shaba/traefik
1
0
Fork 0
mirror of https://github.com/containous/traefik.git synced 2025-09-21 09:44:22 +03:00
Code Releases Activity

Compare commits

base: shaba:v2.10.4
Branches Tags
shaba:master shaba:v3.5 shaba:v2.11 shaba:v3.4 shaba:v3.3 shaba:v3.2 shaba:v3.1 shaba:v3.0 shaba:v1.0 shaba:v1.1 shaba:v1.2 shaba:v1.3 shaba:v1.4 shaba:v2.10 shaba:v1.5 shaba:v1.6 shaba:v1.7 shaba:v2.0 shaba:v2.1 shaba:v2.2 shaba:v2.6 shaba:v2.7 shaba:v2.8 shaba:v2.9 shaba:v2.3 shaba:v2.4 shaba:v2.5
shaba:v3.5.2 shaba:v3.5.1 shaba:v2.11.29 shaba:v3.5.0 shaba:v3.4.5 shaba:v2.11.28 shaba:v3.5.0-rc2 shaba:v3.4.4 shaba:v2.11.27 shaba:v3.5.0-rc1 shaba:v3.4.3 shaba:v3.4.2 shaba:v2.11.26 shaba:v3.4.1 shaba:v2.11.25 shaba:v3.4.0 shaba:v3.3.7 shaba:v3.4.0-rc2 shaba:v3.3.6 shaba:v2.11.24 shaba:v2.11.23 shaba:v3.4.0-rc1 shaba:v3.3.5 shaba:v2.11.22 shaba:v3.3.4 shaba:v2.11.21 shaba:v3.3.3 shaba:v2.11.20 shaba:v2.11.19 shaba:v3.3.2 shaba:v2.11.18 shaba:v3.3.1 shaba:v3.2.5 shaba:v3.3.0 shaba:v3.2.4 shaba:v2.11.17 shaba:v3.3.0-rc2 shaba:v3.3.0-rc1 shaba:v3.2.3 shaba:v2.11.16 shaba:v3.2.2 shaba:v2.11.15 shaba:v3.2.1 shaba:v2.11.14 shaba:v3.2.0 shaba:v3.1.7 shaba:v2.11.13 shaba:v3.2.0-rc2 shaba:v3.1.6 shaba:v2.11.12 shaba:v3.2.0-rc1 shaba:v3.1.5 shaba:v2.11.11 shaba:v3.1.4 shaba:v2.11.10 shaba:v3.1.3 shaba:v2.11.9 shaba:v3.1.2 shaba:v2.11.8 shaba:v3.1.1 shaba:v2.11.7 shaba:v3.1.0 shaba:v3.1.0-rc3 shaba:v3.0.4 shaba:v2.11.6 shaba:v3.1.0-rc2 shaba:v3.1.0-rc1 shaba:v3.0.3 shaba:v2.11.5 shaba:v3.0.2 shaba:v2.11.4 shaba:v3.0.1 shaba:v2.11.3 shaba:v3.0.0 shaba:v3.0.0-rc5 shaba:v2.11.2 shaba:v3.0.0-rc4 shaba:v2.11.1 shaba:v3.0.0-rc3 shaba:v3.0.0-rc2 shaba:v3.0.0-rc1 shaba:v2.11.0 shaba:v2.11.0-rc2 shaba:v2.11.0-rc1 shaba:v2.10.7 shaba:v3.0.0-beta5 shaba:v2.10.6 shaba:v3.0.0-beta4 shaba:v2.10.5 shaba:v2.10.4 shaba:v3.0.0-beta3 shaba:v2.10.3 shaba:v2.10.2 shaba:v2.10.1 shaba:v2.10.0 shaba:v2.10.0-rc2 shaba:v2.9.10 shaba:v2.10.0-rc1 shaba:v2.9.9 shaba:v2.9.8 shaba:v2.9.7 shaba:v3.0.0-beta2 shaba:v2.9.6 shaba:v3.0.0-beta1 shaba:v2.9.5 shaba:v2.9.4 shaba:v2.9.3 shaba:v2.9.2 shaba:v2.9.1 shaba:v2.9.0-rc5 shaba:v2.8.8 shaba:v2.8.7 shaba:v2.9.0-rc4 shaba:v2.8.6 shaba:v2.9.0-rc3 shaba:v2.9.0-rc2 shaba:v2.9.0-rc1 shaba:v2.8.5 shaba:v2.8.4 shaba:v2.8.3 shaba:v2.8.2 shaba:v2.8.1 shaba:v2.8.0 shaba:v2.7.3 shaba:v2.8.0-rc2 shaba:v2.7.2 shaba:v2.8.0-rc1 shaba:v2.7.1 shaba:v2.7.0 shaba:v2.6.7 shaba:v2.6.6 shaba:v2.6.5 shaba:v2.6.4 shaba:v2.7.0-rc2 shaba:v2.6.3 shaba:v2.7.0-rc1 shaba:v2.6.2 shaba:v2.6.1 shaba:v2.6.0 shaba:v2.6.0-rc3 shaba:v2.5.7 shaba:v2.6.0-rc2 shaba:v2.5.6 shaba:v2.6.0-rc1 shaba:v1.7.34 shaba:v2.5.5 shaba:v2.5.4 shaba:v1.7.33 shaba:v1.7.32 shaba:v1.7.31 shaba:v2.5.3 shaba:v2.5.2 shaba:v2.5.1 shaba:v2.5.0 shaba:v2.4.14 shaba:v2.5.0-rc6 shaba:v2.5.0-rc5 shaba:v2.5.0-rc4 shaba:v2.4.13 shaba:v2.4.12 shaba:v2.5.0-rc3 shaba:v2.4.11 shaba:v2.4.10 shaba:v2.5.0-rc2 shaba:v2.5.0-rc1 shaba:v2.4.9 shaba:v1.7.30 shaba:v1.7.29 shaba:v2.4.8 shaba:v2.4.7 shaba:v2.4.6 shaba:v2.4.5 shaba:v2.4.4 shaba:v2.4.3 shaba:v2.4.2 shaba:v2.4.1 shaba:v2.4.0 shaba:v1.7.28 shaba:v1.7.27 shaba:v2.4.0-rc2 shaba:v2.3.7 shaba:v2.3.6 shaba:v2.4.0-rc1 shaba:v2.3.5 shaba:v2.3.4 shaba:v2.3.3 shaba:v2.3.2 shaba:v2.3.1 shaba:v2.3.0 shaba:v2.3.0-rc7 shaba:v2.3.0-rc6 shaba:v2.3.0-rc5 shaba:v2.2.11 shaba:v2.2.10 shaba:v2.3.0-rc4 shaba:v2.3.0-rc3 shaba:v2.2.8 shaba:v1.7.26 shaba:v2.2.7 shaba:v2.2.6 shaba:v2.3.0-rc2 shaba:v2.3.0-rc1 shaba:v1.7.25 shaba:v2.2.5 shaba:v2.2.4 shaba:v2.2.3 shaba:v2.2.2 shaba:v2.2.1 shaba:v2.2.0 shaba:v1.7.24 shaba:v2.1.9 shaba:v1.7.23 shaba:v2.2.0-rc4 shaba:v2.1.8 shaba:v2.2.0-rc3 shaba:v2.1.7 shaba:v1.7.22 shaba:v2.2.0-rc2 shaba:v2.2.0-rc1 shaba:v2.1.6 shaba:v2.1.5 shaba:v1.7.21 shaba:v2.1.4 shaba:v2.1.3 shaba:v2.1.2 shaba:v2.1.1 shaba:v2.1.0 shaba:v1.7.20 shaba:v2.0.7 shaba:v2.1.0-rc3 shaba:v2.0.6 shaba:v2.1.0-rc2 shaba:v2.1.0-rc1 shaba:v2.0.5 shaba:v2.0.4 shaba:v2.0.3 shaba:v1.7.19 shaba:v2.0.2 shaba:v2.0.1 shaba:v1.7.18 shaba:v1.7.17 shaba:v2.0.0 shaba:v2.0.0-rc4 shaba:v1.7.16 shaba:v1.7.15 shaba:v2.0.0-rc3 shaba:v2.0.0-rc2 shaba:v2.0.0-rc1 shaba:v1.7.14 shaba:v1.7.13 shaba:v2.0.0-beta1 shaba:v2.0.0-alpha8 shaba:v2.0.0-alpha7 shaba:v2.0.0-alpha6 shaba:v2.0.0-alpha5 shaba:v1.7.12 shaba:v1.7.11 shaba:v2.0.0-alpha4 shaba:v2.0.0-alpha3 shaba:v1.7.10 shaba:v2.0.0-alpha2 shaba:v2.0.0-alpha1 shaba:v1.7.9 shaba:v1.7.8 shaba:v1.7.7 shaba:v1.7.6 shaba:v1.7.5 shaba:v1.7.4 shaba:v1.7.3 shaba:v1.7.2 shaba:v1.7.1 shaba:v1.7.0 shaba:v1.7.0-rc5 shaba:v1.7.0-rc4 shaba:v1.6.6 shaba:v1.7.0-rc3 shaba:v1.7.0-rc2 shaba:v1.6.5 shaba:v1.7.0-rc1 shaba:v1.6.4 shaba:v1.6.3 shaba:v1.6.2 shaba:v1.6.1 shaba:v1.6.0 shaba:v1.6.0-rc6 shaba:v1.6.0-rc5 shaba:v1.6.0-rc4 shaba:v1.6.0-rc3 shaba:v1.6.0-rc2 shaba:v1.6.0-rc1 shaba:v1.5.4 shaba:v1.5.3 shaba:v1.5.2 shaba:v1.5.1 shaba:v1.5.0 shaba:v1.5.0-rc5 shaba:v1.5.0-rc4 shaba:v1.4.6 shaba:v1.5.0-rc3 shaba:v1.5.0-rc2 shaba:v1.4.5 shaba:v1.5.0-rc1 shaba:v1.4.4 shaba:v1.4.3 shaba:v1.4.2 shaba:v1.4.1 shaba:v1.4.0 shaba:v1.4.0-rc5 shaba:v1.4.0-rc4 shaba:v1.4.0-rc3 shaba:v1.4.0-rc2 shaba:v1.3.8 shaba:v1.4.0-rc1 shaba:v1.3.7 shaba:v1.3.6 shaba:v1.3.5 shaba:v1.3.4 shaba:v1.3.3 shaba:v1.3.2 shaba:v1.3.1 shaba:v1.3.0 shaba:v1.3.0-rc3 shaba:v1.3.0-rc2 shaba:v1.3.0-rc1 shaba:v1.2.3 shaba:v1.2.2 shaba:v1.2.1 shaba:v1.2.0 shaba:v1.2.0-rc2 shaba:v1.2.0-rc1 shaba:v1.1.2 shaba:v1.1.1 shaba:v1.1.0 shaba:v1.1.0-rc4 shaba:v1.1.0-rc3 shaba:v1.1.0-rc2 shaba:v1.1.0-rc1 shaba:v1.0.3 shaba:v1.0.2 shaba:v1.0.1 shaba:v1.0.0 shaba:v1.0.0-rc3 shaba:v1.0.0-rc2 shaba:v1.0.0-rc1 shaba:v1.0.0-beta.809 shaba:v1.0.0-beta.804 shaba:v1.0.0-beta.794 shaba:v1.0.0-beta.784 shaba:v1.0.0-beta.771 shaba:v1.0.0-beta.767 shaba:v1.0.0-beta.756 shaba:v1.0.0-beta.754 shaba:v1.0.0-beta.744 shaba:v1.0.0-beta.732 shaba:v1.0.0-beta.723 shaba:v1.0.0-beta.721 shaba:v1.0.0-beta.712 shaba:v1.0.0-beta.704 shaba:v1.0.0-beta.695 shaba:v1.0.0-beta.692 shaba:v1.0.0-beta.682 shaba:v1.0.0-beta.676 shaba:v1.0.0-beta.673 shaba:v1.0.0-beta.666 shaba:v1.0.0-beta.652 shaba:v1.0.0-beta.644 shaba:v1.0.0-beta.621 shaba:v1.0.0-beta.614 shaba:v1.0.0-beta.610 shaba:v1.0.0-beta.601 shaba:v1.0.0-beta.582 shaba:v1.0.0-beta.576 shaba:v1.0.0-beta.573 shaba:v1.0.0-beta.555 shaba:v1.0.0-beta.548 shaba:v1.0.0-beta.545 shaba:v1.0.0-beta.524 shaba:v1.0.0-beta.513 shaba:v1.0.0-beta.508 shaba:v1.0.0-beta.505 shaba:v1.0.0-beta.484 shaba:v1.0.0-beta.481 shaba:v1.0.0-beta.475 shaba:v1.0.0-beta.470 shaba:v1.0.0-beta.453 shaba:v1.0.0-beta.442 shaba:v1.0.0-beta.440 shaba:v1.0.0-beta.436 shaba:v1.0.0-beta.433 shaba:v1.0.0-beta.427 shaba:v1.0.0-beta.421 shaba:v1.0.0-beta.416 shaba:v1.0.0-beta.408 shaba:v1.0.0-beta.404 shaba:v1.0.0-beta.395 shaba:v1.0.0-beta.392 shaba:v1.0.0-beta.374 shaba:v1.0.0-beta.366 shaba:v1.0.0-beta.355 shaba:v1.0.0-beta.352 shaba:v1.0.0-beta.341 shaba:v1.0.0-beta.339 shaba:v1.0.0-beta.324 shaba:v1.0.0-beta.300 shaba:v1.0.0-beta.291 shaba:v1.0.0-beta.289 shaba:v1.0.0-beta.287 shaba:v1.0.0-beta.280 shaba:v1.0.0-beta.277 shaba:v1.0.0-beta.254 shaba:v1.0.0-beta.247 shaba:v1.0.0-beta.224 shaba:v1.0.0-beta.220 shaba:v1.0.0-beta.212 shaba:v1.0.0-beta.211 shaba:v1.0.alpha.4c447985b63f8c90dcbde70b2eaef19d9a8c5ad2 shaba:v1.0.alpha.9830086790caf40ce30eb9ed5d317917f8157708 shaba:v1.0.alpha.3af21612b65fc578585a98c30090d1e613f791eb shaba:v1.0.alpha.a458018aa2ccb637abacfc696157e00321cf982f shaba:v1.0.alpha.4ded2682d2831ed703282b2f4585e17a62ee258e shaba:v1.0.alpha.0e683cc5355bc507dabac68bbc7559d3f179e185 shaba:v1.0.alpha.11781087cadf9068d1d0b43902b6161ee10ea458 shaba:v1.0.alpha.b42b170ad29a0f042ddee0f5a5098aa9a59a9c8e shaba:v1.0.alpha.a00eb81f0301f5e61024dea3b92ba632d6a61a8b shaba:v1.0.alpha.6c3c5578c64125838abbc437a0242e1742d6f47a shaba:v1.0.alpha.b84b95fe97df5c0f234d8693fbff03fa0d6a441b shaba:v1.0.alpha.1a5668377cc840a35d233a0eb817ee9bacf0ba3e shaba:v1.0.alpha.331cd173ce8ad858d767510fbcbc653e2dde657d shaba:v1.0.alpha.e0872b61579c8e6b8fc6124c8836660c11840f5d shaba:v1.0.alpha.99646544953d5793f18ccb22dae2458be4ba0e05 shaba:v1.0.alpha.7acc2beae0f0235d9408e8ed7a51f0ef3dae3aff shaba:v1.0.alpha.ac56c1310c46f9c18dcad9d7ec680926fae821bb shaba:v1.0.alpha.71b0e27517841ec7b911bafb109846ee96109f30 shaba:v1.0.alpha.60e9282f0adac48cbf283306ceb08ad7a31ac94b shaba:v1.0.alpha.522 shaba:v1.0.alpha.516 shaba:v1.0.alpha.506 shaba:v1.0.alpha.481 shaba:v1.0.alpha.477 shaba:v1.0.alpha.471 shaba:v1.0.alpha.469 shaba:v1.0.alpha.463 shaba:v1.0.alpha.450 shaba:v1.0.alpha.443 shaba:v1.0.alpha.439 shaba:v1.0.alpha.425 shaba:v1.0.alpha.421 shaba:v1.0.alpha.418 shaba:v1.0.alpha.412 shaba:v1.0.alpha.404 shaba:v1.0.alpha.392 shaba:v1.0.alpha.374 shaba:v1.0.alpha.367 shaba:v1.0.alpha.364 shaba:v1.0.alpha.361 shaba:v1.0.alpha.358 shaba:v1.0.alpha.357 shaba:v1.0.alpha.341 shaba:v1.0.alpha.338 shaba:v1.0.alpha.336 shaba:v1.0.alpha.333 shaba:v1.0.alpha.329 shaba:v1.0.alpha.311 shaba:v1.0.alpha.306 shaba:v1.0.alpha.302 shaba:v1.0.alpha.291 shaba:v1.0.alpha.290 shaba:v1.0.alpha.288 shaba:v1.0.alpha.285 shaba:v1.0.alpha.275 shaba:v1.0.alpha.274 shaba:v1.0.alpha.273 shaba:v1.0.alpha.272 shaba:v1.0.alpha.271 shaba:v1.0.alpha.270 shaba:v1.0.alpha.268 shaba:v1.0.alpha.269 shaba:v1.0.alpha.267 shaba:v1.0.alpha.266 shaba:v1.0.alpha.263 shaba:v1.0.alpha.257 shaba:v1.0.alpha.256 shaba:v1.0.alpha.251 shaba:v1.0.alpha.252 shaba:v1.0.alpha.250 shaba:v1.0.alpha.249 shaba:v1.0.alpha.247 shaba:v1.0.alpha.228 shaba:v1.0.alpha.217 shaba:v1.0.alpha.216 shaba:v1.0.alpha.215 shaba:v1.0.alpha.212 shaba:v1.0.alpha.200 shaba:v1.0.alpha.186 shaba:v1.0.alpha.182 shaba:v1.0.alpha.178 shaba:v1.0.alpha.176 shaba:v1.0.alpha.171 shaba:v1.0.alpha.170 shaba:v1.0.alpha.164 shaba:v1.0.alpha.157 shaba:v1.0
...
compare: shaba:v2.11
Branches Tags
shaba:v3.5 shaba:master shaba:v2.11 shaba:v3.4 shaba:v3.3 shaba:v3.2 shaba:v3.1 shaba:v3.0 shaba:v1.0 shaba:v1.1 shaba:v1.2 shaba:v1.3 shaba:v1.4 shaba:v2.10 shaba:v1.5 shaba:v1.6 shaba:v1.7 shaba:v2.0 shaba:v2.1 shaba:v2.2 shaba:v2.6 shaba:v2.7 shaba:v2.8 shaba:v2.9 shaba:v2.3 shaba:v2.4 shaba:v2.5
shaba:v3.5.2 shaba:v3.5.1 shaba:v2.11.29 shaba:v3.5.0 shaba:v3.4.5 shaba:v2.11.28 shaba:v3.5.0-rc2 shaba:v3.4.4 shaba:v2.11.27 shaba:v3.5.0-rc1 shaba:v3.4.3 shaba:v3.4.2 shaba:v2.11.26 shaba:v3.4.1 shaba:v2.11.25 shaba:v3.4.0 shaba:v3.3.7 shaba:v3.4.0-rc2 shaba:v3.3.6 shaba:v2.11.24 shaba:v2.11.23 shaba:v3.4.0-rc1 shaba:v3.3.5 shaba:v2.11.22 shaba:v3.3.4 shaba:v2.11.21 shaba:v3.3.3 shaba:v2.11.20 shaba:v2.11.19 shaba:v3.3.2 shaba:v2.11.18 shaba:v3.3.1 shaba:v3.2.5 shaba:v3.3.0 shaba:v3.2.4 shaba:v2.11.17 shaba:v3.3.0-rc2 shaba:v3.3.0-rc1 shaba:v3.2.3 shaba:v2.11.16 shaba:v3.2.2 shaba:v2.11.15 shaba:v3.2.1 shaba:v2.11.14 shaba:v3.2.0 shaba:v3.1.7 shaba:v2.11.13 shaba:v3.2.0-rc2 shaba:v3.1.6 shaba:v2.11.12 shaba:v3.2.0-rc1 shaba:v3.1.5 shaba:v2.11.11 shaba:v3.1.4 shaba:v2.11.10 shaba:v3.1.3 shaba:v2.11.9 shaba:v3.1.2 shaba:v2.11.8 shaba:v3.1.1 shaba:v2.11.7 shaba:v3.1.0 shaba:v3.1.0-rc3 shaba:v3.0.4 shaba:v2.11.6 shaba:v3.1.0-rc2 shaba:v3.1.0-rc1 shaba:v3.0.3 shaba:v2.11.5 shaba:v3.0.2 shaba:v2.11.4 shaba:v3.0.1 shaba:v2.11.3 shaba:v3.0.0 shaba:v3.0.0-rc5 shaba:v2.11.2 shaba:v3.0.0-rc4 shaba:v2.11.1 shaba:v3.0.0-rc3 shaba:v3.0.0-rc2 shaba:v3.0.0-rc1 shaba:v2.11.0 shaba:v2.11.0-rc2 shaba:v2.11.0-rc1 shaba:v2.10.7 shaba:v3.0.0-beta5 shaba:v2.10.6 shaba:v3.0.0-beta4 shaba:v2.10.5 shaba:v2.10.4 shaba:v3.0.0-beta3 shaba:v2.10.3 shaba:v2.10.2 shaba:v2.10.1 shaba:v2.10.0 shaba:v2.10.0-rc2 shaba:v2.9.10 shaba:v2.10.0-rc1 shaba:v2.9.9 shaba:v2.9.8 shaba:v2.9.7 shaba:v3.0.0-beta2 shaba:v2.9.6 shaba:v3.0.0-beta1 shaba:v2.9.5 shaba:v2.9.4 shaba:v2.9.3 shaba:v2.9.2 shaba:v2.9.1 shaba:v2.9.0-rc5 shaba:v2.8.8 shaba:v2.8.7 shaba:v2.9.0-rc4 shaba:v2.8.6 shaba:v2.9.0-rc3 shaba:v2.9.0-rc2 shaba:v2.9.0-rc1 shaba:v2.8.5 shaba:v2.8.4 shaba:v2.8.3 shaba:v2.8.2 shaba:v2.8.1 shaba:v2.8.0 shaba:v2.7.3 shaba:v2.8.0-rc2 shaba:v2.7.2 shaba:v2.8.0-rc1 shaba:v2.7.1 shaba:v2.7.0 shaba:v2.6.7 shaba:v2.6.6 shaba:v2.6.5 shaba:v2.6.4 shaba:v2.7.0-rc2 shaba:v2.6.3 shaba:v2.7.0-rc1 shaba:v2.6.2 shaba:v2.6.1 shaba:v2.6.0 shaba:v2.6.0-rc3 shaba:v2.5.7 shaba:v2.6.0-rc2 shaba:v2.5.6 shaba:v2.6.0-rc1 shaba:v1.7.34 shaba:v2.5.5 shaba:v2.5.4 shaba:v1.7.33 shaba:v1.7.32 shaba:v1.7.31 shaba:v2.5.3 shaba:v2.5.2 shaba:v2.5.1 shaba:v2.5.0 shaba:v2.4.14 shaba:v2.5.0-rc6 shaba:v2.5.0-rc5 shaba:v2.5.0-rc4 shaba:v2.4.13 shaba:v2.4.12 shaba:v2.5.0-rc3 shaba:v2.4.11 shaba:v2.4.10 shaba:v2.5.0-rc2 shaba:v2.5.0-rc1 shaba:v2.4.9 shaba:v1.7.30 shaba:v1.7.29 shaba:v2.4.8 shaba:v2.4.7 shaba:v2.4.6 shaba:v2.4.5 shaba:v2.4.4 shaba:v2.4.3 shaba:v2.4.2 shaba:v2.4.1 shaba:v2.4.0 shaba:v1.7.28 shaba:v1.7.27 shaba:v2.4.0-rc2 shaba:v2.3.7 shaba:v2.3.6 shaba:v2.4.0-rc1 shaba:v2.3.5 shaba:v2.3.4 shaba:v2.3.3 shaba:v2.3.2 shaba:v2.3.1 shaba:v2.3.0 shaba:v2.3.0-rc7 shaba:v2.3.0-rc6 shaba:v2.3.0-rc5 shaba:v2.2.11 shaba:v2.2.10 shaba:v2.3.0-rc4 shaba:v2.3.0-rc3 shaba:v2.2.8 shaba:v1.7.26 shaba:v2.2.7 shaba:v2.2.6 shaba:v2.3.0-rc2 shaba:v2.3.0-rc1 shaba:v1.7.25 shaba:v2.2.5 shaba:v2.2.4 shaba:v2.2.3 shaba:v2.2.2 shaba:v2.2.1 shaba:v2.2.0 shaba:v1.7.24 shaba:v2.1.9 shaba:v1.7.23 shaba:v2.2.0-rc4 shaba:v2.1.8 shaba:v2.2.0-rc3 shaba:v2.1.7 shaba:v1.7.22 shaba:v2.2.0-rc2 shaba:v2.2.0-rc1 shaba:v2.1.6 shaba:v2.1.5 shaba:v1.7.21 shaba:v2.1.4 shaba:v2.1.3 shaba:v2.1.2 shaba:v2.1.1 shaba:v2.1.0 shaba:v1.7.20 shaba:v2.0.7 shaba:v2.1.0-rc3 shaba:v2.0.6 shaba:v2.1.0-rc2 shaba:v2.1.0-rc1 shaba:v2.0.5 shaba:v2.0.4 shaba:v2.0.3 shaba:v1.7.19 shaba:v2.0.2 shaba:v2.0.1 shaba:v1.7.18 shaba:v1.7.17 shaba:v2.0.0 shaba:v2.0.0-rc4 shaba:v1.7.16 shaba:v1.7.15 shaba:v2.0.0-rc3 shaba:v2.0.0-rc2 shaba:v2.0.0-rc1 shaba:v1.7.14 shaba:v1.7.13 shaba:v2.0.0-beta1 shaba:v2.0.0-alpha8 shaba:v2.0.0-alpha7 shaba:v2.0.0-alpha6 shaba:v2.0.0-alpha5 shaba:v1.7.12 shaba:v1.7.11 shaba:v2.0.0-alpha4 shaba:v2.0.0-alpha3 shaba:v1.7.10 shaba:v2.0.0-alpha2 shaba:v2.0.0-alpha1 shaba:v1.7.9 shaba:v1.7.8 shaba:v1.7.7 shaba:v1.7.6 shaba:v1.7.5 shaba:v1.7.4 shaba:v1.7.3 shaba:v1.7.2 shaba:v1.7.1 shaba:v1.7.0 shaba:v1.7.0-rc5 shaba:v1.7.0-rc4 shaba:v1.6.6 shaba:v1.7.0-rc3 shaba:v1.7.0-rc2 shaba:v1.6.5 shaba:v1.7.0-rc1 shaba:v1.6.4 shaba:v1.6.3 shaba:v1.6.2 shaba:v1.6.1 shaba:v1.6.0 shaba:v1.6.0-rc6 shaba:v1.6.0-rc5 shaba:v1.6.0-rc4 shaba:v1.6.0-rc3 shaba:v1.6.0-rc2 shaba:v1.6.0-rc1 shaba:v1.5.4 shaba:v1.5.3 shaba:v1.5.2 shaba:v1.5.1 shaba:v1.5.0 shaba:v1.5.0-rc5 shaba:v1.5.0-rc4 shaba:v1.4.6 shaba:v1.5.0-rc3 shaba:v1.5.0-rc2 shaba:v1.4.5 shaba:v1.5.0-rc1 shaba:v1.4.4 shaba:v1.4.3 shaba:v1.4.2 shaba:v1.4.1 shaba:v1.4.0 shaba:v1.4.0-rc5 shaba:v1.4.0-rc4 shaba:v1.4.0-rc3 shaba:v1.4.0-rc2 shaba:v1.3.8 shaba:v1.4.0-rc1 shaba:v1.3.7 shaba:v1.3.6 shaba:v1.3.5 shaba:v1.3.4 shaba:v1.3.3 shaba:v1.3.2 shaba:v1.3.1 shaba:v1.3.0 shaba:v1.3.0-rc3 shaba:v1.3.0-rc2 shaba:v1.3.0-rc1 shaba:v1.2.3 shaba:v1.2.2 shaba:v1.2.1 shaba:v1.2.0 shaba:v1.2.0-rc2 shaba:v1.2.0-rc1 shaba:v1.1.2 shaba:v1.1.1 shaba:v1.1.0 shaba:v1.1.0-rc4 shaba:v1.1.0-rc3 shaba:v1.1.0-rc2 shaba:v1.1.0-rc1 shaba:v1.0.3 shaba:v1.0.2 shaba:v1.0.1 shaba:v1.0.0 shaba:v1.0.0-rc3 shaba:v1.0.0-rc2 shaba:v1.0.0-rc1 shaba:v1.0.0-beta.809 shaba:v1.0.0-beta.804 shaba:v1.0.0-beta.794 shaba:v1.0.0-beta.784 shaba:v1.0.0-beta.771 shaba:v1.0.0-beta.767 shaba:v1.0.0-beta.756 shaba:v1.0.0-beta.754 shaba:v1.0.0-beta.744 shaba:v1.0.0-beta.732 shaba:v1.0.0-beta.723 shaba:v1.0.0-beta.721 shaba:v1.0.0-beta.712 shaba:v1.0.0-beta.704 shaba:v1.0.0-beta.695 shaba:v1.0.0-beta.692 shaba:v1.0.0-beta.682 shaba:v1.0.0-beta.676 shaba:v1.0.0-beta.673 shaba:v1.0.0-beta.666 shaba:v1.0.0-beta.652 shaba:v1.0.0-beta.644 shaba:v1.0.0-beta.621 shaba:v1.0.0-beta.614 shaba:v1.0.0-beta.610 shaba:v1.0.0-beta.601 shaba:v1.0.0-beta.582 shaba:v1.0.0-beta.576 shaba:v1.0.0-beta.573 shaba:v1.0.0-beta.555 shaba:v1.0.0-beta.548 shaba:v1.0.0-beta.545 shaba:v1.0.0-beta.524 shaba:v1.0.0-beta.513 shaba:v1.0.0-beta.508 shaba:v1.0.0-beta.505 shaba:v1.0.0-beta.484 shaba:v1.0.0-beta.481 shaba:v1.0.0-beta.475 shaba:v1.0.0-beta.470 shaba:v1.0.0-beta.453 shaba:v1.0.0-beta.442 shaba:v1.0.0-beta.440 shaba:v1.0.0-beta.436 shaba:v1.0.0-beta.433 shaba:v1.0.0-beta.427 shaba:v1.0.0-beta.421 shaba:v1.0.0-beta.416 shaba:v1.0.0-beta.408 shaba:v1.0.0-beta.404 shaba:v1.0.0-beta.395 shaba:v1.0.0-beta.392 shaba:v1.0.0-beta.374 shaba:v1.0.0-beta.366 shaba:v1.0.0-beta.355 shaba:v1.0.0-beta.352 shaba:v1.0.0-beta.341 shaba:v1.0.0-beta.339 shaba:v1.0.0-beta.324 shaba:v1.0.0-beta.300 shaba:v1.0.0-beta.291 shaba:v1.0.0-beta.289 shaba:v1.0.0-beta.287 shaba:v1.0.0-beta.280 shaba:v1.0.0-beta.277 shaba:v1.0.0-beta.254 shaba:v1.0.0-beta.247 shaba:v1.0.0-beta.224 shaba:v1.0.0-beta.220 shaba:v1.0.0-beta.212 shaba:v1.0.0-beta.211 shaba:v1.0.alpha.4c447985b63f8c90dcbde70b2eaef19d9a8c5ad2 shaba:v1.0.alpha.9830086790caf40ce30eb9ed5d317917f8157708 shaba:v1.0.alpha.3af21612b65fc578585a98c30090d1e613f791eb shaba:v1.0.alpha.a458018aa2ccb637abacfc696157e00321cf982f shaba:v1.0.alpha.4ded2682d2831ed703282b2f4585e17a62ee258e shaba:v1.0.alpha.0e683cc5355bc507dabac68bbc7559d3f179e185 shaba:v1.0.alpha.11781087cadf9068d1d0b43902b6161ee10ea458 shaba:v1.0.alpha.b42b170ad29a0f042ddee0f5a5098aa9a59a9c8e shaba:v1.0.alpha.a00eb81f0301f5e61024dea3b92ba632d6a61a8b shaba:v1.0.alpha.6c3c5578c64125838abbc437a0242e1742d6f47a shaba:v1.0.alpha.b84b95fe97df5c0f234d8693fbff03fa0d6a441b shaba:v1.0.alpha.1a5668377cc840a35d233a0eb817ee9bacf0ba3e shaba:v1.0.alpha.331cd173ce8ad858d767510fbcbc653e2dde657d shaba:v1.0.alpha.e0872b61579c8e6b8fc6124c8836660c11840f5d shaba:v1.0.alpha.99646544953d5793f18ccb22dae2458be4ba0e05 shaba:v1.0.alpha.7acc2beae0f0235d9408e8ed7a51f0ef3dae3aff shaba:v1.0.alpha.ac56c1310c46f9c18dcad9d7ec680926fae821bb shaba:v1.0.alpha.71b0e27517841ec7b911bafb109846ee96109f30 shaba:v1.0.alpha.60e9282f0adac48cbf283306ceb08ad7a31ac94b shaba:v1.0.alpha.522 shaba:v1.0.alpha.516 shaba:v1.0.alpha.506 shaba:v1.0.alpha.481 shaba:v1.0.alpha.477 shaba:v1.0.alpha.471 shaba:v1.0.alpha.469 shaba:v1.0.alpha.463 shaba:v1.0.alpha.450 shaba:v1.0.alpha.443 shaba:v1.0.alpha.439 shaba:v1.0.alpha.425 shaba:v1.0.alpha.421 shaba:v1.0.alpha.418 shaba:v1.0.alpha.412 shaba:v1.0.alpha.404 shaba:v1.0.alpha.392 shaba:v1.0.alpha.374 shaba:v1.0.alpha.367 shaba:v1.0.alpha.364 shaba:v1.0.alpha.361 shaba:v1.0.alpha.358 shaba:v1.0.alpha.357 shaba:v1.0.alpha.341 shaba:v1.0.alpha.338 shaba:v1.0.alpha.336 shaba:v1.0.alpha.333 shaba:v1.0.alpha.329 shaba:v1.0.alpha.311 shaba:v1.0.alpha.306 shaba:v1.0.alpha.302 shaba:v1.0.alpha.291 shaba:v1.0.alpha.290 shaba:v1.0.alpha.288 shaba:v1.0.alpha.285 shaba:v1.0.alpha.275 shaba:v1.0.alpha.274 shaba:v1.0.alpha.273 shaba:v1.0.alpha.272 shaba:v1.0.alpha.271 shaba:v1.0.alpha.270 shaba:v1.0.alpha.268 shaba:v1.0.alpha.269 shaba:v1.0.alpha.267 shaba:v1.0.alpha.266 shaba:v1.0.alpha.263 shaba:v1.0.alpha.257 shaba:v1.0.alpha.256 shaba:v1.0.alpha.251 shaba:v1.0.alpha.252 shaba:v1.0.alpha.250 shaba:v1.0.alpha.249 shaba:v1.0.alpha.247 shaba:v1.0.alpha.228 shaba:v1.0.alpha.217 shaba:v1.0.alpha.216 shaba:v1.0.alpha.215 shaba:v1.0.alpha.212 shaba:v1.0.alpha.200 shaba:v1.0.alpha.186 shaba:v1.0.alpha.182 shaba:v1.0.alpha.178 shaba:v1.0.alpha.176 shaba:v1.0.alpha.171 shaba:v1.0.alpha.170 shaba:v1.0.alpha.164 shaba:v1.0.alpha.157 shaba:v1.0

345 Commits
v2.10.4 ... v2.11

Author SHA1 Message Date
Romain
4ff8eca572 Fix Swarm unit test for the nodeIP property 2025-08-27 09:40:05 +02:00
Romain
1986610363 Prepare release v2.11.29 2025-08-26 14:50:08 +02:00
Kevin Pollet
5cc2a8344c Bump github.com/docker/docker to v28.3.3 2025-08-20 15:52:06 +02:00
Michael
fc5359b6f6 Remove Semaphore CI 2025-08-13 10:30:06 +02:00
Michael
c5d448fba9 chore: upgrade actions/checkout to v5 2025-08-13 09:22:04 +02:00
Ludovic Fernandez
c820d18ada Bump github.com/go-acme/lego/v4 to v4.25.2 2025-08-11 14:44:05 +02:00
Michael
19a2e2efc5 Allow maintainers to run deploy documentation 2025-08-01 12:10:05 +02:00
Michel Loiseleur
bcdb70b689 Fix invalid links in documentation 2025-08-01 11:34:05 +02:00
Jesper Noordsij
9896192efb Update releases docs for v3.5 2025-07-29 16:00:06 +02:00
Romain
c6daab54e3 Prepare release v2.11.28 2025-07-23 10:34:04 +02:00
Michael
a59bcb29b5 Improve integration tests 2025-07-23 09:56:04 +02:00
Jesper Noordsij
50931813f2 Remove all mentions of ordering for TLSOption CurvePreferences field 2025-07-22 15:44:05 +02:00
Zeroday BYTE
5ef853a0c5 Fix client arbitrary file access during archive extraction zipslip 2025-07-22 14:24:05 +02:00
Romain
b2b4b66b08 Disable MPTCP by default 
Co-authored-by: Kevin Pollet <pollet.kevin@gmail.com>
 2025-07-22 11:10:05 +02:00
Harold Ozouf
27326e6569 Redact logged install configuration 2025-07-18 17:16:04 +02:00
Kevin Pollet
7ca90a4b18 Prepare release v2.11.27 2025-07-11 09:30:05 +02:00
Kevin Pollet
a3685ee9fa Bump github.com/go-viper/mapstructure/v2 to v2.3.0 2025-07-10 16:10:05 +02:00
Romain
8ae0379171 Prepare release v2.11.26 2025-06-26 11:50:04 +02:00
Romain
b0d8e08e2b Fix typo in redirect middleware documentation 2025-06-11 09:46:05 +02:00
Kevin Pollet
ae79d4e5f0 Do not log redis sentinel username and password 2025-06-04 12:08:04 +02:00
Romain
bfcef58a4f Fix KV reference rendering 2025-06-03 16:56:04 +02:00
Jesper Noordsij
f7a6f32784 Update Dockerfiles to Alpine 3.22 2025-06-03 11:24:05 +02:00
Jesper Noordsij
92f798dfcd Update supported versions 2025-06-02 16:08:04 +02:00
Michael
f174014d96 feat: parallelise unit tests 2025-06-02 11:00:05 +02:00
Kevin Pollet
cd16321dd9 Bump to go1.24 
Co-authored-by: Romain <rtribotte@users.noreply.github.com>
 2025-06-02 10:36:05 +02:00
Romain
5f35c88805 Prepare release v2.11.25 2025-05-27 12:10:05 +02:00
Romain
23c7c78a1a Add HTTP/2 maxConcurrentStream parameter test 2025-05-27 09:34:04 +02:00
Kevin Pollet
08d5dfee01 Normalize request path 
Co-authored-by: Romain <rtribotte@users.noreply.github.com>
 2025-05-23 15:10:05 +02:00
Romain
b669981018 Fix panic for ingress with backend resource 
Co-authored-by: Kevin Pollet <pollet.kevin@gmail.com>
 2025-05-23 14:56:05 +02:00
Sheddy
aa5f2b92d4 Fix broken link in documentation 2025-05-16 12:02:04 +02:00
Michael
6b9738e675 GOGC empty default value for build 2025-05-14 09:32:04 +02:00
borja ortiz llamas
b82290ac5b Adding garbage collector as variable in compilation 2025-05-13 16:02:04 +02:00
Patrick Evans
49b598d087 tests: create redis sentinel config with permissive perms 2025-05-12 14:30:04 +02:00
Sheddy
448785d830 Add multi-tenant TLS guidance to the docs 2025-05-07 09:16:04 +02:00
Romain
9bc71b0010 Add a note about how to disable connection reuse with backends 2025-04-28 09:10:04 +02:00
Romain
160edff257 Change version for path sanitization migration guide 2025-04-18 10:42:04 +02:00
Romain
8816cb86a4 Prepare release v2.11.24 2025-04-18 09:34:04 +02:00
Sheddy
316be0782c Add content-length best practice documentation 2025-04-18 08:12:04 +02:00
Kevin Pollet
14da838a21 Bump github.com/redis/go-redis/v9 to v9.7.3 2025-04-17 16:56:05 +02:00
Romain
a75b2384ea Prepare release v2.11.23 2025-04-17 11:56:03 +02:00
Kevin Pollet
8bdca45861 Bump gopkg.in/DataDog/dd-trace-go.v1 to v1.72.2 2025-04-17 11:48:04 +02:00
Kevin Pollet
7442162e3f Bump golang.org/x/net to v0.38.0 2025-04-17 10:16:04 +02:00
Romain
dd5cb68cb1 Sanitize request path 2025-04-17 10:02:04 +02:00
Ludovic Fernandez
299a16f0a4 Bump github.com/go-acme/lego/v4 to v4.23.1 2025-04-17 09:20:04 +02:00
Landry Benguigui
545f2feacc Add Content-Length header to preflight response 2025-04-16 15:00:05 +02:00
Romain
e3caaf0791 Bump golang.org/x/oauth2 to v0.28.0 2025-04-16 11:58:04 +02:00
Ludovic Fernandez
f794f8a294 chore: update linter 2025-04-11 10:56:05 +02:00
YapWC
8cf22207b5 Typo fix on the Explanation Section for User Guide HTTP Challenge. 2025-04-11 10:18:04 +02:00
Romain
b7be71c02a Prepare release v2.11.22 2025-03-31 09:48:04 +02:00
Adam Duke
6e9d713668 Bump github.com/vulcand/oxy/v2 to v2.0.3 2025-03-31 09:24:06 +02:00
Rohit Lohar
ddb32ef86f Allow underscore character in hostSNI matcher 2025-03-28 11:36:04 +01:00
Kevin Pollet
2087e11f55 Bump nokogiri to 1.18.6 and html-proofer to 5.0.10 2025-03-26 17:52:05 +01:00
Romain
a5d46fc6ef Change boolean module properties default value to undefined 2025-03-26 10:22:05 +01:00
Kevin Pollet
84742275a4 Bump golang.org/x/net to v0.37.0 2025-03-26 10:06:05 +01:00
Kevin Pollet
54a2d657f3 Bump github.com/redis/go-redis/v9 to v9.6.3 2025-03-26 09:48:05 +01:00
Kevin Pollet
08b90ade94 Bump github.com/golang-jwt/jwt to v4.5.2 and v5.2.2 2025-03-26 09:30:05 +01:00
Romain
8ba99adc50 Error level log for configuration-related TLS errors with backends 
Co-authored-by: Kevin Pollet <pollet.kevin@gmail.com>
 2025-03-21 11:00:06 +01:00
Kevin Pollet
b02946147d Bump golang.org/x/net to v0.36.0 2025-03-14 09:24:05 +01:00
Nicolas Mengin
137c632793 Add Security Support 2025-03-14 09:10:04 +01:00
nmengin
e76b65f44d Add Security Support column in deprecation section 2025-03-13 17:08:15 +01:00
Gérald Croës
55ebaee4a7 Clarifies that retry middleware uses TCP, not HTTP status codes 2025-03-13 09:44:04 +01:00
Romain
4ff76e13c4 Remove documentation for OriginStatusLine and DownstreamStatusLine accessLogs fields 2025-03-11 15:32:04 +01:00
Eng Zer Jun
14e400bcd0 Bump AWS SDK to v2 2025-03-10 11:50:04 +01:00
Michel Loiseleur
7cfd10db62 Update codegen to v0.30.10 2025-03-05 10:20:05 +01:00
Alan
9d8a42111f Add tip for dynamic configuration updates of Redis 2025-02-28 14:18:05 +01:00
Kevin Pollet
0dfd12ee61 Bump github.com/go-jose/go-jose/v4 to v4.0.5 2025-02-25 14:06:04 +01:00
Kevin Pollet
a3fd484728 Prepare release v2.11.21 2025-02-24 15:32:06 +01:00
Kevin Pollet
f196de90e1 Enable the retry middleware in the proxy 
Co-authored-by: Romain <rtribotte@users.noreply.github.com>
 2025-02-21 11:36:05 +01:00
Kevin Pollet
c2a294c872 Retry should send headers on Write 
Co-authored-by: Romain <rtribotte@users.noreply.github.com>
 2025-02-21 10:52:04 +01:00
Ludovic Fernandez
8e5d4c6ae9 Bum github.com/go-acme/lego/v4 to v4.22.2 2025-02-21 09:36:04 +01:00
Kevin Pollet
eb07a5ca1a Bump github.com/traefik/paerser to v0.2.2 
Co-authored-by: Romain <rtribotte@users.noreply.github.com>
 2025-02-14 11:24:04 +01:00
Ludovic Fernandez
84e20aa9c3 chore: update linter 2025-02-12 10:02:04 +01:00
Romain
4e441d09ed Prepare release v2.11.20 2025-01-31 15:16:04 +01:00
khai-pi
8f5dd7bd9d Change docker-compose to docker compose 2025-01-31 14:30:05 +01:00
Julien Salleyron
86315e0f18 Fix ACME write when traefik is shutting down 2025-01-31 11:06:04 +01:00
Kevin Pollet
c20af070e3 Set check-latest to true in Go setup 2025-01-30 14:06:04 +01:00
Kevin Pollet
8593581cbf Fix integration tests for HTTPS 2025-01-29 17:04:05 +01:00
Romain
8103992977 Prepare release v2.11.19 2025-01-29 11:36:08 +01:00
Kevin Pollet
c5b92b5260 Do not create a logger instance for each proxy 2025-01-27 11:24:04 +01:00
DoubleREW
c19cf125e8 Fix auto refresh not clearing on component unmount 2025-01-21 14:58:04 +01:00
Nelson Isioma
435d28c790 changing log message when client cert is not available to debug 2025-01-17 09:42:04 +01:00
Kevin Pollet
8272be0eda Remove awesome.traefik.io reference in documentation section 2025-01-13 10:28:04 +01:00
Kevin Pollet
d2414feaff Add test to check that SettingEnableConnectProtocol frame is not sent 2025-01-08 11:02:37 +01:00
Kevin Pollet
1aa450c028 Prepare release v2.11.18 2025-01-07 16:24:04 +01:00
Romain
f9ff6049d3 Disable http2 connect setting for websocket by default 
Co-authored-by: Kevin Pollet <pollet.kevin@gmail.com>
Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com>
Co-authored-by: Michael <michael.matur@gmail.com>
 2025-01-07 16:12:04 +01:00
Michael
ee8305549a Allow release only on traefik/traefik repo 2025-01-06 10:28:04 +01:00
Kevin Pollet
a31b026364 Prepare release v2.11.17 2025-01-06 10:00:07 +01:00
Thomas Francis
20d496268c Fix typo in basicauth note 2025-01-06 09:36:08 +01:00
Ludovic Fernandez
5f3c30e37b chore: update linter 2025-01-03 09:58:04 +01:00
Ludovic Fernandez
38ac1e75a2 Update go-acme/lego to v4.21.0 2025-01-02 12:46:04 +01:00
Kevin Pollet
109a8712cc Update copyright for 2025 2025-01-02 12:08:04 +01:00
Hannes Braun
278e739242 Fix allowACMEByPass TOML example 2024-12-30 16:08:03 +01:00
Michael
db31a4c961 Add webui static files in release tarball 2024-12-20 16:46:04 +01:00
Kevin Pollet
35ce6baaae Bump golang.org/x/net to v0.33.0 2024-12-20 14:36:06 +01:00
Daniel Anugerah
95f20fc753 Configure ErrorLog in httputil.ReverseProxy 2024-12-20 14:18:04 +01:00
Kevin Pollet
1c0094048b Prepare release v2.11.16 2024-12-16 10:48:04 +01:00
Romain
590ddfc990 Update nokogiri gem to v1.16.8 2024-12-12 15:12:04 +01:00
Kevin Pollet
39d7b77609 Bump Dockerfile to Alpine v3.21 2024-12-12 14:44:05 +01:00
Romain
74e0abf8bf Update golang.org/x dependencies 2024-12-12 13:02:04 +01:00
Kevin Pollet
cc14c165c0 Prepare release v2.11.15 2024-12-10 14:18:04 +01:00
Michael
f2ba4353b2 Fix experimental build ci 2024-12-10 12:12:05 +01:00
Michael
42df9afeaf Fix release by using github action 2024-12-06 16:56:06 +01:00
Kevin Pollet
2df655cefe Update github.com/quic-go/quic-go to v0.48.2 2024-12-06 16:36:05 +01:00
Ludovic Fernandez
c120b70483 Update go-acme/lego to v4.20.4 2024-11-22 09:54:04 +01:00
Kevin Pollet
8eadfbb990 Prepare release v2.11.14 2024-11-20 15:26:04 +01:00
Julien Salleyron
cc80568d9e Fix internal handlers ServiceBuilder composition 2024-11-19 14:52:04 +01:00
Kevin Pollet
8ffd1854db Fix the defaultRule CLI examples 2024-11-18 14:40:05 +01:00
bluepuma77
6baa110adb Update access-logs.md, add examples for accesslog.format 2024-11-18 11:58:04 +01:00
Antoine
5658c8ac06 Fix spelling, grammar, and rephrase sections for clarity in some documentation pages 2024-11-18 11:42:04 +01:00
davefu113
1c80f12bc2 Apply keepalive config to h2c entrypoints 2024-11-18 09:56:04 +01:00
Michel Loiseleur
ef5f1b1508 Improve documentation on dashboard 2024-11-14 11:14:04 +01:00
Kevin Pollet
8c19652361 Fix absolute link in the migration guide 2024-11-12 17:06:03 +01:00
Kevin Pollet
e5c80637fc Add X-Forwarded-Prefix to the migration guide 
Co-authored-by: Romain <rtribotte@users.noreply.github.com>
 2024-11-12 15:04:04 +01:00
Ludovic Fernandez
f437fb4230 chore: update linter 2024-11-12 10:56:06 +01:00
Ludovic Fernandez
9c50129520 Update go-acme/lego to v4.20.2 2024-11-12 10:32:09 +01:00
Dominik Schwaiger
00a5f4c401 Fix a small typo in entrypoints documentation 2024-11-12 10:14:04 +01:00
Romain
a79cdd1dfa Change level of peeking first byte error log to DEBUG 
Co-authored-by: Kevin Pollet <pollet.kevin@gmail.com>
 2024-11-08 14:28:08 +01:00
Romain
2096fd7081 Drop untrusted X-Forwarded-Prefix header 
Co-authored-by: Kevin Pollet <pollet.kevin@gmail.com>
 2024-11-08 12:12:35 +01:00
Anchal Sharma
6f18344c56 Add a warning about environment variables casing for static configuration 2024-10-30 10:54:04 +01:00
Kevin Pollet
08fe27ce5f Prepare release v2.11.13 2024-10-28 10:22:04 +01:00
Anton Bartsits
27948493aa Panic on aborted requests to properly close the connection 2024-10-25 15:44:04 +02:00
Dylan Rodgers
edc0a52b5a Updates to Business Callouts in Docs 2024-10-24 09:52:04 +02:00
Michael
3d2336bc83 Use golangci-lint action 2024-10-23 17:06:04 +02:00
Ludovic Fernandez
7edb9a2101 Bump github.com/go-acme/lego to v4.19.2 2024-10-09 16:04:04 +02:00
Kevin Pollet
934ca5fd22 Prepare release v2.11.12 2024-10-09 14:32:04 +02:00
Kevin Pollet
7b477f762a Upgrade to node 22.9 and yarn lock to fix vulnerabilities 
Co-authored-by: Romain <rtribotte@users.noreply.github.com>
 2024-10-08 17:52:04 +02:00
Dylan Rodgers
157cf75e38 Update business callout in docs 2024-10-08 12:06:04 +02:00
Jesper Noordsij
ab35b3266a Ensure shellcheck failure exit code is reflected in GH job result 2024-10-08 11:58:05 +02:00
Dmitry Romashov
0a6b8780f0 Adopt a layout for the large amount of entrypoint port numbers 2024-10-08 10:44:04 +02:00
Kevin Pollet
fc563d3f6e Fix the resolved TAG_NAME for commit in multiple tags 2024-10-07 09:32:05 +02:00
Kevin Pollet
306d3f277d Bump github.com/klauspost/compress to dbd6c381492a 2024-10-04 10:48:04 +02:00
Ludovic Fernandez
6f7649fccc Bump golangci-lint to 1.61.0 2024-10-04 09:38:04 +02:00
Matt Brown
e8ab3af74d Clarify only header fields may be redacted in access-logs 2024-10-03 16:28:04 +02:00
Kevin Pollet
518caa79f9 Prepare release v2.11.11 2024-10-02 11:10:04 +02:00
Mathieu
4d6cb6af03 Ensure defaultGeneratedCert.main as Subject's CN 2024-09-30 12:10:05 +02:00
Kevin Pollet
9eb804a689 Bump github.com/klauspost/compress to 8e14b1b5a913 2024-09-30 11:56:04 +02:00
Rémi BUISSON
2bb712135d Specify default format value for access log 2024-09-27 15:34:04 +02:00
Michel Heusschen
14e5d4b4b3 Remove unused boot files from webui 2024-09-27 15:22:04 +02:00
lyrandy
e485edbe9f Update API documentation to mention pagination 2024-09-27 15:00:06 +02:00
Romain
61bb3ab991 Rework condition to not log on timeout 2024-09-27 11:34:05 +02:00
Romain
a42d396ed2 Clean connection headers for forward auth request only 
Co-authored-by: Kevin Pollet <pollet.kevin@gmail.com>
 2024-09-27 11:18:05 +02:00
Romain
b00f640d72 Prepare release v2.11.10 2024-09-19 12:08:04 +02:00
Kevin Pollet
ac42dd8f83 Check if ACME certificate resolver is not nil 2024-09-19 11:50:04 +02:00
Romain
4b5968e0cc Bump github.com/quic-go/quic-go to v0.47.0 2024-09-19 11:36:04 +02:00
Kevin Pollet
06d7fab820 Prepare release v2.11.9 2024-09-16 15:26:12 +02:00
Andrea Cappuccio
f90f9df1db Ensure proper logs for aborted streaming responses 2024-09-16 12:06:03 +02:00
Kevin Pollet
5841441005 Cleanup Connection headers before passing the middleware chain 
Co-authored-by: Romain <rtribotte@users.noreply.github.com>
 2024-09-16 11:10:04 +02:00
Romain
0cf2032c15 Allow handling ACME challenges with custom routers 2024-09-13 15:54:04 +02:00
Josh Soref
d547b943df Spelling 2024-09-13 11:40:04 +02:00
Roman Donchenko
71d4b3b13c Make the keys of the accessLog.fields.names map case-insensitive 2024-09-13 10:04:07 +02:00
Josh Soref
be5c429825 Unify tab titles 2024-09-09 10:10:06 +02:00
tired-engineer
3f74993f4a Fix typo in multiple DNS challenge provider warning 2024-09-03 14:40:04 +02:00
Michael
6009aaed87 Improve CI speed 2024-09-03 09:44:04 +02:00
Ludovic Fernandez
bf71560515 Update go-acme/lego to v4.18.0 2024-09-02 15:42:05 +02:00
Michael
1417da4a21 Update k8s quickstart permissions 2024-08-29 11:08:09 +02:00
Michael
3040f2659a Upgrade paerser to v0.2.1 2024-08-29 10:54:05 +02:00
Patrick Evans
3a80aa172c Give valid examples for exposing dashboard with default Helm values 2024-08-29 10:40:05 +02:00
Michel Loiseleur
e56ae1a766 Update to go1.23 2024-08-28 15:00:06 +02:00
Michel Loiseleur
d2030a5835 Upgrade webui dependencies 2024-08-27 18:08:03 +02:00
Kevin Pollet
e7dc097901 Prevent error logging when TCP WRR pool is empty 2024-08-12 14:08:05 +02:00
Romain
0eb0a15aa1 Remove documention for unimplemented service retries metric 2024-08-07 09:52:08 +02:00
Romain
6b1adabeb5 Prepare release v2.11.8 2024-08-06 14:50:04 +02:00
Michael
ea019be133 Upgrade webui dependencies 2024-08-01 11:00:06 +02:00
Michael
02de683b94 Fix embedded youtube video 2024-08-01 09:30:04 +02:00
Romain
8970ae9199 Update to github.com/docker/docker v27.1.1 2024-07-31 16:20:04 +02:00
Dylan Rodgers
0f7af2b4e7 Updated index.md to include video 2024-07-31 10:00:05 +02:00
Romain
210400905f Prepare release v2.11.7 2024-07-30 14:14:03 +02:00
Michel Loiseleur
ba6b4cbcc3 chore(ci): fix deprecation and optimization 2024-07-29 15:58:04 +02:00
Michel Loiseleur
898eab20ac Improve error and documentation on the needed link between router and service 2024-07-29 15:39:06 +02:00
Michel Loiseleur
5a70910dce Improve explanation on API exposition 2024-07-29 12:12:04 +02:00
Mathias Brodala
3ba53df005 Document Docker port selection on multiple exposed ports 2024-07-29 10:22:04 +02:00
Jesper Noordsij
0f4e72d522 Update the supported versions table for v3.1 release 2024-07-25 15:14:04 +02:00
Romain
70dd7cdc71 Enforce default cipher suites list 
Co-authored-by: Kevin Pollet <pollet.kevin@gmail.com>
 2024-07-23 16:30:05 +02:00
peacewalker122
c3e943658a Modify certificatesDuration documentation 2024-07-23 14:34:04 +02:00
Michael
a5df24a21d Upgrade dependencies 2024-07-19 14:52:04 +02:00
James McBride
f5a811d8fa Make the log about new version more accurate 2024-07-17 09:28:03 +02:00
Emile Vauge
127c0a7542 Improve doc on sensitive data stored into labels/tags 2024-07-11 14:40:07 +02:00
Emile Vauge
f32884d9b8 Update PR approval process 2024-07-10 11:46:03 +02:00
Kevin Pollet
927f0bc01a Prepare release v2.11.6 2024-07-02 14:22:03 +02:00
Michael
900784a95a Disable QUIC 0-RTT 
Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com>
 2024-07-02 10:48:04 +02:00
ciacon
98c624bf1a Fix a typo in the ACME docker-compose docs 2024-07-01 17:12:04 +02:00
Michael
f3479f532b Fix ECS config for OIDC + IRSA 2024-07-01 16:50:04 +02:00
Jeroen De Meerleer
8946dd1898 Remove interface names from IPv6 2024-07-01 16:26:04 +02:00
Stephan Hochdörfer
12fae2ebb8 Fix typo in keepAliveMaxTime docs 2024-07-01 14:08:04 +02:00
Dylan Rodgers
2090baa938 Update Advanced Capabilities Callout 2024-06-26 09:30:04 +02:00
Emile Vauge
2798e18e18 Update maintainers 2024-06-21 11:10:04 +02:00
Michael
097e71ad24 fix: readme badge 2024-06-21 08:54:03 +02:00
Romain
385ff5055c Prepare release v2.11.5 2024-06-18 12:00:04 +02:00
Michael
69424a16a5 fix: etcd image no more compatible 2024-06-13 10:20:04 +02:00
Nicolas Mengin
f9f22b7b70 Update the supported versions table 2024-06-12 12:06:04 +02:00
Ludovic Fernandez
6706bb1612 Update go-acme/lego to v4.17.4 2024-06-12 09:08:03 +02:00
Romain
21c6edcf58 Prepare release v2.11.4 2024-06-10 15:16:04 +02:00
Michel Loiseleur
5c48e3c96c chore(ci): improve webui build and lint 2024-06-07 16:56:04 +02:00
Dmitry Romashov
c23c3e0ed3 Run UI tests on the CI 2024-06-07 11:06:05 +02:00
Henrik Norlin
cdf0c8b3ec Add user guides link to getting started 2024-06-06 15:46:03 +02:00
Jesper Noordsij
b368e71337 Bump Docker images use for documentation to Alpine 3.20 2024-06-05 16:58:05 +02:00
Cornelius Roemer
bfda5e607f Remove helm default repo warning as repo has been long deprecated 2024-05-30 17:46:04 +02:00
Dusty Gutzmann
0f0cc420e1 docs(ratelimit requestheader): add note concerning behavior if header is missing 
Co-authored-by: Romain <rtribotte@users.noreply.github.com>
 2024-05-29 10:40:05 +02:00
Ludovic Fernandez
9250b5937d Update go-acme/lego to v4.17.3 2024-05-29 09:16:07 +02:00
R. P. Taylor
4406c337d4 fix .com and .org domain in documentation 2024-05-27 15:12:03 +02:00
Ludovic Fernandez
ed10bc5833 chore: update linter 2024-05-27 09:46:08 +02:00
Jesper Noordsij
05828bab07 Bump Dockerfile Alpine to v3.20 2024-05-23 16:24:04 +02:00
Kevin Pollet
f02b223639 Prepare release v2.11.3 2024-05-21 16:16:05 +02:00
Dmitry Romashov
d4d23dce72 Fix UI unit tests 2024-05-21 15:26:04 +02:00
Fontany--Legall Brandon
42920595ad Display of Content Security Policy values getting out of screen 2024-05-17 16:18:04 +02:00
Michel Loiseleur
d8cf90dade Improve mirroring example on Kubernetes 2024-05-13 15:42:04 +02:00
Marvin Stenger
ee3e7cbbec chore: patch migration/v2.md 2024-04-25 14:54:04 +02:00
Jesper Noordsij
f84e00e481 Consistent entryPoints capitalization in CLI flag usage 2024-04-22 17:24:04 +02:00
Jesper Noordsij
fe0af1ec4b Use latest Ubuntu (LTS) image consistenly across GitHub workflow 2024-04-22 17:04:05 +02:00
Sid Karunaratne
e3729ec600 Fix HTTPRoute path type 2024-04-19 11:06:04 +02:00
Sid Karunaratne
20d6c19c30 Fix HTTPRoute use of backendRefs 2024-04-19 10:44:04 +02:00
Kevin Pollet
7a7b03eb01 Fix unfinished migration sentence for v2.11.2 2024-04-18 16:24:04 +02:00
Dmitry Romashov
ea4f307fcd Fix provider icon size 2024-04-18 16:04:04 +02:00
Romain
70968bc6a9 Remove deadlines for non-TLS connections 
Co-authored-by: Kevin Pollet <pollet.kevin@gmail.com>
 2024-04-15 17:02:06 +02:00
Romain
b9b7527762 Prepare release v2.11.2 2024-04-11 17:36:03 +02:00
Romain
240b83b773 Set default ReadTimeout value to 60s 
Co-authored-by: Kevin Pollet <pollet.kevin@gmail.com>
 2024-04-11 17:18:03 +02:00
Romain
584839e00b Prepare release v2.11.2 2024-04-11 16:08:04 +02:00
Kevin Pollet
099c7e9444 Revert LingeringTimeout and change default value for ReadTimeout 
Co-authored-by: Romain <rtribotte@users.noreply.github.com>
 2024-04-11 15:48:04 +02:00
Romain
d53f5f01a0 Prepare release v2.11.1 2024-04-10 11:52:03 +02:00
Maxine Aubrey
4e11bf3c38 Adjust ECS network interface detection logic 2024-04-10 10:42:04 +02:00
Dmitry Romashov
1a266c661a Add a horizontal scroll for the mobile view 2024-04-10 10:22:11 +02:00
Massimiliano D
19e6170fa5 Modify the Hub Button 2024-04-10 09:50:04 +02:00
guangwu
76723b1288 Close created file in ACME local store CheckFile func 2024-04-09 13:12:04 +02:00
Romain
cef842245c Introduce Lingering Timeout 
Co-authored-by: Baptiste Mayelle <baptiste.mayelle@traefik.io>
Co-authored-by: Kevin Pollet <pollet.kevin@gmail.com>
 2024-04-08 17:16:04 +02:00
Michel Loiseleur
e5062cef42 chore: update dependencies 2024-04-05 15:14:04 +02:00
Martijn Cremer
998c6174cd Improved documentation about Nomad ACL minimum rights 2024-04-05 10:14:03 +02:00
Michel Loiseleur
d3516aec31 docs: excludedIPs with IPWhiteList and IPAllowList middleware 2024-04-04 11:32:05 +02:00
Michel Loiseleur
945ff9b0f9 chore(ci): fix and update codeql 2024-04-03 19:08:03 +02:00
Ludovic Fernandez
bbd5846c6a Update Yaegi to v0.16.1 2024-04-03 18:46:03 +02:00
Baptiste Mayelle
2bc3fa7b4b Reserve priority range for internal routers 
Co-authored-by: Romain <rtribotte@users.noreply.github.com>
 2024-04-02 17:04:05 +02:00
Romain
c31f5df854 Enforce handling of ACME-TLS/1 challenges 
Co-authored-by: Baptiste Mayelle <baptiste.mayelle@traefik.io>
Co-authored-by: Kevin Pollet <pollet.kevin@gmail.com>
 2024-03-29 11:36:05 +01:00
Michel Loiseleur
167bdb0d53 docs: improve middleware example 2024-03-28 14:36:04 +01:00
Romain
7f29595c0a Allow empty replacement with ReplacePathRegex middleware 2024-03-26 13:28:04 +01:00
arukiidou
3fcf265d80 Move from http.FileServer to http.FileServerFS 2024-03-25 20:22:05 +01:00
Baptiste Mayelle
d94e676083 Enforce failure for TCP HostSNI with hostname 
Co-authored-by: Romain <rtribotte@users.noreply.github.com>
 2024-03-25 11:08:04 +01:00
Ludovic Fernandez
141abce2d5 chore: update linter 2024-03-20 10:26:03 +01:00
shivanipawar00
fc875b38e0 Added specification for TCP TLS routers in documentation 2024-03-19 16:00:05 +01:00
Emile Vauge
75790e0ab8 Add sdelicata to maintainers 2024-03-14 16:54:04 +01:00
Emile Vauge
1391c35978 Add youkoulayley to maintainers 2024-03-14 16:18:04 +01:00
Michael
83e4abdb30 Fix dashboard exposition through a router 2024-03-13 15:56:04 +01:00
Romain
4e1e2f5ed0 Bump Elastic APM to v2.4.8 2024-03-12 18:26:05 +01:00
Daniel Wendler
5cf1b95c29 Fix host header mention in prometheus metrics doc 2024-03-11 14:52:04 +01:00
Domi
74daa4cbb3 Update gandiv5 env variable in providers table 2024-03-11 12:06:04 +01:00
Ludovic Fernandez
4fd5fca34f Update go-acme/lego to v4.16.1 2024-03-11 09:18:03 +01:00
Romain
31a93d5045 Fix log when default TLSStore and TLSOptions are defined multiple times 2024-03-06 14:32:04 +01:00
luigir-it
4cb5825d11 Fix paragraph in entrypoints and Docker docs 2024-03-06 14:12:04 +01:00
Andrea Cappuccio
15f50553e9 Make text more readable in dark mode 2024-03-05 15:10:05 +01:00
Michael
b4ca02da86 Fix multiple dns provider documentation 2024-03-05 14:54:04 +01:00
Marc Mognol
deab4dae8e Fix default value for peerCertURI option 2024-02-26 15:20:05 +01:00
Andi Sardina Ramos
f7edb394f2 chore(webui): Migrate to Quasar 2.x and Vue.js 3.x 2024-02-26 15:02:04 +01:00
Kevin Pollet
153765f99f Allow to configure TLSStore default generated certificate with labels 2024-02-26 10:02:06 +01:00
Baptiste Mayelle
453e21c7c9 fix: add ipallowlist in dashboard 2024-02-19 16:50:05 +01:00
Ludovic Fernandez
8b759ab797 fix: int overflow during doc generation on 32 bit arch 2024-02-19 16:02:04 +01:00
Ludovic Fernandez
88a2020817 chore: update linter 2024-02-19 15:44:03 +01:00
Ludovic Fernandez
1034646ae2 Update releases page 2024-02-19 14:46:03 +01:00
Ludovic Fernandez
538f780a85 Update goreleaser configuration 2024-02-16 10:08:04 +01:00
Ludovic Fernandez
b931c8ae9b Update releases page 2024-02-16 09:54:04 +01:00
Ludovic Fernandez
1e7dbc70a0 fix: don't allow routers higher than internal ones 2024-02-15 16:40:05 +01:00
xpac1985
6a2db4e4e9 Fix typo in statsd metrics docs 2024-02-15 15:20:04 +01:00
Michael
1ea98d3d31 Fix codename 2024-02-14 10:26:07 +01:00
Michael
0c8778639a Prepare release v2.11.0 2024-02-12 16:14:04 +01:00
Robert Burton
8f29398573 Update the documentation for RateLimit to provide a better example 2024-02-12 09:44:11 +01:00
Julien Salleyron
676de5fb68 Fix file watcher 2024-02-09 11:08:05 +01:00
Ludovic Fernandez
d5cb9b50f4 Update to go1.22 
Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com>
 2024-02-07 17:14:07 +01:00
Julien Salleyron
e11ff98608 Fix NTLM and Kerberos 2024-02-06 17:34:07 +01:00
Andi Sardina Ramos
8f9ad16f54 chore: Upgrade Node.js version 2024-02-06 09:00:07 +01:00
Michael
5d8b1949b7 fix: upgrade actions/upload-artifact to v4 2024-02-01 14:08:06 +01:00
Massimiliano D
f1104ada65 Fixes the Header Button 2024-02-01 10:52:07 +01:00
Immánuel!
3ba3ca6eb0 Fix the keepAlive options for the CLI examples 2024-01-31 17:00:06 +01:00
Asad Rizvi
4d539273ad docs: include ECS as supported backend 2024-01-29 18:50:05 +01:00
Ludovic Fernandez
ef0e9c6f05 Update go-acme/lego to v4.15.0 2024-01-29 15:10:05 +01:00
Andi Sardina Ramos
49f04f2772 fix: URL encode resource's id before calling API endpoints 2024-01-25 09:56:05 +01:00
Ludovic Fernandez
03d2e35488 fix: remove snapshot from release target 2024-01-24 18:54:05 +01:00
Romain
547cd81599 Prepare release v2.11.0-rc2 2024-01-24 15:20:09 +01:00
Halimao
b5251c6ac4 misc(Makefile): add help target to display the help msg 2024-01-24 11:58:05 +01:00
Julien Salleyron
9befe0dd51 Fix flaky test 2024-01-23 16:46:05 +01:00
Michael
177c4b0ed1 fix: flakiness test on configuration watcher 2024-01-22 16:52:05 +01:00
Michael
8da38ec0a5 fix: tailscale is required for Docker Desktop users 2024-01-19 15:44:05 +01:00
Michael
a6d462f6e8 feat: upgrade gh-action os 2024-01-19 15:12:05 +01:00
Michael
39b0aa6650 Improve makefile 2024-01-17 11:12:05 +01:00
Michael
34d2a816c2 Enhance gendoc for Generating Static and Dynamic Reference Configuration Files 2024-01-16 10:32:05 +01:00
James Rasell
3a461d2f23 deps: update the Nomad API dependency to v1.7.2 2024-01-12 14:22:05 +01:00
Oliver Dvorski
e78374aa29 docs: slightly rewords the documentation 2024-01-10 15:12:07 +01:00
Michael
e522446909 Improve integration tests 
Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com>
 2024-01-09 17:00:07 +01:00
Ludovic Fernandez
cd8d5b8f10 chore: update github.com/docker/docker to v24.0.7 2024-01-05 15:10:05 +01:00
Baptiste Mayelle
eff294829f Add missing TCP IPAllowList middleware constructor 
Co-authored-by: Romain <rtribotte@users.noreply.github.com>
 2024-01-04 14:58:05 +01:00
Michael
9adf0fb638 Prepare release v2.11.0-rc1 2024-01-03 11:12:05 +01:00
Julien Salleyron
56e2110dc5 Fix readHeaderTimeout in proxyproto 2024-01-02 22:02:05 +01:00
Ludovic Fernandez
5be13802dc chore: update github.com/fsnotify/fsnotify to v1.7.0 2024-01-02 20:58:06 +01:00
Ludovic Fernandez
7345afd8b6 Update quic-go to v0.40.1 2024-01-02 20:36:06 +01:00
Romain
a84d5c0ef1 Adjust deprecation notice for Kubernetes CRD provider 
Co-authored-by: Baptiste Mayelle <baptiste.mayelle@traefik.io>
 2024-01-02 20:04:06 +01:00
youpsla
2a9471d278 docs: fix typo 2024-01-02 19:12:06 +01:00
Domenico Andreoli
0042562678 docs: fix the explanation of the TLS challenge 2024-01-02 18:46:05 +01:00
Ari Yonaty
74ab88d47e docs: fix description for anonymous usage statistics references 2024-01-02 18:20:06 +01:00
sven
6df9578ace Update wording of compose example 2024-01-02 17:56:06 +01:00
sven
cd7d324295 Documentation enhancements 2024-01-02 17:30:06 +01:00
Landry Benguigui
0e92b02474 Deprecate IPWhiteList middleware in favor of IPAllowList 
Co-authored-by: Kevin Pollet <pollet.kevin@gmail.com>
 2024-01-02 17:04:06 +01:00
Julien Salleyron
9662cdca64 Add KeepAliveMaxTime and KeepAliveMaxRequests features to entrypoints 2024-01-02 16:40:06 +01:00
Baptiste Mayelle
3dfaa3d5fa Add Redis Sentinel support 
Co-authored-by: Romain <rtribotte@users.noreply.github.com>
 2024-01-02 16:16:05 +01:00
Baptiste Mayelle
60123a8f3f Hash WRR sticky cookies 
Co-authored-by: Romain <rtribotte@users.noreply.github.com>
 2024-01-02 15:52:05 +01:00
Michael
2a7b2ef772 chore: happy new year 2024 2024-01-02 15:28:09 +01:00
Ludovic Fernandez
0a79643001 Prepare release v2.10.7 2023-12-06 16:42:09 +01:00
Suyash Choudhary
e77a66c2ac Fixed datadog logs json format issue 2023-12-06 14:36:05 +01:00
Romain
dae0491b61 Prepare release v2.10.6 2023-11-28 15:46:10 +01:00
Никита Тимофеев
f4ddf25e41 Fixed stripPrefix middleware is not applied to retried attempts 2023-11-24 09:30:06 +01:00
Michael
789046f162 feat: upgrade codegen for kubernetes to v0.28.3 2023-11-22 11:28:06 +01:00
Romain
186e3e1541 Refuse recursive requests 
Co-authored-by: Michael <michael.matur@gmail.com>
 2023-11-21 15:08:06 +01:00
Arend Hummeling
088fe3c270 docs: improve errorpages examples to avoid confusion 2023-11-17 16:30:06 +01:00
Ludovic Fernandez
553ef94047 chore: update linter 2023-11-17 01:50:06 +01:00
Landry Benguigui
12e50e20e6 Deny request with fragment in URL path 
Co-authored-by: Kevin Pollet <pollet.kevin@gmail.com>
 2023-11-16 16:54:07 +01:00
Gérald Croës
cd326654a7 Guidelines Update 2023-11-15 11:24:05 +01:00
Gérald Croës
3de29433f8 docs: better visibility of the review process + maintainers team 2023-11-14 08:44:06 +01:00
Baptiste Mayelle
84516f962d Remove backoff for http challenge 
Co-authored-by: Romain <rtribotte@users.noreply.github.com>
 2023-11-13 15:58:09 +01:00
Suyash Choudhary
f92b03a44d Rephrase BasicAuth and DigestAuth docs 2023-11-10 09:32:05 +01:00
Kevin Pollet
085b70c94e chore: update github.com/hashicorp/consul/api 
Co-authored-by: lbenguigui <lbenguigui@gmail.com>
 2023-11-09 16:58:06 +01:00
Kevin Pollet
0e66ed87f8 Add @lbenguigui to maintainers 2023-11-09 15:28:05 +01:00
Michael
679975beec fix: datadog tracer 2023-10-27 09:14:05 +02:00
Romain
8faed97e74 Add a mention for the host header in metrics headers labels doc 
Co-authored-by: Baptiste Mayelle <baptiste.mayelle@traefik.io>
 2023-10-18 13:44:05 +02:00
Tom Moulard
0b4c582088 Update quic-go to v0.39.1 2023-10-17 17:00:06 +02:00
Michael
6a34f238ce Prepare release v2.10.5 2023-10-11 15:50:05 +02:00
Romain
4b2c763cf3 update x/net and grpc/grpc-go 
Co-authored-by: Kevin Pollet <pollet.kevin@gmail.com>
Co-authored-by: lbenguigui <lbenguigui@gmail.com>
 2023-10-11 12:48:05 +02:00
Dave Bendit
d03d8d53fd Add missing accessControlAllowOriginListRegex to middleware view 2023-10-11 09:52:05 +02:00
Romain
e95fde5652 Fix preflight response status in access logs 
Co-authored-by: lbenguigui <lbenguigui@gmail.com>
 2023-09-29 12:18:06 +02:00
Niall Newman
ab7993428d Improve CNAME flattening to avoid unnecessary error logging 2023-09-28 12:00:06 +02:00
Romain
b966215e6c Move origin fields capture to service level 
Co-authored-by: lbenguigui <lbenguigui@gmail.com>
 2023-09-27 15:22:06 +02:00
Harold Ozouf
b786f58f80 fix: false positive in url anonymization 2023-09-26 08:28:25 +02:00
Yakun Sun
173154cf59 Ignore ErrKeyNotFound error for the KV provider 2023-09-25 16:38:07 +02:00
Ludovic Fernandez
c3880a69ca Update quic-go to v0.39.0 2023-09-25 09:08:07 +02:00
Romain
4d63eb30f9 Allow X-Forwarded-For delete operation 
Co-authored-by: landrybe <lbenguigui@gmail.com>
 2023-09-22 11:00:07 +02:00
Dylan Rodgers
dbc679dc30 Updates business callout in the documentation 2023-09-13 18:38:05 +02:00
Thomas Decaux
fc7f732029 doc: fix accessControlAllowHeaders examples 2023-09-12 23:52:05 +02:00
JabJ
ba912e1a93 Change Arvancloud URL 2023-09-09 15:26:05 +02:00
Weida Hong
3216c8ab10 Adjust forward auth to avoid connection leak 2023-09-09 12:36:05 +02:00
Ludovic Fernandez
561c580701 Update quic-go to v0.38.1 2023-09-05 09:34:05 +02:00
Ludovic Fernandez
3fd5c747a2 Update go-acme/lego to v4.14.0 2023-08-22 10:02:05 +02:00
Ludovic Fernandez
b6b6cef3da Update quic-go to v0.38.0 2023-08-22 09:36:05 +02:00
Ludovic Fernandez
d651d1e7cf Update quic-go to v0.37.6 2023-08-21 09:10:05 +02:00
Ludovic Fernandez
6f22b9e0a7 Update quic-go to v0.37.5 2023-08-17 15:40:05 +02:00
Ludovic Fernandez
f29325c679 Update to go1.21 2023-08-16 17:50:06 +02:00
Ludovic Fernandez
57780d8004 Update go-acme/lego to v4.13.3 2023-08-14 15:30:06 +02:00
Romain
1d85515aac Remove healthcheck interval configuration warning 2023-08-08 18:10:05 +02:00
Aaron
d948784d38 correct minor typo in crd-acme docs 2023-08-08 10:00:05 +02:00
Michael
1ddb0afb24 fix: reduce disk usage during release 
Co-authored-by: Ludovic Fernandez <ldez@users.noreply.github.com>
 2023-08-04 12:26:05 +02:00
Ludovic Fernandez
f518676238 Replace old security form by the GitHub report system 2023-07-27 16:50:06 +02:00
Alex Zhang
db3e8a7f5a docs: describe the missing db parameter in redis provider 2023-07-27 16:02:05 +02:00
799 changed files with 30637 additions and 24819 deletions
Expand all files Collapse all files

2
.dockerignore
View File

@@ -1,5 +1,5 @@
dist/
!dist/traefik
!dist/**/traefik
site/
vendor/
.idea/

4
.github/PULL_REQUEST_TEMPLATE.md vendored
View File

@@ -2,11 +2,11 @@
PLEASE READ THIS MESSAGE.
Documentation fixes or enhancements:
- for Traefik v2: use branch v2.10
- for Traefik v2: use branch v2.11
- for Traefik v3: use branch v3.0
Bug fixes:
- for Traefik v2: use branch v2.10
- for Traefik v2: use branch v2.11
- for Traefik v3: use branch v3.0
Enhancements:

90
.github/workflows/build.yaml vendored
View File

@@ -4,76 +4,78 @@ on:
pull_request:
branches:
- '*'
paths-ignore:
- 'docs/**'
- '**.md'
- 'script/gcg/**'
env:
GO_VERSION: '1.20'
GO_VERSION: '1.24'
CGO_ENABLED: 0
IN_DOCKER: ""
jobs:
build-webui:
runs-on: ubuntu-20.04
steps:
- name: Check out code
uses: actions/checkout@v2
with:
fetch-depth: 0
- name: Build webui
run: |
make clean-webui generate-webui
tar czvf webui.tar.gz ./webui/static/
- name: Artifact webui
uses: actions/upload-artifact@v2
with:
name: webui.tar.gz
path: webui.tar.gz
uses: ./.github/workflows/template-webui.yaml
build:
runs-on: ${{ matrix.os }}
runs-on: ubuntu-latest
strategy:
matrix:
os: [ ubuntu-20.04, macos-latest, windows-latest ]
os: [ darwin, freebsd, linux, openbsd, windows ]
arch: [ amd64, arm64 ]
include:
- os: freebsd
arch: 386
- os: linux
arch: 386
- os: linux
arch: arm
goarm: 6
- os: linux
arch: arm
goarm: 7
- os: linux
arch: ppc64le
- os: linux
arch: riscv64
- os: linux
arch: s390x
- os: openbsd
arch: 386
- os: windows
arch: 386
needs:
- build-webui
defaults:
run:
working-directory: ${{ github.workspace }}/go/src/github.com/traefik/traefik
steps:
- name: Set up Go ${{ env.GO_VERSION }}
uses: actions/setup-go@v2
with:
go-version: ${{ env.GO_VERSION }}
- name: Check out code
uses: actions/checkout@v2
uses: actions/checkout@v5
with:
path: go/src/github.com/traefik/traefik
fetch-depth: 0
- name: Cache Go modules
uses: actions/cache@v3
- name: Set up Go ${{ env.GO_VERSION }}
uses: actions/setup-go@v5
env:
ImageOS: ${{ matrix.os }}-${{ matrix.arch }}-${{ matrix.goarm }}
with:
path: |
~/go/pkg/mod
~/.cache/go-build
~/Library/Caches/go-build
'%LocalAppData%\go-build'
key: ${{ runner.os }}-build-go-${{ hashFiles('**/go.sum') }}
restore-keys: ${{ runner.os }}-build-go-
go-version: ${{ env.GO_VERSION }}
check-latest: true
- name: Artifact webui
uses: actions/download-artifact@v2
uses: actions/download-artifact@v4
with:
name: webui.tar.gz
path: ${{ github.workspace }}/go/src/github.com/traefik/traefik
- name: Untar webui
run: tar xvf webui.tar.gz
run: |
tar xvf webui.tar.gz
rm webui.tar.gz
- name: Build
env:
GOOS: ${{ matrix.os }}
GOARCH: ${{ matrix.arch }}
GOARM: ${{ matrix.goarm }}
run: make binary

4
.github/workflows/check_doc.yml vendored
View File

@@ -9,11 +9,11 @@ jobs:
docs:
name: Check, verify and build documentation
runs-on: ubuntu-20.04
runs-on: ubuntu-latest
steps:
- name: Check out code
uses: actions/checkout@v2
uses: actions/checkout@v5
with:
fetch-depth: 0

14
.github/workflows/codeql.yml vendored
View File

@@ -28,11 +28,17 @@ jobs:
steps:
- name: Checkout repository
uses: actions/checkout@v3
uses: actions/checkout@v5
- name: setup go
uses: actions/setup-go@v5
if: ${{ matrix.language == 'go' }}
with:
go-version-file: 'go.mod'
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file.
@@ -46,7 +52,7 @@ jobs:
# Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/autobuild@v2
uses: github/codeql-action/autobuild@v3
# Command-line programs to run using the OS shell.
# 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -59,6 +65,6 @@ jobs:
# ./location_of_script_within_repo/buildscript.sh
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2
uses: github/codeql-action/analyze@v3
with:
category: "/language:${{matrix.language}}"

13
.github/workflows/documentation.yml vendored
View File

@@ -1,6 +1,7 @@
name: Build and Publish Documentation
on:
workflow_dispatch: {}
push:
branches:
- master
@@ -14,17 +15,17 @@ jobs:
docs:
name: Doc Process
runs-on: ubuntu-20.04
runs-on: ubuntu-latest
if: github.repository == 'traefik/traefik'
steps:
- name: Check out code
uses: actions/checkout@v2
uses: actions/checkout@v5
with:
fetch-depth: 0
- name: Login to DockerHub
uses: docker/login-action@v1
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
@@ -39,9 +40,9 @@ jobs:
run: curl -sSfL https://raw.githubusercontent.com/traefik/mixtus/master/godownloader.sh | sh -s -- -b $HOME/bin ${MIXTUS_VERSION}
- name: Build documentation
run: $HOME/bin/structor -o traefik -r traefik --dockerfile-url="https://raw.githubusercontent.com/traefik/traefik/v1.7/docs.Dockerfile" --menu.js-url="https://raw.githubusercontent.com/traefik/structor/master/traefik-menu.js.gotmpl" --rqts-url="https://raw.githubusercontent.com/traefik/structor/master/requirements-override.txt" --force-edit-url --exp-branch=master --debug
env:
STRUCTOR_LATEST_TAG: ${{ vars.STRUCTOR_LATEST_TAG }}
run: |
STRUCTOR_LATEST_TAG=$(curl -s https://api.github.com/repos/traefik/traefik/releases/latest | jq -r '.tag_name')
$HOME/bin/structor -o traefik -r traefik --dockerfile-url="https://raw.githubusercontent.com/traefik/traefik/v1.7/docs.Dockerfile" --menu.js-url="https://raw.githubusercontent.com/traefik/structor/master/traefik-menu.js.gotmpl" --rqts-url="https://raw.githubusercontent.com/traefik/structor/master/requirements-override.txt" --force-edit-url --exp-branch=master --debug
- name: Apply seo
run: $HOME/bin/seo -path=./site -product=traefik

53
.github/workflows/experimental.yaml vendored
View File

@@ -6,32 +6,65 @@ on:
- master
- v*
env:
GO_VERSION: '1.24'
CGO_ENABLED: 0
jobs:
build-webui:
if: github.repository == 'traefik/traefik'
uses: ./.github/workflows/template-webui.yaml
experimental:
if: github.repository == 'traefik/traefik'
name: Build experimental image on branch
runs-on: ubuntu-20.04
runs-on: ubuntu-latest
steps:
# https://github.com/marketplace/actions/checkout
- name: Check out code
uses: actions/checkout@v2
uses: actions/checkout@v5
with:
fetch-depth: 0
- name: Set up Go ${{ env.GO_VERSION }}
uses: actions/setup-go@v5
env:
ImageOS: ${{ matrix.os }}-${{ matrix.arch }}-${{ matrix.goarm }}
with:
go-version: ${{ env.GO_VERSION }}
check-latest: true
- name: Build
run: make generate binary
- name: Branch name
run: echo ${GITHUB_REF##*/}
- name: Build docker experimental image
run: docker build -t traefik/traefik:experimental-${GITHUB_REF##*/} -f exp.Dockerfile .
- name: Login to Docker Hub
uses: docker/login-action@v1
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Push to Docker Hub
run: docker push traefik/traefik:experimental-${GITHUB_REF##*/}
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Artifact webui
uses: actions/download-artifact@v4
with:
name: webui.tar.gz
- name: Untar webui
run: |
tar xvf webui.tar.gz
rm webui.tar.gz
- name: Build docker experimental image
env:
DOCKER_BUILDX_ARGS: "--push"
run: |
make multi-arch-image-experimental-${GITHUB_REF##*/}

136
.github/workflows/release.yaml vendored Normal file
View File

@@ -0,0 +1,136 @@
name: Release
on:
push:
tags:
- 'v*.*.*'
env:
GO_VERSION: '1.24'
CGO_ENABLED: 0
VERSION: ${{ github.ref_name }}
TRAEFIKER_EMAIL: "traefiker@traefik.io"
CODENAME: mimolette
jobs:
build-webui:
if: github.ref_type == 'tag' && github.repository == 'traefik/traefik'
uses: ./.github/workflows/template-webui.yaml
build:
if: github.ref_type == 'tag' && github.repository == 'traefik/traefik'
runs-on: ubuntu-latest
strategy:
matrix:
os: [ linux-amd64, linux-386, linux-arm, linux-arm64, linux-ppc64le, linux-s390x, linux-riscv64, darwin, windows-amd64, windows-arm64, windows-386, freebsd, openbsd ]
needs:
- build-webui
steps:
- name: Check out code
uses: actions/checkout@v5
with:
fetch-depth: 0
- name: Set up Go ${{ env.GO_VERSION }}
uses: actions/setup-go@v5
env:
# Ensure cache consistency on Linux, see https://github.com/actions/setup-go/pull/383
ImageOS: ${{ matrix.os }}
with:
go-version: ${{ env.GO_VERSION }}
check-latest: true
- name: Artifact webui
uses: actions/download-artifact@v4
with:
name: webui.tar.gz
- name: Untar webui
run: |
tar xvf webui.tar.gz
rm webui.tar.gz
- name: Go generate
run: go generate
- name: Generate goreleaser file
run: |
GORELEASER_CONFIG_FILE_PATH=$(go run ./internal/release "${{ matrix.os }}")
echo "GORELEASER_CONFIG_FILE_PATH=$GORELEASER_CONFIG_FILE_PATH" >> $GITHUB_ENV
- name: Build with goreleaser
uses: goreleaser/goreleaser-action@v6
with:
distribution: goreleaser
# 'latest', 'nightly', or a semver
version: '~> v2'
args: release --clean --timeout="90m" --config "${{ env.GORELEASER_CONFIG_FILE_PATH }}"
- name: Artifact binaries
uses: actions/upload-artifact@v4
with:
name: ${{ matrix.os }}-binaries
path: |
dist/**/*_checksums.txt
dist/**/*.tar.gz
dist/**/*.zip
retention-days: 1
release:
if: github.ref_type == 'tag' && github.repository == 'traefik/traefik'
runs-on: ubuntu-latest
needs:
- build
steps:
- name: Check out code
uses: actions/checkout@v5
with:
fetch-depth: 0
- name: Artifact webui
uses: actions/download-artifact@v4
with:
name: webui.tar.gz
- name: Untar webui
run: |
tar xvf webui.tar.gz
rm webui.tar.gz
- name: Retrieve the secret and decode it to a file
env:
TRAEFIKER_RSA: ${{ secrets.TRAEFIKER_RSA }}
run: |
mkdir -p ~/.ssh
echo "${TRAEFIKER_RSA}" | base64 --decode > ~/.ssh/traefiker_rsa
- name: Download All Artifacts
uses: actions/download-artifact@v4
with:
path: dist/
pattern: "*-binaries"
merge-multiple: true
- name: Publish Release
env:
GH_TOKEN: ${{ github.token }}
run: |
cat dist/**/*_checksums.txt >> "dist/traefik_${VERSION}_checksums.txt"
rm dist/**/*_checksums.txt
tar cfz "dist/traefik-${VERSION}.src.tar.gz" \
--exclude-vcs \
--exclude .idea \
--exclude .github \
--exclude dist .
chown -R "$(id -u)":"$(id -g)" dist/
gh release create ${VERSION} ./dist/**/traefik*.{zip,tar.gz} ./dist/traefik*.{tar.gz,txt} --repo traefik/traefik --title ${VERSION} --notes ${VERSION} --latest=false
./script/deploy.sh

37
.github/workflows/template-webui.yaml vendored Normal file
View File

@@ -0,0 +1,37 @@
name: Build Web UI
on:
workflow_call: {}
jobs:
build-webui:
runs-on: ubuntu-latest
steps:
- name: Check out code
uses: actions/checkout@v5
with:
fetch-depth: 0
- name: Setup node
uses: actions/setup-node@v4
with:
node-version-file: webui/.nvmrc
cache: yarn
cache-dependency-path: webui/yarn.lock
- name: Build webui
working-directory: ./webui
run: |
yarn install
yarn build
- name: Package webui
run: |
tar czvf webui.tar.gz ./webui/static/
- name: Artifact webui
uses: actions/upload-artifact@v4
with:
name: webui.tar.gz
path: webui.tar.gz
retention-days: 1

105
.github/workflows/test-integration.yaml vendored Normal file
View File

@@ -0,0 +1,105 @@
name: Test Integration
on:
pull_request:
branches:
- '*'
paths-ignore:
- 'docs/**'
- '**.md'
- 'script/gcg/**'
env:
GO_VERSION: '1.24'
CGO_ENABLED: 0
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Check out code
uses: actions/checkout@v5
with:
fetch-depth: 0
- name: Set up Go ${{ env.GO_VERSION }}
uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
check-latest: true
- name: Avoid generating webui
run: touch webui/static/index.html
- name: Build binary
run: make binary-linux-amd64
- name: Save go cache build
uses: actions/cache/save@v4
with:
path: |
~/.cache/go-build
key: ${{ runner.os }}-go-build-cache-${{ env.GO_VERSION }}-${{ hashFiles('**/go.sum') }}
- name: Artifact traefik binary
uses: actions/upload-artifact@v4
with:
name: traefik
path: ./dist/linux/amd64/traefik
retention-days: 1
test-integration:
runs-on: ubuntu-latest
needs:
- build
strategy:
fail-fast: true
matrix:
parallel: [12]
index: [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11]
steps:
- name: Check out code
uses: actions/checkout@v5
with:
fetch-depth: 0
- name: Set up Go ${{ env.GO_VERSION }}
uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
check-latest: true
- name: Avoid generating webui
run: touch webui/static/index.html
- name: Download traefik binary
uses: actions/download-artifact@v4
with:
name: traefik
path: ./dist/linux/amd64/
- name: Make binary executable
run: chmod +x ./dist/linux/amd64/traefik
- name: Restore go cache build
uses: actions/cache/restore@v4
with:
path: |
~/.cache/go-build
key: ${{ runner.os }}-go-build-cache-${{ env.GO_VERSION }}-${{ hashFiles('**/go.sum') }}
- name: Generate go test Slice
id: test_split
uses: hashicorp-forge/go-test-split-action@v2.0.0
with:
packages: ./integration
total: ${{ matrix.parallel }}
index: ${{ matrix.index }}
- name: Run Integration tests
run: |
TESTS=$(echo "${{ steps.test_split.outputs.run}}" | sed 's/\$/\$\$/g')
TESTFLAGS="-run \"${TESTS}\"" make test-integration

88
.github/workflows/test-unit.yaml vendored
View File

@@ -4,43 +4,83 @@ on:
pull_request:
branches:
- '*'
paths-ignore:
- 'docs/**'
- '**.md'
- 'script/gcg/**'
env:
GO_VERSION: '1.20'
IN_DOCKER: ""
GO_VERSION: '1.24'
jobs:
test-unit:
runs-on: ubuntu-20.04
defaults:
run:
working-directory: ${{ github.workspace }}/go/src/github.com/traefik/traefik
generate-packages:
name: List Go Packages
runs-on: ubuntu-latest
outputs:
matrix: ${{ steps.set-matrix.outputs.matrix }}
steps:
- name: Set up Go ${{ env.GO_VERSION }}
uses: actions/setup-go@v2
with:
go-version: ${{ env.GO_VERSION }}
- name: Check out code
uses: actions/checkout@v2
uses: actions/checkout@v5
with:
path: go/src/github.com/traefik/traefik
fetch-depth: 0
- name: Cache Go modules
uses: actions/cache@v3
- name: Set up Go ${{ env.GO_VERSION }}
uses: actions/setup-go@v5
with:
path: |
~/go/pkg/mod
~/.cache/go-build
key: ${{ runner.os }}-test-unit-go-${{ hashFiles('**/go.sum') }}
restore-keys: ${{ runner.os }}-test-unit-go-
go-version: ${{ env.GO_VERSION }}
check-latest: true
- name: Generate matrix
id: set-matrix
run: |
matrix_output=$(go run ./internal/testsci/genmatrix.go)
echo "$matrix_output"
echo "$matrix_output" >> $GITHUB_OUTPUT
test-unit:
runs-on: ubuntu-latest
needs: generate-packages
strategy:
matrix:
package: ${{ fromJson(needs.generate-packages.outputs.matrix) }}
steps:
- name: Check out code
uses: actions/checkout@v5
with:
fetch-depth: 0
- name: Set up Go ${{ env.GO_VERSION }}
uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
check-latest: true
- name: Avoid generating webui
run: touch webui/static/index.html
- name: Tests
run: make test-unit
run: |
go test -v -parallel 8 ${{ matrix.package.group }}
test-ui-unit:
runs-on: ubuntu-latest
steps:
- name: Check out code
uses: actions/checkout@v5
with:
fetch-depth: 0
- name: Set up Node.js ${{ env.NODE_VERSION }}
uses: actions/setup-node@v4
with:
node-version-file: webui/.nvmrc
cache: 'yarn'
cache-dependency-path: webui/yarn.lock
- name: UI unit tests
run: |
yarn --cwd webui install
yarn --cwd webui test:unit:ci

88
.github/workflows/validate.yaml vendored
View File

@@ -6,84 +6,74 @@ on:
- '*'
env:
GO_VERSION: '1.20'
GOLANGCI_LINT_VERSION: v1.53.1
MISSSPELL_VERSION: v0.4.0
IN_DOCKER: ""
GO_VERSION: '1.24'
GOLANGCI_LINT_VERSION: v2.0.2
MISSPELL_VERSION: v0.6.0
jobs:
validate:
runs-on: ubuntu-20.04
defaults:
run:
working-directory: ${{ github.workspace }}/go/src/github.com/traefik/traefik
lint:
runs-on: ubuntu-latest
steps:
- name: Set up Go ${{ env.GO_VERSION }}
uses: actions/setup-go@v2
with:
go-version: ${{ env.GO_VERSION }}
- name: Check out code
uses: actions/checkout@v2
uses: actions/checkout@v5
with:
path: go/src/github.com/traefik/traefik
fetch-depth: 0
- name: Cache Go modules
uses: actions/cache@v3
- name: Set up Go ${{ env.GO_VERSION }}
uses: actions/setup-go@v5
with:
path: |
~/go/pkg/mod
~/.cache/go-build
key: ${{ runner.os }}-validate-go-${{ hashFiles('**/go.sum') }}
restore-keys: ${{ runner.os }}-validate-go-
go-version: ${{ env.GO_VERSION }}
check-latest: true
- name: Install golangci-lint ${{ env.GOLANGCI_LINT_VERSION }}
run: curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin ${GOLANGCI_LINT_VERSION}
- name: golangci-lint
uses: golangci/golangci-lint-action@v7
with:
version: "${{ env.GOLANGCI_LINT_VERSION }}"
- name: Install missspell ${{ env.MISSSPELL_VERSION }}
run: curl -sfL https://raw.githubusercontent.com/golangci/misspell/master/install-misspell.sh | sh -s -- -b $(go env GOPATH)/bin ${MISSSPELL_VERSION}
validate:
runs-on: ubuntu-latest
steps:
- name: Check out code
uses: actions/checkout@v5
with:
fetch-depth: 0
- name: Set up Go ${{ env.GO_VERSION }}
uses: actions/setup-go@v5
with:
go-version: ${{ env.GO_VERSION }}
check-latest: true
- name: Install misspell ${{ env.MISSPELL_VERSION }}
run: curl -sfL https://raw.githubusercontent.com/golangci/misspell/HEAD/install-misspell.sh | sh -s -- -b $(go env GOPATH)/bin ${MISSPELL_VERSION}
- name: Avoid generating webui
run: touch webui/static/index.html
- name: Validate
run: make validate
run: make validate-files
validate-generate:
runs-on: ubuntu-20.04
defaults:
run:
working-directory: ${{ github.workspace }}/go/src/github.com/traefik/traefik
runs-on: ubuntu-latest
steps:
- name: Set up Go ${{ env.GO_VERSION }}
uses: actions/setup-go@v2
with:
go-version: ${{ env.GO_VERSION }}
- name: Check out code
uses: actions/checkout@v2
uses: actions/checkout@v5
with:
path: go/src/github.com/traefik/traefik
fetch-depth: 0
- name: Cache Go modules
uses: actions/cache@v3
- name: Set up Go ${{ env.GO_VERSION }}
uses: actions/setup-go@v5
with:
path: |
~/go/pkg/mod
~/.cache/go-build
key: ${{ runner.os }}-validate-generate-go-${{ hashFiles('**/go.sum') }}
restore-keys: ${{ runner.os }}-validate-generate-go-
go-version: ${{ env.GO_VERSION }}
check-latest: true
- name: go generate
run: |
go generate
make generate
git diff --exit-code
- name: go mod tidy

558
.golangci.yml
View File

@@ -1,271 +1,313 @@
run:
timeout: 10m
skip-files: []
skip-dirs:
- pkg/provider/kubernetes/crd/generated/
version: "2"
linters-settings:
govet:
enable-all: true
disable:
- shadow
- fieldalignment
gocyclo:
min-complexity: 14
goconst:
min-len: 3
min-occurrences: 4
misspell:
locale: US
funlen:
lines: -1
statements: 120
forbidigo:
forbid:
- ^print(ln)?$
- ^spew\.Print(f|ln)?$
- ^spew\.Dump$
depguard:
rules:
main:
deny:
- pkg: "github.com/instana/testify"
desc: not allowed
- pkg: "github.com/pkg/errors"
desc: Should be replaced by standard lib errors package
godox:
keywords:
- FIXME
importas:
no-unaliased: true
alias:
- alias: composeapi
pkg: github.com/docker/compose/v2/pkg/api
# Standard Kubernetes rewrites:
- alias: corev1
pkg: "k8s.io/api/core/v1"
- alias: netv1
pkg: "k8s.io/api/networking/v1"
- alias: netv1beta1
pkg: "k8s.io/api/networking/v1beta1"
- alias: admv1
pkg: "k8s.io/api/admission/v1"
- alias: admv1beta1
pkg: "k8s.io/api/admission/v1beta1"
- alias: extv1beta1
pkg: "k8s.io/api/extensions/v1beta1"
- alias: metav1
pkg: "k8s.io/apimachinery/pkg/apis/meta/v1"
- alias: ktypes
pkg: "k8s.io/apimachinery/pkg/types"
- alias: kerror
pkg: "k8s.io/apimachinery/pkg/api/errors"
- alias: kclientset
pkg: "k8s.io/client-go/kubernetes"
- alias: kinformers
pkg: "k8s.io/client-go/informers"
- alias: ktesting
pkg: "k8s.io/client-go/testing"
- alias: kschema
pkg: "k8s.io/apimachinery/pkg/runtime/schema"
- alias: kscheme
pkg: "k8s.io/client-go/kubernetes/scheme"
- alias: kversion
pkg: "k8s.io/apimachinery/pkg/version"
- alias: kubefake
pkg: "k8s.io/client-go/kubernetes/fake"
- alias: discoveryfake
pkg: "k8s.io/client-go/discovery/fake"
# Kubernetes Gateway rewrites:
- alias: gateclientset
pkg: "sigs.k8s.io/gateway-api/pkg/client/clientset/gateway/versioned"
- alias: gateinformers
pkg: "sigs.k8s.io/gateway-api/pkg/client/informers/gateway/externalversions"
- alias: gatev1alpha2
pkg: "sigs.k8s.io/gateway-api/apis/v1alpha2"
# Traefik Kubernetes rewrites:
- alias: containousv1alpha1
pkg: "github.com/traefik/traefik/v2/pkg/provider/kubernetes/crd/traefikcontainous/v1alpha1"
- alias: traefikv1alpha1
pkg: "github.com/traefik/traefik/v2/pkg/provider/kubernetes/crd/traefikio/v1alpha1"
- alias: traefikclientset
pkg: "github.com/traefik/traefik/v2/pkg/provider/kubernetes/crd/generated/clientset/versioned"
- alias: traefikinformers
pkg: "github.com/traefik/traefik/v2/pkg/provider/kubernetes/crd/generated/informers/externalversions"
- alias: traefikscheme
pkg: "github.com/traefik/traefik/v2/pkg/provider/kubernetes/crd/generated/clientset/versioned/scheme"
- alias: traefikcrdfake
pkg: "github.com/traefik/traefik/v2/pkg/provider/kubernetes/crd/generated/clientset/versioned/fake"
tagalign:
align: false
sort: true
order:
- description
- json
- toml
- yaml
- yml
- label
- label-slice-as-struct
- file
- kv
- export
revive:
rules:
- name: struct-tag
- name: blank-imports
- name: context-as-argument
- name: context-keys-type
- name: dot-imports
- name: error-return
- name: error-strings
- name: error-naming
- name: exported
disabled: true
- name: if-return
- name: increment-decrement
- name: var-naming
- name: var-declaration
- name: package-comments
disabled: true
- name: range
- name: receiver-naming
- name: time-naming
- name: unexported-return
- name: indent-error-flow
- name: errorf
- name: empty-block
- name: superfluous-else
- name: unused-parameter
disabled: true
- name: unreachable-code
- name: redefines-builtin-id
gomoddirectives:
replace-allow-list:
- github.com/abbot/go-http-auth
- github.com/go-check/check
- github.com/gorilla/mux
- github.com/mailgun/minheap
- github.com/mailgun/multibuf
- github.com/jaguilar/vt100
formatters:
enable:
- gci
- gofumpt
exclusions:
generated: lax
paths:
- pkg/provider/kubernetes/crd/generated/
linters:
enable-all: true
default: all
disable:
- deadcode # deprecated
- exhaustivestruct # deprecated
- golint # deprecated
- ifshort # deprecated
- interfacer # deprecated
- maligned # deprecated
- nosnakecase # deprecated
- scopelint # deprecated
- scopelint # deprecated
- structcheck # deprecated
- varcheck # deprecated
- sqlclosecheck # not relevant (SQL)
- rowserrcheck # not relevant (SQL)
- execinquery # not relevant (SQL)
- bodyclose # too many false-positive
- containedctx # too many false-positive
- contextcheck # too many false-positive
- cyclop # duplicate of gocyclo
- lll # Not relevant
- gocyclo # FIXME must be fixed
- gocognit # Too strict
- nestif # Too many false-positive.
- prealloc # Too many false-positive.
- makezero # Not relevant
- dupl # Too strict
- gosec # Too strict
- gochecknoinits
- gochecknoglobals
- wsl # Too strict
- nlreturn # Not relevant
- gomnd # Too strict
- stylecheck # skip because report issues related to some generated files.
- testpackage # Too strict
- tparallel # Not relevant
- paralleltest # Not relevant
- err113 # Too strict
- exhaustive # Not relevant
- exhaustruct # Not relevant
- goerr113 # Too strict
- wrapcheck # Too strict
- noctx # Too strict
- bodyclose # too many false-positive
- forcetypeassert # Too strict
- tagliatelle # Too strict
- varnamelen # Not relevant
- nilnil # Not relevant
- ireturn # Not relevant
- contextcheck # too many false-positive
- containedctx # too many false-positive
- maintidx # kind of duplicate of gocyclo
- nonamedreturns # Too strict
- gochecknoglobals
- gochecknoinits
- gocognit # Too strict
- gocyclo # FIXME must be fixed
- gosec # Too strict
- gosmopolitan # not relevant
- ireturn # Not relevant
- lll # Not relevant
- maintidx # kind of duplicate of gocyclo
- makezero # Not relevant
- mnd # Too strict
- nestif # Too many false-positive.
- nilnil # Not relevant
- nlreturn # Not relevant
- noctx # Too strict
- nonamedreturns # Too strict
- paralleltest # Not relevant
- prealloc # Too many false-positive.
- rowserrcheck # not relevant (SQL)
- sqlclosecheck # not relevant (SQL)
- tagliatelle # Too strict
- testpackage # Too strict
- tparallel # Not relevant
- varnamelen # Not relevant
- wrapcheck # Too strict
- wsl # Too strict
settings:
depguard:
rules:
main:
deny:
- pkg: github.com/instana/testify
desc: not allowed
- pkg: github.com/pkg/errors
desc: Should be replaced by standard lib errors package
errcheck:
exclude-functions:
- fmt.Fprintln
forbidigo:
forbid:
- pattern: ^print(ln)?$
- pattern: ^spew\.Print(f|ln)?$
- pattern: ^spew\.Dump$
funlen:
lines: -1
statements: 120
goconst:
min-len: 3
min-occurrences: 4
gocyclo:
min-complexity: 14
godox:
keywords:
- FIXME
gomoddirectives:
toolchain-pattern: go1\.\d+\.\d+$
tool-forbidden: true
go-version-pattern: ^1\.\d+(\.0)?$
replace-allow-list:
- github.com/abbot/go-http-auth
- github.com/gorilla/mux
- github.com/mailgun/minheap
- github.com/mailgun/multibuf
- github.com/jaguilar/vt100
- github.com/cucumber/godog
govet:
enable-all: true
disable:
- shadow
- fieldalignment
importas:
no-unaliased: true
alias:
- pkg: github.com/docker/compose/v2/pkg/api
alias: composeapi
# Standard Kubernetes rewrites:
- pkg: k8s.io/api/core/v1
alias: corev1
- pkg: k8s.io/api/networking/v1
alias: netv1
- pkg: k8s.io/api/networking/v1beta1
alias: netv1beta1
- pkg: k8s.io/api/admission/v1
alias: admv1
- pkg: k8s.io/api/admission/v1beta1
alias: admv1beta1
- pkg: k8s.io/api/extensions/v1beta1
alias: extv1beta1
- pkg: k8s.io/apimachinery/pkg/apis/meta/v1
alias: metav1
- pkg: k8s.io/apimachinery/pkg/types
alias: ktypes
- pkg: k8s.io/apimachinery/pkg/api/errors
alias: kerror
- pkg: k8s.io/client-go/kubernetes
alias: kclientset
- pkg: k8s.io/client-go/informers
alias: kinformers
- pkg: k8s.io/client-go/testing
alias: ktesting
- pkg: k8s.io/apimachinery/pkg/runtime/schema
alias: kschema
- pkg: k8s.io/client-go/kubernetes/scheme
alias: kscheme
- pkg: k8s.io/apimachinery/pkg/version
alias: kversion
- pkg: k8s.io/client-go/kubernetes/fake
alias: kubefake
- pkg: k8s.io/client-go/discovery/fake
alias: discoveryfake
# Kubernetes Gateway rewrites:
- pkg: sigs.k8s.io/gateway-api/pkg/client/clientset/gateway/versioned
alias: gateclientset
- pkg: sigs.k8s.io/gateway-api/pkg/client/informers/gateway/externalversions
alias: gateinformers
- pkg: sigs.k8s.io/gateway-api/apis/v1alpha2
alias: gatev1alpha2
# Traefik Kubernetes rewrites:
- pkg: github.com/traefik/traefik/v2/pkg/provider/kubernetes/crd/traefikcontainous/v1alpha1
alias: containousv1alpha1
- pkg: github.com/traefik/traefik/v2/pkg/provider/kubernetes/crd/traefikio/v1alpha1
alias: traefikv1alpha1
- pkg: github.com/traefik/traefik/v2/pkg/provider/kubernetes/crd/generated/clientset/versioned
alias: traefikclientset
- pkg: github.com/traefik/traefik/v2/pkg/provider/kubernetes/crd/generated/informers/externalversions
alias: traefikinformers
- pkg: github.com/traefik/traefik/v2/pkg/provider/kubernetes/crd/generated/clientset/versioned/scheme
alias: traefikscheme
- pkg: github.com/traefik/traefik/v2/pkg/provider/kubernetes/crd/generated/clientset/versioned/fake
alias: traefikcrdfake
misspell:
locale: US
revive:
rules:
- name: struct-tag
- name: blank-imports
- name: context-as-argument
- name: context-keys-type
- name: dot-imports
- name: error-return
- name: error-strings
- name: error-naming
- name: exported
disabled: true
- name: if-return
- name: increment-decrement
- name: var-naming
- name: var-declaration
- name: package-comments
disabled: true
- name: range
- name: receiver-naming
- name: time-naming
- name: unexported-return
- name: indent-error-flow
- name: errorf
- name: empty-block
- name: superfluous-else
- name: unused-parameter
disabled: true
- name: unreachable-code
- name: redefines-builtin-id
tagalign:
align: false
sort: true
order:
- description
- json
- toml
- yaml
- yml
- label
- label-slice-as-struct
- file
- kv
- export
testifylint:
disable:
- suite-dont-use-pkg
- require-error
- go-require
perfsprint:
err-error: true
errorf: true
sprintf1: true
strconcat: false
staticcheck:
checks:
- all
- '-ST1000'
- '-ST1003'
- '-ST1016'
- '-ST1020'
- '-ST1021'
- '-ST1022'
- '-QF1001'
- '-QF1008' # TODO must be fixed
exclusions:
generated: lax
presets:
- comments
- std-error-handling
rules:
- path: (.+)_test.go
linters:
- canonicalheader
- fatcontext
- funlen
- goconst
- godot
- path: (.+)_test.go
text: ' always receives '
linters:
- unparam
- path: pkg/server/service/bufferpool.go
text: 'SA6002: argument should be pointer-like to avoid allocations'
- path: pkg/server/middleware/middlewares.go
text: Function 'buildConstructor' has too many statements
linters:
- funlen
- path: pkg/tracing/haystack/logger.go
linters:
- goprintffuncname
- path: pkg/tracing/tracing.go
text: printf-like formatting function 'SetErrorWithEvent' should be named 'SetErrorWithEventf'
linters:
- goprintffuncname
- path: pkg/tls/tlsmanager_test.go
text: 'SA1019: config.ClientCAs.Subjects has been deprecated since Go 1.18'
- path: pkg/types/tls_test.go
text: 'SA1019: tlsConfig.RootCAs.Subjects has been deprecated since Go 1.18'
- path: pkg/provider/kubernetes/(crd|gateway)/client.go
linters:
- interfacebloat
- path: pkg/metrics/metrics.go
linters:
- interfacebloat
- path: integration/healthcheck_test.go
text: Duplicate words \(wsp2,\) found
linters:
- dupword
- path: pkg/types/domain_test.go
text: Duplicate words \(sub\) found
linters:
- dupword
- path: pkg/provider/kubernetes/gateway/client_mock_test.go
text: 'unusedwrite: unused write to field'
linters:
- govet
- path: pkg/provider/acme/local_store.go
linters:
- musttag
- path: pkg/tls/certificate.go
text: the methods of "Certificates" use pointer receiver and non-pointer receiver.
linters:
- recvcheck
- path: pkg/config/static/static_config.go
source: 'errors.New\("Consul Catalog provider'
text: 'ST1005: error strings should not be capitalized'
- path: pkg/config/static/static_config.go
source: 'errors.New\("Consul provider'
text: 'ST1005: error strings should not be capitalized'
- path: pkg/config/static/static_config.go
source: 'errors.New\("Nomad provider'
text: 'ST1005: error strings should not be capitalized'
- path: (.+)\.go
text: 'struct-tag: unknown option ''inline'' in JSON tag'
linters:
- revive
- path: (.+)\.go
text: 'struct-tag: unknown option ''omitzero'' in TOML tag'
linters:
- revive
- path: (.+)\.go$
text: 'SA1019: http.CloseNotifier has been deprecated' # FIXME must be fixed
- path: (.+)\.go$
text: 'SA1019: cfg.(SSLRedirect|SSLTemporaryRedirect|SSLHost|SSLForceHost|FeaturePolicy) is deprecated'
- path: (.+)\.go$
text: 'SA1019: c.Providers.(ConsulCatalog|Consul|Nomad).Namespace is deprecated'
paths:
- pkg/provider/kubernetes/crd/generated/
issues:
exclude-use-default: false
max-per-linter: 0
max-issues-per-linter: 0
max-same-issues: 0
exclude:
- 'Error return value of .((os\.)?std(out|err)\..*|.*Close|.*Flush|os\.Remove(All)?|.*printf?|os\.(Un)?Setenv). is not checked'
- "should have a package comment, unless it's in another file for this package"
- 'SA1019: http.CloseNotifier has been deprecated' # FIXME must be fixed
- 'SA1019: cfg.SSLRedirect is deprecated'
- 'SA1019: cfg.SSLTemporaryRedirect is deprecated'
- 'SA1019: cfg.SSLHost is deprecated'
- 'SA1019: cfg.SSLForceHost is deprecated'
- 'SA1019: cfg.FeaturePolicy is deprecated'
- 'SA1019: c.Providers.ConsulCatalog.Namespace is deprecated'
- 'SA1019: c.Providers.Consul.Namespace is deprecated'
- 'SA1019: c.Providers.Nomad.Namespace is deprecated'
exclude-rules:
- path: '(.+)_test.go'
linters:
- goconst
- funlen
- godot
- path: '(.+)_test.go'
text: ' always receives '
linters:
- unparam
- path: '(.+)\.go'
text: 'struct-tag: unknown option ''inline'' in JSON tag'
linters:
- revive
- path: pkg/server/service/bufferpool.go
text: 'SA6002: argument should be pointer-like to avoid allocations'
- path: pkg/server/middleware/middlewares.go
text: "Function 'buildConstructor' has too many statements"
linters:
- funlen
- path: pkg/tracing/haystack/logger.go
linters:
- goprintffuncname
- path: pkg/tracing/tracing.go
text: "printf-like formatting function 'SetErrorWithEvent' should be named 'SetErrorWithEventf'"
linters:
- goprintffuncname
- path: pkg/tls/tlsmanager_test.go
text: 'SA1019: config.ClientCAs.Subjects has been deprecated since Go 1.18'
- path: pkg/types/tls_test.go
text: 'SA1019: tlsConfig.RootCAs.Subjects has been deprecated since Go 1.18'
- path: pkg/provider/kubernetes/(crd|gateway)/client.go
linters:
- interfacebloat
- path: pkg/metrics/metrics.go
linters:
- interfacebloat
- path: integration/healthcheck_test.go
text: 'Duplicate words \(wsp2,\) found'
linters:
- dupword
- path: pkg/types/domain_test.go
text: 'Duplicate words \(sub\) found'
linters:
- dupword
- path: pkg/provider/kubernetes/gateway/client_mock_test.go
text: 'unusedwrite: unused write to field'
linters:
- govet

21
.goreleaser.yml → .goreleaser.yml.tmpl
View File

@@ -1,8 +1,11 @@
project_name: traefik
version: 2
before:
hooks:
- go generate
[[if .GOARCH]]
dist: "./dist/[[ .GOOS ]]-[[ .GOARCH ]]"
[[else]]
dist: "./dist/[[ .GOOS ]]"
[[end]]
builds:
- binary: traefik
@@ -15,12 +18,11 @@ builds:
flags:
- -trimpath
goos:
- linux
- darwin
- windows
- freebsd
- openbsd
- "[[ .GOOS ]]"
goarch:
[[if .GOARCH]]
- "[[ .GOARCH ]]"
[[else]]
- amd64
- '386'
- arm
@@ -28,6 +30,7 @@ builds:
- ppc64le
- s390x
- riscv64
[[end]]
goarm:
- '7'
- '6'
@@ -46,7 +49,7 @@ builds:
goarch: arm
changelog:
skip: true
disable: true
archives:
- id: traefik

83
.semaphore/semaphore.yml
View File

@@ -1,83 +0,0 @@
version: v1.0
name: Traefik
agent:
machine:
type: e1-standard-4
os_image: ubuntu2004
fail_fast:
stop:
when: "branch != 'master'"
auto_cancel:
queued:
when: "branch != 'master'"
running:
when: "branch != 'master'"
global_job_config:
prologue:
commands:
- curl -sSfL https://raw.githubusercontent.com/ldez/semgo/master/godownloader.sh | sudo sh -s -- -b "/usr/local/bin"
- sudo semgo go1.20
- export "GOPATH=$(go env GOPATH)"
- export "SEMAPHORE_GIT_DIR=${GOPATH}/src/github.com/traefik/${SEMAPHORE_PROJECT_NAME}"
- export "PATH=${GOPATH}/bin:${PATH}"
- mkdir -vp "${SEMAPHORE_GIT_DIR}" "${GOPATH}/bin"
- export GOPROXY=https://proxy.golang.org,direct
- curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b "${GOPATH}/bin" v1.52.2
- curl -sSfL https://gist.githubusercontent.com/traefiker/6d7ac019c11d011e4f131bb2cca8900e/raw/goreleaser.sh | bash -s -- -b "${GOPATH}/bin"
- checkout
- cache restore traefik-$(checksum go.sum)
blocks:
- name: Test Integration
dependencies: []
run:
when: "branch =~ '.*' OR pull_request =~'.*'"
task:
jobs:
- name: Test Integration
commands:
- make pull-images
- touch webui/static/index.html # Avoid generating webui
- IN_DOCKER="" make binary
- make test-integration
- df -h
epilogue:
always:
commands:
- cache store traefik-$(checksum go.sum) $HOME/go/pkg/mod
- name: Release
dependencies: []
run:
when: "tag =~ '.*'"
task:
agent:
machine:
type: e1-standard-8
os_image: ubuntu2004
secrets:
- name: traefik
env_vars:
- name: GH_VERSION
value: 1.12.1
- name: CODENAME
value: "saintmarcelin"
- name: IN_DOCKER
value: ""
prologue:
commands:
- export VERSION=${SEMAPHORE_GIT_TAG_NAME}
- curl -sSL -o /tmp/gh_${GH_VERSION}_linux_amd64.tar.gz https://github.com/cli/cli/releases/download/v${GH_VERSION}/gh_${GH_VERSION}_linux_amd64.tar.gz
- tar -zxvf /tmp/gh_${GH_VERSION}_linux_amd64.tar.gz -C /tmp
- sudo mv /tmp/gh_${GH_VERSION}_linux_amd64/bin/gh /usr/local/bin/gh
- sudo rm -rf ~/.phpbrew ~/.kerl ~/.sbt ~/.nvm ~/.npm ~/.kiex /usr/lib/jvm /opt/az /opt/firefox /usr/lib/google-cloud-sdk ~/.rbenv ~/.pip_download_cache # Remove unnecessary data.
- sudo service docker stop && sudo umount /var/lib/docker && sudo service docker start # Unmounts the docker disk and the whole system disk is usable.
jobs:
- name: Release
commands:
- make release-packages
- gh release create ${SEMAPHORE_GIT_TAG_NAME} ./dist/traefik*.* --repo traefik/traefik --title ${SEMAPHORE_GIT_TAG_NAME} --notes ${SEMAPHORE_GIT_TAG_NAME}
- ./script/deploy.sh

488
CHANGELOG.md
View File

@@ -1,3 +1,491 @@
## [v2.11.29](https://github.com/traefik/traefik/tree/v2.11.29) (2025-08-26)
[All Commits](https://github.com/traefik/traefik/compare/v2.11.28...v2.11.29)
**Bug fixes:**
- **[acme]** Bump github.com/go-acme/lego/v4 to v4.25.2 ([#11983](https://github.com/traefik/traefik/pull/11983) by [ldez](https://github.com/ldez))
- **[docker]** Bump github.com/docker/docker to v28.3.3 ([#12007](https://github.com/traefik/traefik/pull/12007) by [kevinpollet](https://github.com/kevinpollet))
**Documentation:**
- Fix invalid links in documentation ([#11960](https://github.com/traefik/traefik/pull/11960) by [mloiseleur](https://github.com/mloiseleur))
- Update releases docs for v3.5 ([#11949](https://github.com/traefik/traefik/pull/11949) by [jnoordsij](https://github.com/jnoordsij))
## [v2.11.28](https://github.com/traefik/traefik/tree/v2.11.28) (2025-07-23)
[All Commits](https://github.com/traefik/traefik/compare/v2.11.27...v2.11.28)
**Bug fixes:**
- **[logs]** Redact logged install configuration ([#11907](https://github.com/traefik/traefik/pull/11907) by [jspdown](https://github.com/jspdown))
- **[plugins]** Fix client arbitrary file access during archive extraction zipslip ([#11911](https://github.com/traefik/traefik/pull/11911) by [odaysec](https://github.com/odaysec))
- **[server]** Disable MPTCP by default ([#11918](https://github.com/traefik/traefik/pull/11918) by [rtribotte](https://github.com/rtribotte))
**Documentation:**
- **[k8s/crd,k8s]** Remove all mentions of ordering for TLSOption CurvePreferences field ([#11924](https://github.com/traefik/traefik/pull/11924) by [jnoordsij](https://github.com/jnoordsij))
## [v2.11.27](https://github.com/traefik/traefik/tree/v2.11.27) (2025-07-11)
[All Commits](https://github.com/traefik/traefik/compare/v2.11.26...v2.11.27)
**Bug fixes:**
- Bump github.com/go-viper/mapstructure/v2 to v2.3.0 ([#11880](https://github.com/traefik/traefik/pull/11880) by [kevinpollet](https://github.com/kevinpollet))
## [v2.11.26](https://github.com/traefik/traefik/tree/v2.11.26) (2025-06-26)
[All Commits](https://github.com/traefik/traefik/compare/v2.11.25...v2.11.26)
**Bug fixes:**
- **[middleware]** Do not log redis sentinel username and password ([#11819](https://github.com/traefik/traefik/pull/11819) by [kevinpollet](https://github.com/kevinpollet))
**Documentation:**
- **[kv]** Fix KV reference rendering ([#11815](https://github.com/traefik/traefik/pull/11815) by [rtribotte](https://github.com/rtribotte))
- **[middleware,k8s/crd]** Fix typo in redirect middleware documentation ([#11830](https://github.com/traefik/traefik/pull/11830) by [rtribotte](https://github.com/rtribotte))
- Update supported versions ([#11811](https://github.com/traefik/traefik/pull/11811) by [jnoordsij](https://github.com/jnoordsij))
## [v2.11.25](https://github.com/traefik/traefik/tree/v2.11.25) (2025-05-27)
[All Commits](https://github.com/traefik/traefik/compare/v2.11.24...v2.11.25)
**Bug fixes:**
- **[k8s/ingress]** Fix panic for ingress with backend resource ([#11777](https://github.com/traefik/traefik/pull/11777) by [rtribotte](https://github.com/rtribotte))
- **[server]** Normalize request path ([#11768](https://github.com/traefik/traefik/pull/11768) by [kevinpollet](https://github.com/kevinpollet))
**Documentation:**
- **[middleware,k8s]** Add multi-tenant TLS guidance to the docs ([#11724](https://github.com/traefik/traefik/pull/11724) by [sheddy-traefik](https://github.com/sheddy-traefik))
- **[service]** Add a note about how to disable connection reuse with backends ([#11716](https://github.com/traefik/traefik/pull/11716) by [rtribotte](https://github.com/rtribotte))
- Fix broken link in documentation ([#11761](https://github.com/traefik/traefik/pull/11761) by [sheddy-traefik](https://github.com/sheddy-traefik))
- Change version for path sanitization migration guide ([#11702](https://github.com/traefik/traefik/pull/11702) by [rtribotte](https://github.com/rtribotte))
## [v2.11.24](https://github.com/traefik/traefik/tree/v2.11.24) (2025-04-18)
[All Commits](https://github.com/traefik/traefik/compare/v2.11.22...v2.11.24)
**Bug fixes:**
- **[acme]** Bump github.com/go-acme/lego/v4 to v4.23.1 ([#11690](https://github.com/traefik/traefik/pull/11690) by [ldez](https://github.com/ldez))
- **[metrics]** Bump gopkg.in/DataDog/dd-trace-go.v1 to v1.72.2 ([#11693](https://github.com/traefik/traefik/pull/11693) by [kevinpollet](https://github.com/kevinpollet))
- **[middleware]** Add Content-Length header to preflight response ([#11682](https://github.com/traefik/traefik/pull/11682) by [lbenguigui](https://github.com/lbenguigui))
- **[server]** Sanitize request path ([#11684](https://github.com/traefik/traefik/pull/11684) by [rtribotte](https://github.com/rtribotte))
- Bump github.com/redis/go-redis/v9 to v9.7.3 ([#11695](https://github.com/traefik/traefik/pull/11695) by [kevinpollet](https://github.com/kevinpollet))
- Bump golang.org/x/net to v0.38.0 ([#11691](https://github.com/traefik/traefik/pull/11691) by [kevinpollet](https://github.com/kevinpollet))
- Bump golang.org/x/oauth2 to v0.28.0 ([#11689](https://github.com/traefik/traefik/pull/11689) by [rtribotte](https://github.com/rtribotte))
**Documentation:**
- **[middleware]** Add content-length best practice documentation ([#11697](https://github.com/traefik/traefik/pull/11697) by [sheddy-traefik](https://github.com/sheddy-traefik))
- Typo fix on the Explanation Section for User Guide HTTP Challenge. ([#11676](https://github.com/traefik/traefik/pull/11676) by [YapWC](https://github.com/YapWC))
## [v2.11.23](https://github.com/traefik/traefik/tree/v2.11.23) (2025-04-17)
[All Commits](https://github.com/traefik/traefik/compare/v2.11.22...v2.11.23)
Release canceled.
## [v2.11.22](https://github.com/traefik/traefik/tree/v2.11.22) (2025-03-31)
[All Commits](https://github.com/traefik/traefik/compare/v2.11.21...v2.11.22)
**Bug fixes:**
- **[ecs,logs]** Bump AWS SDK to v2 ([#11359](https://github.com/traefik/traefik/pull/11359) by [Juneezee](https://github.com/Juneezee))
- **[logs,tls]** Error level log for configuration-related TLS errors with backends ([#11611](https://github.com/traefik/traefik/pull/11611) by [rtribotte](https://github.com/rtribotte))
- **[rules]** Allow underscore character in HostSNI matcher ([#11557](https://github.com/traefik/traefik/pull/11557) by [rohitlohar45](https://github.com/rohitlohar45))
- **[server]** Bump github.com/vulcand/oxy/v2 to v2.0.3 ([#11649](https://github.com/traefik/traefik/pull/11649) by [adamvduke](https://github.com/adamvduke))
- **[server]** Bump golang.org/x/net to v0.37.0 ([#11632](https://github.com/traefik/traefik/pull/11632) by [kevinpollet](https://github.com/kevinpollet))
- **[webui]** Change boolean module properties default value to undefined ([#11639](https://github.com/traefik/traefik/pull/11639) by [rtribotte](https://github.com/rtribotte))
- Bump github.com/golang-jwt/jwt to v4.5.2 and v5.2.2 ([#11634](https://github.com/traefik/traefik/pull/11634) by [kevinpollet](https://github.com/kevinpollet))
- Bump github.com/redis/go-redis/v9 to v9.6.3 ([#11633](https://github.com/traefik/traefik/pull/11633) by [kevinpollet](https://github.com/kevinpollet))
- Bump golang.org/x/net to v0.36.0 ([#11608](https://github.com/traefik/traefik/pull/11608) by [kevinpollet](https://github.com/kevinpollet))
- Bump github.com/go-jose/go-jose/v4 to v4.0.5 ([#11571](https://github.com/traefik/traefik/pull/11571) by [kevinpollet](https://github.com/kevinpollet))
**Documentation:**
- **[accesslogs]** Remove documentation for OriginStatusLine and DownstreamStatusLine accessLogs fields ([#11599](https://github.com/traefik/traefik/pull/11599) by [rtribotte](https://github.com/rtribotte))
- **[middleware]** Clarifies that retry middleware uses TCP, not HTTP status codes ([#11603](https://github.com/traefik/traefik/pull/11603) by [geraldcroes](https://github.com/geraldcroes))
- **[redis]** Add tip for dynamic configuration updates of Redis ([#11577](https://github.com/traefik/traefik/pull/11577) by [Alanxtl](https://github.com/Alanxtl))
- Add Security Support ([#11610](https://github.com/traefik/traefik/pull/11610) by [nmengin](https://github.com/nmengin))
# [v2.11.21](https://github.com/traefik/traefik/tree/v2.11.21) (2025-02-24)
[All Commits](https://github.com/traefik/traefik/compare/v2.11.20...v2.11.21)
**Bug fixes:**
- **[acme]** Bump github.com/go-acme/lego/v4 to v4.22.2 ([#11537](https://github.com/traefik/traefik/pull/11537) by [ldez](https://github.com/ldez))
- **[cli]** Bump github.com/traefik/paerser to v0.2.2 ([#11530](https://github.com/traefik/traefik/pull/11530) by [kevinpollet](https://github.com/kevinpollet))
- **[middleware]** Enable the retry middleware in the proxy ([#11536](https://github.com/traefik/traefik/pull/11536) by [kevinpollet](https://github.com/kevinpollet))
- **[middleware]** Retry should send headers on Write ([#11534](https://github.com/traefik/traefik/pull/11534) by [kevinpollet](https://github.com/kevinpollet))
## [v2.11.20](https://github.com/traefik/traefik/tree/v2.11.20) (2025-01-31)
[All Commits](https://github.com/traefik/traefik/compare/v2.11.19...v2.11.20)
**Bug fixes:**
- **[acme]** Graceful shutdown for ACME JSON write operation ([#11497](https://github.com/traefik/traefik/pull/11497) by [juliens](https://github.com/juliens))
**Documentation:**
- Change docker-compose to docker compose ([#11496](https://github.com/traefik/traefik/pull/11496) by [khai-pi](https://github.com/khai-pi))
## [v2.11.19](https://github.com/traefik/traefik/tree/v2.11.19) (2025-01-29)
[All Commits](https://github.com/traefik/traefik/compare/v2.11.18...v2.11.19)
**Bug fixes:**
- **[middleware]** Changing log message when client cert is not available to debug ([#11453](https://github.com/traefik/traefik/pull/11453) by [Nelwhix](https://github.com/Nelwhix))
- **[service]** Do not create a logger instance for each proxy ([#11487](https://github.com/traefik/traefik/pull/11487) by [kevinpollet](https://github.com/kevinpollet))
- **[webui]** Fix auto refresh not clearing on component unmount ([#11477](https://github.com/traefik/traefik/pull/11477) by [DoubleREW](https://github.com/DoubleREW))
**Documentation:**
- Remove awesome.traefik.io reference in documentation section ([#11435](https://github.com/traefik/traefik/pull/11435) by [kevinpollet](https://github.com/kevinpollet))
## [v2.11.18](https://github.com/traefik/traefik/tree/v2.11.18) (2025-01-07)
[All Commits](https://github.com/traefik/traefik/compare/v2.11.17...v2.11.18)
**Bug fixes:**
- **[websocket,server]** Disable http2 connect setting for websocket by default ([#11412](https://github.com/traefik/traefik/pull/11412) by [rtribotte](https://github.com/rtribotte))
## [v2.11.17](https://github.com/traefik/traefik/tree/v2.11.17) (2025-01-06)
[All Commits](https://github.com/traefik/traefik/compare/v2.11.16...v2.11.17)
**Bug fixes:**
- **[acme]** Update go-acme/lego to v4.21.0 ([#11368](https://github.com/traefik/traefik/pull/11368) by [ldez](https://github.com/ldez))
- **[middleware]** Fix typo in basicauth note ([#11397](https://github.com/traefik/traefik/pull/11397) by [tieje](https://github.com/tieje))
- **[service]** Configure ErrorLog in httputil.ReverseProxy ([#11344](https://github.com/traefik/traefik/pull/11344) by [peacewalker122](https://github.com/peacewalker122))
- Bump golang.org/x/net to v0.33.0 ([#11365](https://github.com/traefik/traefik/pull/11365) by [kevinpollet](https://github.com/kevinpollet))
**Documentation:**
- **[acme]** Fix allowACMEByPass TOML example ([#11370](https://github.com/traefik/traefik/pull/11370) by [hannesbraun](https://github.com/hannesbraun))
- **[k8s/crd]** Update copyright for 2025 ([#11383](https://github.com/traefik/traefik/pull/11383) by [kevinpollet](https://github.com/kevinpollet))
## [v2.11.16](https://github.com/traefik/traefik/tree/v2.11.16) (2024-12-16)
[All Commits](https://github.com/traefik/traefik/compare/v2.11.15...v2.11.16)
**Bug fixes:**
- **[server]** Update golang.org/x dependencies ([#11336](https://github.com/traefik/traefik/pull/11336) by [rtribotte](https://github.com/rtribotte))
## [v2.11.15](https://github.com/traefik/traefik/tree/v2.11.15) (2024-12-06)
[All Commits](https://github.com/traefik/traefik/compare/v2.11.14...v2.11.15)
**Bug fixes:**
- **[acme]** Update go-acme/lego to v4.20.4 ([#11295](https://github.com/traefik/traefik/pull/11295) by [ldez](https://github.com/ldez))
- **[http3]** Update github.com/quic-go/quic-go to v0.48.2 ([#11320](https://github.com/traefik/traefik/pull/11320) by [kevinpollet](https://github.com/kevinpollet))
## [v2.11.14](https://github.com/traefik/traefik/tree/v2.11.14) (2024-11-20)
[All Commits](https://github.com/traefik/traefik/compare/v2.11.13...v2.11.14)
**Bug fixes:**
- **[acme]** Update go-acme/lego to v4.20.2 ([#11263](https://github.com/traefik/traefik/pull/11263) by [ldez](https://github.com/ldez))
- **[logs,server]** Change level of peeking first byte error log to DEBUG ([#11254](https://github.com/traefik/traefik/pull/11254) by [rtribotte](https://github.com/rtribotte))
- **[middleware,server]** Drop untrusted X-Forwarded-Prefix header ([#11253](https://github.com/traefik/traefik/pull/11253) by [rtribotte](https://github.com/rtribotte))
- **[server]** Apply keepalive config to h2c entrypoints ([#11276](https://github.com/traefik/traefik/pull/11276) by [davefu113](https://github.com/davefu113))
- **[service]** Fix internal handlers ServiceBuilder composition ([#11281](https://github.com/traefik/traefik/pull/11281) by [juliens](https://github.com/juliens))
**Documentation:**
- **[accesslogs]** Update access-logs.md, add examples for accesslog.format ([#11275](https://github.com/traefik/traefik/pull/11275) by [bluepuma77](https://github.com/bluepuma77))
- Fix the defaultRule CLI examples ([#11282](https://github.com/traefik/traefik/pull/11282) by [kevinpollet](https://github.com/kevinpollet))
- Fix spelling, grammar, and rephrase sections for clarity in some documentation pages ([#11280](https://github.com/traefik/traefik/pull/11280) by [AntoineDeveloper](https://github.com/AntoineDeveloper))
- Fix absolute link in the migration guide ([#11269](https://github.com/traefik/traefik/pull/11269) by [kevinpollet](https://github.com/kevinpollet))
- Add X-Forwarded-Prefix to the migration guide ([#11267](https://github.com/traefik/traefik/pull/11267) by [kevinpollet](https://github.com/kevinpollet))
- Fix a small typo in entrypoints documentation ([#11261](https://github.com/traefik/traefik/pull/11261) by [quiode](https://github.com/quiode))
- Add a warning about environment variables casing for static configuration ([#11226](https://github.com/traefik/traefik/pull/11226) by [anchal00](https://github.com/anchal00))
- Improve documentation on dashboard ([#11220](https://github.com/traefik/traefik/pull/11220) by [mloiseleur](https://github.com/mloiseleur))
## [v2.11.13](https://github.com/traefik/traefik/tree/v2.11.13) (2024-10-28)
[All Commits](https://github.com/traefik/traefik/compare/v2.11.12...v2.11.13)
**Bug fixes:**
- **[middleware,service]** Panic on aborted requests to properly close the connection ([#11129](https://github.com/traefik/traefik/pull/11129) by [tonybart1337](https://github.com/tonybart1337))
**Documentation:**
- Update business callouts ([#11217](https://github.com/traefik/traefik/pull/11217) by [tomatokoolaid](https://github.com/tomatokoolaid))
## [v2.11.12](https://github.com/traefik/traefik/tree/v2.11.12) (2024-10-09)
[All Commits](https://github.com/traefik/traefik/compare/v2.11.11...v2.11.12)
**Bug fixes:**
- **[middleware]** Bump github.com/klauspost/compress to dbd6c381492a ([#11162](https://github.com/traefik/traefik/pull/11162) by [kevinpollet](https://github.com/kevinpollet))
- **[webui]** Upgrade to node 22.9 and yarn lock to fix vulnerabilities ([#11173](https://github.com/traefik/traefik/pull/11173) by [kevinpollet](https://github.com/kevinpollet))
- **[webui]** Adopt a layout for the large amount of entrypoint port numbers ([#11157](https://github.com/traefik/traefik/pull/11157) by [framebassman](https://github.com/framebassman))
**Documentation:**
- **[accesslogs]** Clarify that only header fields may be redacted in access-logs ([#11139](https://github.com/traefik/traefik/pull/11139) by [mattbnz](https://github.com/mattbnz))
- Update business callout ([#11172](https://github.com/traefik/traefik/pull/11172) by [tomatokoolaid](https://github.com/tomatokoolaid))
## [v2.11.11](https://github.com/traefik/traefik/tree/v2.11.11) (2024-10-02)
[All Commits](https://github.com/traefik/traefik/compare/v2.11.10...v2.11.11)
**Bug fixes:**
- **[acme]** Ensure defaultGeneratedCert.main as Subject&#39;s CN ([#10581](https://github.com/traefik/traefik/pull/10581) by [Lamatte](https://github.com/Lamatte))
- **[middleware,authentication]** Clean connection headers for forward auth request only ([#11095](https://github.com/traefik/traefik/pull/11095) by [rtribotte](https://github.com/rtribotte))
- **[middleware]** Bump github.com/klauspost/compress to 8e14b1b5a913 ([#11141](https://github.com/traefik/traefik/pull/11141) by [kevinpollet](https://github.com/kevinpollet))
- **[server]** Rework condition to not log on timeout ([#11133](https://github.com/traefik/traefik/pull/11133) by [rtribotte](https://github.com/rtribotte))
- **[webui]** Remove unused boot files from webui ([#11109](https://github.com/traefik/traefik/pull/11109) by [michelheusschen](https://github.com/michelheusschen))
**Documentation:**
- **[accesslogs]** Specify default format value for access log ([#11130](https://github.com/traefik/traefik/pull/11130) by [darkweaver87](https://github.com/darkweaver87))
- **[api]** Update API documentation to mention pagination ([#11115](https://github.com/traefik/traefik/pull/11115) by [lyrandy](https://github.com/lyrandy))
## [v2.11.10](https://github.com/traefik/traefik/tree/v2.11.10) (2024-09-19)
[All Commits](https://github.com/traefik/traefik/compare/v2.11.9...v2.11.10)
**Bug fixes:**
- **[http3]** Bump github.com/quic-go/quic-go to v0.47.0 ([#11104](https://github.com/traefik/traefik/pull/11104) by [rtribotte](https://github.com/rtribotte))
- **[server]** Check if ACME certificate resolver is not nil ([#11103](https://github.com/traefik/traefik/pull/11103) by [kevinpollet](https://github.com/kevinpollet))
## [v2.11.9](https://github.com/traefik/traefik/tree/v2.11.9) (2024-09-16)
[All Commits](https://github.com/traefik/traefik/compare/v2.11.8...v2.11.9)
**Bug fixes:**
- **[acme]** Update go-acme/lego to v4.18.0 ([#11060](https://github.com/traefik/traefik/pull/11060) by [ldez](https://github.com/ldez))
- **[acme]** Allow handling ACME challenges with custom routers ([#10981](https://github.com/traefik/traefik/pull/10981) by [rtribotte](https://github.com/rtribotte))
- **[logs,middleware]** Make the keys of the accessLog.fields.names map case-insensitive ([#11040](https://github.com/traefik/traefik/pull/11040) by [SpecLad](https://github.com/SpecLad))
- **[logs,middleware]** Ensure proper logs for aborted streaming responses ([#10819](https://github.com/traefik/traefik/pull/10819) by [hood](https://github.com/hood))
- **[middleware,server]** Cleanup Connection headers before passing the middleware chain ([#11077](https://github.com/traefik/traefik/pull/11077) by [kevinpollet](https://github.com/kevinpollet))
- **[plugins]** Upgrade paerser to v0.2.1 ([#11048](https://github.com/traefik/traefik/pull/11048) by [mmatur](https://github.com/mmatur))
- **[server,tcp]** Prevent error logging when TCP WRR pool is empty ([#10989](https://github.com/traefik/traefik/pull/10989) by [kevinpollet](https://github.com/kevinpollet))
- **[webui]** Upgrade webui dependencies ([#11031](https://github.com/traefik/traefik/pull/11031) by [mloiseleur](https://github.com/mloiseleur))
**Documentation:**
- **[acme]** Fix typo in multiple DNS challenge provider warning ([#11001](https://github.com/traefik/traefik/pull/11001) by [tired-engineer](https://github.com/tired-engineer))
- **[k8s]** Update k8s quickstart permissions ([#11049](https://github.com/traefik/traefik/pull/11049) by [mmatur](https://github.com/mmatur))
- **[metrics]** Remove documentation for unimplemented service retries metric ([#10983](https://github.com/traefik/traefik/pull/10983) by [rtribotte](https://github.com/rtribotte))
- **[middleware]** Unify tab titles ([#11072](https://github.com/traefik/traefik/pull/11072) by [jsoref](https://github.com/jsoref))
- Give valid examples for exposing dashboard with default Helm values ([#11015](https://github.com/traefik/traefik/pull/11015) by [holysoles](https://github.com/holysoles))
## [v2.11.8](https://github.com/traefik/traefik/tree/v2.11.8) (2024-08-06)
[All Commits](https://github.com/traefik/traefik/compare/v2.11.7...v2.11.8)
**Bug fixes:**
- **[docker]** Update to github.com/docker/docker v27.1.1 ([#10955](https://github.com/traefik/traefik/pull/10955) by [rtribotte](https://github.com/rtribotte))
- **[webui]** Upgrade webui dependencies ([#10961](https://github.com/traefik/traefik/pull/10961) by [mmatur](https://github.com/mmatur))
**Documentation:**
- Fix embedded youtube video ([#10958](https://github.com/traefik/traefik/pull/10958) by [mmatur](https://github.com/mmatur))
- Updated index.md to include video ([#10944](https://github.com/traefik/traefik/pull/10944) by [tomatokoolaid](https://github.com/tomatokoolaid))
## [v2.11.7](https://github.com/traefik/traefik/tree/v2.11.7) (2024-07-30)
[All Commits](https://github.com/traefik/traefik/compare/v2.11.6...v2.11.7)
**Bug fixes:**
- **[logs]** Make the log about new version more accurate ([#10903](https://github.com/traefik/traefik/pull/10903) by [jmcbri](https://github.com/jmcbri))
- **[tls,k8s/crd,k8s]** Enforce default cipher suites list ([#10907](https://github.com/traefik/traefik/pull/10907) by [rtribotte](https://github.com/rtribotte))
**Documentation:**
- **[acme]** Modify certificatesDuration documentation ([#10920](https://github.com/traefik/traefik/pull/10920) by [peacewalker122](https://github.com/peacewalker122))
- **[api]** Improve explanation on API exposition ([#10926](https://github.com/traefik/traefik/pull/10926) by [mloiseleur](https://github.com/mloiseleur))
- **[docker,consul,rancher,ecs]** Improve doc on sensitive data stored into labels/tags ([#10873](https://github.com/traefik/traefik/pull/10873) by [emilevauge](https://github.com/emilevauge))
- **[docker,logs]** Improve error and documentation on the needed link between router and service ([#10262](https://github.com/traefik/traefik/pull/10262) by [mloiseleur](https://github.com/mloiseleur))
- **[docker]** Document Docker port selection on multiple exposed ports ([#10935](https://github.com/traefik/traefik/pull/10935) by [mbrodala](https://github.com/mbrodala))
- Update the supported versions table for v3.1 release ([#10933](https://github.com/traefik/traefik/pull/10933) by [jnoordsij](https://github.com/jnoordsij))
- Update PR approval process ([#10887](https://github.com/traefik/traefik/pull/10887) by [emilevauge](https://github.com/emilevauge))
## [v2.11.6](https://github.com/traefik/traefik/tree/v2.11.6) (2024-07-02)
[All Commits](https://github.com/traefik/traefik/compare/v2.11.5...v2.11.6)
**Bug fixes:**
- **[ecs]** Fix ECS config for OIDC + IRSA ([#10814](https://github.com/traefik/traefik/pull/10814) by [mmatur](https://github.com/mmatur))
- **[http3]** Disable QUIC 0-RTT ([#10867](https://github.com/traefik/traefik/pull/10867) by [mmatur](https://github.com/mmatur))
- **[middleware,server]** Remove interface names from IPv6 ([#10813](https://github.com/traefik/traefik/pull/10813) by [JeroenED](https://github.com/JeroenED))
**Documentation:**
- **[docker,acme]** Fix a typo in the ACME docker-compose docs ([#10866](https://github.com/traefik/traefik/pull/10866) by [ciacon](https://github.com/ciacon))
- Update Advanced Capabilities Callout ([#10846](https://github.com/traefik/traefik/pull/10846) by [tomatokoolaid](https://github.com/tomatokoolaid))
- Update maintainers ([#10834](https://github.com/traefik/traefik/pull/10834) by [emilevauge](https://github.com/emilevauge))
- Fix readme badge for Semaphore CI ([#10830](https://github.com/traefik/traefik/pull/10830) by [mmatur](https://github.com/mmatur))
- Fix typo in keepAliveMaxTime docs ([#10825](https://github.com/traefik/traefik/pull/10825) by [shochdoerfer](https://github.com/shochdoerfer))
## [v2.11.5](https://github.com/traefik/traefik/tree/v2.11.5) (2024-06-18)
[All Commits](https://github.com/traefik/traefik/compare/v2.11.4...v2.11.5)
**Bug fixes:**
- **[acme]** Update go-acme/lego to v4.17.4 ([#10803](https://github.com/traefik/traefik/pull/10803) by [ldez](https://github.com/ldez))
**Documentation:**
- Update the supported versions table ([#10798](https://github.com/traefik/traefik/pull/10798) by [nmengin](https://github.com/nmengin))
## [v2.11.4](https://github.com/traefik/traefik/tree/v2.11.4) (2024-06-10)
[All Commits](https://github.com/traefik/traefik/compare/v2.11.3...v2.11.4)
**Bug fixes:**
- **[acme]** Update go-acme/lego to v4.17.3 ([#10768](https://github.com/traefik/traefik/pull/10768) by [ldez](https://github.com/ldez))
**Documentation:**
- **[acme]** Fix .com and .org domain examples ([#10635](https://github.com/traefik/traefik/pull/10635) by [rptaylor](https://github.com/rptaylor))
- **[middleware]** Add a note about the Ratelimit middleware&#39;s behavior when the sourceCriterion header is missing ([#10752](https://github.com/traefik/traefik/pull/10752) by [dgutzmann](https://github.com/dgutzmann))
- Add user guides link to getting started ([#10785](https://github.com/traefik/traefik/pull/10785) by [norlinhenrik](https://github.com/norlinhenrik))
- Remove helm default repo warning as repo has been long deprecated ([#10772](https://github.com/traefik/traefik/pull/10772) by [corneliusroemer](https://github.com/corneliusroemer))
## [v2.11.3](https://github.com/traefik/traefik/tree/v2.11.3) (2024-05-17)
[All Commits](https://github.com/traefik/traefik/compare/v2.11.2...v2.11.3)
**Bug fixes:**
- **[server]** Remove deadlines for non-TLS connections ([#10615](https://github.com/traefik/traefik/pull/10615) by [rtribotte](https://github.com/rtribotte))
- **[webui]** Display of Content Security Policy values getting out of screen ([#10710](https://github.com/traefik/traefik/pull/10710) by [brandonfl](https://github.com/brandonfl))
- **[webui]** Fix provider icon size ([#10621](https://github.com/traefik/traefik/pull/10621) by [framebassman](https://github.com/framebassman))
**Documentation:**
- **[k8s/crd]** Fix migration/v2.md ([#10658](https://github.com/traefik/traefik/pull/10658) by [stemar94](https://github.com/stemar94))
- **[k8s/gatewayapi]** Fix HTTPRoute use of backendRefs ([#10630](https://github.com/traefik/traefik/pull/10630) by [sakaru](https://github.com/sakaru))
- **[k8s/gatewayapi]** Fix HTTPRoute path type ([#10629](https://github.com/traefik/traefik/pull/10629) by [sakaru](https://github.com/sakaru))
- **[k8s]** Improve mirroring example on Kubernetes ([#10701](https://github.com/traefik/traefik/pull/10701) by [mloiseleur](https://github.com/mloiseleur))
- Consistent entryPoints capitalization in CLI flag usage ([#10650](https://github.com/traefik/traefik/pull/10650) by [jnoordsij](https://github.com/jnoordsij))
- Fix unfinished migration sentence for v2.11.2 ([#10633](https://github.com/traefik/traefik/pull/10633) by [kevinpollet](https://github.com/kevinpollet))
## [v2.11.2](https://github.com/traefik/traefik/tree/v2.11.2) (2024-04-11)
[All Commits](https://github.com/traefik/traefik/compare/v2.11.1...v2.11.2)
**Bug fixes:**
- **[server]** Revert LingeringTimeout and change default value for ReadTimeout ([#10599](https://github.com/traefik/traefik/pull/10599) by [kevinpollet](https://github.com/kevinpollet))
- **[server]** Set default ReadTimeout value to 60s ([#10602](https://github.com/traefik/traefik/pull/10602) by [rtribotte](https://github.com/rtribotte))
## [v2.11.1](https://github.com/traefik/traefik/tree/v2.11.1) (2024-04-10)
[All Commits](https://github.com/traefik/traefik/compare/v2.11.0...v2.11.1)
**Bug fixes:**
- **[acme,tls]** Enforce handling of ACME-TLS/1 challenges ([#10536](https://github.com/traefik/traefik/pull/10536) by [rtribotte](https://github.com/rtribotte))
- **[acme]** Update go-acme/lego to v4.16.1 ([#10508](https://github.com/traefik/traefik/pull/10508) by [ldez](https://github.com/ldez))
- **[acme]** Close created file in ACME local store CheckFile func ([#10574](https://github.com/traefik/traefik/pull/10574) by [testwill](https://github.com/testwill))
- **[docker,http3]** Update to quic-go v0.42.0 and docker/cli v24.0.9 ([#10572](https://github.com/traefik/traefik/pull/10572) by [mloiseleur](https://github.com/mloiseleur))
- **[docker,marathon,rancher,ecs,tls,nomad]** Allow to configure TLSStore default generated certificate with labels ([#10439](https://github.com/traefik/traefik/pull/10439) by [kevinpollet](https://github.com/kevinpollet))
- **[ecs]** Adjust ECS network interface detection logic ([#10550](https://github.com/traefik/traefik/pull/10550) by [amaxine](https://github.com/amaxine))
- **[logs,tls]** Fix log when default TLSStore and TLSOptions are defined multiple times ([#10499](https://github.com/traefik/traefik/pull/10499) by [rtribotte](https://github.com/rtribotte))
- **[middleware]** Allow empty replacement with ReplacePathRegex middleware ([#10538](https://github.com/traefik/traefik/pull/10538) by [rtribotte](https://github.com/rtribotte))
- **[plugins]** Update Yaegi to v0.16.1 ([#10565](https://github.com/traefik/traefik/pull/10565) by [ldez](https://github.com/ldez))
- **[provider,rules]** Don&#39;t allow routers higher than internal ones ([#10428](https://github.com/traefik/traefik/pull/10428) by [ldez](https://github.com/ldez))
- **[rules]** Reserve priority range for internal routers ([#10541](https://github.com/traefik/traefik/pull/10541) by [youkoulayley](https://github.com/youkoulayley))
- **[server,tcp]** Introduce Lingering Timeout ([#10569](https://github.com/traefik/traefik/pull/10569) by [rtribotte](https://github.com/rtribotte))
- **[tcp]** Enforce failure for TCP HostSNI with hostname ([#10540](https://github.com/traefik/traefik/pull/10540) by [youkoulayley](https://github.com/youkoulayley))
- **[tracing]** Bump Elastic APM to v2.4.8 ([#10512](https://github.com/traefik/traefik/pull/10512) by [rtribotte](https://github.com/rtribotte))
- **[webui]** Fix dashboard exposition through a router ([#10518](https://github.com/traefik/traefik/pull/10518) by [mmatur](https://github.com/mmatur))
- **[webui]** Display IPAllowlist middleware configuration in dashboard ([#10459](https://github.com/traefik/traefik/pull/10459) by [youkoulayley](https://github.com/youkoulayley))
- **[webui]** Make text more readable in dark mode ([#10473](https://github.com/traefik/traefik/pull/10473) by [hood](https://github.com/hood))
- **[webui]** Migrate to Quasar 2.x and Vue.js 3.x ([#10416](https://github.com/traefik/traefik/pull/10416) by [andsarr](https://github.com/andsarr))
- **[webui]** Add a horizontal scroll for the mobile view ([#10480](https://github.com/traefik/traefik/pull/10480) by [framebassman](https://github.com/framebassman))
**Documentation:**
- **[acme]** Update gandiv5 env variable in providers table ([#10506](https://github.com/traefik/traefik/pull/10506) by [dominiwe](https://github.com/dominiwe))
- **[acme]** Fix multiple dns provider documentation ([#10496](https://github.com/traefik/traefik/pull/10496) by [mmatur](https://github.com/mmatur))
- **[docker]** Fix paragraph in entrypoints and Docker docs ([#10491](https://github.com/traefik/traefik/pull/10491) by [luigir-it](https://github.com/luigir-it))
- **[k8s]** Improve middleware example ([#10532](https://github.com/traefik/traefik/pull/10532) by [mloiseleur](https://github.com/mloiseleur))
- **[metrics]** Fix host header mention in prometheus metrics doc ([#10502](https://github.com/traefik/traefik/pull/10502) by [MorphBonehunter](https://github.com/MorphBonehunter))
- **[metrics]** Fix typo in statsd metrics docs ([#10437](https://github.com/traefik/traefik/pull/10437) by [xpac1985](https://github.com/xpac1985))
- **[middleware]** Improve excludedIPs example with IPWhiteList and IPAllowList middleware ([#10554](https://github.com/traefik/traefik/pull/10554) by [mloiseleur](https://github.com/mloiseleur))
- **[nomad]** Improve documentation about Nomad ACL minimum rights ([#10482](https://github.com/traefik/traefik/pull/10482) by [Thadir](https://github.com/Thadir))
- **[server]** Add specification for TCP TLS routers in documentation ([#10510](https://github.com/traefik/traefik/pull/10510) by [shivanipawar00](https://github.com/shivanipawar00))
- **[tls]** Fix default value for peerCertURI option ([#10470](https://github.com/traefik/traefik/pull/10470) by [marcmognol](https://github.com/marcmognol))
- Update releases page ([#10449](https://github.com/traefik/traefik/pull/10449) by [ldez](https://github.com/ldez))
- Update releases page ([#10443](https://github.com/traefik/traefik/pull/10443) by [ldez](https://github.com/ldez))
- Add youkoulayley to maintainers ([#10517](https://github.com/traefik/traefik/pull/10517) by [emilevauge](https://github.com/emilevauge))
- Add sdelicata to maintainers ([#10515](https://github.com/traefik/traefik/pull/10515) by [emilevauge](https://github.com/emilevauge))
**Misc:**
- **[webui]** Modify the Hub Button ([#10583](https://github.com/traefik/traefik/pull/10583) by [mdeliatf](https://github.com/mdeliatf))
## [v2.11.0](https://github.com/traefik/traefik/tree/v2.11.0) (2024-02-12)
[All Commits](https://github.com/traefik/traefik/compare/v2.11.0-rc1...v2.11.0)
**Enhancements:**
- **[middleware]** Deprecate IPWhiteList middleware in favor of IPAllowList ([#10249](https://github.com/traefik/traefik/pull/10249) by [lbenguigui](https://github.com/lbenguigui))
- **[redis]** Add Redis Sentinel support ([#10245](https://github.com/traefik/traefik/pull/10245) by [youkoulayley](https://github.com/youkoulayley))
- **[server]** Add KeepAliveMaxTime and KeepAliveMaxRequests features to entrypoints ([#10247](https://github.com/traefik/traefik/pull/10247) by [juliens](https://github.com/juliens))
- **[sticky-session]** Hash WRR sticky cookies ([#10243](https://github.com/traefik/traefik/pull/10243) by [youkoulayley](https://github.com/youkoulayley))
**Bug fixes:**
- **[acme]** Update go-acme/lego to v4.15.0 ([#10392](https://github.com/traefik/traefik/pull/10392) by [ldez](https://github.com/ldez))
- **[authentication]** Fix NTLM and Kerberos ([#10405](https://github.com/traefik/traefik/pull/10405) by [juliens](https://github.com/juliens))
- **[file]** Fix file watcher ([#10420](https://github.com/traefik/traefik/pull/10420) by [juliens](https://github.com/juliens))
- **[file]** Update github.com/fsnotify/fsnotify to v1.7.0 ([#10313](https://github.com/traefik/traefik/pull/10313) by [ldez](https://github.com/ldez))
- **[http3]** Update quic-go to v0.40.1 ([#10296](https://github.com/traefik/traefik/pull/10296) by [ldez](https://github.com/ldez))
- **[middleware,tcp]** Add missing TCP IPAllowList middleware constructor ([#10331](https://github.com/traefik/traefik/pull/10331) by [youkoulayley](https://github.com/youkoulayley))
- **[nomad]** Update the Nomad API dependency to v1.7.2 ([#10327](https://github.com/traefik/traefik/pull/10327) by [jrasell](https://github.com/jrasell))
- **[server]** Fix ReadHeaderTimeout for PROXY protocol ([#10320](https://github.com/traefik/traefik/pull/10320) by [juliens](https://github.com/juliens))
- **[webui]** Fixes the Header Button ([#10395](https://github.com/traefik/traefik/pull/10395) by [mdeliatf](https://github.com/mdeliatf))
- **[webui]** Fix URL encode resource&#39;s id before calling API endpoints ([#10292](https://github.com/traefik/traefik/pull/10292) by [andsarr](https://github.com/andsarr))
**Documentation:**
- **[acme]** Fix TLS challenge explanation ([#10293](https://github.com/traefik/traefik/pull/10293) by [cavokz](https://github.com/cavokz))
- **[docker]** Update wording of compose example ([#10276](https://github.com/traefik/traefik/pull/10276) by [svx](https://github.com/svx))
- **[docker,acme]** Fix typo ([#10294](https://github.com/traefik/traefik/pull/10294) by [youpsla](https://github.com/youpsla))
- **[ecs]** Mention ECS as supported backend ([#10393](https://github.com/traefik/traefik/pull/10393) by [aleyrizvi](https://github.com/aleyrizvi))
- **[k8s/crd]** Adjust deprecation notice for Kubernetes CRD provider ([#10317](https://github.com/traefik/traefik/pull/10317) by [rtribotte](https://github.com/rtribotte))
- **[middleware]** Update the documentation for RateLimit to provide a better example ([#10298](https://github.com/traefik/traefik/pull/10298) by [rmburton](https://github.com/rmburton))
- **[server]** Fix the keepAlive options for the CLI examples ([#10398](https://github.com/traefik/traefik/pull/10398) by [immanuelfodor](https://github.com/immanuelfodor))
- Prepare release v2.11.0-rc2 ([#10384](https://github.com/traefik/traefik/pull/10384) by [rtribotte](https://github.com/rtribotte))
- Improve Concepts documentation page ([#10315](https://github.com/traefik/traefik/pull/10315) by [oliver-dvorski](https://github.com/oliver-dvorski))
- Prepare release v2.11.0-rc1 ([#10326](https://github.com/traefik/traefik/pull/10326) by [mmatur](https://github.com/mmatur))
- Fix description for anonymous usage statistics references ([#10287](https://github.com/traefik/traefik/pull/10287) by [ariyonaty](https://github.com/ariyonaty))
- Documentation enhancements ([#10261](https://github.com/traefik/traefik/pull/10261) by [svx](https://github.com/svx))
## [v2.11.0-rc2](https://github.com/traefik/traefik/tree/v2.11.0-rc2) (2024-01-24)
[All Commits](https://github.com/traefik/traefik/compare/v2.11.0-rc1...v2.11.0-rc2)
**Bug fixes:**
- **[middleware,tcp]** Add missing TCP IPAllowList middleware constructor ([#10331](https://github.com/traefik/traefik/pull/10331) by [youkoulayley](https://github.com/youkoulayley))
- **[nomad]** Update the Nomad API dependency to v1.7.2 ([#10327](https://github.com/traefik/traefik/pull/10327) by [jrasell](https://github.com/jrasell))
**Documentation:**
- Improve Concepts documentation page ([#10315](https://github.com/traefik/traefik/pull/10315) by [oliver-dvorski](https://github.com/oliver-dvorski))
## [v2.11.0-rc1](https://github.com/traefik/traefik/tree/v2.11.0-rc1) (2024-01-02)
[All Commits](https://github.com/traefik/traefik/compare/0a7964300166d167f68d5502bc245b3b9c8842b4...v2.11.0-rc1)
**Enhancements:**
- **[middleware]** Deprecate IPWhiteList middleware in favor of IPAllowList ([#10249](https://github.com/traefik/traefik/pull/10249) by [lbenguigui](https://github.com/lbenguigui))
- **[redis]** Add Redis Sentinel support ([#10245](https://github.com/traefik/traefik/pull/10245) by [youkoulayley](https://github.com/youkoulayley))
- **[server]** Add KeepAliveMaxTime and KeepAliveMaxRequests features to entrypoints ([#10247](https://github.com/traefik/traefik/pull/10247) by [juliens](https://github.com/juliens))
- **[sticky-session]** Hash WRR sticky cookies ([#10243](https://github.com/traefik/traefik/pull/10243) by [youkoulayley](https://github.com/youkoulayley))
**Bug fixes:**
- **[file]** Update github.com/fsnotify/fsnotify to v1.7.0 ([#10313](https://github.com/traefik/traefik/pull/10313) by [ldez](https://github.com/ldez))
- **[http3]** Update quic-go to v0.40.1 ([#10296](https://github.com/traefik/traefik/pull/10296) by [ldez](https://github.com/ldez))
- **[server]** Fix ReadHeaderTimeout for PROXY protocol ([#10320](https://github.com/traefik/traefik/pull/10320) by [juliens](https://github.com/juliens))
**Documentation:**
- **[acme]** Fix TLS challenge explanation ([#10293](https://github.com/traefik/traefik/pull/10293) by [cavokz](https://github.com/cavokz))
- **[docker,acme]** Fix typo ([#10294](https://github.com/traefik/traefik/pull/10294) by [youpsla](https://github.com/youpsla))
- **[docker]** Update wording of compose example ([#10276](https://github.com/traefik/traefik/pull/10276) by [svx](https://github.com/svx))
- **[k8s/crd]** Adjust deprecation notice for Kubernetes CRD provider ([#10317](https://github.com/traefik/traefik/pull/10317) by [rtribotte](https://github.com/rtribotte))
- Fix description for anonymous usage statistics references ([#10287](https://github.com/traefik/traefik/pull/10287) by [ariyonaty](https://github.com/ariyonaty))
- Documentation enhancements ([#10261](https://github.com/traefik/traefik/pull/10261) by [svx](https://github.com/svx))
## [v2.10.7](https://github.com/traefik/traefik/tree/v2.10.7) (2023-12-06)
[All Commits](https://github.com/traefik/traefik/compare/v2.10.6...v2.10.7)
**Bug fixes:**
- **[logs]** Fixed datadog logs json format issue ([#10233](https://github.com/traefik/traefik/pull/10233) by [sssash18](https://github.com/sssash18))
## [v2.10.6](https://github.com/traefik/traefik/tree/v2.10.6) (2023-11-28)
[All Commits](https://github.com/traefik/traefik/compare/v2.10.5...v2.10.6)
**Bug fixes:**
- **[acme]** Remove backoff for http challenge ([#10224](https://github.com/traefik/traefik/pull/10224) by [youkoulayley](https://github.com/youkoulayley))
- **[consul,consulcatalog]** Update github.com/hashicorp/consul/api ([#10220](https://github.com/traefik/traefik/pull/10220) by [kevinpollet](https://github.com/kevinpollet))
- **[http3]** Update quic-go to v0.39.1 ([#10171](https://github.com/traefik/traefik/pull/10171) by [tomMoulard](https://github.com/tomMoulard))
- **[middleware]** Fix stripPrefix middleware is not applied to retried attempts ([#10255](https://github.com/traefik/traefik/pull/10255) by [niki-timofe](https://github.com/niki-timofe))
- **[provider]** Refuse recursive requests ([#10242](https://github.com/traefik/traefik/pull/10242) by [rtribotte](https://github.com/rtribotte))
- **[server]** Deny request with fragment in URL path ([#10229](https://github.com/traefik/traefik/pull/10229) by [lbenguigui](https://github.com/lbenguigui))
- **[tracing]** Remove deprecated code usage for datadog tracer ([#10196](https://github.com/traefik/traefik/pull/10196) by [mmatur](https://github.com/mmatur))
**Documentation:**
- **[governance]** Update the review process and maintainers team documentation ([#10230](https://github.com/traefik/traefik/pull/10230) by [geraldcroes](https://github.com/geraldcroes))
- **[governance]** Guidelines Update ([#10197](https://github.com/traefik/traefik/pull/10197) by [geraldcroes](https://github.com/geraldcroes))
- **[metrics]** Add a mention for the host header in metrics headers labels doc ([#10172](https://github.com/traefik/traefik/pull/10172) by [rtribotte](https://github.com/rtribotte))
- **[middleware]** Rephrase BasicAuth and DigestAuth docs ([#10226](https://github.com/traefik/traefik/pull/10226) by [sssash18](https://github.com/sssash18))
- **[middleware]** Improve ErrorPages examples ([#10209](https://github.com/traefik/traefik/pull/10209) by [arendhummeling](https://github.com/arendhummeling))
- Add @lbenguigui to maintainers ([#10222](https://github.com/traefik/traefik/pull/10222) by [kevinpollet](https://github.com/kevinpollet))
## [v2.10.5](https://github.com/traefik/traefik/tree/v2.10.5) (2023-10-11)
[All Commits](https://github.com/traefik/traefik/compare/v2.10.4...v2.10.5)
**Bug fixes:**
- **[accesslogs]** Move origin fields capture to service level ([#10126](https://github.com/traefik/traefik/pull/10126) by [rtribotte](https://github.com/rtribotte))
- **[accesslogs]** Fix preflight response status in access logs ([#10142](https://github.com/traefik/traefik/pull/10142) by [rtribotte](https://github.com/rtribotte))
- **[acme]** Update go-acme/lego to v4.14.0 ([#10087](https://github.com/traefik/traefik/pull/10087) by [ldez](https://github.com/ldez))
- **[acme]** Update go-acme/lego to v4.13.3 ([#10077](https://github.com/traefik/traefik/pull/10077) by [ldez](https://github.com/ldez))
- **[http3]** Update quic-go to v0.37.5 ([#10083](https://github.com/traefik/traefik/pull/10083) by [ldez](https://github.com/ldez))
- **[http3]** Update quic-go to v0.39.0 ([#10137](https://github.com/traefik/traefik/pull/10137) by [ldez](https://github.com/ldez))
- **[http3]** Update quic-go to v0.37.6 ([#10085](https://github.com/traefik/traefik/pull/10085) by [ldez](https://github.com/ldez))
- **[http3]** Update quic-go to v0.38.0 ([#10086](https://github.com/traefik/traefik/pull/10086) by [ldez](https://github.com/ldez))
- **[http3]** Update quic-go to v0.38.1 ([#10090](https://github.com/traefik/traefik/pull/10090) by [ldez](https://github.com/ldez))
- **[kv]** Ignore ErrKeyNotFound error for the KV provider ([#10082](https://github.com/traefik/traefik/pull/10082) by [sunyakun](https://github.com/sunyakun))
- **[middleware,authentication]** Adjust forward auth to avoid connection leak ([#10096](https://github.com/traefik/traefik/pull/10096) by [wdhongtw](https://github.com/wdhongtw))
- **[middleware,server]** Improve CNAME flattening to avoid unnecessary error logging ([#10128](https://github.com/traefik/traefik/pull/10128) by [niallnsec](https://github.com/niallnsec))
- **[middleware]** Allow X-Forwarded-For delete operation ([#10132](https://github.com/traefik/traefik/pull/10132) by [rtribotte](https://github.com/rtribotte))
- **[server]** Update x/net and grpc/grpc-go ([#10161](https://github.com/traefik/traefik/pull/10161) by [rtribotte](https://github.com/rtribotte))
- **[webui]** Add missing accessControlAllowOriginListRegex to middleware view ([#10157](https://github.com/traefik/traefik/pull/10157) by [DBendit](https://github.com/DBendit))
- Fix false positive in url anonymization ([#10138](https://github.com/traefik/traefik/pull/10138) by [jspdown](https://github.com/jspdown))
**Documentation:**
- **[acme]** Change Arvancloud URL ([#10115](https://github.com/traefik/traefik/pull/10115) by [sajjadjafaribojd](https://github.com/sajjadjafaribojd))
- **[acme]** Correct minor typo in crd-acme docs ([#10067](https://github.com/traefik/traefik/pull/10067) by [ayyron-lmao](https://github.com/ayyron-lmao))
- **[healthcheck]** Remove healthcheck interval configuration warning ([#10068](https://github.com/traefik/traefik/pull/10068) by [rtribotte](https://github.com/rtribotte))
- **[kv,redis]** Docs describe the missing db parameter in redis provider ([#10052](https://github.com/traefik/traefik/pull/10052) by [tokers](https://github.com/tokers))
- **[middleware]** Doc fix accessControlAllowHeaders examples ([#10121](https://github.com/traefik/traefik/pull/10121) by [ebuildy](https://github.com/ebuildy))
- Updates business callout in the documentation ([#10122](https://github.com/traefik/traefik/pull/10122) by [tomatokoolaid](https://github.com/tomatokoolaid))
## [v2.10.4](https://github.com/traefik/traefik/tree/v2.10.4) (2023-07-24)
[All Commits](https://github.com/traefik/traefik/compare/v2.10.3...v2.10.4)

12
CODE_OF_CONDUCT.md
View File

@@ -47,6 +47,18 @@ Further details of specific enforcement policies may be posted separately.
Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership.
When an inappropriate behavior is reported, maintainers will discuss on the Maintainer's Discord before marking the message as "abuse".
This conversation beforehand avoids one-sided decisions.
The first message will be edited and marked as abuse.
The second edited message and marked as abuse results in a 7-day ban.
The third edited message and marked as abuse results in a permanent ban.
The content of edited messages is:
`Dear user, we want traefik to provide a welcoming and respectful environment. Your [comment/issue/PR] has been reported and marked as abuse according to our [Code of Conduct](./CODE_OF_CONDUCT.md). Thank you.`
The [report must be resolved](https://docs.github.com/en/communities/moderating-comments-and-conversations/managing-reported-content-in-your-organizations-repository#resolving-a-report) accordingly.
## Attribution
This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, available at [http://contributor-covenant.org/version/1/4][version]

12
Dockerfile
View File

@@ -1,6 +1,12 @@
FROM scratch
COPY script/ca-certificates.crt /etc/ssl/certs/
COPY dist/traefik /
# syntax=docker/dockerfile:1.2
FROM alpine:3.22
RUN apk add --no-cache --no-progress ca-certificates tzdata
ARG TARGETPLATFORM
COPY ./dist/$TARGETPLATFORM/traefik /
EXPOSE 80
VOLUME ["/tmp"]
ENTRYPOINT ["/traefik"]

2
LICENSE.md
View File

@@ -1,6 +1,6 @@
The MIT License (MIT)
Copyright (c) 2016-2020 Containous SAS; 2020-2023 Traefik Labs
Copyright (c) 2016-2020 Containous SAS; 2020-2025 Traefik Labs
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal

230
Makefile
View File

@@ -1,126 +1,112 @@
SRCS = $(shell git ls-files '*.go' | grep -v '^vendor/')
TAG_NAME := $(shell git tag -l --contains HEAD)
TAG_NAME := $(shell git describe --abbrev=0 --tags --exact-match)
SHA := $(shell git rev-parse HEAD)
VERSION_GIT := $(if $(TAG_NAME),$(TAG_NAME),$(SHA))
VERSION := $(if $(VERSION),$(VERSION),$(VERSION_GIT))
GIT_BRANCH := $(subst heads/,,$(shell git rev-parse --abbrev-ref HEAD 2>/dev/null))
TRAEFIK_DEV_IMAGE := traefik-dev$(if $(GIT_BRANCH),:$(subst /,-,$(GIT_BRANCH)))
BIN_NAME := traefik
CODENAME ?= cheddar
REPONAME := $(shell echo $(REPO) | tr '[:upper:]' '[:lower:]')
TRAEFIK_IMAGE := $(if $(REPONAME),$(REPONAME),"traefik/traefik")
DATE := $(shell date -u '+%Y-%m-%d_%I:%M:%S%p')
INTEGRATION_OPTS := $(if $(MAKE_DOCKER_HOST),-e "DOCKER_HOST=$(MAKE_DOCKER_HOST)",-v "/var/run/docker.sock:/var/run/docker.sock")
DOCKER_BUILD_ARGS := $(if $(DOCKER_VERSION), "--build-arg=DOCKER_VERSION=$(DOCKER_VERSION)",)
# Default build target
GOOS := $(shell go env GOOS)
GOARCH := $(shell go env GOARCH)
GOGC ?=
# only used when running in docker
TRAEFIK_ENVS := \
-e OS_ARCH_ARG \
-e OS_PLATFORM_ARG \
-e TESTFLAGS \
-e VERBOSE \
-e VERSION \
-e CODENAME \
-e TESTDIRS \
-e CI \
-e IN_DOCKER=true # Indicator for integration tests that we are running inside a container.
LINT_EXECUTABLES = misspell shellcheck
TRAEFIK_MOUNT := -v "$(CURDIR)/dist:/go/src/github.com/traefik/traefik/dist"
DOCKER_RUN_OPTS := $(TRAEFIK_ENVS) $(TRAEFIK_MOUNT) "$(TRAEFIK_DEV_IMAGE)"
DOCKER_NON_INTERACTIVE ?= false
DOCKER_RUN_TRAEFIK := docker run $(INTEGRATION_OPTS) $(if $(DOCKER_NON_INTERACTIVE), , -it) $(DOCKER_RUN_OPTS)
DOCKER_RUN_TRAEFIK_TEST := docker run --add-host=host.docker.internal:127.0.0.1 --rm --name=traefik --network traefik-test-network -v $(PWD):$(PWD) -w $(PWD) $(INTEGRATION_OPTS) $(if $(DOCKER_NON_INTERACTIVE), , -it) $(DOCKER_RUN_OPTS)
DOCKER_RUN_TRAEFIK_NOTTY := docker run $(INTEGRATION_OPTS) $(if $(DOCKER_NON_INTERACTIVE), , -i) $(DOCKER_RUN_OPTS)
IN_DOCKER ?= true
DOCKER_BUILD_PLATFORMS ?= linux/amd64,linux/arm64
.PHONY: default
default: binary
#? default: Run `make generate` and `make binary`
default: generate binary
## Create the "dist" directory
#? dist: Create the "dist" directory
dist:
mkdir -p dist
## Build Dev Docker image
.PHONY: build-dev-image
build-dev-image: dist
ifneq ("$(IN_DOCKER)", "")
docker build $(DOCKER_BUILD_ARGS) -t "$(TRAEFIK_DEV_IMAGE)" --build-arg HOST_PWD="$(PWD)" -f build.Dockerfile .
endif
## Build Dev Docker image without cache
.PHONY: build-dev-image-no-cache
build-dev-image-no-cache: dist
ifneq ("$(IN_DOCKER)", "")
docker build $(DOCKER_BUILD_ARGS) --no-cache -t "$(TRAEFIK_DEV_IMAGE)" --build-arg HOST_PWD="$(PWD)" -f build.Dockerfile .
endif
## Build WebUI Docker image
.PHONY: build-webui-image
#? build-webui-image: Build WebUI Docker image
build-webui-image:
docker build -t traefik-webui -f webui/Dockerfile webui
## Clean WebUI static generated assets
.PHONY: clean-webui
#? clean-webui: Clean WebUI static generated assets
clean-webui:
rm -r webui/static
mkdir -p webui/static
printf 'For more information see `webui/readme.md`' > webui/static/DONT-EDIT-FILES-IN-THIS-DIRECTORY.md
## Generate WebUI
webui/static/index.html:
$(MAKE) build-webui-image
docker run --rm -v "$(PWD)/webui/static":'/src/webui/static' traefik-webui npm run build:nc
docker run --rm -v "$(PWD)/webui/static":'/src/webui/static' traefik-webui chown -R $(shell id -u):$(shell id -g) ./static
.PHONY: generate-webui
#? generate-webui: Generate WebUI
generate-webui: webui/static/index.html
## Build the binary
.PHONY: generate
#? generate: Generate code (Dynamic and Static configuration documentation reference files)
generate:
go generate
.PHONY: binary
binary: generate-webui build-dev-image
$(if $(IN_DOCKER),$(DOCKER_RUN_TRAEFIK)) ./script/make.sh generate binary
#? binary: Build the binary
binary: generate-webui dist
@echo SHA: $(VERSION) $(CODENAME) $(DATE)
CGO_ENABLED=0 GOGC=${GOGC} GOOS=${GOOS} GOARCH=${GOARCH} go build ${FLAGS[*]} -ldflags "-s -w \
-X github.com/traefik/traefik/v2/pkg/version.Version=$(VERSION) \
-X github.com/traefik/traefik/v2/pkg/version.Codename=$(CODENAME) \
-X github.com/traefik/traefik/v2/pkg/version.BuildDate=$(DATE)" \
-installsuffix nocgo -o "./dist/${GOOS}/${GOARCH}/$(BIN_NAME)" ./cmd/traefik
## Build the linux binary locally
.PHONY: binary-debug
binary-debug: generate-webui
GOOS=linux ./script/make.sh binary
binary-linux-arm64: export GOOS := linux
binary-linux-arm64: export GOARCH := arm64
binary-linux-arm64:
@$(MAKE) binary
binary-linux-amd64: export GOOS := linux
binary-linux-amd64: export GOARCH := amd64
binary-linux-amd64:
@$(MAKE) binary
binary-windows-amd64: export GOOS := windows
binary-windows-amd64: export GOARCH := amd64
binary-windows-amd64: export BIN_NAME := traefik.exe
binary-windows-amd64:
@$(MAKE) binary
## Build the binary for the standard platforms (linux, darwin, windows)
.PHONY: crossbinary-default
crossbinary-default: generate-webui build-dev-image
$(DOCKER_RUN_TRAEFIK_NOTTY) ./script/make.sh generate crossbinary-default
#? crossbinary-default: Build the binary for the standard platforms (linux, darwin, windows)
crossbinary-default: generate generate-webui
$(CURDIR)/script/crossbinary-default.sh
## Build the binary for the standard platforms (linux, darwin, windows) in parallel
.PHONY: crossbinary-default-parallel
crossbinary-default-parallel:
$(MAKE) generate-webui
$(MAKE) build-dev-image crossbinary-default
## Run the unit and integration tests
.PHONY: test
test: build-dev-image
-docker network create traefik-test-network --driver bridge --subnet 172.31.42.0/24
trap 'docker network rm traefik-test-network' EXIT; \
$(if $(IN_DOCKER),$(DOCKER_RUN_TRAEFIK_TEST)) ./script/make.sh generate test-unit binary test-integration
#? test: Run the unit and integration tests
test: test-ui-unit test-unit test-integration
## Run the unit tests
.PHONY: test-unit
test-unit: build-dev-image
-docker network create traefik-test-network --driver bridge --subnet 172.31.42.0/24
trap 'docker network rm traefik-test-network' EXIT; \
$(if $(IN_DOCKER),$(DOCKER_RUN_TRAEFIK_TEST)) ./script/make.sh generate test-unit
#? test-unit: Run the unit tests
test-unit:
GOOS=$(GOOS) GOARCH=$(GOARCH) go test -cover "-coverprofile=cover.out" -v $(TESTFLAGS) ./pkg/... ./cmd/...
## Run the integration tests
.PHONY: test-integration
test-integration: build-dev-image
-docker network create traefik-test-network --driver bridge --subnet 172.31.42.0/24
trap 'docker network rm traefik-test-network' EXIT; \
$(if $(IN_DOCKER),$(DOCKER_RUN_TRAEFIK_TEST)) ./script/make.sh generate binary test-integration
#? test-integration: Run the integration tests
test-integration:
GOOS=$(GOOS) GOARCH=$(GOARCH) go test ./integration -test.timeout=20m -failfast -v $(TESTFLAGS)
.PHONY: test-ui-unit
#? test-ui-unit: Run the unit tests for the webui
test-ui-unit:
$(MAKE) build-webui-image
docker run --rm -v "$(PWD)/webui/static":'/src/webui/static' traefik-webui yarn --cwd webui install
docker run --rm -v "$(PWD)/webui/static":'/src/webui/static' traefik-webui yarn --cwd webui test:unit:ci
## Pull all images for integration tests
.PHONY: pull-images
#? pull-images: Pull all Docker images to avoid timeout during integration tests
pull-images:
grep --no-filename -E '^\s+image:' ./integration/resources/compose/*.yml \
| awk '{print $$2}' \
@@ -128,84 +114,76 @@ pull-images:
| uniq \
| xargs -P 6 -n 1 docker pull
## Validate code and docs
.PHONY: lint
#? lint: Run golangci-lint
lint:
golangci-lint run
.PHONY: validate-files
validate-files: build-dev-image
$(if $(IN_DOCKER),$(DOCKER_RUN_TRAEFIK)) ./script/make.sh generate validate-lint validate-misspell
bash $(CURDIR)/script/validate-shell-script.sh
#? validate-files: Validate code and docs
validate-files:
$(foreach exec,$(LINT_EXECUTABLES),\
$(if $(shell which $(exec)),,$(error "No $(exec) in PATH")))
$(CURDIR)/script/validate-vendor.sh
$(CURDIR)/script/validate-misspell.sh
$(CURDIR)/script/validate-shell-script.sh
## Validate code, docs, and vendor
.PHONY: validate
validate: build-dev-image
$(if $(IN_DOCKER),$(DOCKER_RUN_TRAEFIK)) ./script/make.sh generate validate-lint validate-misspell validate-vendor
bash $(CURDIR)/script/validate-shell-script.sh
#? validate: Validate code, docs, and vendor
validate: lint validate-files
# Target for building images for multiple architectures.
.PHONY: multi-arch-image-%
multi-arch-image-%: binary-linux-amd64 binary-linux-arm64
docker buildx build $(DOCKER_BUILDX_ARGS) -t traefik/traefik:$* --platform=$(DOCKER_BUILD_PLATFORMS) -f Dockerfile .
## Clean up static directory and build a Docker Traefik image
.PHONY: build-image
build-image: clean-webui binary
docker build -t $(TRAEFIK_IMAGE) .
#? build-image: Clean up static directory and build a Docker Traefik image
build-image: export DOCKER_BUILDX_ARGS := --load
build-image: export DOCKER_BUILD_PLATFORMS := linux/$(GOARCH)
build-image: clean-webui
@$(MAKE) multi-arch-image-latest
## Build a Docker Traefik image without re-building the webui
.PHONY: build-image-dirty
build-image-dirty: binary
docker build -t $(TRAEFIK_IMAGE) .
#? build-image-dirty: Build a Docker Traefik image without re-building the webui when it's already built
build-image-dirty: export DOCKER_BUILDX_ARGS := --load
build-image-dirty: export DOCKER_BUILD_PLATFORMS := linux/$(GOARCH)
build-image-dirty:
@$(MAKE) multi-arch-image-latest
## Locally build traefik for linux, then shove it an alpine image, with basic tools.
.PHONY: build-image-debug
build-image-debug: binary-debug
docker build -t $(TRAEFIK_IMAGE) -f debug.Dockerfile .
## Start a shell inside the build env
.PHONY: shell
shell: build-dev-image
$(DOCKER_RUN_TRAEFIK) /bin/bash
## Build documentation site
.PHONY: docs
#? docs: Build documentation site
docs:
make -C ./docs docs
## Serve the documentation site locally
.PHONY: docs-serve
#? docs-serve: Serve the documentation site locally
docs-serve:
make -C ./docs docs-serve
## Pull image for doc building
.PHONY: docs-pull-images
#? docs-pull-images: Pull image for doc building
docs-pull-images:
make -C ./docs docs-pull-images
## Generate CRD clientset and CRD manifests
.PHONY: generate-crd
#? generate-crd: Generate CRD clientset and CRD manifests
generate-crd:
@$(CURDIR)/script/code-gen.sh
## Generate code from dynamic configuration https://github.com/traefik/genconf
.PHONY: generate-genconf
#? generate-genconf: Generate code from dynamic configuration github.com/traefik/genconf
generate-genconf:
go run ./cmd/internal/gen/
## Create packages for the release
.PHONY: release-packages
release-packages: generate-webui build-dev-image
rm -rf dist
$(if $(IN_DOCKER),$(DOCKER_RUN_TRAEFIK_NOTTY)) goreleaser release --skip-publish -p 2 --timeout="90m"
$(if $(IN_DOCKER),$(DOCKER_RUN_TRAEFIK_NOTTY)) tar cfz dist/traefik-${VERSION}.src.tar.gz \
--exclude-vcs \
--exclude .idea \
--exclude .travis \
--exclude .semaphoreci \
--exclude .github \
--exclude dist .
$(if $(IN_DOCKER),$(DOCKER_RUN_TRAEFIK_NOTTY)) chown -R $(shell id -u):$(shell id -g) dist/
## Format the Code
.PHONY: fmt
#? fmt: Format the Code
fmt:
gofmt -s -l -w $(SRCS)
.PHONY: run-dev
run-dev:
go generate
GO111MODULE=on go build ./cmd/traefik
./traefik
.PHONY: help
#? help: Get more info on make commands
help: Makefile
@echo " Choose a command run in traefik:"
@sed -n 's/^#?//p' $< | column -t -s ':' | sort | sed -e 's/^/ /'

10
README.md
View File

@@ -7,7 +7,6 @@
</picture>
</p>
[![Build Status SemaphoreCI](https://semaphoreci.com/api/v1/containous/traefik/branches/master/shields_badge.svg)](https://semaphoreci.com/containous/traefik)
[![Docs](https://img.shields.io/badge/docs-current-brightgreen.svg)](https://doc.traefik.io/traefik)
[![Go Report Card](https://goreportcard.com/badge/traefik/traefik)](https://goreportcard.com/report/traefik/traefik)
[![License](https://img.shields.io/badge/license-MIT-blue.svg)](https://github.com/traefik/traefik/blob/master/LICENSE.md)
@@ -61,7 +60,7 @@ _(But if you'd rather configure some of your routes manually, Traefik supports t
- Provides HTTPS to your microservices by leveraging [Let's Encrypt](https://letsencrypt.org) (wildcard certificates support)
- Circuit breakers, retry
- See the magic through its clean web UI
- Websocket, HTTP/2, GRPC ready
- WebSocket, HTTP/2, GRPC ready
- Provides metrics (Rest, Prometheus, Datadog, Statsd, InfluxDB)
- Keeps access logs (JSON, CLF)
- Fast
@@ -74,6 +73,7 @@ _(But if you'd rather configure some of your routes manually, Traefik supports t
- [Kubernetes](https://doc.traefik.io/traefik/providers/kubernetes-crd/)
- [Marathon](https://doc.traefik.io/traefik/providers/marathon/)
- [Rancher](https://doc.traefik.io/traefik/providers/rancher/) (Metadata)
- [ECS](https://doc.traefik.io/traefik/providers/ecs/)
- [File](https://doc.traefik.io/traefik/providers/file/)
## Quickstart
@@ -90,8 +90,6 @@ You can access the simple HTML frontend of Traefik.
You can find the complete documentation of Traefik v2 at [https://doc.traefik.io/traefik/](https://doc.traefik.io/traefik/).
A collection of contributions around Traefik can be found at [https://awesome.traefik.io](https://awesome.traefik.io).
## Support
To get community support, you can:
@@ -127,8 +125,8 @@ You can find high level and deep dive videos on [videos.traefik.io](https://vide
## Maintainers
We are strongly promoting a philosophy of openness and sharing, and firmly standing against the elitist closed approach. Being part of the core team should be accessible to anyone who is motivated and want to be part of that journey!
This [document](docs/content/contributing/maintainers-guidelines.md) describes how to be part of the core team as well as various responsibilities and guidelines for Traefik maintainers.
You can also find more information on our process to review pull requests and manage issues [in this document](docs/content/contributing/maintainers.md).
This [document](docs/content/contributing/maintainers-guidelines.md) describes how to be part of the [maintainers' team](docs/content/contributing/maintainers.md) as well as various responsibilities and guidelines for Traefik maintainers.
You can also find more information on our process to review pull requests and manage issues [in this document](https://github.com/traefik/contributors-guide/blob/master/issue_triage.md).
## Contributing

8
SECURITY.md
View File

@@ -1,7 +1,7 @@
# Security Policy
You can join our security mailing list to be aware of the latest announcements from our security team.
You can subscribe sending a mail to security+subscribe@traefik.io or on [the online viewer](https://groups.google.com/a/traefik.io/forum/#!forum/security).
You can subscribe by sending an email to security+subscribe@traefik.io or on [the online viewer](https://groups.google.com/a/traefik.io/forum/#!forum/security).
Reported vulnerabilities can be found on [cve.mitre.org](https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=traefik).
@@ -16,7 +16,7 @@ Each version is supported until the next one is released (e.g. 1.1.x will be sup
We use [Semantic Versioning](https://semver.org/).
| Version | Supported |
| --------- | ------------------ |
|-----------|--------------------|
| `2.2.x` | :white_check_mark: |
| `< 2.2.x` | :x: |
| `1.7.x` | :white_check_mark: |
@@ -25,4 +25,6 @@ We use [Semantic Versioning](https://semver.org/).
## Reporting a Vulnerability
We want to keep Traefik safe for everyone.
If you've discovered a security vulnerability in Traefik, we appreciate your help in disclosing it to us in a responsible manner, using [this form](https://security.traefik.io).
If you've discovered a security vulnerability in Traefik,
we appreciate your help in disclosing it to us in a responsible manner,
by creating a [security advisory](https://github.com/traefik/traefik/security/advisories).

37
build.Dockerfile
View File

@@ -1,37 +0,0 @@
FROM golang:1.20-alpine
RUN apk --no-cache --no-progress add git mercurial bash gcc musl-dev curl tar ca-certificates tzdata \
&& update-ca-certificates \
&& rm -rf /var/cache/apk/*
# Which docker version to test on
ARG DOCKER_VERSION=18.09.7
# Download docker
RUN mkdir -p /usr/local/bin \
&& curl -fL https://download.docker.com/linux/static/stable/x86_64/docker-${DOCKER_VERSION}.tgz \
| tar -xzC /usr/local/bin --transform 's#^.+/##x'
# Download golangci-lint binary to bin folder in $GOPATH
RUN curl -sfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | bash -s -- -b $GOPATH/bin v1.52.2
# Download misspell binary to bin folder in $GOPATH
RUN curl -sfL https://raw.githubusercontent.com/golangci/misspell/master/install-misspell.sh | bash -s -- -b $GOPATH/bin v0.4.0
# Download goreleaser binary to bin folder in $GOPATH
RUN curl -sfL https://gist.githubusercontent.com/traefiker/6d7ac019c11d011e4f131bb2cca8900e/raw/goreleaser.sh | sh
WORKDIR /go/src/github.com/traefik/traefik
# Because of CVE-2022-24765 (https://github.blog/2022-04-12-git-security-vulnerability-announced/),
# we configure git to allow the Traefik codebase path on the Host for docker in docker usages.
ARG HOST_PWD=""
RUN git config --global --add safe.directory "${HOST_PWD}"
# Download go modules
COPY go.mod .
COPY go.sum .
RUN GO111MODULE=on GOPROXY=https://proxy.golang.org go mod download
COPY . /go/src/github.com/traefik/traefik

19
cmd/internal/gen/centrifuge.go
View File

@@ -13,6 +13,7 @@ import (
"path"
"path/filepath"
"reflect"
"slices"
"sort"
"strings"
@@ -80,7 +81,7 @@ func (c Centrifuge) Run(dest string, pkgName string) error {
}
for _, p := range c.pkg.Imports() {
if contains(c.IncludedImports, p.Path()) {
if slices.Contains(c.IncludedImports, p.Path()) {
fls := c.run(p.Scope(), p.Path(), p.Name())
err = fileWriter{baseDir: filepath.Join(dest, p.Name())}.Write(fls)
@@ -97,7 +98,7 @@ func (c Centrifuge) run(sc *types.Scope, rootPkg string, pkgName string) map[str
files := map[string]*File{}
for _, name := range sc.Names() {
if contains(c.ExcludedTypes, name) {
if slices.Contains(c.ExcludedTypes, name) {
continue
}
@@ -107,7 +108,7 @@ func (c Centrifuge) run(sc *types.Scope, rootPkg string, pkgName string) map[str
}
filename := filepath.Base(c.fileSet.File(o.Pos()).Name())
if contains(c.ExcludedFiles, path.Join(rootPkg, filename)) {
if slices.Contains(c.ExcludedFiles, path.Join(rootPkg, filename)) {
continue
}
@@ -159,7 +160,7 @@ func (c Centrifuge) writeStruct(name string, obj *types.Struct, rootPkg string,
b := strings.Builder{}
b.WriteString(fmt.Sprintf("type %s struct {\n", name))
for i := 0; i < obj.NumFields(); i++ {
for i := range obj.NumFields() {
field := obj.Field(i)
if !field.Exported() {
@@ -237,16 +238,6 @@ func extractPackage(t types.Type) string {
}
}
func contains(values []string, value string) bool {
for _, val := range values {
if val == value {
return true
}
}
return false
}
type fileWriter struct {
baseDir string
}

19
cmd/traefik/traefik.go
View File

@@ -3,7 +3,6 @@ package main
import (
"context"
"crypto/x509"
"encoding/json"
"fmt"
stdlog "log"
"net/http"
@@ -15,7 +14,7 @@ import (
"syscall"
"time"
"github.com/coreos/go-systemd/daemon"
"github.com/coreos/go-systemd/v22/daemon"
"github.com/go-acme/lego/v4/challenge"
gokitmetrics "github.com/go-kit/kit/metrics"
"github.com/sirupsen/logrus"
@@ -34,6 +33,7 @@ import (
"github.com/traefik/traefik/v2/pkg/provider/acme"
"github.com/traefik/traefik/v2/pkg/provider/aggregator"
"github.com/traefik/traefik/v2/pkg/provider/traefik"
"github.com/traefik/traefik/v2/pkg/redactor"
"github.com/traefik/traefik/v2/pkg/safe"
"github.com/traefik/traefik/v2/pkg/server"
"github.com/traefik/traefik/v2/pkg/server/middleware"
@@ -100,12 +100,11 @@ func runCmd(staticConfiguration *static.Configuration) error {
log.WithoutContext().Infof("Traefik version %s built on %s", version.Version, version.BuildDate)
jsonConf, err := json.Marshal(staticConfiguration)
redactedStaticConfiguration, err := redactor.RemoveCredentials(staticConfiguration)
if err != nil {
log.WithoutContext().Errorf("Could not marshal static configuration: %v", err)
log.WithoutContext().Debugf("Static configuration loaded [struct] %#v", staticConfiguration)
log.WithoutContext().Errorf("Could not redact static configuration: %v", err)
} else {
log.WithoutContext().Debugf("Static configuration loaded %s", string(jsonConf))
log.WithoutContext().Debugf("Static configuration loaded %s", redactedStaticConfiguration)
}
if staticConfiguration.Global.CheckNewVersion {
@@ -187,7 +186,7 @@ func setupServer(staticConfiguration *static.Configuration) (*server.Server, err
return nil, err
}
acmeProviders := initACMEProvider(staticConfiguration, &providerAggregator, tlsManager, httpChallengeProvider, tlsChallengeProvider)
acmeProviders := initACMEProvider(staticConfiguration, providerAggregator, tlsManager, httpChallengeProvider, tlsChallengeProvider, routinesPool)
// Entrypoints
@@ -316,7 +315,7 @@ func setupServer(staticConfiguration *static.Configuration) (*server.Server, err
}
if _, ok := resolverNames[rt.TLS.CertResolver]; !ok {
log.WithoutContext().Errorf("the router %s uses a non-existent resolver: %s", rtName, rt.TLS.CertResolver)
log.WithoutContext().Errorf("Router %s uses a nonexistent resolver: %s", rtName, rt.TLS.CertResolver)
}
}
})
@@ -365,7 +364,7 @@ func switchRouter(routerFactory *server.RouterFactory, serverEntryPointsTCP serv
}
// initACMEProvider creates an acme provider from the ACME part of globalConfiguration.
func initACMEProvider(c *static.Configuration, providerAggregator *aggregator.ProviderAggregator, tlsManager *traefiktls.Manager, httpChallengeProvider, tlsChallengeProvider challenge.Provider) []*acme.Provider {
func initACMEProvider(c *static.Configuration, providerAggregator *aggregator.ProviderAggregator, tlsManager *traefiktls.Manager, httpChallengeProvider, tlsChallengeProvider challenge.Provider, routinesPool *safe.Pool) []*acme.Provider {
localStores := map[string]*acme.LocalStore{}
var resolvers []*acme.Provider
@@ -375,7 +374,7 @@ func initACMEProvider(c *static.Configuration, providerAggregator *aggregator.Pr
}
if localStores[resolver.ACME.Storage] == nil {
localStores[resolver.ACME.Storage] = acme.NewLocalStore(resolver.ACME.Storage)
localStores[resolver.ACME.Storage] = acme.NewLocalStore(resolver.ACME.Storage, routinesPool)
}
p := &acme.Provider{

1
cmd/traefik/traefik_test.go
View File

@@ -94,7 +94,6 @@ func TestAppendCertMetric(t *testing.T) {
}
for _, test := range testCases {
test := test
t.Run(test.desc, func(t *testing.T) {
t.Parallel()

10
debug.Dockerfile
View File

@@ -1,10 +0,0 @@
FROM alpine:3.14
# Feel free to add below any helpful dependency for debugging.
# iproute2 is for ss.
RUN apk --no-cache --no-progress add bash curl ca-certificates tzdata lsof iproute2 \
&& update-ca-certificates \
&& rm -rf /var/cache/apk/*
COPY dist/traefik /
EXPOSE 80
VOLUME ["/tmp"]
ENTRYPOINT ["/traefik"]

8
docs/check.Dockerfile
View File

@@ -1,4 +1,4 @@
FROM alpine:3.18 as alpine
FROM alpine:3.22
RUN apk --no-cache --no-progress add \
build-base \
@@ -9,13 +9,11 @@ RUN apk --no-cache --no-progress add \
ruby \
ruby-bigdecimal \
ruby-dev \
ruby-etc \
ruby-ffi \
ruby-json \
zlib-dev
RUN gem install nokogiri --version 1.15.3 --no-document -- --use-system-libraries
RUN gem install html-proofer --version 5.0.7 --no-document -- --use-system-libraries
RUN gem install nokogiri --version 1.18.6 --no-document -- --use-system-libraries
RUN gem install html-proofer --version 5.0.10 --no-document -- --use-system-libraries
# After Ruby, some NodeJS YAY!
RUN apk --no-cache --no-progress add \

6
docs/content/contributing/advocating.md
View File

@@ -1,14 +1,14 @@
---
title: "Traefik Advocation Documentation"
description: "There are many ways to contribute to Traefik Proxy. If you're talking about Traefik, let us know and we'll promote your enthusiasm!"
description: "There are many ways to contribute to Traefik Proxy. Let us know if youre talking about Traefik, and we'll promote your enthusiasm!"
---
# Advocating
Spread the Love & Tell Us about It
Spread the Love & Tell Us About It
{: .subtitle }
Traefik Proxy was started by the community for the community.
Traefik Proxy was started by the community and for the community.
You can contribute to the Traefik community in three main ways:
**Spread the word!** Guides, videos, blog posts, how-to articles, and showing off your network design all help spread the word about Traefik Proxy

143
docs/content/contributing/building-testing.md
View File

@@ -13,67 +13,13 @@ Let's see how.
## Building
You need either [Docker](https://github.com/docker/docker "Link to website of Docker") and `make` (Method 1), or [Go](https://go.dev/ "Link to website of Go") (Method 2) in order to build Traefik.
For changes to its dependencies, the `dep` dependency management tool is required.
### Method 1: Using `Docker` and `Makefile`
Run make with the `binary` target.
```bash
make binary
```
This will create binaries for the Linux platform in the `dist` folder.
In case when you run build on CI, you may probably want to run docker in non-interactive mode. To achieve that define `DOCKER_NON_INTERACTIVE=true` environment variable.
```bash
$ make binary
docker build -t traefik-webui -f webui/Dockerfile webui
Sending build context to Docker daemon 2.686MB
Step 1/11 : FROM node:8.15.0
---> 1f6c34f7921c
[...]
Successfully built ce4ff439c06a
Successfully tagged traefik-webui:latest
[...]
docker build -t "traefik-dev:4475--feature-documentation" -f build.Dockerfile .
Sending build context to Docker daemon 279MB
Step 1/10 : FROM golang:1.16-alpine
---> f4bfb3d22bda
[...]
Successfully built 5c3c1a911277
Successfully tagged traefik-dev:4475--feature-documentation
docker run -e "TEST_CONTAINER=1" -v "/var/run/docker.sock:/var/run/docker.sock" -it -e OS_ARCH_ARG -e OS_PLATFORM_ARG -e TESTFLAGS -e VERBOSE -e VERSION -e CODENAME -e TESTDIRS -e CI -e CONTAINER=DOCKER -v "/home/ldez/sources/go/src/github.com/traefik/traefik/"dist":/go/src/github.com/traefik/traefik/"dist"" "traefik-dev:4475--feature-documentation" ./script/make.sh generate binary
---> Making bundle: generate (in .)
removed 'autogen/genstatic/gen.go'
---> Making bundle: binary (in .)
$ ls dist/
traefik*
```
The following targets can be executed outside Docker by setting the variable `IN_DOCKER` to an empty string (although be aware that some of the tests might fail in that context):
- `test-unit`
- `test-integration`
- `validate`
- `binary` (the webUI is still generated by using Docker)
ex:
```bash
IN_DOCKER= make test-unit
```
### Method 2: Using `go`
Requirements:
- `go` v1.16+
- environment variable `GO111MODULE=on`
You need:
- [Docker](https://github.com/docker/docker "Link to website of Docker")
- `make`
- [Go](https://go.dev/ "Link to website of Go")
- [misspell](https://github.com/golangci/misspell)
- [shellcheck](https://github.com/koalaman/shellcheck)
- [Tailscale](https://tailscale.com/) if you are using Docker Desktop
!!! tip "Source Directory"
@@ -106,43 +52,34 @@ Requirements:
## ... and the list goes on
```
#### Build Traefik
### Build Traefik
Once you've set up your go environment and cloned the source repository, you can build Traefik.
```bash
# Generate UI static files
make clean-webui generate-webui
$ make binary
SHA: 8fddfe118288bb5280eb5e77fa952f52def360b4 cheddar 2024-01-11_03:14:57PM
CGO_ENABLED=0 GOGC=off GOOS=darwin GOARCH=arm64 go build -ldflags "-s -w \
-X github.com/traefik/traefik/v2/pkg/version.Version=8fddfe118288bb5280eb5e77fa952f52def360b4 \
-X github.com/traefik/traefik/v2/pkg/version.Codename=cheddar \
-X github.com/traefik/traefik/v2/pkg/version.BuildDate=2024-01-11_03:14:57PM" \
-installsuffix nocgo -o "./dist/darwin/arm64/traefik" ./cmd/traefik
# required to merge non-code components into the final binary,
# such as the web dashboard/UI
go generate
$ ls dist/
traefik*
```
```bash
# Standard go build
go build ./cmd/traefik
```
You will find the Traefik executable (`traefik`) in the `~/go/src/github.com/traefik/traefik` directory.
You will find the Traefik executable (`traefik`) in the `./dist` directory.
## Testing
### Method 1: `Docker` and `make`
Run unit tests using the `test-unit` target.
Run integration tests using the `test-integration` target.
Run all tests (unit and integration) using the `test` target.
```bash
$ make test-unit
docker build -t "traefik-dev:your-feature-branch" -f build.Dockerfile .
# […]
docker run --rm -it -e OS_ARCH_ARG -e OS_PLATFORM_ARG -e TESTFLAGS -v "/home/user/go/src/github/traefik/traefik/dist:/go/src/github.com/traefik/traefik/dist" "traefik-dev:your-feature-branch" ./script/make.sh generate test-unit
---> Making bundle: generate (in .)
removed 'gen.go'
---> Making bundle: test-unit (in .)
GOOS=darwin GOARCH=arm64 go test -cover "-coverprofile=cover.out" -v ./pkg/... ./cmd/...
+ go test -cover -coverprofile=cover.out .
ok github.com/traefik/traefik 0.005s coverage: 4.1% of statements
@@ -151,28 +88,30 @@ Test success
For development purposes, you can specify which tests to run by using (only works the `test-integration` target):
??? note "Configuring Tailscale for Docker Desktop user"
Create `tailscale.secret` file in `integration` directory.
This file needs to contain a [Tailscale auth key](https://tailscale.com/kb/1085/auth-keys)
(an ephemeral, but reusable, one is recommended).
Add this section to your tailscale ACLs to auto-approve the routes for the
containers in the docker subnet:
```json
"autoApprovers": {
// Allow myself to automatically
// advertize routes for docker networks
"routes": {
"172.31.42.0/24": ["your_tailscale_identity"],
},
},
```
```bash
# Run every tests in the MyTest suite
TESTFLAGS="-check.f MyTestSuite" make test-integration
TESTFLAGS="-test.run TestAccessLogSuite" make test-integration
# Run the test "MyTest" in the MyTest suite
TESTFLAGS="-check.f MyTestSuite.MyTest" make test-integration
# Run every tests starting with "My", in the MyTest suite
TESTFLAGS="-check.f MyTestSuite.My" make test-integration
# Run every tests ending with "Test", in the MyTest suite
TESTFLAGS="-check.f MyTestSuite.*Test" make test-integration
TESTFLAGS="-test.run TestAccessLogSuite -testify.m ^TestAccessLog$" make test-integration
```
Check [gocheck](https://labix.org/gocheck "Link to website of gocheck") for more information.
### Method 2: `go`
Unit tests can be run from the cloned directory using `$ go test ./...` which should return `ok`, similar to:
```test
ok _/home/user/go/src/github/traefik/traefik 0.004s
```
Integration tests must be run from the `integration/` directory and require the `-integration` switch: `$ cd integration && go test -integration ./...`.

6
docs/content/contributing/documentation.md
View File

@@ -15,13 +15,13 @@ Let's see how.
### General
This [documentation](https://doc.traefik.io/traefik/ "Link to the official Traefik documentation") is built with [MkDocs](https://mkdocs.org/ "Link to website of MkDocs").
This [documentation](https://doc.traefik.io/traefik/ "Link to the official Traefik documentation") is built with [MkDocs](https://mkdocs.org/ "Link to the website of MkDocs").
### Method 1: `Docker` and `make`
Please make sure you have the following requirements installed:
- [Docker](https://www.docker.com/ "Link to website of Docker")
- [Docker](https://www.docker.com/ "Link to the website of Docker")
You can build the documentation and test it locally (with live reloading), using the `docs-serve` target:
@@ -51,7 +51,7 @@ $ make docs-build
Please make sure you have the following requirements installed:
- [Python](https://www.python.org/ "Link to website of Python")
- [Python](https://www.python.org/ "Link to the website of Python")
- [pip](https://pypi.org/project/pip/ "Link to the website of pip on PyPI")
```bash

125
docs/content/contributing/maintainers-guidelines.md
View File

@@ -7,89 +7,75 @@ description: "Interested in contributing more to the community and becoming a Tr
![Maintainer's Guidelines](../assets/img/maintainers-guidelines.png)
Note: the document is a work in progress.
Welcome to the Traefik Community.
This document describes how to be part of the core team
together with various responsibilities
and guidelines for Traefik maintainers.
We are strongly promoting a philosophy of openness and sharing,
and firmly standing against the elitist closed approach.
Being part of the core team should be accessible to anyone motivated
and wants to be part of that journey!
## Onboarding Process
## Becoming a Maintainer
If you consider joining our community, please drop us a line using Twitter or leave a note in the issue.
We will schedule a quick call to meet you and learn more about your motivation.
During the call, the team will discuss the process of becoming a maintainer.
We will be happy to answer any questions and explain all your doubts.
Before a contributor becomes a maintainer, they should meet the following requirements:
## Maintainer's Requirements
- The contributor enabled [2FA](https://docs.github.com/en/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication) on their GitHub account
Note: you do not have to meet all the listed requirements,
but must have achieved several.
- The contributor showed a consistent pattern of helpful, non-threatening, and friendly behavior towards other community members in the past.
- The contributor has read and accepted the maintainer's guidelines.
The contributor should also meet one or several of the following requirements:
- Enabled [2FA](https://docs.github.com/en/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication) on your GitHub account
- The contributor has opened and successfully run medium to large PRs in the past 6 months.
- The contributor has participated in multiple code reviews of other PRs,
including those of other maintainers and contributors.
- The contributor showed a consistent pattern of helpful, non-threatening, and friendly behavior towards other community members in the past.
- The contributor is active on Traefik Community forums
or other technical forums/boards such as K8S slack, Reddit, StackOverflow, hacker news.
- Have read and accepted the contributor guidelines.
or other technical forums/boards, such as K8S Slack, Reddit, StackOverflow, and Hacker News.
Any existing active maintainer can create an issue to discuss promoting a contributor to maintainer.
Other maintainers can vote on the issue, and if the quorum is reached, the contributor is promoted to maintainer.
If the quorum is not reached within one month after the issue is created, it is closed.
## Maintainer's Responsibilities and Privileges
There are lots of areas where you can contribute to the project,
but we can suggest you start with activities such as:
As a maintainer, you are granted a vote for the following:
- PR reviewing.
- According to our guidelines we require you have at least 3 reviewers,
thus you can review a PR and leave the relevant comment if it is necessary.
- Participating in a daily [issue triage](https://github.com/traefik/contributors-guide/blob/master/issue_triage.md).
- The process helps to understand and prioritize the reported issue according to its importance and severity.
This is crucial to learn how our users implement Traefik.
Each of the issues that are labeled as bug/possible bug/confirmed requires a reproducible use case.
You can help in creating a reproducible use case if it has not been added to the issue
or use the sample code provided by the reporter.
Typically, a simple Docker Compose should be enough to reproduce the issue.
- Code contribution.
- Documentation contribution.
- Technical documentation is one of the most important components of the product.
The ability to set up a testing environment in a few minutes,
using the official documentation,
is a game changer.
- You will be listed on our Maintainers GitHub page
and on our website in the section [maintainers](maintainers.md).
- We will be promoting you on social channels (mostly on Twitter).
- [PR review](https://github.com/traefik/contributors-guide/blob/master/pr_guidelines.md).
## Governance
- [Design review](https://github.com/traefik/contributors-guide/blob/master/proposals.md).
- Roadmap meetings on a regular basis where all maintainers are welcome.
- [Proposals](https://github.com/traefik/contributors-guide/blob/master/proposals.md).
Maintainers are also added to the maintainer's Discord server where happens the [issue triage](https://github.com/traefik/contributors-guide/blob/master/issue_triage.md)
and appear on the [Maintainers](maintainers.md) page.
As a maintainer, you should:
- Prioritize PR reviews, design reviews, and issue triage above any other task.
Making sure contributors and community members are listened to and have an impact on the project is essential to keeping the project active and develop a thriving community.
- Prioritize helping contributors reaching the expecting quality level over rewriting contributions.
Any triage activity on issues and PRs (e.g. labels, marking messages as off-topic, refusing, marking duplicates) should result from a collective decision to ensure knowledge is shared among maintainers.
## Communicating
- All of our maintainers are added to the Traefik Maintainers Discord server that belongs to Traefik labs.
Having the team in one place helps us to communicate effectively.
You can reach Traefik core developers directly,
which offers the possibility to discuss issues, pull requests, enhancements more efficiently
Maintainers can discuss issues, pull requests, enhancements more efficiently
and get the feedback almost immediately.
Fewer blockers mean more fun and engaging work.
- On a daily basis, we publish a report that includes all the activities performed during the day.
You are updated in regard to the workload that has been processed including:
working on the new features and enhancements,
activities related to the reported issues and PRs,
other important project-related announcements.
- Every decision made on the discord server among maintainers is documented so it's visible to the rest of the community.
- At 2:15pm CET every Monday and Thursday we review all the created issues that have been reported,
assign them the appropriate *[labels](maintainers.md#labels)*
and prioritize them based on the severity of the problem.
The process is called *[issue triaging](https://github.com/traefik/contributors-guide/blob/master/issue_triage.md)*.
Each of the maintainers is welcome to join the meeting.
For that purpose, we use the Traefik Maintainers Discord server
where you are invited once you have become an official maintainer.
- Maintainers express their opinions on issues and reviews.
It is fine to have different point of views.
We encourage active and open conversations which goals are to improve Traefik.
- When discussing issues and proposals, maintainers should share as much information as possible to help solve the issue.
## Maintainers Activity
@@ -97,38 +83,45 @@ In order to keep the core team efficient and dynamic,
maintainers' activity and involvement will be reviewed on a regular basis.
- Has the maintainer engaged with the team and the community by meeting two or more of these benchmarks in the past six months?
- Has the maintainer participated in at least two or three maintainer meetings?
- Substantial review of at least one or two PRs from either contributors or maintainers.
- Opened at least one or two bug fixes or feature request PRs
that were eventually merged (or on a trajectory for merge).
- Substantial participation in the Help Wanted program (answered questions, helped identify issues, applied guidelines from the Help Wanted guide to open issues).
- Substantial participation with the community in general.
- Has the maintainer shown a consistent pattern of helpful,
non-threatening,
and friendly behavior towards other people on the maintainer team and with our community?
## Additional Comments for (not only) Maintainers
## Additional Comments for Maintainers (that should apply to any contributor)
- Be respectful with other maintainers and other community members.
- Be open minded when participating in conversations: try to put yourself in others shoes.
- Be able to put yourself in users shoes.
- Be open-minded and respectful with other maintainers and other community members.
- Keep the communication public -
if anyone tries to communicate with you directly,
ask politely to move the conversation to a public communication channel.
- Stay away from defensive comments.
- Please try to express your thoughts clearly enough
and note that some of us are not native English speakers.
Try to rephrase your sentences, avoiding mental shortcuts;
none of us is able to predict your thoughts.
- There are a lot of use cases of using Traefik
and even more issues that are difficult to reproduce.
If the issue cant be replicated due to a lack of reproducible case (a simple Docker Compose should be enough) -
set your time limits while working on the issue
and express clearly that you were not able to replicate it.
You can come back later to that case.
none of us is able to predict anyone's thoughts.
- Be proactive.
- Emoji are fine,
but if you express yourself clearly enough they are not necessary.
They will not replace good communication.
- Embrace mentorship.
- Keep in mind that we all have the same intent to improve the project.
- Embrace mentorship: help others grow and match the quality level we strive for.
- Keep in mind that we all have the same goal: improve the project.

126
docs/content/contributing/maintainers.md
View File

@@ -5,18 +5,12 @@ description: "Traefik Proxy is an open source software with a thriving community
# Maintainers
## The Team
## Active Maintainers
* Emile Vauge [@emilevauge](https://github.com/emilevauge)
* Vincent Demeester [@vdemeester](https://github.com/vdemeester)
* Ed Robinson [@errm](https://github.com/errm)
* Daniel Tomcej [@dtomcej](https://github.com/dtomcej)
* Manuel Zapf [@SantoDE](https://github.com/SantoDE)
* Timo Reimann [@timoreimann](https://github.com/timoreimann)
* Ludovic Fernandez [@ldez](https://github.com/ldez)
* Julien Salleyron [@juliens](https://github.com/juliens)
* Nicolas Mengin [@nmengin](https://github.com/nmengin)
* Marco Jantke [@mjantke](https://github.com/mjeri)
* Michaël Matur [@mmatur](https://github.com/mmatur)
* Gérald Croës [@geraldcroes](https://github.com/geraldcroes)
* Jean-Baptiste Doumenjou [@jbdoumenjou](https://github.com/jbdoumenjou)
@@ -25,109 +19,21 @@ description: "Traefik Proxy is an open source software with a thriving community
* Kevin Pollet [@kevinpollet](https://github.com/kevinpollet)
* Harold Ozouf [@jspdown](https://github.com/jspdown)
* Tom Moulard [@tommoulard](https://github.com/tommoulard)
* Landry Benguigui [@lbenguigui](https://github.com/lbenguigui)
* Simon Delicata [@sdelicata](https://github.com/sdelicata)
* Baptiste Mayelle [@youkoulayley](https://github.com/youkoulayley)
## Past Maintainers
People who have had an incredibly positive impact on the project, and are now focusing on other projects.
* Vincent Demeester [@vdemeester](https://github.com/vdemeester)
* Ed Robinson [@errm](https://github.com/errm)
* Daniel Tomcej [@dtomcej](https://github.com/dtomcej)
* Timo Reimann [@timoreimann](https://github.com/timoreimann)
* Marco Jantke [@mjantke](https://github.com/mjeri)
* Ludovic Fernandez [@ldez](https://github.com/ldez)
## Maintainer's Guidelines
Please read the [maintainer's guidelines](maintainers-guidelines.md)
## Issue Triage
Issues and PRs are triaged daily and the process for triaging may be found under [triaging issues](https://github.com/traefik/contributors-guide/blob/master/issue_triage.md) in our [contributors guide repository](https://github.com/traefik/contributors-guide).
## PR Review Process
The process for reviewing PRs may be found under [review guidelines](https://github.com/traefik/contributors-guide/blob/master/review_guidelines.md) in our contributors guide repository.
## Labels
A maintainer that looks at an issue/PR must define its `kind/*`, `area/*`, and `status/*`.
### Status - Workflow
The `status/*` labels represent the desired state in the workflow.
* `status/0-needs-triage`: all the new issues and PRs have this status. _[bot only]_
* `status/1-needs-design-review`: needs a design review. **(only for PR)**
* `status/2-needs-review`: needs a code/documentation review. **(only for PR)**
* `status/3-needs-merge`: ready to merge. **(only for PR)**
* `status/4-merge-in-progress`: merge is in progress. _[bot only]_
### Contributor
* `contributor/need-more-information`: we need more information from the contributor in order to analyze a problem.
* `contributor/waiting-for-feedback`: we need the contributor to give us feedback.
* `contributor/waiting-for-corrections`: we need the contributor to take actions in order to move forward with a PR. **(only for PR)** _[bot, humans]_
* `contributor/needs-resolve-conflicts`: use it only when there is some conflicts (and an automatic rebase is not possible). **(only for PR)** _[bot, humans]_
### Kind
* `kind/enhancement`: a new or improved feature.
* `kind/question`: a question. **(only for issue)**
* `kind/proposal`: a proposal that needs to be discussed.
* _Proposal issues_ are design proposals
* _Proposal PRs_ are technical prototypes that need to be refined with multiple contributors.
* `kind/bug/possible`: a possible bug that needs analysis before it is confirmed or fixed. **(only for issues)**
* `kind/bug/confirmed`: a confirmed bug (reproducible). **(only for issues)**
* `kind/bug/fix`: a bug fix. **(only for PR)**
### Resolution
* `resolution/duplicate`: a duplicate issue/PR.
* `resolution/declined`: declined (Rule #1 of open-source: no is temporary, yes is forever).
* `WIP`: Work In Progress. **(only for PR)**
### Platform
* `platform/windows`: Windows related.
### Area
* `area/acme`: ACME related.
* `area/api`: Traefik API related.
* `area/authentication`: Authentication related.
* `area/cluster`: Traefik clustering related.
* `area/documentation`: Documentation related.
* `area/infrastructure`: CI or Traefik building scripts related.
* `area/healthcheck`: Health-check related.
* `area/logs`: Logs related.
* `area/middleware`: Middleware related.
* `area/middleware/metrics`: Metrics related. (Prometheus, StatsD, ...)
* `area/middleware/tracing`: Tracing related. (Jaeger, Zipkin, ...)
* `area/oxy`: Oxy related.
* `area/provider`: related to all providers.
* `area/provider/boltdb`: Boltd DB related.
* `area/provider/consul`: Consul related.
* `area/provider/docker`: Docker and Swarm related.
* `area/provider/ecs`: ECS related.
* `area/provider/etcd`: Etcd related.
* `area/provider/eureka`: Eureka related.
* `area/provider/file`: file provider related.
* `area/provider/k8s`: Kubernetes related.
* `area/provider/kv`: KV related.
* `area/provider/marathon`: Marathon related.
* `area/provider/mesos`: Mesos related.
* `area/provider/rancher`: Rancher related.
* `area/provider/servicefabric`: Azure service fabric related.
* `area/provider/zk`: Zoo Keeper related.
* `area/rules`: Rules related.
* `area/server`: Server related.
* `area/sticky-session`: Sticky session related.
* `area/tls`: TLS related.
* `area/websocket`: WebSocket related.
* `area/webui`: Web UI related.
### Issues Priority
* `priority/P0`: needs hot fix.
* `priority/P1`: need to be fixed in next release.
* `priority/P2`: need to be fixed in the future.
* `priority/P3`: maybe.
### PR Size
Automatically set by a bot.
* `size/S`: small PR.
* `size/M`: medium PR.
* `size/L`: Large PR.
Please read the [maintainer's guidelines](maintainers-guidelines.md).

4
docs/content/contributing/submitting-issues.md
View File

@@ -11,8 +11,8 @@ Help Us Help You!
Issues are perfect for requesting a feature/enhancement or reporting a suspected bug.
We use the [GitHub issue tracker](https://github.com/traefik/traefik/issues) to keep track of issues in Traefik.
The process of sorting and checking the issues is a daunting task, and requires a lot of work (more than an hour a day ... just for sorting).
To help us (and other community members) quickly and effortlessly understand what you need,
The process of sorting and checking the issues is a daunting task, and requires a lot of work.
To help maintainers (and other community members) quickly and effortlessly understand what you need,
be sure to follow the guidelines below.
!!! important "Getting Help Vs Reporting an Issue"

17
docs/content/contributing/submitting-pull-requests.md
View File

@@ -17,12 +17,9 @@ or the list of [confirmed bugs](https://github.com/traefik/traefik/labels/kind%2
## How We Prioritize
We wish we could review every pull request right away.
Unfortunately, our team has to prioritize pull requests (PRs) for review
(but we are welcoming new [maintainers](https://github.com/traefik/traefik/blob/master/docs/content/contributing/maintainers-guidelines.md) to speed this up,
if you are interested, check it out and apply).
We wish we could review every pull request right away, but because it's a time-consuming operation, it's not always possible.
The PRs we are able to handle fastest are:
The PRs we are able to handle the fastest are:
* Documentation updates.
* Bug fixes.
@@ -57,9 +54,10 @@ Merging a PR requires the following steps to be completed before it is merged au
* Keep "allows edit from maintainer" checked.
* Use semantic line breaks for documentation.
* Ensure your PR is not a draft. We do not review drafts, but do answer questions and confer with developers on them as needed.
* Ensure that the dependencies in the `go.mod` file reference a tag. If referencing a tag is not possible, add a comment explaining why.
* Pass the validation check.
* Pass all tests.
* Receive 3 approving reviews maintainers.
* Receive 2 approving reviews from maintainers.
## Pull Request Review Cycle
@@ -92,6 +90,7 @@ in short, it looks like this:
You must run these local verifications before you submit your pull request to predict the pass or failure of continuous integration.
Your PR will not be reviewed until these are green on the CI.
* `make generate`
* `make validate`
* `make pull-images`
* `make test`
@@ -115,7 +114,7 @@ In such a situation, solve the conflicts/CI/... and then remove the label `bot/n
To prevent the bot from automatically merging a PR, add the label `bot/no-merge`.
The label `bot/light-review` decreases the number of required LGTM from 3 to 1.
The label `bot/light-review` decreases the number of required LGTM from 2 to 1.
This label can be used when:
@@ -129,7 +128,7 @@ This label can be used when:
Traefik Proxy is made by the community for the community,
as such the goal is to engage the community to make Traefik the best reverse proxy available.
Part of this goal is maintaining a lean codebase and ensuring code velocity.
unfortunately, this means that sometimes we will not be able to merge a pull request.
Unfortunately, this means that sometimes we will not be able to merge a pull request.
Because we respect the work you did, you will always be told why we are closing your pull request.
If you do not agree with our decision, do not worry; closed pull requests are effortless to recreate,
@@ -198,7 +197,7 @@ here are some things you can do to move the process along:
* If you have fixed all the issues from a review,
remember to re-request a review (using the designated button) to let your reviewer know that you are ready.
You can choose to comment with the changes you made.
* Ping `@tfny` if you have not been assigned to a reviewer.
* Kindly comment on the pull request. Doing so will automatically give your PR visibility during the triage process.
For more information on best practices, try these links:

6
docs/content/contributing/submitting-security-issues.md
View File

@@ -8,7 +8,7 @@ description: "Security is a key part of Traefik Proxy. Read the technical docume
## Security Advisories
We strongly advise you to join our mailing list to be aware of the latest announcements from our security team.
You can subscribe sending a mail to security+subscribe@traefik.io or on [the online viewer](https://groups.google.com/a/traefik.io/forum/#!forum/security).
You can subscribe by sending an email to security+subscribe@traefik.io or on [the online viewer](https://groups.google.com/a/traefik.io/forum/#!forum/security).
## CVE
@@ -18,4 +18,6 @@ Reported vulnerabilities can be found on
## Report a Vulnerability
We want to keep Traefik safe for everyone.
If you've discovered a security vulnerability in Traefik, we appreciate your help in disclosing it to us in a responsible manner, using [this form](https://security.traefik.io).
If you've discovered a security vulnerability in Traefik,
we appreciate your help in disclosing it to us in a responsible manner,
by creating a [security advisory](https://github.com/traefik/traefik/security/advisories).

14
docs/content/contributing/thank-you.md
View File

@@ -9,7 +9,7 @@ _You_ Made It
{: .subtitle}
Traefik Proxy truly is an [open-source project](https://github.com/traefik/traefik/),
and wouldn't have become what it is today without the help of our [many contributors](https://github.com/traefik/traefik/graphs/contributors) (at the time of writing this),
and wouldn't have become what it is today without the help of our [many contributors](https://github.com/traefik/traefik/graphs/contributors),
not accounting for people having helped with issues, tests, comments, articles, ... or just enjoy using Traefik Proxy and share with others.
So once again, thank you for your invaluable help in making Traefik such a good product!
@@ -17,16 +17,16 @@ So once again, thank you for your invaluable help in making Traefik such a good
!!! question "Where to Go Next?"
If you want to:
- Propose and idea, request a feature a report a bug,
read the page [Submitting Issues](./submitting-issues.md).
- Propose an idea, request a feature, or report a bug,
then read [Submitting Issues](./submitting-issues.md).
- Discover how to make an efficient contribution,
read the page [Submitting Pull Requests](./submitting-pull-requests.md).
then read [Submitting Pull Requests](./submitting-pull-requests.md).
- Learn how to build and test Traefik,
the page [Building and Testing](./building-testing.md) is for you.
then the page [Building and Testing](./building-testing.md) is for you.
- Contribute to the documentation,
read the related page [Documentation](./documentation.md).
then read the page about [Documentation](./documentation.md).
- Understand how do we learn about Traefik usage,
read the [Data Collection](./data-collection.md) page.
- Spread the love about Traefik, please check the [Advocating](./advocating.md) page.
- Learn about who are the maintainers and how they work on the project,
read the [Maintainers](./maintainers.md) page.
read the [Maintainers](./maintainers.md) and [Maintainer Guidelines](./maintainers-guidelines.md) pages.

24
docs/content/deprecation/features.md
View File

@@ -2,14 +2,14 @@
This page is maintained and updated periodically to reflect our roadmap and any decisions around feature deprecation.
| Feature | Deprecated | End of Support | Removal |
|-----------------------------------------------------------------------------------------------------|------------|----------------|---------|
| [Pilot](#pilot) | 2.7 | 2.8 | 2.9 |
| [Consul Enterprise Namespace](#consul-enterprise-namespace) | 2.8 | N/A | 3.0 |
| [TLS 1.0 and 1.1 Support](#tls-10-and-11) | N/A | 2.8 | N/A |
| [Nomad Namespace](#nomad-namespace) | 2.10 | N/A | 3.0 |
| [Kubernetes CRDs API Group `traefik.containo.us`](#kubernetes-crds-api-group-traefikcontainous) | 2.10 | N/A | 3.0 |
| [Kubernetes CRDs API Version `traefik.io/v1alpha1`](#kubernetes-crds-api-version-traefikiov1alpha1) | N/A | N/A | 3.0 |
| Feature | Deprecated | End of Support | Removal |
|-------------------------------------------------------------------------------------------------------------|------------|----------------|---------|
| [Pilot](#pilot) | 2.7 | 2.8 | 2.9 |
| [Consul Enterprise Namespace](#consul-enterprise-namespace) | 2.8 | N/A | 3.0 |
| [TLS 1.0 and 1.1 Support](#tls-10-and-11) | N/A | 2.8 | N/A |
| [Nomad Namespace](#nomad-namespace) | 2.10 | N/A | 3.0 |
| [Kubernetes CRDs API Group `traefik.containo.us`](#kubernetes-crd-provider-api-group-traefikcontainous) | 2.10 | N/A | 3.0 |
| [Kubernetes CRDs API Version `traefik.io/v1alpha1`](#kubernetes-crd-provider-api-version-traefikiov1alpha1) | 3.0 | N/A | 4.0 |
## Impact
@@ -35,10 +35,10 @@ Starting on 2.8 the default TLS options will use the minimum version of TLS 1.2.
Starting on 2.10 the `namespace` option of the Nomad provider is deprecated,
please use the `namespaces` options instead.
### Kubernetes CRDs API Group `traefik.containo.us`
### Kubernetes CRD Provider API Group `traefik.containo.us`
In v2.10, the Kubernetes CRDs API Group `traefik.containo.us` is deprecated, and its support will end starting with Traefik v3. Please use the API Group `traefik.io` instead.
In v2.10, the Kubernetes CRD provider API Group `traefik.containo.us` is deprecated, and its support will end starting with Traefik v3. Please use the API Group `traefik.io` instead.
### Kubernetes CRDs API Version `traefik.io/v1alpha1`
### Kubernetes CRD Provider API Version `traefik.io/v1alpha1`
The newly introduced Kubernetes CRD API Version `traefik.io/v1alpha1` will subsequently be removed in Traefik v3. The following version will be `traefik.io/v1`.
The Kubernetes CRD provider API Version `traefik.io/v1alpha1` will subsequently be deprecated in Traefik v3. The next version will be `traefik.io/v1`.

42
docs/content/deprecation/releases.md
View File

@@ -4,29 +4,37 @@
Below is a non-exhaustive list of versions and their maintenance status:
| Version | Release Date | Active Support | Security Support |
|---------|--------------|--------------------|------------------|
| 2.10 | Apr 24, 2023 | Yes | Yes |
| 2.9 | Oct 03, 2022 | Ended Apr 24, 2023 | No |
| 2.8 | Jun 29, 2022 | Ended Oct 03, 2022 | No |
| 2.7 | May 24, 2022 | Ended Jun 29, 2022 | No |
| 2.6 | Jan 24, 2022 | Ended May 24, 2022 | No |
| 2.5 | Aug 17, 2021 | Ended Jan 24, 2022 | No |
| 2.4 | Jan 19, 2021 | Ended Aug 17, 2021 | No |
| 2.3 | Sep 23, 2020 | Ended Jan 19, 2021 | No |
| 2.2 | Mar 25, 2020 | Ended Sep 23, 2020 | No |
| 2.1 | Dec 11, 2019 | Ended Mar 25, 2020 | No |
| 2.0 | Sep 16, 2019 | Ended Dec 11, 2019 | No |
| 1.7 | Sep 24, 2018 | Ended Dec 31, 2021 | Contact Support |
| Version | Release Date | Active Support | Security Support |
|---------|--------------|--------------------|-------------------|
| 3.5 | Jul 23, 2025 | Yes | Yes |
| 3.4 | May 05, 2025 | Ended Jul 23, 2025 | No |
| 3.3 | Jan 06, 2025 | Ended May 05, 2025 | No |
| 3.2 | Oct 28, 2024 | Ended Jan 06, 2025 | No |
| 3.1 | Jul 15, 2024 | Ended Oct 28, 2024 | No |
| 3.0 | Apr 29, 2024 | Ended Jul 15, 2024 | No |
| 2.11 | Feb 12, 2024 | Ended Apr 29, 2025 | Ends Feb 01, 2026 |
| 2.10 | Apr 24, 2023 | Ended Feb 12, 2024 | No |
| 2.9 | Oct 03, 2022 | Ended Apr 24, 2023 | No |
| 2.8 | Jun 29, 2022 | Ended Oct 03, 2022 | No |
| 2.7 | May 24, 2022 | Ended Jun 29, 2022 | No |
| 2.6 | Jan 24, 2022 | Ended May 24, 2022 | No |
| 2.5 | Aug 17, 2021 | Ended Jan 24, 2022 | No |
| 2.4 | Jan 19, 2021 | Ended Aug 17, 2021 | No |
| 2.3 | Sep 23, 2020 | Ended Jan 19, 2021 | No |
| 2.2 | Mar 25, 2020 | Ended Sep 23, 2020 | No |
| 2.1 | Dec 11, 2019 | Ended Mar 25, 2020 | No |
| 2.0 | Sep 16, 2019 | Ended Dec 11, 2019 | No |
| 1.7 | Sep 24, 2018 | Ended Dec 31, 2021 | No |
??? example "Active Support / Security Support"
**Active support**: receives any bug fixes.
**Security support**: receives only critical bug and security fixes.
- **Active support**: Receives any bug fixes.
- **Security support**: Receives only critical bug and security fixes.
This page is maintained and updated periodically to reflect our roadmap and any decisions affecting the end of support for Traefik Proxy.
Please refer to our migration guides for specific instructions on upgrading between versions, an example is the [v1 to v2 migration guide](../migration/v1-to-v2.md).
Please refer to our migration guides for specific instructions on upgrading between versions, an example is the [v2 to v3 migration guide](../migration/v2-to-v3.md).
!!! important "All target dates for end of support or feature removal announcements may be subject to change."

4
docs/content/getting-started/concepts.md
View File

@@ -25,7 +25,7 @@ The main features include dynamic configuration, automatic service discovery, an
## Edge Router
Traefik is an *Edge Router*, it means that it's the door to your platform, and that it intercepts and routes every incoming request:
Traefik is an *Edge Router*; this means that it's the door to your platform, and that it intercepts and routes every incoming request:
it knows all the logic and every [rule](../routing/routers/index.md#rule "Link to docs about routing rules") that determine which services handle which requests (based on the *path*, the *host*, *headers*, etc.).
![The Door to Your Infrastructure](../assets/img/traefik-concepts-1.png "Picture explaining the infrastructure")
@@ -38,7 +38,7 @@ Deploying your services, you attach information that tells Traefik the character
![Decentralized Configuration](../assets/img/traefik-concepts-2.png "Picture about Decentralized Configuration")
It means that when a service is deployed, Traefik detects it immediately and updates the routing rules in real time.
This means that when a service is deployed, Traefik detects it immediately and updates the routing rules in real time.
Similarly, when a service is removed from the infrastructure, the corresponding route is deleted accordingly.
You no longer need to create and synchronize configuration files cluttered with IP addresses or other rules.

6
docs/content/getting-started/configuration-overview.md
View File

@@ -79,14 +79,14 @@ traefik --help
# or
docker run traefik[:version] --help
# ex: docker run traefik:v2.10 --help
# ex: docker run traefik:v2.11 --help
```
All available arguments can also be found [here](../reference/static-configuration/cli.md).
Check the [CLI reference](../reference/static-configuration/cli.md "Link to CLI reference overview") for an overview about all available arguments.
### Environment Variables
All available environment variables can be found [here](../reference/static-configuration/env.md)
All available environment variables can be found in the [static configuration environment overview](../reference/static-configuration/env.md).
## Available Configuration Options

20
docs/content/getting-started/faq.md
View File

@@ -29,7 +29,7 @@ Not to mention that dynamic configuration changes potentially make that kind of
Therefore, in this dynamic context,
the static configuration of an `entryPoint` does not give any hint whatsoever about how the traffic going through that `entryPoint` is going to be routed.
Or whether it's even going to be routed at all,
i.e. whether there is a Router matching the kind of traffic going through it.
that is whether there is a Router matching the kind of traffic going through it.
### `404 Not found`
@@ -71,7 +71,7 @@ Traefik returns a `502` response code when an error happens while contacting the
### `503 Service Unavailable`
Traefik returns a `503` response code when a Router has been matched
Traefik returns a `503` response code when a Router has been matched,
but there are no servers ready to handle the request.
This situation is encountered when a service has been explicitly configured without servers,
@@ -84,7 +84,7 @@ Sometimes, the `404` response code doesn't play well with other parties or servi
In these situations, you may want Traefik to always reply with a `503` response code,
instead of a `404` response code.
To achieve this behavior, a simple catchall router,
To achieve this behavior, a catchall router,
with the lowest possible priority and routing to a service without servers,
can handle all the requests when no other router has been matched.
@@ -93,7 +93,7 @@ The example below is a file provider only version (`yaml`) of what this configur
```yaml tab="Static configuration"
# traefik.yml
entrypoints:
entryPoints:
web:
address: :80
@@ -130,7 +130,7 @@ http:
the principle of the above example above (a catchall router) still stands,
but the `unavailable` service should be adapted to fit such a need.
## Why Is My TLS Certificate Not Reloaded When Its Contents Change?
## Why Is My TLS Certificate Not Reloaded When Its Contents Change?
With the file provider,
a configuration update is only triggered when one of the [watched](../providers/file.md#provider-configuration) configuration files is modified.
@@ -216,7 +216,7 @@ error: field not found, node: -badField-
The "field not found" error occurs, when an unknown property is encountered in the dynamic or static configuration.
One easy way to check whether a configuration file is well-formed, is to validate it with:
One way to check whether a configuration file is well-formed, is to validate it with:
- [JSON Schema of the static configuration](https://json.schemastore.org/traefik-v2.json)
- [JSON Schema of the dynamic configuration](https://json.schemastore.org/traefik-v2-file-provider.json)
@@ -226,11 +226,11 @@ One easy way to check whether a configuration file is well-formed, is to validat
As a common tip, if a resource is dropped/not created by Traefik after the dynamic configuration was evaluated,
one should look for an error in the logs.
If found, the error obviously confirms that something went wrong while creating the resource,
If found, the error confirms that something went wrong while creating the resource,
and the message should help in figuring out the mistake(s) in the configuration, and how to fix it.
When using the file provider,
one easy way to check if the dynamic configuration is well-formed is to validate it with the [JSON Schema of the dynamic configuration](https://json.schemastore.org/traefik-v2-file-provider.json).
one way to check if the dynamic configuration is well-formed is to validate it with the [JSON Schema of the dynamic configuration](https://json.schemastore.org/traefik-v2-file-provider.json).
## Why does Let's Encrypt wildcard certificate renewal/generation with DNS challenge fail?
@@ -248,6 +248,8 @@ then it could be due to `CNAME` support.
In which case, you should make sure your infrastructure is properly set up for a
`DNS` challenge that does not rely on `CNAME`, and you should try disabling `CNAME` support with:
```bash
```shell
LEGO_DISABLE_CNAME_SUPPORT=true
```
{!traefik-for-business-applications.md!}

51
docs/content/getting-started/install-traefik.md
View File

@@ -16,12 +16,12 @@ You can install Traefik with the following flavors:
Choose one of the [official Docker images](https://hub.docker.com/_/traefik) and run it with one sample configuration file:
* [YAML](https://raw.githubusercontent.com/traefik/traefik/v2.10/traefik.sample.yml)
* [TOML](https://raw.githubusercontent.com/traefik/traefik/v2.10/traefik.sample.toml)
* [YAML](https://raw.githubusercontent.com/traefik/traefik/v2.11/traefik.sample.yml)
* [TOML](https://raw.githubusercontent.com/traefik/traefik/v2.11/traefik.sample.toml)
```bash
```shell
docker run -d -p 8080:8080 -p 80:80 \
-v $PWD/traefik.yml:/etc/traefik/traefik.yml traefik:v2.10
-v $PWD/traefik.yml:/etc/traefik/traefik.yml traefik:v2.11
```
For more details, go to the [Docker provider documentation](../providers/docker.md)
@@ -29,17 +29,12 @@ For more details, go to the [Docker provider documentation](../providers/docker.
!!! tip
* Prefer a fixed version than the latest that could be an unexpected version.
ex: `traefik:v2.10`
ex: `traefik:v2.11`
* Docker images are based from the [Alpine Linux Official image](https://hub.docker.com/_/alpine).
* Any orchestrator using docker images can fetch the official Traefik docker image.
## Use the Helm Chart
!!! warning
The Traefik Chart from
[Helm's default charts repository](https://github.com/helm/charts/tree/master/stable/traefik) is still using [Traefik v1.7](https://doc.traefik.io/traefik/v1.7).
Traefik can be installed in Kubernetes using the Helm chart from <https://github.com/traefik/traefik-helm-chart>.
Ensure that the following requirements are met:
@@ -59,7 +54,7 @@ You can update the chart repository by running:
helm repo update
```
And install it with the `helm` command line:
And install it with the Helm command line:
```bash
helm install traefik traefik/traefik
@@ -69,7 +64,7 @@ helm install traefik traefik/traefik
All [Helm features](https://helm.sh/docs/intro/using_helm/) are supported.
Examples are provided [here](https://github.com/traefik/traefik-helm-chart/blob/master/EXAMPLES.md).
Examples are provided [here](https://github.com/traefik/traefik-helm-chart/blob/master/EXAMPLES.md).
For instance, installing the chart in a dedicated namespace:
@@ -104,38 +99,6 @@ helm install traefik traefik/traefik
- "--log.level=DEBUG"
```
### Exposing the Traefik dashboard
This HelmChart does not expose the Traefik dashboard by default, for security concerns.
Thus, there are multiple ways to expose the dashboard.
For instance, the dashboard access could be achieved through a port-forward:
```shell
kubectl port-forward $(kubectl get pods --selector "app.kubernetes.io/name=traefik" --output=name) 9000:9000
```
It can then be reached at: `http://127.0.0.1:9000/dashboard/`
Another way would be to apply your own configuration, for instance,
by defining and applying an IngressRoute CRD (`kubectl apply -f dashboard.yaml`):
```yaml
# dashboard.yaml
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: dashboard
spec:
entryPoints:
- web
routes:
- match: Host(`traefik.localhost`) && (PathPrefix(`/dashboard`) || PathPrefix(`/api`))
kind: Rule
services:
- name: api@internal
kind: TraefikService
```
## Use the Binary Distribution
Grab the latest binary from the [releases](https://github.com/traefik/traefik/releases) page.

57
docs/content/getting-started/quick-start-with-kubernetes.md
View File

@@ -1,23 +1,23 @@
---
title: "Traefik Getting Started With Kubernetes"
description: "Looking to get started with Traefik Proxy? Read the technical documentation to learn a simple use case that leverages Kubernetes."
description: "Get started with Traefik Proxy and Kubernetes."
---
# Quick Start
A Simple Use Case of Traefik Proxy and Kubernetes
A Use Case of Traefik Proxy and Kubernetes
{: .subtitle }
This guide is an introduction to using Traefik Proxy in a Kubernetes environment.
The objective is to learn how to run an application behind a Traefik reverse proxy in Kubernetes.
This guide is an introduction to using Traefik Proxy in a Kubernetes environment.
The objective is to learn how to run an application behind a Traefik reverse proxy in Kubernetes.
It presents and explains the basic blocks required to start with Traefik such as Ingress Controller, Ingresses, Deployments, static, and dynamic configuration.
## Permissions and Accesses
Traefik uses the Kubernetes API to discover running services.
In order to use the Kubernetes API, Traefik needs some permissions.
This [permission mechanism](https://kubernetes.io/docs/reference/access-authn-authz/rbac/) is based on roles defined by the cluster administrator.
To use the Kubernetes API, Traefik needs some permissions.
This [permission mechanism](https://kubernetes.io/docs/reference/access-authn-authz/rbac/) is based on roles defined by the cluster administrator.
The role is then bound to an account used by an application, in this case, Traefik Proxy.
The first step is to create the role.
@@ -58,6 +58,23 @@ rules:
- ingresses/status
verbs:
- update
- apiGroups:
- traefik.io
- traefik.containo.us
resources:
- middlewares
- middlewaretcps
- ingressroutes
- traefikservices
- ingressroutetcps
- ingressrouteudps
- tlsoptions
- tlsstores
- serverstransports
verbs:
- get
- list
- watch
```
!!! info "You can find the reference for this file [there](../../reference/dynamic-configuration/kubernetes-crd/#rbac)."
@@ -88,7 +105,7 @@ roleRef:
subjects:
- kind: ServiceAccount
name: traefik-account
namespace: default # Using "default" because we did not specify a namespace when creating the ClusterAccount.
namespace: default # This tutorial uses the "default" K8s namespace.
```
!!! info "`roleRef` is the Kubernetes reference to the role created in `00-role.yml`."
@@ -102,7 +119,7 @@ subjects:
!!! info "This section can be managed with the help of the [Traefik Helm chart](../install-traefik/#use-the-helm-chart)."
The [ingress controller](https://traefik.io/glossary/kubernetes-ingress-and-ingress-controller-101/#what-is-a-kubernetes-ingress-controller)
is a software that runs in the same way as any other application on a cluster.
is a software that runs in the same way as any other application on a cluster.
To start Traefik on the Kubernetes cluster,
a [`Deployment`](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/deployment-v1/) resource must exist to describe how to configure
and scale containers horizontally to support larger workloads.
@@ -130,7 +147,7 @@ spec:
serviceAccountName: traefik-account
containers:
- name: traefik
image: traefik:v2.10
image: traefik:v2.11
args:
- --api.insecure
- --providers.kubernetesingress
@@ -141,12 +158,12 @@ spec:
containerPort: 8080
```
The deployment contains an important attribute for customizing Traefik: `args`.
These arguments are the static configuration for Traefik.
The deployment contains an important attribute for customizing Traefik: `args`.
These arguments are the static configuration for Traefik.
From here, it is possible to enable the dashboard,
configure entry points,
select dynamic configuration providers,
and [more](../reference/static-configuration/cli.md)...
and [more](../reference/static-configuration/cli.md).
In this deployment,
the static configuration enables the Traefik dashboard,
@@ -159,10 +176,10 @@ and uses Kubernetes native Ingress resources as router definitions to route inco
!!! info "When enabling the [`api.insecure`](../../operations/api/#insecure) mode, Traefik exposes the dashboard on the port `8080`."
A deployment manages scaling and then can create lots of containers, called [Pods](https://kubernetes.io/docs/concepts/workloads/pods/).
Each Pod is configured following the `spec` field in the deployment.
Each Pod is configured following the `spec` field in the deployment.
Given that, a Deployment can run multiple Traefik Proxy Pods,
a piece is required to forward the traffic to any of the instance:
namely a [`Service`](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/service-v1/#Service).
namely a [`Service`](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/service-v1/#Service).
Create a file called `02-traefik-services.yml` and insert the two `Service` resources:
```yaml tab="02-traefik-services.yml"
@@ -195,7 +212,7 @@ spec:
!!! warning "It is possible to expose a service in different ways."
Depending on your working environment and use case, the `spec.type` might change.
Depending on your working environment and use case, the `spec.type` might change.
It is strongly recommended to understand the available [service types](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) before proceeding to the next step.
It is now time to apply those files on your cluster to start Traefik.
@@ -210,11 +227,11 @@ kubectl apply -f 00-role.yml \
## Proxying applications
The only part still missing is the business application behind the reverse proxy.
The only part still missing is the business application behind the reverse proxy.
For this guide, we use the example application [traefik/whoami](https://github.com/traefik/whoami),
but the principles are applicable to any other application.
The `whoami` application is a simple HTTP server running on port 80 which answers host-related information to the incoming requests.
The `whoami` application is an HTTP server running on port 80 which answers host-related information to the incoming requests.
As usual, start by creating a file called `03-whoami.yml` and paste the following `Deployment` resource:
```yaml tab="03-whoami.yml"
@@ -262,8 +279,8 @@ spec:
```
Thanks to the Kubernetes API,
Traefik is notified when an Ingress resource is created, updated, or deleted.
This makes the process dynamic.
Traefik is notified when an Ingress resource is created, updated, or deleted.
This makes the process dynamic.
The ingresses are, in a way, the [dynamic configuration](../../providers/kubernetes-ingress/) for Traefik.
!!! tip
@@ -317,4 +334,4 @@ curl -v http://localhost/
- Use [IngressRoute CRD](../providers/kubernetes-crd.md)
- Protect [ingresses with TLS](../routing/providers/kubernetes-ingress.md#enabling-tls-via-annotations)
{!traefik-api-management-kubernetes.md!}
{!traefik-for-business-applications.md!}

24
docs/content/getting-started/quick-start.md
View File

@@ -1,11 +1,11 @@
---
title: "Traefik Getting Started Quickly"
description: "Looking to get started with Traefik Proxy quickly? Read the technical documentation to learn a simple use case that leverages Docker."
description: "Get started with Traefik Proxy and Docker."
---
# Quick Start
A Simple Use Case Using Docker
A Use Case Using Docker
{: .subtitle }
![quickstart-diagram](../assets/img/quickstart-diagram.png)
@@ -20,7 +20,7 @@ version: '3'
services:
reverse-proxy:
# The official v2 Traefik docker image
image: traefik:v2.10
image: traefik:v2.11
# Enables the web UI and tells Traefik to listen to docker
command: --api.insecure=true --providers.docker
ports:
@@ -38,14 +38,14 @@ services:
Start your `reverse-proxy` with the following command:
```shell
docker-compose up -d reverse-proxy
docker compose up -d reverse-proxy
```
You can open a browser and go to `http://localhost:8080/api/rawdata` to see Traefik's API rawdata (we'll go back there once we have launched a service in step 2).
You can open a browser and go to `http://localhost:8080/api/rawdata` to see Traefik's API rawdata (you'll go back there once you have launched a service in step 2).
## Traefik Detects New Services and Creates the Route for You
Now that we have a Traefik instance up and running, we will deploy new services.
Now that you have a Traefik instance up and running, you will deploy new services.
Edit your `docker-compose.yml` file and add the following at the end of your file.
@@ -63,17 +63,17 @@ services:
- "traefik.http.routers.whoami.rule=Host(`whoami.docker.localhost`)"
```
The above defines `whoami`: a simple web service that outputs information about the machine it is deployed on (its IP address, host, and so on).
The above defines `whoami`: a web service that outputs information about the machine it is deployed on (its IP address, host, and others).
Start the `whoami` service with the following command:
```shell
docker-compose up -d whoami
docker compose up -d whoami
```
Go back to your browser (`http://localhost:8080/api/rawdata`) and see that Traefik has automatically detected the new container and updated its own configuration.
When Traefik detects new services, it creates the corresponding routes so you can call them ... _let's see!_ (Here, we're using curl)
When Traefik detects new services, it creates the corresponding routes so you can call them ... _let's see!_ (Here, you're using curl)
```shell
curl -H Host:whoami.docker.localhost http://127.0.0.1
@@ -92,7 +92,7 @@ IP: 172.27.0.3
Run more instances of your `whoami` service with the following command:
```shell
docker-compose up -d --scale whoami=2
docker compose up -d --scale whoami=2
```
Go back to your browser (`http://localhost:8080/api/rawdata`) and see that Traefik has automatically detected the new instance of the container.
@@ -103,7 +103,7 @@ Finally, see that Traefik load-balances between the two instances of your servic
curl -H Host:whoami.docker.localhost http://127.0.0.1
```
The output will show alternatively one of the followings:
The output will show alternatively one of the following:
```yaml
Hostname: a656c8ddca6c
@@ -119,6 +119,6 @@ IP: 172.27.0.4
!!! question "Where to Go Next?"
Now that you have a basic understanding of how Traefik can automatically create the routes to your services and load balance them, it is time to dive into [the documentation](/) and let Traefik work for you!
Now that you have a basic understanding of how Traefik can automatically create the routes to your services and load balance them, it is time to dive into [the user guides](../../user-guides/docker-compose/basic-example/ "Link to the user guides") and [the documentation](/ "Link to the docs landing page") and let Traefik work for you!
{!traefik-for-business-applications.md!}

165
docs/content/https/acme.md
View File

@@ -11,7 +11,7 @@ Automatic HTTPS
You can configure Traefik to use an ACME provider (like Let's Encrypt) for automatic certificate generation.
!!! warning "Let's Encrypt and Rate Limiting"
Note that Let's Encrypt API has [rate limiting](https://letsencrypt.org/docs/rate-limits). These last up to **one week**, and can not be overridden.
Note that Let's Encrypt API has [rate limiting](https://letsencrypt.org/docs/rate-limits). These last up to **one week**, and cannot be overridden.
When running Traefik in a container this file should be persisted across restarts.
If Traefik requests new certificates each time it starts up, a crash-looping container can quickly reach Let's Encrypt's ratelimits.
@@ -116,8 +116,8 @@ Please check the [configuration examples below](#configuration-examples) for mor
```
```bash tab="CLI"
--entrypoints.web.address=:80
--entrypoints.websecure.address=:443
--entryPoints.web.address=:80
--entryPoints.websecure.address=:443
# ...
--certificatesresolvers.myresolver.acme.email=your-email@example.com
--certificatesresolvers.myresolver.acme.storage=acme.json
@@ -241,8 +241,8 @@ when using the `HTTP-01` challenge, `certificatesresolvers.myresolver.acme.httpc
```
```bash tab="CLI"
--entrypoints.web.address=:80
--entrypoints.websecure.address=:443
--entryPoints.web.address=:80
--entryPoints.websecure.address=:443
# ...
--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web
```
@@ -294,6 +294,12 @@ Use the `DNS-01` challenge to generate and renew ACME certificates by provisioni
LEGO_DISABLE_CNAME_SUPPORT=true
```
!!! warning "Multiple DNS Challenge provider"
Multiple DNS challenge provider are not supported with Traefik, but you can use `CNAME` to handle that.
For example, if you have `example.org` (account foo) and `example.com` (account bar) you can create a CNAME on `example.org` called `_acme-challenge.example.org` pointing to `challenge.example.com`.
This way, you can obtain certificates for `example.org` with the `bar` account.
!!! important
A `provider` is mandatory.
@@ -310,56 +316,70 @@ For complete details, refer to your provider's _Additional configuration_ link.
| Provider Name | Provider Code | Environment Variables | |
|------------------------------------------------------------------------|--------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------|
| [ACME DNS](https://github.com/joohoi/acme-dns) | `acme-dns` | `ACME_DNS_API_BASE`, `ACME_DNS_STORAGE_PATH` | [Additional configuration](https://go-acme.github.io/lego/dns/acme-dns) |
| [ACME DNS](https://github.com/joohoi/acme-dns) | `acme-dns` | `ACME_DNS_API_BASE`, `ACME_DNS_STORAGE_PATH`, `ACME_DNS_STORAGE_BASE_URL` | [Additional configuration](https://go-acme.github.io/lego/dns/acme-dns) |
| [Active24](https://www.active24.cz) | `active24` | `ACTIVE24_API_KEY`, `ACTIVE24_SECRET` | [Additional configuration](https://go-acme.github.io/lego/dns/active24) |
| [Alibaba Cloud](https://www.alibabacloud.com) | `alidns` | `ALICLOUD_ACCESS_KEY`, `ALICLOUD_SECRET_KEY`, `ALICLOUD_REGION_ID` | [Additional configuration](https://go-acme.github.io/lego/dns/alidns) |
| [all-inkl](https://all-inkl.com) | `allinkl` | `ALL_INKL_LOGIN`, `ALL_INKL_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/allinkl) |
| [ArvanCloud](https://www.arvancloud.com/en) | `arvancloud` | `ARVANCLOUD_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/arvancloud) |
| [ArvanCloud](https://www.arvancloud.ir/en) | `arvancloud` | `ARVANCLOUD_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/arvancloud) |
| [Auroradns](https://www.pcextreme.com/dns-health-checks) | `auroradns` | `AURORA_USER_ID`, `AURORA_KEY`, `AURORA_ENDPOINT` | [Additional configuration](https://go-acme.github.io/lego/dns/auroradns) |
| [Autodns](https://www.internetx.com/domains/autodns/) | `autodns` | `AUTODNS_API_USER`, `AUTODNS_API_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/autodns) |
| [Azure](https://azure.microsoft.com/services/dns/) (DEPRECATED) | `azure` | `AZURE_CLIENT_ID`, `AZURE_CLIENT_SECRET`, `AZURE_SUBSCRIPTION_ID`, `AZURE_TENANT_ID`, `AZURE_RESOURCE_GROUP`, `[AZURE_METADATA_ENDPOINT]` | [Additional configuration](https://go-acme.github.io/lego/dns/azure) |
| [Axelname](https://axelname.ru) | `axelname` | `AXELNAME_NICKNAME`, `AXELNAME_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/axelname) |
| [Azion](https://www.azion.com/en/products/edge-dns/) | `azion` | `AZION_PERSONAL_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/azion) |
| [Azure](https://azure.microsoft.com/services/dns/) (DEPRECATED) | `azure` | DEPRECATED use `azuredns` instead. | [Additional configuration](https://go-acme.github.io/lego/dns/azure) |
| [AzureDNS](https://azure.microsoft.com/services/dns/) | `azuredns` | `AZURE_CLIENT_ID`, `AZURE_CLIENT_SECRET`, `AZURE_TENANT_ID`, `AZURE_SUBSCRIPTION_ID`, `AZURE_RESOURCE_GROUP`, `[AZURE_ENVIRONMENT]`, `[AZURE_PRIVATE_ZONE]`, `[AZURE_ZONE_NAME]` | [Additional configuration](https://go-acme.github.io/lego/dns/azuredns) |
| [Baidu Cloud](https://cloud.baidu.com) | `baiducloud` | `BAIDUCLOUD_ACCESS_KEY_ID`, `BAIDUCLOUD_SECRET_ACCESS_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/baiducloud) |
| [Bindman](https://github.com/labbsr0x/bindman-dns-webhook) | `bindman` | `BINDMAN_MANAGER_ADDRESS` | [Additional configuration](https://go-acme.github.io/lego/dns/bindman) |
| [Blue Cat](https://www.bluecatnetworks.com/) | `bluecat` | `BLUECAT_SERVER_URL`, `BLUECAT_USER_NAME`, `BLUECAT_PASSWORD`, `BLUECAT_CONFIG_NAME`, `BLUECAT_DNS_VIEW` | [Additional configuration](https://go-acme.github.io/lego/dns/bluecat) |
| [Brandit](https://www.brandit.com) | `brandit` | `BRANDIT_API_USERNAME`, `BRANDIT_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/brandit) |
| [BookMyName](https://www.bookmyname.com) | `bookmyname` | `BOOKMYNAME_USERNAME`, `BOOKMYNAME_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/bookmyname) |
| [Brandit](https://www.brandit.com) (DEPRECATED) | `brandit` | DEPRECATED | [Additional configuration](https://go-acme.github.io/lego/dns/brandit) |
| [Bunny](https://bunny.net) | `bunny` | `BUNNY_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/bunny) |
| [Checkdomain](https://www.checkdomain.de/) | `checkdomain` | `CHECKDOMAIN_TOKEN`, | [Additional configuration](https://go-acme.github.io/lego/dns/checkdomain/) |
| [Civo](https://www.civo.com/) | `civo` | `CIVO_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/civo) |
| [Cloud.ru](https://cloud.ru) | `cloudru` | `CLOUDRU_SERVICE_INSTANCE_ID`, `CLOUDRU_KEY_ID`, `CLOUDRU_SECRET` | [Additional configuration](https://go-acme.github.io/lego/dns/cloudru) |
| [CloudDNS](https://vshosting.eu/) | `clouddns` | `CLOUDDNS_CLIENT_ID`, `CLOUDDNS_EMAIL`, `CLOUDDNS_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/clouddns) |
| [Cloudflare](https://www.cloudflare.com) | `cloudflare` | `CF_API_EMAIL`, `CF_API_KEY` [^5] or `CF_DNS_API_TOKEN`, `[CF_ZONE_API_TOKEN]` | [Additional configuration](https://go-acme.github.io/lego/dns/cloudflare) |
| [ClouDNS](https://www.cloudns.net/) | `cloudns` | `CLOUDNS_AUTH_ID`, `CLOUDNS_AUTH_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/cloudns) |
| [CloudXNS](https://www.cloudxns.net) | `cloudxns` | `CLOUDXNS_API_KEY`, `CLOUDXNS_SECRET_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/cloudxns) |
| [CloudXNS](https://www.cloudxns.net) (DEPRECATED) | `cloudxns` | DEPRECATED | [Additional configuration](https://go-acme.github.io/lego/dns/cloudxns) |
| [ConoHa v3](https://www.conoha.jp/) | `conohav3` | `CONOHAV3_TENANT_ID`, `CONOHAV3_API_USER_ID`, `CONOHAV3_API_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/conohav3) |
| [ConoHa](https://www.conoha.jp) | `conoha` | `CONOHA_TENANT_ID`, `CONOHA_API_USERNAME`, `CONOHA_API_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/conoha) |
| [Constellix](https://constellix.com) | `constellix` | `CONSTELLIX_API_KEY`, `CONSTELLIX_SECRET_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/constellix) |
| [Core-Networks](https://www.core-networks.de) | `corenetworks` | `CORENETWORKS_LOGIN`, `CORENETWORKS_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/corenetworks) |
| [CPanel and WHM](https://cpanel.net/) | `cpanel` | `CPANEL_MODE`, `CPANEL_USERNAME`, `CPANEL_TOKEN`, `CPANEL_BASE_URL` | [Additional configuration](https://go-acme.github.io/lego/dns/cpanel) |
| [Derak Cloud](https://derak.cloud/) | `derak` | `DERAK_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/derak) |
| [deSEC](https://desec.io) | `desec` | `DESEC_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/desec) |
| [DigitalOcean](https://www.digitalocean.com) | `digitalocean` | `DO_AUTH_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/digitalocean) |
| [DirectAdmin](https://www.directadmin.com) | `directadmin` | `DIRECTADMIN_API_URL` , `DIRECTADMIN_USERNAME`, `DIRECTADMIN_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/directadmin) |
| [DNS Made Easy](https://dnsmadeeasy.com) | `dnsmadeeasy` | `DNSMADEEASY_API_KEY`, `DNSMADEEASY_API_SECRET`, `DNSMADEEASY_SANDBOX` | [Additional configuration](https://go-acme.github.io/lego/dns/dnsmadeeasy) |
| [dnsHome.de](https://www.dnshome.de) | `dnsHomede` | `DNSHOMEDE_CREDENTIALS` | [Additional configuration](https://go-acme.github.io/lego/dns/dnshomede) |
| [DNSimple](https://dnsimple.com) | `dnsimple` | `DNSIMPLE_OAUTH_TOKEN`, `DNSIMPLE_BASE_URL` | [Additional configuration](https://go-acme.github.io/lego/dns/dnsimple) |
| [DNSPod](https://www.dnspod.com/) | `dnspod` | `DNSPOD_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/dnspod) |
| [DNSPod](https://www.dnspod.com/) (DEPRECATED) | `dnspod` | DEPRECATED use `tencentcloud` instead. | [Additional configuration](https://go-acme.github.io/lego/dns/dnspod) |
| [Domain Offensive (do.de)](https://www.do.de/) | `dode` | `DODE_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/dode) |
| [Domeneshop](https://domene.shop) | `domeneshop` | `DOMENESHOP_API_TOKEN`, `DOMENESHOP_API_SECRET` | [Additional configuration](https://go-acme.github.io/lego/dns/domeneshop) |
| [DreamHost](https://www.dreamhost.com/) | `dreamhost` | `DREAMHOST_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/dreamhost) |
| [Duck DNS](https://www.duckdns.org/) | `duckdns` | `DUCKDNS_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/duckdns) |
| [Dyn](https://dyn.com) | `dyn` | `DYN_CUSTOMER_NAME`, `DYN_USER_NAME`, `DYN_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/dyn) |
| [DynDnsFree.de](https://www.dyndnsfree.de) | `dyndnsfree` | `DYNDNSFREE_USERNAME`, `DYNDNSFREE_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/dyndnsfree) |
| [Dynu](https://www.dynu.com) | `dynu` | `DYNU_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/dynu) |
| [EasyDNS](https://easydns.com/) | `easydns` | `EASYDNS_TOKEN`, `EASYDNS_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/easydns) |
| [EdgeDNS](https://www.akamai.com/) | `edgedns` | `AKAMAI_CLIENT_TOKEN`, `AKAMAI_CLIENT_SECRET`, `AKAMAI_ACCESS_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/edgedns) |
| [Efficient IP](https://efficientip.com) | `efficientip` | `EFFICIENTIP_USERNAME`, `EFFICIENTIP_PASSWORD`, `EFFICIENTIP_HOSTNAME`, `EFFICIENTIP_DNS_NAME` | [Additional configuration](https://go-acme.github.io/lego/dns/efficientip) |
| [Epik](https://www.epik.com) | `epik` | `EPIK_SIGNATURE` | [Additional configuration](https://go-acme.github.io/lego/dns/epik) |
| [Exoscale](https://www.exoscale.com) | `exoscale` | `EXOSCALE_API_KEY`, `EXOSCALE_API_SECRET`, `EXOSCALE_ENDPOINT` | [Additional configuration](https://go-acme.github.io/lego/dns/exoscale) |
| [F5 XC](https://www.f5.com/products/distributed-cloud-services) | `f5xc` | `F5XC_API_TOKEN`, `F5XC_TENANT_NAME`, `F5XC_GROUP_NAME` | [Additional configuration](https://go-acme.github.io/lego/dns/f5xc) |
| [Fast DNS](https://www.akamai.com/) | `fastdns` | `AKAMAI_CLIENT_TOKEN`, `AKAMAI_CLIENT_SECRET`, `AKAMAI_ACCESS_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/edgedns) |
| [Freemyip.com](https://freemyip.com) | `freemyip` | `FREEMYIP_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/freemyip) |
| [G-Core Lab](https://gcorelabs.com/dns/) | `gcore` | `GCORE_PERMANENT_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/gcore) |
| [Gandi v5](https://doc.livedns.gandi.net) | `gandiv5` | `GANDIV5_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/gandiv5) |
| [G-Core](https://gcore.com/dns/) | `gcore` | `GCORE_PERMANENT_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/gcore) |
| [Gandi v5](https://doc.livedns.gandi.net) | `gandiv5` | `GANDIV5_PERSONAL_ACCESS_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/gandiv5) |
| [Gandi](https://www.gandi.net) | `gandi` | `GANDI_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/gandi) |
| [Glesys](https://glesys.com/) | `glesys` | `GLESYS_API_USER`, `GLESYS_API_KEY`, `GLESYS_DOMAIN` | [Additional configuration](https://go-acme.github.io/lego/dns/glesys) |
| [GoDaddy](https://www.godaddy.com) | `godaddy` | `GODADDY_API_KEY`, `GODADDY_API_SECRET` | [Additional configuration](https://go-acme.github.io/lego/dns/godaddy) |
| [Google Cloud DNS](https://cloud.google.com/dns/docs/) | `gcloud` | `GCE_PROJECT`, Application Default Credentials [^2] [^3], [`GCE_SERVICE_ACCOUNT_FILE`] | [Additional configuration](https://go-acme.github.io/lego/dns/gcloud) |
| [Google Domains](https://domains.google) | `googledomains` | `GOOGLE_DOMAINS_ACCESS_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/googledomains) |
| [Google Domains](https://domains.google) (DEPRECATED) | `googledomains` | DEPRECATED | [Additional configuration](https://go-acme.github.io/lego/dns/googledomains) |
| [Hetzner](https://hetzner.com) | `hetzner` | `HETZNER_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/hetzner) |
| [hosting.de](https://www.hosting.de) | `hostingde` | `HOSTINGDE_API_KEY`, `HOSTINGDE_ZONE_NAME` | [Additional configuration](https://go-acme.github.io/lego/dns/hostingde) |
| [Hosttech](https://www.hosttech.eu) | `hosttech` | `HOSTTECH_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/hosttech) |
| [http.net](https://www.http.net/) | `httpnet` | `HTTPNET_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/httpnet) |
| [Huawei Cloud](https://huaweicloud.com) | `huaweicloud` | `HUAWEICLOUD_ACCESS_KEY_ID`, `HUAWEICLOUD_SECRET_ACCESS_KEY`, `HUAWEICLOUD_REGION` | [Additional configuration](https://go-acme.github.io/lego/dns/huaweicloud) |
| [Hurricane Electric](https://dns.he.net) | `hurricane` | `HURRICANE_TOKENS` [^6] | [Additional configuration](https://go-acme.github.io/lego/dns/hurricane) |
| [HyperOne](https://www.hyperone.com) | `hyperone` | `HYPERONE_PASSPORT_LOCATION`, `HYPERONE_LOCATION_ID` | [Additional configuration](https://go-acme.github.io/lego/dns/hyperone) |
| [IBM Cloud (SoftLayer)](https://www.ibm.com/cloud/) | `ibmcloud` | `SOFTLAYER_USERNAME`, `SOFTLAYER_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/ibmcloud) |
@@ -375,11 +395,18 @@ For complete details, refer to your provider's _Additional configuration_ link.
| [Joker.com](https://joker.com) | `joker` | `JOKER_API_MODE` with `JOKER_API_KEY` or `JOKER_USERNAME`, `JOKER_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/joker) |
| [Liara](https://liara.ir) | `liara` | `LIARA_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/liara) |
| [Lightsail](https://aws.amazon.com/lightsail/) | `lightsail` | `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `DNS_ZONE` | [Additional configuration](https://go-acme.github.io/lego/dns/lightsail) |
| [Lima-City](https://www.lima-city.de) | `limacity` | `LIMACITY_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/limacity) |
| [Linode v4](https://www.linode.com) | `linode` | `LINODE_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/linode) |
| [Liquid Web](https://www.liquidweb.com/) | `liquidweb` | `LIQUID_WEB_PASSWORD`, `LIQUID_WEB_USERNAME`, `LIQUID_WEB_ZONE` | [Additional configuration](https://go-acme.github.io/lego/dns/liquidweb) |
| [Loopia](https://loopia.com/) | `loopia` | `LOOPIA_API_PASSWORD`, `LOOPIA_API_USER` | [Additional configuration](https://go-acme.github.io/lego/dns/loopia) |
| [LuaDNS](https://luadns.com) | `luadns` | `LUADNS_API_USERNAME`, `LUADNS_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/luadns) |
| [Mail-in-a-Box](https://mailinabox.email) | `mailinabox` | `MAILINABOX_EMAIL`, `MAILINABOX_PASSWORD`, `MAILINABOX_BASE_URL` | [Additional configuration](https://go-acme.github.io/lego/dns/mailinabox) |
| [ManageEngine CloudDNS](https://clouddns.manageengine.com) | `manageengine` | `MANAGEENGINE_CLIENT_ID`, `MANAGEENGINE_CLIENT_SECRET` | [Additional configuration](https://go-acme.github.io/lego/dns/manageengine) |
| [Metaname](https://metaname.net) | `metaname` | `METANAME_ACCOUNT_REFERENCE`, `METANAME_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/metaname) |
| [Metaregistrar](https://metaregistrar.com) | `metaregistrar` | `METAREGISTRAR_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/metaregistrar) |
| [mijn.host](https://mijn.host/) | `mijnhost` | `MIJNHOST_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/mijnhost) |
| [Mittwald](https://www.mittwald.de) | `mittwald` | `MITTWALD_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/mittwald) |
| [myaddr.{tools,dev,io}](https://myaddr.tools/) | `myaddr` | `MYADDR_PRIVATE_KEYS_MAPPING` | [Additional configuration](https://go-acme.github.io/lego/dns/myaddr) |
| [MyDNS.jp](https://www.mydns.jp/) | `mydnsjp` | `MYDNSJP_MASTER_ID`, `MYDNSJP_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/mydnsjp) |
| [Mythic Beasts](https://www.mythic-beasts.com) | `mythicbeasts` | `MYTHICBEASTS_USER_NAME`, `MYTHICBEASTS_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/mythicbeasts) |
| [name.com](https://www.name.com/) | `namedotcom` | `NAMECOM_USERNAME`, `NAMECOM_API_TOKEN`, `NAMECOM_SERVER` | [Additional configuration](https://go-acme.github.io/lego/dns/namedotcom) |
@@ -396,24 +423,33 @@ For complete details, refer to your provider's _Additional configuration_ link.
| [Open Telekom Cloud](https://cloud.telekom.de) | `otc` | `OTC_DOMAIN_NAME`, `OTC_USER_NAME`, `OTC_PASSWORD`, `OTC_PROJECT_NAME`, `OTC_IDENTITY_ENDPOINT` | [Additional configuration](https://go-acme.github.io/lego/dns/otc) |
| [Openstack Designate](https://docs.openstack.org/designate) | `designate` | `OS_AUTH_URL`, `OS_USERNAME`, `OS_PASSWORD`, `OS_TENANT_NAME`, `OS_REGION_NAME` | [Additional configuration](https://go-acme.github.io/lego/dns/designate) |
| [Oracle Cloud](https://cloud.oracle.com/home) | `oraclecloud` | `OCI_COMPARTMENT_OCID`, `OCI_PRIVKEY_FILE`, `OCI_PRIVKEY_PASS`, `OCI_PUBKEY_FINGERPRINT`, `OCI_REGION`, `OCI_TENANCY_OCID`, `OCI_USER_OCID` | [Additional configuration](https://go-acme.github.io/lego/dns/oraclecloud) |
| [OVH](https://www.ovh.com) | `ovh` | `OVH_ENDPOINT`, `OVH_APPLICATION_KEY`, `OVH_APPLICATION_SECRET`, `OVH_CONSUMER_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/ovh) |
| [OVH](https://www.ovh.com) | `ovh` | `OVH_ENDPOINT`, `OVH_APPLICATION_KEY`, `OVH_APPLICATION_SECRET`, `OVH_CONSUMER_KEY`, `OVH_CLIENT_ID`, `OVH_CLIENT_SECRET` | [Additional configuration](https://go-acme.github.io/lego/dns/ovh) |
| [Plesk](https://www.plesk.com) | `plesk` | `PLESK_SERVER_BASE_URL`, `PLESK_USERNAME`, `PLESK_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/plesk) |
| [Porkbun](https://porkbun.com/) | `porkbun` | `PORKBUN_SECRET_API_KEY`, `PORKBUN_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/porkbun) |
| [PowerDNS](https://www.powerdns.com) | `pdns` | `PDNS_API_KEY`, `PDNS_API_URL` | [Additional configuration](https://go-acme.github.io/lego/dns/pdns) |
| [Rackspace](https://www.rackspace.com/cloud/dns) | `rackspace` | `RACKSPACE_USER`, `RACKSPACE_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/rackspace) |
| [Rainyun/雨云](https://www.rainyun.com) | `rainyun` | `RAINYUN_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/rainyun) |
| [RcodeZero](https://www.rcodezero.at) | `rcodezero` | `RCODEZERO_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/rcodezero) |
| [reg.ru](https://www.reg.ru) | `regru` | `REGRU_USERNAME`, `REGRU_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/regru) |
| [Regfish](https://regfish.de) | `regfish` | `regfish` | [Additional configuration](https://go-acme.github.io/lego/dns/regfish) |
| [RFC2136](https://tools.ietf.org/html/rfc2136) | `rfc2136` | `RFC2136_TSIG_KEY`, `RFC2136_TSIG_SECRET`, `RFC2136_TSIG_ALGORITHM`, `RFC2136_NAMESERVER` | [Additional configuration](https://go-acme.github.io/lego/dns/rfc2136) |
| [RimuHosting](https://rimuhosting.com) | `rimuhosting` | `RIMUHOSTING_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/rimuhosting) |
| [Route 53](https://aws.amazon.com/route53/) | `route53` | `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `[AWS_REGION]`, `[AWS_HOSTED_ZONE_ID]` or a configured user/instance IAM profile. | [Additional configuration](https://go-acme.github.io/lego/dns/route53) |
| [RU Center](https://nic.ru/) | `nicru` | `NICRU_USER`, `NICRU_PASSWORD`, `NICRU_SERVICE_ID`, `NICRU_SECRET`, `NICRU_SERVICE_NAME` | [Additional configuration](https://go-acme.github.io/lego/dns/nicru) |
| [Sakura Cloud](https://cloud.sakura.ad.jp/) | `sakuracloud` | `SAKURACLOUD_ACCESS_TOKEN`, `SAKURACLOUD_ACCESS_TOKEN_SECRET` | [Additional configuration](https://go-acme.github.io/lego/dns/sakuracloud) |
| [Scaleway](https://www.scaleway.com) | `scaleway` | `SCALEWAY_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/scaleway) |
| [Scaleway](https://www.scaleway.com) | `scaleway` | `SCW_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/scaleway) |
| [Selectel v2](https://selectel.ru/en/) | `selectelv2` | `SELECTELV2_ACCOUNT_ID`, `SELECTELV2_PASSWORD`, `SELECTELV2_PROJECT_ID`, `SELECTELV2_USERNAME` | [Additional configuration](https://go-acme.github.io/lego/dns/selectelv2) |
| [Selectel](https://selectel.ru/en/) | `selectel` | `SELECTEL_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/selectel) |
| [SelfHost.(de/eu)](https://www.selfhost.de) | `selfhostde` | `SELFHOSTDE_USERNAME`, `SELFHOSTDE_PASSWORD`, `SELFHOSTDE_RECORDS_MAPPING` | [Additional configuration](https://go-acme.github.io/lego/dns/selfhostde) |
| [Servercow](https://servercow.de) | `servercow` | `SERVERCOW_USERNAME`, `SERVERCOW_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/servercow) |
| [Shellrent](https://www.shellrent.com) | `shellrent` | `SHELLRENT_USERNAME`, `SHELLRENT_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/shellrent) |
| [Simply.com](https://www.simply.com/en/domains/) | `simply` | `SIMPLY_ACCOUNT_NAME`, `SIMPLY_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/simply) |
| [Sonic](https://www.sonic.com/) | `sonic` | `SONIC_USER_ID`, `SONIC_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/sonic) |
| [Spaceship](https://spaceship.com) | `spaceship` | `SPACESHIP_API_KEY`, `SPACESHIP_API_SECRET` | [Additional configuration](https://go-acme.github.io/lego/dns/spaceship) |
| [Stackpath](https://www.stackpath.com/) | `stackpath` | `STACKPATH_CLIENT_ID`, `STACKPATH_CLIENT_SECRET`, `STACKPATH_STACK_ID` | [Additional configuration](https://go-acme.github.io/lego/dns/stackpath) |
| [Technitium](https://technitium.com) | `technitium` | `TECHNITIUM_SERVER_BASE_URL`, `TECHNITIUM_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/technitium) |
| [Tencent Cloud DNS](https://cloud.tencent.com/product/cns) | `tencentcloud` | `TENCENTCLOUD_SECRET_ID`, `TENCENTCLOUD_SECRET_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/tencentcloud) |
| [Timeweb Cloud](https://timeweb.cloud) | `timewebcloud` | `TIMEWEBCLOUD_AUTH_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/timewebcloud) |
| [TransIP](https://www.transip.nl/) | `transip` | `TRANSIP_ACCOUNT_NAME`, `TRANSIP_PRIVATE_KEY_PATH` | [Additional configuration](https://go-acme.github.io/lego/dns/transip) |
| [UKFast SafeDNS](https://docs.ukfast.co.uk/domains/safedns/index.html) | `safedns` | `SAFEDNS_AUTH_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/safedns) |
| [Ultradns](https://neustarsecurityservices.com/dns-services) | `ultradns` | `ULTRADNS_USERNAME`, `ULTRADNS_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/ultradns) |
@@ -423,13 +459,18 @@ For complete details, refer to your provider's _Additional configuration_ link.
| [Versio](https://www.versio.nl/domeinnamen) | `versio` | `VERSIO_USERNAME`, `VERSIO_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/versio) |
| [VinylDNS](https://www.vinyldns.io) | `vinyldns` | `VINYLDNS_ACCESS_KEY`, `VINYLDNS_SECRET_KEY`, `VINYLDNS_HOST` | [Additional configuration](https://go-acme.github.io/lego/dns/vinyldns) |
| [VK Cloud](https://mcs.mail.ru/) | `vkcloud` | `VK_CLOUD_PASSWORD`, `VK_CLOUD_PROJECT_ID`, `VK_CLOUD_USERNAME` | [Additional configuration](https://go-acme.github.io/lego/dns/vkcloud) |
| [Volcano Engine](https://www.volcengine.com) | `volcengine` | `VOLC_ACCESSKEY`, `VOLC_SECRETKEY` | [Additional configuration](https://go-acme.github.io/lego/dns/volcengine) |
| [Vscale](https://vscale.io/) | `vscale` | `VSCALE_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/vscale) |
| [VULTR](https://www.vultr.com) | `vultr` | `VULTR_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/vultr) |
| [Webnames](https://www.webnames.ru/) | `webnames` | `WEBNAMES_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/webnames) |
| [Websupport](https://websupport.sk) | `websupport` | `WEBSUPPORT_API_KEY`, `WEBSUPPORT_SECRET` | [Additional configuration](https://go-acme.github.io/lego/dns/websupport) |
| [WEDOS](https://www.wedos.com) | `wedos` | `WEDOS_USERNAME`, `WEDOS_WAPI_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/wedos) |
| [West.cn/西部数码](https://www.west.cn) | `westcn` | `WESTCN_USERNAME`, `WESTCN_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/westcn) |
| [Yandex 360](https://360.yandex.ru) | `yandex360` | `YANDEX360_OAUTH_TOKEN`, `YANDEX360_ORG_ID` | [Additional configuration](https://go-acme.github.io/lego/dns/yandex360) |
| [Yandex Cloud](https://cloud.yandex.com/en/) | `yandexcloud` | `YANDEX_CLOUD_FOLDER_ID`, `YANDEX_CLOUD_IAM_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/yandexcloud) |
| [Yandex](https://yandex.com) | `yandex` | `YANDEX_PDD_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/yandex) |
| [Zone.ee](https://www.zone.ee) | `zoneee` | `ZONEEE_API_USER`, `ZONEEE_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/zoneee) |
| [ZoneEdit](https://www.zoneedit.com) | `zoneedit` | `ZONEEDIT_USER`, `ZONEEDIT_AUTH_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/zoneedit) |
| [Zonomi](https://zonomi.com) | `zonomi` | `ZONOMI_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/zonomi) |
| External Program | `exec` | `EXEC_PATH` | [Additional configuration](https://go-acme.github.io/lego/dns/exec) |
| HTTP request | `httpreq` | `HTTPREQ_ENDPOINT`, `HTTPREQ_MODE`, `HTTPREQ_USERNAME`, `HTTPREQ_PASSWORD` [^1] | [Additional configuration](https://go-acme.github.io/lego/dns/httpreq) |
@@ -442,11 +483,6 @@ For complete details, refer to your provider's _Additional configuration_ link.
[^5]: The `Global API Key` needs to be used, not the `Origin CA Key`.
[^6]: As explained in the [LEGO hurricane configuration](https://go-acme.github.io/lego/dns/hurricane/#credentials), each domain or wildcard (record name) needs a token. So each update of record name must be followed by an update of the `HURRICANE_TOKENS` variable, and a restart of Traefik.
!!! info "`delayBeforeCheck`"
By default, the `provider` verifies the TXT record _before_ letting ACME verify.
You can delay this operation by specifying a delay (in seconds) with `delayBeforeCheck` (value must be greater than zero).
This option is useful when internal networks block external DNS queries.
#### `resolvers`
Use custom DNS servers to resolve the FQDN authority.
@@ -476,6 +512,66 @@ certificatesResolvers:
--certificatesresolvers.myresolver.acme.dnschallenge.resolvers=1.1.1.1:53,8.8.8.8:53
```
#### `delayBeforeCheck`
By default, the `provider` verifies the TXT record _before_ letting ACME verify.
You can delay this operation by specifying a delay (in seconds) with `delayBeforeCheck` (value must be greater than zero).
This option is useful when internal networks block external DNS queries.
```yaml tab="File (YAML)"
certificatesResolvers:
myresolver:
acme:
# ...
dnsChallenge:
# ...
delayBeforeCheck: 2s
```
```toml tab="File (TOML)"
[certificatesResolvers.myresolver.acme]
# ...
[certificatesResolvers.myresolver.acme.dnsChallenge]
# ...
delayBeforeCheck = "2s"
```
```bash tab="CLI"
# ...
--certificatesresolvers.myresolver.acme.dnschallenge.delayBeforeCheck=2s
```
#### `disablePropagationCheck`
**Not recommended**
Disable the TXT records propagation checks before notifying ACME that the DNS challenge is ready.
```yaml tab="File (YAML)"
certificatesResolvers:
myresolver:
acme:
# ...
dnsChallenge:
# ...
disablePropagationCheck: true
```
```toml tab="File (TOML)"
[certificatesResolvers.myresolver.acme]
# ...
[certificatesResolvers.myresolver.acme.dnsChallenge]
# ...
disablePropagationCheck = true
```
```bash tab="CLI"
# ...
--certificatesresolvers.myresolver.acme.dnschallenge.disablePropagationCheck=true
```
#### Wildcard Domains
[ACME V2](https://community.letsencrypt.org/t/acme-v2-and-wildcard-certificate-support-is-live/55579) supports wildcard certificates.
@@ -592,9 +688,21 @@ docker run -v "/my/host/acme:/etc/traefik/acme" traefik
_Optional, Default=2160_
The `certificatesDuration` option defines the certificates' duration in hours.
`certificatesDuration` is used to calculate two durations:
- `Renew Period`: the period before the end of the certificate duration, during which the certificate should be renewed.
- `Renew Interval`: the interval between renew attempts.
It defaults to `2160` (90 days) to follow Let's Encrypt certificates' duration.
| Certificate Duration | Renew Period | Renew Interval |
|----------------------|-------------------|-------------------------|
| >= 1 year | 4 months | 1 week |
| >= 90 days | 30 days | 1 day |
| >= 7 days | 1 day | 1 hour |
| >= 24 hours | 6 hours | 10 min |
| < 24 hours | 20 min | 1 min |
!!! warning "Traefik cannot manage certificates with a duration lower than 1 hour."
```yaml tab="File (YAML)"
@@ -619,19 +727,6 @@ certificatesResolvers:
# ...
```
`certificatesDuration` is used to calculate two durations:
- `Renew Period`: the period before the end of the certificate duration, during which the certificate should be renewed.
- `Renew Interval`: the interval between renew attempts.
| Certificate Duration | Renew Period | Renew Interval |
|----------------------|-------------------|-------------------------|
| >= 1 year | 4 months | 1 week |
| >= 90 days | 30 days | 1 day |
| >= 7 days | 1 day | 1 hour |
| >= 24 hours | 6 hours | 10 min |
| < 24 hours | 20 min | 1 min |
### `preferredChain`
_Optional, Default=""_

14
docs/content/https/include-acme-multiple-domains-example.md
View File

@@ -5,7 +5,7 @@ labels:
- traefik.http.routers.blog.rule=Host(`example.com`) && Path(`/blog`)
- traefik.http.routers.blog.tls=true
- traefik.http.routers.blog.tls.certresolver=myresolver
- traefik.http.routers.blog.tls.domains[0].main=example.org
- traefik.http.routers.blog.tls.domains[0].main=example.com
- traefik.http.routers.blog.tls.domains[0].sans=*.example.org
```
@@ -17,7 +17,7 @@ deploy:
- traefik.http.services.blog-svc.loadbalancer.server.port=8080"
- traefik.http.routers.blog.tls=true
- traefik.http.routers.blog.tls.certresolver=myresolver
- traefik.http.routers.blog.tls.domains[0].main=example.org
- traefik.http.routers.blog.tls.domains[0].main=example.com
- traefik.http.routers.blog.tls.domains[0].sans=*.example.org
```
@@ -38,7 +38,7 @@ spec:
tls:
certResolver: myresolver
domains:
- main: example.org
- main: example.com
sans:
- '*.example.org'
```
@@ -49,7 +49,7 @@ labels: {
"traefik.http.routers.blog.tls": "true",
"traefik.http.routers.blog.tls.certresolver": "myresolver",
"traefik.http.routers.blog.tls.domains[0].main": "example.com",
"traefik.http.routers.blog.tls.domains[0].sans": "*.example.com",
"traefik.http.routers.blog.tls.domains[0].sans": "*.example.org",
"traefik.http.services.blog-svc.loadbalancer.server.port": "8080"
}
```
@@ -60,7 +60,7 @@ labels:
- traefik.http.routers.blog.rule=Host(`example.com`) && Path(`/blog`)
- traefik.http.routers.blog.tls=true
- traefik.http.routers.blog.tls.certresolver=myresolver
- traefik.http.routers.blog.tls.domains[0].main=example.org
- traefik.http.routers.blog.tls.domains[0].main=example.com
- traefik.http.routers.blog.tls.domains[0].sans=*.example.org
```
@@ -73,7 +73,7 @@ http:
tls:
certResolver: myresolver
domains:
- main: "example.org"
- main: "example.com"
sans:
- "*.example.org"
```
@@ -86,6 +86,6 @@ http:
[http.routers.blog.tls]
certResolver = "myresolver" # From static configuration
[[http.routers.blog.tls.domains]]
main = "example.org"
main = "example.com"
sans = ["*.example.org"]
```

6
docs/content/https/tls.md
View File

@@ -242,7 +242,7 @@ The TLS options allow one to configure some parameters of the TLS connection.
!!! important "TLSOption in Kubernetes"
When using the [TLSOption resource](../../routing/providers/kubernetes-crd#kind-tlsoption) in Kubernetes, one might setup a default set of options that,
When using the [TLSOption resource](../../routing/providers/kubernetes-crd/#kind-tlsoption) in Kubernetes, one might setup a default set of options that,
if not explicitly overwritten, should apply to all ingresses.
To achieve that, you'll have to create a TLSOption resource with the name `default`.
There may exist only one TLSOption with the name `default` (across all namespaces) - otherwise they will be dropped.
@@ -392,11 +392,11 @@ spec:
### Curve Preferences
This option allows to set the preferred elliptic curves in a specific order.
This option allows to set the enabled elliptic curves for key exchange.
The names of the curves defined by [`crypto`](https://godoc.org/crypto/tls#CurveID) (e.g. `CurveP521`) and the [RFC defined names](https://tools.ietf.org/html/rfc8446#section-4.2.7) (e. g. `secp521r1`) can be used.
See [CurveID](https://godoc.org/crypto/tls#CurveID) for more information.
See [CurvePreferences](https://godoc.org/crypto/tls#Config.CurvePreferences) and [CurveID](https://godoc.org/crypto/tls#CurveID) for more information.
```yaml tab="File (YAML)"
# Dynamic configuration

11
docs/content/includes/traefik-api-management-kubernetes.md
View File

@@ -1,11 +0,0 @@
---
!!! question "Managing APIs in Kubernetes?"
If your organization is publishing, securing, and managing APIs, consider [Traefik Hub](https://traefik.io/traefik-hub/) for your API management solution.
- K8s services auto-discovery, 100% CRDs configuration, & full GitOps compliance
- Centralized control plane for all APIs, users, & infrastructure components
- Self-serve API portal with API discovery, documentation, testing, & access control
Traefik Hub makes managing APIs easier than ever before. See for yourself in this [short video walkthrough](https://info.traefik.io/watch-traefik-hub-demo).

11
docs/content/includes/traefik-for-business-applications.md
View File

@@ -1,11 +1,10 @@
---
!!! question "Using Traefik for Business Applications?"
!!! question "Using Traefik OSS in Production?"
If you are using Traefik in your organization, consider [Traefik Enterprise](https://traefik.io/traefik-enterprise/). You can use it as your:
If you are using Traefik at work, consider adding enterprise-grade API gateway capabilities or commercial support for Traefik OSS.
- [API Gateway](https://traefik.io/solutions/api-gateway/)
- [Kubernetes Ingress Controller](https://traefik.io/solutions/kubernetes-ingress/)
- [Docker Swarm Ingress Controller](https://traefik.io/solutions/docker-swarm-ingress/)
- [Watch our API Gateway Demo Video](https://info.traefik.io/watch-traefik-api-gw-demo?cta=doc)
- [Request 24/7/365 OSS Support](https://info.traefik.io/request-commercial-support?cta=doc)
Traefik Enterprise simplifies the discovery, security, and deployment of APIs and microservices across any environment. See it in action in [this short video walkthrough](https://info.traefik.io/watch-traefikee-demo).
Adding API Gateway capabilities to Traefik OSS is fast and seamless. There's no rip and replace and all configurations remain intact. See it in action via [this short video](https://info.traefik.io/watch-traefik-api-gw-demo?cta=doc).

18
docs/content/index.md
View File

@@ -7,25 +7,27 @@ description: "Traefik Proxy, an open source Edge Router, auto-discovers configur
![Architecture](assets/img/traefik-architecture.png)
Traefik is an [open-source](https://github.com/traefik/traefik) *Edge Router* that makes publishing your services a fun and easy experience.
It receives requests on behalf of your system and finds out which components are responsible for handling them.
Traefik is an [open-source](https://github.com/traefik/traefik) *Application Proxy* that makes publishing your services a fun and easy experience.
It receives requests on behalf of your system and identifies which components are responsible for handling them, and routes them securely.
What sets Traefik apart, besides its many features, is that it automatically discovers the right configuration for your services.
The magic happens when Traefik inspects your infrastructure, where it finds relevant information and discovers which service serves which request.
Traefik is natively compliant with every major cluster technology, such as Kubernetes, Docker, Docker Swarm, AWS, Mesos, Marathon, and [the list goes on](providers/overview.md); and can handle many at the same time. (It even works for legacy software running on bare metal.)
Traefik is natively compliant with every major cluster technology, such as Kubernetes, Docker Swarm, AWS, Mesos, Marathon, and [the list goes on](providers/overview.md); and can handle many at the same time. (It even works for legacy software running on bare metal.)
With Traefik, there is no need to maintain and synchronize a separate configuration file: everything happens automatically, in real time (no restarts, no connection interruptions).
With Traefik, you spend time developing and deploying new features to your system, not on configuring and maintaining its working state.
With Traefik, you spend time developing and deploying new features to your system, not on configuring and maintaining its working state.
Developing Traefik, our main goal is to make it simple to use, and we're sure you'll enjoy it.
And if your needs change, you can add API gateway and API management capabilities seamlessly to your existing Traefik deployments. It takes less than a minute, theres no rip-and-replace, and all your configurations are preserved. See this in action in [our API gateway demo video](https://info.traefik.io/watch-traefik-api-gw-demo?cta=docs).
Developing Traefik, our main goal is to make it effortless to use, and we're sure you'll enjoy it.
-- The Traefik Maintainer Team
!!! info
Join our user friendly and active [Community Forum](https://community.traefik.io "Link to Traefik Community Forum") to discuss, learn, and connect with the traefik community.
Have a question? Join our [Community Forum](https://community.traefik.io "Link to Traefik Community Forum") to discuss, learn, and connect with the Traefik community.
Using Traefik in your organization? Consider [Traefik Enterprise](https://traefik.io/traefik-enterprise/ "Lino to Traefik Enterprise"), our unified API Gateway and Ingress that simplifies the discovery, security, and deployment of APIs and microservices across any environment.
Using Traefik OSS in Production? Consider our enterprise-grade [API Gateway](https://info.traefik.io/watch-traefik-api-gw-demo?cta=doc) or our [24/7/365 OSS Support](https://info.traefik.io/request-commercial-support?cta=doc).
See it in action in [this short video walkthrough](https://info.traefik.io/watch-traefikee-demo "Link to video walkthrough").
Explore our API Gateway upgrade via [this short demo video](https://info.traefik.io/watch-traefik-api-gw-demo?cta=doc).

5
docs/content/middlewares/http/basicauth.md
View File

@@ -10,7 +10,7 @@ Adding Basic Authentication
![BasicAuth](../../assets/img/middleware/basicauth.png)
The BasicAuth middleware restricts access to your services to known users.
The BasicAuth middleware grants access to services to authorized users only.
## Configuration Examples
@@ -21,7 +21,7 @@ The BasicAuth middleware restricts access to your services to known users.
# To create user:password pair, it's possible to use this command:
# echo $(htpasswd -nB user) | sed -e s/\\$/\\$\\$/g
#
# Also note that dollar signs should NOT be doubled when they not evaluated (e.g. Ansible docker_container module).
# Also note that dollar signs should NOT be doubled when they are not being evaluated (e.g. Ansible docker_container module).
labels:
- "traefik.http.middlewares.test-auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
```
@@ -404,3 +404,4 @@ http:
[http.middlewares.test-auth.basicAuth]
removeHeader = true
```
{!traefik-for-business-applications.md!}

4
docs/content/middlewares/http/buffering.md
View File

@@ -331,3 +331,7 @@ The retry expression is defined as a logical combination of the functions below
- `Attempts()` number of attempts (the first one counts)
- `ResponseCode()` response code of the service
- `IsNetworkError()` whether the response code is related to networking error
### Content-Length
See [Best Practices: ContentLength](../../security/content-length.md)

2
docs/content/middlewares/http/digestauth.md
View File

@@ -10,7 +10,7 @@ Adding Digest Authentication
![BasicAuth](../../assets/img/middleware/digestauth.png)
The DigestAuth middleware restricts access to your services to known users.
The DigestAuth middleware grants access to services to authorized users only.
## Configuration Examples

36
docs/content/middlewares/http/errorpages.md
View File

@@ -21,7 +21,7 @@ The Errors middleware returns a custom page in lieu of the default, according to
```yaml tab="Docker"
# Dynamic Custom Error Page for 5XX Status Code
labels:
- "traefik.http.middlewares.test-errors.errors.status=500-599"
- "traefik.http.middlewares.test-errors.errors.status=500,501,503,505-599"
- "traefik.http.middlewares.test-errors.errors.service=serviceError"
- "traefik.http.middlewares.test-errors.errors.query=/{status}.html"
```
@@ -34,7 +34,10 @@ metadata:
spec:
errors:
status:
- "500-599"
- "500"
- "501"
- "503"
- "505-599"
query: /{status}.html
service:
name: whoami
@@ -42,36 +45,39 @@ spec:
```
```yaml tab="Consul Catalog"
# Dynamic Custom Error Page for 5XX Status Code
- "traefik.http.middlewares.test-errors.errors.status=500-599"
# Dynamic Custom Error Page for 5XX Status Code excluding 502 and 504
- "traefik.http.middlewares.test-errors.errors.status=500,501,503,505-599"
- "traefik.http.middlewares.test-errors.errors.service=serviceError"
- "traefik.http.middlewares.test-errors.errors.query=/{status}.html"
```
```json tab="Marathon"
"labels": {
"traefik.http.middlewares.test-errors.errors.status": "500-599",
"traefik.http.middlewares.test-errors.errors.status": "500,501,503,505-599",
"traefik.http.middlewares.test-errors.errors.service": "serviceError",
"traefik.http.middlewares.test-errors.errors.query": "/{status}.html"
}
```
```yaml tab="Rancher"
# Dynamic Custom Error Page for 5XX Status Code
# Dynamic Custom Error Page for 5XX Status Code excluding 502 and 504
labels:
- "traefik.http.middlewares.test-errors.errors.status=500-599"
- "traefik.http.middlewares.test-errors.errors.status=500,501,503,505-599"
- "traefik.http.middlewares.test-errors.errors.service=serviceError"
- "traefik.http.middlewares.test-errors.errors.query=/{status}.html"
```
```yaml tab="File (YAML)"
# Custom Error Page for 5XX
# Dynamic Custom Error Page for 5XX Status Code excluding 502 and 504
http:
middlewares:
test-errors:
errors:
status:
- "500-599"
- "500"
- "501"
- "503"
- "505-599"
service: serviceError
query: "/{status}.html"
@@ -80,10 +86,10 @@ http:
```
```toml tab="File (TOML)"
# Custom Error Page for 5XX
# Dynamic Custom Error Page for 5XX Status Code excluding 502 and 504
[http.middlewares]
[http.middlewares.test-errors.errors]
status = ["500-599"]
status = ["500","501","503","505-599"]
service = "serviceError"
query = "/{status}.html"
@@ -101,14 +107,16 @@ http:
The `status` option defines which status or range of statuses should result in an error page.
The status code ranges are inclusive (`500-599` will trigger with every code between `500` and `599`, `500` and `599` included).
The status code ranges are inclusive (`505-599` will trigger with every code between `505` and `599`, `505` and `599` included).
!!! note ""
You can define either a status code as a number (`500`),
as multiple comma-separated numbers (`500,502`),
as ranges by separating two codes with a dash (`500-599`),
or a combination of the two (`404,418,500-599`).
as ranges by separating two codes with a dash (`505-599`),
or a combination of the two (`404,418,505-599`).
The comma-separated syntax is only available for label-based providers.
The examples above demonstrate which syntax is appropriate for each provider.
### `service`

1
docs/content/middlewares/http/forwardauth.md
View File

@@ -637,3 +637,4 @@ http:
[http.middlewares.test-auth.forwardAuth.tls]
insecureSkipVerify: true
```
{!traefik-for-business-applications.md!}

7
docs/content/middlewares/http/headers.md
View File

@@ -231,7 +231,8 @@ spec:
- "GET"
- "OPTIONS"
- "PUT"
accessControlAllowHeaders: "*"
accessControlAllowHeaders:
- "*"
accessControlAllowOriginList:
- "https://foo.bar.org"
- "https://example.org"
@@ -286,8 +287,8 @@ http:
```toml tab="File (TOML)"
[http.middlewares]
[http.middlewares.testHeader.headers]
accessControlAllowMethods= ["GET", "OPTIONS", "PUT"]
accessControlAllowHeaders= "*"
accessControlAllowMethods = ["GET", "OPTIONS", "PUT"]
accessControlAllowHeaders = [ "*" ]
accessControlAllowOriginList = ["https://foo.bar.org","https://example.org"]
accessControlMaxAge = 100
addVaryHeader = true

2
docs/content/middlewares/http/inflightreq.md
View File

@@ -335,7 +335,7 @@ spec:
requestHost: true
```
```yaml tab="Cosul Catalog"
```yaml tab="Consul Catalog"
- "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.requesthost=true"
```

246
docs/content/middlewares/http/ipallowlist.md Normal file
View File

@@ -0,0 +1,246 @@
---
title: "Traefik HTTP Middlewares IPAllowList"
description: "Learn how to use IPAllowList in HTTP middleware for limiting clients to specific IPs in Traefik Proxy. Read the technical documentation."
---
# IPAllowList
Limiting Clients to Specific IPs
{: .subtitle }
IPAllowList limits allowed requests based on the client IP.
## Configuration Examples
```yaml tab="Docker"
# Accepts request from defined IP
labels:
- "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
```
```yaml tab="Kubernetes"
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: test-ipallowlist
spec:
ipAllowList:
sourceRange:
- 127.0.0.1/32
- 192.168.1.7
```
```yaml tab="Consul Catalog"
# Accepts request from defined IP
- "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
```
```json tab="Marathon"
"labels": {
"traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange": "127.0.0.1/32,192.168.1.7"
}
```
```yaml tab="Rancher"
# Accepts request from defined IP
labels:
- "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
```
```yaml tab="File (YAML)"
# Accepts request from defined IP
http:
middlewares:
test-ipallowlist:
ipAllowList:
sourceRange:
- "127.0.0.1/32"
- "192.168.1.7"
```
```toml tab="File (TOML)"
# Accepts request from defined IP
[http.middlewares]
[http.middlewares.test-ipallowlist.ipAllowList]
sourceRange = ["127.0.0.1/32", "192.168.1.7"]
```
## Configuration Options
### `sourceRange`
_Required_
The `sourceRange` option sets the allowed IPs (or ranges of allowed IPs by using CIDR notation).
### `ipStrategy`
The `ipStrategy` option defines two parameters that set how Traefik determines the client IP: `depth`, and `excludedIPs`.
If no strategy is set, the default behavior is to match `sourceRange` against the Remote address found in the request.
!!! important "As a middleware, whitelisting happens before the actual proxying to the backend takes place. In addition, the previous network hop only gets appended to `X-Forwarded-For` during the last stages of proxying, i.e. after it has already passed through whitelisting. Therefore, during whitelisting, as the previous network hop is not yet present in `X-Forwarded-For`, it cannot be matched against `sourceRange`."
#### `ipStrategy.depth`
The `depth` option tells Traefik to use the `X-Forwarded-For` header and take the IP located at the `depth` position (starting from the right).
- If `depth` is greater than the total number of IPs in `X-Forwarded-For`, then the client IP will be empty.
- `depth` is ignored if its value is less than or equal to 0.
!!! example "Examples of Depth & X-Forwarded-For"
If `depth` is set to 2, and the request `X-Forwarded-For` header is `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` then the "real" client IP is `"10.0.0.1"` (at depth 4) but the IP used is `"12.0.0.1"` (`depth=2`).
| `X-Forwarded-For` | `depth` | clientIP |
|-----------------------------------------|---------|--------------|
| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `1` | `"13.0.0.1"` |
| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `3` | `"11.0.0.1"` |
| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `5` | `""` |
```yaml tab="Docker"
# Allowlisting Based on `X-Forwarded-For` with `depth=2`
labels:
- "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
- "traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.depth=2"
```
```yaml tab="Kubernetes"
# Allowlisting Based on `X-Forwarded-For` with `depth=2`
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: test-ipallowlist
spec:
ipAllowList:
sourceRange:
- 127.0.0.1/32
- 192.168.1.7
ipStrategy:
depth: 2
```
```yaml tab="Consul Catalog"
# Allowlisting Based on `X-Forwarded-For` with `depth=2`
- "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
- "traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.depth=2"
```
```json tab="Marathon"
"labels": {
"traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange": "127.0.0.1/32, 192.168.1.7",
"traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.depth": "2"
}
```
```yaml tab="Rancher"
# Whitelisting Based on `X-Forwarded-For` with `depth=2`
labels:
- "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
- "traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.depth=2"
```
```yaml tab="File (YAML)"
# Allowlisting Based on `X-Forwarded-For` with `depth=2`
http:
middlewares:
test-ipallowlist:
ipAllowList:
sourceRange:
- "127.0.0.1/32"
- "192.168.1.7"
ipStrategy:
depth: 2
```
```toml tab="File (TOML)"
# Allowlisting Based on `X-Forwarded-For` with `depth=2`
[http.middlewares]
[http.middlewares.test-ipallowlist.ipAllowList]
sourceRange = ["127.0.0.1/32", "192.168.1.7"]
[http.middlewares.test-ipallowlist.ipAllowList.ipStrategy]
depth = 2
```
#### `ipStrategy.excludedIPs`
`excludedIPs` configures Traefik to scan the `X-Forwarded-For` header and select the first IP not in the list.
!!! important "If `depth` is specified, `excludedIPs` is ignored."
!!! example "Example of ExcludedIPs & X-Forwarded-For"
| `X-Forwarded-For` | `excludedIPs` | clientIP |
|-----------------------------------------|-----------------------|--------------|
| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `"12.0.0.1,13.0.0.1"` | `"11.0.0.1"` |
| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `"15.0.0.1,13.0.0.1"` | `"12.0.0.1"` |
| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `"10.0.0.1,13.0.0.1"` | `"12.0.0.1"` |
| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `"15.0.0.1,16.0.0.1"` | `"13.0.0.1"` |
| `"10.0.0.1,11.0.0.1"` | `"10.0.0.1,11.0.0.1"` | `""` |
```yaml tab="Docker"
# Exclude from `X-Forwarded-For`
labels:
- "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourceRange=127.0.0.1/32, 192.168.1.0/24"
- "traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
```
```yaml tab="Kubernetes"
# Exclude from `X-Forwarded-For`
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: test-ipallowlist
spec:
ipAllowList:
sourceRange:
- 127.0.0.1/32
- 192.168.1.0/24
ipStrategy:
excludedIPs:
- 127.0.0.1/32
- 192.168.1.7
```
```yaml tab="Consul Catalog"
# Exclude from `X-Forwarded-For`
- "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourceRange=127.0.0.1/32, 192.168.1.0/24"
- "traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
```
```json tab="Marathon"
"labels": {
"traefik.http.middlewares.test-ipallowlist.ipallowlist.sourceRange=127.0.0.1/32, 192.168.1.0/24"
"traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.excludedips": "127.0.0.1/32, 192.168.1.7"
}
```
```yaml tab="Rancher"
# Exclude from `X-Forwarded-For`
labels:
- "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourceRange=127.0.0.1/32, 192.168.1.0/24"
- "traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
```
```yaml tab="File (YAML)"
# Exclude from `X-Forwarded-For`
http:
middlewares:
test-ipallowlist:
ipAllowList:
sourceRange:
- 127.0.0.1/32
- 192.168.1.0/24
ipStrategy:
excludedIPs:
- 127.0.0.1/32
- 192.168.1.7
```
```toml tab="File (TOML)"
# Exclude from `X-Forwarded-For`
[http.middlewares]
[http.middlewares.test-ipallowlist.ipAllowList]
sourceRange = ["127.0.0.1/32", "192.168.1.0/24"]
[http.middlewares.test-ipallowlist.ipAllowList.ipStrategy]
excludedIPs = ["127.0.0.1/32", "192.168.1.7"]
```

25
docs/content/middlewares/http/ipwhitelist.md
View File

@@ -8,9 +8,13 @@ description: "Learn how to use IPWhiteList in HTTP middleware for limiting clien
Limiting Clients to Specific IPs
{: .subtitle }
![IpWhiteList](../../assets/img/middleware/ipwhitelist.png)
![IPWhiteList](../../assets/img/middleware/ipwhitelist.png)
IPWhitelist accepts / refuses requests based on the client IP.
IPWhiteList limits allowed requests based on the client IP.
!!! warning
This middleware is deprecated, please use the [IPAllowList](./ipallowlist.md) middleware instead.
## Configuration Examples
@@ -71,6 +75,8 @@ http:
### `sourceRange`
_Required_
The `sourceRange` option sets the allowed IPs (or ranges of allowed IPs by using CIDR notation).
### `ipStrategy`
@@ -180,6 +186,7 @@ http:
```yaml tab="Docker"
# Exclude from `X-Forwarded-For`
labels:
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourceRange=127.0.0.1/32, 192.168.1.0/24"
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
```
@@ -192,6 +199,9 @@ metadata:
spec:
ipWhiteList:
ipStrategy:
sourceRange:
- 127.0.0.1/32
- 192.168.1.0/24
excludedIPs:
- 127.0.0.1/32
- 192.168.1.7
@@ -199,11 +209,13 @@ spec:
```yaml tab="Consul Catalog"
# Exclude from `X-Forwarded-For`
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourceRange=127.0.0.1/32, 192.168.1.0/24"
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
```
```json tab="Marathon"
"labels": {
"traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourceRange=127.0.0.1/32, 192.168.1.0/24"
"traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedips": "127.0.0.1/32, 192.168.1.7"
}
```
@@ -211,6 +223,7 @@ spec:
```yaml tab="Rancher"
# Exclude from `X-Forwarded-For`
labels:
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.sourceRange=127.0.0.1/32, 192.168.1.0/24"
- "traefik.http.middlewares.test-ipwhitelist.ipwhitelist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
```
@@ -220,16 +233,20 @@ http:
middlewares:
test-ipwhitelist:
ipWhiteList:
sourceRange:
- 127.0.0.1/32
- 192.168.1.0/24
ipStrategy:
excludedIPs:
- "127.0.0.1/32"
- "192.168.1.7"
- 127.0.0.1/32
- 192.168.1.7
```
```toml tab="File (TOML)"
# Exclude from `X-Forwarded-For`
[http.middlewares]
[http.middlewares.test-ipwhitelist.ipWhiteList]
sourceRange = ["127.0.0.1/32", "192.168.1.0/24"]
[http.middlewares.test-ipwhitelist.ipWhiteList.ipStrategy]
excludedIPs = ["127.0.0.1/32", "192.168.1.7"]
```

2
docs/content/middlewares/http/overview.md
View File

@@ -24,7 +24,7 @@ whoami:
- "traefik.http.routers.router1.middlewares=foo-add-prefix@docker"
```
```yaml tab="Kubernetes IngressRoute"
```yaml tab="IngressRoute"
# As a Kubernetes Traefik IngressRoute
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition

26
docs/content/middlewares/http/ratelimit.md
View File

@@ -16,15 +16,15 @@ It is based on a [token bucket](https://en.wikipedia.org/wiki/Token_bucket) impl
```yaml tab="Docker"
# Here, an average of 100 requests per second is allowed.
# In addition, a burst of 50 requests is allowed.
# In addition, a burst of 200 requests is allowed.
labels:
- "traefik.http.middlewares.test-ratelimit.ratelimit.average=100"
- "traefik.http.middlewares.test-ratelimit.ratelimit.burst=50"
- "traefik.http.middlewares.test-ratelimit.ratelimit.burst=200"
```
```yaml tab="Kubernetes"
# Here, an average of 100 requests per second is allowed.
# In addition, a burst of 50 requests is allowed.
# In addition, a burst of 200 requests is allowed.
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
@@ -32,12 +32,12 @@ metadata:
spec:
rateLimit:
average: 100
burst: 50
burst: 200
```
```yaml tab="Consul Catalog"
# Here, an average of 100 requests per second is allowed.
# In addition, a burst of 50 requests is allowed.
# In addition, a burst of 200 requests is allowed.
- "traefik.http.middlewares.test-ratelimit.ratelimit.average=100"
- "traefik.http.middlewares.test-ratelimit.ratelimit.burst=50"
```
@@ -45,36 +45,36 @@ spec:
```json tab="Marathon"
"labels": {
"traefik.http.middlewares.test-ratelimit.ratelimit.average": "100",
"traefik.http.middlewares.test-ratelimit.ratelimit.burst": "50"
"traefik.http.middlewares.test-ratelimit.ratelimit.burst": "200"
}
```
```yaml tab="Rancher"
# Here, an average of 100 requests per second is allowed.
# In addition, a burst of 50 requests is allowed.
# In addition, a burst of 200 requests is allowed.
labels:
- "traefik.http.middlewares.test-ratelimit.ratelimit.average=100"
- "traefik.http.middlewares.test-ratelimit.ratelimit.burst=50"
- "traefik.http.middlewares.test-ratelimit.ratelimit.burst=200"
```
```yaml tab="File (YAML)"
# Here, an average of 100 requests per second is allowed.
# In addition, a burst of 50 requests is allowed.
# In addition, a burst of 200 requests is allowed.
http:
middlewares:
test-ratelimit:
rateLimit:
average: 100
burst: 50
burst: 200
```
```toml tab="File (TOML)"
# Here, an average of 100 requests per second is allowed.
# In addition, a burst of 50 requests is allowed.
# In addition, a burst of 200 requests is allowed.
[http.middlewares]
[http.middlewares.test-ratelimit.rateLimit]
average = 100
burst = 50
burst = 200
```
## Configuration Options
@@ -432,6 +432,8 @@ http:
Name of the header used to group incoming requests.
!!! important "If the header is not present, rate limiting will still be applied, but all requests without the specified header will be grouped together."
```yaml tab="Docker"
labels:
- "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.requestheadername=username"

2
docs/content/middlewares/http/redirectregex.md
View File

@@ -99,3 +99,5 @@ The `replacement` option defines how to modify the URL to have the new target UR
!!! warning
Care should be taken when defining replacement expand variables: `$1x` is equivalent to `${1x}`, not `${1}x` (see [Regexp.Expand](https://golang.org/pkg/regexp/#Regexp.Expand)), so use `${1}` syntax.
{!traefik-for-business-applications.md!}

7
docs/content/middlewares/http/retry.md
View File

@@ -12,8 +12,11 @@ Retrying until it Succeeds
TODO: add schema
-->
The Retry middleware reissues requests a given number of times to a backend server if that server does not reply.
As soon as the server answers, the middleware stops retrying, regardless of the response status.
The Retry middleware reissues requests a given number of times when it cannot contact the backend service.
This applies at the transport level (TCP).
If the service does not respond to the initial connection attempt, the middleware retries.
However, once the service responds, regardless of the HTTP status code, the middleware considers it operational and stops retrying.
This means that the retry mechanism does not handle HTTP errors; it only retries when there is no response at the TCP level.
The Retry middleware has an optional configuration to enable an exponential backoff.
## Configuration Examples

2
docs/content/middlewares/http/stripprefix.md
View File

@@ -170,3 +170,5 @@ http:
prefixes = ["/foobar"]
forceSlash = false
```
{!traefik-for-business-applications.md!}

2
docs/content/middlewares/overview.md
View File

@@ -35,7 +35,7 @@ whoami:
- "traefik.http.routers.router1.middlewares=foo-add-prefix@docker"
```
```yaml tab="Kubernetes IngressRoute"
```yaml tab="IngressRoute"
---
apiVersion: traefik.io/v1alpha1
kind: Middleware

60
docs/content/middlewares/tcp/ipallowlist.md Normal file
View File

@@ -0,0 +1,60 @@
---
title: "Traefik TCP Middlewares IPAllowList"
description: "Learn how to use IPAllowList in TCP middleware for limiting clients to specific IPs in Traefik Proxy. Read the technical documentation."
---
# IPAllowList
Limiting Clients to Specific IPs
{: .subtitle }
IPAllowList limits allowed requests based on the client IP.
## Configuration Examples
```yaml tab="Docker & Swarm"
# Accepts connections from defined IP
labels:
- "traefik.tcp.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
```
```yaml tab="Kubernetes"
apiVersion: traefik.io/v1alpha1
kind: MiddlewareTCP
metadata:
name: test-ipallowlist
spec:
ipAllowList:
sourceRange:
- 127.0.0.1/32
- 192.168.1.7
```
```yaml tab="Consul Catalog"
# Accepts request from defined IP
- "traefik.tcp.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
```
```toml tab="File (TOML)"
# Accepts request from defined IP
[tcp.middlewares]
[tcp.middlewares.test-ipallowlist.ipAllowList]
sourceRange = ["127.0.0.1/32", "192.168.1.7"]
```
```yaml tab="File (YAML)"
# Accepts request from defined IP
tcp:
middlewares:
test-ipallowlist:
ipAllowList:
sourceRange:
- "127.0.0.1/32"
- "192.168.1.7"
```
## Configuration Options
### `sourceRange`
The `sourceRange` option sets the allowed IPs (or ranges of allowed IPs by using CIDR notation).

6
docs/content/middlewares/tcp/ipwhitelist.md
View File

@@ -8,7 +8,11 @@ description: "Learn how to use IPWhiteList in TCP middleware for limiting client
Limiting Clients to Specific IPs
{: .subtitle }
IPWhitelist accepts / refuses connections based on the client IP.
IPWhiteList accepts / refuses connections based on the client IP.
!!! warning
This middleware is deprecated, please use the [IPAllowList](./ipallowlist.md) middleware instead.
## Configuration Examples

2
docs/content/middlewares/tcp/overview.md
View File

@@ -24,7 +24,7 @@ whoami:
- "traefik.tcp.routers.router1.middlewares=foo-ip-whitelist@docker"
```
```yaml tab="Kubernetes IngressRoute"
```yaml tab="IngressRoute"
# As a Kubernetes Traefik IngressRoute
apiVersion: apiextensions.k8s.io/v1beta1
kind: CustomResourceDefinition

28
docs/content/migration/v1-to-v2.md
View File

@@ -44,7 +44,7 @@ Then any router can refer to an instance of the wanted middleware.
- "traefik.frontend.auth.basic.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
```
```yaml tab="K8s Ingress"
```yaml tab="Ingress"
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
@@ -107,7 +107,7 @@ Then any router can refer to an instance of the wanted middleware.
- "traefik.http.middlewares.auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
```
```yaml tab="K8s IngressRoute"
```yaml tab="IngressRoute"
# The definitions below require the definitions for the Middleware and IngressRoute kinds.
# https://doc.traefik.io/traefik/reference/dynamic-configuration/kubernetes-crd/#definitions
apiVersion: traefik.io/v1alpha1
@@ -278,7 +278,7 @@ Then, a [router's TLS field](../routing/routers/index.md#tls) can refer to one o
]
```
```yaml tab="K8s IngressRoute"
```yaml tab="IngressRoute"
# The definitions below require the definitions for the TLSOption and IngressRoute kinds.
# https://doc.traefik.io/traefik/reference/dynamic-configuration/kubernetes-crd/#definitions
apiVersion: traefik.io/v1alpha1
@@ -354,7 +354,7 @@ To apply a redirection:
```
```bash tab="CLI"
--entrypoints=Name:web Address::80 Redirect.EntryPoint:websecure
--entryPoints=Name:web Address::80 Redirect.EntryPoint:websecure
--entryPoints='Name:websecure Address::443 TLS'
```
@@ -394,10 +394,10 @@ To apply a redirection:
```bash tab="CLI"
## static configuration
--entrypoints.web.address=:80
--entrypoints.web.http.redirections.entrypoint.to=websecure
--entrypoints.web.http.redirections.entrypoint.scheme=https
--entrypoints.websecure.address=:443
--entryPoints.web.address=:80
--entryPoints.web.http.redirections.entrypoint.to=websecure
--entryPoints.web.http.redirections.entrypoint.scheme=https
--entryPoints.websecure.address=:443
--providers.docker=true
```
@@ -442,7 +442,7 @@ To apply a redirection:
traefik.http.middlewares.https_redirect.redirectscheme.permanent: true
```
```yaml tab="K8s IngressRoute"
```yaml tab="IngressRoute"
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
@@ -561,7 +561,7 @@ with the path `/admin` stripped, e.g. to `http://<IP>:<port>/`. In this case, yo
- "traefik.frontend.rule=Host:example.org;PathPrefixStrip:/admin"
```
```yaml tab="Kubernetes Ingress"
```yaml tab="Ingress"
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
@@ -595,7 +595,7 @@ with the path `/admin` stripped, e.g. to `http://<IP>:<port>/`. In this case, yo
- "traefik.http.middlewares.admin-stripprefix.stripprefix.prefixes=/admin"
```
```yaml tab="Kubernetes IngressRoute"
```yaml tab="IngressRoute"
---
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
@@ -750,8 +750,8 @@ with the path `/admin` stripped, e.g. to `http://<IP>:<port>/`. In this case, yo
```
```bash tab="CLI"
--entrypoints.web.address=:80
--entrypoints.websecure.address=:443
--entryPoints.web.address=:80
--entryPoints.websecure.address=:443
--certificatesresolvers.myresolver.acme.email=your-email@example.com
--certificatesresolvers.myresolver.acme.storage=acme.json
--certificatesresolvers.myresolver.acme.tlschallenge=true
@@ -1078,7 +1078,7 @@ To activate the dashboard, you can either:
routers:
api:
rule: Host(`traefik.docker.localhost`)
entrypoints:
entryPoints:
- websecure
service: api@internal
middlewares:

195
docs/content/migration/v2.md
View File

@@ -429,7 +429,7 @@ For more advanced use cases, you can use either the [RedirectScheme middleware](
Following up on the deprecation started [previously](#x509-commonname-deprecation),
as the `x509ignoreCN=0` value for the `GODEBUG` is [deprecated in Go 1.17](https://tip.golang.org/doc/go1.17#crypto/x509),
the legacy behavior related to the CommonName field can not be enabled at all anymore.
the legacy behavior related to the CommonName field cannot be enabled at all anymore.
## v2.5.3 to v2.5.4
@@ -510,7 +510,7 @@ In `v2.10`, the Kubernetes CRDs API Group `traefik.containo.us` is deprecated, a
As the Kubernetes CRD provider still works with both API Versions (`traefik.io/v1alpha1` and `traefik.containo.us/v1alpha1`),
it means that for the same kind, namespace and name, the provider will only keep the `traefik.io/v1alpha1` resource.
In addition, the Kubernetes CRDs API Version `traefik.io/v1alpha1` will not be supported in Traefik v3 itself.
In addition, the Kubernetes CRDs API Version `traefik.containo.us/v1alpha1` will not be supported in Traefik v3 itself.
Please note that it is a requirement to update the CRDs and the RBAC in the cluster before upgrading Traefik.
To do so, please apply the required [CRDs](https://raw.githubusercontent.com/traefik/traefik/v2.10/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml) and [RBAC](https://raw.githubusercontent.com/traefik/traefik/v2.10/docs/content/reference/dynamic-configuration/kubernetes-crd-rbac.yml) manifests for v2.10:
@@ -523,3 +523,194 @@ kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.10/docs/co
### Traefik Hub
In `v2.10`, Traefik Hub configuration has been removed because Traefik Hub v2 doesn't require this configuration.
## v2.11
### IPWhiteList (HTTP)
In `v2.11`, the `IPWhiteList` middleware is deprecated, please use the [IPAllowList](../middlewares/http/ipallowlist.md) middleware instead.
### IPWhiteList (TCP)
In `v2.11`, the `IPWhiteList` middleware is deprecated, please use the [IPAllowList](../middlewares/tcp/ipallowlist.md) middleware instead.
### TLS CipherSuites
> By default, cipher suites without ECDHE support are no longer offered by either clients or servers during pre-TLS 1.3 handshakes.
> This change can be reverted with the `tlsrsakex=1 GODEBUG` setting.
> (https://go.dev/doc/go1.22#crypto/tls)
The _RSA key exchange_ cipher suites are way less secure than the modern ECDHE cipher suites and exposes to potential vulnerabilities like [the Marvin Attack](https://people.redhat.com/~hkario/marvin).
Decision has been made to support ECDHE cipher suites only by default.
The following ciphers have been removed from the default list:
- `TLS_RSA_WITH_AES_128_CBC_SHA`
- `TLS_RSA_WITH_AES_256_CBC_SHA`
- `TLS_RSA_WITH_AES_128_GCM_SHA256`
- `TLS_RSA_WITH_AES_256_GCM_SHA384`
To enable these ciphers, please set the option `CipherSuites` in your [TLS configuration](https://doc.traefik.io/traefik/https/tls/#cipher-suites) or set the environment variable `GODEBUG=tlsrsakex=1`.
### Minimum TLS Version
> By default, the minimum version offered by `crypto/tls` servers is now TLS 1.2 if not specified with config.MinimumVersion,
> matching the behavior of crypto/tls clients.
> This change can be reverted with the `tls10server=1 GODEBUG` setting.
> (https://go.dev/doc/go1.22#crypto/tls)
To enable TLS 1.0, please set the option `MinVersion` to `VersionTLS10` in your [TLS configuration](https://doc.traefik.io/traefik/https/tls/#cipher-suites) or set the environment variable `GODEBUG=tls10server=1`.
## v2.11.1
### Maximum Router Priority Value
Before v2.11.1, the maximum user-defined router priority value is:
- `MaxInt32` for 32-bit platforms,
- `MaxInt64` for 64-bit platforms.
Please check out the [go documentation](https://pkg.go.dev/math#pkg-constants) for more information.
In v2.11.1, Traefik reserves a range of priorities for its internal routers and now,
the maximum user-defined router priority value is:
- `(MaxInt32 - 1000)` for 32-bit platforms,
- `(MaxInt64 - 1000)` for 64-bit platforms.
### EntryPoint.Transport.RespondingTimeouts.<Timeout>
Starting with `v2.11.1` the following timeout options are deprecated:
- `<entryPoint>.transport.respondingTimeouts.readTimeout`
- `<entryPoint>.transport.respondingTimeouts.writeTimeout`
- `<entryPoint>.transport.respondingTimeouts.idleTimeout`
They have been replaced by:
- `<entryPoint>.transport.respondingTimeouts.http.readTimeout`
- `<entryPoint>.transport.respondingTimeouts.http.writeTimeout`
- `<entryPoint>.transport.respondingTimeouts.http.idleTimeout`
### EntryPoint.Transport.RespondingTimeouts.TCP.LingeringTimeout
Starting with `v2.11.1` a new `lingeringTimeout` entryPoints option has been introduced, with a default value of 2s.
The lingering timeout defines the maximum duration between each TCP read operation on the connection.
As a layer 4 timeout, it applies during HTTP handling but respects the configured HTTP server `readTimeout`.
This change avoids Traefik instances with the default configuration hanging while waiting for bytes to be read on the connection.
We suggest to adapt this value accordingly to your situation.
The new default value is purposely narrowed and can close the connection too early.
Increasing the `lingeringTimeout` value could be the solution notably if you are dealing with the following errors:
- TCP: `Error while handling TCP connection: readfrom tcp X.X.X.X:X->X.X.X.X:X: read tcp X.X.X.X:X->X.X.X.X:X: i/o timeout`
- HTTP: `'499 Client Closed Request' caused by: context canceled`
- HTTP: `ReverseProxy read error during body copy: read tcp X.X.X.X:X->X.X.X.X:X: use of closed network connection`
## v2.11.2
### LingeringTimeout
Starting with `v2.11.2` the `<entrypoint>.transport.respondingTimeouts.tcp.lingeringTimeout` introduced in `v2.11.1` has been removed.
### RespondingTimeouts.TCP and RespondingTimeouts.HTTP
Starting with `v2.11.2` the `respondingTimeouts.tcp` and `respondingTimeouts.http` sections introduced in `v2.11.1` have been removed.
To configure the responding timeouts, please use the [`respondingTimeouts`](../routing/entrypoints.md#respondingtimeouts) section.
### EntryPoint.Transport.RespondingTimeouts.ReadTimeout
Starting with `v2.11.2` the entryPoints [`readTimeout`](../routing/entrypoints.md#respondingtimeouts) option default value changed to 60 seconds.
For HTTP, this option defines the maximum duration for reading the entire request, including the body.
For TCP, this option defines the maximum duration for the first bytes to be read on the connection.
The default value was previously set to zero, which means no timeout.
This change has been done to avoid Traefik instances with the default configuration to be hanging forever while waiting for bytes to be read on the connection.
Increasing the `readTimeout` value could be the solution notably if you are dealing with the following errors:
- TCP: `Error while handling TCP connection: readfrom tcp X.X.X.X:X->X.X.X.X:X: read tcp X.X.X.X:X->X.X.X.X:X: i/o timeout`
- HTTP: `'499 Client Closed Request' caused by: context canceled`
- HTTP: `ReverseProxy read error during body copy: read tcp X.X.X.X:X->X.X.X.X:X: use of closed network connection`
## v2.11.3
### Connection headers
In `v2.11.3`, the handling of the request Connection headers directives has changed to prevent any abuse.
Before, Traefik removed any header listed in the Connection header just before forwarding the request to the backends.
Now, Traefik removes the headers listed in the Connection header as soon as the request is handled.
As a consequence, middlewares do not have access to those Connection headers,
and a new option has been introduced to specify which ones could go through the middleware chain before being removed: `<entrypoint>.forwardedHeaders.connection`.
Please check out the [entrypoint forwarded headers connection option configuration](../routing/entrypoints.md#forwarded-headers) documentation.
## v2.11.14
### X-Forwarded-Prefix
In `v2.11.14`, the `X-Forwarded-Prefix` header is now handled like the other `X-Forwarded-*` headers: Traefik removes it when it's sent from an untrusted source.
Please refer to the Forwarded headers [documentation](../routing/entrypoints.md#forwarded-headers) for more details.
## v2.11.24
### Request Path Sanitization
Since `v2.11.24`, the incoming request path is now cleaned before being used to match the router rules and sent to the backends.
Any `/../`, `/./` or duplicate slash segments in the request path is interpreted and/or collapsed.
If you want to disable this behavior, you can set the [`sanitizePath` option](../routing/entrypoints.md#sanitizepath) to `false` in the entryPoint HTTP configuration.
This can be useful when dealing with legacy clients that are not url-encoding data in the request path.
For example, as base64 uses the “/” character internally,
if it's not url encoded,
it can lead to unsafe routing when the `sanitizePath` option is set to `false`.
!!! warning "Security"
Setting the `sanitizePath` option to `false` is not safe.
Ensure every request is properly url encoded instead.
## v2.11.25
### Request Path Normalization
Since `v2.11.25`, the request path is now normalized by decoding unreserved characters in the request path,
and also uppercasing the percent-encoded characters.
This follows [RFC 3986 percent-encoding normalization](https://datatracker.ietf.org/doc/html/rfc3986#section-6.2.2.2),
and [RFC 3986 case normalization](https://datatracker.ietf.org/doc/html/rfc3986#section-6.2.2.1).
The normalization happens before the request path is sanitized,
and cannot be disabled.
This notably helps with encoded dots characters (which are unreserved characters) to be sanitized properly.
### Routing Path
Since `v2.11.25`, the reserved characters [(as per RFC 3986)](https://datatracker.ietf.org/doc/html/rfc3986#section-2.2) are kept encoded in the request path when matching the router rules.
Those characters, when decoded, change the meaning of the request path for routing purposes,
and Traefik now keeps them encoded to avoid any ambiguity.
### Request Path Matching Examples
| Request Path | Router Rule | Traefik v2.11.24 | Traefik v2.11.25 |
|-------------------|------------------------|------------------|------------------|
| `/foo%2Fbar` | PathPrefix(`/foo/bar`) | Match | No match |
| `/foo/../bar` | PathPrefix(`/foo`) | No match | No match |
| `/foo/../bar` | PathPrefix(`/bar`) | Match | Match |
| `/foo/%2E%2E/bar` | PathPrefix(`/foo`) | Match | No match |
| `/foo/%2E%2E/bar` | PathPrefix(`/bar`) | No match | Match |
## v2.11.28
### MultiPath TCP
Since `v2.11.28`, the MultiPath TCP support introduced with `v2.11.26` has been removed.
It appears that enabling MPTCP on some platforms can cause Traefik to stop with the following error logs message:
- `set tcp X.X.X.X:X->X.X.X.X:X: setsockopt: operation not supported`
However, it can be re-enabled by setting the `multipathtcp` variable in the GODEBUG environment variable, see the related [go documentation](https://go.dev/doc/godebug#go-124).

29
docs/content/observability/access-logs.md
View File

@@ -47,6 +47,8 @@ accessLog:
### `format`
_Optional, Default="common"_
By default, logs are written using the Common Log Format (CLF).
To write logs in JSON, use `json` in the `format` option.
If the given format is unsupported, the default (CLF) is used instead.
@@ -54,9 +56,23 @@ If the given format is unsupported, the default (CLF) is used instead.
!!! info "Common Log Format"
```html
<remote_IP_address> - <client_user_name_if_available> [<timestamp>] "<request_method> <request_path> <request_protocol>" <origin_server_HTTP_status> <origin_server_content_size> "<request_referrer>" "<request_user_agent>" <number_of_requests_received_since_Traefik_started> "<Traefik_router_name>" "<Traefik_server_URL>" <request_duration_in_ms>ms
<remote_IP_address> - <client_user_name_if_available> [<timestamp>] "<request_method> <request_path> <request_protocol>" <HTTP_status> <content-length> "<request_referrer>" "<request_user_agent>" <number_of_requests_received_since_Traefik_started> "<Traefik_router_name>" "<Traefik_server_URL>" <request_duration_in_ms>ms
```
```yaml tab="File (YAML)"
accessLog:
format: "json"
```
```toml tab="File (TOML)"
[accessLog]
format = "json"
```
```bash tab="CLI"
--accesslog.format=json
```
### `bufferingSize`
To write the logs in an asynchronous fashion, specify a `bufferingSize` option.
@@ -136,7 +152,8 @@ Each field can be set to:
- `keep` to keep the value
- `drop` to drop the value
- `redact` to replace the value with "redacted"
Header fields may also optionally be set to `redact` to replace the value with "REDACTED".
The `defaultMode` for `fields.names` is `keep`.
@@ -218,10 +235,8 @@ accessLog:
| `RequestContentSize` | The number of bytes in the request entity (a.k.a. body) sent by the client. |
| `OriginDuration` | The time taken (in nanoseconds) by the origin server ('upstream') to return its response. |
| `OriginContentSize` | The content length specified by the origin server, or 0 if unspecified. |
| `OriginStatus` | The HTTP status code returned by the origin server. If the request was handled by this Traefik instance (e.g. with a redirect), then this value will be absent. |
| `OriginStatusLine` | `OriginStatus` + Status code explanation |
| `OriginStatus` | The HTTP status code returned by the origin server. If the request was handled by this Traefik instance (e.g. with a redirect), then this value will be absent (0). |
| `DownstreamStatus` | The HTTP status code returned to the client. |
| `DownstreamStatusLine` | `DownstreamStatus` + Status code explanation |
| `DownstreamContentSize` | The number of bytes in the response entity returned to the client. This is in addition to the "Content-Length" header, which may be present in the origin response. |
| `RequestCount` | The number of requests received since the Traefik instance started. |
| `GzipRatio` | The response body compression ratio achieved. |
@@ -254,7 +269,7 @@ version: "3.7"
services:
traefik:
image: traefik:v2.10
image: traefik:v2.11
environment:
- TZ=US/Alaska
command:
@@ -265,3 +280,5 @@ services:
volumes:
- /var/run/docker.sock:/var/run/docker.sock
```
{!traefik-for-business-applications.md!}

2
docs/content/observability/logs.md
View File

@@ -89,3 +89,5 @@ This allows the logs to be rotated and processed by an external program, such as
!!! warning
This does not work on Windows due to the lack of USR signals.
{!traefik-for-business-applications.md!}

5
docs/content/observability/metrics/overview.md
View File

@@ -150,7 +150,6 @@ traefik.router.responses.bytes.total
| Requests TLS total | Count | `tls_version`, `tls_cipher`, `service` | The total count of HTTPS requests processed on a service. |
| Request duration | Histogram | `code`, `method`, `protocol`, `service` | Request processing duration histogram on a service. |
| Open connections | Count | `method`, `protocol`, `service` | The current count of open connections on a service. |
| Retries total | Count | `service` | The count of requests retries on a service. |
| Server UP | Gauge | `service`, `url` | Current service's server status, 0 for a down or 1 for up. |
| Requests bytes total | Count | `code`, `method`, `protocol`, `service` | The total size of requests in bytes received by a service. |
| Responses bytes total | Count | `code`, `method`, `protocol`, `service` | The total size of responses in bytes returned by a service. |
@@ -160,7 +159,6 @@ traefik_service_requests_total
traefik_service_requests_tls_total
traefik_service_request_duration_seconds
traefik_service_open_connections
traefik_service_retries_total
traefik_service_server_up
traefik_service_requests_bytes_total
traefik_service_responses_bytes_total
@@ -171,7 +169,6 @@ service.request.total
router.service.tls.total
service.request.duration
service.connections.open
service.retries.total
service.server.up
service.requests.bytes.total
service.responses.bytes.total
@@ -182,7 +179,6 @@ traefik.service.requests.total
traefik.service.requests.tls.total
traefik.service.request.duration
traefik.service.connections.open
traefik.service.retries.total
traefik.service.server.up
traefik.service.requests.bytes.total
traefik.service.responses.bytes.total
@@ -194,7 +190,6 @@ traefik.service.responses.bytes.total
{prefix}.service.request.tls.total
{prefix}.service.request.duration
{prefix}.service.connections.open
{prefix}.service.retries.total
{prefix}.service.server.up
{prefix}.service.requests.bytes.total
{prefix}.service.responses.bytes.total

10
docs/content/observability/metrics/prometheus.md
View File

@@ -227,4 +227,12 @@ The following metric is produced :
```bash
traefik_entrypoint_requests_total{code="200",entrypoint="web",method="GET",protocol="http",useragent="foobar"} 1
```
```
!!! info "`Host` header value"
The `Host` header is never present in the Header map of a request, as per go documentation says:
// For incoming requests, the Host header is promoted to the
// Request.Host field and removed from the Header map.
As a workaround, to obtain the Host of a request as a label, one should use instead the `X-Forwarded-Host` header.

2
docs/content/observability/metrics/statsd.md
View File

@@ -69,7 +69,7 @@ metrics:
_Optional, Default=false_
Enable metrics on entry points.
Enable metrics on routers.
```yaml tab="File (YAML)"
metrics:

25
docs/content/operations/api.md
View File

@@ -16,13 +16,9 @@ including sensitive data.
In production, it should be at least secured by authentication and authorizations.
A good sane default (non exhaustive) set of recommendations
would be to apply the following protection mechanisms:
* At the transport level:
NOT publicly exposing the API's port,
keeping it restricted to internal networks
(as in the [principle of least privilege](https://en.wikipedia.org/wiki/Principle_of_least_privilege), applied to networks).
!!! info
It's recommended to NOT publicly exposing the API's port, keeping it restricted to internal networks
(as in the [principle of least privilege](https://en.wikipedia.org/wiki/Principle_of_least_privilege), applied to networks).
## Configuration
@@ -50,7 +46,7 @@ And then define a routing configuration on Traefik itself with the
--8<-- "content/operations/include-api-examples.md"
??? warning "The router's [rule](../../routing/routers#rule) must catch requests for the URI path `/api`"
??? warning "The router's [rule](../../routing/routers/#rule) must catch requests for the URI path `/api`"
Using an "Host" rule is recommended, by catching all the incoming traffic on this host domain to the API.
However, you can also use "path prefix" rule or any combination or rules.
@@ -74,7 +70,7 @@ And then define a routing configuration on Traefik itself with the
### `insecure`
Enable the API in `insecure` mode, which means that the API will be available directly on the entryPoint named `traefik`.
Enable the API in `insecure` mode, which means that the API will be available directly on the entryPoint named `traefik`, on path `/api`.
!!! info
If the entryPoint named `traefik` is not configured, it will be automatically created on port 8080.
@@ -140,6 +136,15 @@ api:
All the following endpoints must be accessed with a `GET` HTTP request.
!!! info "Pagination"
By default, up to 100 results are returned per page, and the next page can be checked using the `X-Next-Page` HTTP Header.
To control pagination, use the `page` and `per_page` query parameters.
```bash
curl https://traefik.example.com:8080/api/http/routers?page=2&per_page=20
```
| Path | Description |
|--------------------------------|---------------------------------------------------------------------------------------------|
| `/api/http/routers` | Lists all the HTTP routers information. |
@@ -169,3 +174,5 @@ All the following endpoints must be accessed with a `GET` HTTP request.
| `/debug/pprof/profile` | See the [pprof Profile](https://golang.org/pkg/net/http/pprof/#Profile) Go documentation. |
| `/debug/pprof/symbol` | See the [pprof Symbol](https://golang.org/pkg/net/http/pprof/#Symbol) Go documentation. |
| `/debug/pprof/trace` | See the [pprof Trace](https://golang.org/pkg/net/http/pprof/#Trace) Go documentation. |
{!traefik-for-business-applications.md!}

2
docs/content/operations/cli.md
View File

@@ -33,7 +33,7 @@ traefik [--flag[=true|false| ]] [-f [true|false| ]]
All flags are documented in the [(static configuration) CLI reference](../reference/static-configuration/cli.md).
!!! info "Flags are case insensitive."
!!! info "Flags are case-insensitive."
### `healthcheck`

61
docs/content/operations/dashboard.md
View File

@@ -37,32 +37,15 @@ Start by enabling the dashboard by using the following option from [Traefik's AP
on the [static configuration](../getting-started/configuration-overview.md#the-static-configuration):
```yaml tab="File (YAML)"
api:
# Dashboard
#
# Optional
# Default: true
#
dashboard: true
api: {}
```
```toml tab="File (TOML)"
[api]
# Dashboard
#
# Optional
# Default: true
#
dashboard = true
```
```bash tab="CLI"
# Dashboard
#
# Optional
# Default: true
#
--api.dashboard=true
--api=true
```
Then define a routing configuration on Traefik itself,
@@ -71,11 +54,11 @@ with a router attached to the service `api@internal` in the
to allow defining:
- One or more security features through [middlewares](../middlewares/overview.md)
like authentication ([basicAuth](../middlewares/http/basicauth.md) , [digestAuth](../middlewares/http/digestauth.md),
like authentication ([basicAuth](../middlewares/http/basicauth.md), [digestAuth](../middlewares/http/digestauth.md),
[forwardAuth](../middlewares/http/forwardauth.md)) or [whitelisting](../middlewares/http/ipwhitelist.md).
- A [router rule](#dashboard-router-rule) for accessing the dashboard,
through Traefik itself (sometimes referred as "Traefik-ception").
through Traefik itself (sometimes referred to as "Traefik-ception").
### Dashboard Router Rule
@@ -83,7 +66,7 @@ As underlined in the [documentation for the `api.dashboard` option](./api.md#das
the [router rule](../routing/routers/index.md#rule) defined for Traefik must match
the path prefixes `/api` and `/dashboard`.
We recommend to use a "Host Based rule" as ```Host(`traefik.example.com`)``` to match everything on the host domain,
We recommend using a "Host Based rule" as ```Host(`traefik.example.com`)``` to match everything on the host domain,
or to make sure that the defined rule captures both prefixes:
```bash tab="Host Rule"
@@ -106,27 +89,47 @@ rule = "Host(`traefik.example.com`) && PathPrefix(`/api`, `/dashboard`)"
## Insecure Mode
This mode is not recommended because it does not allow the use of security features.
When _insecure_ mode is enabled, one can access the dashboard on the `traefik` port (default: `8080`) of the Traefik instance,
at the following URL: `http://<Traefik IP>:8080/dashboard/` (trailing slash is mandatory).
To enable the "insecure mode", use the following options from [Traefik's API](./api.md#insecure):
This mode is **not** recommended because it does not allow security features.
For example, it is not possible to add an authentication middleware with this mode.
It should be used for testing purpose **only**.
To enable the _insecure_ mode, use the following options from [Traefik's API](./api.md#insecure):
```yaml tab="File (YAML)"
api:
dashboard: true
insecure: true
```
```toml tab="File (TOML)"
[api]
dashboard = true
insecure = true
```
```bash tab="CLI"
--api.dashboard=true --api.insecure=true
--api.insecure=true
```
You can now access the dashboard on the port `8080` of the Traefik instance,
at the following URL: `http://<Traefik IP>:8080/dashboard/` (trailing slash is mandatory).
## Disable The Dashboard
By default, the dashboard is enabled when the API is enabled.
If necessary, the dashboard can be disabled by using the following option.
```yaml tab="File (YAML)"
api:
dashboard: false
```
```toml tab="File (TOML)"
[api]
dashboard = false
```
```bash tab="CLI"
--api.dashboard=false
```
{!traefik-for-business-applications.md!}

9
docs/content/operations/ping.md
View File

@@ -33,7 +33,7 @@ whose default value is `traefik` (port `8080`).
| Path | Method | Description |
|---------|---------------|-----------------------------------------------------------------------------------------------------|
| `/ping` | `GET`, `HEAD` | A simple endpoint to check for Traefik process liveness. Return a code `200` with the content: `OK` |
| `/ping` | `GET`, `HEAD` | An endpoint to check for Traefik process liveness. Return a code `200` with the content: `OK` |
!!! note
The `cli` comes with a [`healthcheck`](./cli.md#healthcheck) command which can be used for calling this endpoint.
@@ -92,10 +92,11 @@ ping:
_Optional, Default=503_
During the period in which Traefik is gracefully shutting down, the ping handler
returns a 503 status code by default. If Traefik is behind e.g. a load-balancer
returns a `503` status code by default.
If Traefik is behind, for example a load-balancer
doing health checks (such as the Kubernetes LivenessProbe), another code might
be expected as the signal for graceful termination. In which case, the
terminatingStatusCode can be used to set the code returned by the ping
be expected as the signal for graceful termination.
In that case, the terminatingStatusCode can be used to set the code returned by the ping
handler during termination.
```yaml tab="File (YAML)"

2
docs/content/plugins/index.md
View File

@@ -30,3 +30,5 @@ They need not be compiled, and no complex toolchain is necessary to build them.
The experience of implementing a Traefik plugin is comparable to writing a web browser extension.
To learn more about Traefik plugin creation, please refer to the [developer documentation](https://plugins.traefik.io/create).
{!traefik-for-business-applications.md!}

9
docs/content/providers/consul-catalog.md
View File

@@ -525,10 +525,17 @@ providers:
```
```bash tab="CLI"
--providers.consulcatalog.defaultRule=Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)
--providers.consulcatalog.defaultRule='Host(`{{ .Name }}.{{ index .Labels "customLabel"}}`)'
# ...
```
??? info "Default rule and Traefik service"
The exposure of the Traefik container, combined with the default rule mechanism,
can lead to create a router targeting itself in a loop.
In this case, to prevent an infinite loop,
Traefik adds an internal middleware to refuse the request if it comes from the same router.
### `connectAware`
_Optional, Default=false_

33
docs/content/providers/docker.md
View File

@@ -21,7 +21,7 @@ and [Docker Swarm Mode](https://docs.docker.com/engine/swarm/).
## Configuration Examples
??? example "Configuring Docker & Deploying / Exposing Services"
??? example "Configuring Docker & Deploying / Exposing one Service"
Enabling the docker provider
@@ -49,7 +49,7 @@ and [Docker Swarm Mode](https://docs.docker.com/engine/swarm/).
- traefik.http.routers.my-container.rule=Host(`example.com`)
```
??? example "Configuring Docker Swarm & Deploying / Exposing Services"
??? example "Configuring Docker Swarm & Deploying / Exposing one Service"
Enabling the docker provider (Swarm Mode)
@@ -80,7 +80,9 @@ and [Docker Swarm Mode](https://docs.docker.com/engine/swarm/).
--providers.docker.swarmMode=true
```
Attach labels to services (not to containers) while in Swarm mode (in your docker compose file)
Attach labels to a single service (not containers) while in Swarm mode (in your Docker compose file).
When there is only one service, and the router does not specify a service,
then that service is automatically assigned to the router.
```yaml
version: "3"
@@ -117,12 +119,14 @@ When using Docker Compose, labels are specified by the directive
Traefik retrieves the private IP and port of containers from the Docker API.
Port detection works as follows:
Port detection for private communication works as follows:
- If a container [exposes](https://docs.docker.com/engine/reference/builder/#expose) a single port,
then Traefik uses this port for private communication.
then Traefik uses this port.
- If a container [exposes](https://docs.docker.com/engine/reference/builder/#expose) multiple ports,
or does not expose any port, then you must manually specify which port Traefik should use for communication
then Traefik uses the lowest port. E.g. if `80` and `8080` are exposed, Traefik will use `80`.
- If a container does not expose any port, or the selection from multiple ports does not fit,
then you must manually specify which port Traefik should use for communication
by using the label `traefik.http.services.<service_name>.loadbalancer.server.port`
(Read more on this label in the dedicated section in [routing](../routing/providers/docker.md#port)).
@@ -267,7 +271,7 @@ See the sections [Docker API Access](#docker-api-access) and [Docker Swarm API A
services:
traefik:
image: traefik:v2.10 # The official v2 Traefik docker image
image: traefik:v2.11 # The official v2 Traefik docker image
ports:
- "80:80"
volumes:
@@ -296,9 +300,9 @@ See the sections [Docker API Access](#docker-api-access) and [Docker Swarm API A
??? example "Using SSH"
Using Docker 18.09+ you can connect Traefik to daemon using SSH
Using Docker 18.09+ you can connect Traefik to daemon using SSH.
We specify the SSH host and user in Traefik's configuration file.
Note that is server requires public keys for authentication you must have those accessible for user who runs Traefik.
Note that if the server requires public keys for authentication, you must have them accessible for the user running Traefik.
```yaml tab="File (YAML)"
providers:
@@ -462,10 +466,17 @@ providers:
```
```bash tab="CLI"
--providers.docker.defaultRule=Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)
--providers.docker.defaultRule='Host(`{{ .Name }}.{{ index .Labels "customLabel"}}`)'
# ...
```
??? info "Default rule and Traefik service"
The exposure of the Traefik container, combined with the default rule mechanism,
can lead to create a router targeting itself in a loop.
In this case, to prevent an infinite loop,
Traefik adds an internal middleware to refuse the request if it comes from the same router.
### `swarmMode`
_Optional, Default=false_
@@ -731,7 +742,7 @@ providers:
_Optional, Default=false_
If the parameter is set to `true`,
any [servers load balancer](../routing/services/index.md#servers-load-balancer) defined for Docker containers is created
any [servers load balancer](../routing/services/index.md#servers-load-balancer) defined for Docker containers is created
regardless of the [healthiness](https://docs.docker.com/engine/reference/builder/#healthcheck) of the corresponding containers.
It also then stays alive and responsive even at times when it becomes empty,
i.e. when all its children containers become unhealthy.

12
docs/content/providers/ecs.md
View File

@@ -259,10 +259,17 @@ providers:
```
```bash tab="CLI"
--providers.ecs.defaultRule=Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)
--providers.ecs.defaultRule='Host(`{{ .Name }}.{{ index .Labels "customLabel"}}`)'
# ...
```
??? info "Default rule and Traefik service"
The exposure of the Traefik container, combined with the default rule mechanism,
can lead to create a router targeting itself in a loop.
In this case, to prevent an infinite loop,
Traefik adds an internal middleware to refuse the request if it comes from the same router.
### `refreshSeconds`
_Optional, Default=15_
@@ -294,7 +301,8 @@ _Optional_
If `region` is not provided, it is resolved from the EC2 metadata endpoint for EC2 tasks.
In a FARGATE context it is resolved from the `AWS_REGION` environment variable.
If `accessKeyID` and `secretAccessKey` are not provided, credentials are resolved in the following order:
If `accessKeyID` and `secretAccessKey` are not provided, credentials are resolved in the order specified by the
[default credential chain of AWS SDK for Go V2](https://docs.aws.amazon.com/sdk-for-go/v2/developer-guide/configure-gosdk.html#specifying-credentials):
- Using the environment variables `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, and `AWS_SESSION_TOKEN`.
- Using shared credentials, determined by `AWS_PROFILE` and `AWS_SHARED_CREDENTIALS_FILE`, defaults to `default` and `~/.aws/credentials`.

6
docs/content/providers/kubernetes-crd.md
View File

@@ -35,10 +35,10 @@ the Traefik engineering team developed a [Custom Resource Definition](https://ku
```bash
# Install Traefik Resource Definitions:
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.10/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.11/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
# Install RBAC for Traefik:
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.10/docs/content/reference/dynamic-configuration/kubernetes-crd-rbac.yml
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.11/docs/content/reference/dynamic-configuration/kubernetes-crd-rbac.yml
```
## Resource Configuration
@@ -345,4 +345,4 @@ providers:
For additional information, refer to the [full example](../user-guides/crd-acme/index.md) with Let's Encrypt.
{!traefik-api-management-kubernetes.md!}
{!traefik-for-business-applications.md!}

2
docs/content/providers/kubernetes-gateway.md
View File

@@ -269,4 +269,4 @@ providers:
--providers.kubernetesgateway.throttleDuration=10s
```
{!traefik-api-management-kubernetes.md!}
{!traefik-for-business-applications.md!}

4
docs/content/providers/kubernetes-ingress.md
View File

@@ -502,6 +502,6 @@ providers:
### Further
To learn more about the various aspects of the Ingress specification that Traefik supports,
many examples of Ingresses definitions are located in the test [examples](https://github.com/traefik/traefik/tree/v2.10/pkg/provider/kubernetes/ingress/fixtures) of the Traefik repository.
many examples of Ingresses definitions are located in the test [examples](https://github.com/traefik/traefik/tree/v2.11/pkg/provider/kubernetes/ingress/fixtures) of the Traefik repository.
{!traefik-api-management-kubernetes.md!}
{!traefik-for-business-applications.md!}

9
docs/content/providers/marathon.md
View File

@@ -138,10 +138,17 @@ providers:
```
```bash tab="CLI"
--providers.marathon.defaultRule=Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)
--providers.marathon.defaultRule='Host(`{{ .Name }}.{{ index .Labels "customLabel"}}`)'
# ...
```
??? info "Default rule and Traefik service"
The exposure of the Traefik container, combined with the default rule mechanism,
can lead to create a router targeting itself in a loop.
In this case, to prevent an infinite loop,
Traefik adds an internal middleware to refuse the request if it comes from the same router.
### `dialerTimeout`
_Optional, Default=5s_

10
docs/content/providers/nomad.md
View File

@@ -163,6 +163,7 @@ providers:
_Optional, Default=""_
Token is used to provide a per-request ACL token, if Nomad ACLs are enabled.
The appropriate ACL privilege for this token is 'read-job', as outlined in the [Nomad documentation on ACL](https://developer.hashicorp.com/nomad/tutorials/access-control/access-control-policies).
```yaml tab="File (YAML)"
providers:
@@ -373,10 +374,17 @@ providers:
```
```bash tab="CLI"
--providers.nomad.defaultRule="Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
--providers.nomad.defaultRule='Host(`{{ .Name }}.{{ index .Labels "customLabel"}}`)'
# ...
```
??? info "Default rule and Traefik service"
The exposure of the Traefik container, combined with the default rule mechanism,
can lead to create a router targeting itself in a loop.
In this case, to prevent an infinite loop,
Traefik adds an internal middleware to refuse the request if it comes from the same router.
### `constraints`
_Optional, Default=""_

4
docs/content/providers/overview.md
View File

@@ -81,7 +81,7 @@ For the list of the providers names, see the [supported providers](#supported-pr
- "traefik.http.routers.my-container.middlewares=add-foo-prefix@file"
```
```yaml tab="Kubernetes Ingress Route"
```yaml tab="IngressRoute"
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
@@ -103,7 +103,7 @@ For the list of the providers names, see the [supported providers](#supported-pr
# when the cross-provider syntax is used.
```
```yaml tab="Kubernetes Ingress"
```yaml tab="Ingress"
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:

9
docs/content/providers/rancher.md
View File

@@ -121,10 +121,17 @@ providers:
```
```bash tab="CLI"
--providers.rancher.defaultRule=Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)
--providers.rancher.defaultRule='Host(`{{ .Name }}.{{ index .Labels "customLabel"}}`)'
# ...
```
??? info "Default rule and Traefik service"
The exposure of the Traefik container, combined with the default rule mechanism,
can lead to create a router targeting itself in a loop.
In this case, to prevent an infinite loop,
Traefik adds an internal middleware to refuse the request if it comes from the same router.
### `enableServiceHealthFilter`
_Optional, Default=true_

191
docs/content/providers/redis.md
View File

@@ -10,6 +10,12 @@ A Story of KV store & Containers
Store your configuration in Redis and let Traefik do the rest!
!!! tip "Dynamic configuration updates"
Dynamic configuration updates require Redis [keyspace notifications](https://redis.io/docs/latest/develop/use/keyspace-notifications) to be enabled.
Cloud-managed Redis services (e.g., GCP Memorystore, AWS ElastiCache) may disable this by default due to CPU performance issues.
For more information, see the [Redis](https://redis.io/docs/latest/develop/use/keyspace-notifications/) documentation or refer to your cloud provider's documentation for specific configuration steps.
## Routing Configuration
See the dedicated section in [routing](../routing/providers/kv.md).
@@ -105,6 +111,28 @@ providers:
--providers.redis.password=foo
```
### `db`
_Optional, Default=0_
Defines the database to be selected after connecting to the Redis.
```yaml tab="File (YAML)"
providers:
redis:
# ...
db: 0
```
```toml tab="File (TOML)"
[providers.redis]
db = 0
```
```bash tab="CLI"
--providers.redis.db=0
```
### `tls`
_Optional_
@@ -207,3 +235,166 @@ providers:
```bash tab="CLI"
--providers.redis.tls.insecureSkipVerify=true
```
### `sentinel`
_Optional_
Defines the Sentinel configuration used to interact with Redis Sentinel.
#### `masterName`
_Required_
`masterName` is the name of the Sentinel master.
```yaml tab="File (YAML)"
providers:
redis:
sentinel:
masterName: my-master
```
```toml tab="File (TOML)"
[providers.redis.sentinel]
masterName = "my-master"
```
```bash tab="CLI"
--providers.redis.sentinel.masterName=my-master
```
#### `username`
_Optional_
`username` is the username for Sentinel authentication.
```yaml tab="File (YAML)"
providers:
redis:
sentinel:
username: user
```
```toml tab="File (TOML)"
[providers.redis.sentinel]
username = "user"
```
```bash tab="CLI"
--providers.redis.sentinel.username=user
```
#### `password`
_Optional_
`password` is the password for Sentinel authentication.
```yaml tab="File (YAML)"
providers:
redis:
sentinel:
password: password
```
```toml tab="File (TOML)"
[providers.redis.sentinel]
password = "password"
```
```bash tab="CLI"
--providers.redis.sentinel.password=password
```
#### `latencyStrategy`
_Optional, Default=false_
`latencyStrategy` defines whether to route commands to the closest master or replica nodes
(mutually exclusive with RandomStrategy and ReplicaStrategy).
```yaml tab="File (YAML)"
providers:
redis:
sentinel:
latencyStrategy: true
```
```toml tab="File (TOML)"
[providers.redis.sentinel]
latencyStrategy = true
```
```bash tab="CLI"
--providers.redis.sentinel.latencyStrategy=true
```
#### `randomStrategy`
_Optional, Default=false_
`randomStrategy` defines whether to route commands randomly to master or replica nodes
(mutually exclusive with LatencyStrategy and ReplicaStrategy).
```yaml tab="File (YAML)"
providers:
redis:
sentinel:
randomStrategy: true
```
```toml tab="File (TOML)"
[providers.redis.sentinel]
randomStrategy = true
```
```bash tab="CLI"
--providers.redis.sentinel.randomStrategy=true
```
#### `replicaStrategy`
_Optional, Default=false_
`replicaStrategy` Defines whether to route all commands to replica nodes
(mutually exclusive with LatencyStrategy and RandomStrategy).
```yaml tab="File (YAML)"
providers:
redis:
sentinel:
replicaStrategy: true
```
```toml tab="File (TOML)"
[providers.redis.sentinel]
replicaStrategy = true
```
```bash tab="CLI"
--providers.redis.sentinel.replicaStrategy=true
```
#### `useDisconnectedReplicas`
_Optional, Default=false_
`useDisconnectedReplicas` defines whether to use replicas disconnected with master when cannot get connected replicas.
```yaml tab="File (YAML)"
providers:
redis:
sentinel:
useDisconnectedReplicas: true
```
```toml tab="File (TOML)"
[providers.redis.sentinel]
useDisconnectedReplicas = true
```
```bash tab="CLI"
--providers.redis.sentinel.useDisconnectedReplicas=true
```

2
docs/content/reference/dynamic-configuration/consul-catalog.md
View File

@@ -8,7 +8,7 @@ description: "View the reference for performing dynamic configurations with Trae
Dynamic configuration with Consul Catalog
{: .subtitle }
The labels are case insensitive.
The labels are case-insensitive.
```yaml
--8<-- "content/reference/dynamic-configuration/consul-catalog.yml"

323
docs/content/reference/dynamic-configuration/docker-labels.yml
View File

@@ -1,126 +1,136 @@
- "traefik.http.middlewares.middleware00.addprefix.prefix=foobar"
- "traefik.http.middlewares.middleware01.basicauth.headerfield=foobar"
- "traefik.http.middlewares.middleware01.basicauth.realm=foobar"
- "traefik.http.middlewares.middleware01.basicauth.removeheader=true"
- "traefik.http.middlewares.middleware01.basicauth.users=foobar, foobar"
- "traefik.http.middlewares.middleware01.basicauth.usersfile=foobar"
- "traefik.http.middlewares.middleware02.buffering.maxrequestbodybytes=42"
- "traefik.http.middlewares.middleware02.buffering.maxresponsebodybytes=42"
- "traefik.http.middlewares.middleware02.buffering.memrequestbodybytes=42"
- "traefik.http.middlewares.middleware02.buffering.memresponsebodybytes=42"
- "traefik.http.middlewares.middleware02.buffering.retryexpression=foobar"
- "traefik.http.middlewares.middleware03.chain.middlewares=foobar, foobar"
- "traefik.http.middlewares.middleware04.circuitbreaker.expression=foobar"
- "traefik.http.middlewares.middleware04.circuitbreaker.checkperiod=42s"
- "traefik.http.middlewares.middleware04.circuitbreaker.fallbackduration=42s"
- "traefik.http.middlewares.middleware04.circuitbreaker.recoveryduration=42s"
- "traefik.http.middlewares.middleware05.compress=true"
- "traefik.http.middlewares.middleware05.compress.excludedcontenttypes=foobar, foobar"
- "traefik.http.middlewares.middleware05.compress.minresponsebodybytes=42"
- "traefik.http.middlewares.middleware06.contenttype.autodetect=true"
- "traefik.http.middlewares.middleware07.digestauth.headerfield=foobar"
- "traefik.http.middlewares.middleware07.digestauth.realm=foobar"
- "traefik.http.middlewares.middleware07.digestauth.removeheader=true"
- "traefik.http.middlewares.middleware07.digestauth.users=foobar, foobar"
- "traefik.http.middlewares.middleware07.digestauth.usersfile=foobar"
- "traefik.http.middlewares.middleware08.errors.query=foobar"
- "traefik.http.middlewares.middleware08.errors.service=foobar"
- "traefik.http.middlewares.middleware08.errors.status=foobar, foobar"
- "traefik.http.middlewares.middleware09.forwardauth.address=foobar"
- "traefik.http.middlewares.middleware09.forwardauth.authresponseheaders=foobar, foobar"
- "traefik.http.middlewares.middleware09.forwardauth.authresponseheadersregex=foobar"
- "traefik.http.middlewares.middleware09.forwardauth.authrequestheaders=foobar, foobar"
- "traefik.http.middlewares.middleware09.forwardauth.tls.ca=foobar"
- "traefik.http.middlewares.middleware09.forwardauth.tls.caoptional=true"
- "traefik.http.middlewares.middleware09.forwardauth.tls.cert=foobar"
- "traefik.http.middlewares.middleware09.forwardauth.tls.insecureskipverify=true"
- "traefik.http.middlewares.middleware09.forwardauth.tls.key=foobar"
- "traefik.http.middlewares.middleware09.forwardauth.trustforwardheader=true"
- "traefik.http.middlewares.middleware10.headers.accesscontrolallowcredentials=true"
- "traefik.http.middlewares.middleware10.headers.accesscontrolallowheaders=foobar, foobar"
- "traefik.http.middlewares.middleware10.headers.accesscontrolallowmethods=foobar, foobar"
- "traefik.http.middlewares.middleware10.headers.accesscontrolalloworiginlist=foobar, foobar"
- "traefik.http.middlewares.middleware10.headers.accesscontrolalloworiginlistregex=foobar, foobar"
- "traefik.http.middlewares.middleware10.headers.accesscontrolexposeheaders=foobar, foobar"
- "traefik.http.middlewares.middleware10.headers.accesscontrolmaxage=42"
- "traefik.http.middlewares.middleware10.headers.addvaryheader=true"
- "traefik.http.middlewares.middleware10.headers.allowedhosts=foobar, foobar"
- "traefik.http.middlewares.middleware10.headers.browserxssfilter=true"
- "traefik.http.middlewares.middleware10.headers.contentsecuritypolicy=foobar"
- "traefik.http.middlewares.middleware10.headers.contenttypenosniff=true"
- "traefik.http.middlewares.middleware10.headers.custombrowserxssvalue=foobar"
- "traefik.http.middlewares.middleware10.headers.customframeoptionsvalue=foobar"
- "traefik.http.middlewares.middleware10.headers.customrequestheaders.name0=foobar"
- "traefik.http.middlewares.middleware10.headers.customrequestheaders.name1=foobar"
- "traefik.http.middlewares.middleware10.headers.customresponseheaders.name0=foobar"
- "traefik.http.middlewares.middleware10.headers.customresponseheaders.name1=foobar"
- "traefik.http.middlewares.middleware10.headers.featurepolicy=foobar"
- "traefik.http.middlewares.middleware10.headers.forcestsheader=true"
- "traefik.http.middlewares.middleware10.headers.framedeny=true"
- "traefik.http.middlewares.middleware10.headers.hostsproxyheaders=foobar, foobar"
- "traefik.http.middlewares.middleware10.headers.isdevelopment=true"
- "traefik.http.middlewares.middleware10.headers.permissionspolicy=foobar"
- "traefik.http.middlewares.middleware10.headers.publickey=foobar"
- "traefik.http.middlewares.middleware10.headers.referrerpolicy=foobar"
- "traefik.http.middlewares.middleware10.headers.sslforcehost=true"
- "traefik.http.middlewares.middleware10.headers.sslhost=foobar"
- "traefik.http.middlewares.middleware10.headers.sslproxyheaders.name0=foobar"
- "traefik.http.middlewares.middleware10.headers.sslproxyheaders.name1=foobar"
- "traefik.http.middlewares.middleware10.headers.sslredirect=true"
- "traefik.http.middlewares.middleware10.headers.ssltemporaryredirect=true"
- "traefik.http.middlewares.middleware10.headers.stsincludesubdomains=true"
- "traefik.http.middlewares.middleware10.headers.stspreload=true"
- "traefik.http.middlewares.middleware10.headers.stsseconds=42"
- "traefik.http.middlewares.middleware11.ipwhitelist.ipstrategy.depth=42"
- "traefik.http.middlewares.middleware11.ipwhitelist.ipstrategy.excludedips=foobar, foobar"
- "traefik.http.middlewares.middleware11.ipwhitelist.sourcerange=foobar, foobar"
- "traefik.http.middlewares.middleware12.inflightreq.amount=42"
- "traefik.http.middlewares.middleware12.inflightreq.sourcecriterion.ipstrategy.depth=42"
- "traefik.http.middlewares.middleware12.inflightreq.sourcecriterion.ipstrategy.excludedips=foobar, foobar"
- "traefik.http.middlewares.middleware12.inflightreq.sourcecriterion.requestheadername=foobar"
- "traefik.http.middlewares.middleware12.inflightreq.sourcecriterion.requesthost=true"
- "traefik.http.middlewares.middleware13.passtlsclientcert.info.issuer.commonname=true"
- "traefik.http.middlewares.middleware13.passtlsclientcert.info.issuer.country=true"
- "traefik.http.middlewares.middleware13.passtlsclientcert.info.issuer.domaincomponent=true"
- "traefik.http.middlewares.middleware13.passtlsclientcert.info.issuer.locality=true"
- "traefik.http.middlewares.middleware13.passtlsclientcert.info.issuer.organization=true"
- "traefik.http.middlewares.middleware13.passtlsclientcert.info.issuer.province=true"
- "traefik.http.middlewares.middleware13.passtlsclientcert.info.issuer.serialnumber=true"
- "traefik.http.middlewares.middleware13.passtlsclientcert.info.notafter=true"
- "traefik.http.middlewares.middleware13.passtlsclientcert.info.notbefore=true"
- "traefik.http.middlewares.middleware13.passtlsclientcert.info.sans=true"
- "traefik.http.middlewares.middleware13.passtlsclientcert.info.serialnumber=true"
- "traefik.http.middlewares.middleware13.passtlsclientcert.info.subject.commonname=true"
- "traefik.http.middlewares.middleware13.passtlsclientcert.info.subject.country=true"
- "traefik.http.middlewares.middleware13.passtlsclientcert.info.subject.domaincomponent=true"
- "traefik.http.middlewares.middleware13.passtlsclientcert.info.subject.locality=true"
- "traefik.http.middlewares.middleware13.passtlsclientcert.info.subject.organization=true"
- "traefik.http.middlewares.middleware13.passtlsclientcert.info.subject.organizationalunit=true"
- "traefik.http.middlewares.middleware13.passtlsclientcert.info.subject.province=true"
- "traefik.http.middlewares.middleware13.passtlsclientcert.info.subject.serialnumber=true"
- "traefik.http.middlewares.middleware13.passtlsclientcert.pem=true"
- "traefik.http.middlewares.middleware14.plugin.foobar.foo=bar"
- "traefik.http.middlewares.middleware15.ratelimit.average=42"
- "traefik.http.middlewares.middleware15.ratelimit.burst=42"
- "traefik.http.middlewares.middleware15.ratelimit.period=42"
- "traefik.http.middlewares.middleware15.ratelimit.sourcecriterion.ipstrategy.depth=42"
- "traefik.http.middlewares.middleware15.ratelimit.sourcecriterion.ipstrategy.excludedips=foobar, foobar"
- "traefik.http.middlewares.middleware15.ratelimit.sourcecriterion.requestheadername=foobar"
- "traefik.http.middlewares.middleware15.ratelimit.sourcecriterion.requesthost=true"
- "traefik.http.middlewares.middleware16.redirectregex.permanent=true"
- "traefik.http.middlewares.middleware16.redirectregex.regex=foobar"
- "traefik.http.middlewares.middleware16.redirectregex.replacement=foobar"
- "traefik.http.middlewares.middleware17.redirectscheme.permanent=true"
- "traefik.http.middlewares.middleware17.redirectscheme.port=foobar"
- "traefik.http.middlewares.middleware17.redirectscheme.scheme=foobar"
- "traefik.http.middlewares.middleware18.replacepath.path=foobar"
- "traefik.http.middlewares.middleware19.replacepathregex.regex=foobar"
- "traefik.http.middlewares.middleware19.replacepathregex.replacement=foobar"
- "traefik.http.middlewares.middleware20.retry.attempts=42"
- "traefik.http.middlewares.middleware20.retry.initialinterval=42"
- "traefik.http.middlewares.middleware21.stripprefix.forceslash=true"
- "traefik.http.middlewares.middleware21.stripprefix.prefixes=foobar, foobar"
- "traefik.http.middlewares.middleware22.stripprefixregex.regex=foobar, foobar"
## CODE GENERATED AUTOMATICALLY
## THIS FILE MUST NOT BE EDITED BY HAND
- "traefik.http.middlewares.middleware01.addprefix.prefix=foobar"
- "traefik.http.middlewares.middleware02.basicauth.headerfield=foobar"
- "traefik.http.middlewares.middleware02.basicauth.realm=foobar"
- "traefik.http.middlewares.middleware02.basicauth.removeheader=true"
- "traefik.http.middlewares.middleware02.basicauth.users=foobar, foobar"
- "traefik.http.middlewares.middleware02.basicauth.usersfile=foobar"
- "traefik.http.middlewares.middleware03.buffering.maxrequestbodybytes=42"
- "traefik.http.middlewares.middleware03.buffering.maxresponsebodybytes=42"
- "traefik.http.middlewares.middleware03.buffering.memrequestbodybytes=42"
- "traefik.http.middlewares.middleware03.buffering.memresponsebodybytes=42"
- "traefik.http.middlewares.middleware03.buffering.retryexpression=foobar"
- "traefik.http.middlewares.middleware04.chain.middlewares=foobar, foobar"
- "traefik.http.middlewares.middleware05.circuitbreaker.checkperiod=42s"
- "traefik.http.middlewares.middleware05.circuitbreaker.expression=foobar"
- "traefik.http.middlewares.middleware05.circuitbreaker.fallbackduration=42s"
- "traefik.http.middlewares.middleware05.circuitbreaker.recoveryduration=42s"
- "traefik.http.middlewares.middleware06.compress=true"
- "traefik.http.middlewares.middleware06.compress.excludedcontenttypes=foobar, foobar"
- "traefik.http.middlewares.middleware06.compress.minresponsebodybytes=42"
- "traefik.http.middlewares.middleware07.contenttype.autodetect=true"
- "traefik.http.middlewares.middleware08.digestauth.headerfield=foobar"
- "traefik.http.middlewares.middleware08.digestauth.realm=foobar"
- "traefik.http.middlewares.middleware08.digestauth.removeheader=true"
- "traefik.http.middlewares.middleware08.digestauth.users=foobar, foobar"
- "traefik.http.middlewares.middleware08.digestauth.usersfile=foobar"
- "traefik.http.middlewares.middleware09.errors.query=foobar"
- "traefik.http.middlewares.middleware09.errors.service=foobar"
- "traefik.http.middlewares.middleware09.errors.status=foobar, foobar"
- "traefik.http.middlewares.middleware10.forwardauth.address=foobar"
- "traefik.http.middlewares.middleware10.forwardauth.authrequestheaders=foobar, foobar"
- "traefik.http.middlewares.middleware10.forwardauth.authresponseheaders=foobar, foobar"
- "traefik.http.middlewares.middleware10.forwardauth.authresponseheadersregex=foobar"
- "traefik.http.middlewares.middleware10.forwardauth.tls.ca=foobar"
- "traefik.http.middlewares.middleware10.forwardauth.tls.caoptional=true"
- "traefik.http.middlewares.middleware10.forwardauth.tls.cert=foobar"
- "traefik.http.middlewares.middleware10.forwardauth.tls.insecureskipverify=true"
- "traefik.http.middlewares.middleware10.forwardauth.tls.key=foobar"
- "traefik.http.middlewares.middleware10.forwardauth.trustforwardheader=true"
- "traefik.http.middlewares.middleware11.headers.accesscontrolallowcredentials=true"
- "traefik.http.middlewares.middleware11.headers.accesscontrolallowheaders=foobar, foobar"
- "traefik.http.middlewares.middleware11.headers.accesscontrolallowmethods=foobar, foobar"
- "traefik.http.middlewares.middleware11.headers.accesscontrolalloworiginlist=foobar, foobar"
- "traefik.http.middlewares.middleware11.headers.accesscontrolalloworiginlistregex=foobar, foobar"
- "traefik.http.middlewares.middleware11.headers.accesscontrolexposeheaders=foobar, foobar"
- "traefik.http.middlewares.middleware11.headers.accesscontrolmaxage=42"
- "traefik.http.middlewares.middleware11.headers.addvaryheader=true"
- "traefik.http.middlewares.middleware11.headers.allowedhosts=foobar, foobar"
- "traefik.http.middlewares.middleware11.headers.browserxssfilter=true"
- "traefik.http.middlewares.middleware11.headers.contentsecuritypolicy=foobar"
- "traefik.http.middlewares.middleware11.headers.contenttypenosniff=true"
- "traefik.http.middlewares.middleware11.headers.custombrowserxssvalue=foobar"
- "traefik.http.middlewares.middleware11.headers.customframeoptionsvalue=foobar"
- "traefik.http.middlewares.middleware11.headers.customrequestheaders.name0=foobar"
- "traefik.http.middlewares.middleware11.headers.customrequestheaders.name1=foobar"
- "traefik.http.middlewares.middleware11.headers.customresponseheaders.name0=foobar"
- "traefik.http.middlewares.middleware11.headers.customresponseheaders.name1=foobar"
- "traefik.http.middlewares.middleware11.headers.featurepolicy=foobar"
- "traefik.http.middlewares.middleware11.headers.forcestsheader=true"
- "traefik.http.middlewares.middleware11.headers.framedeny=true"
- "traefik.http.middlewares.middleware11.headers.hostsproxyheaders=foobar, foobar"
- "traefik.http.middlewares.middleware11.headers.isdevelopment=true"
- "traefik.http.middlewares.middleware11.headers.permissionspolicy=foobar"
- "traefik.http.middlewares.middleware11.headers.publickey=foobar"
- "traefik.http.middlewares.middleware11.headers.referrerpolicy=foobar"
- "traefik.http.middlewares.middleware11.headers.sslforcehost=true"
- "traefik.http.middlewares.middleware11.headers.sslhost=foobar"
- "traefik.http.middlewares.middleware11.headers.sslproxyheaders.name0=foobar"
- "traefik.http.middlewares.middleware11.headers.sslproxyheaders.name1=foobar"
- "traefik.http.middlewares.middleware11.headers.sslredirect=true"
- "traefik.http.middlewares.middleware11.headers.ssltemporaryredirect=true"
- "traefik.http.middlewares.middleware11.headers.stsincludesubdomains=true"
- "traefik.http.middlewares.middleware11.headers.stspreload=true"
- "traefik.http.middlewares.middleware11.headers.stsseconds=42"
- "traefik.http.middlewares.middleware12.ipallowlist.ipstrategy=true"
- "traefik.http.middlewares.middleware12.ipallowlist.ipstrategy.depth=42"
- "traefik.http.middlewares.middleware12.ipallowlist.ipstrategy.excludedips=foobar, foobar"
- "traefik.http.middlewares.middleware12.ipallowlist.sourcerange=foobar, foobar"
- "traefik.http.middlewares.middleware13.ipwhitelist.ipstrategy=true"
- "traefik.http.middlewares.middleware13.ipwhitelist.ipstrategy.depth=42"
- "traefik.http.middlewares.middleware13.ipwhitelist.ipstrategy.excludedips=foobar, foobar"
- "traefik.http.middlewares.middleware13.ipwhitelist.sourcerange=foobar, foobar"
- "traefik.http.middlewares.middleware14.inflightreq.amount=42"
- "traefik.http.middlewares.middleware14.inflightreq.sourcecriterion.ipstrategy.depth=42"
- "traefik.http.middlewares.middleware14.inflightreq.sourcecriterion.ipstrategy.excludedips=foobar, foobar"
- "traefik.http.middlewares.middleware14.inflightreq.sourcecriterion.requestheadername=foobar"
- "traefik.http.middlewares.middleware14.inflightreq.sourcecriterion.requesthost=true"
- "traefik.http.middlewares.middleware15.passtlsclientcert.info.issuer.commonname=true"
- "traefik.http.middlewares.middleware15.passtlsclientcert.info.issuer.country=true"
- "traefik.http.middlewares.middleware15.passtlsclientcert.info.issuer.domaincomponent=true"
- "traefik.http.middlewares.middleware15.passtlsclientcert.info.issuer.locality=true"
- "traefik.http.middlewares.middleware15.passtlsclientcert.info.issuer.organization=true"
- "traefik.http.middlewares.middleware15.passtlsclientcert.info.issuer.province=true"
- "traefik.http.middlewares.middleware15.passtlsclientcert.info.issuer.serialnumber=true"
- "traefik.http.middlewares.middleware15.passtlsclientcert.info.notafter=true"
- "traefik.http.middlewares.middleware15.passtlsclientcert.info.notbefore=true"
- "traefik.http.middlewares.middleware15.passtlsclientcert.info.sans=true"
- "traefik.http.middlewares.middleware15.passtlsclientcert.info.serialnumber=true"
- "traefik.http.middlewares.middleware15.passtlsclientcert.info.subject.commonname=true"
- "traefik.http.middlewares.middleware15.passtlsclientcert.info.subject.country=true"
- "traefik.http.middlewares.middleware15.passtlsclientcert.info.subject.domaincomponent=true"
- "traefik.http.middlewares.middleware15.passtlsclientcert.info.subject.locality=true"
- "traefik.http.middlewares.middleware15.passtlsclientcert.info.subject.organization=true"
- "traefik.http.middlewares.middleware15.passtlsclientcert.info.subject.organizationalunit=true"
- "traefik.http.middlewares.middleware15.passtlsclientcert.info.subject.province=true"
- "traefik.http.middlewares.middleware15.passtlsclientcert.info.subject.serialnumber=true"
- "traefik.http.middlewares.middleware15.passtlsclientcert.pem=true"
- "traefik.http.middlewares.middleware16.plugin.pluginconf0.name0=foobar"
- "traefik.http.middlewares.middleware16.plugin.pluginconf0.name1=foobar"
- "traefik.http.middlewares.middleware16.plugin.pluginconf1.name0=foobar"
- "traefik.http.middlewares.middleware16.plugin.pluginconf1.name1=foobar"
- "traefik.http.middlewares.middleware17.ratelimit.average=42"
- "traefik.http.middlewares.middleware17.ratelimit.burst=42"
- "traefik.http.middlewares.middleware17.ratelimit.period=42s"
- "traefik.http.middlewares.middleware17.ratelimit.sourcecriterion.ipstrategy.depth=42"
- "traefik.http.middlewares.middleware17.ratelimit.sourcecriterion.ipstrategy.excludedips=foobar, foobar"
- "traefik.http.middlewares.middleware17.ratelimit.sourcecriterion.requestheadername=foobar"
- "traefik.http.middlewares.middleware17.ratelimit.sourcecriterion.requesthost=true"
- "traefik.http.middlewares.middleware18.redirectregex.permanent=true"
- "traefik.http.middlewares.middleware18.redirectregex.regex=foobar"
- "traefik.http.middlewares.middleware18.redirectregex.replacement=foobar"
- "traefik.http.middlewares.middleware19.redirectscheme.permanent=true"
- "traefik.http.middlewares.middleware19.redirectscheme.port=foobar"
- "traefik.http.middlewares.middleware19.redirectscheme.scheme=foobar"
- "traefik.http.middlewares.middleware20.replacepath.path=foobar"
- "traefik.http.middlewares.middleware21.replacepathregex.regex=foobar"
- "traefik.http.middlewares.middleware21.replacepathregex.replacement=foobar"
- "traefik.http.middlewares.middleware22.retry.attempts=42"
- "traefik.http.middlewares.middleware22.retry.initialinterval=42s"
- "traefik.http.middlewares.middleware23.stripprefix.forceslash=true"
- "traefik.http.middlewares.middleware23.stripprefix.prefixes=foobar, foobar"
- "traefik.http.middlewares.middleware24.stripprefixregex.regex=foobar, foobar"
- "traefik.http.routers.router0.entrypoints=foobar, foobar"
- "traefik.http.routers.router0.middlewares=foobar, foobar"
- "traefik.http.routers.router0.priority=42"
@@ -145,32 +155,34 @@
- "traefik.http.routers.router1.tls.domains[1].main=foobar"
- "traefik.http.routers.router1.tls.domains[1].sans=foobar, foobar"
- "traefik.http.routers.router1.tls.options=foobar"
- "traefik.http.services.service01.loadbalancer.healthcheck.followredirects=true"
- "traefik.http.services.service01.loadbalancer.healthcheck.headers.name0=foobar"
- "traefik.http.services.service01.loadbalancer.healthcheck.headers.name1=foobar"
- "traefik.http.services.service01.loadbalancer.healthcheck.hostname=foobar"
- "traefik.http.services.service01.loadbalancer.healthcheck.interval=foobar"
- "traefik.http.services.service01.loadbalancer.healthcheck.path=foobar"
- "traefik.http.services.service01.loadbalancer.healthcheck.method=foobar"
- "traefik.http.services.service01.loadbalancer.healthcheck.port=42"
- "traefik.http.services.service01.loadbalancer.healthcheck.scheme=foobar"
- "traefik.http.services.service01.loadbalancer.healthcheck.timeout=foobar"
- "traefik.http.services.service01.loadbalancer.passhostheader=true"
- "traefik.http.services.service01.loadbalancer.responseforwarding.flushinterval=foobar"
- "traefik.http.services.service01.loadbalancer.serverstransport=foobar"
- "traefik.http.services.service01.loadbalancer.sticky.cookie=true"
- "traefik.http.services.service01.loadbalancer.sticky.cookie.httponly=true"
- "traefik.http.services.service01.loadbalancer.sticky.cookie.name=foobar"
- "traefik.http.services.service01.loadbalancer.sticky.cookie.samesite=foobar"
- "traefik.http.services.service01.loadbalancer.sticky.cookie.secure=true"
- "traefik.http.services.service01.loadbalancer.server.port=foobar"
- "traefik.http.services.service01.loadbalancer.server.scheme=foobar"
- "traefik.tcp.middlewares.tcpmiddleware00.ipwhitelist.sourcerange=foobar, foobar"
- "traefik.tcp.middlewares.tcpmiddleware01.inflightconn.amount=42"
- "traefik.http.services.service02.loadbalancer.healthcheck.followredirects=true"
- "traefik.http.services.service02.loadbalancer.healthcheck.headers.name0=foobar"
- "traefik.http.services.service02.loadbalancer.healthcheck.headers.name1=foobar"
- "traefik.http.services.service02.loadbalancer.healthcheck.hostname=foobar"
- "traefik.http.services.service02.loadbalancer.healthcheck.interval=foobar"
- "traefik.http.services.service02.loadbalancer.healthcheck.method=foobar"
- "traefik.http.services.service02.loadbalancer.healthcheck.path=foobar"
- "traefik.http.services.service02.loadbalancer.healthcheck.port=42"
- "traefik.http.services.service02.loadbalancer.healthcheck.scheme=foobar"
- "traefik.http.services.service02.loadbalancer.healthcheck.timeout=foobar"
- "traefik.http.services.service02.loadbalancer.passhostheader=true"
- "traefik.http.services.service02.loadbalancer.responseforwarding.flushinterval=foobar"
- "traefik.http.services.service02.loadbalancer.serverstransport=foobar"
- "traefik.http.services.service02.loadbalancer.sticky=true"
- "traefik.http.services.service02.loadbalancer.sticky.cookie=true"
- "traefik.http.services.service02.loadbalancer.sticky.cookie.httponly=true"
- "traefik.http.services.service02.loadbalancer.sticky.cookie.name=foobar"
- "traefik.http.services.service02.loadbalancer.sticky.cookie.samesite=foobar"
- "traefik.http.services.service02.loadbalancer.sticky.cookie.secure=true"
- "traefik.http.services.service02.loadbalancer.server.port=foobar"
- "traefik.http.services.service02.loadbalancer.server.scheme=foobar"
- "traefik.tcp.middlewares.tcpmiddleware01.ipallowlist.sourcerange=foobar, foobar"
- "traefik.tcp.middlewares.tcpmiddleware02.ipwhitelist.sourcerange=foobar, foobar"
- "traefik.tcp.middlewares.tcpmiddleware03.inflightconn.amount=42"
- "traefik.tcp.routers.tcprouter0.entrypoints=foobar, foobar"
- "traefik.tcp.routers.tcprouter0.middlewares=foobar, foobar"
- "traefik.tcp.routers.tcprouter0.rule=foobar"
- "traefik.tcp.routers.tcprouter0.priority=42"
- "traefik.tcp.routers.tcprouter0.rule=foobar"
- "traefik.tcp.routers.tcprouter0.service=foobar"
- "traefik.tcp.routers.tcprouter0.tls=true"
- "traefik.tcp.routers.tcprouter0.tls.certresolver=foobar"
@@ -182,8 +194,8 @@
- "traefik.tcp.routers.tcprouter0.tls.passthrough=true"
- "traefik.tcp.routers.tcprouter1.entrypoints=foobar, foobar"
- "traefik.tcp.routers.tcprouter1.middlewares=foobar, foobar"
- "traefik.tcp.routers.tcprouter1.rule=foobar"
- "traefik.tcp.routers.tcprouter1.priority=42"
- "traefik.tcp.routers.tcprouter1.rule=foobar"
- "traefik.tcp.routers.tcprouter1.service=foobar"
- "traefik.tcp.routers.tcprouter1.tls=true"
- "traefik.tcp.routers.tcprouter1.tls.certresolver=foobar"
@@ -193,21 +205,18 @@
- "traefik.tcp.routers.tcprouter1.tls.domains[1].sans=foobar, foobar"
- "traefik.tcp.routers.tcprouter1.tls.options=foobar"
- "traefik.tcp.routers.tcprouter1.tls.passthrough=true"
- "traefik.tcp.services.tcpservice01.loadbalancer.proxyprotocol=true"
- "traefik.tcp.services.tcpservice01.loadbalancer.proxyprotocol.version=42"
- "traefik.tcp.services.tcpservice01.loadbalancer.terminationdelay=42"
- "traefik.tcp.services.tcpservice01.loadbalancer.server.port=foobar"
- "traefik.tls.stores.store0.defaultgeneratedcert.domain.main=foobar"
- "traefik.tls.stores.store0.defaultgeneratedcert.domain.sans=foobar, foobar"
- "traefik.tls.stores.store0.defaultgeneratedcert.resolver=foobar"
- "traefik.tls.stores.store1.defaultgeneratedcert.domain.main=foobar"
- "traefik.tls.stores.store1.defaultgeneratedcert.domain.sans=foobar, foobar"
- "traefik.tls.stores.store1.defaultgeneratedcert.resolver=foobar"
- "traefik.udp.routers.udprouter0.entrypoints=foobar, foobar"
- "traefik.udp.routers.udprouter0.service=foobar"
- "traefik.udp.routers.udprouter1.entrypoints=foobar, foobar"
- "traefik.udp.routers.udprouter1.service=foobar"
- "traefik.udp.services.udpservice01.loadbalancer.server.port=foobar"
- "traefik.tls.stores.Store0.defaultcertificate.certfile=foobar"
- "traefik.tls.stores.Store0.defaultcertificate.keyfile=foobar"
- "traefik.tls.stores.Store0.defaultgeneratedcert.domain.main=foobar"
- "traefik.tls.stores.Store0.defaultgeneratedcert.domain.sans=foobar, foobar"
- "traefik.tls.stores.Store0.defaultgeneratedcert.resolver=foobar"
- "traefik.tls.stores.Store1.defaultcertificate.certfile=foobar"
- "traefik.tls.stores.Store1.defaultcertificate.keyfile=foobar"
- "traefik.tls.stores.Store1.defaultgeneratedcert.domain.main=foobar"
- "traefik.tls.stores.Store1.defaultgeneratedcert.domain.sans=foobar, foobar"
- "traefik.tls.stores.Store1.defaultgeneratedcert.resolver=foobar"

2
docs/content/reference/dynamic-configuration/docker.md
View File

@@ -8,7 +8,7 @@ description: "Reference dynamic configuration with Docker labels in Traefik Prox
Dynamic configuration with Docker Labels
{: .subtitle }
The labels are case insensitive.
The labels are case-insensitive.
```yaml
labels:

2
docs/content/reference/dynamic-configuration/ecs.md
View File

@@ -8,7 +8,7 @@ description: "Learn how to do dynamic configuration in Traefik Proxy with AWS EC
Dynamic configuration with ECS provider
{: .subtitle }
The labels are case insensitive.
The labels are case-insensitive.
```yaml
--8<-- "content/reference/dynamic-configuration/ecs.yml"

195
docs/content/reference/dynamic-configuration/file.toml
View File

@@ -1,3 +1,5 @@
## CODE GENERATED AUTOMATICALLY
## THIS FILE MUST NOT BE EDITED BY HAND
[http]
[http.routers]
[http.routers.Router0]
@@ -36,22 +38,27 @@
sans = ["foobar", "foobar"]
[http.services]
[http.services.Service01]
[http.services.Service01.loadBalancer]
[http.services.Service01.failover]
service = "foobar"
fallback = "foobar"
[http.services.Service01.failover.healthCheck]
[http.services.Service02]
[http.services.Service02.loadBalancer]
passHostHeader = true
serversTransport = "foobar"
[http.services.Service01.loadBalancer.sticky]
[http.services.Service01.loadBalancer.sticky.cookie]
[http.services.Service02.loadBalancer.sticky]
[http.services.Service02.loadBalancer.sticky.cookie]
name = "foobar"
secure = true
httpOnly = true
sameSite = "foobar"
[[http.services.Service01.loadBalancer.servers]]
[[http.services.Service02.loadBalancer.servers]]
url = "foobar"
[[http.services.Service01.loadBalancer.servers]]
[[http.services.Service02.loadBalancer.servers]]
url = "foobar"
[http.services.Service01.loadBalancer.healthCheck]
[http.services.Service02.loadBalancer.healthCheck]
scheme = "foobar"
path = "foobar"
method = "foobar"
@@ -60,109 +67,102 @@
timeout = "foobar"
hostname = "foobar"
followRedirects = true
[http.services.Service01.loadBalancer.healthCheck.headers]
[http.services.Service02.loadBalancer.healthCheck.headers]
name0 = "foobar"
name1 = "foobar"
[http.services.Service01.loadBalancer.responseForwarding]
[http.services.Service02.loadBalancer.responseForwarding]
flushInterval = "foobar"
[http.services.Service02]
[http.services.Service02.mirroring]
[http.services.Service03]
[http.services.Service03.mirroring]
service = "foobar"
maxBodySize = 42
[http.services.Service02.mirroring.healthCheck]
[[http.services.Service02.mirroring.mirrors]]
[[http.services.Service03.mirroring.mirrors]]
name = "foobar"
percent = 42
[[http.services.Service02.mirroring.mirrors]]
[[http.services.Service03.mirroring.mirrors]]
name = "foobar"
percent = 42
[http.services.Service03]
[http.services.Service03.weighted]
[http.services.Service03.weighted.healthCheck]
[http.services.Service03.mirroring.healthCheck]
[http.services.Service04]
[http.services.Service04.weighted]
[[http.services.Service03.weighted.services]]
[[http.services.Service04.weighted.services]]
name = "foobar"
weight = 42
[[http.services.Service03.weighted.services]]
[[http.services.Service04.weighted.services]]
name = "foobar"
weight = 42
[http.services.Service03.weighted.sticky]
[http.services.Service03.weighted.sticky.cookie]
[http.services.Service04.weighted.sticky]
[http.services.Service04.weighted.sticky.cookie]
name = "foobar"
secure = true
httpOnly = true
sameSite = "foobar"
[http.services.Service04]
[http.services.Service04.failover]
service = "foobar"
fallback = "foobar"
[http.services.Service04.failover.healthCheck]
[http.services.Service04.weighted.healthCheck]
[http.middlewares]
[http.middlewares.Middleware00]
[http.middlewares.Middleware00.addPrefix]
prefix = "foobar"
[http.middlewares.Middleware01]
[http.middlewares.Middleware01.basicAuth]
[http.middlewares.Middleware01.addPrefix]
prefix = "foobar"
[http.middlewares.Middleware02]
[http.middlewares.Middleware02.basicAuth]
users = ["foobar", "foobar"]
usersFile = "foobar"
realm = "foobar"
removeHeader = true
headerField = "foobar"
[http.middlewares.Middleware02]
[http.middlewares.Middleware02.buffering]
[http.middlewares.Middleware03]
[http.middlewares.Middleware03.buffering]
maxRequestBodyBytes = 42
memRequestBodyBytes = 42
maxResponseBodyBytes = 42
memResponseBodyBytes = 42
retryExpression = "foobar"
[http.middlewares.Middleware03]
[http.middlewares.Middleware03.chain]
middlewares = ["foobar", "foobar"]
[http.middlewares.Middleware04]
[http.middlewares.Middleware04.circuitBreaker]
[http.middlewares.Middleware04.chain]
middlewares = ["foobar", "foobar"]
[http.middlewares.Middleware05]
[http.middlewares.Middleware05.circuitBreaker]
expression = "foobar"
checkPeriod = "42s"
fallbackDuration = "42s"
recoveryDuration = "42s"
[http.middlewares.Middleware05]
[http.middlewares.Middleware05.compress]
[http.middlewares.Middleware06]
[http.middlewares.Middleware06.compress]
excludedContentTypes = ["foobar", "foobar"]
minResponseBodyBytes = 42
[http.middlewares.Middleware06]
[http.middlewares.Middleware06.contentType]
autoDetect = true
[http.middlewares.Middleware07]
[http.middlewares.Middleware07.digestAuth]
[http.middlewares.Middleware07.contentType]
autoDetect = true
[http.middlewares.Middleware08]
[http.middlewares.Middleware08.digestAuth]
users = ["foobar", "foobar"]
usersFile = "foobar"
removeHeader = true
realm = "foobar"
headerField = "foobar"
[http.middlewares.Middleware08]
[http.middlewares.Middleware08.errors]
[http.middlewares.Middleware09]
[http.middlewares.Middleware09.errors]
status = ["foobar", "foobar"]
service = "foobar"
query = "foobar"
[http.middlewares.Middleware09]
[http.middlewares.Middleware09.forwardAuth]
[http.middlewares.Middleware10]
[http.middlewares.Middleware10.forwardAuth]
address = "foobar"
trustForwardHeader = true
authResponseHeaders = ["foobar", "foobar"]
authResponseHeadersRegex = "foobar"
authRequestHeaders = ["foobar", "foobar"]
[http.middlewares.Middleware09.forwardAuth.tls]
[http.middlewares.Middleware10.forwardAuth.tls]
ca = "foobar"
caOptional = true
cert = "foobar"
key = "foobar"
insecureSkipVerify = true
[http.middlewares.Middleware10]
[http.middlewares.Middleware10.headers]
[http.middlewares.Middleware11]
[http.middlewares.Middleware11.headers]
accessControlAllowCredentials = true
accessControlAllowHeaders = ["foobar", "foobar"]
accessControlAllowMethods = ["foobar", "foobar"]
@@ -192,39 +192,45 @@
featurePolicy = "foobar"
permissionsPolicy = "foobar"
isDevelopment = true
[http.middlewares.Middleware10.headers.customRequestHeaders]
[http.middlewares.Middleware11.headers.customRequestHeaders]
name0 = "foobar"
name1 = "foobar"
[http.middlewares.Middleware10.headers.customResponseHeaders]
[http.middlewares.Middleware11.headers.customResponseHeaders]
name0 = "foobar"
name1 = "foobar"
[http.middlewares.Middleware10.headers.sslProxyHeaders]
[http.middlewares.Middleware11.headers.sslProxyHeaders]
name0 = "foobar"
name1 = "foobar"
[http.middlewares.Middleware11]
[http.middlewares.Middleware11.ipWhiteList]
[http.middlewares.Middleware12]
[http.middlewares.Middleware12.ipAllowList]
sourceRange = ["foobar", "foobar"]
[http.middlewares.Middleware11.ipWhiteList.ipStrategy]
[http.middlewares.Middleware12.ipAllowList.ipStrategy]
depth = 42
excludedIPs = ["foobar", "foobar"]
[http.middlewares.Middleware12]
[http.middlewares.Middleware12.inFlightReq]
[http.middlewares.Middleware13]
[http.middlewares.Middleware13.ipWhiteList]
sourceRange = ["foobar", "foobar"]
[http.middlewares.Middleware13.ipWhiteList.ipStrategy]
depth = 42
excludedIPs = ["foobar", "foobar"]
[http.middlewares.Middleware14]
[http.middlewares.Middleware14.inFlightReq]
amount = 42
[http.middlewares.Middleware12.inFlightReq.sourceCriterion]
[http.middlewares.Middleware14.inFlightReq.sourceCriterion]
requestHeaderName = "foobar"
requestHost = true
[http.middlewares.Middleware12.inFlightReq.sourceCriterion.ipStrategy]
[http.middlewares.Middleware14.inFlightReq.sourceCriterion.ipStrategy]
depth = 42
excludedIPs = ["foobar", "foobar"]
[http.middlewares.Middleware13]
[http.middlewares.Middleware13.passTLSClientCert]
[http.middlewares.Middleware15]
[http.middlewares.Middleware15.passTLSClientCert]
pem = true
[http.middlewares.Middleware13.passTLSClientCert.info]
[http.middlewares.Middleware15.passTLSClientCert.info]
notAfter = true
notBefore = true
sans = true
serialNumber = true
[http.middlewares.Middleware13.passTLSClientCert.info.subject]
[http.middlewares.Middleware15.passTLSClientCert.info.subject]
country = true
province = true
locality = true
@@ -233,7 +239,7 @@
commonName = true
serialNumber = true
domainComponent = true
[http.middlewares.Middleware13.passTLSClientCert.info.issuer]
[http.middlewares.Middleware15.passTLSClientCert.info.issuer]
country = true
province = true
locality = true
@@ -241,48 +247,52 @@
commonName = true
serialNumber = true
domainComponent = true
[http.middlewares.Middleware14]
[http.middlewares.Middleware14.plugin]
[http.middlewares.Middleware14.plugin.PluginConf]
foo = "bar"
[http.middlewares.Middleware15]
[http.middlewares.Middleware15.rateLimit]
[http.middlewares.Middleware16]
[http.middlewares.Middleware16.plugin]
[http.middlewares.Middleware16.plugin.PluginConf0]
name0 = "foobar"
name1 = "foobar"
[http.middlewares.Middleware16.plugin.PluginConf1]
name0 = "foobar"
name1 = "foobar"
[http.middlewares.Middleware17]
[http.middlewares.Middleware17.rateLimit]
average = 42
period = "42s"
burst = 42
[http.middlewares.Middleware15.rateLimit.sourceCriterion]
[http.middlewares.Middleware17.rateLimit.sourceCriterion]
requestHeaderName = "foobar"
requestHost = true
[http.middlewares.Middleware15.rateLimit.sourceCriterion.ipStrategy]
[http.middlewares.Middleware17.rateLimit.sourceCriterion.ipStrategy]
depth = 42
excludedIPs = ["foobar", "foobar"]
[http.middlewares.Middleware16]
[http.middlewares.Middleware16.redirectRegex]
[http.middlewares.Middleware18]
[http.middlewares.Middleware18.redirectRegex]
regex = "foobar"
replacement = "foobar"
permanent = true
[http.middlewares.Middleware17]
[http.middlewares.Middleware17.redirectScheme]
[http.middlewares.Middleware19]
[http.middlewares.Middleware19.redirectScheme]
scheme = "foobar"
port = "foobar"
permanent = true
[http.middlewares.Middleware18]
[http.middlewares.Middleware18.replacePath]
[http.middlewares.Middleware20]
[http.middlewares.Middleware20.replacePath]
path = "foobar"
[http.middlewares.Middleware19]
[http.middlewares.Middleware19.replacePathRegex]
[http.middlewares.Middleware21]
[http.middlewares.Middleware21.replacePathRegex]
regex = "foobar"
replacement = "foobar"
[http.middlewares.Middleware20]
[http.middlewares.Middleware20.retry]
[http.middlewares.Middleware22]
[http.middlewares.Middleware22.retry]
attempts = 42
initialInterval = "42s"
[http.middlewares.Middleware21]
[http.middlewares.Middleware21.stripPrefix]
[http.middlewares.Middleware23]
[http.middlewares.Middleware23.stripPrefix]
prefixes = ["foobar", "foobar"]
forceSlash = true
[http.middlewares.Middleware22]
[http.middlewares.Middleware22.stripPrefixRegex]
[http.middlewares.Middleware24]
[http.middlewares.Middleware24.stripPrefixRegex]
regex = ["foobar", "foobar"]
[http.serversTransports]
[http.serversTransports.ServersTransport0]
@@ -389,11 +399,14 @@
name = "foobar"
weight = 42
[tcp.middlewares]
[tcp.middlewares.TCPMiddleware00]
[tcp.middlewares.TCPMiddleware00.ipWhiteList]
sourceRange = ["foobar", "foobar"]
[tcp.middlewares.TCPMiddleware01]
[tcp.middlewares.TCPMiddleware01.inFlightConn]
[tcp.middlewares.TCPMiddleware01.ipAllowList]
sourceRange = ["foobar", "foobar"]
[tcp.middlewares.TCPMiddleware02]
[tcp.middlewares.TCPMiddleware02.ipWhiteList]
sourceRange = ["foobar", "foobar"]
[tcp.middlewares.TCPMiddleware03]
[tcp.middlewares.TCPMiddleware03.inFlightConn]
amount = 42
[udp]

93
docs/content/reference/dynamic-configuration/file.yaml
View File

@@ -1,3 +1,5 @@
## CODE GENERATED AUTOMATICALLY
## THIS FILE MUST NOT BE EDITED BY HAND
http:
routers:
Router0:
@@ -46,6 +48,11 @@ http:
- foobar
services:
Service01:
failover:
service: foobar
fallback: foobar
healthCheck: {}
Service02:
loadBalancer:
sticky:
cookie:
@@ -72,19 +79,18 @@ http:
responseForwarding:
flushInterval: foobar
serversTransport: foobar
Service02:
Service03:
mirroring:
service: foobar
maxBodySize: 42
healthCheck: {}
mirrors:
- name: foobar
percent: 42
- name: foobar
percent: 42
Service03:
weighted:
healthCheck: {}
Service04:
weighted:
services:
- name: foobar
weight: 42
@@ -96,16 +102,12 @@ http:
secure: true
httpOnly: true
sameSite: foobar
Service04:
failover:
service: foobar
fallback: foobar
healthCheck: {}
middlewares:
Middleware00:
Middleware01:
addPrefix:
prefix: foobar
Middleware01:
Middleware02:
basicAuth:
users:
- foobar
@@ -114,34 +116,34 @@ http:
realm: foobar
removeHeader: true
headerField: foobar
Middleware02:
Middleware03:
buffering:
maxRequestBodyBytes: 42
memRequestBodyBytes: 42
maxResponseBodyBytes: 42
memResponseBodyBytes: 42
retryExpression: foobar
Middleware03:
Middleware04:
chain:
middlewares:
- foobar
- foobar
Middleware04:
Middleware05:
circuitBreaker:
expression: foobar
checkPeriod: 42s
fallbackDuration: 42s
recoveryDuration: 42s
Middleware05:
Middleware06:
compress:
excludedContentTypes:
- foobar
- foobar
minResponseBodyBytes: 42
Middleware06:
Middleware07:
contentType:
autoDetect: true
Middleware07:
Middleware08:
digestAuth:
users:
- foobar
@@ -150,14 +152,14 @@ http:
removeHeader: true
realm: foobar
headerField: foobar
Middleware08:
Middleware09:
errors:
status:
- foobar
- foobar
service: foobar
query: foobar
Middleware09:
Middleware10:
forwardAuth:
address: foobar
tls:
@@ -174,7 +176,7 @@ http:
authRequestHeaders:
- foobar
- foobar
Middleware10:
Middleware11:
headers:
customRequestHeaders:
name0: foobar
@@ -228,7 +230,17 @@ http:
featurePolicy: foobar
permissionsPolicy: foobar
isDevelopment: true
Middleware11:
Middleware12:
ipAllowList:
sourceRange:
- foobar
- foobar
ipStrategy:
depth: 42
excludedIPs:
- foobar
- foobar
Middleware13:
ipWhiteList:
sourceRange:
- foobar
@@ -238,7 +250,7 @@ http:
excludedIPs:
- foobar
- foobar
Middleware12:
Middleware14:
inFlightReq:
amount: 42
sourceCriterion:
@@ -249,13 +261,14 @@ http:
- foobar
requestHeaderName: foobar
requestHost: true
Middleware13:
Middleware15:
passTLSClientCert:
pem: true
info:
notAfter: true
notBefore: true
sans: true
serialNumber: true
subject:
country: true
province: true
@@ -273,12 +286,15 @@ http:
commonName: true
serialNumber: true
domainComponent: true
serialNumber: true
Middleware14:
Middleware16:
plugin:
PluginConf:
foo: bar
Middleware15:
PluginConf0:
name0: foobar
name1: foobar
PluginConf1:
name0: foobar
name1: foobar
Middleware17:
rateLimit:
average: 42
period: 42s
@@ -291,34 +307,34 @@ http:
- foobar
requestHeaderName: foobar
requestHost: true
Middleware16:
Middleware18:
redirectRegex:
regex: foobar
replacement: foobar
permanent: true
Middleware17:
Middleware19:
redirectScheme:
scheme: foobar
port: foobar
permanent: true
Middleware18:
Middleware20:
replacePath:
path: foobar
Middleware19:
Middleware21:
replacePathRegex:
regex: foobar
replacement: foobar
Middleware20:
Middleware22:
retry:
attempts: 42
initialInterval: 42s
Middleware21:
Middleware23:
stripPrefix:
prefixes:
- foobar
- foobar
forceSlash: true
Middleware22:
Middleware24:
stripPrefixRegex:
regex:
- foobar
@@ -429,12 +445,17 @@ tcp:
- name: foobar
weight: 42
middlewares:
TCPMiddleware00:
TCPMiddleware01:
ipAllowList:
sourceRange:
- foobar
- foobar
TCPMiddleware02:
ipWhiteList:
sourceRange:
- foobar
- foobar
TCPMiddleware01:
TCPMiddleware03:
inFlightConn:
amount: 42
udp:

2700
docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
View File

File diff suppressed because it is too large Load Diff

2
docs/content/reference/dynamic-configuration/kubernetes-crd-resource.yml
View File

@@ -148,7 +148,7 @@ spec:
- name: whoamitcp
port: 8080
middlewares:
- name: ipwhitelist
- name: ipallowlist
tls:
secretName: foosecret
passthrough: false

Some files were not shown because too many files have changed in this diff Show More