Prepare release v2.3.0

Co-authored-by: jbdoumenjou <jb.doumenjou@gmail.com>

.github/CODEOWNERS

@@ -1,24 +0,0 @@
-provider/kubernetes/**  @containous/kubernetes
-provider/rancher/**     @containous/rancher
-provider/marathon/**    @containous/marathon
-provider/docker/**      @containous/docker
-
-docs/user-guide/kubernetes.md       @containous/kubernetes
-docs/user-guide/marathon.md         @containous/marathon
-docs/user-guide/swarm.md            @containous/docker
-docs/user-guide/swarm-mode.md       @containous/docker
-
-docs/configuration/backends/docker.md       @containous/docker
-docs/configuration/backends/kubernetes.md   @containous/kubernetes
-docs/configuration/backends/marathon.md     @containous/marathon
-docs/configuration/backends/rancher.md      @containous/rancher
-
-examples/k8s/                   @containous/kubernetes
-examples/compose-k8s.yaml       @containous/kubernetes
-examples/k8s.namespace.yaml     @containous/kubernetes
-examples/compose-rancher.yml    @containous/rancher
-examples/compose-marathon.yml   @containous/marathon
-
-vendor/github.com/gambol99/go-marathon  @containous/marathon
-vendor/github.com/rancher               @containous/rancher
-vendor/k8s.io/                          @containous/kubernetes

.github/ISSUE_TEMPLATE.md

@@ -17,7 +17,7 @@ Bug
 <!--
 
 The configurations between 1.X and 2.X are NOT compatible.
-Please have a look here https://docs.traefik.io/v2.0/getting-started/configuration-overview/.
+Please have a look here https://doc.traefik.io/traefik/getting-started/configuration-overview/.
 
 -->
 

.github/ISSUE_TEMPLATE/Bug_report.md

@@ -22,7 +22,7 @@ Bug
 <!--
 
 The configurations between 1.X and 2.X are NOT compatible.
-Please have a look here https://docs.traefik.io/v2.0/getting-started/configuration-overview/.
+Please have a look here https://doc.traefik.io/traefik/getting-started/configuration-overview/.
 
 -->
 

.github/PULL_REQUEST_TEMPLATE.md

@@ -13,7 +13,7 @@ Enhancements:
 - for Traefik v1: we only accept bug fixes
 - for Traefik v2: use branch master
 
-HOW TO WRITE A GOOD PULL REQUEST? https://docs.traefik.io/contributing/submitting-pull-requests/
+HOW TO WRITE A GOOD PULL REQUEST? https://doc.traefik.io/traefik/contributing/submitting-pull-requests/
 
 -->
 

.gitignore

@@ -16,3 +16,4 @@
 *.exe
 cover.out
 vendor/
+plugins-storage/

.golangci.toml

@@ -54,6 +54,7 @@
     "nestif", # Too many false-positive.
     "noctx", # Too strict
     "exhaustive", # Too strict
+    "nlreturn", # Too strict
   ]
 
 [issues]
@@ -100,7 +101,7 @@
     text = "string `traefik` has (\\d) occurrences, make it a constant"
  [[issues.exclude-rules]]
     path = "pkg/server/middleware/middlewares.go"
-    text = "Function 'buildConstructor' is too long \\(\\d+ > 230\\)"
+    text = "Function 'buildConstructor' has too many statements"
  [[issues.exclude-rules]] # FIXME must be fixed
     path = "cmd/context.go"
     text = "S1000: should use a simple channel send/receive instead of `select` with a single case"
@@ -112,4 +113,4 @@
     text = "printf-like formatting function 'SetErrorWithEvent' should be named 'SetErrorWithEventf'"
  [[issues.exclude-rules]]
     path = "pkg/log/deprecated.go"
-    linters = ["godot"]
+    linters = ["godot"]

.goreleaser.yml

@@ -7,11 +7,11 @@ before:
 builds:
   - binary: traefik
 
-    main: ./cmd/traefik/traefik.go
+    main: ./cmd/traefik/
     env:
       - CGO_ENABLED=0
     ldflags:
-      - -s -w -X github.com/containous/traefik/v2/pkg/version.Version={{.Version}} -X github.com/containous/traefik/v2/pkg/version.Codename={{.Env.CODENAME}} -X github.com/containous/traefik/v2/pkg/version.BuildDate={{.Date}}
+      - -s -w -X github.com/traefik/traefik/v2/pkg/version.Version={{.Version}} -X github.com/traefik/traefik/v2/pkg/version.Codename={{.Env.CODENAME}} -X github.com/traefik/traefik/v2/pkg/version.BuildDate={{.Date}}
 
     goos:
       - linux

.semaphoreci/setup.sh

@@ -1,6 +1,6 @@
 # For personnal CI
-# mv /home/runner/workspace/src/github.com/<username>/ /home/runner/workspace/src/github.com/containous/
-# cd /home/runner/workspace/src/github.com/containous/traefik/
+# mv /home/runner/workspace/src/github.com/<username>/ /home/runner/workspace/src/github.com/traefik/
+# cd /home/runner/workspace/src/github.com/traefik/traefik/
 for s in apache2 cassandra elasticsearch memcached mysql mongod postgresql sphinxsearch rethinkdb rabbitmq-server redis-server; do sudo service $s stop; done
 sudo swapoff -a
 sudo dd if=/dev/zero of=/swapfile bs=1M count=3072
@@ -10,7 +10,7 @@ sudo rm -rf /home/runner/.rbenv
 sudo rm -rf /usr/local/golang/{1.4.3,1.5.4,1.6.4,1.7.6,1.8.6,1.9.7,1.10.3,1.11}
 #export DOCKER_VERSION=18.06.3
 source .semaphoreci/vars
-if [ -z "${PULL_REQUEST_NUMBER}" ]; then SHOULD_TEST="-*-"; else TEMP_STORAGE=$(curl --silent https://patch-diff.githubusercontent.com/raw/containous/traefik/pull/${PULL_REQUEST_NUMBER}.diff | patch --dry-run -p1 -R || true); fi
+if [ -z "${PULL_REQUEST_NUMBER}" ]; then SHOULD_TEST="-*-"; else TEMP_STORAGE=$(curl --silent https://patch-diff.githubusercontent.com/raw/traefik/traefik/pull/${PULL_REQUEST_NUMBER}.diff | patch --dry-run -p1 -R || true); fi
 echo ${SHOULD_TEST}
 if [ -n "$TEMP_STORAGE" ]; then SHOULD_TEST=$(echo "$TEMP_STORAGE" | grep -Ev '(.md|.yaml|.yml)' || :); fi
 echo ${TEMP_STORAGE}
@@ -20,7 +20,7 @@ echo ${SHOULD_TEST}
 if [ -n "$SHOULD_TEST" ]; then docker version; fi
 export GO_VERSION=1.13
 if [ -f "./go.mod" ]; then GO_VERSION="$(grep '^go .*' go.mod | awk '{print $2}')"; export GO_VERSION; fi
-#if [ "${GO_VERSION}" == '1.14' ]; then export GO_VERSION=1.14rc2; fi
+#if [ "${GO_VERSION}" == '1.15' ]; then export GO_VERSION=1.15rc2; fi
 echo "Selected Go version: ${GO_VERSION}"
 
 if [ -f "./.semaphoreci/golang.sh" ]; then ./.semaphoreci/golang.sh; fi

.semaphoreci/vars

@@ -1,7 +1,7 @@
 #!/usr/bin/env bash
 set -e
 
-export REPO='containous/traefik'
+export REPO='traefik/traefik'
 
 if VERSION=$(git describe --exact-match --abbrev=0 --tags);
 then
@@ -10,7 +10,7 @@ else
   export VERSION=''
 fi
 
-export CODENAME=chevrotin
+export CODENAME=picodon
 
 export N_MAKE_JOBS=2
 

.travis.yml

@@ -11,7 +11,7 @@ env:
   global:
     - REPO=$TRAVIS_REPO_SLUG
     - VERSION=$TRAVIS_TAG
-    - CODENAME=chevrotin
+    - CODENAME=picodon
     - GO111MODULE=on
 
 script:
@@ -29,8 +29,9 @@ before_deploy:
       if [ "$TRAVIS_TAG" ]; then
         make release-packages;
       fi;
-      curl -sfL https://raw.githubusercontent.com/containous/structor/master/godownloader.sh | bash -s -- -b "${GOPATH}/bin" ${STRUCTOR_VERSION}
-      structor -o containous -r traefik --dockerfile-url="https://raw.githubusercontent.com/containous/traefik/v1.7/docs.Dockerfile" --menu.js-url="https://raw.githubusercontent.com/containous/structor/master/traefik-menu.js.gotmpl" --rqts-url="https://raw.githubusercontent.com/containous/structor/master/requirements-override.txt" --force-edit-url --exp-branch=master --debug;
+      curl -sfL https://raw.githubusercontent.com/traefik/structor/master/godownloader.sh | bash -s -- -b "${GOPATH}/bin" ${STRUCTOR_VERSION}
+      curl -sSfL https://raw.githubusercontent.com/traefik/mixtus/master/godownloader.sh | sh -s -- -b "${GOPATH}/bin" ${MIXTUS_VERSION}
+      structor -o traefik -r traefik --dockerfile-url="https://raw.githubusercontent.com/traefik/traefik/v1.7/docs.Dockerfile" --menu.js-url="https://raw.githubusercontent.com/traefik/structor/master/traefik-menu.js.gotmpl" --rqts-url="https://raw.githubusercontent.com/traefik/structor/master/requirements-override.txt" --force-edit-url --exp-branch=master --debug;
     fi
 
 deploy:
@@ -40,19 +41,17 @@ deploy:
     skip_cleanup: true
     file_glob: true
     on:
-      repo: containous/traefik
+      repo: traefik/traefik
       tags: true
   - provider: script
     script: sh script/deploy.sh
     skip_cleanup: true
     on:
-      repo: containous/traefik
+      repo: traefik/traefik
       tags: true
-  - provider: pages
-    edge: false
-    github_token: ${GITHUB_TOKEN}
-    local_dir: site
+  - provider: script
+    script: mixtus --dst-doc-path="./traefik" --dst-owner=traefik --dst-repo-name=doc --git-user-email="30906710+traefiker@users.noreply.github.com" --git-user-name=traefiker --src-doc-path="./site" --src-owner=containous --src-repo-name=traefik
     skip_cleanup: true
     on:
-      repo: containous/traefik
-      all_branches: true
+      repo: traefik/traefik
+      all_branches: true

CONTRIBUTING.md

@@ -1,4 +1,4 @@
 # Contributing
 
-- https://docs.traefik.io/contributing/submitting-pull-requests/
-- https://docs.traefik.io/contributing/submitting-issues/
+- https://doc.traefik.io/traefik/contributing/submitting-pull-requests/
+- https://doc.traefik.io/traefik/contributing/submitting-issues/

LICENSE.md

@@ -1,6 +1,6 @@
 The MIT License (MIT)
 
-Copyright (c) 2016-2020 Containous SAS
+Copyright (c) 2016-2020 Containous SAS; 2020 Traefik Labs
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

Makefile

@@ -13,7 +13,7 @@ GIT_BRANCH := $(subst heads/,,$(shell git rev-parse --abbrev-ref HEAD 2>/dev/nul
 TRAEFIK_DEV_IMAGE := traefik-dev$(if $(GIT_BRANCH),:$(subst /,-,$(GIT_BRANCH)))
 
 REPONAME := $(shell echo $(REPO) | tr '[:upper:]' '[:lower:]')
-TRAEFIK_IMAGE := $(if $(REPONAME),$(REPONAME),"containous/traefik")
+TRAEFIK_IMAGE := $(if $(REPONAME),$(REPONAME),"traefik/traefik")
 
 INTEGRATION_OPTS := $(if $(MAKE_DOCKER_HOST),-e "DOCKER_HOST=$(MAKE_DOCKER_HOST)", -e "TEST_CONTAINER=1" -v "/var/run/docker.sock:/var/run/docker.sock")
 DOCKER_BUILD_ARGS := $(if $(DOCKER_VERSION), "--build-arg=DOCKER_VERSION=$(DOCKER_VERSION)",)
@@ -29,7 +29,7 @@ TRAEFIK_ENVS := \
 	-e CI \
 	-e CONTAINER=DOCKER		# Indicator for integration tests that we are running inside a container.
 
-TRAEFIK_MOUNT := -v "$(CURDIR)/$(BIND_DIR):/go/src/github.com/containous/traefik/$(BIND_DIR)"
+TRAEFIK_MOUNT := -v "$(CURDIR)/$(BIND_DIR):/go/src/github.com/traefik/traefik/$(BIND_DIR)"
 DOCKER_RUN_OPTS := $(TRAEFIK_ENVS) $(TRAEFIK_MOUNT) "$(TRAEFIK_DEV_IMAGE)"
 DOCKER_NON_INTERACTIVE ?= false
 DOCKER_RUN_TRAEFIK := docker run --add-host=host.docker.internal:127.0.0.1 $(INTEGRATION_OPTS) $(if $(DOCKER_NON_INTERACTIVE), , -it) $(DOCKER_RUN_OPTS)
@@ -37,6 +37,8 @@ DOCKER_RUN_TRAEFIK_NOTTY := docker run $(INTEGRATION_OPTS) $(if $(DOCKER_NON_INT
 
 PRE_TARGET ?= build-dev-image
 
+PLATFORM_URL := $(if $(PLATFORM_URL),$(PLATFORM_URL),"https://pilot.traefik.io")
+
 default: binary
 
 ## Build Dev Docker image
@@ -53,7 +55,7 @@ dist:
 
 ## Build WebUI Docker image
 build-webui-image:
-	docker build -t traefik-webui -f webui/Dockerfile webui
+	docker build -t traefik-webui --build-arg ARG_PLATFORM_URL=$(PLATFORM_URL) -f webui/Dockerfile webui
 
 ## Generate WebUI
 generate-webui: build-webui-image

README.md

@@ -4,10 +4,10 @@
 </p>
 
 [![Build Status SemaphoreCI](https://semaphoreci.com/api/v1/containous/traefik/branches/master/shields_badge.svg)](https://semaphoreci.com/containous/traefik)
-[![Docs](https://img.shields.io/badge/docs-current-brightgreen.svg)](https://docs.traefik.io)
-[![Go Report Card](https://goreportcard.com/badge/containous/traefik)](https://goreportcard.com/report/containous/traefik)
+[![Docs](https://img.shields.io/badge/docs-current-brightgreen.svg)](https://doc.traefik.io/traefik)
+[![Go Report Card](https://goreportcard.com/badge/traefik/traefik)](https://goreportcard.com/report/traefik/traefik)
 [![](https://images.microbadger.com/badges/image/traefik.svg)](https://microbadger.com/images/traefik)
-[![License](https://img.shields.io/badge/license-MIT-blue.svg)](https://github.com/containous/traefik/blob/master/LICENSE.md)
+[![License](https://img.shields.io/badge/license-MIT-blue.svg)](https://github.com/traefik/traefik/blob/master/LICENSE.md)
 [![Join the community support forum at https://community.containo.us/](https://img.shields.io/badge/style-register-green.svg?style=social&label=Discourse)](https://community.containo.us/)
 [![Twitter](https://img.shields.io/twitter/follow/traefik.svg?style=social)](https://twitter.com/intent/follow?screen_name=traefik)
 
@@ -33,7 +33,7 @@ Pointing Traefik at your orchestrator should be the _only_ configuration step yo
 
 ---
 
-:warning: Please be aware that the old configurations for Traefik v1.x are NOT compatible with the v2.x config as of now. If you're running v2, please ensure you are using a [v2 configuration](https://docs.traefik.io/).
+:warning: Please be aware that the old configurations for Traefik v1.x are NOT compatible with the v2.x config as of now. If you're running v2, please ensure you are using a [v2 configuration](https://doc.traefik.io/traefik/).
 
 ## Overview
 
@@ -69,15 +69,15 @@ _(But if you'd rather configure some of your routes manually, Traefik supports t
 
 ## Supported Backends
 
-- [Docker](https://docs.traefik.io/providers/docker/) / [Swarm mode](https://docs.traefik.io/providers/docker/)
-- [Kubernetes](https://docs.traefik.io/providers/kubernetes-crd/)
-- [Marathon](https://docs.traefik.io/providers/marathon/)
-- [Rancher](https://docs.traefik.io/providers/rancher/) (Metadata)
-- [File](https://docs.traefik.io/providers/file/)
+- [Docker](https://doc.traefik.io/traefik/providers/docker/) / [Swarm mode](https://doc.traefik.io/traefik/providers/docker/)
+- [Kubernetes](https://doc.traefik.io/traefik/providers/kubernetes-crd/)
+- [Marathon](https://doc.traefik.io/traefik/providers/marathon/)
+- [Rancher](https://doc.traefik.io/traefik/providers/rancher/) (Metadata)
+- [File](https://doc.traefik.io/traefik/providers/file/)
 
 ## Quickstart
 
-To get your hands on Traefik, you can use the [5-Minute Quickstart](https://docs.traefik.io/getting-started/quick-start/) in our documentation (you will need Docker).
+To get your hands on Traefik, you can use the [5-Minute Quickstart](https://doc.traefik.io/traefik/getting-started/quick-start/) in our documentation (you will need Docker).
 
 ## Web UI
 
@@ -87,9 +87,9 @@ You can access the simple HTML frontend of Traefik.
 
 ## Documentation
 
-You can find the complete documentation of Traefik v2 at [https://docs.traefik.io](https://docs.traefik.io).
+You can find the complete documentation of Traefik v2 at [https://doc.traefik.io/traefik/](https://doc.traefik.io/traefik/).
 
-If you are using Traefik v1, you can find the complete documentation at [https://docs.traefik.io/v1.7/](https://docs.traefik.io/v1.7/).
+If you are using Traefik v1, you can find the complete documentation at [https://doc.traefik.io/traefik/v1.7/](https://doc.traefik.io/traefik/v1.7/).
 
 A collection of contributions around Traefik can be found at [https://awesome.traefik.io](https://awesome.traefik.io).
 
@@ -102,13 +102,13 @@ If you need commercial support, please contact [Containo.us](https://containo.us
 
 ## Download
 
-- Grab the latest binary from the [releases](https://github.com/containous/traefik/releases) page and run it with the [sample configuration file](https://raw.githubusercontent.com/containous/traefik/master/traefik.sample.toml):
+- Grab the latest binary from the [releases](https://github.com/traefik/traefik/releases) page and run it with the [sample configuration file](https://raw.githubusercontent.com/traefik/traefik/master/traefik.sample.toml):
 
 ```shell
 ./traefik --configFile=traefik.toml
 ```
 
-- Or use the official tiny Docker image and run it with the [sample configuration file](https://raw.githubusercontent.com/containous/traefik/master/traefik.sample.toml):
+- Or use the official tiny Docker image and run it with the [sample configuration file](https://raw.githubusercontent.com/traefik/traefik/master/traefik.sample.toml):
 
 ```shell
 docker run -d -p 8080:8080 -p 80:80 -v $PWD/traefik.toml:/etc/traefik/traefik.toml traefik
@@ -117,7 +117,7 @@ docker run -d -p 8080:8080 -p 80:80 -v $PWD/traefik.toml:/etc/traefik/traefik.to
 - Or get the sources:
 
 ```shell
-git clone https://github.com/containous/traefik
+git clone https://github.com/traefik/traefik
 ```
 
 ## Introductory Videos

build.Dockerfile

@@ -1,4 +1,4 @@
-FROM golang:1.14-alpine
+FROM golang:1.15-alpine
 
 RUN apk --update upgrade \
     && apk --no-cache --no-progress add git mercurial bash gcc musl-dev curl tar ca-certificates tzdata \
@@ -19,7 +19,7 @@ RUN mkdir -p /usr/local/bin \
     && chmod +x /usr/local/bin/go-bindata
 
 # Download golangci-lint binary to bin folder in $GOPATH
-RUN curl -sfL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh | bash -s -- -b $GOPATH/bin v1.28.0
+RUN curl -sfL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh | bash -s -- -b $GOPATH/bin v1.31.0
 
 # Download misspell binary to bin folder in $GOPATH
 RUN  curl -sfL https://raw.githubusercontent.com/client9/misspell/master/install-misspell.sh | bash -s -- -b $GOPATH/bin v0.3.4
@@ -27,11 +27,11 @@ RUN  curl -sfL https://raw.githubusercontent.com/client9/misspell/master/install
 # Download goreleaser binary to bin folder in $GOPATH
 RUN curl -sfL https://install.goreleaser.com/github.com/goreleaser/goreleaser.sh | sh
 
-WORKDIR /go/src/github.com/containous/traefik
+WORKDIR /go/src/github.com/traefik/traefik
 
 # Download go modules
 COPY go.mod .
 COPY go.sum .
 RUN GO111MODULE=on GOPROXY=https://proxy.golang.org go mod download
 
-COPY . /go/src/github.com/containous/traefik
+COPY . /go/src/github.com/traefik/traefik

cmd/configuration.go

@@ -3,8 +3,8 @@ package cmd
 import (
 	"time"
 
-	"github.com/containous/traefik/v2/pkg/config/static"
-	"github.com/containous/traefik/v2/pkg/types"
+	ptypes "github.com/traefik/paerser/types"
+	"github.com/traefik/traefik/v2/pkg/config/static"
 )
 
 // TraefikCmdConfiguration wraps the static configuration and extra parameters.
@@ -23,7 +23,7 @@ func NewTraefikConfiguration() *TraefikCmdConfiguration {
 			},
 			EntryPoints: make(static.EntryPoints),
 			Providers: &static.Providers{
-				ProvidersThrottleDuration: types.Duration(2 * time.Second),
+				ProvidersThrottleDuration: ptypes.Duration(2 * time.Second),
 			},
 			ServersTransport: &static.ServersTransport{
 				MaxIdleConnsPerHost: 200,

cmd/healthcheck/healthcheck.go

@@ -7,8 +7,8 @@ import (
 	"os"
 	"time"
 
-	"github.com/containous/traefik/v2/pkg/cli"
-	"github.com/containous/traefik/v2/pkg/config/static"
+	"github.com/traefik/paerser/cli"
+	"github.com/traefik/traefik/v2/pkg/config/static"
 )
 
 // NewCmd builds a new HealthCheck command.

cmd/traefik/plugins.go

@@ -0,0 +1,40 @@
+package main
+
+import (
+	"github.com/traefik/traefik/v2/pkg/config/static"
+	"github.com/traefik/traefik/v2/pkg/plugins"
+)
+
+const outputDir = "./plugins-storage/"
+
+func initPlugins(staticCfg *static.Configuration) (*plugins.Client, map[string]plugins.Descriptor, *plugins.DevPlugin, error) {
+	if !isPilotEnabled(staticCfg) || !hasPlugins(staticCfg) {
+		return nil, map[string]plugins.Descriptor{}, nil, nil
+	}
+
+	opts := plugins.ClientOptions{
+		Output: outputDir,
+		Token:  staticCfg.Pilot.Token,
+	}
+
+	client, err := plugins.NewClient(opts)
+	if err != nil {
+		return nil, nil, nil, err
+	}
+
+	err = plugins.Setup(client, staticCfg.Experimental.Plugins, staticCfg.Experimental.DevPlugin)
+	if err != nil {
+		return nil, nil, nil, err
+	}
+
+	return client, staticCfg.Experimental.Plugins, staticCfg.Experimental.DevPlugin, nil
+}
+
+func isPilotEnabled(staticCfg *static.Configuration) bool {
+	return staticCfg.Pilot != nil && staticCfg.Pilot.Token != ""
+}
+
+func hasPlugins(staticCfg *static.Configuration) bool {
+	return staticCfg.Experimental != nil &&
+		(len(staticCfg.Experimental.Plugins) > 0 || staticCfg.Experimental.DevPlugin != nil)
+}

cmd/traefik/traefik.go

@@ -11,31 +11,34 @@ import (
 	"strings"
 	"time"
 
-	"github.com/containous/traefik/v2/autogen/genstatic"
-	"github.com/containous/traefik/v2/cmd"
-	"github.com/containous/traefik/v2/cmd/healthcheck"
-	cmdVersion "github.com/containous/traefik/v2/cmd/version"
-	"github.com/containous/traefik/v2/pkg/cli"
-	"github.com/containous/traefik/v2/pkg/collector"
-	"github.com/containous/traefik/v2/pkg/config/dynamic"
-	"github.com/containous/traefik/v2/pkg/config/static"
-	"github.com/containous/traefik/v2/pkg/log"
-	"github.com/containous/traefik/v2/pkg/metrics"
-	"github.com/containous/traefik/v2/pkg/middlewares/accesslog"
-	"github.com/containous/traefik/v2/pkg/provider/acme"
-	"github.com/containous/traefik/v2/pkg/provider/aggregator"
-	"github.com/containous/traefik/v2/pkg/provider/traefik"
-	"github.com/containous/traefik/v2/pkg/rules"
-	"github.com/containous/traefik/v2/pkg/safe"
-	"github.com/containous/traefik/v2/pkg/server"
-	"github.com/containous/traefik/v2/pkg/server/middleware"
-	"github.com/containous/traefik/v2/pkg/server/service"
-	traefiktls "github.com/containous/traefik/v2/pkg/tls"
-	"github.com/containous/traefik/v2/pkg/types"
-	"github.com/containous/traefik/v2/pkg/version"
 	"github.com/coreos/go-systemd/daemon"
 	assetfs "github.com/elazarl/go-bindata-assetfs"
 	"github.com/sirupsen/logrus"
+	"github.com/traefik/paerser/cli"
+	"github.com/traefik/traefik/v2/autogen/genstatic"
+	"github.com/traefik/traefik/v2/cmd"
+	"github.com/traefik/traefik/v2/cmd/healthcheck"
+	cmdVersion "github.com/traefik/traefik/v2/cmd/version"
+	tcli "github.com/traefik/traefik/v2/pkg/cli"
+	"github.com/traefik/traefik/v2/pkg/collector"
+	"github.com/traefik/traefik/v2/pkg/config/dynamic"
+	"github.com/traefik/traefik/v2/pkg/config/runtime"
+	"github.com/traefik/traefik/v2/pkg/config/static"
+	"github.com/traefik/traefik/v2/pkg/log"
+	"github.com/traefik/traefik/v2/pkg/metrics"
+	"github.com/traefik/traefik/v2/pkg/middlewares/accesslog"
+	"github.com/traefik/traefik/v2/pkg/pilot"
+	"github.com/traefik/traefik/v2/pkg/plugins"
+	"github.com/traefik/traefik/v2/pkg/provider/acme"
+	"github.com/traefik/traefik/v2/pkg/provider/aggregator"
+	"github.com/traefik/traefik/v2/pkg/provider/traefik"
+	"github.com/traefik/traefik/v2/pkg/safe"
+	"github.com/traefik/traefik/v2/pkg/server"
+	"github.com/traefik/traefik/v2/pkg/server/middleware"
+	"github.com/traefik/traefik/v2/pkg/server/service"
+	traefiktls "github.com/traefik/traefik/v2/pkg/tls"
+	"github.com/traefik/traefik/v2/pkg/types"
+	"github.com/traefik/traefik/v2/pkg/version"
 	"github.com/vulcand/oxy/roundrobin"
 )
 
@@ -43,7 +46,7 @@ func main() {
 	// traefik config inits
 	tConfig := cmd.NewTraefikConfiguration()
 
-	loaders := []cli.ResourceLoader{&cli.FileLoader{}, &cli.FlagLoader{}, &cli.EnvLoader{}}
+	loaders := []cli.ResourceLoader{&tcli.FileLoader{}, &tcli.FlagLoader{}, &tcli.EnvLoader{}}
 
 	cmdTraefik := &cli.Command{
 		Name: "traefik",
@@ -118,6 +121,12 @@ func runCmd(staticConfiguration *static.Configuration) error {
 
 	ctx := cmd.ContextWithSignal(context.Background())
 
+	if staticConfiguration.Experimental != nil && staticConfiguration.Experimental.DevPlugin != nil {
+		var cancel context.CancelFunc
+		ctx, cancel = context.WithTimeout(ctx, 30*time.Minute)
+		defer cancel()
+	}
+
 	if staticConfiguration.Ping != nil {
 		staticConfiguration.Ping.WithContext(ctx)
 	}
@@ -162,8 +171,6 @@ func runCmd(staticConfiguration *static.Configuration) error {
 }
 
 func setupServer(staticConfiguration *static.Configuration) (*server.Server, error) {
-	rules.EnableDomainFronting(staticConfiguration.Global.InsecureSNI)
-
 	providerAggregator := aggregator.NewProviderAggregator(*staticConfiguration.Providers)
 
 	// adds internal provider
@@ -189,11 +196,36 @@ func setupServer(staticConfiguration *static.Configuration) (*server.Server, err
 	ctx := context.Background()
 	routinesPool := safe.NewPool(ctx)
 
-	metricsRegistry := registerMetricClients(staticConfiguration.Metrics)
+	metricRegistries := registerMetricClients(staticConfiguration.Metrics)
+
+	var aviator *pilot.Pilot
+	if isPilotEnabled(staticConfiguration) {
+		pilotRegistry := metrics.RegisterPilot()
+
+		aviator = pilot.New(staticConfiguration.Pilot.Token, pilotRegistry, routinesPool)
+		routinesPool.GoCtx(func(ctx context.Context) {
+			aviator.Tick(ctx)
+		})
+
+		metricRegistries = append(metricRegistries, pilotRegistry)
+	}
+
+	metricsRegistry := metrics.NewMultiRegistry(metricRegistries)
 	accessLog := setupAccessLog(staticConfiguration.AccessLog)
 	chainBuilder := middleware.NewChainBuilder(*staticConfiguration, metricsRegistry, accessLog)
 	managerFactory := service.NewManagerFactory(*staticConfiguration, routinesPool, metricsRegistry)
-	routerFactory := server.NewRouterFactory(*staticConfiguration, managerFactory, tlsManager, chainBuilder)
+
+	client, plgs, devPlugin, err := initPlugins(staticConfiguration)
+	if err != nil {
+		return nil, err
+	}
+
+	pluginBuilder, err := plugins.NewBuilder(client, plgs, devPlugin)
+	if err != nil {
+		return nil, err
+	}
+
+	routerFactory := server.NewRouterFactory(*staticConfiguration, managerFactory, tlsManager, chainBuilder, pluginBuilder)
 
 	var defaultEntryPoints []string
 	for name, cfg := range staticConfiguration.EntryPoints {
@@ -227,7 +259,7 @@ func setupServer(staticConfiguration *static.Configuration) (*server.Server, err
 		metricsRegistry.LastConfigReloadSuccessGauge().Set(float64(time.Now().Unix()))
 	})
 
-	watcher.AddListener(switchRouter(routerFactory, acmeProviders, serverEntryPointsTCP, serverEntryPointsUDP))
+	watcher.AddListener(switchRouter(routerFactory, acmeProviders, serverEntryPointsTCP, serverEntryPointsUDP, aviator))
 
 	watcher.AddListener(func(conf dynamic.Configuration) {
 		if metricsRegistry.IsEpEnabled() || metricsRegistry.IsSvcEnabled() {
@@ -261,9 +293,12 @@ func setupServer(staticConfiguration *static.Configuration) (*server.Server, err
 	return server.NewServer(routinesPool, serverEntryPointsTCP, serverEntryPointsUDP, watcher, chainBuilder, accessLog), nil
 }
 
-func switchRouter(routerFactory *server.RouterFactory, acmeProviders []*acme.Provider, serverEntryPointsTCP server.TCPEntryPoints, serverEntryPointsUDP server.UDPEntryPoints) func(conf dynamic.Configuration) {
+func switchRouter(routerFactory *server.RouterFactory, acmeProviders []*acme.Provider, serverEntryPointsTCP server.TCPEntryPoints, serverEntryPointsUDP server.UDPEntryPoints, aviator *pilot.Pilot) func(conf dynamic.Configuration) {
 	return func(conf dynamic.Configuration) {
-		routers, udpRouters := routerFactory.CreateRouters(conf)
+		rtConf := runtime.NewConfig(conf)
+
+		routers, udpRouters := routerFactory.CreateRouters(rtConf)
+
 		for entryPointName, rt := range routers {
 			for _, p := range acmeProviders {
 				if p != nil && p.HTTPChallenge != nil && p.HTTPChallenge.EntryPoint == entryPointName {
@@ -272,6 +307,11 @@ func switchRouter(routerFactory *server.RouterFactory, acmeProviders []*acme.Pro
 				}
 			}
 		}
+
+		if aviator != nil {
+			aviator.SetRuntimeConfiguration(rtConf)
+		}
+
 		serverEntryPointsTCP.Switch(routers)
 		serverEntryPointsUDP.Switch(udpRouters)
 	}
@@ -315,9 +355,9 @@ func initACMEProvider(c *static.Configuration, providerAggregator *aggregator.Pr
 	return resolvers
 }
 
-func registerMetricClients(metricsConfig *types.Metrics) metrics.Registry {
+func registerMetricClients(metricsConfig *types.Metrics) []metrics.Registry {
 	if metricsConfig == nil {
-		return metrics.NewVoidRegistry()
+		return nil
 	}
 
 	var registries []metrics.Registry
@@ -352,7 +392,7 @@ func registerMetricClients(metricsConfig *types.Metrics) metrics.Registry {
 			metricsConfig.InfluxDB.Address, metricsConfig.InfluxDB.PushInterval)
 	}
 
-	return metrics.NewMultiRegistry(registries)
+	return registries
 }
 
 func setupAccessLog(conf *types.AccessLog) *accesslog.Handler {
@@ -438,13 +478,13 @@ func stats(staticConfiguration *static.Configuration) {
 		logger.Info(`Stats collection is enabled.`)
 		logger.Info(`Many thanks for contributing to Traefik's improvement by allowing us to receive anonymous information from your configuration.`)
 		logger.Info(`Help us improve Traefik by leaving this feature on :)`)
-		logger.Info(`More details on: https://docs.traefik.io/contributing/data-collection/`)
+		logger.Info(`More details on: https://doc.traefik.io/traefik/contributing/data-collection/`)
 		collect(staticConfiguration)
 	} else {
 		logger.Info(`
 Stats collection is disabled.
 Help us improve Traefik by turning this feature on :)
-More details on: https://docs.traefik.io/contributing/data-collection/
+More details on: https://doc.traefik.io/traefik/contributing/data-collection/
 `)
 	}
 }

cmd/version/version.go

@@ -7,8 +7,8 @@ import (
 	"runtime"
 	"text/template"
 
-	"github.com/containous/traefik/v2/pkg/cli"
-	"github.com/containous/traefik/v2/pkg/version"
+	"github.com/traefik/paerser/cli"
+	"github.com/traefik/traefik/v2/pkg/version"
 )
 
 var versionTemplate = `Version:      {{.Version}}

contrib/systemd/traefik.service

@@ -1,6 +1,6 @@
 [Unit]
 Description=Traefik
-Documentation=https://docs.traefik.io
+Documentation=https://doc.traefik.io/traefik/
 #After=network-online.target
 #AssertFileIsExecutable=/usr/bin/traefik
 #AssertPathExists=/etc/traefik/traefik.toml

docs/content/CNAME

@@ -1 +0,0 @@
-docs.traefik.io

docs/content/assets/styles/content.css

@@ -0,0 +1,70 @@
+.md-container {
+  padding-top: 0;
+}
+
+.md-content h1 {
+  color: var(--dark) !important;
+  font-weight: bold !important;
+}
+
+.md-content a {
+  color: var(--blue) !important;
+}
+
+.md-content a:hover {
+  font-weight: bold !important;
+}
+
+.md-typeset p code,
+.md-typeset .codehilite,
+.md-typeset .highlight {
+  background-color: var(--light-blue) !important;
+}
+
+.md-typeset table:not([class]) th {
+  background: var(--dark) !important;
+  color: white !important;
+}
+
+/* Front page image size */
+img[src$='#small'] {
+  width: 150px;
+}
+img[src$='#medium'] {
+  width: 300px;
+}
+
+/* Center table and objects */
+.center,
+img,
+.md-typeset__table {
+  display: block !important;
+  margin: 0 auto;
+}
+
+.md-typeset table:not([class]) tr td:first-child {
+  text-align: left;
+}
+.md-typeset table:not([class]) th:not([align]),
+.md-typeset table:not([class]) td:not([align]) {
+  text-align: center;
+}
+article p:not([class]),
+article ul:not([class]),
+article ol:not([class]) {
+  padding-left: 0.8em !important;
+}
+
+/* Fix for Chrome */
+.md-typeset__table td code {
+  word-break: unset;
+}
+
+.md-typeset__table tr :nth-child(1) {
+  word-wrap: break-word;
+  max-width: 30em;
+}
+
+p {
+  text-align: justify;
+}

docs/content/assets/styles/extra.css

@@ -1,63 +0,0 @@
-@import url('https://fonts.googleapis.com/css?family=Noto+Sans|Noto+Serif');
-
-.md-logo img {
-    background-color: white;
-    border-radius: 50%;
-    width: 30px;
-    height: 30px;
-}
-
-/* Fix for Chrome */
-.md-typeset__table td code {
-    word-break: unset;
-}
-
-.md-typeset__table tr :nth-child(1) {
-    word-wrap: break-word;
-    max-width: 30em;
-}
-
-body {
-    font-family: 'Noto Sans', sans-serif;
-}
-
-h1 {
-    font-weight: bold !important;
-    color: rgba(0,0,0,.9) !important;
-}
-
-h2 {
-    font-weight: bold !important;
-}
-
-h3 {
-    font-weight: bold !important;
-}
-
-.md-typeset h5 {
-    text-transform: none;
-}
-
-figcaption {
-    text-align: center;
-    font-size: 0.8em;
-    font-style: italic;
-    color: #8D909F;
-}
-
-p.subtitle {
-    color: rgba(0,0,0,.54);
-    padding-top: 0;
-    margin-top: -2em;
-    font-weight: bold;
-    font-size: 1.25em;
-}
-
-.markdown-body .task-list-item {
-    list-style-type: none !important;
-}
-
-.markdown-body .task-list-item input[type="checkbox"] {
-    margin: 0 4px 0.25em -20px;
-    vertical-align: middle;
-}

docs/content/assets/styles/footer.css

@@ -0,0 +1,10 @@
+.md-footer-meta {
+  background-color: var(--dark);
+}
+
+.md-footer-privacy-policy {
+  margin: 0 .6rem;
+  padding: .4rem 0;
+  color: hsla(0,0%,100%,.3);
+  font-size: .64rem;
+}

docs/content/assets/styles/header.css

@@ -0,0 +1,484 @@
+@import url('https://fonts.googleapis.com/css?family=Rubik:300i,400,400i,500,500i,700&display=swap');
+
+.wrapper-1200 {
+  width: 100%;
+  max-width: 61rem;
+  margin: 0 auto;
+  padding: 0 .6rem;
+}
+
+@media (max-width: 700px) {
+  .wrapper-1200 {
+    padding: 0 20px;
+  }
+}
+
+.btn-type-1 {
+  outline: none;
+  border: none;
+  background-color: #1e54d5;
+  line-height: 1em;
+  border-radius: 8px;
+  padding: 12px 15px;
+  text-transform: uppercase;
+  letter-spacing: 0.05em;
+  font-size: 1.25rem;
+  background-image: linear-gradient(to top, rgba(0, 0, 0, 0.28) 1%, #1e54d5 99%);
+  font-weight: 500;
+  text-align: center;
+  color: white;
+  transition: all 0.2s;
+}
+
+.button--secondary {
+  outline: none;
+  border: 2px solid #1e54d5 !important;
+  background: transparent;
+  line-height: 1em;
+  border-radius: 8px;
+  padding: 9px 13px;
+  letter-spacing: 0;
+  font-size: 1.3rem;
+  font-weight: 500;
+  text-align: center;
+  color: #1e54d5;
+  transition: all 0.2s;
+  display: inline-block;
+}
+.button--secondary:hover {
+  color: white !important;
+  background: #1e54d5;
+}
+.button--secondary:focus {
+  color: white !important;
+  background: #1e54d5;
+}
+
+.site-header-and-placeholder-wrapper {
+  position: relative;
+  height: 64px;
+}
+
+.site-header {
+  position: fixed;
+  width: 100%;
+  top: 0;
+  left: 0;
+  transition: height 0.1s;
+  z-index: 100;
+  background: white;
+  box-shadow: 0 0 7px 0 #00000021;
+  border-bottom: 1px solid #e2e2e2;
+  height: 64px;
+  display: flex;
+  align-items: center;
+  font-size: 10px;
+  font-family: 'Rubik', -apple-system, 'BlinkMacSystemFont', 'Segoe UI',
+    'Helvetica Neue', sans-serif;
+  color: #06102a;
+  -webkit-tap-highlight-color: rgba(0, 0, 0, 0);
+}
+
+.site-header.scrolled {
+  box-shadow: 0 0 5px 0 #00000028;
+  position: fixed;
+  top: 0;
+  height: 52px;
+}
+.site-header.scrolled .site-header__title a {
+  font-size: 2.2em;
+}
+
+.header-placeholder {
+  background: none;
+  width: 100%;
+  height: 64px;
+  position: absolute;
+}
+.header-placeholder.active {
+  display: block;
+}
+
+.site-header .wrapper-1200 {
+  display: flex;
+  justify-content: space-between;
+  align-items: center;
+}
+.site-header .wrapper-1200 .left {
+  display: flex;
+  align-items: center;
+  justify-content: flex-start;
+}
+
+.site-header__logo {
+  max-width: 145px;
+}
+
+.site-header__title a {
+  color: #06102a;
+  font-size: 2.2em;
+  font-weight: 500;
+  transition: all 0.2s;
+  text-transform: uppercase;
+  letter-spacing: 0.02em;
+}
+
+/* Navigation */
+.site-header__nav .menu-item-wrapper {
+  display: inline-block;
+  padding-left: 30px;
+}
+.site-header__nav .menu-item {
+  color: #06102a;
+  transition: all 0.05s;
+  font-size: 1.45em;
+  line-height: 1em;
+  font-weight: 500;
+}
+.site-header__nav .menu-item:hover {
+  color: #8a959e;
+}
+.site-header__nav .menu-item--with-icon {
+  display: flex;
+  align-items: center;
+  justify-content: flex-start;
+}
+.site-header__nav .menu-item--with-icon .title {
+  margin-right: 3px;
+}
+.site-header__nav .menu-item--with-icon .icon {
+  width: 20px;
+  height: 20px;
+  transition: all 0.1s;
+}
+.site-header__nav .menu-item--with-icon .icon svg {
+  stroke-width: 2.5 !important;
+  width: 100%;
+  height: 100%;
+}
+.site-header__nav .menu-item-wrapper--dropdown {
+  position: relative;
+}
+.site-header__nav .menu-item-wrapper--dropdown:hover .nav-dropdown-menu {
+  display: block;
+}
+.site-header__nav .nav-dropdown-menu {
+  display: none;
+}
+
+.nav-dropdown-menu {
+  position: absolute;
+  z-index: 500;
+  background: transparent;
+}
+
+.nav-dropdown-menu-wrapper {
+  border-radius: 8px;
+  box-shadow: 0 12px 40px 0 rgba(1, 10, 32, 0.24);
+  background: white;
+  margin: 8px 0;
+  overflow: hidden;
+}
+
+/* Products, Solutions dropdown menu */
+.nav-dropdown-menu--products,
+.nav-dropdown-menu--solutions {
+  width: 500px;
+}
+.nav-dropdown-menu--products .nav-dropdown-menu-wrapper,
+.nav-dropdown-menu--solutions .nav-dropdown-menu-wrapper {
+  padding: 20px;
+}
+.nav-dropdown-menu--products .nav-dropdown-menu-wrapper {
+  height: 430px;
+}
+
+.nav-dropdown-menu--products .dm-header,
+.nav-dropdown-menu--solutions .dm-header {
+  font-size: 1.1em;
+  font-weight: 500;
+  font-stretch: normal;
+  font-style: normal;
+  line-height: normal;
+  letter-spacing: 3.67px;
+  color: #505769;
+  margin-bottom: 20px;
+  text-transform: uppercase;
+}
+.nav-dropdown-menu--products .dm-item,
+.nav-dropdown-menu--solutions .dm-item {
+  border: none;
+  margin: 0 0 24px;
+  color: #06102a;
+  transition: all 0.1s;
+  position: relative;
+  width: 100%;
+}
+.nav-dropdown-menu--products .dm-item:last-child,
+.nav-dropdown-menu--solutions .dm-item:last-child {
+  margin-bottom: 0;
+}
+.nav-dropdown-menu--products .dm-item .dmi-image {
+  width: 104px;
+  height: 72px;
+  position: absolute;
+  /*background: #f4f4f4;*/
+  display: flex;
+  align-items: center;
+  justify-content: center;
+  padding: 20px;
+  border-radius: 4px;
+  z-index: 0;
+}
+
+.nav-dropdown-menu--solutions .dm-item .dmi-image {
+  width: 65px;
+  padding: 10px;
+  background: white;
+  height: auto;
+  position: absolute;
+  z-index: 0;
+}
+
+.nav-dropdown-menu--solutions .dm-item .dmi-image img {
+  width: 100%;
+}
+.nav-dropdown-menu--products .dm-item .dmi-details,
+.nav-dropdown-menu--solutions .dm-item .dmi-details {
+  padding: 6px 0 0 127px;
+  width: 100%;
+  background: transparent;
+  display: block;
+  color: #06102a;
+  position: relative;
+  z-index: 1;
+}
+.nav-dropdown-menu--products .dm-item .dmi-details:hover,
+.nav-dropdown-menu--solutions .dm-item .dmi-details:hover {
+  color: #1e54d5;
+}
+.nav-dropdown-menu--products .dm-item .dmi-title,
+.nav-dropdown-menu--solutions .dm-item .dmi-title {
+  font-size: 1.6em;
+  font-weight: 500;
+  margin: 0 0 2px;
+}
+.nav-dropdown-menu--products .dm-item .dmi-description,
+.nav-dropdown-menu--solutions .dm-item .dmi-description {
+  font-size: 1.4em;
+  opacity: 0.7;
+  line-height: 1.6em;
+}
+.nav-dropdown-menu--products .dm-item--traefikee .dmi-image img,
+.nav-dropdown-menu--solutions .dm-item--traefikee .dmi-image img {
+  transform: scale(1.1);
+}
+
+.nav-dropdown-menu--solutions .dm-item .dmi-details {
+  padding: 5px 0 0 80px;
+}
+.nav-dropdown-menu--solutions .dm-item:last-child {
+  margin-bottom: 10px;
+}
+
+/* Dropdown menu: Learn and Company */
+.nav-dropdown-menu--learn {
+  width: 250px;
+}
+.nav-dropdown-menu--company {
+  width: 500px;
+}
+.nav-dropdown-menu--company .nav-dropdown-menu-wrapper {
+  display: grid;
+  grid-template-columns: 50% 50%;
+}
+.nav-dropdown-menu--learn .dm-left,
+.nav-dropdown-menu--company .dm-left {
+  padding: 25px;
+}
+.nav-dropdown-menu--learn .dm-header,
+.nav-dropdown-menu--company .dm-header {
+  font-size: 1.1em;
+  font-weight: 500;
+  font-stretch: normal;
+  font-style: normal;
+  line-height: normal;
+  letter-spacing: 3.67px;
+  color: #505769;
+  margin-bottom: 20px;
+  text-transform: uppercase;
+}
+.nav-dropdown-menu--learn .dm-item,
+.nav-dropdown-menu--company .dm-item {
+  display: block;
+  font-size: 1.6em;
+  font-weight: 500;
+  color: #06102a;
+  margin-bottom: 15px;
+}
+.nav-dropdown-menu--learn .dm-item:last-child,
+.nav-dropdown-menu--company .dm-item:last-child {
+  margin-bottom: 0;
+}
+.nav-dropdown-menu--learn .dm-item:hover,
+.nav-dropdown-menu--company .dm-item:hover {
+  color: #1e54d5;
+}
+
+.dm-preview {
+  background: #edeff4;
+  overflow: hidden;
+  height: 100%;
+  display: flex;
+  flex-direction: column;
+}
+
+.dm-preview__feature-image {
+  overflow: hidden;
+  display: block;
+}
+
+.dm-preview__feature-image img {
+  width: 100%;
+  height: 145px;
+  background: #ffffff no-repeat 50%;
+  object-fit: cover;
+  vertical-align: middle;
+}
+
+.dm-preview__content {
+  padding: 15px;
+  display: flex;
+  justify-content: flex-start;
+  align-items: flex-start;
+  flex-direction: column;
+  flex: 1;
+  position: relative;
+}
+
+.dm-preview__tag {
+  display: block;
+  font-size: 1.2em;
+  color: #db7d11;
+  letter-spacing: 2.5px;
+  font-weight: 500;
+  margin: 0 0;
+  text-transform: uppercase;
+}
+
+.dm-preview__title {
+  font-size: 1.6em;
+  font-weight: 500;
+  line-height: 1.6em;
+  margin: 0;
+  color: #06102a;
+  display: block;
+  flex: 1;
+  position: relative;
+  z-index: 1;
+  padding-bottom: 20px;
+}
+
+.dm-preview .arrow-link {
+  justify-content: flex-start;
+  font-size: 1.4em;
+  position: absolute;
+  bottom: 12px;
+  z-index: 0;
+}
+
+/* Dropdown menu: Company */
+.nav-dropdown-menu--company {
+  width: 450px;
+}
+
+.nav-dropdown-menu--company .dm-right {
+  background: #06102a;
+  display: flex;
+  align-items: center;
+  justify-content: center;
+  flex-direction: column;
+  color: white;
+  padding: 20px;
+}
+.nav-dropdown-menu--company .dm-right p {
+  font-size: 1.6em;
+  font-weight: 500;
+  margin: 0 0 15px;
+  text-align: center;
+}
+.nav-dropdown-menu--company .dm-right a {
+  text-transform: uppercase;
+  line-height: 1.5em;
+  padding: 9px 12px;
+  font-size: 1.2em;
+}
+
+/* Demo */
+.site-header__demo-button .button--secondary {
+  font-size: 1.4em;
+  padding: 8px 12px;
+  border-radius: 6px;
+}
+
+/* Drawer */
+.site-header .drawer {
+  display: none;
+}
+
+@media (max-width: 1219px) {
+  .site-header__nav .menu-item-wrapper {
+    padding-left: 20px;
+  }
+}
+@media (max-width: 980px) {
+  .site-header__nav {
+    display: none;
+  }
+
+  .site-header .drawer {
+    display: block;
+  }
+
+  .site-header .right .site-header__demo-button {
+    display: none;
+  }
+
+  html [data-md-color-primary=indigo] .md-nav--primary .md-nav__title--site {
+    background-color: #06102a;
+  }
+
+  html .md-nav--primary .md-nav__title {
+    padding: 64px .8rem .2rem;
+  }
+
+  .md-search__inner {
+    top: 64px;
+    right: 0;
+  }
+}
+
+.md-header .md-search {
+  margin-right: 12.1rem;
+}
+
+.site-header__main {
+  display: flex;
+  align-items: center;
+}
+
+.dmi-image.proxy {
+  background-color: #24a1c1;
+}
+
+.dmi-image.mesh {
+  background-color: #9d0fb0;
+}
+
+.dmi-image.enterprise {
+  background-color: #0060e0;
+}
+
+.dmi-image.pilot {
+  background-color: #db7d11;
+}

docs/content/assets/styles/menu.css

@@ -0,0 +1,101 @@
+.md-nav__link {
+  margin-left: -0.4rem;
+  padding: 0 0.4rem;
+  line-height: 32px;
+  color: var(--dark) !important;
+}
+
+.md-nav__link::after {
+  font-size: 16px;
+  vertical-align: -.25em;
+}
+
+.md-nav__toggle:checked + .md-nav__link,
+.md-nav__link--active,
+.md-nav__link:hover {
+  border-radius: 8px;
+  background-color: var(--light-blue) !important;
+  color: var(--dark) !important;
+  transition: background-color 0.3s ease;
+}
+
+.md-nav__link--active {
+  color: var(--blue) !important;
+  font-weight: bold;
+}
+
+.md-sidebar--primary {
+  background-color: white;
+}
+
+.md-sidebar--secondary .md-nav__title {
+  font-size: 12px;
+  text-transform: uppercase;
+  margin-bottom: 0.4rem;
+  padding: 0;
+}
+
+.md-sidebar--secondary .md-sidebar__scrollwrap {
+  border-radius: 8px;
+  background-color: var(--light-blue) !important;
+}
+
+.md-sidebar--secondary .md-nav__title {
+  padding: 0.8rem 0.4rem 0.8rem;
+}
+
+.md-sidebar--secondary .md-nav__list {
+  padding: 0 0.4rem 0.8rem 1.2rem;
+}
+
+.md-sidebar--secondary .md-sidebar__scrollwrap .md-nav__link {
+  font-weight: 300;
+}
+
+.md-sidebar--secondary
+  .md-sidebar__scrollwrap
+  .md-nav__link[data-md-state='blur'],
+.md-sidebar--secondary .md-sidebar__scrollwrap .md-nav__link:hover {
+  color: var(--blue) !important;
+  font-weight: bold;
+}
+
+.md-sidebar--secondary .md-nav__item {
+  padding: 0 0 0 0.4rem;
+}
+
+.md-sidebar--secondary .md-nav__link {
+  margin-top: 0.225em;
+  padding: 0.1rem 0.2rem;
+}
+
+.md-sidebar--secondary li {
+  list-style-type: disc;
+}
+
+.md-sidebar--secondary .repo_url {
+  padding: 10px 0 14px 0;
+}
+
+
+.md-search__inner {
+  width: inherit;
+  float: inherit;
+}
+
+.md-search__input {
+  margin-bottom: 10px;
+  border-radius: 4px; 
+  background-color: inherit;
+  border: 1px solid rgba(0,0,0,.07);
+}
+
+.md-search__input::placeholder {
+  color: rgba(0,0,0,.07);
+}
+
+@media only screen and (min-width: 60em) {
+  [data-md-toggle=search]:checked~.md-header .md-search__inner {
+    margin-top: 100px;
+  }
+}

docs/content/assets/styles/product-switcher.css

@@ -0,0 +1,24 @@
+.product-switcher {
+  font-size: 10px;
+  font-family: 'Rubik', -apple-system, 'BlinkMacSystemFont', 'Segoe UI',
+    'Helvetica Neue', sans-serif;
+  color: #06102a;
+  -webkit-tap-highlight-color: rgba(0, 0, 0, 0);
+}
+
+.product-switcher .menu-item-wrapper {
+  padding-left: 15px;
+}
+
+.product-switcher img {
+  margin-right: 10px;
+}
+
+.product-switcher img.gopher {
+  margin: 0 2px 0 16px;
+}
+
+.product-switcher .nav-dropdown-menu--products .nav-dropdown-menu-wrapper {
+  width: auto;
+  height: auto;
+}

docs/content/assets/styles/root.css

@@ -0,0 +1,10 @@
+:root {
+  --dark: #06102a;
+  --blue: #04B5D1;
+  --light-blue: #E4F7FA;
+
+  --input-bg-color: white;
+  --input-color: black;
+  --input-placeholder-color: #bbb;
+  --input-border-color: #dcdcdc;
+}

docs/content/contributing/advocating.md

@@ -5,6 +5,6 @@ Spread the Love & Tell Us about It
 
 There are many ways to contribute to the project, and there is one that always spark joy: when we see/read about users talking about how Traefik helps them solve their problems.
 
-If you're talking about Traefik, [let us know](https://blog.containo.us/spread-the-love-ba5a40aa72e7) and we'll promote your enthusiasm!
+If you're talking about Traefik, [let us know](https://blog.traefik.io/spread-the-love-ba5a40aa72e7) and we'll promote your enthusiasm!
 
-Also, if you've written about Traefik or shared useful information you'd like to promote, feel free to add links in the [dedicated wiki page on Github](https://github.com/containous/traefik/wiki/Awesome-Traefik).
+Also, if you've written about Traefik or shared useful information you'd like to promote, feel free to add links in the [dedicated wiki page on Github](https://github.com/traefik/traefik/wiki/Awesome-Traefik).

docs/content/contributing/building-testing.md

@@ -35,7 +35,7 @@ Step 1/10 : FROM golang:1.14-alpine
 [...]
 Successfully built 5c3c1a911277
 Successfully tagged traefik-dev:4475--feature-documentation
-docker run  -e "TEST_CONTAINER=1" -v "/var/run/docker.sock:/var/run/docker.sock" -it -e OS_ARCH_ARG -e OS_PLATFORM_ARG -e TESTFLAGS -e VERBOSE -e VERSION -e CODENAME -e TESTDIRS -e CI -e CONTAINER=DOCKER		 -v "/home/ldez/sources/go/src/github.com/containous/traefik/"dist":/go/src/github.com/containous/traefik/"dist"" "traefik-dev:4475--feature-documentation" ./script/make.sh generate binary
+docker run  -e "TEST_CONTAINER=1" -v "/var/run/docker.sock:/var/run/docker.sock" -it -e OS_ARCH_ARG -e OS_PLATFORM_ARG -e TESTFLAGS -e VERBOSE -e VERSION -e CODENAME -e TESTDIRS -e CI -e CONTAINER=DOCKER		 -v "/home/ldez/sources/go/src/github.com/traefik/traefik/"dist":/go/src/github.com/traefik/traefik/"dist"" "traefik-dev:4475--feature-documentation" ./script/make.sh generate binary
 ---> Making bundle: generate (in .)
 removed 'autogen/genstatic/gen.go'
 
@@ -68,7 +68,7 @@ Requirements:
 
 !!! tip "Source Directory"
 
-    It is recommended that you clone Traefik into the `~/go/src/github.com/containous/traefik` directory.
+    It is recommended that you clone Traefik into the `~/go/src/github.com/traefik/traefik` directory.
     This is the official golang workspace hierarchy that will allow dependencies to be properly resolved.
 
 !!! note "Environment"
@@ -104,7 +104,7 @@ Once you've set up your go environment and cloned the source repository, you can
 Beforehand, you need to get [go-bindata](https://github.com/containous/go-bindata) (the first time) in order to be able to use the `go generate` command (which is part of the build process).
 
 ```bash
-cd ~/go/src/github.com/containous/traefik
+cd ~/go/src/github.com/traefik/traefik
 
 # Get go-bindata. (Important: the ellipses are required.)
 GO111MODULE=off go get github.com/containous/go-bindata/...
@@ -124,7 +124,7 @@ go generate
 go build ./cmd/traefik
 ```
 
-You will find the Traefik executable (`traefik`) in the `~/go/src/github.com/containous/traefik` directory.
+You will find the Traefik executable (`traefik`) in the `~/go/src/github.com/traefik/traefik` directory.
 
 ## Testing
 
@@ -138,13 +138,13 @@ Run all tests (unit and integration) using the `test` target.
 $ make test-unit
 docker build -t "traefik-dev:your-feature-branch" -f build.Dockerfile .
 # […]
-docker run --rm -it -e OS_ARCH_ARG -e OS_PLATFORM_ARG -e TESTFLAGS -v "/home/user/go/src/github/containous/traefik/dist:/go/src/github.com/containous/traefik/dist" "traefik-dev:your-feature-branch" ./script/make.sh generate test-unit
+docker run --rm -it -e OS_ARCH_ARG -e OS_PLATFORM_ARG -e TESTFLAGS -v "/home/user/go/src/github/traefik/traefik/dist:/go/src/github.com/traefik/traefik/dist" "traefik-dev:your-feature-branch" ./script/make.sh generate test-unit
 ---> Making bundle: generate (in .)
 removed 'gen.go'
 
 ---> Making bundle: test-unit (in .)
 + go test -cover -coverprofile=cover.out .
-ok      github.com/containous/traefik   0.005s  coverage: 4.1% of statements
+ok      github.com/traefik/traefik   0.005s  coverage: 4.1% of statements
 
 Test success
 ```
@@ -172,7 +172,7 @@ More: https://labix.org/gocheck
 Unit tests can be run from the cloned directory using `$ go test ./...` which should return `ok`, similar to:
 
 ```test
-ok      _/home/user/go/src/github/containous/traefik    0.004s
+ok      _/home/user/go/src/github/traefik/traefik    0.004s
 ```
 
 Integration tests must be run from the `integration/` directory and require the `-integration` switch: `$ cd integration && go test -integration ./...`.

docs/content/contributing/data-collection.md

@@ -29,7 +29,7 @@ For this very reason, the sendAnonymousUsage option is mandatory: we want you to
 
 ## Collected Data
 
-This feature comes from the public proposal [here](https://github.com/containous/traefik/issues/2369).
+This feature comes from the public proposal [here](https://github.com/traefik/traefik/issues/2369).
 
 In order to help us learn more about how Traefik is being used and improve it, we collect anonymous usage statistics from running instances.
 Those data help us prioritize our developments and focus on what's important for our users (for example, which provider is popular, and which is not).
@@ -85,11 +85,11 @@ Once a day (the first call begins 10 minutes after the start of Traefik), we col
     ca = "xxxx"
     cert = "xxxx"
     key = "xxxx"
-    insecureSkipVerify = false
+    insecureSkipVerify = true
 ```
 
 ## The Code for Data Collection
 
-If you want to dig into more details, here is the source code of the collecting system: [collector.go](https://github.com/containous/traefik/blob/master/pkg/collector/collector.go)
+If you want to dig into more details, here is the source code of the collecting system: [collector.go](https://github.com/traefik/traefik/blob/master/pkg/collector/collector.go)
 
 By default we anonymize all configuration fields, except fields tagged with `export=true`.

docs/content/contributing/documentation.md

@@ -10,7 +10,7 @@ Let's see how.
 
 ### General
 
-This [documentation](https://docs.traefik.io/) is built with [mkdocs](https://mkdocs.org/).
+This [documentation](https://doc.traefik.io/traefik/) is built with [mkdocs](https://mkdocs.org/).
 
 ### Method 1: `Docker` and `make`
 
@@ -20,7 +20,7 @@ You can build the documentation and test it locally (with live reloading), using
 $ make docs
 docker build -t traefik-docs -f docs.Dockerfile .
 # […]
-docker run  --rm -v /home/user/go/github/containous/traefik:/mkdocs -p 8000:8000 traefik-docs mkdocs serve
+docker run  --rm -v /home/user/go/github/traefik/traefik:/mkdocs -p 8000:8000 traefik-docs mkdocs serve
 # […]
 [I 170828 20:47:48 server:283] Serving on http://0.0.0.0:8000
 [I 170828 20:47:48 handlers:60] Start watching changes
@@ -75,7 +75,7 @@ To check that the documentation meets standard expectations (no dead links, html
 $ make docs-verify
 docker build -t traefik-docs-verify ./script/docs-verify-docker-image ## Build Validator image
 ...
-docker run --rm -v /home/travis/build/containous/traefik:/app traefik-docs-verify ## Check for dead links and w3c compliance
+docker run --rm -v /home/travis/build/traefik/traefik:/app traefik-docs-verify ## Check for dead links and w3c compliance
 === Checking HTML content...
 Running ["HtmlCheck", "ImageCheck", "ScriptCheck", "LinkCheck"] on /app/site/basics/index.html on *.html...
 ```

docs/content/contributing/maintainers.md

@@ -20,7 +20,7 @@
 
 ## Contributions Daily Meeting
 
-* 3 Maintainers should attend to a Contributions Daily Meeting where we sort and label new issues ([is:issue label:status/0-needs-triage](https://github.com/containous/traefik/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3Astatus%2F0-needs-triage+)), and review every Pull Requests
+* 3 Maintainers should attend to a Contributions Daily Meeting where we sort and label new issues ([is:issue label:status/0-needs-triage](https://github.com/traefik/traefik/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3Astatus%2F0-needs-triage+)), and review every Pull Requests
 * Every pull request should be checked during the Contributions Daily Meeting
     * Even if it’s already assigned
     * Even PR labelled with `contributor/waiting-for-corrections` or `contributor/waiting-for-feedback`
@@ -43,7 +43,7 @@ We use [PRM](https://github.com/ldez/prm) to manage locally pull requests.
 
 ## Bots
 
-### [Myrmica Lobicornis](https://github.com/containous/lobicornis/)
+### [Myrmica Lobicornis](https://github.com/traefik/lobicornis/)
 
 Update and Merge Pull Request.
 
@@ -67,12 +67,12 @@ This label is used when:
 * Merging branches into the master
 * Preparing the release
 
-### [Myrmica Bibikoffi](https://github.com/containous/bibikoffi/)
+### [Myrmica Bibikoffi](https://github.com/traefik/bibikoffi/)
 
 * closes stale issues [cron]
     * use some criterion as number of days between creation, last update, labels, ...
 
-### [Myrmica Aloba](https://github.com/containous/aloba)
+### [Myrmica Aloba](https://github.com/traefik/aloba)
 
 Manage GitHub labels.
 

docs/content/contributing/submitting-issues.md

@@ -3,7 +3,7 @@
 Help Us Help You!
 {: .subtitle }
 
-We use the [GitHub issue tracker](https://github.com/containous/traefik/issues) to keep track of issues in Traefik. 
+We use the [GitHub issue tracker](https://github.com/traefik/traefik/issues) to keep track of issues in Traefik. 
 
 The process of sorting and checking the issues is a daunting task, and requires a lot of work (more than an hour a day ... just for sorting).
 To save us some time and get quicker feedback, be sure to follow the guide lines below.
@@ -14,7 +14,7 @@ To save us some time and get quicker feedback, be sure to follow the guide lines
 
     For end-user related support questions, try using first:
 
-    - the Traefik community forum: [![Join the chat at https://community.containo.us/](https://img.shields.io/badge/style-register-green.svg?style=social&label=Discourse)](https://community.containo.us/)
+    - the Traefik community forum: [![Join the chat at https://community.traefik.io/](https://img.shields.io/badge/style-register-green.svg?style=social&label=Discourse)](https://community.traefik.io/)
 
 ## Issue Title
 
@@ -22,7 +22,7 @@ The title must be short and descriptive. (~60 characters)
 
 ## Description
 
-Follow the [issue template](https://github.com/containous/traefik/blob/master/.github/ISSUE_TEMPLATE.md) as much as possible.
+Follow the [issue template](https://github.com/traefik/traefik/blob/master/.github/ISSUE_TEMPLATE.md) as much as possible.
 
 Explain us in which conditions you encountered the issue, what is your context.
 

docs/content/contributing/submitting-pull-requests.md

@@ -15,7 +15,7 @@ The title must be short and descriptive. (~60 characters)
 
 ## Description
 
-Follow the [pull request template](https://github.com/containous/traefik/blob/master/.github/PULL_REQUEST_TEMPLATE.md) as much as possible.
+Follow the [pull request template](https://github.com/traefik/traefik/blob/master/.github/PULL_REQUEST_TEMPLATE.md) as much as possible.
 
 Explain the conditions which led you to write this PR: give us context.
 The context should lead to something, an idea or a problem that you’re facing.

docs/content/contributing/thank-you.md

@@ -3,8 +3,8 @@
 _You_ Made It
 {: .subtitle}
 
-Traefik truly is an [open-source project](https://github.com/containous/traefik/),
-and wouldn't have become what it is today without the help of our [many contributors](https://github.com/containous/traefik/graphs/contributors) (at the time of writing this),
+Traefik truly is an [open-source project](https://github.com/traefik/traefik/),
+and wouldn't have become what it is today without the help of our [many contributors](https://github.com/traefik/traefik/graphs/contributors) (at the time of writing this),
 not accounting for people having helped with issues, tests, comments, articles, ... or just enjoying it and letting others know.
 
 So once again, thank you for your invaluable help on making Traefik such a good product.

docs/content/getting-started/install-traefik.md

@@ -9,11 +9,11 @@ You can install Traefik with the following flavors:
 
 ## Use the Official Docker Image
 
-Choose one of the [official Docker images](https://hub.docker.com/_/traefik) and run it with the [sample configuration file](https://raw.githubusercontent.com/containous/traefik/v2.2/traefik.sample.toml):
+Choose one of the [official Docker images](https://hub.docker.com/_/traefik) and run it with the [sample configuration file](https://raw.githubusercontent.com/traefik/traefik/v2.3/traefik.sample.toml):
 
 ```bash
 docker run -d -p 8080:8080 -p 80:80 \
-    -v $PWD/traefik.toml:/etc/traefik/traefik.toml traefik:v2.2
+    -v $PWD/traefik.toml:/etc/traefik/traefik.toml traefik:v2.3
 ```
 
 For more details, go to the [Docker provider documentation](../providers/docker.md)
@@ -30,9 +30,9 @@ For more details, go to the [Docker provider documentation](../providers/docker.
 !!! warning
     
     The Traefik Chart from 
-    [Helm's default charts repository](https://github.com/helm/charts/tree/master/stable/traefik) is still using [Traefik v1.7](https://docs.traefik.io/v1.7).
+    [Helm's default charts repository](https://github.com/helm/charts/tree/master/stable/traefik) is still using [Traefik v1.7](https://doc.traefik.io/traefik/v1.7).
 
-Traefik can be installed in Kubernetes using the Helm chart from <https://github.com/containous/traefik-helm-chart>.
+Traefik can be installed in Kubernetes using the Helm chart from <https://github.com/traefik/traefik-helm-chart>.
 
 Ensure that the following requirements are met:
 
@@ -42,7 +42,7 @@ Ensure that the following requirements are met:
 Add Traefik's chart repository to Helm:
 
 ```bash
-helm repo add traefik https://containous.github.io/traefik-helm-chart
+helm repo add traefik https://traefik.github.io/traefik-helm-chart
 ```
 
 You can update the chart repository by running:
@@ -76,7 +76,7 @@ helm install traefik traefik/traefik
     {: #helm-custom-values }
     
     The values are not (yet) documented, but are self-explanatory:
-    you can look at the [default `values.yaml`](https://github.com/containous/traefik-helm-chart/blob/master/traefik/values.yaml) file to explore possibilities.
+    you can look at the [default `values.yaml`](https://github.com/traefik/traefik-helm-chart/blob/master/traefik/values.yaml) file to explore possibilities.
     
     You can also set Traefik command line flags using `additionalArguments`.
     Example of installation with logging set to `DEBUG`:
@@ -128,7 +128,7 @@ spec:
 
 ## Use the Binary Distribution
 
-Grab the latest binary from the [releases](https://github.com/containous/traefik/releases) page.
+Grab the latest binary from the [releases](https://github.com/traefik/traefik/releases) page.
 
 ??? info "Check the integrity of the downloaded file"
 

docs/content/getting-started/quick-start.md

@@ -15,7 +15,7 @@ version: '3'
 services:
   reverse-proxy:
     # The official v2 Traefik docker image
-    image: traefik:v2.2
+    image: traefik:v2.3
     # Enables the web UI and tells Traefik to listen to docker
     command: --api.insecure=true --providers.docker
     ports:
@@ -48,7 +48,7 @@ Edit your `docker-compose.yml` file and add the following at the end of your fil
 # ...
   whoami:
     # A container that exposes an API to show its IP address
-    image: containous/whoami
+    image: traefik/whoami
     labels:
       - "traefik.http.routers.whoami.rule=Host(`whoami.docker.localhost`)"
 ```

docs/content/glossary.md

@@ -12,7 +12,7 @@ Where Every Technical Word finds its Definition`
 - [ ] [Static configuration](getting-started/configuration-overview.md#the-static-configuration)
 - [ ] [Dynamic configuration](getting-started/configuration-overview.md#the-dynamic-configuration)
 - [ ] ACME
-- [ ] TraefikEE
+- [ ] Traefik Enterprise
 - [ ] Tracing
 - [ ] Metrics
 - [ ] Orchestrator

docs/content/https/acme.md

@@ -284,7 +284,7 @@ For complete details, refer to your provider's _Additional configuration_ link.
 |-------------------------------------------------------------|----------------|---------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------|
 | [ACME DNS](https://github.com/joohoi/acme-dns)              | `acme-dns`     | `ACME_DNS_API_BASE`, `ACME_DNS_STORAGE_PATH`                                                                                                | [Additional configuration](https://go-acme.github.io/lego/dns/acme-dns)     |
 | [Alibaba Cloud](https://www.alibabacloud.com)               | `alidns`       | `ALICLOUD_ACCESS_KEY`, `ALICLOUD_SECRET_KEY`, `ALICLOUD_REGION_ID`                                                                          | [Additional configuration](https://go-acme.github.io/lego/dns/alidns)       |
-| [ArvanCloud](https://arvancloud.com)                        | `arvancloud`   | `ARVANCLOUD_API_KEY`                                                                                                                        | [Additional configuration](https://go-acme.github.io/lego/dns/arvancloud)   |
+| [ArvanCloud](https://www.arvancloud.com/en)                 | `arvancloud`   | `ARVANCLOUD_API_KEY`                                                                                                                        | [Additional configuration](https://go-acme.github.io/lego/dns/arvancloud)   |
 | [Auroradns](https://www.pcextreme.com/dns-health-checks)    | `auroradns`    | `AURORA_USER_ID`, `AURORA_KEY`, `AURORA_ENDPOINT`                                                                                           | [Additional configuration](https://go-acme.github.io/lego/dns/auroradns)    |
 | [Autodns](https://www.internetx.com/domains/autodns/)       | `autodns`      | `AUTODNS_API_USER`, `AUTODNS_API_PASSWORD`                                                                                                  | [Additional configuration](https://go-acme.github.io/lego/dns/autodns)      |
 | [Azure](https://azure.microsoft.com/services/dns/)          | `azure`        | `AZURE_CLIENT_ID`, `AZURE_CLIENT_SECRET`, `AZURE_SUBSCRIPTION_ID`, `AZURE_TENANT_ID`, `AZURE_RESOURCE_GROUP`, `[AZURE_METADATA_ENDPOINT]`   | [Additional configuration](https://go-acme.github.io/lego/dns/azure)        |
@@ -308,9 +308,10 @@ For complete details, refer to your provider's _Additional configuration_ link.
 | [Dyn](https://dyn.com)                                      | `dyn`          | `DYN_CUSTOMER_NAME`, `DYN_USER_NAME`, `DYN_PASSWORD`                                                                                        | [Additional configuration](https://go-acme.github.io/lego/dns/dyn)          |
 | [Dynu](https://www.dynu.com)                                | `dynu`         | `DYNU_API_KEY`                                                                                                                              | [Additional configuration](https://go-acme.github.io/lego/dns/dynu)         |
 | [EasyDNS](https://easydns.com/)                             | `easydns`      | `EASYDNS_TOKEN`, `EASYDNS_KEY`                                                                                                              | [Additional configuration](https://go-acme.github.io/lego/dns/easydns)      |
+| [EdgeDNS](https://www.akamai.com/)                          | `edgedns`      | `AKAMAI_CLIENT_TOKEN`,  `AKAMAI_CLIENT_SECRET`,  `AKAMAI_ACCESS_TOKEN`                                                                      | [Additional configuration](https://go-acme.github.io/lego/dns/edgedns)      |
 | External Program                                            | `exec`         | `EXEC_PATH`                                                                                                                                 | [Additional configuration](https://go-acme.github.io/lego/dns/exec)         |
 | [Exoscale](https://www.exoscale.com)                        | `exoscale`     | `EXOSCALE_API_KEY`, `EXOSCALE_API_SECRET`, `EXOSCALE_ENDPOINT`                                                                              | [Additional configuration](https://go-acme.github.io/lego/dns/exoscale)     |
-| [Fast DNS](https://www.akamai.com/)                         | `fastdns`      | `AKAMAI_CLIENT_TOKEN`,  `AKAMAI_CLIENT_SECRET`,  `AKAMAI_ACCESS_TOKEN`                                                                      | [Additional configuration](https://go-acme.github.io/lego/dns/fastdns)      |
+| [Fast DNS](https://www.akamai.com/)                         | `fastdns`      | `AKAMAI_CLIENT_TOKEN`,  `AKAMAI_CLIENT_SECRET`,  `AKAMAI_ACCESS_TOKEN`                                                                      | [Additional configuration](https://go-acme.github.io/lego/dns/edgedns)      |
 | [Gandi](https://www.gandi.net)                              | `gandi`        | `GANDI_API_KEY`                                                                                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/gandi)        |
 | [Gandi v5](http://doc.livedns.gandi.net)                    | `gandiv5`      | `GANDIV5_API_KEY`                                                                                                                           | [Additional configuration](https://go-acme.github.io/lego/dns/gandiv5)      |
 | [Glesys](https://glesys.com/)                               | `glesys`       | `GLESYS_API_USER`, `GLESYS_API_KEY`, `GLESYS_DOMAIN`                                                                                        | [Additional configuration](https://go-acme.github.io/lego/dns/glesys)       |
@@ -319,12 +320,12 @@ For complete details, refer to your provider's _Additional configuration_ link.
 | [Hetzner](https://hetzner.com)                              | `hetzner`      | `HETZNER_API_KEY`                                                                                                                           | [Additional configuration](https://go-acme.github.io/lego/dns/hetzner)      |
 | [hosting.de](https://www.hosting.de)                        | `hostingde`    | `HOSTINGDE_API_KEY`, `HOSTINGDE_ZONE_NAME`                                                                                                  | [Additional configuration](https://go-acme.github.io/lego/dns/hostingde)    |
 | HTTP request                                                | `httpreq`      | `HTTPREQ_ENDPOINT`, `HTTPREQ_MODE`, `HTTPREQ_USERNAME`, `HTTPREQ_PASSWORD` [^1]                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/httpreq)      |
+| [HyperOne](https://www.hyperone.com)                        | `hyperone`     | `HYPERONE_PASSPORT_LOCATION`, `HYPERONE_LOCATION_ID`                                                                                        | [Additional configuration](https://go-acme.github.io/lego/dns/hyperone)     |
 | [IIJ](https://www.iij.ad.jp/)                               | `iij`          | `IIJ_API_ACCESS_KEY`, `IIJ_API_SECRET_KEY`, `IIJ_DO_SERVICE_CODE`                                                                           | [Additional configuration](https://go-acme.github.io/lego/dns/iij)          |
 | [INWX](https://www.inwx.de/en)                              | `inwx`         | `INWX_USERNAME`, `INWX_PASSWORD`                                                                                                            | [Additional configuration](https://go-acme.github.io/lego/dns/inwx)         |
 | [Joker.com](https://joker.com)                              | `joker`        | `JOKER_API_KEY` or `JOKER_USERNAME`, `JOKER_PASSWORD`                                                                                       | [Additional configuration](https://go-acme.github.io/lego/dns/joker)        |
 | [Lightsail](https://aws.amazon.com/lightsail/)              | `lightsail`    | `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `DNS_ZONE`                                                                                    | [Additional configuration](https://go-acme.github.io/lego/dns/lightsail)    |
-| [Linode](https://www.linode.com)                            | `linode`       | `LINODE_API_KEY`                                                                                                                            | [Additional configuration](https://go-acme.github.io/lego/dns/linode)       |
-| [Linode v4](https://www.linode.com)                         | `linodev4`     | `LINODE_TOKEN`                                                                                                                              | [Additional configuration](https://go-acme.github.io/lego/dns/linodev4)     |
+| [Linode v4](https://www.linode.com)                         | `linode`       | `LINODE_TOKEN`                                                                                                                              | [Additional configuration](https://go-acme.github.io/lego/dns/linode)       |
 | [Liquid Web](https://www.liquidweb.com/)                    | `liquidweb`    | `LIQUID_WEB_PASSWORD`, `LIQUID_WEB_USERNAME`, `LIQUID_WEB_ZONE`                                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/liquidweb)    |
 | [LuaDNS](https://luadns.com)                                | `luadns`       | `LUADNS_API_USERNAME`, `LUADNS_API_TOKEN`                                                                                                   | [Additional configuration](https://go-acme.github.io/lego/dns/luadns)       |
 | manual                                                      | `manual`       | none, but you need to run Traefik interactively [^4], turn on debug log to see instructions and press <kbd>Enter</kbd>.                     |                                                                             |
@@ -336,7 +337,7 @@ For complete details, refer to your provider's _Additional configuration_ link.
 | [Netcup](https://www.netcup.eu/)                            | `netcup`       | `NETCUP_CUSTOMER_NUMBER`, `NETCUP_API_KEY`, `NETCUP_API_PASSWORD`                                                                           | [Additional configuration](https://go-acme.github.io/lego/dns/netcup)       |
 | [Netlify](https://www.netlify.com)                          | `netlify`      | `NETLIFY_TOKEN`                                                                                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/netlify)      |
 | [NIFCloud](https://cloud.nifty.com/service/dns.htm)         | `nifcloud`     | `NIFCLOUD_ACCESS_KEY_ID`, `NIFCLOUD_SECRET_ACCESS_KEY`                                                                                      | [Additional configuration](https://go-acme.github.io/lego/dns/nifcloud)     |
-| [Ns1](https://ns1.com/)                                     | `ns1`          | `NS1_API_KEY`                                                                                                                               | [Additional configuration](https://go-acme.github.io/lego/dns/ns1)          |
+| [NS1](https://ns1.com/)                                     | `ns1`          | `NS1_API_KEY`                                                                                                                               | [Additional configuration](https://go-acme.github.io/lego/dns/ns1)          |
 | [Open Telekom Cloud](https://cloud.telekom.de)              | `otc`          | `OTC_DOMAIN_NAME`, `OTC_USER_NAME`, `OTC_PASSWORD`, `OTC_PROJECT_NAME`, `OTC_IDENTITY_ENDPOINT`                                             | [Additional configuration](https://go-acme.github.io/lego/dns/otc)          |
 | [OVH](https://www.ovh.com)                                  | `ovh`          | `OVH_ENDPOINT`, `OVH_APPLICATION_KEY`, `OVH_APPLICATION_SECRET`, `OVH_CONSUMER_KEY`                                                         | [Additional configuration](https://go-acme.github.io/lego/dns/ovh)          |
 | [Openstack Designate](https://docs.openstack.org/designate) | `designate`    | `OS_AUTH_URL`, `OS_USERNAME`, `OS_PASSWORD`, `OS_TENANT_NAME`, `OS_REGION_NAME`                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/designate)    |
@@ -362,7 +363,7 @@ For complete details, refer to your provider's _Additional configuration_ link.
 | [Zonomi](https://zonomi.com)                                | `zonomi`       | `ZONOMI_API_KEY`                                                                                                                            | [Additional configuration](https://go-acme.github.io/lego/dns/zonomi)       |
 
 [^1]: more information about the HTTP message format can be found [here](https://go-acme.github.io/lego/dns/httpreq/)
-[^2]: [providing_credentials_to_your_application](https://cloud.google.com/docs/authentication/production#providing_credentials_to_your_application)
+[^2]: [providing_credentials_to_your_application](https://cloud.google.com/docs/authentication/production)
 [^3]: [google/default.go](https://github.com/golang/oauth2/blob/36a7019397c4c86cf59eeab3bc0d188bac444277/google/default.go#L61-L76)
 [^4]: `docker stack` remark: there is no way to support terminal attached to container when deploying with `docker stack`, so you might need to run container with `docker run -it` to generate certificates using `manual` provider.
 [^5]: The `Global API Key` needs to be used, not the `Origin CA Key`.
@@ -484,6 +485,37 @@ docker run -v "/my/host/acme:/etc/traefik/acme" traefik
 !!! warning
     For concurrency reasons, this file cannot be shared across multiple instances of Traefik.
 
+### `preferredChain`
+
+_Optional, Default=""_
+
+Preferred chain to use.
+
+If the CA offers multiple certificate chains, prefer the chain with an issuer matching this Subject Common Name.
+If no match, the default offered chain will be used.
+
+```toml tab="File (TOML)"
+[certificatesResolvers.myresolver.acme]
+  # ...
+  preferredChain = "ISRG Root X1"
+  # ...
+```
+
+```yaml tab="File (YAML)"
+certificatesResolvers:
+  myresolver:
+    acme:
+      # ...
+      preferredChain: 'ISRG Root X1'
+      # ...
+```
+
+```bash tab="CLI"
+# ...
+--certificatesresolvers.myresolver.acme.preferredChain="ISRG Root X1"
+# ...
+```
+
 ## Fallback
 
 If Let's Encrypt is not reachable, the following certificates will apply:

docs/content/https/ref-acme.toml

@@ -22,6 +22,16 @@
   #
   # caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"
 
+  # Preferred chain to use.
+  #
+  # If the CA offers multiple certificate chains, prefer the chain with an issuer matching this Subject Common Name.
+  # If no match, the default offered chain will be used.
+  #
+  # Optional
+  # Default: ""
+  #
+  # preferredChain = "ISRG Root X1"
+
   # KeyType to use.
   #
   # Optional

docs/content/https/ref-acme.txt

@@ -21,6 +21,16 @@
 #
 --certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
 
+# Preferred chain to use.
+#
+# If the CA offers multiple certificate chains, prefer the chain with an issuer matching this Subject Common Name.
+# If no match, the default offered chain will be used.
+#
+# Optional
+# Default: ""
+#
+--certificatesresolvers.myresolver.acme.preferredchain="ISRG Root X1"
+
 # KeyType to use.
 #
 # Optional

docs/content/https/ref-acme.yaml

@@ -24,6 +24,16 @@ certificatesResolvers:
       #
       # caServer: "https://acme-staging-v02.api.letsencrypt.org/directory"
 
+      # Preferred chain to use.
+      #
+      # If the CA offers multiple certificate chains, prefer the chain with an issuer matching this Subject Common Name.
+      # If no match, the default offered chain will be used.
+      #
+      # Optional
+      # Default: ""
+      #
+      # preferredChain: 'ISRG Root X1'
+
       # KeyType to use.
       #
       # Optional

docs/content/https/tls.md

@@ -130,24 +130,20 @@ tls:
 
 If no default certificate is provided, Traefik generates and uses a self-signed certificate.
 
-## Domain fronting
-
-Basically, [domain fronting](https://en.wikipedia.org/wiki/Domain_fronting) is a technique that allows to open a 
-connection with a specific domain name, thanks to the 
-[Server Name Indication](https://en.wikipedia.org/wiki/Server_Name_Indication), then access a service with another 
-domain set in the HTTP `Host` header.
-
-Since the `v2.2.2`, Traefik avoids (by default) using domain fronting.
-As it is valid for advanced use cases, the `HostHeader` and `HostSNI` [rules](../routing/routers/index.md#rule) allow 
-to fine tune the routing with the `Server Name Indication` and `Host header` value.
-
-If you encounter routing issues with a previously working configuration, please refer to the 
-[migration guide](../migration/v2.md) to update your configuration.
-
 ## TLS Options
 
 The TLS options allow one to configure some parameters of the TLS connection.
 
+!!! important "TLSOptions in Kubernetes"
+
+    When using the TLSOptions-CRD in Kubernetes, one might setup a default set of options that,
+    if not explicitly overwritten, should apply to all ingresses. To achieve that, you'll have to
+    create a TLSOptions CR with the name `default`. There may exist only one TLSOption with the 
+    name `default` (across all namespaces) - otherwise they will be dropped.  
+    To explicitly use a different TLSOption (and using the Kubernetes Ingress resources) you'll 
+    have to add an annotation to the Ingress in the following form:
+    `traefik.ingress.kubernetes.io/router.tls.options: <resource-namespace>-<resource-name>@kubernetescrd`
+
 ### Minimum TLS Version
 
 ```toml tab="File (TOML)"
@@ -197,9 +193,9 @@ spec:
 
 ### Maximum TLS Version
 
-We discourages the use of this setting to disable TLS1.3.
+We discourage the use of this setting to disable TLS1.3.
 
-The right approach is to update the clients to support TLS1.3.
+The recommended approach is to update the clients to support TLS1.3.
 
 ```toml tab="File (TOML)"
 # Dynamic configuration
@@ -330,7 +326,7 @@ spec:
 
 ### Strict SNI Checking
 
-With strict SNI checking, Traefik won't allow connections from clients connections
+With strict SNI checking enabled, Traefik won't allow connections from clients
 that do not specify a server_name extension or don't match any certificate configured on the tlsOption.
 
 ```toml tab="File (TOML)"
@@ -442,6 +438,7 @@ metadata:
 
 spec:
   clientAuth:
+    # the CA certificate is extracted from key `tls.ca` of the given secrets.
     secretNames:
       - secretCA
     clientAuthType: RequireAndVerifyClientCert

docs/content/index.md

@@ -3,7 +3,7 @@
 
 ![Architecture](assets/img/traefik-architecture.png)
 
-Traefik is an [open-source](https://github.com/containous/traefik) *Edge Router* that makes publishing your services a fun and easy experience. 
+Traefik is an [open-source](https://github.com/traefik/traefik) *Edge Router* that makes publishing your services a fun and easy experience. 
 It receives requests on behalf of your system and finds out which components are responsible for handling them. 
 
 What sets Traefik apart, besides its many features, is that it automatically discovers the right configuration for your services. 
@@ -20,9 +20,9 @@ Developing Traefik, our main goal is to make it simple to use, and we're sure yo
 
 !!! info
 
-    Join our user friendly and active [Community Forum](https://community.containo.us) to discuss, learn, and connect with the traefik community.
+    Join our user friendly and active [Community Forum](https://community.traefik.io) to discuss, learn, and connect with the traefik community.
     
     If you're a business running critical services behind Traefik,
-    know that [Containous](https://containo.us), the company that sponsors Traefik's development,
-    can provide [commercial support](https://info.containo.us/commercial-services)
-    and develops an [Enterprise Edition](https://containo.us/traefikee/) of Traefik.
+    know that [Traefik Labs](https://traefik.io), the company that sponsors Traefik's development,
+    can provide [commercial support](https://info.traefik.io/commercial-services)
+    and develops an [Enterprise Edition](https://traefik.io/traefik-enterprise/) of Traefik.

docs/content/middlewares/buffering.md

@@ -165,7 +165,7 @@ http:
 
 ### `maxResponseBodyBytes`
 
-With the `maxReesponseBodyBytes` option, you can configure the maximum allowed response size from the service (in Bytes).
+With the `maxResponseBodyBytes` option, you can configure the maximum allowed response size from the service (in Bytes).
 
 If the response exceeds the allowed size, it is not forwarded to the client. The client gets a `413 (Request Entity Too Large) response` instead.
 

docs/content/middlewares/circuitbreaker.md

@@ -7,7 +7,7 @@ Don't Waste Time Calling Unhealthy Services
 
 The circuit breaker protects your system from stacking requests to unhealthy services (resulting in cascading failures).
 
-When your system is healthy, the circuit is close (normal operations). 
+When your system is healthy, the circuit is closed (normal operations).
 When your system becomes unhealthy, the circuit becomes open and the requests are no longer forwarded (but handled by a fallback mechanism).
 
 To assess if your system is healthy, the circuit breaker constantly monitors the services. 
@@ -82,13 +82,13 @@ http:
 
 There are three possible states for your circuit breaker:
 
-- Close (your service operates normally)
+- Closed (your service operates normally)
 - Open (the fallback mechanism takes over your service)
 - Recovering (the circuit breaker tries to resume normal operations by progressively sending requests to your service)
 
-### Close
+### Closed
 
-While close, the circuit breaker only collects metrics to analyze the behavior of the requests.
+While the circuit is closed, the circuit breaker only collects metrics to analyze the behavior of the requests.
 
 At specified intervals (`checkPeriod`), it will evaluate `expression` to decide if its state must change. 
 

docs/content/middlewares/overview.md

@@ -17,7 +17,7 @@ Pieces of middleware can be combined in chains to fit every scenario.
 # As a Docker Label
 whoami:
   #  A container that exposes an API to show its IP address
-  image: containous/whoami
+  image: traefik/whoami
   labels:
     # Create a middleware named `foo-add-prefix`
     - "traefik.http.middlewares.foo-add-prefix.addprefix.prefix=/foo"
@@ -25,7 +25,7 @@ whoami:
     - "traefik.http.routers.router1.middlewares=foo-add-prefix@docker"
 ```
 
-```yaml tab="Kubernetes"
+```yaml tab="Kubernetes IngressRoute"
 # As a Kubernetes Traefik IngressRoute
 apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
@@ -148,6 +148,9 @@ then you'll have to append to the middleware name, the `@` separator, followed b
     In this case, since the definition of the middleware is not in kubernetes,
     specifying a "kubernetes namespace" when referring to the resource does not make any sense,
     and therefore this specification would be ignored even if present.
+    On the other hand, if you declare the middleware as a Custom Resource in Kubernetes and use the 
+    non-crd Ingress objects, you'll have to add the kubernetes namespace of the middleware to the 
+    annotation like this `<middleware-namespace>-<middleware-name>@kubernetescrd`.
 
 !!! abstract "Referencing a Middleware from Another Provider"
 
@@ -178,7 +181,7 @@ then you'll have to append to the middleware name, the `@` separator, followed b
         - "traefik.http.routers.my-container.middlewares=add-foo-prefix@file"
     ```
 
-    ```yaml tab="Kubernetes"
+    ```yaml tab="Kubernetes Ingress Route"
     apiVersion: traefik.containo.us/v1alpha1
     kind: IngressRoute
     metadata:
@@ -199,6 +202,31 @@ then you'll have to append to the middleware name, the `@` separator, followed b
             # A namespace specification such as above is ignored
             # when the cross-provider syntax is used.
     ```
+    
+    ```yaml tab="Kubernetes Ingress"
+    apiVersion: traefik.containo.us/v1alpha1
+    kind: Middleware
+    metadata:
+      name: stripprefix
+      namespace: appspace
+    spec:
+      stripPrefix:
+        prefixes:
+          - /stripit
+    
+    ---
+    apiVersion: networking.k8s.io/v1
+    kind: Ingress
+    metadata:
+      name: ingress
+      namespace: appspace
+      annotations:
+        # referencing a middleware from Kubernetes CRD provider: 
+        # <middleware-namespace>-<middleware-name>@kubernetescrd
+        "traefik.ingress.kubernetes.io/router.middlewares": appspace-stripprefix@kubernetescrd
+    spec:
+      # ... regular ingress definition
+    ```
 
 ## Available Middlewares
 

docs/content/middlewares/stripprefix.md

@@ -98,7 +98,7 @@ _Optional, Default=true_
 ```yaml tab="Docker"
 labels:
   - "traefik.http.middlewares.example.stripprefix.prefixes=/foobar"
-  - "traefik.http.middlewares.example.stripprefix.forceslash=false"
+  - "traefik.http.middlewares.example.stripprefix.forceSlash=false"
 ```
 
 ```yaml tab="Kubernetes"
@@ -116,7 +116,7 @@ spec:
 ```json tab="Marathon"
 "labels": {
   "traefik.http.middlewares.example.stripprefix.prefixes": "/foobar",
-  "traefik.http.middlewares.example.stripprefix.forceslash": "false"
+  "traefik.http.middlewares.example.stripprefix.forceSlash": "false"
 }
 ```
 

docs/content/migration/v1-to-v2.md

@@ -10,7 +10,7 @@ feature by feature, of how the configuration looked like in v1, and how it now l
 
 !!! info "Migration Helper"
 
-    We created a tool to help during the migration: [traefik-migration-tool](https://github.com/containous/traefik-migration-tool)
+    We created a tool to help during the migration: [traefik-migration-tool](https://github.com/traefik/traefik-migration-tool)
 
     This tool allows to:
 
@@ -104,7 +104,7 @@ Then any router can refer to an instance of the wanted middleware.
 
     ```yaml tab="K8s IngressRoute"
     # The definitions below require the definitions for the Middleware and IngressRoute kinds.
-    # https://docs.traefik.io/v2.2/reference/dynamic-configuration/kubernetes-crd/#definitions
+    # https://doc.traefik.io/traefik/v2.3/reference/dynamic-configuration/kubernetes-crd/#definitions
     apiVersion: traefik.containo.us/v1alpha1
     kind: Middleware
     metadata:
@@ -275,7 +275,7 @@ Then, a [router's TLS field](../routing/routers/index.md#tls) can refer to one o
 
     ```yaml tab="K8s IngressRoute"
     # The definitions below require the definitions for the TLSOption and IngressRoute kinds.
-    # https://docs.traefik.io/v2.2/reference/dynamic-configuration/kubernetes-crd/#definitions
+    # https://doc.traefik.io/traefik/v2.3/reference/dynamic-configuration/kubernetes-crd/#definitions
     apiVersion: traefik.containo.us/v1alpha1
     kind: TLSOption
     metadata:
@@ -453,7 +453,7 @@ To apply a redirection:
             - name: whoami
               port: 80
           middlewares:
-            - name: https_redirect
+            - name: https-redirect
     
     ---
     apiVersion: traefik.containo.us/v1alpha1
@@ -476,7 +476,7 @@ To apply a redirection:
     apiVersion: traefik.containo.us/v1alpha1
     kind: Middleware
     metadata:
-      name: https_redirect
+      name: https-redirect
     spec:
       redirectScheme:
         scheme: https
@@ -528,7 +528,7 @@ To apply a redirection:
           tls: {}
     
       middlewares:
-        https_redirect:
+        https-redirect:
           redirectScheme:
             scheme: https
             permanent: true
@@ -1145,4 +1145,4 @@ Supported [providers](../providers/overview.md), for now:
 - Now, configuration elements can be referenced between different providers by using the provider namespace notation: `@<provider>`.
   For instance, a router named `myrouter` in a File Provider can refer to a service named `myservice` defined in Docker Provider with the following notation: `myservice@docker`.
 - Middlewares are applied in the same order as their declaration in router.
-- If you have any questions feel free to join our [community forum](https://community.containo.us).
+- If you have any questions feel free to join our [community forum](https://community.traefik.io).

docs/content/migration/v2.md

@@ -1,117 +1,5 @@
 # Migration: Steps needed between the versions
 
-## v2.x to v2.2.2
-
-### Domain fronting
-
-In `v2.2.2` we introduced the ability to avoid [Domain fronting](https://en.wikipedia.org/wiki/Domain_fronting), 
-and enabled it by default for [https routers](../routing/routers/index.md#rule) configured with ```Host(`something`)```.
-
-!!! example "Allow Domain Fronting on a Specific Router"
-    
-    !!! info "Before v2.2.2"
-    
-    ```yaml tab="Docker"
-    labels:
-      - "traefik.http.routers.router0.rule=Host(`test.localhost`)"
-    ```
-    
-    ```yaml tab="K8s Ingress"
-    apiVersion: traefik.containo.us/v1alpha1
-    kind: IngressRoute
-    metadata:
-      name: ingressroutebar
-    
-    spec:
-      entryPoints:
-        - http
-      routes:
-      - match: Host(`test.localhost`)
-        kind: Rule
-        services:
-        - name: server0
-          port: 80
-        - name: server1
-          port: 80
-    ```
-        
-    ```toml tab="File (TOML)"
-    [http.routers.router0]
-        rule = "Host(`test.localhost`)"
-        service = "my-service"
-    ```
-    
-    ```toml tab="File (YAML)"
-    http:
-      routers:
-        router0:
-          rule: "Host(`test.localhost`)"
-          service: my-service
-    ```
-
-    !!! info "v2.2.2"
-    
-    ```yaml tab="Docker"
-    labels:
-      - "traefik.http.routers.router0.rule=HostHeader(`test.localhost`)"
-    ```
-    
-    ```yaml tab="K8s Ingress"
-    apiVersion: traefik.containo.us/v1alpha1
-    kind: IngressRoute
-    metadata:
-      name: ingressroutebar
-    
-    spec:
-      entryPoints:
-        - http
-      routes:
-      - match: HostHeader(`test.localhost`)
-        kind: Rule
-        services:
-        - name: server0
-          port: 80
-        - name: server1
-          port: 80
-    ```
-        
-    ```toml tab="File (TOML)"
-    [http.routers.router0]
-        rule = "HostHeader(`test.localhost`)"
-        service = "my-service"
-    ```
-    
-    ```toml tab="File (YAML)"
-    http:
-      routers:
-        router0:
-          rule: "HostHeader(`test.localhost`)"
-          service: my-service
-    ```
-
-As a fallback, a new flag is available as a global option:
-
-!!! example "Enabling Domain Fronting for All Routers"
-    
-    ```toml tab="File (TOML)"
-    # Static configuration
-    [global]
-      # Enabling domain fronting
-      insecureSNI = true
-    ```
-    
-    ```yaml tab="File (YAML)"
-    # Static configuration
-    global:
-      # Enabling domain fronting
-      insecureSNI: true
-    ```
-    
-    ```bash tab="CLI"
-    # Enabling domain fronting
-    --global.insecureSNI
-    ```
-
 ## v2.0 to v2.1
 
 ### Kubernetes CRD
@@ -414,3 +302,37 @@ providers:
 --entryPoints.websecure.address=:443
 --providers.kubernetesIngress=true
 ```
+
+## v2.2.2 to v2.2.5
+
+### InsecureSNI removal
+
+In `v2.2.2` we introduced a new flag (`insecureSNI`) which was available as a global option to disable domain fronting.
+Since `v2.2.5` this global option has been removed, and you should not use it anymore.
+
+### HostSNI rule matcher removal
+
+In `v2.2.2` we introduced a new rule matcher (`HostSNI`) for HTTP routers which was allowing to match the Server Name Indication at the router level.
+Since `v2.2.5` this rule has been removed for HTTP routers, and you should not use it anymore.
+
+## v2.2 to v2.3
+
+### X.509 CommonName Deprecation
+
+The deprecated, legacy behavior of treating the CommonName field on X.509 certificates as a host name when no Subject Alternative Names are present, is now disabled by default.
+
+It means that if one is using https with your backend servers, and a certificate with only a CommonName,
+Traefik will not try to match the server name indication with the CommonName anymore.
+
+It can be temporarily re-enabled by adding the value `x509ignoreCN=0` to the `GODEBUG` environment variable.
+
+More information: https://golang.org/doc/go1.15#commonname
+
+### File Provider
+
+The file parser has been changed, since v2.3 the unknown options/fields in a dynamic configuration file are treated as errors.
+
+### IngressClass
+
+In `v2.3`, the support of `IngressClass`, which is available since Kubernetes version `1.18`, has been introduced.
+In order to be able to use this new resource the [Kubernetes RBAC](../reference/dynamic-configuration/kubernetes-crd.md#rbac) must be updated. 

docs/content/observability/access-logs.md

@@ -217,3 +217,32 @@ This allows the logs to be rotated and processed by an external program, such as
 
 !!! warning
     This does not work on Windows due to the lack of USR signals.
+
+## Time Zones
+
+Traefik will timestamp each log line in UTC time by default.
+
+It is possible to configure the Traefik to timestamp in a specific timezone by ensuring the following configuration has been made in your environment:
+
+1. Provide time zone data to `/etc/localtime` or `/usr/share/zoneinfo` (based on your distribution) or set the environment variable TZ to the desired timezone
+2. Specify the field `StartLocal` by dropping the field named `StartUTC` (available on the default Common Log Format (CLF) as well as JSON)
+
+Example utilizing Docker Compose:
+
+```yaml
+version: "3.7"
+
+services:
+  traefik:
+    image: traefik:v2.2
+    environment:
+      - TZ=US/Alaska
+    command:
+      - --accesslog
+      - --accesslog.fields.names.StartUTC=drop
+      - --providers.docker
+    ports:
+      - 80:80
+    volumes:
+      - /var/run/docker.sock:/var/run/docker.sock
+```

docs/content/observability/tracing/jaeger.md

@@ -185,6 +185,29 @@ tracing:
 --tracing.jaeger.traceContextHeaderName=uber-trace-id
 ```
 
+### disableAttemptReconnecting
+
+_Optional, Default=true_
+
+Disable the UDP connection helper that periodically re-resolves the agent's hostname and reconnects if there was a change.
+Enabling the re-resolving of UDP address make the client more robust in Kubernetes deployments.
+
+```toml tab="File (TOML)"
+[tracing]
+  [tracing.jaeger]
+    disableAttemptReconnecting = false
+```
+
+```yaml tab="File (YAML)"
+tracing:
+  jaeger:
+    disableAttemptReconnecting: false
+```
+
+```bash tab="CLI"
+--tracing.jaeger.disableAttemptReconnecting=false
+```
+
 ### `collector`
 #### `endpoint`
 

docs/content/operations/ping.md

@@ -81,3 +81,28 @@ ping:
 ```bash tab="CLI"
 --ping.manualrouting=true
 ```
+
+### `terminatingStatusCode`
+
+_Optional, Default=503_
+
+During the period in which Traefik is gracefully shutting down, the ping handler
+returns a 503 status code by default. If Traefik is behind e.g. a load-balancer
+doing health checks (such as the Kubernetes LivenessProbe), another code might
+be expected as the signal for graceful termination. In which case, the
+terminatingStatusCode can be used to set the code returned by the ping
+handler during termination.
+
+```toml tab="File (TOML)"
+[ping]
+  terminatingStatusCode = 204
+```
+
+```yaml tab="File (YAML)"
+ping:
+  terminatingStatusCode: 204
+```
+
+```bash tab="CLI"
+--ping.terminatingStatusCode=204
+```

docs/content/plugins/overview.md

@@ -0,0 +1,38 @@
+# Plugins and Traefik Pilot
+
+Overview
+{: .subtitle}
+
+Traefik Pilot is a software-as-a-service (SaaS) platform that connects to Traefik to extend its capabilities.
+It does this through *plugins*, which are dynamically loaded components that enable new features.
+
+For example, Traefik plugins can add features to modify requests or headers, issue redirects, add authentication, and so on, providing similar functionality to Traefik [middlewares](https://doc.traefik.io/traefik/middlewares/overview/).
+
+Traefik Pilot can also monitor connected Traefik instances and issue alerts when one is not responding, or when it is subject to security vulnerabilities.
+
+!!! note "Availability"
+    Plugins are available for Traefik v2.3.0-rc1 and later.
+    
+!!! danger "Experimental Features"
+    Plugins can potentially modify the behavior of Traefik in unforeseen ways.
+    Exercise caution when adding new plugins to production Traefik instances.
+
+## Connecting to Traefik Pilot
+
+Plugins are available when a Traefik instance is connected to Traefik Pilot.
+
+To register a new instance and begin working with plugins, login or create an account at the [Traefik Pilot homepage](https://pilot.traefik.io) and choose **Register New Instance**.
+
+To complete the connection, Traefik Pilot will issue a token that must be added to your Traefik static configuration by following the instructions provided.
+
+!!! note "Enabling Alerts" 
+    Health and security alerts for registered Traefik instances can be enabled from the Preferences in your [Traefik Pilot Profile](https://pilot.traefik.io/profile).
+
+## Creating Plugins
+
+Traefik users can create their own plugins and contribute them to the Traefik Pilot catalog to share them with the community.
+
+Plugins are written in [Go](https://golang.org/) and their code is executed by an [embedded Go interpreter](https://github.com/traefik/yaegi).
+There is no need to compile binaries and all plugins are 100% cross-platform.
+
+To learn more and see code for example Traefik plugins, please see the [developer documentation](https://github.com/traefik/plugindemo).

docs/content/plugins/using-plugins.md

@@ -0,0 +1,122 @@
+# Using Plugins
+
+Plugins are available to any instance of Traefik v2.3 or later that is [registered](overview.md#connecting-to-traefik-pilot) with Traefik Pilot.
+Plugins are hosted on GitHub, but you can browse plugins to add to your registered Traefik instances from the Traefik Pilot UI.
+
+!!! danger "Experimental Features"
+    Plugins can potentially modify the behavior of Traefik in unforeseen ways.
+    Exercise caution when adding new plugins to production Traefik instances.
+
+## Add a Plugin
+
+To add a new plugin to a Traefik instance, you must modify that instance's static configuration.
+The code to be added is provided by the Traefik Pilot UI when you choose **Install the Plugin**.
+
+In the example below, we add the [`blockpath`](http://github.com/traefik/plugin-blockpath) and [`rewritebody`](https://github.com/traefik/plugin-rewritebody) plugins:
+
+```toml tab="File (TOML)"
+[entryPoints]
+  [entryPoints.web]
+    address = ":80"
+
+[pilot]
+  token = "xxxxxxxxx"
+
+[experimental.plugins]
+  [experimental.plugins.block]
+    modulename = "github.com/traefik/plugin-blockpath"
+    version = "v0.2.0"
+    
+  [experimental.plugins.rewrite]
+    modulename = "github.com/traefik/plugin-rewritebody"
+    version = "v0.3.0"
+```
+
+```yaml tab="File (YAML)"
+entryPoints:
+  web:
+    address: :80
+
+pilot:
+    token: xxxxxxxxx
+
+experimental:
+  plugins:
+    block:
+      modulename: github.com/traefik/plugin-blockpath
+      version: v0.2.0
+    rewrite:
+      modulename: github.com/traefik/plugin-rewritebody
+      version: v0.3.0
+```
+
+```bash tab="CLI"
+--entryPoints.web.address=:80
+--pilot.token=xxxxxxxxx
+--experimental.plugins.block.modulename=github.com/traefik/plugin-blockpath
+--experimental.plugins.block.version=v0.2.0
+--experimental.plugins.rewrite.modulename=github.com/traefik/plugin-rewritebody
+--experimental.plugins.rewrite.version=v0.3.0
+```
+
+## Configuring Plugins
+
+Some plugins will need to be configured by adding a dynamic configuration.
+For the `bodyrewrite` plugin, for example:
+
+```yaml tab="Docker"
+labels:
+  - "traefik.http.middlewares.my-rewritebody.plugin.rewrite.rewrites[0].regex=example"
+  - "traefik.http.middlewares.my-rewritebody.plugin.rewrite.rewrites[0].replacement=test"
+```
+
+```yaml tab="Kubernetes"
+apiVersion: traefik.containo.us/v1alpha1
+kind: Middleware
+metadata:
+  name: my-rewritebody
+spec:
+  plugin:
+    rewrite:
+      rewrites:
+        - regex: example
+          replacement: test
+```
+
+```yaml tab="Consul Catalog"
+- "traefik.http.middlewares.my-rewritebody.plugin.rewrite.rewrites[0].regex=example"
+- "traefik.http.middlewares.my-rewritebody.plugin.rewrite.rewrites[0].replacement=test"
+```
+
+```json tab="Marathon"
+"labels": {
+  "traefik.http.middlewares.my-rewritebody.plugin.rewrite.rewrites[0].regex": "example",
+  "traefik.http.middlewares.my-rewritebody.plugin.rewrite.rewrites[0].replacement": "test"
+}
+```
+
+```yaml tab="Rancher"
+labels:
+  - "traefik.http.middlewares.my-rewritebody.plugin.rewrite.rewrites[0].regex=example"
+  - "traefik.http.middlewares.my-rewritebody.plugin.rewrite.rewrites[0].replacement=test"
+```
+
+```toml tab="File (TOML)"
+[http.middlewares]
+  [http.middlewares.my-rewritebody.plugin.rewrite]
+    lastModified = true
+    [[http.middlewares.my-rewritebody.plugin.rewrite.rewrites]]
+      regex = "example"
+      replacement = "test"
+```
+
+```yaml tab="File (YAML)"
+http:
+  middlewares:
+    my-rewritebody:
+      plugin:
+        rewrite:
+          rewrites:
+            - regex: example
+              replacement: test
+```

docs/content/providers/consul-catalog.md

@@ -29,7 +29,7 @@ Attach tags to your services and let Traefik do the rest!
     Attaching tags to services
 
     ```yaml
-    - traefik.http.services.my-service.rule=Host(`example.com`)
+    - traefik.http.routers.my-router.rule=Host(`example.com`)
     ```
 
 ## Routing Configuration

docs/content/providers/docker.md

@@ -60,14 +60,17 @@ and [Docker Swarm Mode](https://docs.docker.com/engine/swarm/).
     providers:
       docker:
         # swarm classic (1.12-)
-        # endpoint = "tcp://127.0.0.1:2375"
+        # endpoint: "tcp://127.0.0.1:2375"
         # docker swarm mode (1.12+)
-        endpoint: "tcp://127.0.0.1:2375"
+        endpoint: "tcp://127.0.0.1:2377"
         swarmMode: true
     ```
     
     ```bash tab="CLI"
-    --providers.docker.endpoint=tcp://127.0.0.1:2375
+    # swarm classic (1.12-)
+    # --providers.docker.endpoint=tcp://127.0.0.1:2375
+    # docker swarm mode (1.12+)
+    --providers.docker.endpoint=tcp://127.0.0.1:2377
     --providers.docker.swarmMode=true
     ```
 
@@ -163,12 +166,12 @@ You can specify which Docker API Endpoint to use with the directive [`endpoint`]
 
     ??? info "More Resources and Examples"
         - ["Paranoid about mounting /var/run/docker.sock?"](https://medium.com/@containeroo/traefik-2-0-paranoid-about-mounting-var-run-docker-sock-22da9cb3e78c)
-        - [Traefik and Docker: A Discussion with Docker Captain, Bret Fisher](https://blog.containo.us/traefik-and-docker-a-discussion-with-docker-captain-bret-fisher-7f0b9a54ff88)
+        - [Traefik and Docker: A Discussion with Docker Captain, Bret Fisher](https://blog.traefik.io/traefik-and-docker-a-discussion-with-docker-captain-bret-fisher-7f0b9a54ff88)
         - [KubeCon EU 2018 Keynote, Running with Scissors, from Liz Rice](https://www.youtube.com/watch?v=ltrV-Qmh3oY)
         - [Don't expose the Docker socket (not even to a container)](https://www.lvh.io/posts/dont-expose-the-docker-socket-not-even-to-a-container/)
         - [A thread on Stack Overflow about sharing the `/var/run/docker.sock` file](https://news.ycombinator.com/item?id=17983623)
         - [To DinD or not to DinD](https://blog.loof.fr/2018/01/to-dind-or-not-do-dind.html)
-        - [Traefik issue GH-4174 about security with Docker socket](https://github.com/containous/traefik/issues/4174)
+        - [Traefik issue GH-4174 about security with Docker socket](https://github.com/traefik/traefik/issues/4174)
         - [Inspecting Docker Activity with Socat](https://developers.redhat.com/blog/2015/02/25/inspecting-docker-activity-with-socat/)
         - [Letting Traefik run on Worker Nodes](https://blog.mikesir87.io/2018/07/letting-traefik-run-on-worker-nodes/)
         - [Docker Socket Proxy from Tecnativa](https://github.com/Tecnativa/docker-socket-proxy)
@@ -199,7 +202,7 @@ Therefore you **must** specify the port to use for communication by using the la
 Docker Swarm Mode follows the same rules as Docker [API Access](#docker-api-access).
 
 As the Swarm API is only exposed on the [manager nodes](https://docs.docker.com/engine/swarm/how-swarm-mode-works/nodes/#manager-nodes), you should schedule Traefik on the Swarm manager nodes by default,
-by deploying Traefik with a [constraint](https://success.docker.com/article/using-contraints-and-labels-to-control-the-placement-of-containers) on the node's "role":
+by deploying Traefik with a constraint on the node's "role":
 
 ```shell tab="With Docker CLI"
 docker service create \
@@ -261,7 +264,7 @@ See the sections [Docker API Access](#docker-api-access) and [Docker Swarm API A
 
     services:
       traefik:
-         image: traefik:v2.2 # The official v2 Traefik docker image
+         image: traefik:v2.3 # The official v2 Traefik docker image
          ports:
            - "80:80"
          volumes:

docs/content/providers/ecs.md

@@ -0,0 +1,223 @@
+# Traefik & AWS ECS
+
+A Story of Labels & Elastic Containers
+{: .subtitle }
+
+Attach labels to your ECS containers and let Traefik do the rest!
+
+## Configuration Examples
+
+??? example "Configuring ECS provider"
+
+    Enabling the ECS provider:
+    
+    ```toml tab="File (TOML)"
+    [providers.ecs]
+      clusters = ["default"]
+    ```
+    
+    ```yaml tab="File (YAML)"
+    providers:
+      ecs:
+        clusters:
+          - default
+    ```
+    
+    ```bash tab="CLI"
+    --providers.ecs.clusters=default
+    ```
+
+## Policy
+
+Traefik needs the following policy to read ECS information:
+
+```json
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "TraefikECSReadAccess",
+            "Effect": "Allow",
+            "Action": [
+                "ecs:ListClusters",
+                "ecs:DescribeClusters",
+                "ecs:ListTasks",
+                "ecs:DescribeTasks",
+                "ecs:DescribeContainerInstances",
+                "ecs:DescribeTaskDefinition",
+                "ec2:DescribeInstances"
+            ],
+            "Resource": [
+                "*"
+            ]
+        }
+    ]
+}
+```
+
+## Provider configuration
+
+### `autoDiscoverClusters`
+
+_Optional, Default=false_
+
+```toml tab="File (TOML)"
+[providers.ecs]
+  autoDiscoverClusters = true
+  # ...
+```
+
+```yaml tab="File (YAML)"
+providers:
+  ecs:
+    autoDiscoverClusters: true
+    # ...
+```
+
+```bash tab="CLI"
+--providers.ecs.autoDiscoverClusters=true
+# ...
+```
+
+Search for services in clusters list.
+
+- If set to `true` the configured clusters will be ignored and the clusters will be discovered.
+- If set to `false` the services will be discovered only in configured clusters.
+
+### `clusters`
+
+_Optional, Default=["default"]_
+
+```toml tab="File (TOML)"
+[providers.ecs]
+  cluster = ["default"]
+  # ...
+```
+
+```yaml tab="File (YAML)"
+providers:
+  ecs:
+    clusters:
+      - default
+    # ...
+```
+
+```bash tab="CLI"
+--providers.ecs.clusters=default
+# ...
+```
+
+Search for services in clusters list.
+
+### `exposedByDefault`
+
+_Optional, Default=true_
+
+```toml tab="File (TOML)"
+[providers.ecs]
+  exposedByDefault = false
+  # ...
+```
+
+```yaml tab="File (YAML)"
+providers:
+  ecs:
+    exposedByDefault: false
+    # ...
+```
+
+```bash tab="CLI"
+--providers.ecs.exposedByDefault=false
+# ...
+```
+
+Expose ECS services by default in Traefik.
+If set to false, services that don't have a `traefik.enable=true` label will be ignored from the resulting routing configuration.
+
+### `defaultRule`
+
+_Optional, Default=```Host(`{{ normalize .Name }}`)```_
+
+```toml tab="File (TOML)"
+[providers.ecs]
+  defaultRule = "Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
+  # ...
+```
+
+```yaml tab="File (YAML)"
+providers:
+  ecs:
+    defaultRule: "Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
+    # ...
+```
+
+```bash tab="CLI"
+--providers.ecs.defaultRule=Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)
+# ...
+```
+
+For a given container if no routing rule was defined by a label, it is defined by this defaultRule instead.
+It must be a valid [Go template](https://golang.org/pkg/text/template/),
+augmented with the [sprig template functions](http://masterminds.github.io/sprig/).
+The service name can be accessed as the `Name` identifier,
+and the template has access to all the labels defined on this container.
+
+### `refreshSeconds`
+
+_Optional, Default=15_
+
+```toml tab="File (TOML)"
+[providers.ecs]
+  refreshSeconds = 15
+  # ...
+```
+
+```yaml tab="File (YAML)"
+providers:
+  ecs:
+    refreshSeconds: 15
+    # ...
+```
+
+```bash tab="CLI"
+--providers.ecs.refreshSeconds=15
+# ...
+```
+
+Polling interval (in seconds).
+
+### Credentials
+
+_Optional_
+
+```toml tab="File (TOML)"
+[providers.ecs]
+  region = "us-east-1"
+  accessKeyID = "abc"
+  secretAccessKey = "123"
+```
+
+```yaml tab="File (YAML)"
+providers:
+  ecs:
+    region: us-east-1
+    accessKeyID: "abc"
+    secretAccessKey: "123"
+    # ...
+```
+
+```bash tab="CLI"
+--providers.ecs.region="us-east-1"
+--providers.ecs.accessKeyID="abc"
+--providers.ecs.secretAccessKey="123"
+# ...
+```
+
+If `region` is not provided, it will be resolved from the EC2 metadata endpoint for EC2 tasks. 
+In a FARGATE context it will be resolved from the `AWS_REGION` env variable.
+
+If `accessKeyID` / `secretAccessKey` are not provided, credentials will be resolved in the following order:
+
+- From environment variables `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, and `AWS_SESSION_TOKEN`.
+- Shared credentials, determined by `AWS_PROFILE` and `AWS_SHARED_CREDENTIALS_FILE`, defaults to default and `~/.aws/credentials`.
+- EC2 instance role or ECS task role

docs/content/providers/file.md

@@ -238,7 +238,7 @@ To illustrate, it's possible to easily define multiple routers, services, and TL
     [[tls.certificates]]
       certFile = "/etc/traefik/cert-{{ $e }}.pem"
       keyFile = "/etc/traefik/cert-{{ $e }}.key"
-      store = ["my-store-foo-{{ $e }}", "my-store-bar-{{ $e }}"]
+      stores = ["my-store-foo-{{ $e }}", "my-store-bar-{{ $e }}"]
     {{ end }}
     
     [tls.config]

docs/content/providers/http.md

@@ -0,0 +1,189 @@
+# Traefik & HTTP
+
+Provide your [dynamic configuration](./overview.md) via an HTTP(s) endpoint and let Traefik do the rest!
+
+## Routing Configuration
+
+The HTTP provider uses the same configuration as the [File Provider](./file.md) in YAML or JSON format.
+
+## Provider Configuration
+
+### `endpoint`
+
+_Required_
+
+Defines the HTTP(s) endpoint to poll.
+
+```toml tab="File (TOML)"
+[providers.http]
+  endpoint = "http://127.0.0.1:9000/api"
+```
+
+```yaml tab="File (YAML)"
+providers:
+  http:
+    endpoint:
+      - "http://127.0.0.1:9000/api"
+```
+
+```bash tab="CLI"
+--providers.http.endpoint=http://127.0.0.1:9000/api
+```
+
+### `pollInterval`
+
+_Optional, Default="5s"_
+
+Defines the polling interval.
+
+```toml tab="File (TOML)"
+[providers.http]
+  pollInterval = "5s"
+```
+
+```yaml tab="File (YAML)"
+providers:
+  http:
+    pollInterval: "5s"
+```
+
+```bash tab="CLI"
+--providers.http.pollInterval=5s
+```
+
+### `pollTimeout`
+
+_Optional, Default="5s"_
+
+Defines the polling timeout when connecting to the configured endpoint.
+
+```toml tab="File (TOML)"
+[providers.http]
+  pollTimeout = "5s"
+```
+
+```yaml tab="File (YAML)"
+providers:
+  http:
+    pollTimeout: "5s"
+```
+
+```bash tab="CLI"
+--providers.http.pollTimeout=5s
+```
+
+### `tls`
+
+_Optional_
+
+#### `tls.ca`
+
+Certificate Authority used for the secured connection to the configured Endpoint.
+
+```toml tab="File (TOML)"
+[providers.http.tls]
+  ca = "path/to/ca.crt"
+```
+
+```yaml tab="File (YAML)"
+providers:
+  http:
+    tls:
+      ca: path/to/ca.crt
+```
+
+```bash tab="CLI"
+--providers.http.tls.ca=path/to/ca.crt
+```
+
+#### `tls.caOptional`
+
+Policy followed for the secured connection with TLS Client Authentication to the configured Endpoint.
+Requires `tls.ca` to be defined.
+
+- `true`: VerifyClientCertIfGiven
+- `false`: RequireAndVerifyClientCert
+- if `tls.ca` is undefined NoClientCert
+
+```toml tab="File (TOML)"
+[providers.http.tls]
+  caOptional = true
+```
+
+```yaml tab="File (YAML)"
+providers:
+  http:
+    tls:
+      caOptional: true
+```
+
+```bash tab="CLI"
+--providers.http.tls.caOptional=true
+```
+
+#### `tls.cert`
+
+Public certificate used for the secured connection to the configured Endpoint.
+
+```toml tab="File (TOML)"
+[providers.http.tls]
+  cert = "path/to/foo.cert"
+  key = "path/to/foo.key"
+```
+
+```yaml tab="File (YAML)"
+providers:
+  http:
+    tls:
+      cert: path/to/foo.cert
+      key: path/to/foo.key
+```
+
+```bash tab="CLI"
+--providers.http.tls.cert=path/to/foo.cert
+--providers.http.tls.key=path/to/foo.key
+```
+
+#### `tls.key`
+
+Private certificate used for the secured connection to the configured Endpoint.
+
+```toml tab="File (TOML)"
+[providers.http.tls]
+  cert = "path/to/foo.cert"
+  key = "path/to/foo.key"
+```
+
+```yaml tab="File (YAML)"
+providers:
+  http:
+    tls:
+      cert: path/to/foo.cert
+      key: path/to/foo.key
+```
+
+```bash tab="CLI"
+--providers.http.tls.cert=path/to/foo.cert
+--providers.http.tls.key=path/to/foo.key
+```
+
+#### `tls.insecureSkipVerify`
+
+If `insecureSkipVerify` is `true`, TLS connection to the configured Endpoint accepts any certificate presented by the 
+server and any host name in that certificate.
+
+```toml tab="File (TOML)"
+[providers.http.tls]
+  insecureSkipVerify = true
+```
+
+```yaml tab="File (YAML)"
+providers:
+  http:
+    tls:
+      insecureSkipVerify: true
+```
+
+```bash tab="CLI"
+--providers.http.tls.insecureSkipVerify=true
+```

docs/content/providers/kubernetes-crd.md

@@ -53,9 +53,9 @@ For this reason, users can run multiple instances of Traefik at the same time to
 
 When using a single instance of Traefik with LetsEncrypt, no issues should be encountered, however this could be a single point of failure.
 Unfortunately, it is not possible to run multiple instances of Traefik 2.0 with LetsEncrypt enabled, because there is no way to ensure that the correct instance of Traefik will receive the challenge request, and subsequent responses.
-Previous versions of Traefik used a [KV store](https://docs.traefik.io/v1.7/configuration/acme/#storage) to attempt to achieve this, but due to sub-optimal performance was dropped as a feature in 2.0.
+Previous versions of Traefik used a [KV store](https://doc.traefik.io/traefik/v1.7/configuration/acme/#storage) to attempt to achieve this, but due to sub-optimal performance was dropped as a feature in 2.0.
 
-If you require LetsEncrypt with HA in a kubernetes environment, we recommend using [TraefikEE](https://containo.us/traefikee/) where distributed LetsEncrypt is a supported feature.
+If you require LetsEncrypt with HA in a kubernetes environment, we recommend using [Traefik Enterprise](https://traefik.io/traefik-enterprise/) where distributed LetsEncrypt is a supported feature.
 
 If you are wanting to continue to run Traefik Community Edition, LetsEncrypt HA can be achieved by using a Certificate Controller such as [Cert-Manager](https://docs.cert-manager.io/en/latest/index.html).
 When using Cert-Manager to manage certificates, it will create secrets in your namespaces that can be referenced as TLS secrets in your [ingress objects](https://kubernetes.io/docs/concepts/services-networking/ingress/#tls).
@@ -78,7 +78,7 @@ _Optional, Default=empty_
 ```yaml tab="File (YAML)"
 providers:
   kubernetesCRD:
-    endpoint = "http://localhost:8080"
+    endpoint: "http://localhost:8080"
     # ...
 ```
 
@@ -112,7 +112,7 @@ _Optional, Default=empty_
 ```yaml tab="File (YAML)"
 providers:
   kubernetesCRD:
-    token = "mytoken"
+    token: "mytoken"
     # ...
 ```
 

docs/content/providers/kubernetes-ingress.md

@@ -65,11 +65,11 @@ When using a single instance of Traefik with LetsEncrypt, no issues should be en
 however this could be a single point of failure.
 Unfortunately, it is not possible to run multiple instances of Traefik 2.0 with LetsEncrypt enabled,
 because there is no way to ensure that the correct instance of Traefik will receive the challenge request, and subsequent responses.
-Previous versions of Traefik used a [KV store](https://docs.traefik.io/v1.7/configuration/acme/#storage) to attempt to achieve this,
+Previous versions of Traefik used a [KV store](https://doc.traefik.io/traefik/v1.7/configuration/acme/#storage) to attempt to achieve this,
 but due to sub-optimal performance was dropped as a feature in 2.0.
 
 If you require LetsEncrypt with HA in a kubernetes environment,
-we recommend using [TraefikEE](https://containo.us/traefikee/) where distributed LetsEncrypt is a supported feature.
+we recommend using [Traefik Enterprise](https://traefik.io/traefik-enterprise/) where distributed LetsEncrypt is a supported feature.
 
 If you are wanting to continue to run Traefik Community Edition,
 LetsEncrypt HA can be achieved by using a Certificate Controller such as [Cert-Manager](https://docs.cert-manager.io/en/latest/index.html).
@@ -91,7 +91,7 @@ _Optional, Default=empty_
 ```yaml tab="File (YAML)"
 providers:
   kubernetesIngress:
-    endpoint = "http://localhost:8080"
+    endpoint: "http://localhost:8080"
     # ...
 ```
 
@@ -124,7 +124,7 @@ _Optional, Default=empty_
 ```yaml tab="File (YAML)"
 providers:
   kubernetesIngress:
-    token = "mytoken"
+    token: "mytoken"
     # ...
 ```
 
@@ -258,6 +258,40 @@ Value of `kubernetes.io/ingress.class` annotation that identifies Ingress object
 If the parameter is non-empty, only Ingresses containing an annotation with the same value are processed.
 Otherwise, Ingresses missing the annotation, having an empty value, or with the value `traefik` are processed.
 
+!!! info "Kubernetes 1.18+"
+
+    If the Kubernetes cluster version is 1.18+,
+    the new `IngressClass` resource can be leveraged to identify Ingress objects that should be processed.
+    In that case, Traefik will look for an `IngressClass` in the cluster with the controller value equal to *traefik.io/ingress-controller*. 
+    
+    Please see [this article](https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/) for more information or the example below.
+
+    ```yaml tab="IngressClass"
+    apiVersion: networking.k8s.io/v1beta1
+    kind: IngressClass
+    metadata: 
+      name: traefik-lb
+    spec: 
+      controller: traefik.io/ingress-controller
+    ```
+  
+    ```yaml tab="Ingress"
+    apiVersion: "networking.k8s.io/v1beta1"
+    kind: "Ingress"
+    metadata:
+      name: "example-ingress"
+    spec:
+      ingressClassName: "traefik-lb"
+      rules:
+      - host: "*.example.com"
+        http:
+          paths:
+          - path: "/example"
+            backend:
+              serviceName: "example-service"
+              servicePort: 80
+    ```
+
 ### `ingressEndpoint`
 
 #### `hostname`
@@ -357,4 +391,4 @@ providers:
 ### Further
 
 If one wants to know more about the various aspects of the Ingress spec that Traefik supports,
-many examples of Ingresses definitions are located in the tests [data](https://github.com/containous/traefik/tree/v2.2/pkg/provider/kubernetes/ingress/fixtures) of the Traefik repository.
+many examples of Ingresses definitions are located in the tests [data](https://github.com/traefik/traefik/tree/v2.3/pkg/provider/kubernetes/ingress/fixtures) of the Traefik repository.

docs/content/providers/marathon.md

@@ -32,7 +32,7 @@ See also [Marathon user guide](../user-guides/marathon.md).
 		"container": {
 			"type": "DOCKER",
 			"docker": {
-				"image": "containous/whoami",
+				"image": "traefik/whoami",
 				"network": "BRIDGE",
 				"portMappings": [
 					{

docs/content/providers/overview.md

@@ -35,14 +35,15 @@ Below is the list of the currently supported providers in Traefik.
 | [Rancher](./rancher.md)               | Orchestrator | Label                      |
 | [File](./file.md)                     | Manual       | TOML/YAML format           |
 | [Consul](./consul.md)                 | KV           | KV                         |
-| [etcd](./etcd.md)                     | KV           | KV                         |
+| [Etcd](./etcd.md)                     | KV           | KV                         |
 | [Redis](./redis.md)                   | KV           | KV                         |
 | [ZooKeeper](./zookeeper.md)           | KV           | KV                         |
+| [HTTP](./http.md)                     | Manual       | JSON format                |
 
 !!! info "More Providers"
 
     The current version of Traefik doesn't support (yet) every provider.
-    See the [previous version (v1.7)](https://docs.traefik.io/v1.7/) for more providers.
+    See the [previous version (v1.7)](https://doc.traefik.io/traefik/v1.7/) for more providers.
 
 ### Configuration reload frequency
 

docs/content/reference/dynamic-configuration/docker-labels.yml

@@ -91,26 +91,27 @@
 - "traefik.http.middlewares.middleware13.passtlsclientcert.info.subject.province=true"
 - "traefik.http.middlewares.middleware13.passtlsclientcert.info.subject.serialnumber=true"
 - "traefik.http.middlewares.middleware13.passtlsclientcert.pem=true"
-- "traefik.http.middlewares.middleware14.ratelimit.average=42"
-- "traefik.http.middlewares.middleware14.ratelimit.burst=42"
-- "traefik.http.middlewares.middleware14.ratelimit.period=42"
-- "traefik.http.middlewares.middleware14.ratelimit.sourcecriterion.ipstrategy.depth=42"
-- "traefik.http.middlewares.middleware14.ratelimit.sourcecriterion.ipstrategy.excludedips=foobar, foobar"
-- "traefik.http.middlewares.middleware14.ratelimit.sourcecriterion.requestheadername=foobar"
-- "traefik.http.middlewares.middleware14.ratelimit.sourcecriterion.requesthost=true"
-- "traefik.http.middlewares.middleware15.redirectregex.permanent=true"
-- "traefik.http.middlewares.middleware15.redirectregex.regex=foobar"
-- "traefik.http.middlewares.middleware15.redirectregex.replacement=foobar"
-- "traefik.http.middlewares.middleware16.redirectscheme.permanent=true"
-- "traefik.http.middlewares.middleware16.redirectscheme.port=foobar"
-- "traefik.http.middlewares.middleware16.redirectscheme.scheme=foobar"
-- "traefik.http.middlewares.middleware17.replacepath.path=foobar"
-- "traefik.http.middlewares.middleware18.replacepathregex.regex=foobar"
-- "traefik.http.middlewares.middleware18.replacepathregex.replacement=foobar"
-- "traefik.http.middlewares.middleware19.retry.attempts=42"
-- "traefik.http.middlewares.middleware20.stripprefix.forceslash=true"
-- "traefik.http.middlewares.middleware20.stripprefix.prefixes=foobar, foobar"
-- "traefik.http.middlewares.middleware21.stripprefixregex.regex=foobar, foobar"
+- "traefik.http.middlewares.middleware14.plugin.foobar.foo=bar"
+- "traefik.http.middlewares.middleware15.ratelimit.average=42"
+- "traefik.http.middlewares.middleware15.ratelimit.burst=42"
+- "traefik.http.middlewares.middleware15.ratelimit.period=42"
+- "traefik.http.middlewares.middleware15.ratelimit.sourcecriterion.ipstrategy.depth=42"
+- "traefik.http.middlewares.middleware15.ratelimit.sourcecriterion.ipstrategy.excludedips=foobar, foobar"
+- "traefik.http.middlewares.middleware15.ratelimit.sourcecriterion.requestheadername=foobar"
+- "traefik.http.middlewares.middleware15.ratelimit.sourcecriterion.requesthost=true"
+- "traefik.http.middlewares.middleware16.redirectregex.permanent=true"
+- "traefik.http.middlewares.middleware16.redirectregex.regex=foobar"
+- "traefik.http.middlewares.middleware16.redirectregex.replacement=foobar"
+- "traefik.http.middlewares.middleware17.redirectscheme.permanent=true"
+- "traefik.http.middlewares.middleware17.redirectscheme.port=foobar"
+- "traefik.http.middlewares.middleware17.redirectscheme.scheme=foobar"
+- "traefik.http.middlewares.middleware18.replacepath.path=foobar"
+- "traefik.http.middlewares.middleware19.replacepathregex.regex=foobar"
+- "traefik.http.middlewares.middleware19.replacepathregex.replacement=foobar"
+- "traefik.http.middlewares.middleware20.retry.attempts=42"
+- "traefik.http.middlewares.middleware21.stripprefix.forceslash=true"
+- "traefik.http.middlewares.middleware21.stripprefix.prefixes=foobar, foobar"
+- "traefik.http.middlewares.middleware22.stripprefixregex.regex=foobar, foobar"
 - "traefik.http.routers.router0.entrypoints=foobar, foobar"
 - "traefik.http.routers.router0.middlewares=foobar, foobar"
 - "traefik.http.routers.router0.priority=42"
@@ -150,8 +151,8 @@
 - "traefik.http.services.service01.loadbalancer.sticky.cookie=true"
 - "traefik.http.services.service01.loadbalancer.sticky.cookie.httponly=true"
 - "traefik.http.services.service01.loadbalancer.sticky.cookie.name=foobar"
-- "traefik.http.services.service01.loadbalancer.sticky.cookie.secure=true"
 - "traefik.http.services.service01.loadbalancer.sticky.cookie.samesite=foobar"
+- "traefik.http.services.service01.loadbalancer.sticky.cookie.secure=true"
 - "traefik.http.services.service01.loadbalancer.server.port=foobar"
 - "traefik.http.services.service01.loadbalancer.server.scheme=foobar"
 - "traefik.tcp.routers.tcprouter0.entrypoints=foobar, foobar"

docs/content/reference/dynamic-configuration/ecs.md

@@ -0,0 +1,11 @@
+# ECS Configuration Reference
+
+Dynamic configuration with ECS provider
+{: .subtitle }
+
+The labels are case insensitive.
+
+```yaml
+--8<-- "content/reference/dynamic-configuration/ecs.yml"
+--8<-- "content/reference/dynamic-configuration/docker-labels.yml"
+```

docs/content/reference/dynamic-configuration/ecs.yml

@@ -0,0 +1 @@
+- "traefik.enable=true"

docs/content/reference/dynamic-configuration/file.toml

@@ -223,42 +223,46 @@
             serialNumber = true
             domainComponent = true
     [http.middlewares.Middleware14]
-      [http.middlewares.Middleware14.rateLimit]
+      [http.middlewares.Middleware14.plugin]
+        [http.middlewares.Middleware14.plugin.PluginConf]
+          foo = "bar"
+    [http.middlewares.Middleware15]
+      [http.middlewares.Middleware15.rateLimit]
         average = 42
         period = 42
         burst = 42
-        [http.middlewares.Middleware14.rateLimit.sourceCriterion]
+        [http.middlewares.Middleware15.rateLimit.sourceCriterion]
           requestHeaderName = "foobar"
           requestHost = true
-          [http.middlewares.Middleware14.rateLimit.sourceCriterion.ipStrategy]
+          [http.middlewares.Middleware15.rateLimit.sourceCriterion.ipStrategy]
             depth = 42
             excludedIPs = ["foobar", "foobar"]
-    [http.middlewares.Middleware15]
-      [http.middlewares.Middleware15.redirectRegex]
+    [http.middlewares.Middleware16]
+      [http.middlewares.Middleware16.redirectRegex]
         regex = "foobar"
         replacement = "foobar"
         permanent = true
-    [http.middlewares.Middleware16]
-      [http.middlewares.Middleware16.redirectScheme]
+    [http.middlewares.Middleware17]
+      [http.middlewares.Middleware17.redirectScheme]
         scheme = "foobar"
         port = "foobar"
         permanent = true
-    [http.middlewares.Middleware17]
-      [http.middlewares.Middleware17.replacePath]
-        path = "foobar"
     [http.middlewares.Middleware18]
-      [http.middlewares.Middleware18.replacePathRegex]
+      [http.middlewares.Middleware18.replacePath]
+        path = "foobar"
+    [http.middlewares.Middleware19]
+      [http.middlewares.Middleware19.replacePathRegex]
         regex = "foobar"
         replacement = "foobar"
-    [http.middlewares.Middleware19]
-      [http.middlewares.Middleware19.retry]
-        attempts = 42
     [http.middlewares.Middleware20]
-      [http.middlewares.Middleware20.stripPrefix]
+      [http.middlewares.Middleware20.retry]
+        attempts = 42
+    [http.middlewares.Middleware21]
+      [http.middlewares.Middleware21.stripPrefix]
         prefixes = ["foobar", "foobar"]
         forceSlash = true
-    [http.middlewares.Middleware21]
-      [http.middlewares.Middleware21.stripPrefixRegex]
+    [http.middlewares.Middleware22]
+      [http.middlewares.Middleware22.stripPrefixRegex]
         regex = ["foobar", "foobar"]
 
 [tcp]

docs/content/reference/dynamic-configuration/file.yaml

@@ -222,7 +222,7 @@ http:
       inFlightReq:
         amount: 42
         sourceCriterion:
-          ipstrategy:
+          ipStrategy:
             depth: 42
             excludedIPs:
             - foobar
@@ -254,45 +254,49 @@ http:
             domainComponent: true
           serialNumber: true
     Middleware14:
+      plugin:
+        PluginConf:
+          foo: bar
+    Middleware15:
       rateLimit:
         average: 42
         period: 42
         burst: 42
         sourceCriterion:
-          ipstrategy:
+          ipStrategy:
             depth: 42
             excludedIPs:
             - foobar
             - foobar
           requestHeaderName: foobar
           requestHost: true
-    Middleware15:
+    Middleware16:
       redirectRegex:
         regex: foobar
         replacement: foobar
         permanent: true
-    Middleware16:
+    Middleware17:
       redirectScheme:
         scheme: foobar
         port: foobar
         permanent: true
-    Middleware17:
+    Middleware18:
       replacePath:
         path: foobar
-    Middleware18:
+    Middleware19:
       replacePathRegex:
         regex: foobar
         replacement: foobar
-    Middleware19:
+    Middleware20:
       retry:
         attempts: 42
-    Middleware20:
+    Middleware21:
       stripPrefix:
         prefixes:
         - foobar
         - foobar
         forceSlash: true
-    Middleware21:
+    Middleware22:
       stripPrefixRegex:
         regex:
         - foobar

docs/content/reference/dynamic-configuration/kubernetes-crd-rbac.yml

@@ -16,8 +16,10 @@ rules:
       - watch
   - apiGroups:
       - extensions
+      - networking.k8s.io
     resources:
       - ingresses
+      - ingressclasses
     verbs:
       - get
       - list

docs/content/reference/dynamic-configuration/kv-ref.md

@@ -105,29 +105,30 @@
 | `traefik/http/middlewares/Middleware13/passTLSClientCert/info/subject/province` | `true` |
 | `traefik/http/middlewares/Middleware13/passTLSClientCert/info/subject/serialNumber` | `true` |
 | `traefik/http/middlewares/Middleware13/passTLSClientCert/pem` | `true` |
-| `traefik/http/middlewares/Middleware14/rateLimit/average` | `42` |
-| `traefik/http/middlewares/Middleware14/rateLimit/burst` | `42` |
-| `traefik/http/middlewares/Middleware14/rateLimit/period` | `42` |
-| `traefik/http/middlewares/Middleware14/rateLimit/sourceCriterion/ipStrategy/depth` | `42` |
-| `traefik/http/middlewares/Middleware14/rateLimit/sourceCriterion/ipStrategy/excludedIPs/0` | `foobar` |
-| `traefik/http/middlewares/Middleware14/rateLimit/sourceCriterion/ipStrategy/excludedIPs/1` | `foobar` |
-| `traefik/http/middlewares/Middleware14/rateLimit/sourceCriterion/requestHeaderName` | `foobar` |
-| `traefik/http/middlewares/Middleware14/rateLimit/sourceCriterion/requestHost` | `true` |
-| `traefik/http/middlewares/Middleware15/redirectRegex/permanent` | `true` |
-| `traefik/http/middlewares/Middleware15/redirectRegex/regex` | `foobar` |
-| `traefik/http/middlewares/Middleware15/redirectRegex/replacement` | `foobar` |
-| `traefik/http/middlewares/Middleware16/redirectScheme/permanent` | `true` |
-| `traefik/http/middlewares/Middleware16/redirectScheme/port` | `foobar` |
-| `traefik/http/middlewares/Middleware16/redirectScheme/scheme` | `foobar` |
-| `traefik/http/middlewares/Middleware17/replacePath/path` | `foobar` |
-| `traefik/http/middlewares/Middleware18/replacePathRegex/regex` | `foobar` |
-| `traefik/http/middlewares/Middleware18/replacePathRegex/replacement` | `foobar` |
-| `traefik/http/middlewares/Middleware19/retry/attempts` | `42` |
-| `traefik/http/middlewares/Middleware20/stripPrefix/forceSlash` | `true` |
-| `traefik/http/middlewares/Middleware20/stripPrefix/prefixes/0` | `foobar` |
-| `traefik/http/middlewares/Middleware20/stripPrefix/prefixes/1` | `foobar` |
-| `traefik/http/middlewares/Middleware21/stripPrefixRegex/regex/0` | `foobar` |
-| `traefik/http/middlewares/Middleware21/stripPrefixRegex/regex/1` | `foobar` |
+| `traefik/http/middlewares/Middleware14/plugin/PluginConf/foo` | `bar` |
+| `traefik/http/middlewares/Middleware15/rateLimit/average` | `42` |
+| `traefik/http/middlewares/Middleware15/rateLimit/burst` | `42` |
+| `traefik/http/middlewares/Middleware15/rateLimit/period` | `42` |
+| `traefik/http/middlewares/Middleware15/rateLimit/sourceCriterion/ipStrategy/depth` | `42` |
+| `traefik/http/middlewares/Middleware15/rateLimit/sourceCriterion/ipStrategy/excludedIPs/0` | `foobar` |
+| `traefik/http/middlewares/Middleware15/rateLimit/sourceCriterion/ipStrategy/excludedIPs/1` | `foobar` |
+| `traefik/http/middlewares/Middleware15/rateLimit/sourceCriterion/requestHeaderName` | `foobar` |
+| `traefik/http/middlewares/Middleware15/rateLimit/sourceCriterion/requestHost` | `true` |
+| `traefik/http/middlewares/Middleware16/redirectRegex/permanent` | `true` |
+| `traefik/http/middlewares/Middleware16/redirectRegex/regex` | `foobar` |
+| `traefik/http/middlewares/Middleware16/redirectRegex/replacement` | `foobar` |
+| `traefik/http/middlewares/Middleware17/redirectScheme/permanent` | `true` |
+| `traefik/http/middlewares/Middleware17/redirectScheme/port` | `foobar` |
+| `traefik/http/middlewares/Middleware17/redirectScheme/scheme` | `foobar` |
+| `traefik/http/middlewares/Middleware18/replacePath/path` | `foobar` |
+| `traefik/http/middlewares/Middleware19/replacePathRegex/regex` | `foobar` |
+| `traefik/http/middlewares/Middleware19/replacePathRegex/replacement` | `foobar` |
+| `traefik/http/middlewares/Middleware20/retry/attempts` | `42` |
+| `traefik/http/middlewares/Middleware21/stripPrefix/forceSlash` | `true` |
+| `traefik/http/middlewares/Middleware21/stripPrefix/prefixes/0` | `foobar` |
+| `traefik/http/middlewares/Middleware21/stripPrefix/prefixes/1` | `foobar` |
+| `traefik/http/middlewares/Middleware22/stripPrefixRegex/regex/0` | `foobar` |
+| `traefik/http/middlewares/Middleware22/stripPrefixRegex/regex/1` | `foobar` |
 | `traefik/http/routers/Router0/entryPoints/0` | `foobar` |
 | `traefik/http/routers/Router0/entryPoints/1` | `foobar` |
 | `traefik/http/routers/Router0/middlewares/0` | `foobar` |

docs/content/reference/dynamic-configuration/marathon-labels.json

@@ -91,26 +91,27 @@
 "traefik.http.middlewares.middleware13.passtlsclientcert.info.subject.province": "true",
 "traefik.http.middlewares.middleware13.passtlsclientcert.info.subject.serialnumber": "true",
 "traefik.http.middlewares.middleware13.passtlsclientcert.pem": "true",
-"traefik.http.middlewares.middleware14.ratelimit.average": "42",
-"traefik.http.middlewares.middleware14.ratelimit.burst": "42",
-"traefik.http.middlewares.middleware14.ratelimit.period": "42",
-"traefik.http.middlewares.middleware14.ratelimit.sourcecriterion.ipstrategy.depth": "42",
-"traefik.http.middlewares.middleware14.ratelimit.sourcecriterion.ipstrategy.excludedips": "foobar, foobar",
-"traefik.http.middlewares.middleware14.ratelimit.sourcecriterion.requestheadername": "foobar",
-"traefik.http.middlewares.middleware14.ratelimit.sourcecriterion.requesthost": "true",
-"traefik.http.middlewares.middleware15.redirectregex.permanent": "true",
-"traefik.http.middlewares.middleware15.redirectregex.regex": "foobar",
-"traefik.http.middlewares.middleware15.redirectregex.replacement": "foobar",
-"traefik.http.middlewares.middleware16.redirectscheme.permanent": "true",
-"traefik.http.middlewares.middleware16.redirectscheme.port": "foobar",
-"traefik.http.middlewares.middleware16.redirectscheme.scheme": "foobar",
-"traefik.http.middlewares.middleware17.replacepath.path": "foobar",
-"traefik.http.middlewares.middleware18.replacepathregex.regex": "foobar",
-"traefik.http.middlewares.middleware18.replacepathregex.replacement": "foobar",
-"traefik.http.middlewares.middleware19.retry.attempts": "42",
-"traefik.http.middlewares.middleware20.stripprefix.forceslash": "true",
-"traefik.http.middlewares.middleware20.stripprefix.prefixes": "foobar, foobar",
-"traefik.http.middlewares.middleware21.stripprefixregex.regex": "foobar, foobar",
+"traefik.http.middlewares.middleware14.plugin.foobar.foo": "bar",
+"traefik.http.middlewares.middleware15.ratelimit.average": "42",
+"traefik.http.middlewares.middleware15.ratelimit.burst": "42",
+"traefik.http.middlewares.middleware15.ratelimit.period": "42",
+"traefik.http.middlewares.middleware15.ratelimit.sourcecriterion.ipstrategy.depth": "42",
+"traefik.http.middlewares.middleware15.ratelimit.sourcecriterion.ipstrategy.excludedips": "foobar, foobar",
+"traefik.http.middlewares.middleware15.ratelimit.sourcecriterion.requestheadername": "foobar",
+"traefik.http.middlewares.middleware15.ratelimit.sourcecriterion.requesthost": "true",
+"traefik.http.middlewares.middleware16.redirectregex.permanent": "true",
+"traefik.http.middlewares.middleware16.redirectregex.regex": "foobar",
+"traefik.http.middlewares.middleware16.redirectregex.replacement": "foobar",
+"traefik.http.middlewares.middleware17.redirectscheme.permanent": "true",
+"traefik.http.middlewares.middleware17.redirectscheme.port": "foobar",
+"traefik.http.middlewares.middleware17.redirectscheme.scheme": "foobar",
+"traefik.http.middlewares.middleware18.replacepath.path": "foobar",
+"traefik.http.middlewares.middleware19.replacepathregex.regex": "foobar",
+"traefik.http.middlewares.middleware19.replacepathregex.replacement": "foobar",
+"traefik.http.middlewares.middleware20.retry.attempts": "42",
+"traefik.http.middlewares.middleware21.stripprefix.forceslash": "true",
+"traefik.http.middlewares.middleware21.stripprefix.prefixes": "foobar, foobar",
+"traefik.http.middlewares.middleware22.stripprefixregex.regex": "foobar, foobar",
 "traefik.http.routers.router0.entrypoints": "foobar, foobar",
 "traefik.http.routers.router0.middlewares": "foobar, foobar",
 "traefik.http.routers.router0.priority": "42",
@@ -148,8 +149,8 @@
 "traefik.http.services.service01.loadbalancer.sticky.cookie": "true",
 "traefik.http.services.service01.loadbalancer.sticky.cookie.httponly": "true",
 "traefik.http.services.service01.loadbalancer.sticky.cookie.name": "foobar",
-"traefik.http.services.service01.loadbalancer.sticky.cookie.secure": "true",
 "traefik.http.services.service01.loadbalancer.sticky.cookie.samesite": "foobar",
+"traefik.http.services.service01.loadbalancer.sticky.cookie.secure": "true",
 "traefik.http.services.service01.loadbalancer.server.port": "foobar",
 "traefik.http.services.service01.loadbalancer.server.scheme": "foobar",
 "traefik.tcp.routers.tcprouter0.entrypoints": "foobar, foobar",

docs/content/reference/static-configuration/cli-ref.md

@@ -81,6 +81,9 @@ HTTP challenge EntryPoint
 `--certificatesresolvers.<name>.acme.keytype`:  
 KeyType used for generating certificate private key. Allow value 'EC256', 'EC384', 'RSA2048', 'RSA4096', 'RSA8192'. (Default: ```RSA4096```)
 
+`--certificatesresolvers.<name>.acme.preferredchain`:  
+Preferred chain to use.
+
 `--certificatesresolvers.<name>.acme.storage`:  
 Storage to use. (Default: ```acme.json```)
 
@@ -159,12 +162,21 @@ ReadTimeout is the maximum duration for reading the entire request, including th
 `--entrypoints.<name>.transport.respondingtimeouts.writetimeout`:  
 WriteTimeout is the maximum duration before timing out writes of the response. If zero, no timeout is set. (Default: ```0```)
 
+`--experimental.devplugin.gopath`:  
+plugin's GOPATH.
+
+`--experimental.devplugin.modulename`:  
+plugin's module name.
+
+`--experimental.plugins.<name>.modulename`:  
+plugin's module name.
+
+`--experimental.plugins.<name>.version`:  
+plugin's version.
+
 `--global.checknewversion`:  
 Periodically check if a new version has been released. (Default: ```false```)
 
-`--global.insecuresni`:  
-Allow domain fronting. If the option is not specified, it will be disabled by default. (Default: ```false```)
-
 `--global.sendanonymoususage`:  
 Periodically send anonymous usage statistics. If the option is not specified, it will be enabled by default. (Default: ```false```)
 
@@ -273,6 +285,9 @@ Prefix to use for metrics collection. (Default: ```traefik```)
 `--metrics.statsd.pushinterval`:  
 StatsD push interval. (Default: ```10```)
 
+`--pilot.token`:  
+Traefik Pilot token.
+
 `--ping`:  
 Enable ping. (Default: ```false```)
 
@@ -282,6 +297,9 @@ EntryPoint (Default: ```traefik```)
 `--ping.manualrouting`:  
 Manual routing (Default: ```false```)
 
+`--ping.terminatingstatuscode`:  
+Terminating status code (Default: ```503```)
+
 `--providers.consul`:  
 Enable Consul backend with default settings. (Default: ```false```)
 
@@ -417,6 +435,33 @@ Use the ip address from the bound port, rather than from the inner network. (Def
 `--providers.docker.watch`:  
 Watch Docker Swarm events. (Default: ```true```)
 
+`--providers.ecs.accesskeyid`:  
+The AWS credentials access key to use for making requests
+
+`--providers.ecs.autodiscoverclusters`:  
+Auto discover cluster (Default: ```false```)
+
+`--providers.ecs.clusters`:  
+ECS Clusters name (Default: ```default```)
+
+`--providers.ecs.constraints`:  
+Constraints is an expression that Traefik matches against the container's labels to determine whether to create any route for that container.
+
+`--providers.ecs.defaultrule`:  
+Default rule. (Default: ```Host(`{{ normalize .Name }}`)```)
+
+`--providers.ecs.exposedbydefault`:  
+Expose services by default (Default: ```true```)
+
+`--providers.ecs.refreshseconds`:  
+Polling interval (in seconds) (Default: ```15```)
+
+`--providers.ecs.region`:  
+The AWS region to use for requests
+
+`--providers.ecs.secretaccesskey`:  
+The AWS credentials access key to use for making requests
+
 `--providers.etcd`:  
 Enable Etcd backend with default settings. (Default: ```false```)
 
@@ -459,6 +504,33 @@ Load dynamic configuration from a file.
 `--providers.file.watch`:  
 Watch provider. (Default: ```true```)
 
+`--providers.http`:  
+Enable HTTP backend with default settings. (Default: ```false```)
+
+`--providers.http.endpoint`:  
+Load configuration from this endpoint.
+
+`--providers.http.pollinterval`:  
+Polling interval for endpoint. (Default: ```5```)
+
+`--providers.http.polltimeout`:  
+Polling timeout for endpoint. (Default: ```5```)
+
+`--providers.http.tls.ca`:  
+TLS CA
+
+`--providers.http.tls.caoptional`:  
+TLS CA.Optional (Default: ```false```)
+
+`--providers.http.tls.cert`:  
+TLS cert
+
+`--providers.http.tls.insecureskipverify`:  
+TLS insecure skip verify (Default: ```false```)
+
+`--providers.http.tls.key`:  
+TLS key
+
 `--providers.kubernetescrd`:  
 Enable Kubernetes backend with default settings. (Default: ```false```)
 
@@ -789,6 +861,9 @@ Password for basic http authentication when sending spans to jaeger-collector.
 `--tracing.jaeger.collector.user`:  
 User for basic http authentication when sending spans to jaeger-collector.
 
+`--tracing.jaeger.disableattemptreconnecting`:  
+Disable the periodic re-resolution of the agent's hostname and reconnection if there was a change. (Default: ```true```)
+
 `--tracing.jaeger.gen128bit`:  
 Generate 128 bit span IDs. (Default: ```false```)
 

docs/content/reference/static-configuration/env-ref.md

@@ -81,6 +81,9 @@ HTTP challenge EntryPoint
 `TRAEFIK_CERTIFICATESRESOLVERS_<NAME>_ACME_KEYTYPE`:  
 KeyType used for generating certificate private key. Allow value 'EC256', 'EC384', 'RSA2048', 'RSA4096', 'RSA8192'. (Default: ```RSA4096```)
 
+`TRAEFIK_CERTIFICATESRESOLVERS_<NAME>_ACME_PREFERREDCHAIN`:  
+Preferred chain to use.
+
 `TRAEFIK_CERTIFICATESRESOLVERS_<NAME>_ACME_STORAGE`:  
 Storage to use. (Default: ```acme.json```)
 
@@ -159,12 +162,21 @@ ReadTimeout is the maximum duration for reading the entire request, including th
 `TRAEFIK_ENTRYPOINTS_<NAME>_TRANSPORT_RESPONDINGTIMEOUTS_WRITETIMEOUT`:  
 WriteTimeout is the maximum duration before timing out writes of the response. If zero, no timeout is set. (Default: ```0```)
 
+`TRAEFIK_EXPERIMENTAL_DEVPLUGIN_GOPATH`:  
+plugin's GOPATH.
+
+`TRAEFIK_EXPERIMENTAL_DEVPLUGIN_MODULENAME`:  
+plugin's module name.
+
+`TRAEFIK_EXPERIMENTAL_PLUGINS_<NAME>_MODULENAME`:  
+plugin's module name.
+
+`TRAEFIK_EXPERIMENTAL_PLUGINS_<NAME>_VERSION`:  
+plugin's version.
+
 `TRAEFIK_GLOBAL_CHECKNEWVERSION`:  
 Periodically check if a new version has been released. (Default: ```false```)
 
-`TRAEFIK_GLOBAL_INSECURESNI`:  
-Allow domain fronting. If the option is not specified, it will be disabled by default. (Default: ```false```)
-
 `TRAEFIK_GLOBAL_SENDANONYMOUSUSAGE`:  
 Periodically send anonymous usage statistics. If the option is not specified, it will be enabled by default. (Default: ```false```)
 
@@ -273,6 +285,9 @@ Prefix to use for metrics collection. (Default: ```traefik```)
 `TRAEFIK_METRICS_STATSD_PUSHINTERVAL`:  
 StatsD push interval. (Default: ```10```)
 
+`TRAEFIK_PILOT_TOKEN`:  
+Traefik Pilot token.
+
 `TRAEFIK_PING`:  
 Enable ping. (Default: ```false```)
 
@@ -282,6 +297,9 @@ EntryPoint (Default: ```traefik```)
 `TRAEFIK_PING_MANUALROUTING`:  
 Manual routing (Default: ```false```)
 
+`TRAEFIK_PING_TERMINATINGSTATUSCODE`:  
+Terminating status code (Default: ```503```)
+
 `TRAEFIK_PROVIDERS_CONSUL`:  
 Enable Consul backend with default settings. (Default: ```false```)
 
@@ -417,6 +435,33 @@ Use the ip address from the bound port, rather than from the inner network. (Def
 `TRAEFIK_PROVIDERS_DOCKER_WATCH`:  
 Watch Docker Swarm events. (Default: ```true```)
 
+`TRAEFIK_PROVIDERS_ECS_ACCESSKEYID`:  
+The AWS credentials access key to use for making requests
+
+`TRAEFIK_PROVIDERS_ECS_AUTODISCOVERCLUSTERS`:  
+Auto discover cluster (Default: ```false```)
+
+`TRAEFIK_PROVIDERS_ECS_CLUSTERS`:  
+ECS Clusters name (Default: ```default```)
+
+`TRAEFIK_PROVIDERS_ECS_CONSTRAINTS`:  
+Constraints is an expression that Traefik matches against the container's labels to determine whether to create any route for that container.
+
+`TRAEFIK_PROVIDERS_ECS_DEFAULTRULE`:  
+Default rule. (Default: ```Host(`{{ normalize .Name }}`)```)
+
+`TRAEFIK_PROVIDERS_ECS_EXPOSEDBYDEFAULT`:  
+Expose services by default (Default: ```true```)
+
+`TRAEFIK_PROVIDERS_ECS_REFRESHSECONDS`:  
+Polling interval (in seconds) (Default: ```15```)
+
+`TRAEFIK_PROVIDERS_ECS_REGION`:  
+The AWS region to use for requests
+
+`TRAEFIK_PROVIDERS_ECS_SECRETACCESSKEY`:  
+The AWS credentials access key to use for making requests
+
 `TRAEFIK_PROVIDERS_ETCD`:  
 Enable Etcd backend with default settings. (Default: ```false```)
 
@@ -459,6 +504,33 @@ Load dynamic configuration from a file.
 `TRAEFIK_PROVIDERS_FILE_WATCH`:  
 Watch provider. (Default: ```true```)
 
+`TRAEFIK_PROVIDERS_HTTP`:  
+Enable HTTP backend with default settings. (Default: ```false```)
+
+`TRAEFIK_PROVIDERS_HTTP_ENDPOINT`:  
+Load configuration from this endpoint.
+
+`TRAEFIK_PROVIDERS_HTTP_POLLINTERVAL`:  
+Polling interval for endpoint. (Default: ```5```)
+
+`TRAEFIK_PROVIDERS_HTTP_POLLTIMEOUT`:  
+Polling timeout for endpoint. (Default: ```5```)
+
+`TRAEFIK_PROVIDERS_HTTP_TLS_CA`:  
+TLS CA
+
+`TRAEFIK_PROVIDERS_HTTP_TLS_CAOPTIONAL`:  
+TLS CA.Optional (Default: ```false```)
+
+`TRAEFIK_PROVIDERS_HTTP_TLS_CERT`:  
+TLS cert
+
+`TRAEFIK_PROVIDERS_HTTP_TLS_INSECURESKIPVERIFY`:  
+TLS insecure skip verify (Default: ```false```)
+
+`TRAEFIK_PROVIDERS_HTTP_TLS_KEY`:  
+TLS key
+
 `TRAEFIK_PROVIDERS_KUBERNETESCRD`:  
 Enable Kubernetes backend with default settings. (Default: ```false```)
 
@@ -789,6 +861,9 @@ Password for basic http authentication when sending spans to jaeger-collector.
 `TRAEFIK_TRACING_JAEGER_COLLECTOR_USER`:  
 User for basic http authentication when sending spans to jaeger-collector.
 
+`TRAEFIK_TRACING_JAEGER_DISABLEATTEMPTRECONNECTING`:  
+Disable the periodic re-resolution of the agent's hostname and reconnection if there was a change. (Default: ```true```)
+
 `TRAEFIK_TRACING_JAEGER_GEN128BIT`:  
 Generate 128 bit span IDs. (Default: ```false```)
 

docs/content/reference/static-configuration/file.toml

@@ -1,7 +1,6 @@
 [global]
   checkNewVersion = true
   sendAnonymousUsage = true
-  insecureSNI = false
 
 [serversTransport]
   insecureSkipVerify = true
@@ -152,8 +151,18 @@
       [providers.consulCatalog.endpoint.httpAuth]
         username = "foobar"
         password = "foobar"
+  [providers.ecs]
+    constraints = "foobar"
+    exposedByDefault = true
+    refreshSeconds = 42
+    defaultRule = "foobar"
+    clusters = ["foobar", "foobar"]
+    autoDiscoverClusters = true
+    region = "foobar"
+    accessKeyID = "foobar"
+    secretAccessKey = "foobar"
   [providers.consul]
-    rootKey = "traefik"
+    rootKey = "foobar"
     endpoints = ["foobar", "foobar"]
     username = "foobar"
     password = "foobar"
@@ -164,7 +173,7 @@
       key = "foobar"
       insecureSkipVerify = true
   [providers.etcd]
-    rootKey = "traefik"
+    rootKey = "foobar"
     endpoints = ["foobar", "foobar"]
     username = "foobar"
     password = "foobar"
@@ -175,7 +184,7 @@
       key = "foobar"
       insecureSkipVerify = true
   [providers.zooKeeper]
-    rootKey = "traefik"
+    rootKey = "foobar"
     endpoints = ["foobar", "foobar"]
     username = "foobar"
     password = "foobar"
@@ -186,7 +195,7 @@
       key = "foobar"
       insecureSkipVerify = true
   [providers.redis]
-    rootKey = "traefik"
+    rootKey = "foobar"
     endpoints = ["foobar", "foobar"]
     username = "foobar"
     password = "foobar"
@@ -196,6 +205,16 @@
       cert = "foobar"
       key = "foobar"
       insecureSkipVerify = true
+  [providers.http]
+    endpoint = "foobar"
+    pollInterval = 42
+    pollTimeout = 42
+    [providers.http.tls]
+      ca = "foobar"
+      caOptional = true
+      cert = "foobar"
+      key = "foobar"
+      insecureSkipVerify = true
 
 [api]
   insecure = true
@@ -234,6 +253,7 @@
 [ping]
   entryPoint = "foobar"
   manualRouting = true
+  terminatingStatusCode = 42
 
 [log]
   level = "foobar"
@@ -270,6 +290,7 @@
     gen128Bit = true
     propagation = "foobar"
     traceContextHeaderName = "foobar"
+    disableAttemptReconnecting = true
     [tracing.jaeger.collector]
       endpoint = "foobar"
       user = "foobar"
@@ -315,6 +336,7 @@
     [certificatesResolvers.CertificateResolver0.acme]
       email = "foobar"
       caServer = "foobar"
+      preferredChain = "foobar"
       storage = "foobar"
       keyType = "foobar"
       [certificatesResolvers.CertificateResolver0.acme.dnsChallenge]
@@ -329,6 +351,7 @@
     [certificatesResolvers.CertificateResolver1.acme]
       email = "foobar"
       caServer = "foobar"
+      preferredChain = "foobar"
       storage = "foobar"
       keyType = "foobar"
       [certificatesResolvers.CertificateResolver1.acme.dnsChallenge]
@@ -339,3 +362,17 @@
       [certificatesResolvers.CertificateResolver1.acme.httpChallenge]
         entryPoint = "foobar"
       [certificatesResolvers.CertificateResolver1.acme.tlsChallenge]
+
+[experimental]
+  [experimental.pilot]
+    token = "foobar"
+  [experimental.plugins]
+    [experimental.plugins.Descriptor0]
+      moduleName = "foobar"
+      version = "foobar"
+    [experimental.plugins.Descriptor1]
+      moduleName = "foobar"
+      version = "foobar"
+  [experimental.devPlugin]
+    goPath = "foobar"
+    moduleName = "foobar"

docs/content/reference/static-configuration/file.yaml

@@ -1,8 +1,6 @@
 global:
   checkNewVersion: true
   sendAnonymousUsage: true
-  insecureSNI: false
-
 serversTransport:
   insecureSkipVerify: true
   rootCAs:
@@ -127,7 +125,7 @@ providers:
     - foobar
     labelSelector: foobar
     ingressClass: foobar
-    throttleDuration: 10s
+    throttleDuration: 42s
   rest:
     insecure: true
   rancher:
@@ -163,8 +161,20 @@ providers:
       httpAuth:
         username: foobar
         password: foobar
+  ecs:
+    constraints: foobar
+    exposedByDefault: true
+    refreshSeconds: 42
+    defaultRule: foobar
+    clusters:
+    - foobar
+    - foobar
+    autoDiscoverClusters: true
+    region: foobar
+    accessKeyID: foobar
+    secretAccessKey: foobar
   consul:
-    rootKey: traefik
+    rootKey: foobar
     endpoints:
     - foobar
     - foobar
@@ -177,7 +187,7 @@ providers:
       key: foobar
       insecureSkipVerify: true
   etcd:
-    rootKey: traefik
+    rootKey: foobar
     endpoints:
     - foobar
     - foobar
@@ -190,10 +200,10 @@ providers:
       key: foobar
       insecureSkipVerify: true
   zooKeeper:
-    rootKey: traefik
+    rootKey: foobar
     endpoints:
-      - foobar
-      - foobar
+    - foobar
+    - foobar
     username: foobar
     password: foobar
     tls:
@@ -203,10 +213,10 @@ providers:
       key: foobar
       insecureSkipVerify: true
   redis:
-    rootKey: traefik
+    rootKey: foobar
     endpoints:
-      - foobar
-      - foobar
+    - foobar
+    - foobar
     username: foobar
     password: foobar
     tls:
@@ -215,6 +225,16 @@ providers:
       cert: foobar
       key: foobar
       insecureSkipVerify: true
+  http:
+    endpoint: foobar
+    pollInterval: 42
+    pollTimeout: 42
+    tls:
+      ca: foobar
+      caOptional: true
+      cert: foobar
+      key: foobar
+      insecureSkipVerify: true
 api:
   insecure: true
   dashboard: true
@@ -252,6 +272,7 @@ metrics:
 ping:
   entryPoint: foobar
   manualRouting: true
+  terminatingStatusCode: 42
 log:
   level: foobar
   filePath: foobar
@@ -287,6 +308,7 @@ tracing:
     gen128Bit: true
     propagation: foobar
     traceContextHeaderName: foobar
+    disableAttemptReconnecting: true
     collector:
       endpoint: foobar
       user: foobar
@@ -330,6 +352,7 @@ certificatesResolvers:
     acme:
       email: foobar
       caServer: foobar
+      preferredChain: foobar
       storage: foobar
       keyType: foobar
       dnsChallenge:
@@ -346,6 +369,7 @@ certificatesResolvers:
     acme:
       email: foobar
       caServer: foobar
+      preferredChain: foobar
       storage: foobar
       keyType: foobar
       dnsChallenge:
@@ -358,3 +382,16 @@ certificatesResolvers:
       httpChallenge:
         entryPoint: foobar
       tlsChallenge: {}
+experimental:
+  pilot:
+    token: foobar
+  plugins:
+    Descriptor0:
+      moduleName: foobar
+      version: foobar
+    Descriptor1:
+      moduleName: foobar
+      version: foobar
+  devPlugin:
+    goPath: foobar
+    moduleName: foobar

docs/content/routing/entrypoints.md

@@ -168,7 +168,7 @@ The format is:
 
 If both TCP and UDP are wanted for the same port, two entryPoints definitions are needed, such as in the example below.
 
-??? example "Both TCP and UDP on port 3179"
+??? example "Both TCP and UDP on Port 3179"
 
     ```toml tab="File (TOML)"
     ## Static configuration
@@ -194,6 +194,30 @@ If both TCP and UDP are wanted for the same port, two entryPoints definitions ar
     --entryPoints.udpep.address=:3179/udp
     ```
 
+??? example "Listen on Specific IP Addresses Only"
+
+    ```toml tab="File (TOML)"
+    [entryPoints.specificIPv4]
+      address = "192.168.2.7:8888"
+    [entryPoints.specificIPv6]
+      address = "[2001:db8::1]:8888"
+    ```
+    
+    ```yaml tab="File (yaml)"
+    entryPoints:
+      specificIPv4:
+        address: "192.168.2.7:8888"
+      specificIPv6:
+        address: "[2001:db8::1]:8888"
+    ```
+    
+    ```bash tab="CLI"
+    entrypoints.specificIPv4.address=192.168.2.7:8888
+    entrypoints.specificIPv6.address=[2001:db8::1]:8888
+    ```
+    
+    Full details for how to specify `address` can be found in [net.Listen](https://golang.org/pkg/net/#Listen) (and [net.Dial](https://golang.org/pkg/net/#Dial)) of the doc for go.
+
 ### Forwarded Headers
 
 You can configure Traefik to trust the forwarded headers information (`X-Forwarded-*`).

docs/content/routing/providers/docker.md

@@ -75,14 +75,17 @@ Attach labels to your containers and let Traefik do the rest!
     providers:
       docker:
         # swarm classic (1.12-)
-        # endpoint = "tcp://127.0.0.1:2375"
+        # endpoint: "tcp://127.0.0.1:2375"
         # docker swarm mode (1.12+)
-        endpoint: "tcp://127.0.0.1:2375"
+        endpoint: "tcp://127.0.0.1:2377"
         swarmMode: true
     ```
 
     ```bash tab="CLI"
-    --providers.docker.endpoint=tcp://127.0.0.1:2375
+    # swarm classic (1.12-)
+    # --providers.docker.endpoint=tcp://127.0.0.1:2375
+    # docker swarm mode (1.12+)
+    --providers.docker.endpoint=tcp://127.0.0.1:2377
     --providers.docker.swarmMode=true
     ```
 
@@ -535,7 +538,7 @@ You can declare UDP Routers and/or Services using labels.
          my-container:
            # ...
            labels:
-             - "traefik.udp.routers.my-router.entrypoint=udp"
+             - "traefik.udp.routers.my-router.entrypoints=udp"
              - "traefik.udp.services.my-service.loadbalancer.server.port=4123"
     ```
 

docs/content/routing/providers/ecs.md

@@ -0,0 +1,445 @@
+# Traefik & ECS
+
+A Story of Labels & Elastic Containers
+{: .subtitle }
+
+Attach labels to your containers and let Traefik do the rest!
+
+## Routing Configuration
+
+!!! info "labels"
+    
+    - labels are case insensitive.
+    - The complete list of labels can be found [the reference page](../../reference/dynamic-configuration/ecs.md)
+
+### General
+
+Traefik creates, for each elastic service, a corresponding [service](../services/index.md) and [router](../routers/index.md).
+
+The Service automatically gets a server per elastic container, and the router gets a default rule attached to it, based on the service name.
+
+### Routers
+
+To update the configuration of the Router automatically attached to the service, add labels starting with `traefik.routers.{name-of-your-choice}.` and followed by the option you want to change.
+
+For example, to change the rule, you could add the label ```traefik.http.routers.my-service.rule=Host(`example.com`)```.
+
+!!! warning "The character `@` is not authorized in the router name `<router_name>`."
+
+??? info "`traefik.http.routers.<router_name>.rule`"
+    
+    See [rule](../routers/index.md#rule) for more information.
+    
+    ```yaml
+    traefik.http.routers.myrouter.rule=Host(`example.com`)
+    ```
+
+??? info "`traefik.http.routers.<router_name>.entrypoints`"
+    
+    See [entry points](../routers/index.md#entrypoints) for more information.
+    
+    ```yaml
+    traefik.http.routers.myrouter.entrypoints=web,websecure
+    ```
+
+??? info "`traefik.http.routers.<router_name>.middlewares`"
+    
+    See [middlewares](../routers/index.md#middlewares) and [middlewares overview](../../middlewares/overview.md) for more information.
+    
+    ```yaml
+    traefik.http.routers.myrouter.middlewares=auth,prefix,cb
+    ```
+
+??? info "`traefik.http.routers.<router_name>.service`"
+    
+    See [rule](../routers/index.md#service) for more information.
+    
+    ```yaml
+    traefik.http.routers.myrouter.service=myservice
+    ```
+
+??? info "`traefik.http.routers.<router_name>.tls`"
+    
+    See [tls](../routers/index.md#tls) for more information.
+    
+    ```yaml
+    traefik.http.routers.myrouter>.tls=true
+    ```
+
+??? info "`traefik.http.routers.<router_name>.tls.certresolver`"
+    
+    See [certResolver](../routers/index.md#certresolver) for more information.
+    
+    ```yaml
+    traefik.http.routers.myrouter.tls.certresolver=myresolver
+    ```
+
+??? info "`traefik.http.routers.<router_name>.tls.domains[n].main`"
+    
+    See [domains](../routers/index.md#domains) for more information.
+    
+    ```yaml
+    traefik.http.routers.myrouter.tls.domains[0].main=example.org
+    ```
+
+??? info "`traefik.http.routers.<router_name>.tls.domains[n].sans`"
+    
+    See [domains](../routers/index.md#domains) for more information.
+    
+    ```yaml
+    traefik.http.routers.myrouter.tls.domains[0].sans=test.example.org,dev.example.org
+    ```
+
+??? info "`traefik.http.routers.<router_name>.tls.options`"
+    
+    See [options](../routers/index.md#options) for more information.
+    
+    ```yaml
+    traefik.http.routers.myrouter.tls.options=foobar
+    ```
+
+??? info "`traefik.http.routers.<router_name>.priority`"
+
+    See [priority](../routers/index.md#priority) for more information.
+
+    ```yaml
+    traefik.http.routers.myrouter.priority=42
+    ```
+
+### Services
+
+To update the configuration of the Service automatically attached to the service,
+add labels starting with `traefik.http.services.{name-of-your-choice}.`, followed by the option you want to change.
+
+For example, to change the `passHostHeader` behavior,
+you'd add the label `traefik.http.services.{name-of-your-choice}.loadbalancer.passhostheader=false`.
+
+!!! warning "The character `@` is not authorized in the service name `<service_name>`."
+
+??? info "`traefik.http.services.<service_name>.loadbalancer.server.port`"
+    
+    Registers a port.
+    Useful when the service exposes multiples ports.
+    
+    ```yaml
+    traefik.http.services.myservice.loadbalancer.server.port=8080
+    ```
+
+??? info "`traefik.http.services.<service_name>.loadbalancer.server.scheme`"
+    
+    Overrides the default scheme.
+    
+    ```yaml
+    traefik.http.services.myservice.loadbalancer.server.scheme=http
+    ```
+
+??? info "`traefik.http.services.<service_name>.loadbalancer.passhostheader`"
+
+    See [pass Host header](../services/index.md#pass-host-header) for more information.
+
+    ```yaml
+    traefik.http.services.myservice.loadbalancer.passhostheader=true
+    ```
+
+??? info "`traefik.http.services.<service_name>.loadbalancer.healthcheck.headers.<header_name>`"
+    
+    See [health check](../services/index.md#health-check) for more information.
+    
+    ```yaml
+    traefik.http.services.myservice.loadbalancer.healthcheck.headers.X-Foo=foobar
+    ```
+
+??? info "`traefik.http.services.<service_name>.loadbalancer.healthcheck.hostname`"
+    
+    See [health check](../services/index.md#health-check) for more information.
+    
+    ```yaml
+    traefik.http.services.myservice.loadbalancer.healthcheck.hostname=example.org
+    ```
+
+??? info "`traefik.http.services.<service_name>.loadbalancer.healthcheck.interval`"
+    
+    See [health check](../services/index.md#health-check) for more information.
+    
+    ```yaml
+    traefik.http.services.myservice.loadbalancer.healthcheck.interval=10
+    ```
+
+??? info "`traefik.http.services.<service_name>.loadbalancer.healthcheck.path`"
+    
+    See [health check](../services/index.md#health-check) for more information.
+    
+    ```yaml
+    traefik.http.services.myservice.loadbalancer.healthcheck.path=/foo
+    ```
+
+??? info "`traefik.http.services.<service_name>.loadbalancer.healthcheck.port`"
+    
+    See [health check](../services/index.md#health-check) for more information.
+    
+    ```yaml
+    traefik.http.services.myservice.loadbalancer.healthcheck.port=42
+    ```
+
+??? info "`traefik.http.services.<service_name>.loadbalancer.healthcheck.scheme`"
+    
+    See [health check](../services/index.md#health-check) for more information.
+    
+    ```yaml
+    traefik.http.services.myservice.loadbalancer.healthcheck.scheme=http
+    ```
+
+??? info "`traefik.http.services.<service_name>.loadbalancer.healthcheck.timeout`"
+    
+    See [health check](../services/index.md#health-check) for more information.
+    
+    ```yaml
+    traefik.http.services.myservice.loadbalancer.healthcheck.timeout=10
+    ```
+
+??? info "`traefik.http.services.<service_name>.loadbalancer.healthcheck.followredirects`"
+    
+    See [health check](../services/index.md#health-check) for more information.
+    
+    ```yaml
+    traefik.http.services.myservice.loadbalancer.healthcheck.followredirects=true
+    ```
+
+??? info "`traefik.http.services.<service_name>.loadbalancer.sticky`"
+    
+    See [sticky sessions](../services/index.md#sticky-sessions) for more information.
+    
+    ```yaml
+    traefik.http.services.myservice.loadbalancer.sticky=true
+    ```
+
+??? info "`traefik.http.services.<service_name>.loadbalancer.sticky.cookie.httponly`"
+    
+    See [sticky sessions](../services/index.md#sticky-sessions) for more information.
+    
+    ```yaml
+    traefik.http.services.myservice.loadbalancer.sticky.cookie.httponly=true
+    ```
+
+??? info "`traefik.http.services.<service_name>.loadbalancer.sticky.cookie.name`"
+    
+    See [sticky sessions](../services/index.md#sticky-sessions) for more information.
+    
+    ```yaml
+    traefik.http.services.myservice.loadbalancer.sticky.cookie.name=foobar
+    ```
+
+??? info "`traefik.http.services.<service_name>.loadbalancer.sticky.cookie.secure`"
+    
+    See [sticky sessions](../services/index.md#sticky-sessions) for more information.
+    
+    ```yaml
+    traefik.http.services.myservice.loadbalancer.sticky.cookie.secure=true
+    ```
+
+??? info "`traefik.http.services.<service_name>.loadbalancer.sticky.cookie.samesite`"
+    
+    See [sticky sessions](../services/index.md#sticky-sessions) for more information.
+    
+    ```yaml
+    traefik.http.services.myservice.loadbalancer.sticky.cookie.samesite=none
+    ```
+
+??? info "`traefik.http.services.<service_name>.loadbalancer.responseforwarding.flushinterval`"
+    
+    See [response forwarding](../services/index.md#response-forwarding) for more information.
+        
+    FlushInterval specifies the flush interval to flush to the client while copying the response body.
+    
+    ```yaml
+    traefik.http.services.myservice.loadbalancer.responseforwarding.flushinterval=10
+    ```
+
+### Middleware
+
+You can declare pieces of middleware using labels starting with `traefik.http.middlewares.{name-of-your-choice}.`, followed by the middleware type/options.
+
+For example, to declare a middleware [`redirectscheme`](../../middlewares/redirectscheme.md) named `my-redirect`, you'd write `traefik.http.middlewares.my-redirect.redirectscheme.scheme: https`.
+
+More information about available middlewares in the dedicated [middlewares section](../../middlewares/overview.md).
+
+!!! warning "The character `@` is not authorized in the middleware name."
+
+??? example "Declaring and Referencing a Middleware"
+    
+    ```yaml
+    # ...
+    # Declaring a middleware
+    traefik.http.middlewares.my-redirect.redirectscheme.scheme=https
+    # Referencing a middleware
+    traefik.http.routers.my-service.middlewares=my-redirect
+    ```
+
+!!! warning "Conflicts in Declaration"
+
+    If you declare multiple middleware with the same name but with different parameters, the middleware fails to be declared.
+
+### TCP
+
+You can declare TCP Routers and/or Services using labels.
+
+??? example "Declaring TCP Routers and Services"
+
+    ```yaml
+    traefik.tcp.routers.my-router.rule=HostSNI(`example.com`)
+    traefik.tcp.routers.my-router.tls=true
+    traefik.tcp.services.my-service.loadbalancer.server.port=4123
+    ```
+
+!!! warning "TCP and HTTP"
+
+    If you declare a TCP Router/Service, it will prevent Traefik from automatically creating an HTTP Router/Service (like it does by default if no TCP Router/Service is defined).
+    You can declare both a TCP Router/Service and an HTTP Router/Service for the same elastic service (but you have to do so manually).
+
+#### TCP Routers
+
+??? info "`traefik.tcp.routers.<router_name>.entrypoints`"
+    
+    See [entry points](../routers/index.md#entrypoints_1) for more information.
+    
+    ```yaml
+    traefik.tcp.routers.mytcprouter.entrypoints=ep1,ep2
+    ```
+
+??? info "`traefik.tcp.routers.<router_name>.rule`"
+    
+    See [rule](../routers/index.md#rule_1) for more information.
+    
+    ```yaml
+    traefik.tcp.routers.mytcprouter.rule=HostSNI(`example.com`)
+    ```
+
+??? info "`traefik.tcp.routers.<router_name>.service`"
+    
+    See [service](../routers/index.md#services) for more information.
+    
+    ```yaml
+    traefik.tcp.routers.mytcprouter.service=myservice
+    ```
+
+??? info "`traefik.tcp.routers.<router_name>.tls`"
+    
+    See [TLS](../routers/index.md#tls_1) for more information.
+    
+    ```yaml
+    traefik.tcp.routers.mytcprouter.tls=true
+    ```
+
+??? info "`traefik.tcp.routers.<router_name>.tls.certresolver`"
+    
+    See [certResolver](../routers/index.md#certresolver_1) for more information.
+    
+    ```yaml
+    traefik.tcp.routers.mytcprouter.tls.certresolver=myresolver
+    ```
+
+??? info "`traefik.tcp.routers.<router_name>.tls.domains[n].main`"
+    
+    See [domains](../routers/index.md#domains_1) for more information.
+    
+    ```yaml
+    traefik.tcp.routers.mytcprouter.tls.domains[0].main=example.org
+    ```
+
+??? info "`traefik.tcp.routers.<router_name>.tls.domains[n].sans`"
+    
+    See [domains](../routers/index.md#domains_1) for more information.
+    
+    ```yaml
+    traefik.tcp.routers.mytcprouter.tls.domains[0].sans=test.example.org,dev.example.org
+    ```
+
+??? info "`traefik.tcp.routers.<router_name>.tls.options`"
+    
+    See [options](../routers/index.md#options_1) for more information.
+    
+    ```yaml
+    traefik.tcp.routers.mytcprouter.tls.options=mysoptions
+    ```
+
+??? info "`traefik.tcp.routers.<router_name>.tls.passthrough`"
+    
+    See [TLS](../routers/index.md#tls_1) for more information.
+    
+    ```yaml
+    traefik.tcp.routers.mytcprouter.tls.passthrough=true
+    ```
+
+#### TCP Services
+
+??? info "`traefik.tcp.services.<service_name>.loadbalancer.server.port`"
+    
+    Registers a port of the application.
+    
+    ```yaml
+    traefik.tcp.services.mytcpservice.loadbalancer.server.port=423
+    ```
+
+??? info "`traefik.tcp.services.<service_name>.loadbalancer.terminationdelay`"
+        
+    See [termination delay](../services/index.md#termination-delay) for more information.
+    
+    ```yaml
+    traefik.tcp.services.mytcpservice.loadbalancer.terminationdelay=100
+    ```
+
+### UDP
+
+You can declare UDP Routers and/or Services using tags.
+
+??? example "Declaring UDP Routers and Services"
+
+    ```yaml
+    traefik.udp.routers.my-router.entrypoints=udp
+    traefik.udp.services.my-service.loadbalancer.server.port=4123
+    ```
+
+!!! warning "UDP and HTTP"
+
+    If you declare a UDP Router/Service, it will prevent Traefik from automatically creating an HTTP Router/Service (like it does by default if no UDP Router/Service is defined).
+    You can declare both a UDP Router/Service and an HTTP Router/Service for the same elastic service (but you have to do so manually).
+
+#### UDP Routers
+
+??? info "`traefik.udp.routers.<router_name>.entrypoints`"
+    
+    See [entry points](../routers/index.md#entrypoints_2) for more information.
+    
+    ```yaml
+    traefik.udp.routers.myudprouter.entrypoints=ep1,ep2
+    ```
+
+??? info "`traefik.udp.routers.<router_name>.service`"
+    
+    See [service](../routers/index.md#services_1) for more information.
+    
+    ```yaml
+    traefik.udp.routers.myudprouter.service=myservice
+    ```
+
+#### UDP Services
+
+??? info "`traefik.udp.services.<service_name>.loadbalancer.server.port`"
+    
+    Registers a port of the application.
+    
+    ```yaml
+    traefik.udp.services.myudpservice.loadbalancer.server.port=423
+    ```
+
+### Specific Provider Options
+
+#### `traefik.enable`
+
+```yaml
+traefik.enable=true
+```
+
+You can tell Traefik to consider (or not) the ECS service by setting `traefik.enable` to true or false.
+
+This option overrides the value of `exposedByDefault`.

docs/content/routing/providers/kubernetes-crd.md

@@ -43,7 +43,7 @@ The Kubernetes Ingress Controller, The Custom Resource Way.
           serviceAccountName: traefik-ingress-controller
           containers:
             - name: traefik
-              image: traefik:v2.2
+              image: traefik:v2.3
               args:
                 - --log.level=DEBUG
                 - --api
@@ -108,16 +108,16 @@ The Kubernetes Ingress Controller, The Custom Resource Way.
       name: myingressroute
       namespace: default
     
-      spec:
-        entryPoints:
-          - web
+    spec:
+      entryPoints:
+        - web
     
-        routes:
-          - match: Host(`foo`) && PathPrefix(`/bar`)
-            kind: Rule
-            services:
-            - name: whoami
-              port: 80
+      routes:
+      - match: Host(`foo`) && PathPrefix(`/bar`)
+        kind: Rule
+        services:
+        - name: whoami
+          port: 80
     
     ---
     apiVersion: traefik.containo.us/v1alpha1
@@ -126,15 +126,15 @@ The Kubernetes Ingress Controller, The Custom Resource Way.
       name: ingressroute.tcp
       namespace: default
     
-      spec:
-        entryPoints:
-          - tcpep
-        routes:
-          - match: HostSNI(`bar`)
-            kind: Rule
-            services:
-              - name: whoamitcp
-                port: 8080
+    spec:
+      entryPoints:
+        - tcpep
+      routes:
+      - match: HostSNI(`bar`)
+        kind: Rule
+        services:
+          - name: whoamitcp
+            port: 8080
     
     ---
     apiVersion: traefik.containo.us/v1alpha1
@@ -143,14 +143,14 @@ The Kubernetes Ingress Controller, The Custom Resource Way.
       name: ingressroute.udp
       namespace: default
     
-      spec:
-        entryPoints:
-          - fooudp
-        routes:
-          - kind: Rule
-            services:
-              - name: whoamiudp
-                port: 8080
+    spec:
+      entryPoints:
+        - fooudp
+      routes:
+      - kind: Rule
+        services:
+          - name: whoamiudp
+            port: 8080
     ```
     
     ```yaml tab="Whoami"
@@ -160,24 +160,24 @@ The Kubernetes Ingress Controller, The Custom Resource Way.
       name: whoami
       namespace: default
       labels:
-        app: containous
+        app: traefiklabs
         name: whoami
     
     spec:
       replicas: 2
       selector:
         matchLabels:
-          app: containous
+          app: traefiklabs
           task: whoami
       template:
         metadata:
           labels:
-            app: containous
+            app: traefiklabs
             task: whoami
         spec:
           containers:
-            - name: containouswhoami
-              image: containous/whoami
+            - name: whoami
+              image: traefik/whoami
               ports:
                 - containerPort: 80
     
@@ -193,7 +193,7 @@ The Kubernetes Ingress Controller, The Custom Resource Way.
         - name: http
           port: 80
       selector:
-        app: containous
+        app: traefiklabs
         task: whoami
     
     ---
@@ -203,24 +203,24 @@ The Kubernetes Ingress Controller, The Custom Resource Way.
       name: whoamitcp
       namespace: default
       labels:
-        app: containous
+        app: traefiklabs
         name: whoamitcp
     
     spec:
       replicas: 2
       selector:
         matchLabels:
-          app: containous
+          app: traefiklabs
           task: whoamitcp
       template:
         metadata:
           labels:
-            app: containous
+            app: traefiklabs
             task: whoamitcp
         spec:
           containers:
-            - name: containouswhoamitcp
-              image: containous/whoamitcp
+            - name: whoamitcp
+              image: traefik/whoamitcp
               ports:
                 - containerPort: 8080
     
@@ -236,7 +236,7 @@ The Kubernetes Ingress Controller, The Custom Resource Way.
         - protocol: TCP
           port: 8080
       selector:
-        app: containous
+        app: traefiklabs
         task: whoamitcp
     
     ---
@@ -246,24 +246,24 @@ The Kubernetes Ingress Controller, The Custom Resource Way.
       name: whoamiudp
       namespace: default
       labels:
-        app: containous
+        app: traefiklabs
         name: whoamiudp
     
     spec:
       replicas: 2
       selector:
         matchLabels:
-          app: containous
+          app: traefiklabs
           task: whoamiudp
       template:
         metadata:
           labels:
-            app: containous
+            app: traefiklabs
             task: whoamiudp
         spec:
           containers:
-            - name: containouswhoamiudp
-              image: containous/whoamiudp:dev
+            - name: whoamiudp
+              image: traefik/whoamiudp:latest
               ports:
                 - containerPort: 8080
     
@@ -278,7 +278,7 @@ The Kubernetes Ingress Controller, The Custom Resource Way.
       ports:
         - port: 8080
       selector:
-        app: containous
+        app: traefiklabs
         task: whoamiudp
     ```
 
@@ -687,7 +687,7 @@ More information in the dedicated server [load balancing](../services/index.md#l
         - name: http
           port: 80
       selector:
-        app: containous
+        app: traefiklabs
         task: app1
     ---
     apiVersion: v1
@@ -701,7 +701,7 @@ More information in the dedicated server [load balancing](../services/index.md#l
         - name: http
           port: 80
       selector:
-        app: containous
+        app: traefiklabs
         task: app2
     ```
 
@@ -780,7 +780,7 @@ More information in the dedicated [Weighted Round Robin](../services/index.md#we
         - name: http
           port: 80
       selector:
-        app: containous
+        app: traefiklabs
         task: app1
     ---
     apiVersion: v1
@@ -794,7 +794,7 @@ More information in the dedicated [Weighted Round Robin](../services/index.md#we
         - name: http
           port: 80
       selector:
-        app: containous
+        app: traefiklabs
         task: app2
     ---
     apiVersion: v1
@@ -808,7 +808,7 @@ More information in the dedicated [Weighted Round Robin](../services/index.md#we
         - name: http
           port: 80
       selector:
-        app: containous
+        app: traefiklabs
         task: app3
     ```
 
@@ -891,7 +891,7 @@ More information in the dedicated [mirroring](../services/index.md#mirroring-ser
         - name: http
           port: 80
       selector:
-        app: containous
+        app: traefiklabs
         task: app1
     ---
     apiVersion: v1
@@ -905,7 +905,7 @@ More information in the dedicated [mirroring](../services/index.md#mirroring-ser
         - name: http
           port: 80
       selector:
-        app: containous
+        app: traefiklabs
         task: app2
     ```
 
@@ -1026,7 +1026,7 @@ and there is a second level because each whoami service is a `replicaset` and is
         spec:
           containers:
             - name: whoami1
-              image: containous/whoami
+              image: traefik/whoami
               ports:
                 - name: web
                   containerPort: 80
@@ -1052,7 +1052,7 @@ and there is a second level because each whoami service is a `replicaset` and is
         spec:
           containers:
             - name: whoami2
-              image: containous/whoami
+              image: traefik/whoami
               ports:
                 - name: web
                   containerPort: 80

docs/content/routing/providers/kubernetes-ingress.md

@@ -32,8 +32,10 @@ which in turn will create the resulting routers, services, handlers, etc.
           - watch
       - apiGroups:
           - extensions
+          - networking.k8s.io
         resources:
           - ingresses
+          - ingressclasses
         verbs:
           - get
           - list
@@ -110,7 +112,7 @@ which in turn will create the resulting routers, services, handlers, etc.
           serviceAccountName: traefik-ingress-controller
           containers:
             - name: traefik
-              image: traefik:v2.2
+              image: traefik:v2.3
               args:
                 - --log.level=DEBUG
                 - --api
@@ -149,24 +151,24 @@ which in turn will create the resulting routers, services, handlers, etc.
     metadata:
       name: whoami
       labels:
-        app: containous
+        app: traefiklabs
         name: whoami
     
     spec:
       replicas: 2
       selector:
         matchLabels:
-          app: containous
+          app: traefiklabs
           task: whoami
       template:
         metadata:
           labels:
-            app: containous
+            app: traefiklabs
             task: whoami
         spec:
           containers:
-            - name: containouswhoami
-              image: containous/whoami
+            - name: whoami
+              image: traefik/whoami
               ports:
                 - containerPort: 80
     
@@ -181,7 +183,7 @@ which in turn will create the resulting routers, services, handlers, etc.
         - name: http
           port: 80
       selector:
-        app: containous
+        app: traefiklabs
         task: whoami
     ```
 
@@ -322,9 +324,23 @@ which in turn will create the resulting routers, services, handlers, etc.
     traefik.ingress.kubernetes.io/service.sticky.cookie.httponly: "true"
     ```
 
-### TLS
+## Path Types on Kubernetes 1.18+
+              
+If the Kubernetes cluster version is 1.18+,
+the new `pathType` property can be leveraged to define the rules matchers:
 
-#### Communication Between Traefik and Pods
+- `Exact`: This path type forces the rule matcher to `Path`
+- `Prefix`: This path type forces the rule matcher to `PathPrefix`
+
+Please see [this documentation](https://kubernetes.io/docs/concepts/services-networking/ingress/#path-types) for more information.
+
+!!! warning "Multiple Matches"
+    In the case of multiple matches, Traefik will not ensure the priority of a Path matcher over a PathPrefix matcher,
+    as stated in [this documentation](https://kubernetes.io/docs/concepts/services-networking/ingress/#multiple-matches).
+
+## TLS
+
+### Communication Between Traefik and Pods
 
 Traefik automatically requests endpoint information based on the service provided in the ingress spec.
 Although Traefik will connect directly to the endpoints (pods),
@@ -346,7 +362,7 @@ and will connect via TLS automatically.
     If this is not an option, you may need to skip TLS certificate verification.
     See the [insecureSkipVerify](../../routing/overview.md#insecureskipverify) setting for more details.
 
-#### Certificates Management
+### Certificates Management
 
 ??? example "Using a secret"
     

docs/content/routing/routers/index.md

@@ -228,18 +228,17 @@ If the rule is verified, the router becomes active, calls middlewares, and then
 
 The table below lists all the available matchers:
 
-| Rule                                                                   | Description                                                                                                                                                                                                     |
-|------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| ```Headers(`key`, `value`)```                                          | Check if there is a key `key`defined in the headers, with the value `value`                                                                                                                                     |
-| ```HeadersRegexp(`key`, `regexp`)```                                   | Check if there is a key `key`defined in the headers, with a value that matches the regular expression `regexp`                                                                                                  |
-| ```Host(`example.com`, ...)```                                         | By default, is equivalent to `HostHeader` **AND** `HostSNI` rules. See [Domain Fronting](../../https/tls.md#domain-fronting) and the [migration guide](../../migration/v2.md#domain-fronting) for more details. |
-| ```HostHeader(`example.com`, ...)```                                   | Check if the request domain (host header value) targets one of the given `domains`.                                                                                                                             |
-| ```HostSNI(`example.com`, ...)```                                      | Check if the [Server Name Indication](https://en.wikipedia.org/wiki/Server_Name_Indication) corresponds to the given `domains`.                                                                                 |
-| ```HostRegexp(`example.com`, `{subdomain:[a-z]+}.example.com`, ...)``` | Check if the request domain matches the given `regexp`.                                                                                                                                                         |
-| ```Method(`GET`, ...)```                                               | Check if the request method is one of the given `methods` (`GET`, `POST`, `PUT`, `DELETE`, `PATCH`)                                                                                                             |
-| ```Path(`/path`, `/articles/{cat:[a-z]+}/{id:[0-9]+}`, ...)```         | Match exact request path. It accepts a sequence of literal and regular expression paths.                                                                                                                        |
-| ```PathPrefix(`/products/`, `/articles/{cat:[a-z]+}/{id:[0-9]+}`)```   | Match request prefix path. It accepts a sequence of literal and regular expression prefix paths.                                                                                                                |
-| ```Query(`foo=bar`, `bar=baz`)```                                      | Match Query String parameters. It accepts a sequence of key=value pairs.                                                                                                                                        | 
+| Rule                                                                   | Description                                                                                                    |
+|------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------|
+| ```Headers(`key`, `value`)```                                          | Check if there is a key `key`defined in the headers, with the value `value`                                    |
+| ```HeadersRegexp(`key`, `regexp`)```                                   | Check if there is a key `key`defined in the headers, with a value that matches the regular expression `regexp` |
+| ```Host(`example.com`, ...)```                                         | Check if the request domain (host header value) targets one of the given `domains`.                            |
+| ```HostHeader(`example.com`, ...)```                                   | Check if the request domain (host header value) targets one of the given `domains`.                            |
+| ```HostRegexp(`example.com`, `{subdomain:[a-z]+}.example.com`, ...)``` | Check if the request domain matches the given `regexp`.                                                        |
+| ```Method(`GET`, ...)```                                               | Check if the request method is one of the given `methods` (`GET`, `POST`, `PUT`, `DELETE`, `PATCH`)            |
+| ```Path(`/path`, `/articles/{cat:[a-z]+}/{id:[0-9]+}`, ...)```         | Match exact request path. It accepts a sequence of literal and regular expression paths.                       |
+| ```PathPrefix(`/products/`, `/articles/{cat:[a-z]+}/{id:[0-9]+}`)```   | Match request prefix path. It accepts a sequence of literal and regular expression prefix paths.               |
+| ```Query(`foo=bar`, `bar=baz`)```                                      | Match Query String parameters. It accepts a sequence of key=value pairs.                                       |
 
 !!! important "Regexp Syntax"
 
@@ -473,6 +472,11 @@ It refers to a [TLS Options](../../https/tls.md#tls-options) and will be applied
     the TLS option is picked from the mapping mentioned above and based on the server name provided during the TLS handshake,
     and it all happens before routing actually occurs.
 
+!!! info "Domain Fronting"
+
+    In the case of domain fronting,
+    if the TLS options associated with the Host Header and the SNI are different then Traefik will respond with a status code `421`.
+
 ??? example "Configuring the TLS options"
 
     ```toml tab="File (TOML)"

docs/content/routing/services/index.md

@@ -317,7 +317,7 @@ Below are the available options for the health check mechanism:
 
 - `path` is appended to the server URL to set the health check endpoint.
 - `scheme`, if defined, will replace the server URL `scheme` for the health check endpoint
-- `hostname`, if defined, will replace the server URL `hostname` for the health check endpoint.
+- `hostname`, if defined, will apply `Host` header `hostname` to the health check request.
 - `port`, if defined, will replace the server URL `port` for the health check endpoint.
 - `interval` defines the frequency of the health check calls.
 - `timeout` defines the maximum duration Traefik will wait for a health check request before considering the server failed (unhealthy).
@@ -592,7 +592,7 @@ http:
         # maxBodySize is the maximum size allowed for the body of the request.
         # If the body is larger, the request is not mirrored.
         # Default value is -1, which means unlimited size.
-        maxBodySize = 1024
+        maxBodySize: 1024
         mirrors:
         - name: appv2
           percent: 10

docs/content/user-guides/crd-acme/03-deployments.yml

@@ -26,7 +26,7 @@ spec:
       serviceAccountName: traefik-ingress-controller
       containers:
         - name: traefik
-          image: traefik:v2.2
+          image: traefik:v2.3
           args:
             - --api.insecure
             - --accesslog
@@ -68,7 +68,7 @@ spec:
     spec:
       containers:
         - name: whoami
-          image: containous/whoami
+          image: traefik/whoami
           ports:
             - name: web
               containerPort: 80

docs/content/user-guides/crd-acme/index.md

@@ -51,7 +51,7 @@ Also note the RBAC authorization resources; they'll be referenced through the `s
 
 ### Services
 
-Then, the services. One for Traefik itself, and one for the app it routes for, i.e. in this case our demo HTTP server: [whoami](https://github.com/containous/whoami).
+Then, the services. One for Traefik itself, and one for the app it routes for, i.e. in this case our demo HTTP server: [whoami](https://github.com/traefik/whoami).
 
 ```yaml
 --8<-- "content/user-guides/crd-acme/02-services.yml"

docs/content/user-guides/crd-acme/k3s.yml

@@ -26,5 +26,5 @@ node:
     - K3S_CLUSTER_SECRET=somethingtotallyrandom
   volumes:
     # this is where you would place a alternative traefik image (saved as a .tar file with
-    # 'docker save'), if you want to use it, instead of the traefik:v2.2 image.
+    # 'docker save'), if you want to use it, instead of the traefik:v2.3 image.
     - /sowewhere/on/your/host/custom-image:/var/lib/rancher/k3s/agent/images

docs/content/user-guides/docker-compose/acme-dns/docker-compose.yml

@@ -3,7 +3,7 @@ version: "3.3"
 services:
 
   traefik:
-    image: "traefik:v2.2"
+    image: "traefik:v2.3"
     container_name: "traefik"
     command:
       #- "--log.level=DEBUG"
@@ -31,7 +31,7 @@ services:
       - "/var/run/docker.sock:/var/run/docker.sock:ro"
 
   whoami:
-    image: "containous/whoami"
+    image: "traefik/whoami"
     container_name: "simple-service"
     labels:
       - "traefik.enable=true"

docs/content/user-guides/docker-compose/acme-dns/docker-compose_secrets.yml

@@ -13,7 +13,7 @@ secrets:
 services:
 
   traefik:
-    image: "traefik:v2.2"
+    image: "traefik:v2.3"
     container_name: "traefik"
     command:
       #- "--log.level=DEBUG"
@@ -46,7 +46,7 @@ services:
       - "/var/run/docker.sock:/var/run/docker.sock:ro"
 
   whoami:
-    image: "containous/whoami"
+    image: "traefik/whoami"
     container_name: "simple-service"
     labels:
       - "traefik.enable=true"

docs/content/user-guides/docker-compose/acme-http/docker-compose.yml

@@ -3,7 +3,7 @@ version: "3.3"
 services:
 
   traefik:
-    image: "traefik:v2.2"
+    image: "traefik:v2.3"
     container_name: "traefik"
     command:
       #- "--log.level=DEBUG"
@@ -26,7 +26,7 @@ services:
       - "/var/run/docker.sock:/var/run/docker.sock:ro"
 
   whoami:
-    image: "containous/whoami"
+    image: "traefik/whoami"
     container_name: "simple-service"
     labels:
       - "traefik.enable=true"

docs/content/user-guides/docker-compose/acme-tls/docker-compose.yml

@@ -3,7 +3,7 @@ version: "3.3"
 services:
 
   traefik:
-    image: "traefik:v2.2"
+    image: "traefik:v2.3"
     container_name: "traefik"
     command:
       #- "--log.level=DEBUG"
@@ -23,7 +23,7 @@ services:
       - "/var/run/docker.sock:/var/run/docker.sock:ro"
 
   whoami:
-    image: "containous/whoami"
+    image: "traefik/whoami"
     container_name: "simple-service"
     labels:
       - "traefik.enable=true"

docs/content/user-guides/docker-compose/basic-example/docker-compose.yml

@@ -3,7 +3,7 @@ version: "3.3"
 services:
 
   traefik:
-    image: "traefik:v2.2"
+    image: "traefik:v2.3"
     container_name: "traefik"
     command:
       #- "--log.level=DEBUG"
@@ -18,7 +18,7 @@ services:
       - "/var/run/docker.sock:/var/run/docker.sock:ro"
 
   whoami:
-    image: "containous/whoami"
+    image: "traefik/whoami"
     container_name: "simple-service"
     labels:
       - "traefik.enable=true"

docs/content/user-guides/docker-compose/basic-example/index.md

@@ -35,7 +35,7 @@ This will also be used as a starting point for the other docker-compose guides.
 
 ## Details
 
-- As an example we use [whoami](https://github.com/containous/whoami) (a tiny Go server that prints os information and HTTP request to output) which was used to define our `simple-service` container.
+- As an example we use [whoami](https://github.com/traefik/whoami) (a tiny Go server that prints os information and HTTP request to output) which was used to define our `simple-service` container.
 
 - We define an entry point, along with the exposure of the matching port within docker-compose, which basically allow us to "open and accept" HTTP traffic: