best judgment on what should be a pull request vs. a commit.
* You did not comment well.
* Comment everything.
Please remember that we are working internationally, cross-culturally, and with different use-cases.
Your reviewer will not intuitively understand the problem the same way you do or solve it the same way you would.
This is why every change you make must be explained, and your strategy for coding must also be explained.
* Your tests were inadequate or absent.
* If you do not know how to test your PR, please ask!
We will be happy to help you or suggest appropriate test cases.
If you have already followed the best practices and your PR still has not received a response,
here are some things you can do to move the process along:
* If you have fixed all the issues from a review,
remember to re-request a review (using the designated button) to let your reviewer know that you are ready.
You can choose to comment with the changes you made.
* Ping `@tfny` if you have not been assigned to a reviewer.
For more information on best practices, try these links:
* [How to Write a Git Commit Message - Chris Beams](https://chris.beams.io/posts/git-commit/)
* [Distributed Git - Contributing to a Project (Commit Guidelines)](https://git-scm.com/book/en/v2/Distributed-Git-Contributing-to-a-Project)
* [Whats with the 50/72 rule? - Preslav Rachev](https://preslav.me/2015/02/21/what-s-with-the-50-72-rule/)
* [A Note About Git Commit Messages - Tim Pope](https://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html)
## It's OK to Push Back
Sometimes reviewers make mistakes.
It is OK to push back on changes your reviewer requested.
If you have a good reason for doing something a certain way, you are absolutely allowed to debate the merits of a requested change.
Both the reviewer and reviewee should strive to discuss these issues in a polite and respectful manner.
You might be overruled, but you might also prevail.
We are pretty reasonable people.
Another phenomenon of open-source projects (where anyone can comment on any issue) is the dog-pile -
your pull request gets so many comments from so many people it becomes hard to follow.
In this situation, you can ask the primary reviewer (assignee) whether they want you to fork a new pull request
to clear out all the comments.
You do not have to fix every issue raised by every person who feels like commenting,
but you should answer reasonable comments with an explanation.
## Common Sense and Courtesy
No document can take the place of common sense and good taste.
Use your best judgment, while you put a bit of thought into how your work can be made easier to review.
If you do these things, your pull requests will get merged with less friction.

View File

@@ -0,0 +1,23 @@
---
title: "Traefik Security Documentation"
description: "Security is a key part of Traefik Proxy. Read the technical documentation to learn about security advisories, CVE, and how to report a vulnerability."
---
# Security
## Security Advisories
We strongly advise you to join our mailing list to be aware of the latest announcements from our security team.
You can subscribe sending a mail to security+subscribe@traefik.io or on [the online viewer](https://groups.google.com/a/traefik.io/forum/#!forum/security).
## CVE
Reported vulnerabilities can be found on
[cve.mitre.org](https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=traefik).
## Report a Vulnerability
We want to keep Traefik safe for everyone.
If you've discovered a security vulnerability in Traefik,
we appreciate your help in disclosing it to us in a responsible manner,
by creating a [security advisory](https://github.com/traefik/traefik/security/advisories).

View File

@@ -1,13 +1,18 @@
---
title: "Traefik Contribution Documentation"
description: "Thank you to all those who have contributed! Traefik Proxy is an open-source project that thrives with the support of our passionate community."
---
# Thank You!
_You_ Made It
{: .subtitle}
Traefik truly is an [open-source project](https://github.com/containous/traefik/),
and wouldn't have become what it is today without the help of our [many contributors](https://github.com/containous/traefik/graphs/contributors) (at the time of writing this),
not accounting for people having helped with issues, tests, comments, articles, ... or just enjoying it and letting others know.
Traefik Proxy truly is an [open-source project](https://github.com/traefik/traefik/),
and wouldn't have become what it is today without the help of our [many contributors](https://github.com/traefik/traefik/graphs/contributors) (at the time of writing this),
not accounting for people having helped with issues, tests, comments, articles, ... or just enjoy using Traefik Proxy and share with others.
So once again, thank you for your invaluable help on making Traefik such a good product.
So once again, thank you for your invaluable help in making Traefik such a good product!
!!! question "Where to Go Next?"
If you want to:

View File

@@ -0,0 +1,23 @@
# Feature Deprecation Notices
This page is maintained and updated periodically to reflect our roadmap and any decisions around feature deprecation.
| Feature | Deprecated | End of Support | Removal |
|----------------------------------------------------------------------------------------------------------------------|------------|----------------|---------|
| [Kubernetes CRDs API Version `traefik.io/v1alpha1`](#kubernetes-crds-api-version-traefikiov1alpha1) | N/A | N/A | 3.0 |
| [Kubernetes Ingress API Version `networking.k8s.io/v1beta1`](#kubernetes-ingress-api-version-networkingk8siov1beta1) | N/A | N/A | 3.0 |
| [CRD API Version `apiextensions.k8s.io/v1beta1`](#kubernetes-ingress-api-version-networkingk8siov1beta1) | N/A | N/A | 3.0 |
## Impact
### Kubernetes CRDs API Version `traefik.io/v1alpha1`
The newly introduced Kubernetes CRD API Version `traefik.io/v1alpha1` will subsequently be removed in Traefik v3. The following version will be `traefik.io/v1`.
### Kubernetes Ingress API Version `networking.k8s.io/v1beta1`
The Kubernetes Ingress API Version `networking.k8s.io/v1beta1` is removed in v3. Please use the API Group `networking.k8s.io/v1` instead.
### Traefik CRD API Version `apiextensions.k8s.io/v1beta1`
The Traefik CRD API Version `apiextensions.k8s.io/v1beta1` is removed in v3. Please use the API Group `apiextensions.k8s.io/v1` instead.

View File

@@ -0,0 +1,41 @@
# Releases
## Versions
Below is a non-exhaustive list of versions and their maintenance status:
| Version | Release Date | Active Support | Security Support |
|---------|--------------|--------------------|------------------|
| 2.10 | Apr 24, 2023 | Yes | Yes |
| 2.9 | Oct 03, 2022 | Ended Apr 24, 2023 | No |
| 2.8 | Jun 29, 2022 | Ended Oct 03, 2022 | No |
| 2.7 | May 24, 2022 | Ended Jun 29, 2022 | No |
| 2.6 | Jan 24, 2022 | Ended May 24, 2022 | No |
| 2.5 | Aug 17, 2021 | Ended Jan 24, 2022 | No |
| 2.4 | Jan 19, 2021 | Ended Aug 17, 2021 | No |
| 2.3 | Sep 23, 2020 | Ended Jan 19, 2021 | No |
| 2.2 | Mar 25, 2020 | Ended Sep 23, 2020 | No |
| 2.1 | Dec 11, 2019 | Ended Mar 25, 2020 | No |
| 2.0 | Sep 16, 2019 | Ended Dec 11, 2019 | No |
| 1.7 | Sep 24, 2018 | Ended Dec 31, 2021 | Contact Support |
??? example "Active Support / Security Support"
**Active support**: receives any bug fixes.
**Security support**: receives only critical bug and security fixes.
This page is maintained and updated periodically to reflect our roadmap and any decisions affecting the end of support for Traefik Proxy.
Please refer to our migration guides for specific instructions on upgrading between versions, an example is the [v1 to v2 migration guide](../migration/v1-to-v2.md).
!!! important "All target dates for end of support or feature removal announcements may be subject to change."
## Versioning Scheme
The Traefik Proxy project follows the [semantic versioning](https://semver.org/) scheme and maintains a separate branch for each minor version. The main branch always represents the next upcoming minor or major version.
And these are our guiding rules for version support:
- **Only the latest `minor`** will be on active support at any given time
- **The last `minor` after releasing a new `major`** will be supported for 1 year following the `major` release
- **Previous rules are subject to change** and in such cases an announcement will be made publicly, [here](https://traefik.io/blog/traefik-2-1-in-the-wild/) is an example extending v1.x branch support.

View File

@@ -1,14 +1,34 @@
---
title: Concepts
description: Traefik - base concepts and main features
---
# Concepts
Everything You Need to Know
{: .subtitle }
This page explains the base concepts of Traefik.
---
## Introduction
Traefik is based on the concept of EntryPoints, Routers, Middlewares and Services.
The main features include dynamic configuration, automatic service discovery, and support for multiple backends and protocols.
1. [EntryPoints](../routing/entrypoints.md "Link to docs about EntryPoints"): EntryPoints are the network entry points into Traefik. They define the port which will receive the packets, and whether to listen for TCP or UDP.
2. [Routers](../routing/routers/index.md "Link to docs about routers"): A router is in charge of connecting incoming requests to the services that can handle them.
3. [Middlewares](../middlewares/overview.md "Link to docs about middlewares"): Attached to the routers, middlewares can modify the requests or responses before they are sent to your service
4. [Services](../routing/services/index.md "Link to docs about services"): Services are responsible for configuring how to reach the actual services that will eventually handle the incoming requests.
## Edge Router
Traefik is an _Edge Router_, it means that it's the door to your platform, and that it intercepts and routes every incoming request:
it knows all the logic and every rule that determine which services handle which requests (based on the [path](../routing/routers/index.md#rule), the [host](../routing/routers/index.md#rule), [headers](../routing/routers/index.md#rule), [and so on](../routing/routers/index.md#rule) ...).
Traefik is an *Edge Router*, it means that it's the door to your platform, and that it intercepts and routes every incoming request:
it knows all the logic and every [rule](../routing/routers/index.md#rule "Link to docs about routing rules") that determine which services handle which requests (based on the *path*, the *host*, *headers*, etc.).
![The Door to Your Infrastructure](../assets/img/traefik-concepts-1.png)
![The Door to Your Infrastructure](../assets/img/traefik-concepts-1.png "Picture explaining the infrastructure")
## Auto Service Discovery
@@ -16,21 +36,25 @@ Where traditionally edge routers (or reverse proxies) need a configuration file
Deploying your services, you attach information that tells Traefik the characteristics of the requests the services can handle.
![Decentralized Configuration](../assets/img/traefik-concepts-2.png)
![Decentralized Configuration](../assets/img/traefik-concepts-2.png "Picture about Decentralized Configuration")
It means that when a service is deployed, Traefik detects it immediately and updates the routing rules in real time.
The opposite is true: when you remove a service from your infrastructure, the route will disappear accordingly.
Similarly, when a service is removed from the infrastructure, the corresponding route is deleted accordingly.
You no longer need to create and synchronize configuration files cluttered with IP addresses or other rules.
!!! info "Many different rules"
In the example above, we used the request [path](../routing/routers/index.md#rule) to determine which service was in charge, but of course you can use many other different [rules](../routing/routers/index.md#rule).
In the example above, we used the request [path rule](../routing/routers/index.md#rule "Link to docs about routing rules") to determine which service was in charge.
Certainly, you can use many other different [rules](../routing/routers/index.md#rule "Link to docs about routing rules").
!!! info "Updating the requests"
In the [middleware](../middlewares/overview.md) section, you can learn about how to update the requests before forwarding them to the services.
In the [middleware](../middlewares/overview.md "Link to middleware documentation") section, you can learn about how to update the requests before forwarding them to the services.
!!! question "How does Traefik discover the services?"
Traefik is able to use your cluster API to discover the services and read the attached information. In Traefik, these connectors are called [providers](../providers/overview.md) because they _provide_ the configuration to Traefik. To learn more about them, read the [provider overview](../providers/overview.md) section.
Traefik is able to use your cluster API to discover the services and read the attached information.
In Traefik, these connectors are called [providers](../providers/overview.md "Link to overview about Traefik providers") because they *provide* the configuration to Traefik.
{!traefik-for-business-applications.md!}

View File

@@ -1,3 +1,8 @@
---
title: "Traefik Configuration Documentation"
description: "Get started with Traefik Proxy. This page will introduce you to the dynamic routing and startup configurations. Read the technical documentation."
---
# Configuration Introduction
How the Magic Happens
@@ -13,13 +18,13 @@ Configuration in Traefik can refer to two different things:
Elements in the _static configuration_ set up connections to [providers](../providers/overview.md) and define the [entrypoints](../routing/entrypoints.md) Traefik will listen to (these elements don't change often).
The _dynamic configuration_ contains everything that defines how the requests are handled by your system.
This configuration can change and is seamlessly hot-reloaded, without any request interruption or connection loss.
This configuration can change and is seamlessly hot-reloaded, without any request interruption or connection loss.
!!! warning "Incompatible Configuration"
Please be aware that the old configurations for Traefik v1.x are NOT compatible with the v2.x config as of now.
If you are running v2, please ensure you are using a v2 configuration.
## The Dynamic Configuration
## The Dynamic Configuration
Traefik gets its _dynamic configuration_ from [providers](../providers/overview.md): whether an orchestrator, a service registry, or a plain old configuration file.
@@ -28,14 +33,14 @@ Since this configuration is specific to your infrastructure choices, we invite y
!!! info ""
In the [Quick Start example](../getting-started/quick-start.md), the dynamic configuration comes from docker in the form of labels attached to your containers.
!!! info "HTTPS Certificates also belong to the dynamic configuration."
You can add / update / remove them without restarting your Traefik instance.
You can add / update / remove them without restarting your Traefik instance.
## The Static Configuration
There are three different, **mutually exclusive** (e.g. you can use only one at the same time), ways to define static configuration options in Traefik:
There are three different, **mutually exclusive** (i.e. you can use only one at the same time), ways to define static configuration options in Traefik:
1. In a configuration file
1. In the command-line arguments
@@ -45,13 +50,13 @@ These ways are evaluated in the order listed above.
If no value was provided for a given option, a default value applies.
Moreover, if an option has sub-options, and any of these sub-options is not specified, a default value will apply as well.
For example, the `--providers.docker` option is enough by itself to enable the docker provider, even though sub-options like `--providers.docker.endpoint` exist.
Once positioned, this option sets (and resets) all the default values of the sub-options of `--providers.docker`.
### Configuration File
At startup, Traefik searches for a file named `traefik.toml` (or `traefik.yml` or `traefik.yaml`) in:
At startup, Traefik searches for static configuration in a file named `traefik.yml` (or `traefik.yaml` or `traefik.toml`) in:
- `/etc/traefik/`
- `$XDG_CONFIG_HOME/`
@@ -61,7 +66,7 @@ At startup, Traefik searches for a file named `traefik.toml` (or `traefik.yml` o
You can override this using the `configFile` argument.
```bash
traefik --configFile=foo/bar/myconfigfile.toml
traefik --configFile=foo/bar/myconfigfile.yml
```
### Arguments
@@ -74,7 +79,7 @@ traefik --help
# or
docker run traefik[:version] --help
# ex: docker run traefik:2.0 --help
# ex: docker run traefik:v3.0 --help
```
All available arguments can also be found [here](../reference/static-configuration/cli.md).
@@ -88,3 +93,5 @@ All available environment variables can be found [here](../reference/static-conf
All the configuration options are documented in their related section.
You can browse the available features in the menu, the [providers](../providers/overview.md), or the [routing section](../routing/overview.md) to see them in action.
{!traefik-for-business-applications.md!}

View File

@@ -0,0 +1,253 @@
---
title: "Traefik Getting Started FAQ"
description: "Check out our FAQ page for answers to commonly asked questions on getting started with Traefik Proxy. Read the technical documentation."
---
# FAQ
## Why is Traefik Answering `XXX` HTTP Response Status Code?
Traefik is a dynamic reverse proxy,
and while the documentation often demonstrates configuration options through file examples,
the core feature of Traefik is its dynamic configurability,
directly reacting to changes from providers over time.
Notably, a part of the configuration is [static](../configuration-overview/#the-static-configuration),
and can be provided by a file on startup, whereas various providers,
such as the file provider,
contribute dynamically all along the traefik instance lifetime to its [dynamic configuration](../configuration-overview/#the-dynamic-configuration) changes.
In addition, the configuration englobes concepts such as the EntryPoint which can be seen as a listener on the Transport Layer (TCP),
as apposed to the Router which is more about the Presentation (TLS) and Application layers (HTTP).
And there can be as many routers as one wishes for a given EntryPoint.
In other words, for a given Entrypoint,
at any given time the traffic seen is not bound to be just about one protocol.
It could be HTTP, or otherwise. Over TLS, or not.
Not to mention that dynamic configuration changes potentially make that kind of traffic vary over time.
Therefore, in this dynamic context,
the static configuration of an `entryPoint` does not give any hint whatsoever about how the traffic going through that `entryPoint` is going to be routed.
Or whether it's even going to be routed at all,
i.e. whether there is a Router matching the kind of traffic going through it.
### `404 Not found`
Traefik returns a `404` response code in the following situations:
- A request reaching an EntryPoint that has no Routers
- An HTTP request reaching an EntryPoint that has no HTTP Router
- An HTTPS request reaching an EntryPoint that has no HTTPS Router
- A request reaching an EntryPoint that has HTTP/HTTPS Routers that cannot be matched
From Traefik's point of view,
every time a request cannot be matched with a router the correct response code is a `404 Not found`.
In this situation, the response code is not a `503 Service Unavailable`
because Traefik is not able to confirm that the lack of a matching router for a request is only temporary.
Traefik's routing configuration is dynamic and aggregated from different providers,
hence it's not possible to assume at any moment that a specific route should be handled or not.
??? info "This behavior is consistent with rfc7231"
```txt
The server is currently unable to handle the request due to a
temporary overloading or maintenance of the server. The implication
is that this is a temporary condition which will be alleviated after
some delay. If known, the length of the delay MAY be indicated in a
Retry-After header. If no Retry-After is given, the client SHOULD
handle the response as it would for a 500 response.
Note: The existence of the 503 status code does not imply that a
server must use it when becoming overloaded. Some servers may wish
to simply refuse the connection.
```
Extract from [rfc7231#section-6.6.4](https://datatracker.ietf.org/doc/html/rfc7231#section-6.6.4).
### `502 Bad Gateway`
Traefik returns a `502` response code when an error happens while contacting the upstream service.
### `503 Service Unavailable`
Traefik returns a `503` response code when a Router has been matched
but there are no servers ready to handle the request.
This situation is encountered when a service has been explicitly configured without servers,
or when a service has healthcheck enabled and all servers are unhealthy.
### `XXX` Instead of `404`
Sometimes, the `404` response code doesn't play well with other parties or services (such as CDNs).
In these situations, you may want Traefik to always reply with a `503` response code,
instead of a `404` response code.
To achieve this behavior, a simple catchall router,
with the lowest possible priority and routing to a service without servers,
can handle all the requests when no other router has been matched.
The example below is a file provider only version (`yaml`) of what this configuration could look like:
```yaml tab="Static configuration"
# traefik.yml
entrypoints:
web:
address: :80
providers:
file:
filename: dynamic.yaml
```
```yaml tab="Dynamic configuration"
# dynamic.yaml
http:
routers:
catchall:
# attached only to web entryPoint
entryPoints:
- "web"
# catchall rule
rule: "PathPrefix(`/`)"
service: unavailable
# lowest possible priority
# evaluated when no other router is matched
priority: 1
services:
# Service that will always answer a 503 Service Unavailable response
unavailable:
loadBalancer:
servers: {}
```
!!! info "Dedicated service"
If there is a need for a response code other than a `503` and/or a custom message,
the principle of the above example above (a catchall router) still stands,
but the `unavailable` service should be adapted to fit such a need.
## Why Is My TLS Certificate Not Reloaded When Its Contents Change?
With the file provider,
a configuration update is only triggered when one of the [watched](../providers/file.md#provider-configuration) configuration files is modified.
Which is why, when a certificate is defined by path,
and the actual contents of this certificate change,
a configuration update is _not_ triggered.
To take into account the new certificate contents, the update of the dynamic configuration must be forced.
One way to achieve that, is to trigger a file notification,
for example, by using the `touch` command on the configuration file.
## What Are the Forwarded Headers When Proxying HTTP Requests?
By default, the following headers are automatically added when proxying requests:
| Property | HTTP Header |
|---------------------------|----------------------------|
| Client's IP | X-Forwarded-For, X-Real-Ip |
| Host | X-Forwarded-Host |
| Port | X-Forwarded-Port |
| Protocol | X-Forwarded-Proto |
| Proxy Server's Hostname | X-Forwarded-Server |
For more details,
please check out the [forwarded header](../routing/entrypoints.md#forwarded-headers) documentation.
## How Traefik is Storing and Serving TLS Certificates?
### Storing TLS Certificates
[TLS](../https/tls.md "Link to Traefik TLS docs") certificates are either provided directly by the [dynamic configuration](./configuration-overview.md#the-dynamic-configuration "Link to dynamic configuration overview") from [providers](../https/tls.md#user-defined "Link to the TLS configuration"),
or by [ACME resolvers](../https/acme.md#providers "Link to ACME resolvers"), which act themselves as providers internally.
For each TLS certificate, Traefik produces an identifier used as a key to store it.
This identifier is constructed as the alphabetically ordered concatenation of the SANs `DNSNames` and `IPAddresses` of the TLScertificate.
#### Examples:
| X509v3 Subject Alternative Name | TLS Certificate Identifier |
|-----------------------------------------|-----------------------------|
| `DNS:example.com, IP Address:127.0.0.1` | `127.0.0.1,example.com` |
| `DNS:example.com, DNS:*.example.com` | `*.example.com,example.com` |
The identifier is used to store TLS certificates in order to be later used to handle TLS connections.
This operation happens each time there are configuration changes.
If multiple TLS certificates are provided with the same SANs definition (same identifier), only the one processed first is kept.
Because the dynamic configuration is aggregated from all providers,
when processing it to gather TLS certificates,
there is no guarantee of the order in which they would be processed.
This means that along with configurations applied, it is possible that the TLS certificate retained for a given identifier differs.
### Serving TLS Certificates
For each incoming connection, Traefik is serving the "best" matching TLS certificate for the provided server name.
The TLS certificate selection process narrows down the list of TLS certificates matching the server name,
and then selects the last TLS certificate in this list after having ordered it by the identifier alphabetically.
#### Examples:
| Selected TLS Certificates Identifiers | Sorted TLS Certificates Identifiers | Served Certificate Identifier |
|-----------------------------------------------------|-----------------------------------------------------|-------------------------------|
| `127.0.0.1,example.com`,`*.example.com,example.com` | `*.example.com,example.com`,`127.0.0.1,example.com` | `127.0.0.1,example.com` |
| `*.example.com,example.com`,`example.com` | `*.example.com,example.com`,`example.com` | `example.com` |
### Caching TLS Certificates
While Traefik is serving the best matching TLS certificate for each incoming connection,
the selection process cost for each incoming connection is avoided thanks to a cache mechanism.
Once a TLS certificate has been selected as the "best" TLS certificate for a server name,
it is cached for an hour, avoiding the selection process for further connections.
Nonetheless, when a new configuration is applied, the cache is reset.
## What does the "field not found" error mean?
```shell
error: field not found, node: -badField-
```
The "field not found" error occurs, when an unknown property is encountered in the dynamic or static configuration.
One easy way to check whether a configuration file is well-formed, is to validate it with:
- [JSON Schema of the static configuration](https://json.schemastore.org/traefik-v2.json)
- [JSON Schema of the dynamic configuration](https://json.schemastore.org/traefik-v2-file-provider.json)
## Why are some resources (routers, middlewares, services...) not created/applied?
As a common tip, if a resource is dropped/not created by Traefik after the dynamic configuration was evaluated,
one should look for an error in the logs.
If found, the error obviously confirms that something went wrong while creating the resource,
and the message should help in figuring out the mistake(s) in the configuration, and how to fix it.
When using the file provider,
one easy way to check if the dynamic configuration is well-formed is to validate it with the [JSON Schema of the dynamic configuration](https://json.schemastore.org/traefik-v2-file-provider.json).
## Why does Let's Encrypt wildcard certificate renewal/generation with DNS challenge fail?
If you're trying to renew wildcard certificates, with DNS challenge,
and you're getting errors such as:
```txt
msg="Error renewing certificate from LE: {example.com [*.example.com]}"
providerName=letsencrypt.acme error="error: one or more domains had a problem:
[example.com] acme: error presenting token: gandiv5: unexpected authZone example.com. for fqdn example.com."
```
then it could be due to `CNAME` support.
In which case, you should make sure your infrastructure is properly set up for a
`DNS` challenge that does not rely on `CNAME`, and you should try disabling `CNAME` support with:
```bash
LEGO_DISABLE_CNAME_SUPPORT=true
```

View File

@@ -1,18 +1,27 @@
---
title: "Traefik Installation Documentation"
description: "There are several flavors to choose from when installing Traefik Proxy. Get started with Traefik Proxy, and read the technical documentation."
---
# Install Traefik
You can install Traefik with the following flavors:
* [Use the official Docker image](./#use-the-official-docker-image)
* [Use the Helm Chart](./#use-the-helm-chart)
* [Use the binary distribution](./#use-the-binary-distribution)
* [Compile your binary from the sources](./#compile-your-binary-from-the-sources)
## Use the Official Docker Image
Choose one of the [official Docker images](https://hub.docker.com/_/traefik) and run it with the [sample configuration file](https://raw.githubusercontent.com/containous/traefik/v2.0/traefik.sample.toml):
Choose one of the [official Docker images](https://hub.docker.com/_/traefik) and run it with one sample configuration file:
* [YAML](https://raw.githubusercontent.com/traefik/traefik/v3.0/traefik.sample.yml)
* [TOML](https://raw.githubusercontent.com/traefik/traefik/v3.0/traefik.sample.toml)
```bash
docker run -d -p 8080:8080 -p 80:80 \
-v $PWD/traefik.toml:/etc/traefik/traefik.toml traefik:v2.0
-v $PWD/traefik.yml:/etc/traefik/traefik.yml traefik:v3.0
```
For more details, go to the [Docker provider documentation](../providers/docker.md)
@@ -20,13 +29,116 @@ For more details, go to the [Docker provider documentation](../providers/docker.
!!! tip
* Prefer a fixed version than the latest that could be an unexpected version.
ex: `traefik:v2.0.0`
ex: `traefik:v3.0`
* Docker images are based from the [Alpine Linux Official image](https://hub.docker.com/_/alpine).
* All the orchestrator using docker images could fetch the official Traefik docker image.
* Any orchestrator using docker images can fetch the official Traefik docker image.
## Use the Helm Chart
!!! warning
The Traefik Chart from
[Helm's default charts repository](https://github.com/helm/charts/tree/master/stable/traefik) is still using [Traefik v1.7](https://doc.traefik.io/traefik/v1.7).
Traefik can be installed in Kubernetes using the Helm chart from <https://github.com/traefik/traefik-helm-chart>.
Ensure that the following requirements are met:
* Kubernetes 1.16+
* Helm version 3.9+ is [installed](https://helm.sh/docs/intro/install/)
Add Traefik Labs chart repository to Helm:
```bash
helm repo add traefik https://traefik.github.io/charts
```
You can update the chart repository by running:
```bash
helm repo update
```
And install it with the `helm` command line:
```bash
helm install traefik traefik/traefik
```
!!! tip "Helm Features"
All [Helm features](https://helm.sh/docs/intro/using_helm/) are supported.
Examples are provided [here](https://github.com/traefik/traefik-helm-chart/blob/master/EXAMPLES.md).
For instance, installing the chart in a dedicated namespace:
```bash tab="Install in a Dedicated Namespace"
kubectl create ns traefik-v2
# Install in the namespace "traefik-v2"
helm install --namespace=traefik-v2 \
traefik traefik/traefik
```
??? example "Installing with Custom Values"
You can customize the installation by specifying custom values,
as with [any helm chart](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing).
{: #helm-custom-values }
All parameters are documented in the default [`values.yaml`](https://github.com/traefik/traefik-helm-chart/blob/master/traefik/values.yaml).
You can also set Traefik command line flags using `additionalArguments`.
Example of installation with logging set to `DEBUG`:
```bash tab="Using Helm CLI"
helm install --namespace=traefik-v2 \
--set="additionalArguments={--log.level=DEBUG}" \
traefik traefik/traefik
```
```yml tab="With a custom values file"
# File custom-values.yml
## Install with "helm install --values=./custom-values.yml traefik traefik/traefik
additionalArguments:
- "--log.level=DEBUG"
```
### Exposing the Traefik dashboard
This HelmChart does not expose the Traefik dashboard by default, for security concerns.
Thus, there are multiple ways to expose the dashboard.
For instance, the dashboard access could be achieved through a port-forward:
```shell
kubectl port-forward $(kubectl get pods --selector "app.kubernetes.io/name=traefik" --output=name) 9000:9000
```
It can then be reached at: `http://127.0.0.1:9000/dashboard/`
Another way would be to apply your own configuration, for instance,
by defining and applying an IngressRoute CRD (`kubectl apply -f dashboard.yaml`):
```yaml
# dashboard.yaml
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: dashboard
spec:
entryPoints:
- web
routes:
- match: Host(`traefik.localhost`) && (PathPrefix(`/dashboard`) || PathPrefix(`/api`))
kind: Rule
services:
- name: api@internal
kind: TraefikService
```
## Use the Binary Distribution
Grab the latest binary from the [releases](https://github.com/containous/traefik/releases) page.
Grab the latest binary from the [releases](https://github.com/traefik/traefik/releases) page.
??? info "Check the integrity of the downloaded file"
@@ -68,3 +180,5 @@ And run it:
## Compile your Binary from the Sources
All the details are available in the [Contributing Guide](../contributing/building-testing.md)
{!traefik-for-business-applications.md!}

View File

@@ -0,0 +1,320 @@
---
title: "Traefik Getting Started With Kubernetes"
description: "Looking to get started with Traefik Proxy? Read the technical documentation to learn a simple use case that leverages Kubernetes."
---
# Quick Start
A Simple Use Case of Traefik Proxy and Kubernetes
{: .subtitle }
This guide is an introduction to using Traefik Proxy in a Kubernetes environment.
The objective is to learn how to run an application behind a Traefik reverse proxy in Kubernetes.
It presents and explains the basic blocks required to start with Traefik such as Ingress Controller, Ingresses, Deployments, static, and dynamic configuration.
## Permissions and Accesses
Traefik uses the Kubernetes API to discover running services.
In order to use the Kubernetes API, Traefik needs some permissions.
This [permission mechanism](https://kubernetes.io/docs/reference/access-authn-authz/rbac/) is based on roles defined by the cluster administrator.
The role is then bound to an account used by an application, in this case, Traefik Proxy.
The first step is to create the role.
The [`ClusterRole`](https://kubernetes.io/docs/reference/kubernetes-api/authorization-resources/cluster-role-v1/#ClusterRole) resource enumerates the resources and actions available for the role.
In a file called `00-role.yml`, put the following `ClusterRole`:
```yaml tab="00-role.yml"
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: traefik-role
rules:
- apiGroups:
- ""
resources:
- services
- endpoints
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- extensions
- networking.k8s.io
resources:
- ingresses
- ingressclasses
verbs:
- get
- list
- watch
- apiGroups:
- extensions
- networking.k8s.io
resources:
- ingresses/status
verbs:
- update
```
!!! info "You can find the reference for this file [there](../../reference/dynamic-configuration/kubernetes-crd/#rbac)."
The next step is to create a dedicated service account for Traefik.
In a file called `00-account.yml`, put the following [`ServiceAccount`](https://kubernetes.io/docs/reference/kubernetes-api/authentication-resources/service-account-v1/#ServiceAccount) resource:
```yaml tab="00-account.yml"
apiVersion: v1
kind: ServiceAccount
metadata:
name: traefik-account
```
And then, bind the role on the account to apply the permissions and rules on the latter. In a file called `01-role-binding.yml`, put the
following [`ClusterRoleBinding`](https://kubernetes.io/docs/reference/kubernetes-api/authorization-resources/cluster-role-binding-v1/#ClusterRoleBinding) resource:
```yaml tab="01-role-binding.yml"
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: traefik-role-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: traefik-role
subjects:
- kind: ServiceAccount
name: traefik-account
namespace: default # Using "default" because we did not specify a namespace when creating the ClusterAccount.
```
!!! info "`roleRef` is the Kubernetes reference to the role created in `00-role.yml`."
!!! info "`subjects` is the list of accounts reference."
In this guide, it only contains the account created in `00-account.yml`
## Deployment and Exposition
!!! info "This section can be managed with the help of the [Traefik Helm chart](../install-traefik/#use-the-helm-chart)."
The [ingress controller](https://traefik.io/glossary/kubernetes-ingress-and-ingress-controller-101/#what-is-a-kubernetes-ingress-controller)
is a software that runs in the same way as any other application on a cluster.
To start Traefik on the Kubernetes cluster,
a [`Deployment`](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/deployment-v1/) resource must exist to describe how to configure
and scale containers horizontally to support larger workloads.
Start by creating a file called `02-traefik.yml` and paste the following `Deployment` resource:
```yaml tab="02-traefik.yml"
kind: Deployment
apiVersion: apps/v1
metadata:
name: traefik-deployment
labels:
app: traefik
spec:
replicas: 1
selector:
matchLabels:
app: traefik
template:
metadata:
labels:
app: traefik
spec:
serviceAccountName: traefik-account
containers:
- name: traefik
image: traefik:v3.0
args:
- --api.insecure
- --providers.kubernetesingress
ports:
- name: web
containerPort: 80
- name: dashboard
containerPort: 8080
```
The deployment contains an important attribute for customizing Traefik: `args`.
These arguments are the static configuration for Traefik.
From here, it is possible to enable the dashboard,
configure entry points,
select dynamic configuration providers,
and [more](../reference/static-configuration/cli.md)...
In this deployment,
the static configuration enables the Traefik dashboard,
and uses Kubernetes native Ingress resources as router definitions to route incoming requests.
!!! info "When there is no entry point in the static configuration"
Traefik creates a default one called `web` using the port `80` routing HTTP requests.
!!! info "When enabling the [`api.insecure`](../../operations/api/#insecure) mode, Traefik exposes the dashboard on the port `8080`."
A deployment manages scaling and then can create lots of containers, called [Pods](https://kubernetes.io/docs/concepts/workloads/pods/).
Each Pod is configured following the `spec` field in the deployment.
Given that, a Deployment can run multiple Traefik Proxy Pods,
a piece is required to forward the traffic to any of the instance:
namely a [`Service`](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/service-v1/#Service).
Create a file called `02-traefik-services.yml` and insert the two `Service` resources:
```yaml tab="02-traefik-services.yml"
apiVersion: v1
kind: Service
metadata:
name: traefik-dashboard-service
spec:
type: LoadBalancer
ports:
- port: 8080
targetPort: dashboard
selector:
app: traefik
---
apiVersion: v1
kind: Service
metadata:
name: traefik-web-service
spec:
type: LoadBalancer
ports:
- targetPort: web
port: 80
selector:
app: traefik
```
!!! warning "It is possible to expose a service in different ways."
Depending on your working environment and use case, the `spec.type` might change.
It is strongly recommended to understand the available [service types](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) before proceeding to the next step.
It is now time to apply those files on your cluster to start Traefik.
```shell
kubectl apply -f 00-role.yml \
-f 00-account.yml \
-f 01-role-binding.yml \
-f 02-traefik.yml \
-f 02-traefik-services.yml
```
## Proxying applications
The only part still missing is the business application behind the reverse proxy.
For this guide, we use the example application [traefik/whoami](https://github.com/traefik/whoami),
but the principles are applicable to any other application.
The `whoami` application is a simple HTTP server running on port 80 which answers host-related information to the incoming requests.
As usual, start by creating a file called `03-whoami.yml` and paste the following `Deployment` resource:
```yaml tab="03-whoami.yml"
kind: Deployment
apiVersion: apps/v1
metadata:
name: whoami
labels:
app: whoami
spec:
replicas: 1
selector:
matchLabels:
app: whoami
template:
metadata:
labels:
app: whoami
spec:
containers:
- name: whoami
image: traefik/whoami
ports:
- name: web
containerPort: 80
```
And continue by creating the following `Service` resource in a file called `03-whoami-services.yml`:
```yaml tab="03-whoami-services.yml"
apiVersion: v1
kind: Service
metadata:
name: whoami
spec:
ports:
- name: web
port: 80
targetPort: web
selector:
app: whoami
```
Thanks to the Kubernetes API,
Traefik is notified when an Ingress resource is created, updated, or deleted.
This makes the process dynamic.
The ingresses are, in a way, the [dynamic configuration](../../providers/kubernetes-ingress/) for Traefik.
!!! tip
Find more information on [ingress controller](https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/),
and [Ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/) in the official Kubernetes documentation.
Create a file called `04-whoami-ingress.yml` and insert the `Ingress` resource:
```yaml tab="04-whoami-ingress.yml"
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: whoami-ingress
spec:
rules:
- http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: whoami
port:
name: web
```
This `Ingress` configures Traefik to redirect any incoming requests starting with `/` to the `whoami:80` service.
At this point, all the configurations are ready.
It is time to apply those new files:
```shell
kubectl apply -f 03-whoami.yml \
-f 03-whoami-services.yml \
-f 04-whoami-ingress.yml
```
Now you should be able to access the `whoami` application and the Traefik dashboard.
Load the dashboard on a web browser: [`http://localhost:8080`](http://localhost:8080).
And now access the `whoami` application:
```shell
curl -v http://localhost/
```
!!! question "Going further"
- [Filter the ingresses](../providers/kubernetes-ingress.md#ingressclass) to use with [IngressClass](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class)
- Use [IngressRoute CRD](../providers/kubernetes-crd.md)
- Protect [ingresses with TLS](../routing/providers/kubernetes-ingress.md#enabling-tls-via-annotations)
{!traefik-for-business-applications.md!}

View File

@@ -1,6 +1,11 @@
---
title: "Traefik Getting Started Quickly"
description: "Looking to get started with Traefik Proxy quickly? Read the technical documentation to see a basic use case that leverages Docker."
---
# Quick Start
A Simple Use Case Using Docker
A Basic Use Case Using Docker
{: .subtitle }
![quickstart-diagram](../assets/img/quickstart-diagram.png)
@@ -14,9 +19,9 @@ version: '3'
services:
reverse-proxy:
# The official v2.0 Traefik docker image
image: traefik:v2.0
# Enables the web UI and tells Traefik to listen to docker
# The official v3 Traefik Docker image
image: traefik:v3.0
# Enables the web UI and tells Traefik to listen to Docker
command: --api.insecure=true --providers.docker
ports:
# The HTTP port
@@ -36,7 +41,7 @@ Start your `reverse-proxy` with the following command:
docker-compose up -d reverse-proxy
```
You can open a browser and go to [http://localhost:8080/api/rawdata](http://localhost:8080/api/rawdata) to see Traefik's API rawdata (we'll go back there once we have launched a service in step 2).
You can open a browser and go to `http://localhost:8080/api/rawdata` to see Traefik's API rawdata (we'll go back there once we have launched a service in step 2).
## Traefik Detects New Services and Creates the Route for You
@@ -45,15 +50,20 @@ Now that we have a Traefik instance up and running, we will deploy new services.
Edit your `docker-compose.yml` file and add the following at the end of your file.
```yaml
# ...
version: '3'
services:
...
whoami:
# A container that exposes an API to show its IP address
image: containous/whoami
image: traefik/whoami
labels:
- "traefik.http.routers.whoami.rule=Host(`whoami.docker.localhost`)"
```
The above defines `whoami`: a simple web service that outputs information about the machine it is deployed on (its IP address, host, and so on).
The above defines [`whoami`](https://github.com/traefik/whoami "Link to whoami app on GitHub"), a web service that outputs information about the machine it is deployed on (its IP address, host, etc.).
Start the `whoami` service with the following command:
@@ -61,9 +71,9 @@ Start the `whoami` service with the following command:
docker-compose up -d whoami
```
Go back to your browser ([http://localhost:8080/api/rawdata](http://localhost:8080/api/rawdata)) and see that Traefik has automatically detected the new container and updated its own configuration.
Browse `http://localhost:8080/api/rawdata` and see that Traefik has automatically detected the new container and updated its own configuration.
When Traefik detects new services, it creates the corresponding routes so you can call them ... _let's see!_ (Here, we're using curl)
When Traefik detects new services, it creates the corresponding routes, so you can call them ... _let's see!_ (Here, we're using curl)
```shell
curl -H Host:whoami.docker.localhost http://127.0.0.1
@@ -85,7 +95,7 @@ Run more instances of your `whoami` service with the following command:
docker-compose up -d --scale whoami=2
```
Go back to your browser ([http://localhost:8080/api/rawdata](http://localhost:8080/api/rawdata)) and see that Traefik has automatically detected the new instance of the container.
Browse to `http://localhost:8080/api/rawdata` and see that Traefik has automatically detected the new instance of the container.
Finally, see that Traefik load-balances between the two instances of your service by running the following command twice:
@@ -108,4 +118,7 @@ IP: 172.27.0.4
```
!!! question "Where to Go Next?"
Now that you have a basic understanding of how Traefik can automatically create the routes to your services and load balance them, it is time to dive into [the documentation](/) and let Traefik work for you!
Now that you have a basic understanding of how Traefik can automatically create the routes to your services and load balance them, it is time to dive into [the documentation](/ "Link to the docs landing page") and let Traefik work for you!
{!traefik-for-business-applications.md!}

View File

@@ -1,22 +0,0 @@
# TODO -- Glossary
Where Every Technical Word finds its Definition`
{: .subtitle}
- [ ] Provider
- [ ] Types of providers (KV, annotation based, label based, configuration based)
- [ ] Entrypoint
- [ ] Routers
- [ ] Middleware
- [ ] Service
- [ ] [Static configuration](getting-started/configuration-overview.md#the-static-configuration)
- [ ] [Dynamic configuration](getting-started/configuration-overview.md#the-dynamic-configuration)
- [ ] ACME
- [ ] TraefikEE
- [ ] Tracing
- [ ] Metrics
- [ ] Orchestrator
- [ ] Key Value Store
- [ ] Logs
- [ ] Traefiker
- [ ] Traefik (How to pronounce)

View File

@@ -0,0 +1,4 @@
{
"extends": "../../.markdownlint.json",
"MD041": false
}

View File

@@ -1,3 +1,8 @@
---
title: "Traefik Let's Encrypt Documentation"
description: "Learn how to configure Traefik Proxy to use an ACME provider like Let's Encrypt for automatic certificate generation. Read the technical documentation."
---
# Let's Encrypt
Automatic HTTPS
@@ -6,87 +11,167 @@ Automatic HTTPS
You can configure Traefik to use an ACME provider (like Let's Encrypt) for automatic certificate generation.
!!! warning "Let's Encrypt and Rate Limiting"
Note that Let's Encrypt API has [rate limiting](https://letsencrypt.org/docs/rate-limits).
Note that Let's Encrypt API has [rate limiting](https://letsencrypt.org/docs/rate-limits). These last up to **one week**, and can not be overridden.
When running Traefik in a container this file should be persisted across restarts.
If Traefik requests new certificates each time it starts up, a crash-looping container can quickly reach Let's Encrypt's ratelimits.
To configure where certificates are stored, please take a look at the [storage](#storage) configuration.
Use Let's Encrypt staging server with the [`caServer`](#caserver) configuration option
when experimenting to avoid hitting this limit too fast.
## Certificate Resolvers
Traefik requires you to define "Certificate Resolvers" in the [static configuration](../getting-started/configuration-overview.md#the-static-configuration),
which are responsible for retrieving certificates from an ACME server.
Then, each ["router"](../routing/routers/index.md) is configured to enable TLS,
and is associated to a certificate resolver through the [`tls.certresolver` configuration option](../routing/routers/index.md#certresolver).
Certificates are requested for domain names retrieved from the router's [dynamic configuration](../getting-started/configuration-overview.md#the-dynamic-configuration).
You can read more about this retrieval mechanism in the following section: [ACME Domain Definition](#domain-definition).
!!! warning "Defining an [ACME challenge type](#the-different-acme-challenges) is a requirement for a certificate resolver to be functional."
!!! important "Defining a certificate resolver does not result in all routers automatically using it. Each router that is supposed to use the resolver must [reference](../routing/routers/index.md#certresolver) it."
??? note "Configuration Reference"
There are many available options for ACME.
For a quick glance at what's possible, browse the configuration reference:
```yaml tab="File (YAML)"
--8<-- "content/https/ref-acme.yaml"
```
```toml tab="File (TOML)"
--8<-- "content/https/ref-acme.toml"
```
```bash tab="CLI"
--8<-- "content/https/ref-acme.txt"
```
## Domain Definition
Certificate resolvers request certificates for a set of the domain names
inferred from routers, with the following logic:
- If the router has a [`tls.domains`](../routing/routers/index.md#domains) option set,
then the certificate resolver uses the `main` (and optionally `sans`) option of `tls.domains` to know the domain names for this router.
- If no [`tls.domains`](../routing/routers/index.md#domains) option is set,
then the certificate resolver uses the [router's rule](../routing/routers/index.md#rule),
by checking the `Host()` matchers.
Please note that [multiple `Host()` matchers can be used](../routing/routers/index.md#certresolver)) for specifying multiple domain names for this router.
Please note that:
- When multiple domain names are inferred from a given router,
only **one** certificate is requested with the first domain name as the main domain,
and the other domains as ["SANs" (Subject Alternative Name)](https://en.wikipedia.org/wiki/Subject_Alternative_Name).
- As [ACME V2 supports "wildcard domains"](#wildcard-domains),
any router can provide a [wildcard domain](https://en.wikipedia.org/wiki/Wildcard_certificate) name, as "main" domain or as "SAN" domain.
Please check the [configuration examples below](#configuration-examples) for more details.
## Configuration Examples
??? example "Enabling ACME"
```toml tab="File (TOML)"
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.web-secure]
address = ":443"
[certificatesResolvers.sample.acme]
email = "your-email@your-domain.org"
storage = "acme.json"
[certificatesResolvers.sample.acme.httpChallenge]
# used during the challenge
entryPoint = "web"
```
```yaml tab="File (YAML)"
entryPoints:
web:
address: ":80"
web-secure:
websecure:
address: ":443"
certificatesResolvers:
sample:
myresolver:
acme:
email: your-email@your-domain.org
email: your-email@example.com
storage: acme.json
httpChallenge:
# used during the challenge
entryPoint: web
```
```bash tab="CLI"
--entryPoints.web.address=":80"
--entryPoints.websecure.address=":443"
# ...
--certificatesResolvers.sample.acme.email="your-email@your-domain.org"
--certificatesResolvers.sample.acme.storage="acme.json"
# used during the challenge
--certificatesResolvers.sample.acme.httpChallenge.entryPoint=web
```
!!! important "Defining a certificates resolver does not result in all routers automatically using it. Each router that is supposed to use the resolver must [reference](../routing/routers/index.md#certresolver) it."
??? note "Configuration Reference"
There are many available options for ACME.
For a quick glance at what's possible, browse the configuration reference:
```toml tab="File (TOML)"
--8<-- "content/https/ref-acme.toml"
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.websecure]
address = ":443"
[certificatesResolvers.myresolver.acme]
email = "your-email@example.com"
storage = "acme.json"
[certificatesResolvers.myresolver.acme.httpChallenge]
# used during the challenge
entryPoint = "web"
```
```yaml tab="File (YAML)"
--8<-- "content/https/ref-acme.yaml"
```
```bash tab="CLI"
--8<-- "content/https/ref-acme.txt"
--entrypoints.web.address=:80
--entrypoints.websecure.address=:443
# ...
--certificatesresolvers.myresolver.acme.email=your-email@example.com
--certificatesresolvers.myresolver.acme.storage=acme.json
# used during the challenge
--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web
```
!!! important "Defining a certificate resolver does not result in all routers automatically using it. Each router that is supposed to use the resolver must [reference](../routing/routers/index.md#certresolver) it."
??? example "Single Domain from Router's Rule Example"
* A certificate for the domain `example.com` is requested:
--8<-- "content/https/include-acme-single-domain-example.md"
??? example "Multiple Domains from Router's Rule Example"
* A certificate for the domains `example.com` (main) and `blog.example.org`
is requested:
--8<-- "content/https/include-acme-multiple-domains-from-rule-example.md"
??? example "Multiple Domains from Router's `tls.domain` Example"
* A certificate for the domains `example.com` (main) and `*.example.org` (SAN)
is requested:
--8<-- "content/https/include-acme-multiple-domains-example.md"
## Automatic Renewals
Traefik automatically tracks the expiry date of ACME certificates it generates.
If there are less than 30 days remaining before the certificate expires, Traefik will attempt to renew it automatically.
By default, Traefik manages 90 days certificates,
and starts to renew certificates 30 days before their expiry.
When using a certificate resolver that issues certificates with custom durations,
one can configure the certificates' duration with the [`certificatesDuration`](#certificatesduration) option.
!!! info ""
Certificates that are no longer used may still be renewed, as Traefik does not currently check if the certificate is being used before renewing.
## Using LetsEncrypt with Kubernetes
When using LetsEncrypt with kubernetes, there are some known caveats with both the [ingress](../providers/kubernetes-ingress.md) and [crd](../providers/kubernetes-crd.md) providers.
!!! info ""
If you intend to run multiple instances of Traefik with LetsEncrypt, please ensure you read the sections on those provider pages.
## The Different ACME Challenges
!!! important "Defining a certificates resolver does not result in all routers automatically using it. Each router that is supposed to use the resolver must [reference](../routing/routers/index.md#certresolver) it."
!!! warning "Defining one ACME challenge is a requirement for a certificate resolver to be functional."
!!! important "Defining a certificate resolver does not result in all routers automatically using it. Each router that is supposed to use the resolver must [reference](../routing/routers/index.md#certresolver) it."
### `tlsChallenge`
@@ -97,23 +182,23 @@ when using the `TLS-ALPN-01` challenge, Traefik must be reachable by Let's Encry
??? example "Configuring the `tlsChallenge`"
```toml tab="File (TOML)"
[certificatesResolvers.sample.acme]
# ...
[certificatesResolvers.sample.acme.tlsChallenge]
```
```yaml tab="File (YAML)"
certificatesResolvers:
sample:
myresolver:
acme:
# ...
tlsChallenge: {}
```
```toml tab="File (TOML)"
[certificatesResolvers.myresolver.acme]
# ...
[certificatesResolvers.myresolver.acme.tlsChallenge]
```
```bash tab="CLI"
# ...
--certificatesResolvers.sample.acme.tlsChallenge=true
--certificatesresolvers.myresolver.acme.tlschallenge=true
```
### `httpChallenge`
@@ -121,45 +206,45 @@ when using the `TLS-ALPN-01` challenge, Traefik must be reachable by Let's Encry
Use the `HTTP-01` challenge to generate and renew ACME certificates by provisioning an HTTP resource under a well-known URI.
As described on the Let's Encrypt [community forum](https://community.letsencrypt.org/t/support-for-ports-other-than-80-and-443/3419/72),
when using the `HTTP-01` challenge, `certificatesResolvers.sample.acme.httpChallenge.entryPoint` must be reachable by Let's Encrypt through port 80.
when using the `HTTP-01` challenge, `certificatesresolvers.myresolver.acme.httpchallenge.entrypoint` must be reachable by Let's Encrypt through port 80.
??? example "Using an EntryPoint Called http for the `httpChallenge`"
```toml tab="File (TOML)"
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.web-secure]
address = ":443"
[certificatesResolvers.sample.acme]
# ...
[certificatesResolvers.sample.acme.httpChallenge]
entryPoint = "web"
```
??? example "Using an EntryPoint Called web for the `httpChallenge`"
```yaml tab="File (YAML)"
entryPoints:
web:
address: ":80"
web-secure:
websecure:
address: ":443"
certificatesResolvers:
sample:
myresolver:
acme:
# ...
httpChallenge:
entryPoint: web
```
```toml tab="File (TOML)"
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.websecure]
address = ":443"
[certificatesResolvers.myresolver.acme]
# ...
[certificatesResolvers.myresolver.acme.httpChallenge]
entryPoint = "web"
```
```bash tab="CLI"
--entryPoints.web.address=":80"
--entryPoints.websecure.address=":443"
--entrypoints.web.address=:80
--entrypoints.websecure.address=:443
# ...
--certificatesResolvers.sample.acme.httpChallenge.entryPoint=web
--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web
```
!!! info ""
@@ -171,18 +256,9 @@ Use the `DNS-01` challenge to generate and renew ACME certificates by provisioni
??? example "Configuring a `dnsChallenge` with the DigitalOcean Provider"
```toml tab="File (TOML)"
[certificatesResolvers.sample.acme]
# ...
[certificatesResolvers.sample.acme.dnsChallenge]
provider = "digitalocean"
delayBeforeCheck = 0
# ...
```
```yaml tab="File (YAML)"
certificatesResolvers:
sample:
myresolver:
acme:
# ...
dnsChallenge:
@@ -190,95 +266,183 @@ Use the `DNS-01` challenge to generate and renew ACME certificates by provisioni
delayBeforeCheck: 0
# ...
```
```bash tab="CLI"
# ...
--certificatesResolvers.sample.acme.dnsChallenge.provider=digitalocean
--certificatesResolvers.sample.acme.dnsChallenge.delayBeforeCheck=0
```toml tab="File (TOML)"
[certificatesResolvers.myresolver.acme]
# ...
[certificatesResolvers.myresolver.acme.dnsChallenge]
provider = "digitalocean"
delayBeforeCheck = 0
# ...
```
!!! important
A `provider` is mandatory.
```bash tab="CLI"
# ...
--certificatesresolvers.myresolver.acme.dnschallenge.provider=digitalocean
--certificatesresolvers.myresolver.acme.dnschallenge.delaybeforecheck=0
# ...
```
!!! warning "`CNAME` support"
`CNAME` are supported (and sometimes even [encouraged](https://letsencrypt.org/2019/10/09/onboarding-your-customers-with-lets-encrypt-and-acme.html#the-advantages-of-a-cname)),
but there are a few cases where they can be [problematic](../../getting-started/faq/#why-does-lets-encrypt-wildcard-certificate-renewalgeneration-with-dns-challenge-fail).
If needed, `CNAME` support can be disabled with the following environment variable:
```bash
LEGO_DISABLE_CNAME_SUPPORT=true
```
!!! important
A `provider` is mandatory.
#### `providers`
Here is a list of supported `providers`, that can automate the DNS verification,
along with the required environment variables and their [wildcard & root domain support](#wildcard-domains).
Do not hesitate to complete it.
Every lego environment variable can be overridden by their respective `_FILE` counterpart, which should have a filepath to a file that contains the secret as its value.
Many lego environment variables can be overridden by their respective `_FILE` counterpart, which should have a filepath to a file that contains the secret as its value.
For example, `CF_API_EMAIL_FILE=/run/secrets/traefik_cf-api-email` could be used to provide a Cloudflare API email address as a Docker secret named `traefik_cf-api-email`.
| Provider Name | Provider Code | Environment Variables | |
|-------------------------------------------------------------|----------------|---------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------|
| [ACME DNS](https://github.com/joohoi/acme-dns) | `acme-dns` | `ACME_DNS_API_BASE`, `ACME_DNS_STORAGE_PATH` | [Additional configuration](https://go-acme.github.io/lego/dns/acme-dns) |
| [Alibaba Cloud](https://www.alibabacloud.com) | `alidns` | `ALICLOUD_ACCESS_KEY`, `ALICLOUD_SECRET_KEY`, `ALICLOUD_REGION_ID` | [Additional configuration](https://go-acme.github.io/lego/dns/alidns) |
| [Auroradns](https://www.pcextreme.com/aurora/dns) | `auroradns` | `AURORA_USER_ID`, `AURORA_KEY`, `AURORA_ENDPOINT` | [Additional configuration](https://go-acme.github.io/lego/dns/auroradns) |
| [Azure](https://azure.microsoft.com/services/dns/) | `azure` | `AZURE_CLIENT_ID`, `AZURE_CLIENT_SECRET`, `AZURE_SUBSCRIPTION_ID`, `AZURE_TENANT_ID`, `AZURE_RESOURCE_GROUP`, `[AZURE_METADATA_ENDPOINT]` | [Additional configuration](https://go-acme.github.io/lego/dns/azure) |
| [Bindman](https://github.com/labbsr0x/bindman-dns-webhook) | `bindman` | `BINDMAN_MANAGER_ADDRESS` | [Additional configuration](https://go-acme.github.io/lego/dns/bindman) |
| [Blue Cat](https://www.bluecatnetworks.com/) | `bluecat` | `BLUECAT_SERVER_URL`, `BLUECAT_USER_NAME`, `BLUECAT_PASSWORD`, `BLUECAT_CONFIG_NAME`, `BLUECAT_DNS_VIEW` | [Additional configuration](https://go-acme.github.io/lego/dns/bluecat) |
| [ClouDNS](https://www.cloudns.net/) | `cloudns` | `CLOUDNS_AUTH_ID`, `CLOUDNS_AUTH_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/cloudns) |
| [Cloudflare](https://www.cloudflare.com) | `cloudflare` | `CF_API_EMAIL`, `CF_API_KEY` or `CF_DNS_API_TOKEN`, `[CF_ZONE_API_TOKEN]` [^5] | [Additional configuration](https://go-acme.github.io/lego/dns/cloudflare) |
| [CloudXNS](https://www.cloudxns.net) | `cloudxns` | `CLOUDXNS_API_KEY`, `CLOUDXNS_SECRET_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/cloudxns) |
| [ConoHa](https://www.conoha.jp) | `conoha` | `CONOHA_TENANT_ID`, `CONOHA_API_USERNAME`, `CONOHA_API_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/conoha) |
| [DigitalOcean](https://www.digitalocean.com) | `digitalocean` | `DO_AUTH_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/digitalocean) |
| [DNSimple](https://dnsimple.com) | `dnsimple` | `DNSIMPLE_OAUTH_TOKEN`, `DNSIMPLE_BASE_URL` | [Additional configuration](https://go-acme.github.io/lego/dns/dnsimple) |
| [DNS Made Easy](https://dnsmadeeasy.com) | `dnsmadeeasy` | `DNSMADEEASY_API_KEY`, `DNSMADEEASY_API_SECRET`, `DNSMADEEASY_SANDBOX` | [Additional configuration](https://go-acme.github.io/lego/dns/dnsmadeeasy) |
| [DNSPod](https://www.dnspod.com/) | `dnspod` | `DNSPOD_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/dnspod) |
| [Domain Offensive (do.de)](https://www.do.de/) | `dode` | `DODE_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/dode) |
| [DreamHost](https://www.dreamhost.com/) | `dreamhost` | `DREAMHOST_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/dreamhost) |
| [Duck DNS](https://www.duckdns.org/) | `duckdns` | `DUCKDNS_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/duckdns) |
| [Dyn](https://dyn.com) | `dyn` | `DYN_CUSTOMER_NAME`, `DYN_USER_NAME`, `DYN_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/dyn) |
| [EasyDNS](https://easydns.com/) | `easydns` | `EASYDNS_TOKEN`, `EASYDNS_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/easydns) |
| External Program | `exec` | `EXEC_PATH` | [Additional configuration](https://go-acme.github.io/lego/dns/exec) |
| [Exoscale](https://www.exoscale.com) | `exoscale` | `EXOSCALE_API_KEY`, `EXOSCALE_API_SECRET`, `EXOSCALE_ENDPOINT` | [Additional configuration](https://go-acme.github.io/lego/dns/exoscale) |
| [Fast DNS](https://www.akamai.com/) | `fastdns` | `AKAMAI_CLIENT_TOKEN`, `AKAMAI_CLIENT_SECRET`, `AKAMAI_ACCESS_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/fastdns) |
| [Gandi](https://www.gandi.net) | `gandi` | `GANDI_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/gandi) |
| [Gandi v5](http://doc.livedns.gandi.net) | `gandiv5` | `GANDIV5_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/gandiv5) |
| [Glesys](https://glesys.com/) | `glesys` | `GLESYS_API_USER`, `GLESYS_API_KEY`, `GLESYS_DOMAIN` | [Additional configuration](https://go-acme.github.io/lego/dns/glesys) |
| [GoDaddy](https://godaddy.com/) | `godaddy` | `GODADDY_API_KEY`, `GODADDY_API_SECRET` | [Additional configuration](https://go-acme.github.io/lego/dns/godaddy) |
| [Google Cloud DNS](https://cloud.google.com/dns/docs/) | `gcloud` | `GCE_PROJECT`, Application Default Credentials [^2] [^3], [`GCE_SERVICE_ACCOUNT_FILE`] | [Additional configuration](https://go-acme.github.io/lego/dns/gcloud) |
| [hosting.de](https://www.hosting.de) | `hostingde` | `HOSTINGDE_API_KEY`, `HOSTINGDE_ZONE_NAME` | [Additional configuration](https://go-acme.github.io/lego/dns/hostingde) |
| HTTP request | `httpreq` | `HTTPREQ_ENDPOINT`, `HTTPREQ_MODE`, `HTTPREQ_USERNAME`, `HTTPREQ_PASSWORD` [^1] | [Additional configuration](https://go-acme.github.io/lego/dns/httpreq) |
| [IIJ](https://www.iij.ad.jp/) | `iij` | `IIJ_API_ACCESS_KEY`, `IIJ_API_SECRET_KEY`, `IIJ_DO_SERVICE_CODE` | [Additional configuration](https://go-acme.github.io/lego/dns/iij) |
| [INWX](https://www.inwx.de/en) | `inwx` | `INWX_USERNAME`, `INWX_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/inwx) |
| [Joker.com](https://joker.com) | `joker` | `JOKER_API_KEY` or `JOKER_USERNAME`, `JOKER_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/joker) |
| [Lightsail](https://aws.amazon.com/lightsail/) | `lightsail` | `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `DNS_ZONE` | [Additional configuration](https://go-acme.github.io/lego/dns/lightsail) |
| [Linode](https://www.linode.com) | `linode` | `LINODE_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/linode) |
| [Linode v4](https://www.linode.com) | `linodev4` | `LINODE_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/linodev4) |
| [Liquid Web](https://www.liquidweb.com/) | `liquidweb` | `LIQUID_WEB_PASSWORD`, `LIQUID_WEB_USERNAME`, `LIQUID_WEB_ZONE` | [Additional configuration](https://go-acme.github.io/lego/dns/liquidweb) |
| manual | - | none, but you need to run Traefik interactively [^4], turn on debug log to see instructions and press <kbd>Enter</kbd>. | |
| [MyDNS.jp](https://www.mydns.jp/) | `mydnsjp` | `MYDNSJP_MASTER_ID`, `MYDNSJP_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/mydnsjp) |
| [Namecheap](https://www.namecheap.com) | `namecheap` | `NAMECHEAP_API_USER`, `NAMECHEAP_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/namecheap) |
| [name.com](https://www.name.com/) | `namedotcom` | `NAMECOM_USERNAME`, `NAMECOM_API_TOKEN`, `NAMECOM_SERVER` | [Additional configuration](https://go-acme.github.io/lego/dns/namedotcom) |
| [Namesilo](https://www.namesilo.com/) | `namesilo` | `NAMESILO_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/namesilo) |
| [Netcup](https://www.netcup.eu/) | `netcup` | `NETCUP_CUSTOMER_NUMBER`, `NETCUP_API_KEY`, `NETCUP_API_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/netcup) |
| [NIFCloud](https://cloud.nifty.com/service/dns.htm) | `nifcloud` | `NIFCLOUD_ACCESS_KEY_ID`, `NIFCLOUD_SECRET_ACCESS_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/nifcloud) |
| [Ns1](https://ns1.com/) | `ns1` | `NS1_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/ns1) |
| [Open Telekom Cloud](https://cloud.telekom.de) | `otc` | `OTC_DOMAIN_NAME`, `OTC_USER_NAME`, `OTC_PASSWORD`, `OTC_PROJECT_NAME`, `OTC_IDENTITY_ENDPOINT` | [Additional configuration](https://go-acme.github.io/lego/dns/otc) |
| [OVH](https://www.ovh.com) | `ovh` | `OVH_ENDPOINT`, `OVH_APPLICATION_KEY`, `OVH_APPLICATION_SECRET`, `OVH_CONSUMER_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/ovh) |
| [Openstack Designate](https://docs.openstack.org/designate) | `designate` | `OS_AUTH_URL`, `OS_USERNAME`, `OS_PASSWORD`, `OS_TENANT_NAME`, `OS_REGION_NAME` | [Additional configuration](https://go-acme.github.io/lego/dns/designate) |
| [Oracle Cloud](https://cloud.oracle.com/home) | `oraclecloud` | `OCI_COMPARTMENT_OCID`, `OCI_PRIVKEY_FILE`, `OCI_PRIVKEY_PASS`, `OCI_PUBKEY_FINGERPRINT`, `OCI_REGION`, `OCI_TENANCY_OCID`, `OCI_USER_OCID` | [Additional configuration](https://go-acme.github.io/lego/dns/oraclecloud) |
| [PowerDNS](https://www.powerdns.com) | `pdns` | `PDNS_API_KEY`, `PDNS_API_URL` | [Additional configuration](https://go-acme.github.io/lego/dns/pdns) |
| [Rackspace](https://www.rackspace.com/cloud/dns) | `rackspace` | `RACKSPACE_USER`, `RACKSPACE_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/rackspace) |
| [RFC2136](https://tools.ietf.org/html/rfc2136) | `rfc2136` | `RFC2136_TSIG_KEY`, `RFC2136_TSIG_SECRET`, `RFC2136_TSIG_ALGORITHM`, `RFC2136_NAMESERVER` | [Additional configuration](https://go-acme.github.io/lego/dns/rfc2136) |
| [Route 53](https://aws.amazon.com/route53/) | `route53` | `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `[AWS_REGION]`, `[AWS_HOSTED_ZONE_ID]` or a configured user/instance IAM profile. | [Additional configuration](https://go-acme.github.io/lego/dns/route53) |
| [Sakura Cloud](https://cloud.sakura.ad.jp/) | `sakuracloud` | `SAKURACLOUD_ACCESS_TOKEN`, `SAKURACLOUD_ACCESS_TOKEN_SECRET` | [Additional configuration](https://go-acme.github.io/lego/dns/sakuracloud) |
| [Selectel](https://selectel.ru/en/) | `selectel` | `SELECTEL_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/selectel) |
| [Stackpath](https://www.stackpath.com/) | `stackpath` | `STACKPATH_CLIENT_ID`, `STACKPATH_CLIENT_SECRET`, `STACKPATH_STACK_ID` | [Additional configuration](https://go-acme.github.io/lego/dns/stackpath) |
| [TransIP](https://www.transip.nl/) | `transip` | `TRANSIP_ACCOUNT_NAME`, `TRANSIP_PRIVATE_KEY_PATH` | [Additional configuration](https://go-acme.github.io/lego/dns/transip) |
| [VegaDNS](https://github.com/shupp/VegaDNS-API) | `vegadns` | `SECRET_VEGADNS_KEY`, `SECRET_VEGADNS_SECRET`, `VEGADNS_URL` | [Additional configuration](https://go-acme.github.io/lego/dns/vegadns) |
| [Versio](https://www.versio.nl/domeinnamen) | `versio` | `VERSIO_USERNAME`, `VERSIO_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/versio) |
| [Vscale](https://vscale.io/) | `vscale` | `VSCALE_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/vscale) |
| [VULTR](https://www.vultr.com) | `vultr` | `VULTR_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/vultr) |
| [Zone.ee](https://www.zone.ee) | `zoneee` | `ZONEEE_API_USER`, `ZONEEE_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/zoneee) |
For complete details, refer to your provider's _Additional configuration_ link.
[^1]: more information about the HTTP message format can be found [here](https://go-acme.github.io/lego/dns/httpreq/)
[^2]: [providing_credentials_to_your_application](https://cloud.google.com/docs/authentication/production#providing_credentials_to_your_application)
| Provider Name | Provider Code | Environment Variables | |
|------------------------------------------------------------------------|--------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------|
| [ACME DNS](https://github.com/joohoi/acme-dns) | `acme-dns` | `ACME_DNS_API_BASE`, `ACME_DNS_STORAGE_PATH` | [Additional configuration](https://go-acme.github.io/lego/dns/acme-dns) |
| [Alibaba Cloud](https://www.alibabacloud.com) | `alidns` | `ALICLOUD_ACCESS_KEY`, `ALICLOUD_SECRET_KEY`, `ALICLOUD_REGION_ID` | [Additional configuration](https://go-acme.github.io/lego/dns/alidns) |
| [all-inkl](https://all-inkl.com) | `allinkl` | `ALL_INKL_LOGIN`, `ALL_INKL_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/allinkl) |
| [ArvanCloud](https://www.arvancloud.ir/en) | `arvancloud` | `ARVANCLOUD_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/arvancloud) |
| [Auroradns](https://www.pcextreme.com/dns-health-checks) | `auroradns` | `AURORA_USER_ID`, `AURORA_KEY`, `AURORA_ENDPOINT` | [Additional configuration](https://go-acme.github.io/lego/dns/auroradns) |
| [Autodns](https://www.internetx.com/domains/autodns/) | `autodns` | `AUTODNS_API_USER`, `AUTODNS_API_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/autodns) |
| [Azure](https://azure.microsoft.com/services/dns/) (DEPRECATED) | `azure` | `AZURE_CLIENT_ID`, `AZURE_CLIENT_SECRET`, `AZURE_SUBSCRIPTION_ID`, `AZURE_TENANT_ID`, `AZURE_RESOURCE_GROUP`, `[AZURE_METADATA_ENDPOINT]` | [Additional configuration](https://go-acme.github.io/lego/dns/azure) |
| [AzureDNS](https://azure.microsoft.com/services/dns/) | `azuredns` | `AZURE_CLIENT_ID`, `AZURE_CLIENT_SECRET`, `AZURE_TENANT_ID`, `AZURE_SUBSCRIPTION_ID`, `AZURE_RESOURCE_GROUP`, `[AZURE_ENVIRONMENT]`, `[AZURE_PRIVATE_ZONE]`, `[AZURE_ZONE_NAME]` | [Additional configuration](https://go-acme.github.io/lego/dns/azuredns) |
| [Bindman](https://github.com/labbsr0x/bindman-dns-webhook) | `bindman` | `BINDMAN_MANAGER_ADDRESS` | [Additional configuration](https://go-acme.github.io/lego/dns/bindman) |
| [Blue Cat](https://www.bluecatnetworks.com/) | `bluecat` | `BLUECAT_SERVER_URL`, `BLUECAT_USER_NAME`, `BLUECAT_PASSWORD`, `BLUECAT_CONFIG_NAME`, `BLUECAT_DNS_VIEW` | [Additional configuration](https://go-acme.github.io/lego/dns/bluecat) |
| [Brandit](https://www.brandit.com) | `brandit` | `BRANDIT_API_USERNAME`, `BRANDIT_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/brandit) |
| [Bunny](https://bunny.net) | `bunny` | `BUNNY_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/bunny) |
| [Checkdomain](https://www.checkdomain.de/) | `checkdomain` | `CHECKDOMAIN_TOKEN`, | [Additional configuration](https://go-acme.github.io/lego/dns/checkdomain/) |
| [Civo](https://www.civo.com/) | `civo` | `CIVO_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/civo) |
| [Cloud.ru](https://cloud.ru) | `cloudru` | `CLOUDRU_SERVICE_INSTANCE_ID`, `CLOUDRU_KEY_ID`, `CLOUDRU_SECRET` | [Additional configuration](https://go-acme.github.io/lego/dns/cloudru) |
| [CloudDNS](https://vshosting.eu/) | `clouddns` | `CLOUDDNS_CLIENT_ID`, `CLOUDDNS_EMAIL`, `CLOUDDNS_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/clouddns) |
| [Cloudflare](https://www.cloudflare.com) | `cloudflare` | `CF_API_EMAIL`, `CF_API_KEY` [^5] or `CF_DNS_API_TOKEN`, `[CF_ZONE_API_TOKEN]` | [Additional configuration](https://go-acme.github.io/lego/dns/cloudflare) |
| [ClouDNS](https://www.cloudns.net/) | `cloudns` | `CLOUDNS_AUTH_ID`, `CLOUDNS_AUTH_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/cloudns) |
| [CloudXNS](https://www.cloudxns.net) | `cloudxns` | `CLOUDXNS_API_KEY`, `CLOUDXNS_SECRET_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/cloudxns) |
| [ConoHa](https://www.conoha.jp) | `conoha` | `CONOHA_TENANT_ID`, `CONOHA_API_USERNAME`, `CONOHA_API_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/conoha) |
| [Constellix](https://constellix.com) | `constellix` | `CONSTELLIX_API_KEY`, `CONSTELLIX_SECRET_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/constellix) |
| [Derak Cloud](https://derak.cloud/) | `derak` | `DERAK_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/derak) |
| [deSEC](https://desec.io) | `desec` | `DESEC_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/desec) |
| [DigitalOcean](https://www.digitalocean.com) | `digitalocean` | `DO_AUTH_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/digitalocean) |
| [DNS Made Easy](https://dnsmadeeasy.com) | `dnsmadeeasy` | `DNSMADEEASY_API_KEY`, `DNSMADEEASY_API_SECRET`, `DNSMADEEASY_SANDBOX` | [Additional configuration](https://go-acme.github.io/lego/dns/dnsmadeeasy) |
| [dnsHome.de](https://www.dnshome.de) | `dnsHomede` | `DNSHOMEDE_CREDENTIALS` | [Additional configuration](https://go-acme.github.io/lego/dns/dnshomede) |
| [DNSimple](https://dnsimple.com) | `dnsimple` | `DNSIMPLE_OAUTH_TOKEN`, `DNSIMPLE_BASE_URL` | [Additional configuration](https://go-acme.github.io/lego/dns/dnsimple) |
| [DNSPod](https://www.dnspod.com/) | `dnspod` | `DNSPOD_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/dnspod) |
| [Domain Offensive (do.de)](https://www.do.de/) | `dode` | `DODE_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/dode) |
| [Domeneshop](https://domene.shop) | `domeneshop` | `DOMENESHOP_API_TOKEN`, `DOMENESHOP_API_SECRET` | [Additional configuration](https://go-acme.github.io/lego/dns/domeneshop) |
| [DreamHost](https://www.dreamhost.com/) | `dreamhost` | `DREAMHOST_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/dreamhost) |
| [Duck DNS](https://www.duckdns.org/) | `duckdns` | `DUCKDNS_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/duckdns) |
| [Dyn](https://dyn.com) | `dyn` | `DYN_CUSTOMER_NAME`, `DYN_USER_NAME`, `DYN_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/dyn) |
| [Dynu](https://www.dynu.com) | `dynu` | `DYNU_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/dynu) |
| [EasyDNS](https://easydns.com/) | `easydns` | `EASYDNS_TOKEN`, `EASYDNS_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/easydns) |
| [EdgeDNS](https://www.akamai.com/) | `edgedns` | `AKAMAI_CLIENT_TOKEN`, `AKAMAI_CLIENT_SECRET`, `AKAMAI_ACCESS_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/edgedns) |
| [Efficient IP](https://efficientip.com) | `efficientip` | `EFFICIENTIP_USERNAME`, `EFFICIENTIP_PASSWORD`, `EFFICIENTIP_HOSTNAME`, `EFFICIENTIP_DNS_NAME` | [Additional configuration](https://go-acme.github.io/lego/dns/efficientip) |
| [Epik](https://www.epik.com) | `epik` | `EPIK_SIGNATURE` | [Additional configuration](https://go-acme.github.io/lego/dns/epik) |
| [Exoscale](https://www.exoscale.com) | `exoscale` | `EXOSCALE_API_KEY`, `EXOSCALE_API_SECRET`, `EXOSCALE_ENDPOINT` | [Additional configuration](https://go-acme.github.io/lego/dns/exoscale) |
| [Fast DNS](https://www.akamai.com/) | `fastdns` | `AKAMAI_CLIENT_TOKEN`, `AKAMAI_CLIENT_SECRET`, `AKAMAI_ACCESS_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/edgedns) |
| [Freemyip.com](https://freemyip.com) | `freemyip` | `FREEMYIP_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/freemyip) |
| [G-Core](https://gcore.com/dns/) | `gcore` | `GCORE_PERMANENT_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/gcore) |
| [Gandi v5](https://doc.livedns.gandi.net) | `gandiv5` | `GANDIV5_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/gandiv5) |
| [Gandi](https://www.gandi.net) | `gandi` | `GANDI_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/gandi) |
| [Glesys](https://glesys.com/) | `glesys` | `GLESYS_API_USER`, `GLESYS_API_KEY`, `GLESYS_DOMAIN` | [Additional configuration](https://go-acme.github.io/lego/dns/glesys) |
| [GoDaddy](https://www.godaddy.com) | `godaddy` | `GODADDY_API_KEY`, `GODADDY_API_SECRET` | [Additional configuration](https://go-acme.github.io/lego/dns/godaddy) |
| [Google Cloud DNS](https://cloud.google.com/dns/docs/) | `gcloud` | `GCE_PROJECT`, Application Default Credentials [^2] [^3], [`GCE_SERVICE_ACCOUNT_FILE`] | [Additional configuration](https://go-acme.github.io/lego/dns/gcloud) |
| [Google Domains](https://domains.google) | `googledomains` | `GOOGLE_DOMAINS_ACCESS_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/googledomains) |
| [Hetzner](https://hetzner.com) | `hetzner` | `HETZNER_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/hetzner) |
| [hosting.de](https://www.hosting.de) | `hostingde` | `HOSTINGDE_API_KEY`, `HOSTINGDE_ZONE_NAME` | [Additional configuration](https://go-acme.github.io/lego/dns/hostingde) |
| [Hosttech](https://www.hosttech.eu) | `hosttech` | `HOSTTECH_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/hosttech) |
| [Hurricane Electric](https://dns.he.net) | `hurricane` | `HURRICANE_TOKENS` [^6] | [Additional configuration](https://go-acme.github.io/lego/dns/hurricane) |
| [HyperOne](https://www.hyperone.com) | `hyperone` | `HYPERONE_PASSPORT_LOCATION`, `HYPERONE_LOCATION_ID` | [Additional configuration](https://go-acme.github.io/lego/dns/hyperone) |
| [IBM Cloud (SoftLayer)](https://www.ibm.com/cloud/) | `ibmcloud` | `SOFTLAYER_USERNAME`, `SOFTLAYER_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/ibmcloud) |
| [IIJ DNS Platform Service](https://www.iij.ad.jp) | `iijdpf` | `IIJ_DPF_API_TOKEN` , `IIJ_DPF_DPM_SERVICE_CODE` | [Additional configuration](https://go-acme.github.io/lego/dns/iijdpf) |
| [IIJ](https://www.iij.ad.jp/) | `iij` | `IIJ_API_ACCESS_KEY`, `IIJ_API_SECRET_KEY`, `IIJ_DO_SERVICE_CODE` | [Additional configuration](https://go-acme.github.io/lego/dns/iij) |
| [Infoblox](https://www.infoblox.com/) | `infoblox` | `INFOBLOX_USERNAME`, `INFOBLOX_PASSWORD`, `INFOBLOX_HOST` | [Additional configuration](https://go-acme.github.io/lego/dns/infoblox) |
| [Infomaniak](https://www.infomaniak.com) | `infomaniak` | `INFOMANIAK_ACCESS_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/infomaniak) |
| [Internet.bs](https://internetbs.net) | `internetbs` | `INTERNET_BS_API_KEY`, `INTERNET_BS_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/internetbs) |
| [INWX](https://www.inwx.de/en) | `inwx` | `INWX_USERNAME`, `INWX_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/inwx) |
| [ionos](https://ionos.com/) | `ionos` | `IONOS_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/ionos) |
| [IPv64](https://ipv64.net) | `ipv64` | `IPV64_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/ipv64) |
| [iwantmyname](https://iwantmyname.com) | `iwantmyname` | `IWANTMYNAME_USERNAME` , `IWANTMYNAME_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/iwantmyname) |
| [Joker.com](https://joker.com) | `joker` | `JOKER_API_MODE` with `JOKER_API_KEY` or `JOKER_USERNAME`, `JOKER_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/joker) |
| [Liara](https://liara.ir) | `liara` | `LIARA_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/liara) |
| [Lightsail](https://aws.amazon.com/lightsail/) | `lightsail` | `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `DNS_ZONE` | [Additional configuration](https://go-acme.github.io/lego/dns/lightsail) |
| [Linode v4](https://www.linode.com) | `linode` | `LINODE_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/linode) |
| [Liquid Web](https://www.liquidweb.com/) | `liquidweb` | `LIQUID_WEB_PASSWORD`, `LIQUID_WEB_USERNAME`, `LIQUID_WEB_ZONE` | [Additional configuration](https://go-acme.github.io/lego/dns/liquidweb) |
| [Loopia](https://loopia.com/) | `loopia` | `LOOPIA_API_PASSWORD`, `LOOPIA_API_USER` | [Additional configuration](https://go-acme.github.io/lego/dns/loopia) |
| [LuaDNS](https://luadns.com) | `luadns` | `LUADNS_API_USERNAME`, `LUADNS_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/luadns) |
| [Metaname](https://metaname.net) | `metaname` | `METANAME_ACCOUNT_REFERENCE`, `METANAME_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/metaname) |
| [MyDNS.jp](https://www.mydns.jp/) | `mydnsjp` | `MYDNSJP_MASTER_ID`, `MYDNSJP_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/mydnsjp) |
| [Mythic Beasts](https://www.mythic-beasts.com) | `mythicbeasts` | `MYTHICBEASTS_USER_NAME`, `MYTHICBEASTS_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/mythicbeasts) |
| [name.com](https://www.name.com/) | `namedotcom` | `NAMECOM_USERNAME`, `NAMECOM_API_TOKEN`, `NAMECOM_SERVER` | [Additional configuration](https://go-acme.github.io/lego/dns/namedotcom) |
| [Namecheap](https://www.namecheap.com) | `namecheap` | `NAMECHEAP_API_USER`, `NAMECHEAP_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/namecheap) |
| [Namesilo](https://www.namesilo.com/) | `namesilo` | `NAMESILO_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/namesilo) |
| [NearlyFreeSpeech.NET](https://www.nearlyfreespeech.net/) | `nearlyfreespeech` | `NEARLYFREESPEECH_API_KEY`, `NEARLYFREESPEECH_LOGIN` | [Additional configuration](https://go-acme.github.io/lego/dns/nearlyfreespeech) |
| [Netcup](https://www.netcup.eu/) | `netcup` | `NETCUP_CUSTOMER_NUMBER`, `NETCUP_API_KEY`, `NETCUP_API_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/netcup) |
| [Netlify](https://www.netlify.com) | `netlify` | `NETLIFY_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/netlify) |
| [Nicmanager](https://www.nicmanager.com) | `nicmanager` | `NICMANAGER_API_EMAIL`, `NICMANAGER_API_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/nicmanager) |
| [NIFCloud](https://cloud.nifty.com/service/dns.htm) | `nifcloud` | `NIFCLOUD_ACCESS_KEY_ID`, `NIFCLOUD_SECRET_ACCESS_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/nifcloud) |
| [Njalla](https://njal.la) | `njalla` | `NJALLA_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/njalla) |
| [Nodion](https://www.nodion.com) | `nodion` | `NODION_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/nodion) |
| [NS1](https://ns1.com/) | `ns1` | `NS1_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/ns1) |
| [Open Telekom Cloud](https://cloud.telekom.de) | `otc` | `OTC_DOMAIN_NAME`, `OTC_USER_NAME`, `OTC_PASSWORD`, `OTC_PROJECT_NAME`, `OTC_IDENTITY_ENDPOINT` | [Additional configuration](https://go-acme.github.io/lego/dns/otc) |
| [Openstack Designate](https://docs.openstack.org/designate) | `designate` | `OS_AUTH_URL`, `OS_USERNAME`, `OS_PASSWORD`, `OS_TENANT_NAME`, `OS_REGION_NAME` | [Additional configuration](https://go-acme.github.io/lego/dns/designate) |
| [Oracle Cloud](https://cloud.oracle.com/home) | `oraclecloud` | `OCI_COMPARTMENT_OCID`, `OCI_PRIVKEY_FILE`, `OCI_PRIVKEY_PASS`, `OCI_PUBKEY_FINGERPRINT`, `OCI_REGION`, `OCI_TENANCY_OCID`, `OCI_USER_OCID` | [Additional configuration](https://go-acme.github.io/lego/dns/oraclecloud) |
| [OVH](https://www.ovh.com) | `ovh` | `OVH_ENDPOINT`, `OVH_APPLICATION_KEY`, `OVH_APPLICATION_SECRET`, `OVH_CONSUMER_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/ovh) |
| [Plesk](https://www.plesk.com) | `plesk` | `PLESK_SERVER_BASE_URL`, `PLESK_USERNAME`, `PLESK_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/plesk) |
| [Porkbun](https://porkbun.com/) | `porkbun` | `PORKBUN_SECRET_API_KEY`, `PORKBUN_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/porkbun) |
| [PowerDNS](https://www.powerdns.com) | `pdns` | `PDNS_API_KEY`, `PDNS_API_URL` | [Additional configuration](https://go-acme.github.io/lego/dns/pdns) |
| [Rackspace](https://www.rackspace.com/cloud/dns) | `rackspace` | `RACKSPACE_USER`, `RACKSPACE_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/rackspace) |
| [RcodeZero](https://www.rcodezero.at) | `rcodezero` | `RCODEZERO_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/rcodezero) |
| [reg.ru](https://www.reg.ru) | `regru` | `REGRU_USERNAME`, `REGRU_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/regru) |
| [RFC2136](https://tools.ietf.org/html/rfc2136) | `rfc2136` | `RFC2136_TSIG_KEY`, `RFC2136_TSIG_SECRET`, `RFC2136_TSIG_ALGORITHM`, `RFC2136_NAMESERVER` | [Additional configuration](https://go-acme.github.io/lego/dns/rfc2136) |
| [RimuHosting](https://rimuhosting.com) | `rimuhosting` | `RIMUHOSTING_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/rimuhosting) |
| [Route 53](https://aws.amazon.com/route53/) | `route53` | `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `[AWS_REGION]`, `[AWS_HOSTED_ZONE_ID]` or a configured user/instance IAM profile. | [Additional configuration](https://go-acme.github.io/lego/dns/route53) |
| [Sakura Cloud](https://cloud.sakura.ad.jp/) | `sakuracloud` | `SAKURACLOUD_ACCESS_TOKEN`, `SAKURACLOUD_ACCESS_TOKEN_SECRET` | [Additional configuration](https://go-acme.github.io/lego/dns/sakuracloud) |
| [Scaleway](https://www.scaleway.com) | `scaleway` | `SCALEWAY_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/scaleway) |
| [Selectel](https://selectel.ru/en/) | `selectel` | `SELECTEL_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/selectel) |
| [Servercow](https://servercow.de) | `servercow` | `SERVERCOW_USERNAME`, `SERVERCOW_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/servercow) |
| [Simply.com](https://www.simply.com/en/domains/) | `simply` | `SIMPLY_ACCOUNT_NAME`, `SIMPLY_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/simply) |
| [Sonic](https://www.sonic.com/) | `sonic` | `SONIC_USER_ID`, `SONIC_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/sonic) |
| [Stackpath](https://www.stackpath.com/) | `stackpath` | `STACKPATH_CLIENT_ID`, `STACKPATH_CLIENT_SECRET`, `STACKPATH_STACK_ID` | [Additional configuration](https://go-acme.github.io/lego/dns/stackpath) |
| [Tencent Cloud DNS](https://cloud.tencent.com/product/cns) | `tencentcloud` | `TENCENTCLOUD_SECRET_ID`, `TENCENTCLOUD_SECRET_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/tencentcloud) |
| [TransIP](https://www.transip.nl/) | `transip` | `TRANSIP_ACCOUNT_NAME`, `TRANSIP_PRIVATE_KEY_PATH` | [Additional configuration](https://go-acme.github.io/lego/dns/transip) |
| [UKFast SafeDNS](https://docs.ukfast.co.uk/domains/safedns/index.html) | `safedns` | `SAFEDNS_AUTH_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/safedns) |
| [Ultradns](https://neustarsecurityservices.com/dns-services) | `ultradns` | `ULTRADNS_USERNAME`, `ULTRADNS_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/ultradns) |
| [Variomedia](https://www.variomedia.de/) | `variomedia` | `VARIOMEDIA_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/variomedia) |
| [VegaDNS](https://github.com/shupp/VegaDNS-API) | `vegadns` | `SECRET_VEGADNS_KEY`, `SECRET_VEGADNS_SECRET`, `VEGADNS_URL` | [Additional configuration](https://go-acme.github.io/lego/dns/vegadns) |
| [Vercel](https://vercel.com) | `vercel` | `VERCEL_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/vercel) |
| [Versio](https://www.versio.nl/domeinnamen) | `versio` | `VERSIO_USERNAME`, `VERSIO_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/versio) |
| [VinylDNS](https://www.vinyldns.io) | `vinyldns` | `VINYLDNS_ACCESS_KEY`, `VINYLDNS_SECRET_KEY`, `VINYLDNS_HOST` | [Additional configuration](https://go-acme.github.io/lego/dns/vinyldns) |
| [VK Cloud](https://mcs.mail.ru/) | `vkcloud` | `VK_CLOUD_PASSWORD`, `VK_CLOUD_PROJECT_ID`, `VK_CLOUD_USERNAME` | [Additional configuration](https://go-acme.github.io/lego/dns/vkcloud) |
| [Vscale](https://vscale.io/) | `vscale` | `VSCALE_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/vscale) |
| [VULTR](https://www.vultr.com) | `vultr` | `VULTR_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/vultr) |
| [Websupport](https://websupport.sk) | `websupport` | `WEBSUPPORT_API_KEY`, `WEBSUPPORT_SECRET` | [Additional configuration](https://go-acme.github.io/lego/dns/websupport) |
| [WEDOS](https://www.wedos.com) | `wedos` | `WEDOS_USERNAME`, `WEDOS_WAPI_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/wedos) |
| [Yandex 360](https://360.yandex.ru) | `yandex360` | `YANDEX360_OAUTH_TOKEN`, `YANDEX360_ORG_ID` | [Additional configuration](https://go-acme.github.io/lego/dns/yandex360) |
| [Yandex Cloud](https://cloud.yandex.com/en/) | `yandexcloud` | `YANDEX_CLOUD_FOLDER_ID`, `YANDEX_CLOUD_IAM_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/yandexcloud) |
| [Yandex](https://yandex.com) | `yandex` | `YANDEX_PDD_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/yandex) |
| [Zone.ee](https://www.zone.ee) | `zoneee` | `ZONEEE_API_USER`, `ZONEEE_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/zoneee) |
| [Zonomi](https://zonomi.com) | `zonomi` | `ZONOMI_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/zonomi) |
| External Program | `exec` | `EXEC_PATH` | [Additional configuration](https://go-acme.github.io/lego/dns/exec) |
| HTTP request | `httpreq` | `HTTPREQ_ENDPOINT`, `HTTPREQ_MODE`, `HTTPREQ_USERNAME`, `HTTPREQ_PASSWORD` [^1] | [Additional configuration](https://go-acme.github.io/lego/dns/httpreq) |
| manual | `manual` | none, but you need to run Traefik interactively [^4], turn on debug log to see instructions and press <kbd>Enter</kbd>. | |
[^1]: More information about the HTTP message format can be found [here](https://go-acme.github.io/lego/dns/httpreq/).
[^2]: [Providing credentials to your application](https://cloud.google.com/docs/authentication/production).
[^3]: [google/default.go](https://github.com/golang/oauth2/blob/36a7019397c4c86cf59eeab3bc0d188bac444277/google/default.go#L61-L76)
[^4]: `docker stack` remark: there is no way to support terminal attached to container when deploying with `docker stack`, so you might need to run container with `docker run -it` to generate certificates using `manual` provider.
[^5]: The `Global API Key` needs to be used, not the `Origin CA Key`.
[^6]: As explained in the [LEGO hurricane configuration](https://go-acme.github.io/lego/dns/hurricane/#credentials), each domain or wildcard (record name) needs a token. So each update of record name must be followed by an update of the `HURRICANE_TOKENS` variable, and a restart of Traefik.
!!! info "`delayBeforeCheck`"
By default, the `provider` verifies the TXT record _before_ letting ACME verify.
@@ -289,17 +453,9 @@ For example, `CF_API_EMAIL_FILE=/run/secrets/traefik_cf-api-email` could be used
Use custom DNS servers to resolve the FQDN authority.
```toml tab="File (TOML)"
[certificatesResolvers.sample.acme]
# ...
[certificatesResolvers.sample.acme.dnsChallenge]
# ...
resolvers = ["1.1.1.1:53", "8.8.8.8:53"]
```
```yaml tab="File (YAML)"
certificatesResolvers:
sample:
myresolver:
acme:
# ...
dnsChallenge:
@@ -309,9 +465,17 @@ certificatesResolvers:
- "8.8.8.8:53"
```
```toml tab="File (TOML)"
[certificatesResolvers.myresolver.acme]
# ...
[certificatesResolvers.myresolver.acme.dnsChallenge]
# ...
resolvers = ["1.1.1.1:53", "8.8.8.8:53"]
```
```bash tab="CLI"
# ...
--certificatesResolvers.sample.acme.dnsChallenge.resolvers:="1.1.1.1:53,8.8.8.8:53"
--certificatesresolvers.myresolver.acme.dnschallenge.resolvers=1.1.1.1:53,8.8.8.8:53
```
#### Wildcard Domains
@@ -319,65 +483,99 @@ certificatesResolvers:
[ACME V2](https://community.letsencrypt.org/t/acme-v2-and-wildcard-certificate-support-is-live/55579) supports wildcard certificates.
As described in [Let's Encrypt's post](https://community.letsencrypt.org/t/staging-endpoint-for-acme-v2/49605) wildcard certificates can only be generated through a [`DNS-01` challenge](#dnschallenge).
## `caServer`
## External Account Binding
- `kid`: Key identifier from External CA
- `hmacEncoded`: HMAC key from External CA, should be in Base64 URL Encoding without padding format
```yaml tab="File (YAML)"
certificatesResolvers:
myresolver:
acme:
# ...
eab:
kid: abc-keyID-xyz
hmacEncoded: abc-hmac-xyz
```
```toml tab="File (TOML)"
[certificatesResolvers.myresolver.acme]
# ...
[certificatesResolvers.myresolver.acme.eab]
kid = "abc-keyID-xyz"
hmacEncoded = "abc-hmac-xyz"
```
```bash tab="CLI"
# ...
--certificatesresolvers.myresolver.acme.eab.kid=abc-keyID-xyz
--certificatesresolvers.myresolver.acme.eab.hmacencoded=abc-hmac-xyz
```
## More Configuration
### `caServer`
_Required, Default="https://acme-v02.api.letsencrypt.org/directory"_
The CA server to use:
- Let's Encrypt production server: https://acme-v02.api.letsencrypt.org/directory
- Let's Encrypt staging server: https://acme-staging-v02.api.letsencrypt.org/directory
??? example "Using the Let's Encrypt staging server"
```toml tab="File (TOML)"
[certificatesResolvers.sample.acme]
# ...
caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"
# ...
```
```yaml tab="File (YAML)"
certificatesResolvers:
sample:
myresolver:
acme:
# ...
caServer: https://acme-staging-v02.api.letsencrypt.org/directory
# ...
```
```toml tab="File (TOML)"
[certificatesResolvers.myresolver.acme]
# ...
caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"
# ...
```
```bash tab="CLI"
# ...
--certificatesResolvers.sample.acme.caServer="https://acme-staging-v02.api.letsencrypt.org/directory"
--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
# ...
```
## `storage`
### `storage`
_Required, Default="acme.json"_
The `storage` option sets the location where your ACME certificates are saved to.
```toml tab="File (TOML)"
[certificatesResolvers.sample.acme]
# ...
storage = "acme.json"
# ...
```
```yaml tab="File (YAML)"
certificatesResolvers:
sample:
myresolver:
acme:
# ...
storage: acme.json
# ...
```
```toml tab="File (TOML)"
[certificatesResolvers.myresolver.acme]
# ...
storage = "acme.json"
# ...
```
```bash tab="CLI"
# ...
--certificatesResolvers.sample.acme.storage=acme.json
--certificatesresolvers.myresolver.acme.storage=acme.json
# ...
```
The value can refer to some kinds of storage:
- a JSON file
### In a File
ACME certificates can be stored in a JSON file that needs to have a `600` file mode .
ACME certificates are stored in a JSON file that needs to have a `600` file mode.
In Docker you can mount either the JSON file, or the folder containing it:
@@ -390,15 +588,120 @@ docker run -v "/my/host/acme:/etc/traefik/acme" traefik
```
!!! warning
For concurrency reason, this file cannot be shared across multiple instances of Traefik.
For concurrency reasons, this file cannot be shared across multiple instances of Traefik.
### `certificatesDuration`
_Optional, Default=2160_
The `certificatesDuration` option defines the certificates' duration in hours.
It defaults to `2160` (90 days) to follow Let's Encrypt certificates' duration.
!!! warning "Traefik cannot manage certificates with a duration lower than 1 hour."
```yaml tab="File (YAML)"
certificatesResolvers:
myresolver:
acme:
# ...
certificatesDuration: 72
# ...
```
```toml tab="File (TOML)"
[certificatesResolvers.myresolver.acme]
# ...
certificatesDuration=72
# ...
```
```bash tab="CLI"
# ...
--certificatesresolvers.myresolver.acme.certificatesduration=72
# ...
```
`certificatesDuration` is used to calculate two durations:
- `Renew Period`: the period before the end of the certificate duration, during which the certificate should be renewed.
- `Renew Interval`: the interval between renew attempts.
| Certificate Duration | Renew Period | Renew Interval |
|----------------------|-------------------|-------------------------|
| >= 1 year | 4 months | 1 week |
| >= 90 days | 30 days | 1 day |
| >= 7 days | 1 day | 1 hour |
| >= 24 hours | 6 hours | 10 min |
| < 24 hours | 20 min | 1 min |
### `preferredChain`
_Optional, Default=""_
Preferred chain to use.
If the CA offers multiple certificate chains, prefer the chain with an issuer matching this Subject Common Name.
If no match, the default offered chain will be used.
```yaml tab="File (YAML)"
certificatesResolvers:
myresolver:
acme:
# ...
preferredChain: 'ISRG Root X1'
# ...
```
```toml tab="File (TOML)"
[certificatesResolvers.myresolver.acme]
# ...
preferredChain = "ISRG Root X1"
# ...
```
```bash tab="CLI"
# ...
--certificatesresolvers.myresolver.acme.preferredChain=ISRG Root X1
# ...
```
### `keyType`
_Optional, Default="RSA4096"_
KeyType used for generating certificate private key. Allow value 'EC256', 'EC384', 'RSA2048', 'RSA4096', 'RSA8192'.
```yaml tab="File (YAML)"
certificatesResolvers:
myresolver:
acme:
# ...
keyType: 'RSA4096'
# ...
```
```toml tab="File (TOML)"
[certificatesResolvers.myresolver.acme]
# ...
keyType = "RSA4096"
# ...
```
```bash tab="CLI"
# ...
--certificatesresolvers.myresolver.acme.keyType=RSA4096
# ...
```
## Fallback
If Let's Encrypt is not reachable, the following certificates will apply:
1. Previously generated ACME certificates (before downtime)
1. Expired ACME certificates
1. Provided certificates
2. Expired ACME certificates
3. Provided certificates
!!! important
For new (sub)domains which need Let's Encrypt authentication, the default Traefik certificate will be used until Traefik is restarted.
{!traefik-for-business-applications.md!}

View File

@@ -0,0 +1,70 @@
```yaml tab="Docker & Swarm"
## Dynamic configuration
labels:
- traefik.http.routers.blog.rule=Host(`example.com`) && Path(`/blog`)
- traefik.http.routers.blog.tls=true
- traefik.http.routers.blog.tls.certresolver=myresolver
- traefik.http.routers.blog.tls.domains[0].main=example.org
- traefik.http.routers.blog.tls.domains[0].sans=*.example.org
```
```yaml tab="Docker (Swarm)"
## Dynamic configuration
deploy:
labels:
- traefik.http.routers.blog.rule=Host(`example.com`) && Path(`/blog`)
- traefik.http.services.blog-svc.loadbalancer.server.port=8080"
- traefik.http.routers.blog.tls=true
- traefik.http.routers.blog.tls.certresolver=myresolver
- traefik.http.routers.blog.tls.domains[0].main=example.org
- traefik.http.routers.blog.tls.domains[0].sans=*.example.org
```
```yaml tab="Kubernetes"
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: blogtls
spec:
entryPoints:
- websecure
routes:
- match: Host(`example.com`) && Path(`/blog`)
kind: Rule
services:
- name: blog
port: 8080
tls:
certResolver: myresolver
domains:
- main: example.org
sans:
- '*.example.org'
```
```yaml tab="File (YAML)"
## Dynamic configuration
http:
routers:
blog:
rule: "Host(`example.com`) && Path(`/blog`)"
tls:
certResolver: myresolver
domains:
- main: "example.org"
sans:
- "*.example.org"
```
```toml tab="File (TOML)"
## Dynamic configuration
[http.routers]
[http.routers.blog]
rule = "Host(`example.com`) && Path(`/blog`)"
[http.routers.blog.tls]
certResolver = "myresolver" # From static configuration
[[http.routers.blog.tls.domains]]
main = "example.org"
sans = ["*.example.org"]
```

View File

@@ -0,0 +1,55 @@
```yaml tab="Docker & Swarm"
## Dynamic configuration
labels:
- traefik.http.routers.blog.rule=(Host(`example.com`) && Path(`/blog`)) || Host(`blog.example.org`)
- traefik.http.routers.blog.tls=true
- traefik.http.routers.blog.tls.certresolver=myresolver
```
```yaml tab="Docker (Swarm)"
## Dynamic configuration
deploy:
labels:
- traefik.http.routers.blog.rule=(Host(`example.com`) && Path(`/blog`)) || Host(`blog.example.org`)
- traefik.http.routers.blog.tls=true
- traefik.http.routers.blog.tls.certresolver=myresolver
- traefik.http.services.blog-svc.loadbalancer.server.port=8080"
```
```yaml tab="Kubernetes"
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: blogtls
spec:
entryPoints:
- websecure
routes:
- match: (Host(`example.com`) && Path(`/blog`)) || Host(`blog.example.org`)
kind: Rule
services:
- name: blog
port: 8080
tls:
certResolver: myresolver
```
```yaml tab="File (YAML)"
## Dynamic configuration
http:
routers:
blog:
rule: "(Host(`example.com`) && Path(`/blog`)) || Host(`blog.example.org`)"
tls:
certResolver: myresolver
```
```toml tab="File (TOML)"
## Dynamic configuration
[http.routers]
[http.routers.blog]
rule = "(Host(`example.com`) && Path(`/blog`)) || Host(`blog.example.org`)"
[http.routers.blog.tls]
certResolver = "myresolver"
```

View File

@@ -0,0 +1,55 @@
```yaml tab="Docker & Swarm"
## Dynamic configuration
labels:
- traefik.http.routers.blog.rule=Host(`example.com`) && Path(`/blog`)
- traefik.http.routers.blog.tls=true
- traefik.http.routers.blog.tls.certresolver=myresolver
```
```yaml tab="Docker (Swarm)"
## Dynamic configuration
deploy:
labels:
- traefik.http.routers.blog.rule=Host(`example.com`) && Path(`/blog`)
- traefik.http.routers.blog.tls=true
- traefik.http.routers.blog.tls.certresolver=myresolver
- traefik.http.services.blog-svc.loadbalancer.server.port=8080"
```
```yaml tab="Kubernetes"
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: blogtls
spec:
entryPoints:
- websecure
routes:
- match: Host(`example.com`) && Path(`/blog`)
kind: Rule
services:
- name: blog
port: 8080
tls:
certResolver: myresolver
```
```yaml tab="File (YAML)"
## Dynamic configuration
http:
routers:
blog:
rule: "Host(`example.com`) && Path(`/blog`)"
tls:
certResolver: myresolver
```
```toml tab="File (TOML)"
## Dynamic configuration
[http.routers]
[http.routers.blog]
rule = "Host(`example.com`) && Path(`/blog`)"
[http.routers.blog.tls]
certResolver = "myresolver"
```

View File

@@ -1,3 +1,8 @@
---
title: "Traefik Proxy HTTPS & TLS Overview |Traefik Docs"
description: "Traefik supports HTTPS & TLS, which concerns roughly two parts of the configuration: routers, and the TLS connection. Read the documentation to learn more."
---
# HTTPS & TLS
Overview
@@ -14,3 +19,5 @@ The next sections of this documentation explain how to configure the TLS connect
That is to say, how to obtain [TLS certificates](./tls.md#certificates-definition):
either through a definition in the dynamic configuration, or through [Let's Encrypt](./acme.md) (ACME).
And how to configure [TLS options](./tls.md#tls-options), and [certificates stores](./tls.md#certificates-stores).
{!traefik-for-business-applications.md!}

View File

@@ -1,11 +1,11 @@
# Enable ACME (Let's Encrypt): automatic SSL.
[certificatesResolvers.sample.acme]
[certificatesResolvers.myresolver.acme]
# Email address used for registration.
#
# Required
#
email = "test@traefik.io"
email = "test@example.com"
# File or key used for certificates storage.
#
@@ -22,6 +22,24 @@
#
# caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"
# The certificates' duration in hours.
# It defaults to 2160 (90 days) to follow Let's Encrypt certificates' duration.
#
# Optional
# Default: 2160
#
# certificatesDuration=2160
# Preferred chain to use.
#
# If the CA offers multiple certificate chains, prefer the chain with an issuer matching this Subject Common Name.
# If no match, the default offered chain will be used.
#
# Optional
# Default: ""
#
# preferredChain = "ISRG Root X1"
# KeyType to use.
#
# Optional
@@ -35,13 +53,13 @@
#
# Optional (but recommended)
#
[certificatesResolvers.sample.acme.tlsChallenge]
[certificatesResolvers.myresolver.acme.tlsChallenge]
# Use a HTTP-01 ACME challenge.
#
# Optional
#
# [certificatesResolvers.sample.acme.httpChallenge]
# [certificatesResolvers.myresolver.acme.httpChallenge]
# EntryPoint to use for the HTTP-01 challenges.
#
@@ -54,7 +72,7 @@
#
# Optional
#
# [certificatesResolvers.sample.acme.dnsChallenge]
# [certificatesResolvers.myresolver.acme.dnsChallenge]
# DNS provider used.
#

View File

@@ -4,13 +4,13 @@
#
# Required
#
--certificatesResolvers.sample.acme.email="test@traefik.io"
--certificatesresolvers.myresolver.acme.email=test@example.com
# File or key used for certificates storage.
#
# Required
#
--certificatesResolvers.sample.acme.storage="acme.json"
--certificatesresolvers.myresolver.acme.storage=acme.json
# CA server to use.
# Uncomment the line to use Let's Encrypt's staging server,
@@ -19,7 +19,25 @@
# Optional
# Default: "https://acme-v02.api.letsencrypt.org/directory"
#
--certificatesResolvers.sample.acme.caServer="https://acme-staging-v02.api.letsencrypt.org/directory"
--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
# The certificates' duration in hours.
# It defaults to 2160 (90 days) to follow Let's Encrypt certificates' duration.
#
# Optional
# Default: 2160
#
--certificatesresolvers.myresolver.acme.certificatesDuration=2160
# Preferred chain to use.
#
# If the CA offers multiple certificate chains, prefer the chain with an issuer matching this Subject Common Name.
# If no match, the default offered chain will be used.
#
# Optional
# Default: ""
#
--certificatesresolvers.myresolver.acme.preferredchain="ISRG Root X1"
# KeyType to use.
#
@@ -28,38 +46,38 @@
#
# Available values : "EC256", "EC384", "RSA2048", "RSA4096", "RSA8192"
#
--certificatesResolvers.sample.acme.keyType=RSA4096
--certificatesresolvers.myresolver.acme.keytype=RSA4096
# Use a TLS-ALPN-01 ACME challenge.
#
# Optional (but recommended)
#
--certificatesResolvers.sample.acme.tlsChallenge=true
--certificatesresolvers.myresolver.acme.tlschallenge=true
# Use a HTTP-01 ACME challenge.
#
# Optional
#
--certificatesResolvers.sample.acme.httpChallenge=true
--certificatesresolvers.myresolver.acme.httpchallenge=true
# EntryPoint to use for the HTTP-01 challenges.
#
# Required
#
--certificatesResolvers.sample.acme.httpChallenge.entryPoint=web
--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web
# Use a DNS-01 ACME challenge rather than HTTP-01 challenge.
# Note: mandatory for wildcard certificate generation.
#
# Optional
#
--certificatesResolvers.sample.acme.dnsChallenge=true
--certificatesresolvers.myresolver.acme.dnschallenge=true
# DNS provider used.
#
# Required
#
--certificatesResolvers.sample.acme.dnsChallenge.provider=digitalocean
--certificatesresolvers.myresolver.acme.dnschallenge.provider=digitalocean
# By default, the provider will verify the TXT DNS challenge record before letting ACME verify.
# If delayBeforeCheck is greater than zero, this check is delayed for the configured duration in seconds.
@@ -68,14 +86,14 @@
# Optional
# Default: 0
#
--certificatesResolvers.sample.acme.dnsChallenge.delayBeforeCheck=0
--certificatesresolvers.myresolver.acme.dnschallenge.delaybeforecheck=0
# Use following DNS servers to resolve the FQDN authority.
#
# Optional
# Default: empty
#
--certificatesResolvers.sample.acme.dnsChallenge.resolvers="1.1.1.1:53,8.8.8.8:53"
--certificatesresolvers.myresolver.acme.dnschallenge.resolvers=1.1.1.1:53,8.8.8.8:53
# Disable the DNS propagation checks before notifying ACME that the DNS challenge is ready.
#
@@ -85,4 +103,4 @@
# Optional
# Default: false
#
--certificatesResolvers.sample.acme.dnsChallenge.disablePropagationCheck=true
--certificatesresolvers.myresolver.acme.dnschallenge.disablepropagationcheck=true

View File

@@ -1,5 +1,5 @@
certificatesResolvers:
sample:
myresolver:
# Enable ACME (Let's Encrypt): automatic SSL.
acme:
@@ -7,7 +7,7 @@ certificatesResolvers:
#
# Required
#
email: "test@traefik.io"
email: "test@example.com"
# File or key used for certificates storage.
#
@@ -24,6 +24,24 @@ certificatesResolvers:
#
# caServer: "https://acme-staging-v02.api.letsencrypt.org/directory"
# The certificates' duration in hours.
# It defaults to 2160 (90 days) to follow Let's Encrypt certificates' duration.
#
# Optional
# Default: 2160
#
# certificatesDuration: 2160
# Preferred chain to use.
#
# If the CA offers multiple certificate chains, prefer the chain with an issuer matching this Subject Common Name.
# If no match, the default offered chain will be used.
#
# Optional
# Default: ""
#
# preferredChain: 'ISRG Root X1'
# KeyType to use.
#
# Optional

View File

@@ -0,0 +1,56 @@
---
title: "Traefik SPIFFE Documentation"
description: "Learn how to configure Traefik to use SPIFFE. Read the technical documentation."
---
# SPIFFE
Secure the backend connection with SPIFFE.
{: .subtitle }
[SPIFFE](https://spiffe.io/docs/latest/spiffe-about/overview/) (Secure Production Identity Framework For Everyone),
provides a secure identity in the form of a specially crafted X.509 certificate,
to every workload in an environment.
Traefik is able to connect to the Workload API to obtain an x509-SVID used to secure the connection with SPIFFE enabled backends.
## Configuration
### General
Enabling SPIFFE is part of the [static configuration](../getting-started/configuration-overview.md#the-static-configuration).
It can be defined by using a file (YAML or TOML) or CLI arguments.
### Workload API
The `workloadAPIAddr` configuration defines the address of the SPIFFE [Workload API](https://spiffe.io/docs/latest/spiffe-about/spiffe-concepts/#spiffe-workload-api).
!!! info "Enabling SPIFFE in ServersTransports"
Enabling SPIFFE does not imply that backend connections are going to use it automatically.
Each [ServersTransport](../routing/services/index.md#serverstransport_1) or [TCPServersTransport](../routing/services/index.md#serverstransport_2),
that is meant to be secured with SPIFFE,
must explicitly enable it (see [SPIFFE with ServersTransport](../routing/services/index.md#spiffe) or [SPIFFE with TCPServersTransport](../routing/services/index.md#spiffe_1)).
!!! warning "SPIFFE can cause Traefik to stall"
When using SPIFFE,
Traefik will wait for the first SVID to be delivered before starting.
If Traefik is hanging when waiting on SPIFFE SVID delivery,
please double check that it is correctly registered as workload in your SPIFFE infrastructure.
```yaml tab="File (YAML)"
## Static configuration
spiffe:
workloadAPIAddr: localhost
```
```toml tab="File (TOML)"
## Static configuration
[spiffe]
workloadAPIAddr: localhost
```
```bash tab="CLI"
## Static configuration
--spiffe.workloadAPIAddr=localhost
```

View File

@@ -0,0 +1,207 @@
---
title: "Traefik Tailscale Documentation"
description: "Learn how to configure Traefik Proxy to resolve TLS certificates for your Tailscale services. Read the technical documentation."
---
# Tailscale
Provision TLS certificates for your internal Tailscale services.
{: .subtitle }
To protect a service with TLS, a certificate from a public Certificate Authority is needed.
In addition to its vpn role, Tailscale can also [provide certificates](https://tailscale.com/kb/1153/enabling-https/) for the machines in your Tailscale network.
## Certificate resolvers
To obtain a TLS certificate from the Tailscale daemon,
a Tailscale certificate resolver needs to be configured as below.
!!! info "Referencing a certificate resolver"
Defining a certificate resolver does not imply that routers are going to use it automatically.
Each router or entrypoint that is meant to use the resolver must explicitly [reference](../routing/routers/index.md#certresolver) it.
```yaml tab="File (YAML)"
certificatesResolvers:
myresolver:
tailscale: {}
```
```toml tab="File (TOML)"
[certificatesResolvers.myresolver.tailscale]
```
```bash tab="CLI"
--certificatesresolvers.myresolver.tailscale=true
```
## Domain Definition
A certificate resolver requests certificates for a set of domain names inferred from routers, according to the following:
- If the router has a [`tls.domains`](../routing/routers/index.md#domains) option set,
then the certificate resolver derives this router domain name from the `main` option of `tls.domains`.
- Otherwise, the certificate resolver derives the domain name from any `Host()` or `HostSNI()` matchers
in the [router's rule](../routing/routers/index.md#rule).
!!! info "Tailscale Domain Format"
The domain is only taken into account if it is a Tailscale-specific one,
i.e. of the form `machine-name.domains-alias.ts.net`.
## Configuration Example
!!! example "Enabling Tailscale certificate resolution"
```yaml tab="File (YAML)"
entryPoints:
web:
address: ":80"
websecure:
address: ":443"
certificatesResolvers:
myresolver:
tailscale: {}
```
```toml tab="File (TOML)"
[entryPoints]
[entryPoints.web]
address = ":80"
[entryPoints.websecure]
address = ":443"
[certificatesResolvers.myresolver.tailscale]
```
```bash tab="CLI"
--entrypoints.web.address=:80
--entrypoints.websecure.address=:443
# ...
--certificatesresolvers.myresolver.tailscale=true
```
!!! example "Domain from Router's Rule Example"
```yaml tab="Docker & Swarm"
## Dynamic configuration
labels:
- traefik.http.routers.blog.rule=Host(`monitoring.yak-bebop.ts.net`) && Path(`/metrics`)
- traefik.http.routers.blog.tls.certresolver=myresolver
```
```yaml tab="Docker (Swarm)"
## Dynamic configuration
deploy:
labels:
- traefik.http.routers.blog.rule=Host(`monitoring.yak-bebop.ts.net`) && Path(`/metrics`)
- traefik.http.routers.blog.tls.certresolver=myresolver
```
```yaml tab="Kubernetes"
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: blogtls
spec:
entryPoints:
- websecure
routes:
- match: Host(`monitoring.yak-bebop.ts.net`) && Path(`/metrics`)
kind: Rule
services:
- name: blog
port: 8080
tls:
certResolver: myresolver
```
```yaml tab="File (YAML)"
## Dynamic configuration
http:
routers:
blog:
rule: "Host(`monitoring.yak-bebop.ts.net`) && Path(`/metrics`)"
tls:
certResolver: myresolver
```
```toml tab="File (TOML)"
## Dynamic configuration
[http.routers]
[http.routers.blog]
rule = "Host(`monitoring.yak-bebop.ts.net`) && Path(`/metrics`)"
[http.routers.blog.tls]
certResolver = "myresolver"
```
!!! example "Domain from Router's tls.domain Example"
```yaml tab="Docker & Swarm"
## Dynamic configuration
labels:
- traefik.http.routers.blog.rule=Path(`/metrics`)
- traefik.http.routers.blog.tls.certresolver=myresolver
- traefik.http.routers.blog.tls.domains[0].main=monitoring.yak-bebop.ts.net
```
```yaml tab="Docker (Swarm)"
## Dynamic configuration
deploy:
labels:
- traefik.http.routers.blog.rule=Path(`/metrics`)
- traefik.http.routers.blog.tls.certresolver=myresolver
- traefik.http.routers.blog.tls.domains[0].main=monitoring.yak-bebop.ts.net
```
```yaml tab="Kubernetes"
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: blogtls
spec:
entryPoints:
- websecure
routes:
- match: Path(`/metrics`)
kind: Rule
services:
- name: blog
port: 8080
tls:
certResolver: myresolver
domains:
- main: monitoring.yak-bebop.ts.net
```
```yaml tab="File (YAML)"
## Dynamic configuration
http:
routers:
blog:
rule: "Path(`/metrics`)"
tls:
certResolver: myresolver
domains:
- main: "monitoring.yak-bebop.ts.net"
```
```toml tab="File (TOML)"
## Dynamic configuration
[http.routers]
[http.routers.blog]
rule = "Path(`/metrics`)"
[http.routers.blog.tls]
certResolver = "myresolver"
[[http.routers.blog.tls.domains]]
main = "monitoring.yak-bebop.ts.net"
```
## Automatic Renewals
Traefik automatically tracks the expiry date of each Tailscale certificate it fetches,
and starts to renew a certificate 14 days before its expiry to match Tailscale daemon renew policy.

View File

@@ -1,3 +1,8 @@
---
title: "Traefik TLS Documentation"
description: "Learn how to configure the transport layer security (TLS) connection in Traefik Proxy. Read the technical documentation."
---
# TLS
Transport Layer Security
@@ -13,18 +18,6 @@ See the [Let's Encrypt](./acme.md) page.
To add / remove TLS certificates, even when Traefik is already running, their definition can be added to the [dynamic configuration](../getting-started/configuration-overview.md), in the `[[tls.certificates]]` section:
```toml tab="File (TOML)"
# Dynamic configuration
[[tls.certificates]]
certFile = "/path/to/domain.cert"
keyFile = "/path/to/domain.key"
[[tls.certificates]]
certFile = "/path/to/other-domain.cert"
keyFile = "/path/to/other-domain.key"
```
```yaml tab="File (YAML)"
# Dynamic configuration
@@ -36,23 +29,28 @@ tls:
keyFile: /path/to/other-domain.key
```
```toml tab="File (TOML)"
# Dynamic configuration
[[tls.certificates]]
certFile = "/path/to/domain.cert"
keyFile = "/path/to/domain.key"
[[tls.certificates]]
certFile = "/path/to/other-domain.cert"
keyFile = "/path/to/other-domain.key"
```
!!! important "Restriction"
In the above example, we've used the [file provider](../providers/file.md) to handle these definitions.
It is the only available method to configure the certificates (as well as the options and the stores).
However, in [Kubernetes](../providers/kubernetes-crd.md), the certificates can and must be provided by [secrets](../routing/providers/kubernetes-crd.md#tls).
However, in [Kubernetes](../providers/kubernetes-crd.md), the certificates can and must be provided by [secrets](https://kubernetes.io/docs/concepts/configuration/secret/).
## Certificates Stores
In Traefik, certificates are grouped together in certificates stores, which are defined as such:
```toml tab="File (TOML)"
# Dynamic configuration
[tls.stores]
[tls.stores.default]
```
```yaml tab="File (YAML)"
# Dynamic configuration
@@ -61,28 +59,20 @@ tls:
default: {}
```
!!! important "Restriction"
Any store definition other than the default one (named `default`) will be ignored,
and there is thefore only one globally available TLS store.
In the `tls.certificates` section, a list of stores can then be specified to indicate where the certificates should be stored:
```toml tab="File (TOML)"
# Dynamic configuration
[[tls.certificates]]
certFile = "/path/to/domain.cert"
keyFile = "/path/to/domain.key"
stores = ["default"]
[[tls.certificates]]
# Note that since no store is defined,
# the certificate below will be stored in the `default` store.
certFile = "/path/to/other-domain.cert"
keyFile = "/path/to/other-domain.key"
[tls.stores]
[tls.stores.default]
```
!!! important "Restriction"
Any store definition other than the default one (named `default`) will be ignored,
and there is therefore only one globally available TLS store.
In the `tls.certificates` section, a list of stores can then be specified to indicate where the certificates should be stored:
```yaml tab="File (YAML)"
# Dynamic configuration
@@ -98,6 +88,21 @@ tls:
keyFile: /path/to/other-domain.key
```
```toml tab="File (TOML)"
# Dynamic configuration
[[tls.certificates]]
certFile = "/path/to/domain.cert"
keyFile = "/path/to/domain.key"
stores = ["default"]
[[tls.certificates]]
# Note that since no store is defined,
# the certificate below will be stored in the `default` store.
certFile = "/path/to/other-domain.cert"
keyFile = "/path/to/other-domain.key"
```
!!! important "Restriction"
The `stores` list will actually be ignored and automatically set to `["default"]`.
@@ -107,16 +112,6 @@ tls:
Traefik can use a default certificate for connections without a SNI, or without a matching domain.
This default certificate should be defined in a TLS store:
```toml tab="File (TOML)"
# Dynamic configuration
[tls.stores]
[tls.stores.default]
[tls.stores.default.defaultCertificate]
certFile = "path/to/cert.crt"
keyFile = "path/to/cert.key"
```
```yaml tab="File (YAML)"
# Dynamic configuration
@@ -128,26 +123,127 @@ tls:
keyFile: path/to/cert.key
```
If no default certificate is provided, Traefik generates and uses a self-signed certificate.
```toml tab="File (TOML)"
# Dynamic configuration
[tls.stores]
[tls.stores.default]
[tls.stores.default.defaultCertificate]
certFile = "path/to/cert.crt"
keyFile = "path/to/cert.key"
```
```yaml tab="Kubernetes"
apiVersion: traefik.io/v1alpha1
kind: TLSStore
metadata:
name: default
namespace: default
spec:
defaultCertificate:
secretName: default-certificate
---
apiVersion: v1
kind: Secret
metadata:
name: default-certificate
namespace: default
type: Opaque
data:
tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=
tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0=
```
If no `defaultCertificate` is provided, Traefik will use the generated one.
### ACME Default Certificate
You can configure Traefik to use an ACME provider (like Let's Encrypt) to generate the default certificate.
The configuration to resolve the default certificate should be defined in a TLS store:
!!! important "Precedence with the `defaultGeneratedCert` option"
The `defaultGeneratedCert` definition takes precedence over the ACME default certificate configuration.
```yaml tab="File (YAML)"
# Dynamic configuration
tls:
stores:
default:
defaultGeneratedCert:
resolver: myresolver
domain:
main: example.org
sans:
- foo.example.org
- bar.example.org
```
```toml tab="File (TOML)"
# Dynamic configuration
[tls.stores]
[tls.stores.default.defaultGeneratedCert]
resolver = "myresolver"
[tls.stores.default.defaultGeneratedCert.domain]
main = "example.org"
sans = ["foo.example.org", "bar.example.org"]
```
```yaml tab="Kubernetes"
apiVersion: traefik.io/v1alpha1
kind: TLSStore
metadata:
name: default
namespace: default
spec:
defaultGeneratedCert:
resolver: myresolver
domain:
main: example.org
sans:
- foo.example.org
- bar.example.org
```
```yaml tab="Docker & Swarm"
## Dynamic configuration
labels:
- "traefik.tls.stores.default.defaultgeneratedcert.resolver=myresolver"
- "traefik.tls.stores.default.defaultgeneratedcert.domain.main=example.org"
- "traefik.tls.stores.default.defaultgeneratedcert.domain.sans=foo.example.org, bar.example.org"
```
## TLS Options
The TLS options allow one to configure some parameters of the TLS connection.
!!! important "'default' TLS Option"
The `default` option is special.
When no tls options are specified in a tls router, the `default` option is used.
When specifying the `default` option explicitly, make sure not to specify provider namespace as the `default` option does not have one.
Conversely, for cross-provider references, for example, when referencing the file provider from a docker label,
you must specify the provider namespace, for example:
`traefik.http.routers.myrouter.tls.options=myoptions@file`
!!! important "TLSOption in Kubernetes"
When using the [TLSOption resource](../../routing/providers/kubernetes-crd#kind-tlsoption) in Kubernetes, one might setup a default set of options that,
if not explicitly overwritten, should apply to all ingresses.
To achieve that, you'll have to create a TLSOption resource with the name `default`.
There may exist only one TLSOption with the name `default` (across all namespaces) - otherwise they will be dropped.
To explicitly use a different TLSOption (and using the Kubernetes Ingress resources)
you'll have to add an annotation to the Ingress in the following form:
`traefik.ingress.kubernetes.io/router.tls.options: <resource-namespace>-<resource-name>@kubernetescrd`
### Minimum TLS Version
```toml tab="File (TOML)"
# Dynamic configuration
[tls.options]
[tls.options.default]
minVersion = "VersionTLS12"
[tls.options.mintls13]
minVersion = "VersionTLS13"
```
```yaml tab="File (YAML)"
# Dynamic configuration
@@ -160,8 +256,20 @@ tls:
minVersion: VersionTLS13
```
```toml tab="File (TOML)"
# Dynamic configuration
[tls.options]
[tls.options.default]
minVersion = "VersionTLS12"
[tls.options.mintls13]
minVersion = "VersionTLS13"
```
```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
apiVersion: traefik.io/v1alpha1
kind: TLSOption
metadata:
name: default
@@ -171,7 +279,7 @@ spec:
minVersion: VersionTLS12
---
apiVersion: traefik.containo.us/v1alpha1
apiVersion: traefik.io/v1alpha1
kind: TLSOption
metadata:
name: mintls13
@@ -181,20 +289,61 @@ spec:
minVersion: VersionTLS13
```
### Cipher Suites
### Maximum TLS Version
See [cipherSuites](https://godoc.org/crypto/tls#pkg-constants) for more information.
We discourage the use of this setting to disable TLS1.3.
The recommended approach is to update the clients to support TLS1.3.
```yaml tab="File (YAML)"
# Dynamic configuration
tls:
options:
default:
maxVersion: VersionTLS13
maxtls12:
maxVersion: VersionTLS12
```
```toml tab="File (TOML)"
# Dynamic configuration
[tls.options]
[tls.options.default]
cipherSuites = [
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
]
maxVersion = "VersionTLS13"
[tls.options.maxtls12]
maxVersion = "VersionTLS12"
```
```yaml tab="Kubernetes"
apiVersion: traefik.io/v1alpha1
kind: TLSOption
metadata:
name: default
namespace: default
spec:
maxVersion: VersionTLS13
---
apiVersion: traefik.io/v1alpha1
kind: TLSOption
metadata:
name: maxtls12
namespace: default
spec:
maxVersion: VersionTLS12
```
### Cipher Suites
See [cipherSuites](https://godoc.org/crypto/tls#pkg-constants) for more information.
```yaml tab="File (YAML)"
# Dynamic configuration
@@ -205,8 +354,18 @@ tls:
- TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
```
```toml tab="File (TOML)"
# Dynamic configuration
[tls.options]
[tls.options.default]
cipherSuites = [
"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"
]
```
```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
apiVersion: traefik.io/v1alpha1
kind: TLSOption
metadata:
name: default
@@ -223,19 +382,52 @@ spec:
With TLS 1.3, the cipher suites are not configurable (all supported cipher suites are safe in this case).
<https://golang.org/doc/go1.12#tls_1_3>
### Strict SNI Checking
### Curve Preferences
With strict SNI checking, Traefik won't allow connections from clients connections
that do not specify a server_name extension.
This option allows to set the preferred elliptic curves in a specific order.
The names of the curves defined by [`crypto`](https://godoc.org/crypto/tls#CurveID) (e.g. `CurveP521`) and the [RFC defined names](https://tools.ietf.org/html/rfc8446#section-4.2.7) (e. g. `secp521r1`) can be used.
See [CurveID](https://godoc.org/crypto/tls#CurveID) for more information.
```yaml tab="File (YAML)"
# Dynamic configuration
tls:
options:
default:
curvePreferences:
- CurveP521
- CurveP384
```
```toml tab="File (TOML)"
# Dynamic configuration
[tls.options]
[tls.options.default]
sniStrict = true
curvePreferences = ["CurveP521", "CurveP384"]
```
```yaml tab="Kubernetes"
apiVersion: traefik.io/v1alpha1
kind: TLSOption
metadata:
name: default
namespace: default
spec:
curvePreferences:
- CurveP521
- CurveP384
```
### Strict SNI Checking
With strict SNI checking enabled, Traefik won't allow connections from clients that do not specify a server_name extension
or don't match any of the configured certificates.
The default certificate is irrelevant on that matter.
```yaml tab="File (YAML)"
# Dynamic configuration
@@ -245,8 +437,16 @@ tls:
sniStrict: true
```
```toml tab="File (TOML)"
# Dynamic configuration
[tls.options]
[tls.options.default]
sniStrict = true
```
```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
apiVersion: traefik.io/v1alpha1
kind: TLSOption
metadata:
name: default
@@ -256,31 +456,63 @@ spec:
sniStrict: true
```
### Client Authentication (mTLS)
### ALPN Protocols
Traefik supports mutual authentication, through the `clientAuth` section.
_Optional, Default="h2, http/1.1, acme-tls/1"_
For authentication policies that require verification of the client certificate, the certificate authority for the certificate should be set in `clientAuth.caFiles`.
The `clientAuth.clientAuthType` option governs the behaviour as follows:
This option allows to specify the list of supported application level protocols for the TLS handshake,
in order of preference.
If the client supports ALPN, the selected protocol will be one from this list,
and the connection will fail if there is no mutually supported protocol.
- `NoClientCert`: disregards any client certificate.
- `RequestClientCert`: asks for a certificate but proceeds anyway if none is provided.
- `RequireAnyClientCert`: requires a certificate but does not verify if it is signed by a CA listed in `clientAuth.caFiles`.
- `VerifyClientCertIfGiven`: if a certificate is provided, verifies if it is signed by a CA listed in `clientAuth.caFiles`. Otherwise proceeds without any certificate.
- `RequireAndVerifyClientCert`: requires a certificate, which must be signed by a CA listed in `clientAuth.caFiles`.
```yaml tab="File (YAML)"
# Dynamic configuration
tls:
options:
default:
alpnProtocols:
- http/1.1
- h2
```
```toml tab="File (TOML)"
# Dynamic configuration
[tls.options]
[tls.options.default]
[tls.options.default.clientAuth]
# in PEM format. each file can contain multiple CAs.
caFiles = ["tests/clientca1.crt", "tests/clientca2.crt"]
clientAuthType = "RequireAndVerifyClientCert"
alpnProtocols = ["http/1.1", "h2"]
```
```yaml tab="Kubernetes"
apiVersion: traefik.io/v1alpha1
kind: TLSOption
metadata:
name: default
namespace: default
spec:
alpnProtocols:
- http/1.1
- h2
```
### Client Authentication (mTLS)
Traefik supports mutual authentication, through the `clientAuth` section.
For authentication policies that require verification of the client certificate, the certificate authority for the certificates should be set in `clientAuth.caFiles`.
In Kubernetes environment, CA certificate can be set in `clientAuth.secretNames`. See [TLSOption resource](../../routing/providers/kubernetes-crd#kind-tlsoption) for more details.
The `clientAuth.clientAuthType` option governs the behaviour as follows:
- `NoClientCert`: disregards any client certificate.
- `RequestClientCert`: asks for a certificate but proceeds anyway if none is provided.
- `RequireAnyClientCert`: requires a certificate but does not verify if it is signed by a CA listed in `clientAuth.caFiles` or in `clientAuth.secretNames`.
- `VerifyClientCertIfGiven`: if a certificate is provided, verifies if it is signed by a CA listed in `clientAuth.caFiles` or in `clientAuth.secretNames`. Otherwise proceeds without any certificate.
- `RequireAndVerifyClientCert`: requires a certificate, which must be signed by a CA listed in `clientAuth.caFiles` or in `clientAuth.secretNames`.
```yaml tab="File (YAML)"
# Dynamic configuration
@@ -295,8 +527,19 @@ tls:
clientAuthType: RequireAndVerifyClientCert
```
```toml tab="File (TOML)"
# Dynamic configuration
[tls.options]
[tls.options.default]
[tls.options.default.clientAuth]
# in PEM format. each file can contain multiple CAs.
caFiles = ["tests/clientca1.crt", "tests/clientca2.crt"]
clientAuthType = "RequireAndVerifyClientCert"
```
```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
apiVersion: traefik.io/v1alpha1
kind: TLSOption
metadata:
name: default
@@ -304,7 +547,10 @@ metadata:
spec:
clientAuth:
# the CA certificate is extracted from key `tls.ca` or `ca.crt` of the given secrets.
secretNames:
- secretCA
clientAuthType: RequireAndVerifyClientCert
```
{!traefik-for-business-applications.md!}

View File

@@ -0,0 +1,4 @@
{
"extends": "../../.markdownlint.json",
"MD041": false
}

View File

@@ -0,0 +1,3 @@
Traefik follows the [Kubernetes support policy](https://kubernetes.io/releases/version-skew-policy/#supported-versions),
and supports at least the latest three minor versions of Kubernetes.
General functionality cannot be guaranteed for versions older than that.

View File

@@ -0,0 +1,14 @@
---
!!! question "Using Traefik for Business Applications?"
If you are using Traefik in your organization, consider our enterprise-grade solutions:
- API Management
[Explore](https://traefik.io/solutions/api-management/) // [Watch Demo Video](https://info.traefik.io/watch-traefik-hub-demo)
- API Gateway
[Explore](https://traefik.io/solutions/api-gateway/) // [Watch Demo Video](https://info.traefik.io/watch-traefikee-demo)
- Ingress Controller
[Kubernetes](https://traefik.io/solutions/kubernetes-ingress/) // [Docker Swarm](https://traefik.io/solutions/docker-swarm-ingress/)
These tools help businesses discover, deploy, secure, and manage microservices and APIs easily, at scale, across any environment.

Some files were not shown because too many files have changed in this diff Show More