shaba/traefik
1
0
Fork 0
mirror of https://github.com/containous/traefik.git synced 2025-09-08 13:44:22 +03:00
Code Releases Activity

Compare commits

base: shaba:v2.8.0-rc1
Branches Tags
shaba:master shaba:v3.5 shaba:v2.11 shaba:v3.4 shaba:v3.3 shaba:v3.2 shaba:v3.1 shaba:v3.0 shaba:v1.0 shaba:v1.1 shaba:v1.2 shaba:v1.3 shaba:v1.4 shaba:v2.10 shaba:v1.5 shaba:v1.6 shaba:v1.7 shaba:v2.0 shaba:v2.1 shaba:v2.2 shaba:v2.6 shaba:v2.7 shaba:v2.8 shaba:v2.9 shaba:v2.3 shaba:v2.4 shaba:v2.5
shaba:v3.5.1 shaba:v2.11.29 shaba:v3.5.0 shaba:v3.4.5 shaba:v2.11.28 shaba:v3.5.0-rc2 shaba:v3.4.4 shaba:v2.11.27 shaba:v3.5.0-rc1 shaba:v3.4.3 shaba:v3.4.2 shaba:v2.11.26 shaba:v3.4.1 shaba:v2.11.25 shaba:v3.4.0 shaba:v3.3.7 shaba:v3.4.0-rc2 shaba:v3.3.6 shaba:v2.11.24 shaba:v2.11.23 shaba:v3.4.0-rc1 shaba:v3.3.5 shaba:v2.11.22 shaba:v3.3.4 shaba:v2.11.21 shaba:v3.3.3 shaba:v2.11.20 shaba:v2.11.19 shaba:v3.3.2 shaba:v2.11.18 shaba:v3.3.1 shaba:v3.2.5 shaba:v3.3.0 shaba:v3.2.4 shaba:v2.11.17 shaba:v3.3.0-rc2 shaba:v3.3.0-rc1 shaba:v3.2.3 shaba:v2.11.16 shaba:v3.2.2 shaba:v2.11.15 shaba:v3.2.1 shaba:v2.11.14 shaba:v3.2.0 shaba:v3.1.7 shaba:v2.11.13 shaba:v3.2.0-rc2 shaba:v3.1.6 shaba:v2.11.12 shaba:v3.2.0-rc1 shaba:v3.1.5 shaba:v2.11.11 shaba:v3.1.4 shaba:v2.11.10 shaba:v3.1.3 shaba:v2.11.9 shaba:v3.1.2 shaba:v2.11.8 shaba:v3.1.1 shaba:v2.11.7 shaba:v3.1.0 shaba:v3.1.0-rc3 shaba:v3.0.4 shaba:v2.11.6 shaba:v3.1.0-rc2 shaba:v3.1.0-rc1 shaba:v3.0.3 shaba:v2.11.5 shaba:v3.0.2 shaba:v2.11.4 shaba:v3.0.1 shaba:v2.11.3 shaba:v3.0.0 shaba:v3.0.0-rc5 shaba:v2.11.2 shaba:v3.0.0-rc4 shaba:v2.11.1 shaba:v3.0.0-rc3 shaba:v3.0.0-rc2 shaba:v3.0.0-rc1 shaba:v2.11.0 shaba:v2.11.0-rc2 shaba:v2.11.0-rc1 shaba:v2.10.7 shaba:v3.0.0-beta5 shaba:v2.10.6 shaba:v3.0.0-beta4 shaba:v2.10.5 shaba:v2.10.4 shaba:v3.0.0-beta3 shaba:v2.10.3 shaba:v2.10.2 shaba:v2.10.1 shaba:v2.10.0 shaba:v2.10.0-rc2 shaba:v2.9.10 shaba:v2.10.0-rc1 shaba:v2.9.9 shaba:v2.9.8 shaba:v2.9.7 shaba:v3.0.0-beta2 shaba:v2.9.6 shaba:v3.0.0-beta1 shaba:v2.9.5 shaba:v2.9.4 shaba:v2.9.3 shaba:v2.9.2 shaba:v2.9.1 shaba:v2.9.0-rc5 shaba:v2.8.8 shaba:v2.8.7 shaba:v2.9.0-rc4 shaba:v2.8.6 shaba:v2.9.0-rc3 shaba:v2.9.0-rc2 shaba:v2.9.0-rc1 shaba:v2.8.5 shaba:v2.8.4 shaba:v2.8.3 shaba:v2.8.2 shaba:v2.8.1 shaba:v2.8.0 shaba:v2.7.3 shaba:v2.8.0-rc2 shaba:v2.7.2 shaba:v2.8.0-rc1 shaba:v2.7.1 shaba:v2.7.0 shaba:v2.6.7 shaba:v2.6.6 shaba:v2.6.5 shaba:v2.6.4 shaba:v2.7.0-rc2 shaba:v2.6.3 shaba:v2.7.0-rc1 shaba:v2.6.2 shaba:v2.6.1 shaba:v2.6.0 shaba:v2.6.0-rc3 shaba:v2.5.7 shaba:v2.6.0-rc2 shaba:v2.5.6 shaba:v2.6.0-rc1 shaba:v1.7.34 shaba:v2.5.5 shaba:v2.5.4 shaba:v1.7.33 shaba:v1.7.32 shaba:v1.7.31 shaba:v2.5.3 shaba:v2.5.2 shaba:v2.5.1 shaba:v2.5.0 shaba:v2.4.14 shaba:v2.5.0-rc6 shaba:v2.5.0-rc5 shaba:v2.5.0-rc4 shaba:v2.4.13 shaba:v2.4.12 shaba:v2.5.0-rc3 shaba:v2.4.11 shaba:v2.4.10 shaba:v2.5.0-rc2 shaba:v2.5.0-rc1 shaba:v2.4.9 shaba:v1.7.30 shaba:v1.7.29 shaba:v2.4.8 shaba:v2.4.7 shaba:v2.4.6 shaba:v2.4.5 shaba:v2.4.4 shaba:v2.4.3 shaba:v2.4.2 shaba:v2.4.1 shaba:v2.4.0 shaba:v1.7.28 shaba:v1.7.27 shaba:v2.4.0-rc2 shaba:v2.3.7 shaba:v2.3.6 shaba:v2.4.0-rc1 shaba:v2.3.5 shaba:v2.3.4 shaba:v2.3.3 shaba:v2.3.2 shaba:v2.3.1 shaba:v2.3.0 shaba:v2.3.0-rc7 shaba:v2.3.0-rc6 shaba:v2.3.0-rc5 shaba:v2.2.11 shaba:v2.2.10 shaba:v2.3.0-rc4 shaba:v2.3.0-rc3 shaba:v2.2.8 shaba:v1.7.26 shaba:v2.2.7 shaba:v2.2.6 shaba:v2.3.0-rc2 shaba:v2.3.0-rc1 shaba:v1.7.25 shaba:v2.2.5 shaba:v2.2.4 shaba:v2.2.3 shaba:v2.2.2 shaba:v2.2.1 shaba:v2.2.0 shaba:v1.7.24 shaba:v2.1.9 shaba:v1.7.23 shaba:v2.2.0-rc4 shaba:v2.1.8 shaba:v2.2.0-rc3 shaba:v2.1.7 shaba:v1.7.22 shaba:v2.2.0-rc2 shaba:v2.2.0-rc1 shaba:v2.1.6 shaba:v2.1.5 shaba:v1.7.21 shaba:v2.1.4 shaba:v2.1.3 shaba:v2.1.2 shaba:v2.1.1 shaba:v2.1.0 shaba:v1.7.20 shaba:v2.0.7 shaba:v2.1.0-rc3 shaba:v2.0.6 shaba:v2.1.0-rc2 shaba:v2.1.0-rc1 shaba:v2.0.5 shaba:v2.0.4 shaba:v2.0.3 shaba:v1.7.19 shaba:v2.0.2 shaba:v2.0.1 shaba:v1.7.18 shaba:v1.7.17 shaba:v2.0.0 shaba:v2.0.0-rc4 shaba:v1.7.16 shaba:v1.7.15 shaba:v2.0.0-rc3 shaba:v2.0.0-rc2 shaba:v2.0.0-rc1 shaba:v1.7.14 shaba:v1.7.13 shaba:v2.0.0-beta1 shaba:v2.0.0-alpha8 shaba:v2.0.0-alpha7 shaba:v2.0.0-alpha6 shaba:v2.0.0-alpha5 shaba:v1.7.12 shaba:v1.7.11 shaba:v2.0.0-alpha4 shaba:v2.0.0-alpha3 shaba:v1.7.10 shaba:v2.0.0-alpha2 shaba:v2.0.0-alpha1 shaba:v1.7.9 shaba:v1.7.8 shaba:v1.7.7 shaba:v1.7.6 shaba:v1.7.5 shaba:v1.7.4 shaba:v1.7.3 shaba:v1.7.2 shaba:v1.7.1 shaba:v1.7.0 shaba:v1.7.0-rc5 shaba:v1.7.0-rc4 shaba:v1.6.6 shaba:v1.7.0-rc3 shaba:v1.7.0-rc2 shaba:v1.6.5 shaba:v1.7.0-rc1 shaba:v1.6.4 shaba:v1.6.3 shaba:v1.6.2 shaba:v1.6.1 shaba:v1.6.0 shaba:v1.6.0-rc6 shaba:v1.6.0-rc5 shaba:v1.6.0-rc4 shaba:v1.6.0-rc3 shaba:v1.6.0-rc2 shaba:v1.6.0-rc1 shaba:v1.5.4 shaba:v1.5.3 shaba:v1.5.2 shaba:v1.5.1 shaba:v1.5.0 shaba:v1.5.0-rc5 shaba:v1.5.0-rc4 shaba:v1.4.6 shaba:v1.5.0-rc3 shaba:v1.5.0-rc2 shaba:v1.4.5 shaba:v1.5.0-rc1 shaba:v1.4.4 shaba:v1.4.3 shaba:v1.4.2 shaba:v1.4.1 shaba:v1.4.0 shaba:v1.4.0-rc5 shaba:v1.4.0-rc4 shaba:v1.4.0-rc3 shaba:v1.4.0-rc2 shaba:v1.3.8 shaba:v1.4.0-rc1 shaba:v1.3.7 shaba:v1.3.6 shaba:v1.3.5 shaba:v1.3.4 shaba:v1.3.3 shaba:v1.3.2 shaba:v1.3.1 shaba:v1.3.0 shaba:v1.3.0-rc3 shaba:v1.3.0-rc2 shaba:v1.3.0-rc1 shaba:v1.2.3 shaba:v1.2.2 shaba:v1.2.1 shaba:v1.2.0 shaba:v1.2.0-rc2 shaba:v1.2.0-rc1 shaba:v1.1.2 shaba:v1.1.1 shaba:v1.1.0 shaba:v1.1.0-rc4 shaba:v1.1.0-rc3 shaba:v1.1.0-rc2 shaba:v1.1.0-rc1 shaba:v1.0.3 shaba:v1.0.2 shaba:v1.0.1 shaba:v1.0.0 shaba:v1.0.0-rc3 shaba:v1.0.0-rc2 shaba:v1.0.0-rc1 shaba:v1.0.0-beta.809 shaba:v1.0.0-beta.804 shaba:v1.0.0-beta.794 shaba:v1.0.0-beta.784 shaba:v1.0.0-beta.771 shaba:v1.0.0-beta.767 shaba:v1.0.0-beta.756 shaba:v1.0.0-beta.754 shaba:v1.0.0-beta.744 shaba:v1.0.0-beta.732 shaba:v1.0.0-beta.723 shaba:v1.0.0-beta.721 shaba:v1.0.0-beta.712 shaba:v1.0.0-beta.704 shaba:v1.0.0-beta.695 shaba:v1.0.0-beta.692 shaba:v1.0.0-beta.682 shaba:v1.0.0-beta.676 shaba:v1.0.0-beta.673 shaba:v1.0.0-beta.666 shaba:v1.0.0-beta.652 shaba:v1.0.0-beta.644 shaba:v1.0.0-beta.621 shaba:v1.0.0-beta.614 shaba:v1.0.0-beta.610 shaba:v1.0.0-beta.601 shaba:v1.0.0-beta.582 shaba:v1.0.0-beta.576 shaba:v1.0.0-beta.573 shaba:v1.0.0-beta.555 shaba:v1.0.0-beta.548 shaba:v1.0.0-beta.545 shaba:v1.0.0-beta.524 shaba:v1.0.0-beta.513 shaba:v1.0.0-beta.508 shaba:v1.0.0-beta.505 shaba:v1.0.0-beta.484 shaba:v1.0.0-beta.481 shaba:v1.0.0-beta.475 shaba:v1.0.0-beta.470 shaba:v1.0.0-beta.453 shaba:v1.0.0-beta.442 shaba:v1.0.0-beta.440 shaba:v1.0.0-beta.436 shaba:v1.0.0-beta.433 shaba:v1.0.0-beta.427 shaba:v1.0.0-beta.421 shaba:v1.0.0-beta.416 shaba:v1.0.0-beta.408 shaba:v1.0.0-beta.404 shaba:v1.0.0-beta.395 shaba:v1.0.0-beta.392 shaba:v1.0.0-beta.374 shaba:v1.0.0-beta.366 shaba:v1.0.0-beta.355 shaba:v1.0.0-beta.352 shaba:v1.0.0-beta.341 shaba:v1.0.0-beta.339 shaba:v1.0.0-beta.324 shaba:v1.0.0-beta.300 shaba:v1.0.0-beta.291 shaba:v1.0.0-beta.289 shaba:v1.0.0-beta.287 shaba:v1.0.0-beta.280 shaba:v1.0.0-beta.277 shaba:v1.0.0-beta.254 shaba:v1.0.0-beta.247 shaba:v1.0.0-beta.224 shaba:v1.0.0-beta.220 shaba:v1.0.0-beta.212 shaba:v1.0.0-beta.211 shaba:v1.0.alpha.4c447985b63f8c90dcbde70b2eaef19d9a8c5ad2 shaba:v1.0.alpha.9830086790caf40ce30eb9ed5d317917f8157708 shaba:v1.0.alpha.3af21612b65fc578585a98c30090d1e613f791eb shaba:v1.0.alpha.a458018aa2ccb637abacfc696157e00321cf982f shaba:v1.0.alpha.4ded2682d2831ed703282b2f4585e17a62ee258e shaba:v1.0.alpha.0e683cc5355bc507dabac68bbc7559d3f179e185 shaba:v1.0.alpha.11781087cadf9068d1d0b43902b6161ee10ea458 shaba:v1.0.alpha.b42b170ad29a0f042ddee0f5a5098aa9a59a9c8e shaba:v1.0.alpha.a00eb81f0301f5e61024dea3b92ba632d6a61a8b shaba:v1.0.alpha.6c3c5578c64125838abbc437a0242e1742d6f47a shaba:v1.0.alpha.b84b95fe97df5c0f234d8693fbff03fa0d6a441b shaba:v1.0.alpha.1a5668377cc840a35d233a0eb817ee9bacf0ba3e shaba:v1.0.alpha.331cd173ce8ad858d767510fbcbc653e2dde657d shaba:v1.0.alpha.e0872b61579c8e6b8fc6124c8836660c11840f5d shaba:v1.0.alpha.99646544953d5793f18ccb22dae2458be4ba0e05 shaba:v1.0.alpha.7acc2beae0f0235d9408e8ed7a51f0ef3dae3aff shaba:v1.0.alpha.ac56c1310c46f9c18dcad9d7ec680926fae821bb shaba:v1.0.alpha.71b0e27517841ec7b911bafb109846ee96109f30 shaba:v1.0.alpha.60e9282f0adac48cbf283306ceb08ad7a31ac94b shaba:v1.0.alpha.522 shaba:v1.0.alpha.516 shaba:v1.0.alpha.506 shaba:v1.0.alpha.481 shaba:v1.0.alpha.477 shaba:v1.0.alpha.471 shaba:v1.0.alpha.469 shaba:v1.0.alpha.463 shaba:v1.0.alpha.450 shaba:v1.0.alpha.443 shaba:v1.0.alpha.439 shaba:v1.0.alpha.425 shaba:v1.0.alpha.421 shaba:v1.0.alpha.418 shaba:v1.0.alpha.412 shaba:v1.0.alpha.404 shaba:v1.0.alpha.392 shaba:v1.0.alpha.374 shaba:v1.0.alpha.367 shaba:v1.0.alpha.364 shaba:v1.0.alpha.361 shaba:v1.0.alpha.358 shaba:v1.0.alpha.357 shaba:v1.0.alpha.341 shaba:v1.0.alpha.338 shaba:v1.0.alpha.336 shaba:v1.0.alpha.333 shaba:v1.0.alpha.329 shaba:v1.0.alpha.311 shaba:v1.0.alpha.306 shaba:v1.0.alpha.302 shaba:v1.0.alpha.291 shaba:v1.0.alpha.290 shaba:v1.0.alpha.288 shaba:v1.0.alpha.285 shaba:v1.0.alpha.275 shaba:v1.0.alpha.274 shaba:v1.0.alpha.273 shaba:v1.0.alpha.272 shaba:v1.0.alpha.271 shaba:v1.0.alpha.270 shaba:v1.0.alpha.268 shaba:v1.0.alpha.269 shaba:v1.0.alpha.267 shaba:v1.0.alpha.266 shaba:v1.0.alpha.263 shaba:v1.0.alpha.257 shaba:v1.0.alpha.256 shaba:v1.0.alpha.251 shaba:v1.0.alpha.252 shaba:v1.0.alpha.250 shaba:v1.0.alpha.249 shaba:v1.0.alpha.247 shaba:v1.0.alpha.228 shaba:v1.0.alpha.217 shaba:v1.0.alpha.216 shaba:v1.0.alpha.215 shaba:v1.0.alpha.212 shaba:v1.0.alpha.200 shaba:v1.0.alpha.186 shaba:v1.0.alpha.182 shaba:v1.0.alpha.178 shaba:v1.0.alpha.176 shaba:v1.0.alpha.171 shaba:v1.0.alpha.170 shaba:v1.0.alpha.164 shaba:v1.0.alpha.157 shaba:v1.0
...
compare: shaba:v2.8
Branches Tags
shaba:master shaba:v3.5 shaba:v2.11 shaba:v3.4 shaba:v3.3 shaba:v3.2 shaba:v3.1 shaba:v3.0 shaba:v1.0 shaba:v1.1 shaba:v1.2 shaba:v1.3 shaba:v1.4 shaba:v2.10 shaba:v1.5 shaba:v1.6 shaba:v1.7 shaba:v2.0 shaba:v2.1 shaba:v2.2 shaba:v2.6 shaba:v2.7 shaba:v2.8 shaba:v2.9 shaba:v2.3 shaba:v2.4 shaba:v2.5
shaba:v3.5.1 shaba:v2.11.29 shaba:v3.5.0 shaba:v3.4.5 shaba:v2.11.28 shaba:v3.5.0-rc2 shaba:v3.4.4 shaba:v2.11.27 shaba:v3.5.0-rc1 shaba:v3.4.3 shaba:v3.4.2 shaba:v2.11.26 shaba:v3.4.1 shaba:v2.11.25 shaba:v3.4.0 shaba:v3.3.7 shaba:v3.4.0-rc2 shaba:v3.3.6 shaba:v2.11.24 shaba:v2.11.23 shaba:v3.4.0-rc1 shaba:v3.3.5 shaba:v2.11.22 shaba:v3.3.4 shaba:v2.11.21 shaba:v3.3.3 shaba:v2.11.20 shaba:v2.11.19 shaba:v3.3.2 shaba:v2.11.18 shaba:v3.3.1 shaba:v3.2.5 shaba:v3.3.0 shaba:v3.2.4 shaba:v2.11.17 shaba:v3.3.0-rc2 shaba:v3.3.0-rc1 shaba:v3.2.3 shaba:v2.11.16 shaba:v3.2.2 shaba:v2.11.15 shaba:v3.2.1 shaba:v2.11.14 shaba:v3.2.0 shaba:v3.1.7 shaba:v2.11.13 shaba:v3.2.0-rc2 shaba:v3.1.6 shaba:v2.11.12 shaba:v3.2.0-rc1 shaba:v3.1.5 shaba:v2.11.11 shaba:v3.1.4 shaba:v2.11.10 shaba:v3.1.3 shaba:v2.11.9 shaba:v3.1.2 shaba:v2.11.8 shaba:v3.1.1 shaba:v2.11.7 shaba:v3.1.0 shaba:v3.1.0-rc3 shaba:v3.0.4 shaba:v2.11.6 shaba:v3.1.0-rc2 shaba:v3.1.0-rc1 shaba:v3.0.3 shaba:v2.11.5 shaba:v3.0.2 shaba:v2.11.4 shaba:v3.0.1 shaba:v2.11.3 shaba:v3.0.0 shaba:v3.0.0-rc5 shaba:v2.11.2 shaba:v3.0.0-rc4 shaba:v2.11.1 shaba:v3.0.0-rc3 shaba:v3.0.0-rc2 shaba:v3.0.0-rc1 shaba:v2.11.0 shaba:v2.11.0-rc2 shaba:v2.11.0-rc1 shaba:v2.10.7 shaba:v3.0.0-beta5 shaba:v2.10.6 shaba:v3.0.0-beta4 shaba:v2.10.5 shaba:v2.10.4 shaba:v3.0.0-beta3 shaba:v2.10.3 shaba:v2.10.2 shaba:v2.10.1 shaba:v2.10.0 shaba:v2.10.0-rc2 shaba:v2.9.10 shaba:v2.10.0-rc1 shaba:v2.9.9 shaba:v2.9.8 shaba:v2.9.7 shaba:v3.0.0-beta2 shaba:v2.9.6 shaba:v3.0.0-beta1 shaba:v2.9.5 shaba:v2.9.4 shaba:v2.9.3 shaba:v2.9.2 shaba:v2.9.1 shaba:v2.9.0-rc5 shaba:v2.8.8 shaba:v2.8.7 shaba:v2.9.0-rc4 shaba:v2.8.6 shaba:v2.9.0-rc3 shaba:v2.9.0-rc2 shaba:v2.9.0-rc1 shaba:v2.8.5 shaba:v2.8.4 shaba:v2.8.3 shaba:v2.8.2 shaba:v2.8.1 shaba:v2.8.0 shaba:v2.7.3 shaba:v2.8.0-rc2 shaba:v2.7.2 shaba:v2.8.0-rc1 shaba:v2.7.1 shaba:v2.7.0 shaba:v2.6.7 shaba:v2.6.6 shaba:v2.6.5 shaba:v2.6.4 shaba:v2.7.0-rc2 shaba:v2.6.3 shaba:v2.7.0-rc1 shaba:v2.6.2 shaba:v2.6.1 shaba:v2.6.0 shaba:v2.6.0-rc3 shaba:v2.5.7 shaba:v2.6.0-rc2 shaba:v2.5.6 shaba:v2.6.0-rc1 shaba:v1.7.34 shaba:v2.5.5 shaba:v2.5.4 shaba:v1.7.33 shaba:v1.7.32 shaba:v1.7.31 shaba:v2.5.3 shaba:v2.5.2 shaba:v2.5.1 shaba:v2.5.0 shaba:v2.4.14 shaba:v2.5.0-rc6 shaba:v2.5.0-rc5 shaba:v2.5.0-rc4 shaba:v2.4.13 shaba:v2.4.12 shaba:v2.5.0-rc3 shaba:v2.4.11 shaba:v2.4.10 shaba:v2.5.0-rc2 shaba:v2.5.0-rc1 shaba:v2.4.9 shaba:v1.7.30 shaba:v1.7.29 shaba:v2.4.8 shaba:v2.4.7 shaba:v2.4.6 shaba:v2.4.5 shaba:v2.4.4 shaba:v2.4.3 shaba:v2.4.2 shaba:v2.4.1 shaba:v2.4.0 shaba:v1.7.28 shaba:v1.7.27 shaba:v2.4.0-rc2 shaba:v2.3.7 shaba:v2.3.6 shaba:v2.4.0-rc1 shaba:v2.3.5 shaba:v2.3.4 shaba:v2.3.3 shaba:v2.3.2 shaba:v2.3.1 shaba:v2.3.0 shaba:v2.3.0-rc7 shaba:v2.3.0-rc6 shaba:v2.3.0-rc5 shaba:v2.2.11 shaba:v2.2.10 shaba:v2.3.0-rc4 shaba:v2.3.0-rc3 shaba:v2.2.8 shaba:v1.7.26 shaba:v2.2.7 shaba:v2.2.6 shaba:v2.3.0-rc2 shaba:v2.3.0-rc1 shaba:v1.7.25 shaba:v2.2.5 shaba:v2.2.4 shaba:v2.2.3 shaba:v2.2.2 shaba:v2.2.1 shaba:v2.2.0 shaba:v1.7.24 shaba:v2.1.9 shaba:v1.7.23 shaba:v2.2.0-rc4 shaba:v2.1.8 shaba:v2.2.0-rc3 shaba:v2.1.7 shaba:v1.7.22 shaba:v2.2.0-rc2 shaba:v2.2.0-rc1 shaba:v2.1.6 shaba:v2.1.5 shaba:v1.7.21 shaba:v2.1.4 shaba:v2.1.3 shaba:v2.1.2 shaba:v2.1.1 shaba:v2.1.0 shaba:v1.7.20 shaba:v2.0.7 shaba:v2.1.0-rc3 shaba:v2.0.6 shaba:v2.1.0-rc2 shaba:v2.1.0-rc1 shaba:v2.0.5 shaba:v2.0.4 shaba:v2.0.3 shaba:v1.7.19 shaba:v2.0.2 shaba:v2.0.1 shaba:v1.7.18 shaba:v1.7.17 shaba:v2.0.0 shaba:v2.0.0-rc4 shaba:v1.7.16 shaba:v1.7.15 shaba:v2.0.0-rc3 shaba:v2.0.0-rc2 shaba:v2.0.0-rc1 shaba:v1.7.14 shaba:v1.7.13 shaba:v2.0.0-beta1 shaba:v2.0.0-alpha8 shaba:v2.0.0-alpha7 shaba:v2.0.0-alpha6 shaba:v2.0.0-alpha5 shaba:v1.7.12 shaba:v1.7.11 shaba:v2.0.0-alpha4 shaba:v2.0.0-alpha3 shaba:v1.7.10 shaba:v2.0.0-alpha2 shaba:v2.0.0-alpha1 shaba:v1.7.9 shaba:v1.7.8 shaba:v1.7.7 shaba:v1.7.6 shaba:v1.7.5 shaba:v1.7.4 shaba:v1.7.3 shaba:v1.7.2 shaba:v1.7.1 shaba:v1.7.0 shaba:v1.7.0-rc5 shaba:v1.7.0-rc4 shaba:v1.6.6 shaba:v1.7.0-rc3 shaba:v1.7.0-rc2 shaba:v1.6.5 shaba:v1.7.0-rc1 shaba:v1.6.4 shaba:v1.6.3 shaba:v1.6.2 shaba:v1.6.1 shaba:v1.6.0 shaba:v1.6.0-rc6 shaba:v1.6.0-rc5 shaba:v1.6.0-rc4 shaba:v1.6.0-rc3 shaba:v1.6.0-rc2 shaba:v1.6.0-rc1 shaba:v1.5.4 shaba:v1.5.3 shaba:v1.5.2 shaba:v1.5.1 shaba:v1.5.0 shaba:v1.5.0-rc5 shaba:v1.5.0-rc4 shaba:v1.4.6 shaba:v1.5.0-rc3 shaba:v1.5.0-rc2 shaba:v1.4.5 shaba:v1.5.0-rc1 shaba:v1.4.4 shaba:v1.4.3 shaba:v1.4.2 shaba:v1.4.1 shaba:v1.4.0 shaba:v1.4.0-rc5 shaba:v1.4.0-rc4 shaba:v1.4.0-rc3 shaba:v1.4.0-rc2 shaba:v1.3.8 shaba:v1.4.0-rc1 shaba:v1.3.7 shaba:v1.3.6 shaba:v1.3.5 shaba:v1.3.4 shaba:v1.3.3 shaba:v1.3.2 shaba:v1.3.1 shaba:v1.3.0 shaba:v1.3.0-rc3 shaba:v1.3.0-rc2 shaba:v1.3.0-rc1 shaba:v1.2.3 shaba:v1.2.2 shaba:v1.2.1 shaba:v1.2.0 shaba:v1.2.0-rc2 shaba:v1.2.0-rc1 shaba:v1.1.2 shaba:v1.1.1 shaba:v1.1.0 shaba:v1.1.0-rc4 shaba:v1.1.0-rc3 shaba:v1.1.0-rc2 shaba:v1.1.0-rc1 shaba:v1.0.3 shaba:v1.0.2 shaba:v1.0.1 shaba:v1.0.0 shaba:v1.0.0-rc3 shaba:v1.0.0-rc2 shaba:v1.0.0-rc1 shaba:v1.0.0-beta.809 shaba:v1.0.0-beta.804 shaba:v1.0.0-beta.794 shaba:v1.0.0-beta.784 shaba:v1.0.0-beta.771 shaba:v1.0.0-beta.767 shaba:v1.0.0-beta.756 shaba:v1.0.0-beta.754 shaba:v1.0.0-beta.744 shaba:v1.0.0-beta.732 shaba:v1.0.0-beta.723 shaba:v1.0.0-beta.721 shaba:v1.0.0-beta.712 shaba:v1.0.0-beta.704 shaba:v1.0.0-beta.695 shaba:v1.0.0-beta.692 shaba:v1.0.0-beta.682 shaba:v1.0.0-beta.676 shaba:v1.0.0-beta.673 shaba:v1.0.0-beta.666 shaba:v1.0.0-beta.652 shaba:v1.0.0-beta.644 shaba:v1.0.0-beta.621 shaba:v1.0.0-beta.614 shaba:v1.0.0-beta.610 shaba:v1.0.0-beta.601 shaba:v1.0.0-beta.582 shaba:v1.0.0-beta.576 shaba:v1.0.0-beta.573 shaba:v1.0.0-beta.555 shaba:v1.0.0-beta.548 shaba:v1.0.0-beta.545 shaba:v1.0.0-beta.524 shaba:v1.0.0-beta.513 shaba:v1.0.0-beta.508 shaba:v1.0.0-beta.505 shaba:v1.0.0-beta.484 shaba:v1.0.0-beta.481 shaba:v1.0.0-beta.475 shaba:v1.0.0-beta.470 shaba:v1.0.0-beta.453 shaba:v1.0.0-beta.442 shaba:v1.0.0-beta.440 shaba:v1.0.0-beta.436 shaba:v1.0.0-beta.433 shaba:v1.0.0-beta.427 shaba:v1.0.0-beta.421 shaba:v1.0.0-beta.416 shaba:v1.0.0-beta.408 shaba:v1.0.0-beta.404 shaba:v1.0.0-beta.395 shaba:v1.0.0-beta.392 shaba:v1.0.0-beta.374 shaba:v1.0.0-beta.366 shaba:v1.0.0-beta.355 shaba:v1.0.0-beta.352 shaba:v1.0.0-beta.341 shaba:v1.0.0-beta.339 shaba:v1.0.0-beta.324 shaba:v1.0.0-beta.300 shaba:v1.0.0-beta.291 shaba:v1.0.0-beta.289 shaba:v1.0.0-beta.287 shaba:v1.0.0-beta.280 shaba:v1.0.0-beta.277 shaba:v1.0.0-beta.254 shaba:v1.0.0-beta.247 shaba:v1.0.0-beta.224 shaba:v1.0.0-beta.220 shaba:v1.0.0-beta.212 shaba:v1.0.0-beta.211 shaba:v1.0.alpha.4c447985b63f8c90dcbde70b2eaef19d9a8c5ad2 shaba:v1.0.alpha.9830086790caf40ce30eb9ed5d317917f8157708 shaba:v1.0.alpha.3af21612b65fc578585a98c30090d1e613f791eb shaba:v1.0.alpha.a458018aa2ccb637abacfc696157e00321cf982f shaba:v1.0.alpha.4ded2682d2831ed703282b2f4585e17a62ee258e shaba:v1.0.alpha.0e683cc5355bc507dabac68bbc7559d3f179e185 shaba:v1.0.alpha.11781087cadf9068d1d0b43902b6161ee10ea458 shaba:v1.0.alpha.b42b170ad29a0f042ddee0f5a5098aa9a59a9c8e shaba:v1.0.alpha.a00eb81f0301f5e61024dea3b92ba632d6a61a8b shaba:v1.0.alpha.6c3c5578c64125838abbc437a0242e1742d6f47a shaba:v1.0.alpha.b84b95fe97df5c0f234d8693fbff03fa0d6a441b shaba:v1.0.alpha.1a5668377cc840a35d233a0eb817ee9bacf0ba3e shaba:v1.0.alpha.331cd173ce8ad858d767510fbcbc653e2dde657d shaba:v1.0.alpha.e0872b61579c8e6b8fc6124c8836660c11840f5d shaba:v1.0.alpha.99646544953d5793f18ccb22dae2458be4ba0e05 shaba:v1.0.alpha.7acc2beae0f0235d9408e8ed7a51f0ef3dae3aff shaba:v1.0.alpha.ac56c1310c46f9c18dcad9d7ec680926fae821bb shaba:v1.0.alpha.71b0e27517841ec7b911bafb109846ee96109f30 shaba:v1.0.alpha.60e9282f0adac48cbf283306ceb08ad7a31ac94b shaba:v1.0.alpha.522 shaba:v1.0.alpha.516 shaba:v1.0.alpha.506 shaba:v1.0.alpha.481 shaba:v1.0.alpha.477 shaba:v1.0.alpha.471 shaba:v1.0.alpha.469 shaba:v1.0.alpha.463 shaba:v1.0.alpha.450 shaba:v1.0.alpha.443 shaba:v1.0.alpha.439 shaba:v1.0.alpha.425 shaba:v1.0.alpha.421 shaba:v1.0.alpha.418 shaba:v1.0.alpha.412 shaba:v1.0.alpha.404 shaba:v1.0.alpha.392 shaba:v1.0.alpha.374 shaba:v1.0.alpha.367 shaba:v1.0.alpha.364 shaba:v1.0.alpha.361 shaba:v1.0.alpha.358 shaba:v1.0.alpha.357 shaba:v1.0.alpha.341 shaba:v1.0.alpha.338 shaba:v1.0.alpha.336 shaba:v1.0.alpha.333 shaba:v1.0.alpha.329 shaba:v1.0.alpha.311 shaba:v1.0.alpha.306 shaba:v1.0.alpha.302 shaba:v1.0.alpha.291 shaba:v1.0.alpha.290 shaba:v1.0.alpha.288 shaba:v1.0.alpha.285 shaba:v1.0.alpha.275 shaba:v1.0.alpha.274 shaba:v1.0.alpha.273 shaba:v1.0.alpha.272 shaba:v1.0.alpha.271 shaba:v1.0.alpha.270 shaba:v1.0.alpha.268 shaba:v1.0.alpha.269 shaba:v1.0.alpha.267 shaba:v1.0.alpha.266 shaba:v1.0.alpha.263 shaba:v1.0.alpha.257 shaba:v1.0.alpha.256 shaba:v1.0.alpha.251 shaba:v1.0.alpha.252 shaba:v1.0.alpha.250 shaba:v1.0.alpha.249 shaba:v1.0.alpha.247 shaba:v1.0.alpha.228 shaba:v1.0.alpha.217 shaba:v1.0.alpha.216 shaba:v1.0.alpha.215 shaba:v1.0.alpha.212 shaba:v1.0.alpha.200 shaba:v1.0.alpha.186 shaba:v1.0.alpha.182 shaba:v1.0.alpha.178 shaba:v1.0.alpha.176 shaba:v1.0.alpha.171 shaba:v1.0.alpha.170 shaba:v1.0.alpha.164 shaba:v1.0.alpha.157 shaba:v1.0

93 Commits
v2.8.0-rc1 ... v2.8

Author SHA1 Message Date
Fernandez Ludovic
168563a0b6 chore: fix PyYAML version 2023-07-19 21:33:50 +02:00
Ludovic Fernandez
3812e6f3cb Prepare release v2.8.8 2022-09-30 12:03:03 +02:00
John Pekcan
627175694d Fix autoDiscoverClusters option documentation for ECS provider 2022-09-30 10:57:48 +02:00
Boris HUISGEN
82cf6c9577 Fix watch option description for Docker provider 2022-09-30 10:50:09 +02:00
tspearconquest
63a1186d3e Update golang.org/x/net to latest version 2022-09-30 10:22:10 +02:00
Skyler Mäntysaari
f75f636e27 Improve documentation for publishedService and IP options 2022-09-29 10:14:08 +02:00
Ludovic Fernandez
615dc7fd35 Prepare release v2.8.7 2022-09-23 16:22:38 +02:00
Kevin Pollet
7758880f3f Prepare release v2.8.6 2022-09-23 15:24:15 +02:00
Ludovic Fernandez
d04903edb2 fix: query parameter matching with equal 2022-09-23 15:12:29 +02:00
Julien Salleyron
9cd54baca4 Optimize websocket headers handling 
Co-authored-by: Kevin Pollet <pollet.kevin@gmail.com>
 2022-09-22 10:00:09 +02:00
Ludovic Fernandez
7ac687a0a9 providers: simplify AddServer algorithms 2022-09-21 14:54:08 +02:00
t3hchipmunk
83ae1021f6 fix: UDP loadbalancer tags not being used with Consul Catalog 2022-09-21 14:30:09 +02:00
Romain
67e3bc6380 Add documentation for ECS constraints option 2022-09-20 12:22:08 +02:00
Ludovic Fernandez
89870ad539 docs: fix link to RouteNamespaces 2022-09-19 11:26:08 +02:00
NEwa-05
a4b447256b Add a note on case insensitive regex matching 2022-09-16 12:16:09 +02:00
Romain
1c9a7b8c61 Add documentation for json schema usage to validate config in the FAQ 
Co-authored-by: Kevin Pollet <pollet.kevin@gmail.com>
 2022-09-16 09:54:09 +02:00
Ludovic Fernandez
d06573de6c plugins: allow empty config 2022-09-15 11:00:09 +02:00
Romain
8ddc37d528 Prepare release v2.8.5 2022-09-13 17:13:58 +02:00
Kevin Pollet
0cb2652f51 Update Yaegi to v0.14.2 2022-09-13 15:44:08 +02:00
Fernandez Ludovic
fe8e7ab5b8 docs: update Docker Swarm link 2022-09-12 23:13:11 +02:00
Fernandez Ludovic
56a1ed4220 docs: update Docker Swarm Load Balancer link 2022-09-10 01:18:29 +02:00
Dylan Rodgers
37b6edb28c Added resources for businesses 2022-09-09 17:17:53 +02:00
Antoine
44a2b85dba Display default TLS options in the dashboard 2022-09-09 12:46:09 +02:00
MoonLightWatch
77c8d60092 fix: IPv6 addr in square brackets 2022-09-09 10:44:07 +02:00
Nicolas Mengin
b33c8cec0b Update deprecation notes about Pilot 2022-09-08 11:22:08 +02:00
Marco Lecheler
12dccc4fdd doc: add healthcheck timeout seconds to value 2022-09-05 17:22:08 +02:00
Romain
32e44816c9 Prepare release v2.8.4 2022-09-02 16:38:08 +02:00
Nicolas Mengin
23c74c9f2e Update deprecation notes about Pilot 2022-09-02 16:00:09 +02:00
Johannes Ballmann
9a82d96e68 Add missing networking apiGroup in Kubernetes RBACs examples and references 2022-09-02 12:18:08 +02:00
Ludovic Fernandez
d9589878fb fix: allow starting Traefik even if plugin services have an issue 2022-09-02 11:44:08 +02:00
Romain
d3e4d56a0d Fix Docker provider mem leak on operation retries 
Co-authored-by: Mathieu Lonjaret <mathieu.lonjaret@gmail.com>
 2022-08-31 18:04:08 +02:00
Ludovic Fernandez
adf82d72ae chore: update linter 2022-08-31 08:24:08 +02:00
Ludovic Fernandez
25027d6df8 fix: don't retry on panic 2022-08-29 11:36:08 +02:00
cui fliter
e56dfeb7d5 fix a typo 2022-08-29 09:24:07 +02:00
Ludovic Fernandez
5ca7fff7f6 doc: fix infobloc documentation 2022-08-25 10:34:09 +02:00
Ben Krieger
dfa1f3fc00 Fix k8s for example for rootCAs serversTransport 2022-08-24 16:16:08 +02:00
Tom Moulard
b26c45af2b chore: update paerser to v0.1.9 2022-08-19 15:58:08 +02:00
Tom Moulard
9c02612f65 Update codegen docker image to golang:1.19 2022-08-18 11:24:08 +02:00
Kevin Pollet
b3f4f6bb21 Prepare release v2.8.3 2022-08-12 16:19:31 +02:00
Ludovic Fernandez
2cac58d9c0 Update paeser to v0.1.8 2022-08-12 16:08:07 +02:00
Ludovic Fernandez
a553085689 Add migration guide for v2.8.3 2022-08-12 11:42:10 +02:00
Romain
6dd63e1702 Add missing context in backoff for Marathon 2022-08-12 10:44:08 +02:00
Ludovic Fernandez
868ab7a5c8 fix: update paerser to v0.1.7 2022-08-12 09:48:07 +02:00
Romain
23c26d64ee Prepare release v2.8.2 2022-08-11 16:50:10 +02:00
Romain
63f9ec9c38 Remove request dump from IPWhitelist debug log and tracing message 2022-08-11 16:20:14 +02:00
Kevin Pollet
40db06204b Update valkeyrie to a9a70ee 2022-08-11 15:42:07 +02:00
Romain
4755bb2f33 Control allocation and copy of labelNamesValues type 
Co-authored-by: Kevin Pollet <pollet.kevin@gmail.com>
 2022-08-11 10:58:09 +02:00
Ludovic Fernandez
45453b20fa chore: update to go1.19 2022-08-09 17:36:08 +02:00
Maxence Moutoussamy
40d2421db9 Add getting started guide for Kubernetes 2022-08-09 16:06:09 +02:00
longshine
1576ad85b8 Place namespace before name in router key for Ingress 2022-08-04 10:22:08 +02:00
Ludovic Fernandez
b4ee7bdcbe Bump paerser to v0.1.6 2022-08-01 15:12:08 +02:00
Mark Ormesher
146991efda Fix wording of default behavior for namespaces option 2022-08-01 10:10:07 +02:00
Fernandez Ludovic
5a706296f2 chore: cleanup 2022-07-25 17:22:31 +02:00
tfny
5b3354b8ce Update Thank You page with proper branding and grammar fixes 2022-07-22 09:50:09 +02:00
Tom Moulard
7751fb24eb Update linter 2022-07-19 18:38:09 +02:00
Tom Moulard
b361608693 Lint markdown files 2022-07-18 12:22:08 +02:00
tfny
3686f95832 Update CONTRIBUTING.md to contain all information in one place 2022-07-18 11:08:08 +02:00
Julien Salleyron
2cb011f595 Fix service up gauge for Prometheus metrics 
Co-authored-by: Tom Moulard <tom.moulard@traefik.io>
 2022-07-18 10:36:11 +02:00
mpl
b7199a7a9b integration: use VPN for integration tests (for Mac) 
Co-authored-by: Kevin Pollet <pollet.kevin@gmail.com>
 2022-07-13 18:32:08 +02:00
tfny
14eb56cf30 Update the PR guidelines in Contributing docs 2022-07-13 09:50:08 +02:00
Romain
ff2911d070 Refactor certificate domains matching func 2022-07-12 16:16:08 +02:00
Kevin Pollet
f07fcd3d54 Add missing inline tag for YAML serialization 2022-07-12 12:12:08 +02:00
Simon Delicata
0e4b4c1a31 docs: update plugins doc 2022-07-12 11:48:13 +02:00
Michael
154d8470ab feat: remove netlify 2022-07-12 10:00:08 +02:00
Tom Moulard
c9520480c2 Prepare release v2.8.1 2022-07-11 16:02:09 +02:00
tfny
05c3486347 Update the language for advocating page 2022-07-08 10:28:08 +02:00
Julien Salleyron
0231db05b4 Improve performances when Prometheus metrics are enabled 2022-07-07 18:00:09 +02:00
Maxence Moutoussamy
8f6463ba7a Support forwarded websocket protocol in RedirectScheme 
Co-authored-by: Kevin Pollet <pollet.kevin@gmail.com>
 2022-07-06 11:54:08 +02:00
Dylan Rodgers
28da781194 Add callout for anyone using Traefik to manage commercial applications 2022-07-05 10:02:09 +02:00
Maxence Moutoussamy
51a02caea3 Upgrade valkeyrie to v0.4.1 2022-07-04 15:50:09 +02:00
Tom Moulard
839bc7b3a8 Remove -a when building binary 2022-06-30 18:12:08 +02:00
Douglas De Toni Machado
9c79fafeeb Update deprecation notices 2022-06-30 14:34:08 +02:00
Tom Moulard
9c4b336f3b Prepare release v2.8.0 2022-06-29 17:38:37 +02:00
romain
aa8fda5eae Merge current v2.7 into v2.8 2022-06-29 15:57:57 +02:00
Romain
8b22101236 Prepare release v2.7.3 2022-06-29 15:44:08 +02:00
mloiseleur
03598d395b Add documentation main, SANs and plugin CRD fields 2022-06-29 11:04:09 +02:00
Jean-Baptiste Doumenjou
9d61cb64a2 Ensure that the Datadog client is cleanly stopped 2022-06-29 10:34:08 +02:00
Romain
62e17c659e Prepare release v2.8.0-rc2 2022-06-27 17:05:11 +02:00
romain
41748c3ae4 Merge current v2.7 into v2.8 2022-06-27 16:12:21 +02:00
Kevin Pollet
65a317010b Prepare release v2.7.2 2022-06-27 15:52:08 +02:00
Julien Salleyron
a887794313 Fix HostRegexp and Query muxers 2022-06-27 15:16:08 +02:00
tomatokoolaid
77e1ce2877 Added useful links for commercial applications 2022-06-27 11:08:08 +02:00
tomatokoolaid
470a4f6e5f Update to improve info section relevance 2022-06-27 10:32:08 +02:00
mloiseleur
94141233f0 Add documentation to Traefik CRD properties 
Co-authored-by: Romain <rtribotte@users.noreply.github.com>
Co-authored-by: Kevin Pollet <pollet.kevin@gmail.com>
 2022-06-24 12:40:08 +02:00
Maxence Moutoussamy
ff17ac53df RedirectScheme redirects based on X-Forwarded-Proto header 2022-06-24 12:04:09 +02:00
burner-account
55ba4356f2 Allow multiple listeners on same port in Gateway API provider 2022-06-23 11:58:09 +02:00
Thomas P
804b0ff2f2 Do not make multiple requests to the same URL for balancer healthcheck 2022-06-22 21:46:08 +02:00
Kevin Pollet
818541d4d7 Update yaegi to v0.13.0 2022-06-21 19:56:08 +02:00
miteshjadia
1b199730d2 docs: add missing info.serialNumber option to PassTLSClientCert middleware 2022-06-21 15:46:08 +02:00
Kevin Pollet
6e535f8cef Use configured token in the Nomad client 2022-06-20 15:42:09 +02:00
Maxence Moutoussamy
23340c46e6 Add log when missing path in health check 2022-06-20 15:40:13 +02:00
Kevin Pollet
5c15f5fe04 Update DataDog tracing dependency to v1.38.1 
Co-authored-by: Romain <rtribotte@users.noreply.github.com>
 2022-06-16 17:54:08 +02:00
Roman Tomjak
ba7e9ed788 Add a note on how to handle server first protocols 2022-06-14 12:24:08 +02:00
246 changed files with 8552 additions and 2656 deletions
Expand all files Collapse all files

4
.github/PULL_REQUEST_TEMPLATE.md vendored
View File

@@ -3,11 +3,11 @@ PLEASE READ THIS MESSAGE.
Documentation fixes or enhancements:
- for Traefik v1: use branch v1.7
- for Traefik v2: use branch v2.7
- for Traefik v2: use branch v2.8
Bug fixes:
- for Traefik v1: use branch v1.7
- for Traefik v2: use branch v2.7
- for Traefik v2: use branch v2.8
Enhancements:
- for Traefik v1: we only accept bug fixes

2
.github/workflows/build.yaml vendored
View File

@@ -6,7 +6,7 @@ on:
- '*'
env:
GO_VERSION: 1.17
GO_VERSION: 1.19
CGO_ENABLED: 0
IN_DOCKER: ""

2
.github/workflows/test-unit.yaml vendored
View File

@@ -6,7 +6,7 @@ on:
- '*'
env:
GO_VERSION: 1.17
GO_VERSION: 1.19
IN_DOCKER: ""
jobs:

4
.github/workflows/validate.yaml vendored
View File

@@ -6,8 +6,8 @@ on:
- '*'
env:
GO_VERSION: 1.17
GOLANGCI_LINT_VERSION: v1.46.2
GO_VERSION: 1.19
GOLANGCI_LINT_VERSION: v1.49.0
MISSSPELL_VERSION: v0.3.4
IN_DOCKER: ""

1
.gitignore vendored
View File

@@ -18,3 +18,4 @@ vendor/
plugins-storage/
plugins-local/
traefik_changelog.md
integration/tailscale.secret

32
.golangci.toml
View File

@@ -119,6 +119,12 @@
"interfacer", # Deprecated
"maligned", # Deprecated
"golint", # Deprecated
"exhaustivestruct",# Deprecated
"nosnakecase", # Deprecated
"ifshort", # Deprecated
"structcheck", # Deprecated
"varcheck", # Deprecated
"deadcode", # Deprecated
"execinquery", # Not relevant (SQL)
"sqlclosecheck", # Not relevant (SQL)
"rowserrcheck", # Not relevant (SQL)
@@ -129,7 +135,6 @@
"nestif", # Too many false-positive.
"prealloc", # Too many false-positive.
"makezero", # Not relevant
"ifshort", # Not relevant
"dupl", # Too strict
"gosec", # Too strict
"gochecknoinits",
@@ -142,14 +147,11 @@
"tparallel", # Not relevant
"paralleltest", # Not relevant
"exhaustive", # Not relevant
"exhaustivestruct", # Not relevant
"exhaustruct", # duplicate of exhaustivestruct
"goerr113", # Too strict
"wrapcheck", # Too strict
"noctx", # Too strict
"bodyclose", # Too many false-positive and panics.
"unparam", # Too strict
"godox", # Too strict
"forcetypeassert", # Too strict
"tagliatelle", # Not compatible with current tags.
"varnamelen", # not relevant
@@ -179,7 +181,11 @@
]
[[issues.exclude-rules]]
path = "(.+)_test.go"
linters = ["goconst", "funlen", "godot"]
linters = ["goconst", "funlen", "godot", "nosnakecase"]
[[issues.exclude-rules]]
path = "(.+)_test.go"
text = " always receives "
linters = [ "unparam" ]
[[issues.exclude-rules]]
path = "integration/.+_test.go"
text = "Error return value of `cmd\\.Process\\.Kill` is not checked"
@@ -222,3 +228,19 @@
[[issues.exclude-rules]]
path = "pkg/server/router/tcp/manager.go"
text = "Function 'buildEntryPointHandler' is too long (.+)"
[[issues.exclude-rules]]
path = "pkg/tls/tlsmanager_test.go"
text = "SA1019: config.ClientCAs.Subjects has been deprecated since Go 1.18"
[[issues.exclude-rules]]
path = "pkg/types/tls_test.go"
text = "SA1019: tlsConfig.RootCAs.Subjects has been deprecated since Go 1.18"
[[issues.exclude-rules]]
path = "pkg/provider/kubernetes/(crd|gateway)/client.go"
linters = ["interfacebloat"]
[[issues.exclude-rules]]
path = "pkg/metrics/metrics.go"
linters = ["interfacebloat"]
[[issues.exclude-rules]]
path = "pkg/provider/acme/provider.go"
text = "\\(\\*Provider\\)\\.resolveCertificate - result 0 \\(\\*github.com/go-acme/lego/v4/certificate.Resource\\) is never used"

2
.goreleaser.yml
View File

@@ -40,6 +40,8 @@ builds:
goarch: arm64
- goos: freebsd
goarch: arm64
- goos: windows
goarch: arm
changelog:
skip: true

4
.semaphore/semaphore.yml
View File

@@ -19,13 +19,13 @@ global_job_config:
prologue:
commands:
- curl -sSfL https://raw.githubusercontent.com/ldez/semgo/master/godownloader.sh | sudo sh -s -- -b "/usr/local/bin"
- sudo semgo go1.17
- sudo semgo go1.19
- export "GOPATH=$(go env GOPATH)"
- export "SEMAPHORE_GIT_DIR=${GOPATH}/src/github.com/traefik/${SEMAPHORE_PROJECT_NAME}"
- export "PATH=${GOPATH}/bin:${PATH}"
- mkdir -vp "${SEMAPHORE_GIT_DIR}" "${GOPATH}/bin"
- export GOPROXY=https://proxy.golang.org,direct
- curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b "${GOPATH}/bin" v1.46.2
- curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b "${GOPATH}/bin" v1.49.0
- curl -sSfL https://gist.githubusercontent.com/traefiker/6d7ac019c11d011e4f131bb2cca8900e/raw/goreleaser.sh | bash -s -- -b "${GOPATH}/bin"
- checkout
- cache restore traefik-$(checksum go.sum)

185
CHANGELOG.md
View File

@@ -1,3 +1,174 @@
## [v2.8.8](https://github.com/traefik/traefik/tree/v2.8.8) (2022-09-30)
[All Commits](https://github.com/traefik/traefik/compare/v2.8.7...v2.8.8)
**Bug fixes:**
- **[server]** Update golang.org/x/net to latest version ([#9398](https://github.com/traefik/traefik/pull/9398) by [tspearconquest](https://github.com/tspearconquest))
**Documentation:**
- **[docker]** Fix watch option description for Docker provider ([#9391](https://github.com/traefik/traefik/pull/9391) by [bhuisgen](https://github.com/bhuisgen))
- **[ecs]** Fix autoDiscoverClusters option documentation for ECS provider ([#9392](https://github.com/traefik/traefik/pull/9392) by [johnpekcan](https://github.com/johnpekcan))
- **[k8s]** Improve documentation for publishedService and IP options ([#9380](https://github.com/traefik/traefik/pull/9380) by [samip5](https://github.com/samip5))
## [v2.8.7](https://github.com/traefik/traefik/tree/v2.8.7) (2022-09-23)
[All Commits](https://github.com/traefik/traefik/compare/v2.8.5...v2.8.7)
**Bug fixes:**
- **[consulcatalog]** Fix UDP loadbalancer tags not being used with Consul Catalog ([#9357](https://github.com/traefik/traefik/pull/9357) by [t3hchipmunk](https://github.com/t3hchipmunk))
- **[docker,rancher,ecs,provider]** Simplify AddServer algorithm ([#9358](https://github.com/traefik/traefik/pull/9358) by [ldez](https://github.com/ldez))
- **[plugins]** Allow empty plugin configuration ([#9338](https://github.com/traefik/traefik/pull/9338) by [ldez](https://github.com/ldez))
- **[rules]** Fix query parameter matching with equal ([#9369](https://github.com/traefik/traefik/pull/9369) by [ldez](https://github.com/ldez))
- **[server]** Optimize websocket headers handling ([#9360](https://github.com/traefik/traefik/pull/9360) by [juliens](https://github.com/juliens))
**Documentation:**
- **[ecs]** Add documentation for ECS constraints option ([#9354](https://github.com/traefik/traefik/pull/9354) by [rtribotte](https://github.com/rtribotte))
- **[k8s/gatewayapi]** Fix link to RouteNamespaces ([#9349](https://github.com/traefik/traefik/pull/9349) by [ldez](https://github.com/ldez))
- Add documentation for json schema usage to validate config in the FAQ ([#9340](https://github.com/traefik/traefik/pull/9340) by [rtribotte](https://github.com/rtribotte))
- Add a note on case insensitive regex matching ([#9322](https://github.com/traefik/traefik/pull/9322) by [NEwa-05](https://github.com/NEwa-05))
## [v2.8.6](https://github.com/traefik/traefik/tree/v2.8.6) (2022-09-23)
[All Commits](https://github.com/traefik/traefik/compare/v2.8.5...v2.8.6)
Release canceled.
## [v2.8.5](https://github.com/traefik/traefik/tree/v2.8.5) (2022-09-13)
[All Commits](https://github.com/traefik/traefik/compare/v2.8.4...v2.8.5)
**Bug fixes:**
- **[plugins]** Update Yaegi to v0.14.2 ([#9327](https://github.com/traefik/traefik/pull/9327) by [kevinpollet](https://github.com/kevinpollet))
- **[server]** Fix IPv6 addr with square brackets ([#9313](https://github.com/traefik/traefik/pull/9313) by [moonlightwatch](https://github.com/moonlightwatch))
- **[webui,api]** Display default TLS options in the dashboard ([#9312](https://github.com/traefik/traefik/pull/9312) by [skwair](https://github.com/skwair))
**Documentation:**
- **[docker]** Add healthcheck timeout seconds to value ([#9306](https://github.com/traefik/traefik/pull/9306) by [fty4](https://github.com/fty4))
- Update deprecation notes about Pilot ([#9314](https://github.com/traefik/traefik/pull/9314) by [nmengin](https://github.com/nmengin))
- Added resources for businesses ([#9268](https://github.com/traefik/traefik/pull/9268) by [tomatokoolaid](https://github.com/tomatokoolaid))
## [v2.8.4](https://github.com/traefik/traefik/tree/v2.8.4) (2022-09-02)
[All Commits](https://github.com/traefik/traefik/compare/v2.8.3...v2.8.4)
**Bug fixes:**
- **[docker,docker/swarm]** Fix Docker provider mem leak on operation retries ([#9288](https://github.com/traefik/traefik/pull/9288) by [rtribotte](https://github.com/rtribotte))
- **[middleware]** Fix retry middleware on panic ([#9284](https://github.com/traefik/traefik/pull/9284) by [ldez](https://github.com/ldez))
- **[plugins]** Allow Traefik starting even if plugin service is unavailable ([#9287](https://github.com/traefik/traefik/pull/9287) by [ldez](https://github.com/ldez))
- chore: update paerser to v0.1.9 ([#9270](https://github.com/traefik/traefik/pull/9270) by [tomMoulard](https://github.com/tomMoulard))
**Documentation:**
- **[acme]** Fix infoblox acme provider documentation ([#9277](https://github.com/traefik/traefik/pull/9277) by [ldez](https://github.com/ldez))
- **[k8s/crd]** Fix serversTransport CRD documentation ([#9283](https://github.com/traefik/traefik/pull/9283) by [cuishuang](https://github.com/cuishuang))
- **[k8s/crd]** Fix k8s for example for rootCAs serversTransport ([#9274](https://github.com/traefik/traefik/pull/9274) by [ben-krieger](https://github.com/ben-krieger))
- **[k8s]** Add missing networking apiGroup in Kubernetes RBACs examples and references ([#9295](https://github.com/traefik/traefik/pull/9295) by [fibsifan](https://github.com/fibsifan))
- Update deprecation notes about Pilot ([#9300](https://github.com/traefik/traefik/pull/9300) by [nmengin](https://github.com/nmengin))
## [v2.8.3](https://github.com/traefik/traefik/tree/v2.8.3) (2022-08-12)
[All Commits](https://github.com/traefik/traefik/compare/v2.8.2...v2.8.3)
**Bug fixes:**
- **[file]** Update paerser to v0.1.8 ([#9258](https://github.com/traefik/traefik/pull/9258) by [ldez](https://github.com/ldez))
- **[marathon]** Add missing context in backoff for Marathon ([#9246](https://github.com/traefik/traefik/pull/9246) by [rtribotte](https://github.com/rtribotte))
## [v2.8.2](https://github.com/traefik/traefik/tree/v2.8.2) (2022-08-11)
[All Commits](https://github.com/traefik/traefik/compare/v2.8.1...v2.8.2)
**Bug fixes:**
- **[k8s/ingress,k8s]** Place namespace before name in router key for Ingress ([#9221](https://github.com/traefik/traefik/pull/9221) by [longshine](https://github.com/longshine))
- **[kv]** Update valkeyrie to a9a70ee ([#9243](https://github.com/traefik/traefik/pull/9243) by [kevinpollet](https://github.com/kevinpollet))
- **[logs,middleware,tracing]** Remove request dump from IPWhitelist debug log and tracing message ([#9244](https://github.com/traefik/traefik/pull/9244) by [rtribotte](https://github.com/rtribotte))
- **[metrics]** Control allocation and copy of labelNamesValues type ([#9241](https://github.com/traefik/traefik/pull/9241) by [rtribotte](https://github.com/rtribotte))
- **[metrics]** Fix service up gauge for Prometheus metrics ([#9197](https://github.com/traefik/traefik/pull/9197) by [juliens](https://github.com/juliens))
- **[plugins]** Bump paerser to v0.1.6 ([#9224](https://github.com/traefik/traefik/pull/9224) by [ldez](https://github.com/ldez))
- **[yaml]** Add missing inline tag for YAML serialization ([#9182](https://github.com/traefik/traefik/pull/9182) by [kevinpollet](https://github.com/kevinpollet))
**Documentation:**
- **[k8s]** Fix wording of default behavior for namespaces option ([#9222](https://github.com/traefik/traefik/pull/9222) by [markormesher](https://github.com/markormesher))
- **[k8s]** Add getting started guide for Kubernetes ([#9163](https://github.com/traefik/traefik/pull/9163) by [moutoum](https://github.com/moutoum))
- **[plugins]** Remove Traefik Pilot and add a Traefik Plugins Catalog page ([#9171](https://github.com/traefik/traefik/pull/9171) by [sdelicata](https://github.com/sdelicata))
- Update Thank You page with proper branding and grammar fixes ([#9203](https://github.com/traefik/traefik/pull/9203) by [tfny](https://github.com/tfny))
- Update CONTRIBUTING.md to contain all information in one place ([#9192](https://github.com/traefik/traefik/pull/9192) by [tfny](https://github.com/tfny))
- Update the PR guidelines in Contributing docs ([#9179](https://github.com/traefik/traefik/pull/9179) by [tfny](https://github.com/tfny))
## [v2.8.1](https://github.com/traefik/traefik/tree/v2.8.1) (2022-07-11)
[All Commits](https://github.com/traefik/traefik/compare/v2.8.0...v2.8.1)
**Bug fixes:**
- **[kv]** Upgrade valkeyrie to v0.4.1 ([#9161](https://github.com/traefik/traefik/pull/9161) by [moutoum](https://github.com/moutoum))
- **[middleware,metrics]** Improve performances when Prometheus metrics are enabled ([#9168](https://github.com/traefik/traefik/pull/9168) by [juliens](https://github.com/juliens))
- **[middleware]** Support forwarded websocket protocol in RedirectScheme ([#9159](https://github.com/traefik/traefik/pull/9159) by [moutoum](https://github.com/moutoum))
**Documentation:**
- Update the language for advocating page ([#9169](https://github.com/traefik/traefik/pull/9169) by [tfny](https://github.com/tfny))
- Add callout for anyone using Traefik to manage commercial applications ([#9152](https://github.com/traefik/traefik/pull/9152) by [tomatokoolaid](https://github.com/tomatokoolaid))
- Update deprecation notices ([#9149](https://github.com/traefik/traefik/pull/9149) by [ddtmachado](https://github.com/ddtmachado))
## [v2.8.0](https://github.com/traefik/traefik/tree/v2.8.0) (2022-06-29)
[All Commits](https://github.com/traefik/traefik/compare/v2.8.0-rc1...v2.8.0)
**Enhancements:**
- **[consul,consulcatalog]** Support multiple namespaces for Consul and ConsulCatalog providers ([#8979](https://github.com/traefik/traefik/pull/8979) by [rtribotte](https://github.com/rtribotte))
- **[http3]** Upgrade quic-go to v0.27.0 ([#8922](https://github.com/traefik/traefik/pull/8922) by [tomMoulard](https://github.com/tomMoulard))
- **[http3]** Upgrade quic-go to v0.26.0 ([#8874](https://github.com/traefik/traefik/pull/8874) by [sylr](https://github.com/sylr))
- **[logs]** Add destination address to debug log ([#9032](https://github.com/traefik/traefik/pull/9032) by [qmloong](https://github.com/qmloong))
- **[middleware,provider,tls]** Deprecate caOptional option in client TLS configuration ([#8960](https://github.com/traefik/traefik/pull/8960) by [kevinpollet](https://github.com/kevinpollet))
- **[middleware]** Support URL replacement in errors middleware ([#8956](https://github.com/traefik/traefik/pull/8956) by [tomMoulard](https://github.com/tomMoulard))
- **[middleware]** Allow config of additional CircuitBreaker params ([#8907](https://github.com/traefik/traefik/pull/8907) by [aidy](https://github.com/aidy))
- **[provider]** Implement Traefik provider for Nomad orchestrator ([#9018](https://github.com/traefik/traefik/pull/9018) by [shoenig](https://github.com/shoenig))
- **[server]** Allow HTTP/2 max concurrent stream configuration ([#8781](https://github.com/traefik/traefik/pull/8781) by [tomMoulard](https://github.com/tomMoulard))
- **[tls,k8s/crd]** Support certificates configuration in TLSStore CRD ([#8976](https://github.com/traefik/traefik/pull/8976) by [kevinpollet](https://github.com/kevinpollet))
- **[webui,pilot,hub]** Add Traefik Hub button and deprecate Pilot ([#9091](https://github.com/traefik/traefik/pull/9091) by [ldez](https://github.com/ldez))
- **[webui,plugins]** Reach the catalog of plugins from the Traefik dashboard ([#9055](https://github.com/traefik/traefik/pull/9055) by [seedy](https://github.com/seedy))
**Bug fixes:**
- **[nomad]** Use configured token in the Nomad client ([#9111](https://github.com/traefik/traefik/pull/9111) by [kevinpollet](https://github.com/kevinpollet))
**Documentation:**
- Prepare release v2.8.0-rc2 ([#9134](https://github.com/traefik/traefik/pull/9134) by [rtribotte](https://github.com/rtribotte))
- Prepare release v2.8.0-rc1 ([#9097](https://github.com/traefik/traefik/pull/9097) by [rtribotte](https://github.com/rtribotte))
**Misc:**
- Merge current v2.7 into v2.8 ([#9142](https://github.com/traefik/traefik/pull/9142) by [rtribotte](https://github.com/rtribotte))
- Merge current v2.7 into v2.8 ([#9133](https://github.com/traefik/traefik/pull/9133) by [rtribotte](https://github.com/rtribotte))
- Merge current v2.7 into master ([#9095](https://github.com/traefik/traefik/pull/9095) by [rtribotte](https://github.com/rtribotte))
- Merge current v2.7 into master ([#9085](https://github.com/traefik/traefik/pull/9085) by [tomMoulard](https://github.com/tomMoulard))
- Merge current v2.7 into master ([#9060](https://github.com/traefik/traefik/pull/9060) by [rtribotte](https://github.com/rtribotte))
- Merge current v2.7 into master ([#9052](https://github.com/traefik/traefik/pull/9052) by [rtribotte](https://github.com/rtribotte))
- Merge current v2.7 into master ([#8959](https://github.com/traefik/traefik/pull/8959) by [tomMoulard](https://github.com/tomMoulard))
## [v2.7.3](https://github.com/traefik/traefik/tree/v2.7.3) (2022-06-29)
[All Commits](https://github.com/traefik/traefik/compare/v2.7.2...v2.7.3)
**Bug fixes:**
- **[metrics]** Ensure Datadog client is cleanly stopped ([#9137](https://github.com/traefik/traefik/pull/9137) by [jbdoumenjou](https://github.com/jbdoumenjou))
**Documentation:**
- **[middleware,k8s/crd]** Add documentation for main, SANs and plugin CRD fields ([#9136](https://github.com/traefik/traefik/pull/9136) by [mloiseleur](https://github.com/mloiseleur))
## [v2.8.0-rc2](https://github.com/traefik/traefik/tree/v2.8.0-rc2) (2022-06-27)
[All Commits](https://github.com/traefik/traefik/compare/v2.8.0-rc1...v2.8.0-rc2)
**Bug fixes:**
- **[nomad]** Use configured token in the Nomad client ([#9111](https://github.com/traefik/traefik/pull/9111) by [kevinpollet](https://github.com/kevinpollet))
**Misc:**
- Merge current v2.7 into v2.8 ([#9133](https://github.com/traefik/traefik/pull/9133) by [rtribotte](https://github.com/rtribotte))
## [v2.7.2](https://github.com/traefik/traefik/tree/v2.7.2) (2022-06-27)
[All Commits](https://github.com/traefik/traefik/compare/v2.7.1...v2.7.2)
**Bug fixes:**
- **[healthcheck,service]** Do not make multiple requests to the same URL for balancer healthcheck ([#8632](https://github.com/traefik/traefik/pull/8632) by [TPXP](https://github.com/TPXP))
- **[healthcheck,service]** Add log when missing path in health check ([#9104](https://github.com/traefik/traefik/pull/9104) by [moutoum](https://github.com/moutoum))
- **[k8s/gatewayapi]** Allow multiple listeners on same port in Gateway API provider ([#9107](https://github.com/traefik/traefik/pull/9107) by [burner-account](https://github.com/burner-account))
- **[middleware]** RedirectScheme redirects based on X-Forwarded-Proto header ([#9121](https://github.com/traefik/traefik/pull/9121) by [moutoum](https://github.com/moutoum))
- **[plugins]** Update yaegi to v0.13.0 ([#9118](https://github.com/traefik/traefik/pull/9118) by [kevinpollet](https://github.com/kevinpollet))
- **[rules]** Fix HostRegexp and Query muxers ([#9131](https://github.com/traefik/traefik/pull/9131) by [juliens](https://github.com/juliens))
- **[tracing]** Update DataDog tracing dependency to v1.38.1 ([#9105](https://github.com/traefik/traefik/pull/9105) by [kevinpollet](https://github.com/kevinpollet))
**Documentation:**
- **[acme,k8s/crd]** Add documentation to Traefik CRD properties ([#9096](https://github.com/traefik/traefik/pull/9096) by [mloiseleur](https://github.com/mloiseleur))
- **[middleware]** Add missing info.serialNumber option to PassTLSClientCert middleware ([#9115](https://github.com/traefik/traefik/pull/9115) by [miteshjadia](https://github.com/miteshjadia))
- **[tcp]** Add a note on how to handle server first protocols ([#9002](https://github.com/traefik/traefik/pull/9002) by [romantomjak](https://github.com/romantomjak))
- Update to improve info section relevance ([#9130](https://github.com/traefik/traefik/pull/9130) by [tomatokoolaid](https://github.com/tomatokoolaid))
- Added useful links for commercial applications ([#9129](https://github.com/traefik/traefik/pull/9129) by [tomatokoolaid](https://github.com/tomatokoolaid))
## [v2.8.0-rc1](https://github.com/traefik/traefik/tree/v2.8.0-rc1) (2022-06-13)
[All Commits](https://github.com/traefik/traefik/compare/v2.7.0-rc1...v2.8.0-rc1)
@@ -164,7 +335,7 @@ Release canceled.
- **[webui]** Add a link to service on router detail view ([#8821](https://github.com/traefik/traefik/pull/8821) by [Tchoupinax](https://github.com/Tchoupinax))
**Documentation:**
- Add a Feature Deprecation page ([#8868](https://github.com/traefik/traefik/pull/8868) by [ddtmachado](https://github.com/ddtmachado))
- Add a Feature Deprecation page ([#8868](https://github.com/traefik/traefik/pull/8868) by [ddtmachado](https://github.com/ddtmachado))
**Misc:**
- Merge current v2.6 into master ([#8877](https://github.com/traefik/traefik/pull/8877) by [rtribotte](https://github.com/rtribotte))
@@ -532,7 +703,6 @@ Release canceled.
- Merge current v2.4 into master ([#7748](https://github.com/traefik/traefik/pull/7748) by [kevinpollet](https://github.com/kevinpollet))
- Merge current v2.4 into master ([#7728](https://github.com/traefik/traefik/pull/7728) by [mmatur](https://github.com/mmatur))
## [v2.4.14](https://github.com/traefik/traefik/tree/v2.4.14) (2021-08-16)
[All Commits](https://github.com/traefik/traefik/compare/v2.4.13...v2.4.14)
@@ -3348,7 +3518,6 @@ Same changelog as v2.0.3.
## [v1.7.0-rc2](https://github.com/traefik/traefik/tree/v1.7.0-rc2) (2018-07-17)
[All Commits](https://github.com/traefik/traefik/compare/v1.7.0-rc1...v1.7.0-rc2)
**Bug fixes:**
- **[acme,provider]** Create init method on provider interface ([#3580](https://github.com/traefik/traefik/pull/3580) by [Juliens](https://github.com/Juliens))
- **[acme]** Serve TLS-Challenge certificate in first ([#3605](https://github.com/traefik/traefik/pull/3605) by [nmengin](https://github.com/nmengin))
@@ -4358,7 +4527,7 @@ Same changelog as v2.0.3.
- **[acme]** Dumpcerts.sh: fixed sed, extracted domain keys ([#2161](https://github.com/traefik/traefik/pull/2161) by [sjawhar](https://github.com/sjawhar))
- Merge current v1.4 into master ([#2469](https://github.com/traefik/traefik/pull/2469) by [ldez](https://github.com/ldez))
- Revert &#34;Merge v1.4.2 into master&#34; ([#2414](https://github.com/traefik/traefik/pull/2414) by [ldez](https://github.com/ldez))
- Merge v1.4.3 into master ([#2406](https://github.com/traefik/traefik/pull/2406) by [ldez](https://github.com/ldez))
- Merge v1.4.3 into master ([#2406](https://github.com/traefik/traefik/pull/2406) by [ldez](https://github.com/ldez))
- Merge v1.4.2 into master ([#2358](https://github.com/traefik/traefik/pull/2358) by [ldez](https://github.com/ldez))
- Merge v1.4.3 into master ([#2415](https://github.com/traefik/traefik/pull/2415) by [ldez](https://github.com/ldez))
- Merge v1.4.1 into master ([#2318](https://github.com/traefik/traefik/pull/2318) by [ldez](https://github.com/ldez))
@@ -5707,7 +5876,7 @@ Same changelog as v2.0.3.
- Fix k8s watch [\#573](https://github.com/traefik/traefik/pull/573) ([errm](https://github.com/errm))
- Add requirements.txt for netlify [\#567](https://github.com/traefik/traefik/pull/567) ([emilevauge](https://github.com/emilevauge))
- Merge v1.0.1 master [\#565](https://github.com/traefik/traefik/pull/565) ([emilevauge](https://github.com/emilevauge))
- Move webui to FountainJS with Webpack [\#558](https://github.com/traefik/traefik/pull/558) ([micaelmbagira](https://github.com/micaelmbagira))
- Move webui to FountainJS with Webpack [\#558](https://github.com/traefik/traefik/pull/558) ([micaelmbagira](https://github.com/micaelmbagira))
- Add global InsecureSkipVerify option to disable certificate checking [\#557](https://github.com/traefik/traefik/pull/557) ([stuart-c](https://github.com/stuart-c))
- Move version.go in its own package… [\#553](https://github.com/traefik/traefik/pull/553) ([vdemeester](https://github.com/vdemeester))
- Upgrade libkermit and dependencies [\#552](https://github.com/traefik/traefik/pull/552) ([vdemeester](https://github.com/vdemeester))
@@ -5930,7 +6099,7 @@ Same changelog as v2.0.3.
- Fix k8s watch [\#573](https://github.com/traefik/traefik/pull/573) ([errm](https://github.com/errm))
- Add requirements.txt for netlify [\#567](https://github.com/traefik/traefik/pull/567) ([emilevauge](https://github.com/emilevauge))
- Merge v1.0.1 master [\#565](https://github.com/traefik/traefik/pull/565) ([emilevauge](https://github.com/emilevauge))
- Move webui to FountainJS with Webpack [\#558](https://github.com/traefik/traefik/pull/558) ([micaelmbagira](https://github.com/micaelmbagira))
- Move webui to FountainJS with Webpack [\#558](https://github.com/traefik/traefik/pull/558) ([micaelmbagira](https://github.com/micaelmbagira))
- Add global InsecureSkipVerify option to disable certificate checking [\#557](https://github.com/traefik/traefik/pull/557) ([stuart-c](https://github.com/stuart-c))
- Move version.go in its own package… [\#553](https://github.com/traefik/traefik/pull/553) ([vdemeester](https://github.com/vdemeester))
- Upgrade libkermit and dependencies [\#552](https://github.com/traefik/traefik/pull/552) ([vdemeester](https://github.com/vdemeester))
@@ -6091,7 +6260,3 @@ Same changelog as v2.0.3.
- Fix travis tag check [\#422](https://github.com/traefik/traefik/pull/422) ([emilevauge](https://github.com/emilevauge))
- log info about TOML configuration file using [\#420](https://github.com/traefik/traefik/pull/420) ([cocap10](https://github.com/cocap10))
- Doc about skipping some integration tests with '-check.f ConsulCatalogSuite' [\#418](https://github.com/traefik/traefik/pull/418) ([samber](https://github.com/samber))
\* *This Change Log was automatically generated by [gcg](https://github.com/ldez/gcg)*

8
CODE_OF_CONDUCT.md
View File

@@ -30,18 +30,18 @@ Project maintainers have the right and responsibility to remove, edit, or reject
## Scope
This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or our community.
This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or our community.
Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event.
Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event.
Representation of a project may be further defined and clarified by project maintainers.
## Enforcement
Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project team at contact@traefik.io
All complaints will be reviewed and investigated and will result in a response that is deemed necessary and appropriate to the circumstances.
All complaints will be reviewed and investigated and will result in a response that is deemed necessary and appropriate to the circumstances.
The project team is obligated to maintain confidentiality with regard to the reporter of an incident.
The project team is obligated to maintain confidentiality with regard to the reporter of an incident.
Further details of specific enforcement policies may be posted separately.

6
CONTRIBUTING.md
View File

@@ -2,8 +2,10 @@
Here are some guidelines that should help to start contributing to the project.
- [Submitting pull Requests](https://github.com/traefik/contributors-guide/blob/master/pr_guidelines.md)
- [Submitting pull Requests](https://doc.traefik.io/traefik/contributing/submitting-pull-requests/)
- [Submitting issues](https://doc.traefik.io/traefik/contributing/submitting-issues/)
- [Submitting security issues](docs/content/contributing/submitting-security-issues.md)
- [Submitting security issues](https://doc.traefik.io/traefik/contributing/submitting-security-issues/)
- [Advocating for Traefik](https://doc.traefik.io/traefik/contributing/advocating/)
- [Triage Process](https://github.com/traefik/contributors-guide/blob/master/issue_triage.md)
If you are willing to become a maintainer of the project, please take a look at the [maintainers guidelines](docs/content/contributing/maintainers-guidelines.md).

7
Makefile
View File

@@ -14,6 +14,7 @@ TRAEFIK_IMAGE := $(if $(REPONAME),$(REPONAME),"traefik/traefik")
INTEGRATION_OPTS := $(if $(MAKE_DOCKER_HOST),-e "DOCKER_HOST=$(MAKE_DOCKER_HOST)",-v "/var/run/docker.sock:/var/run/docker.sock")
DOCKER_BUILD_ARGS := $(if $(DOCKER_VERSION), "--build-arg=DOCKER_VERSION=$(DOCKER_VERSION)",)
# only used when running in docker
TRAEFIK_ENVS := \
-e OS_ARCH_ARG \
-e OS_PLATFORM_ARG \
@@ -23,7 +24,7 @@ TRAEFIK_ENVS := \
-e CODENAME \
-e TESTDIRS \
-e CI \
-e CONTAINER=DOCKER # Indicator for integration tests that we are running inside a container.
-e IN_DOCKER=true # Indicator for integration tests that we are running inside a container.
TRAEFIK_MOUNT := -v "$(CURDIR)/dist:/go/src/github.com/traefik/traefik/dist"
DOCKER_RUN_OPTS := $(TRAEFIK_ENVS) $(TRAEFIK_MOUNT) "$(TRAEFIK_DEV_IMAGE)"
@@ -102,7 +103,7 @@ crossbinary-default-parallel:
test: build-dev-image
-docker network create traefik-test-network --driver bridge --subnet 172.31.42.0/24
trap 'docker network rm traefik-test-network' EXIT; \
$(if $(IN_DOCKER),$(DOCKER_RUN_TRAEFIK_TEST),) ./script/make.sh generate test-unit binary test-integration
$(if $(IN_DOCKER),$(DOCKER_RUN_TRAEFIK_TEST)) ./script/make.sh generate test-unit binary test-integration
## Run the unit tests
.PHONY: test-unit
@@ -116,7 +117,7 @@ test-unit: build-dev-image
test-integration: build-dev-image
-docker network create traefik-test-network --driver bridge --subnet 172.31.42.0/24
trap 'docker network rm traefik-test-network' EXIT; \
$(if $(IN_DOCKER),$(DOCKER_RUN_TRAEFIK_TEST),) ./script/make.sh generate binary test-integration
$(if $(IN_DOCKER),$(DOCKER_RUN_TRAEFIK_TEST)) ./script/make.sh generate binary test-integration
## Pull all images for integration tests
.PHONY: pull-images

4
README.md
View File

@@ -10,7 +10,6 @@
[![Join the community support forum at https://community.traefik.io/](https://img.shields.io/badge/style-register-green.svg?style=social&label=Discourse)](https://community.traefik.io/)
[![Twitter](https://img.shields.io/twitter/follow/traefik.svg?style=social)](https://twitter.com/intent/follow?screen_name=traefik)
Traefik (pronounced _traffic_) is a modern HTTP reverse proxy and load balancer that makes deploying microservices easy.
Traefik integrates with your existing infrastructure components ([Docker](https://www.docker.com/), [Swarm mode](https://docs.docker.com/engine/swarm/), [Kubernetes](https://kubernetes.io), [Marathon](https://mesosphere.github.io/marathon/), [Consul](https://www.consul.io/), [Etcd](https://coreos.com/etcd/), [Rancher](https://rancher.com), [Amazon ECS](https://aws.amazon.com/ecs), ...) and configures itself automatically and dynamically.
Pointing Traefik at your orchestrator should be the _only_ configuration step you need.
@@ -65,7 +64,6 @@ _(But if you'd rather configure some of your routes manually, Traefik supports t
- Exposes a Rest API
- Packaged as a single binary file (made with :heart: with go) and available as an [official](https://hub.docker.com/r/_/traefik/) docker image
## Supported Backends
- [Docker](https://doc.traefik.io/traefik/providers/docker/) / [Swarm mode](https://doc.traefik.io/traefik/providers/docker/)
@@ -93,6 +91,7 @@ A collection of contributions around Traefik can be found at [https://awesome.tr
## Support
To get community support, you can:
- join the Traefik community forum: [![Join the chat at https://community.traefik.io/](https://img.shields.io/badge/style-register-green.svg?style=social&label=Discourse)](https://community.traefik.io/)
If you need commercial support, please contact [Traefik.io](https://traefik.io) by mail: <mailto:support@traefik.io>.
@@ -127,7 +126,6 @@ We are strongly promoting a philosophy of openness and sharing, and firmly stand
This [document](docs/content/contributing/maintainers-guidelines.md) describes how to be part of the core team as well as various responsibilities and guidelines for Traefik maintainers.
You can also find more information on our process to review pull requests and manage issues [in this document](docs/content/contributing/maintainers.md).
## Contributing
If you'd like to contribute to the project, refer to the [contributing documentation](CONTRIBUTING.md).

4
build.Dockerfile
View File

@@ -1,4 +1,4 @@
FROM golang:1.17-alpine
FROM golang:1.19-alpine
RUN apk --no-cache --no-progress add git mercurial bash gcc musl-dev curl tar ca-certificates tzdata \
&& update-ca-certificates \
@@ -13,7 +13,7 @@ RUN mkdir -p /usr/local/bin \
| tar -xzC /usr/local/bin --transform 's#^.+/##x'
# Download golangci-lint binary to bin folder in $GOPATH
RUN curl -sfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | bash -s -- -b $GOPATH/bin v1.46.2
RUN curl -sfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | bash -s -- -b $GOPATH/bin v1.49.0
# Download misspell binary to bin folder in $GOPATH
RUN curl -sfL https://raw.githubusercontent.com/client9/misspell/master/install-misspell.sh | bash -s -- -b $GOPATH/bin v0.3.4

2
cmd/healthcheck/healthcheck.go
View File

@@ -64,7 +64,7 @@ func Do(staticConfiguration static.Configuration) (*http.Response, error) {
client := &http.Client{Timeout: 5 * time.Second}
protocol := "http"
// FIXME Handle TLS on ping etc...
// TODO Handle TLS on ping etc...
// if pingEntryPoint.TLS != nil {
// protocol = "https"
// tr := &http.Transport{

16
cmd/internal/gen/centrifuge.go
View File

@@ -72,22 +72,16 @@ func NewCentrifuge(rootPkg string) (*Centrifuge, error) {
// Run runs the code extraction and the code generation.
func (c Centrifuge) Run(dest string, pkgName string) error {
files, err := c.run(c.pkg.Scope(), c.rootPkg, pkgName)
if err != nil {
return err
}
files := c.run(c.pkg.Scope(), c.rootPkg, pkgName)
err = fileWriter{baseDir: dest}.Write(files)
err := fileWriter{baseDir: dest}.Write(files)
if err != nil {
return err
}
for _, p := range c.pkg.Imports() {
if contains(c.IncludedImports, p.Path()) {
fls, err := c.run(p.Scope(), p.Path(), p.Name())
if err != nil {
return err
}
fls := c.run(p.Scope(), p.Path(), p.Name())
err = fileWriter{baseDir: filepath.Join(dest, p.Name())}.Write(fls)
if err != nil {
@@ -99,7 +93,7 @@ func (c Centrifuge) Run(dest string, pkgName string) error {
return err
}
func (c Centrifuge) run(sc *types.Scope, rootPkg string, pkgName string) (map[string]*File, error) {
func (c Centrifuge) run(sc *types.Scope, rootPkg string, pkgName string) map[string]*File {
files := map[string]*File{}
for _, name := range sc.Names() {
@@ -158,7 +152,7 @@ func (c Centrifuge) run(sc *types.Scope, rootPkg string, pkgName string) (map[st
}
}
return files, nil
return files
}
func (c Centrifuge) writeStruct(name string, obj *types.Struct, rootPkg string, elt *File) string {

6
cmd/traefik/traefik.go
View File

@@ -223,12 +223,16 @@ func setupServer(staticConfiguration *static.Configuration) (*server.Server, err
pluginBuilder, err := createPluginBuilder(staticConfiguration)
if err != nil {
return nil, err
log.WithoutContext().WithError(err).Error("Plugins are disabled because an error has occurred.")
}
// Providers plugins
for name, conf := range staticConfiguration.Providers.Plugin {
if pluginBuilder == nil {
break
}
p, err := pluginBuilder.BuildProvider(name, conf)
if err != nil {
return nil, fmt.Errorf("plugin: failed to build provider: %w", err)

22
docs/content/contributing/advocating.md
View File

@@ -8,8 +8,24 @@ description: "There are many ways to contribute to Traefik Proxy. If you're talk
Spread the Love & Tell Us about It
{: .subtitle }
There are many ways to contribute to the project, and there is one that always spark joy: when we see/read about users talking about how Traefik helps them solve their problems.
Traefik Proxy was started by the community for the community.
You can contribute to the Traefik community in three main ways:
If you're talking about Traefik, [let us know](https://traefik.io/submit-my-contribution/) and we'll promote your enthusiasm!
**Spread the word!** Guides, videos, blog posts, how-to articles, and showing off your network design all help spread the word about Traefik Proxy
and teach others in the community how to best implement it.
It always sparks joy when users share how Traefik Proxy helps them solve their problems.
If you are talking about Traefik Proxy, [let us know](https://traefik.io/submit-my-contribution/) and we will promote your work and reward your enthusiasm!
If you are giving a talk that includes or is about Traefik Proxy, [let us know](https://traefik.io/submit-my-contribution/) and we will send you swag and stickers for your time at the conference.
If you have written about Traefik or shared useful information you would like to promote, feel free to add links to the [dedicated wiki page on GitHub](https://github.com/traefik/traefik/wiki/Awesome-Traefik).
Also, if you've written about Traefik or shared useful information you'd like to promote, feel free to add links in the [dedicated wiki page on Github](https://github.com/traefik/traefik/wiki/Awesome-Traefik).
**Help community members!** Everyone needs a place to share their cool innovations or get help with that pesky bug that only a different pair of eyes seems to be able to see.
Join our [Community Forum](https://community.traefik.io/) where you can ask questions, help out other users, and share your neat configuration examples or snippets.
Top contributors will be asked to join the Ambassador program and get unique swag to celebrate!
**Build cool solutions!** Traefik Proxy would be so much better if only it had…
We love all the wonderful ideas that our users come up with, but we can only build so much.
Luckily, as an open source community, our users can help by [building awesome features](https://github.com/orgs/traefik/projects/9/views/7), enhancements, or bug fixes.
We are a big community, so we do need to prioritize a bit.
That is why we use the tag `contributor/wanted` to let you know which pull requests will make it to the front of the queue for design support and review.
Feel free to grab one of these and run with it.
Top contributors get unique swag to celebrate.

228
docs/content/contributing/submitting-pull-requests.md
View File

@@ -3,12 +3,228 @@ title: "Traefik Pull Requests Documentation"
description: "Looking to contribute to Traefik Proxy? This guide will show you the guidelines for submitting a PR in our contributors guide repository."
---
# Submitting Pull Requests
# Before You Submit a Pull Request
A Quick Guide for Efficient Contributions
{: .subtitle }
This guide is for contributors who already have a pull request to submit.
If you are looking for information on setting up your developer environment
and creating code to contribute to Traefik Proxy or related projects,
see the [development guide](https://docs.traefik.io/contributing/building-testing/).
So you've decided to improve Traefik?
Thank You!
Looking for a way to contribute to Traefik Proxy?
Check out this list of [Priority Issues](https://github.com/traefik/traefik/labels/contributor%2Fwanted),
the [Good First Issue](https://github.com/traefik/traefik/labels/contributor%2Fgood-first-issue) list,
or the list of [confirmed bugs](https://github.com/traefik/traefik/labels/kind%2Fbug%2Fconfirmed) waiting to be remedied.
Please review the [guidelines on creating PRs](https://github.com/traefik/contributors-guide/blob/master/pr_guidelines.md) for Traefik in our [contributors guide repository](https://github.com/traefik/contributors-guide).
## How We Prioritize
We wish we could review every pull request right away.
Unfortunately, our team has to prioritize pull requests (PRs) for review
(but we are welcoming new [maintainers](https://github.com/traefik/traefik/blob/master/docs/content/contributing/maintainers-guidelines.md) to speed this up,
so if you are interested, check it out and apply).
The PRs we are able to handle fastest are:
* Documentation updates.
* Bug fixes.
* Enhancements and Features with a `contributor/wanted` tag.
PRs that take more time to address include:
* Enhancements or Features without the `contributor/wanted` tag.
If you have an idea for an enhancement or feature that you would like to build,
[create an issue](https://github.com/traefik/traefik/issues/new/choose) for it first
and tell us you are interested in writing the PR.
If an issue already exists, definitely comment on it to tell us you are interested in creating a PR.
This will allow us to communicate directly and let you know if it is something we would accept.
It also allows us to make sure you have all the information you need during the design phase
so that it can be reviewed and merged quickly.
If you have questions about the Triage process,
[read more here](https://github.com/traefik/contributors-guide/blob/master/issue_triage.md).
## The Pull Request Submit Process
Merging a PR requires the following steps to be completed before it is merged automatically.
* Make sure your pull request adheres to our best practices. These include:
* [Following project conventions](https://github.com/traefik/traefik/blob/master/docs/content/contributing/maintainers-guidelines.md); including using the PR Template.
* Make small pull requests.
* Solve only one problem at a time.
* Comment thoroughly.
* Do not open the PR from an organization repository.
* Keep "allows edit from maintainer" checked.
* Use semantic line breaks for documentation.
* Pass the validation check.
* Pass all tests.
* Receive 3 approving reviews maintainers.
## Pull Request Review Cycle
You can read about our Triage Process [here](https://github.com/traefik/contributors-guide/blob/master/issue_triage.md),
but in short, it looks like this:
* We triage every new PR or comment before entering it into the review process.
* We ensure that all prerequisites for review have been met.
* We check to make sure the use case meets our needs.
* We assign reviewers.
* Design Review.
* This takes longer than other parts of the process.
* We review that there are no obvious conflicts with our codebase.
* Code Review.
* We review the code in-depth and run tests.
* We may ask for changes here.
* During code review, we ask that you be reasonably responsive,
if a PR languishes in code review it is at risk of rejection,
or we may take ownership of the PR and the contributor will become a co-author.
* Merge.
* Success!
!!! note
Occasionally, we may freeze our codebase when working towards a specific feature or goal that could impact other development.
During this time, your pull request could remain unmerged while the release work is completed.
## Run Local Verifications
You must run these local verifications before you submit your pull request to predict the pass or failure of continuous integration.
Your PR will not be reviewed until these are green on the CI.
* `make validate`
* `make pull-images`
* `make test`
## The Testing and Merge Workflow
Pull Requests are managed by the bot [Myrmica Lobicornis](https://github.com/traefik/lobicornis).
This bot is responsible for verifying GitHub Checks (CI, Tests, etc), mergability, and minimum reviews.
In addition, it rebases or merges with the base PR branch if needed.
It performs several other housekeeping items
and you can read more about those on the [README](https://github.com/traefik/lobicornis) for Lobicornis.
The maintainer giving the final LGTM must add the `status/3-needs-merge` label to trigger the merge bot.
By default, a squash-rebase merge will be carried out.
The status `status/4-merge-in-progress` is only used by the bot.
If the bot is not able to perform the merge, the label `bot/need-human-merge` is added.
In such a situation, solve the conflicts/CI/... and then remove the label `bot/need-human-merge`.
To prevent the bot from automatically merging a PR, add the label `bot/no-merge`.
The label `bot/light-review` decreases the number of required LGTM from 3 to 1.
This label can be used when:
* Updating a dependency.
* Merging branches back into the next version branch.
* Submitting minor documentation changes.
* Submitting changelog PRs.
## Why Was My Pull Request Closed?
Traefik Proxy is made by the community for the community,
as such the goal is to engage the community to make Traefik the best reverse proxy available.
Part of this goal is maintaining a lean codebase and ensuring code velocity.
unfortunately, this means that sometimes we will not be able to merge a pull request.
Because we respect the work you did, you will always be told why we are closing your pull request.
If you do not agree with our decision, do not worry; closed pull requests are easy to recreate,
and little work is lost by closing a pull request that subsequently needs to be reopened.
Your pull request might be closed if:
* Your PR's design conflicts with our existing codebase in such a way that Merging is not an option
and the work needed to make your pull request usable is too high.
* To prevent this, make sure you created an issue first
and think about including Traefik Proxy maintainers in your design phase to minimize conflicts.
* Your PR is for an enhancement or feature that we will not use.
* Please remember to create an issue for any pull request **before** you create a PR
to ensure that your goal is something we can merge and that you have any design insight you might need from the team.
* Your PR has been waiting for feedback from the contributor for over 90 days.
## Why is My Pull Request Not Getting Reviewed
A few factors affect how long your pull request might wait for review.
We must prioritize which PRs we focus on.
Our first priority is PRs we have identified as having high community engagement and broad applicability.
We put our top priorities on our roadmap and you can identify them by the `contributor/wanted` tag.
These PRs will enter our review process the fastest.
Our second priority is bug fixes.
Especially for bugs that have already been tagged with `bug/confirmed`.
These reviews enter the process quickly.
If your PR does not meet the criteria above,
it will take longer for us to review as any PRs that do meet the criteria above will be prioritized.
Additionally, during the last few weeks of a milestone, we stop reviewing PRs to reduce churn and stabilize.
We will resume after the release.
The second major reason that we deprioritize your PR is that you are not following best practices.
The most common failures to follow best practices are:
* You did not create an issue for the PR you wish to make.
If you do not create an issue before submitting your PR,
we will not be able to answer any design questions and let you know how likely your PR is to be merged.
* You created pull requests that are too large to review.
* Break your pull requests up.
If you can extract whole ideas from your pull request and send those as pull requests of their own,
you should do that instead.
It is better to have many pull requests addressing one thing than one pull request addressing many things.
* Traefik Proxy is a fast-moving codebase — lock in your changes ASAP with your small pull request,
and make merges be someone else's problem.
We want every pull request to be useful on its own,
so use your best judgment on what should be a pull request vs. a commit.
* You did not comment well.
* Comment everything.
Please remember that we are working internationally, cross-culturally, and with different use-cases.
Your reviewer will not intuitively understand the problem the same way you do or solve it the same way you would.
This is why every change you make must be explained and your strategy for coding must also be explained.
* Your tests were inadequate or absent.
* If you do not know how to test your PR, please ask!
We will be happy to help you or suggest appropriate test cases.
If you have already followed the best practices and your PR still has not received a response,
here are some things you can do to move the process along:
* If you have fixed all the issues from a review,
remember to re-request a review (using the designated button) to let your reviewer know that you are ready.
You can choose to comment with the changes you made.
* Ping `@tfny` if you have not been assigned to a reviewer.
For more information on best practices, try these links:
* [How to Write a Git Commit Message - Chris Beams](https://chris.beams.io/posts/git-commit/)
* [Distributed Git - Contributing to a Project (Commit Guidelines)](https://git-scm.com/book/en/v2/Distributed-Git-Contributing-to-a-Project)
* [Whats with the 50/72 rule? - Preslav Rachev](https://preslav.me/2015/02/21/what-s-with-the-50-72-rule/)
* [A Note About Git Commit Messages - Tim Pope](https://tbaggery.com/2008/04/19/a-note-about-git-commit-messages.html)
## It's OK to Push Back
Sometimes reviewers make mistakes.
It is OK to push back on changes your reviewer requested.
If you have a good reason for doing something a certain way, you are absolutely allowed to debate the merits of a requested change.
Both the reviewer and reviewee should strive to discuss these issues in a polite and respectful manner.
You might be overruled, but you might also prevail.
We are pretty reasonable people.
Another phenomenon of open-source projects (where anyone can comment on any issue) is the dog-pile -
your pull request gets so many comments from so many people it becomes hard to follow.
In this situation, you can ask the primary reviewer (assignee) whether they want you to fork a new pull request
to clear out all the comments.
You do not have to fix every issue raised by every person who feels like commenting,
but you should answer reasonable comments with an explanation.
## Common Sense and Courtesy
No document can take the place of common sense and good taste.
Use your best judgment, while you put a bit of thought into how your work can be made easier to review.
If you do these things your pull requests will get merged with less friction.

6
docs/content/contributing/thank-you.md
View File

@@ -8,11 +8,11 @@ description: "Thank you to all those who have contributed! Traefik Proxy is an o
_You_ Made It
{: .subtitle}
Traefik truly is an [open-source project](https://github.com/traefik/traefik/),
Traefik Proxy truly is an [open-source project](https://github.com/traefik/traefik/),
and wouldn't have become what it is today without the help of our [many contributors](https://github.com/traefik/traefik/graphs/contributors) (at the time of writing this),
not accounting for people having helped with issues, tests, comments, articles, ... or just enjoying it and letting others know.
not accounting for people having helped with issues, tests, comments, articles, ... or just enjoy using Traefik Proxy and share with others.
So once again, thank you for your invaluable help on making Traefik such a good product.
So once again, thank you for your invaluable help in making Traefik such a good product!
!!! question "Where to Go Next?"
If you want to:

12
docs/content/deprecation/features.md
View File

@@ -4,23 +4,23 @@ This page is maintained and updated periodically to reflect our roadmap and any
| Feature | Deprecated | End of Support | Removal |
|---------------------------------------------------------------|------------|----------------|---------|
| [Pilot Dashboard (Metrics)](#pilot-dashboard-metrics) | 2.7 | 2.8 | 2.9 |
| [Pilot Plugins](#pilot-plugins) | 2.7 | 2.8 | 2.9 |
| [Consul Enterprise Namespaces](#consul-enterprise-namespaces) | 2.8 | TBD | TBD |
| [Pilot Dashboard (Metrics)](#pilot-dashboard-metrics) | 2.7 | 2.8 | 3.0 |
| [Pilot Plugins](#pilot-plugins) | 2.7 | 2.8 | 3.0 |
| [Consul Enterprise Namespace](#consul-enterprise-namespace) | 2.8 | N/A | 3.0 |
## Impact
### Pilot Dashboard (Metrics)
Metrics will continue to function normally up to 2.8, when they will be disabled.
In 2.9, the Pilot platform and all Traefik integration code will be permanently removed.
In 3.0, the Pilot platform and all Traefik integration code will be permanently removed.
### Pilot Plugins
Starting on 2.7 the pilot token will not be a requirement anymore.
At 2.9, a new plugin catalog home should be available, decoupled from pilot.
Since 2.8, a [new plugin catalog](https://plugins.traefik.io) is available, decoupled from pilot.
### Consul Enterprise Namespaces
### Consul Enterprise Namespace
Starting on 2.8 the `namespace` option of Consul and Consul Catalog providers is deprecated,
please use the `namespaces` options instead.

4
docs/content/deprecation/releases.md
View File

@@ -6,7 +6,9 @@ Below is a non-exhaustive list of versions and their maintenance status:
| Version | Release Date | Active Support | Security Support |
|---------|--------------|--------------------|------------------|
| 2.6 | Jan 24, 2022 | Yes | Yes |
| 2.8 | Jun 29, 2022 | Yes | Yes |
| 2.7 | May 24, 2022 | Ended Jun 29, 2022 | No |
| 2.6 | Jan 24, 2022 | Ended May 24, 2022 | No |
| 2.5 | Aug 17, 2021 | Ended Jan 24, 2022 | No |
| 2.4 | Jan 19, 2021 | Ended Aug 17, 2021 | No |
| 2.3 | Sep 23, 2020 | Ended Jan 19, 2021 | No |

2
docs/content/getting-started/concepts.md
View File

@@ -39,3 +39,5 @@ You no longer need to create and synchronize configuration files cluttered with
!!! question "How does Traefik discover the services?"
Traefik is able to use your cluster API to discover the services and read the attached information. In Traefik, these connectors are called [providers](../providers/overview.md) because they _provide_ the configuration to Traefik. To learn more about them, read the [provider overview](../providers/overview.md) section.
{!traefik-for-business-applications.md!}

2
docs/content/getting-started/configuration-overview.md
View File

@@ -93,3 +93,5 @@ All available environment variables can be found [here](../reference/static-conf
All the configuration options are documented in their related section.
You can browse the available features in the menu, the [providers](../providers/overview.md), or the [routing section](../routing/overview.md) to see them in action.
{!traefik-for-business-applications.md!}

24
docs/content/getting-started/faq.md
View File

@@ -157,3 +157,27 @@ By default, the following headers are automatically added when proxying requests
For more details,
please check out the [forwarded header](../routing/entrypoints.md#forwarded-headers) documentation.
## What does the "field not found" error mean?
```shell
error: field not found, node: -badField-
```
The "field not found" error occurs, when an unknown property is encountered in the dynamic or static configuration.
One easy way to check whether a configuration file is well-formed, is to validate it with:
- [JSON Schema of the static configuration](https://json.schemastore.org/traefik-v2.json)
- [JSON Schema of the dynamic configuration](https://json.schemastore.org/traefik-v2-file-provider.json)
## Why are some resources (routers, middlewares, services...) not created/applied?
As a common tip, if a resource is dropped/not created by Traefik after the dynamic configuration was evaluated,
one should look for an error in the logs.
If found, the error obviously confirms that something went wrong while creating the resource,
and the message should help in figuring out the mistake(s) in the configuration, and how to fix it.
When using the file provider,
one easy way to check if the dynamic configuration is well-formed is to validate it with the [JSON Schema of the dynamic configuration](https://json.schemastore.org/traefik-v2-file-provider.json).

2
docs/content/getting-started/install-traefik.md
View File

@@ -178,3 +178,5 @@ And run it:
## Compile your Binary from the Sources
All the details are available in the [Contributing Guide](../contributing/building-testing.md)
{!traefik-for-business-applications.md!}

318
docs/content/getting-started/quick-start-with-kubernetes.md Normal file
View File

@@ -0,0 +1,318 @@
---
title: "Traefik Getting Started With Kubernetes"
description: "Looking to get started with Traefik Proxy? Read the technical documentation to learn a simple use case that leverages Kubernetes."
---
# Quick Start
A Simple Use Case of Traefik Proxy and Kubernetes
{: .subtitle }
This guide is an introduction to using Traefik Proxy in a Kubernetes environment.
The objective is to learn how to run an application behind a Traefik reverse proxy in Kubernetes.
It presents and explains the basic blocks required to start with Traefik such as Ingress Controller, Ingresses, Deployments, static, and dynamic configuration.
## Permissions and Accesses
Traefik uses the Kubernetes API to discover running services.
In order to use the Kubernetes API, Traefik needs some permissions.
This [permission mechanism](https://kubernetes.io/docs/reference/access-authn-authz/rbac/) is based on roles defined by the cluster administrator.
The role is then bound to an account used by an application, in this case, Traefik Proxy.
The first step is to create the role.
The [`ClusterRole`](https://kubernetes.io/docs/reference/kubernetes-api/authorization-resources/cluster-role-v1/#ClusterRole) resource enumerates the resources and actions available for the role.
In a file called `00-role.yml`, put the following `ClusterRole`:
```yaml tab="00-role.yml"
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: traefik-role
rules:
- apiGroups:
- ""
resources:
- services
- endpoints
- secrets
verbs:
- get
- list
- watch
- apiGroups:
- extensions
- networking.k8s.io
resources:
- ingresses
- ingressclasses
verbs:
- get
- list
- watch
- apiGroups:
- extensions
- networking.k8s.io
resources:
- ingresses/status
verbs:
- update
```
!!! info "You can find the reference for this file [there](../../reference/dynamic-configuration/kubernetes-crd/#rbac)."
The next step is to create a dedicated service account for Traefik.
In a file called `00-account.yml`, put the following [`ServiceAccount`](https://kubernetes.io/docs/reference/kubernetes-api/authentication-resources/service-account-v1/#ServiceAccount) resource:
```yaml tab="00-account.yml"
apiVersion: v1
kind: ServiceAccount
metadata:
name: traefik-account
```
And then, bind the role on the account to apply the permissions and rules on the latter. In a file called `01-role-binding.yml`, put the
following [`ClusterRoleBinding`](https://kubernetes.io/docs/reference/kubernetes-api/authorization-resources/cluster-role-binding-v1/#ClusterRoleBinding) resource:
```yaml tab="01-role-binding.yml"
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: traefik-role-binding
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: traefik-role
subjects:
- kind: ServiceAccount
name: traefik-account
namespace: default # Using "default" because we did not specify a namespace when creating the ClusterAccount.
```
!!! info "`roleRef` is the Kubernetes reference to the role created in `00-role.yml`."
!!! info "`subjects` is the list of accounts reference."
In this guide, it only contains the account created in `00-account.yml`
## Deployment and Exposition
!!! info "This section can be managed with the help of the [Traefik Helm chart](../install-traefik/#use-the-helm-chart)."
The [ingress controller](https://traefik.io/glossary/kubernetes-ingress-and-ingress-controller-101/#what-is-a-kubernetes-ingress-controller)
is a software that runs in the same way as any other application on a cluster.
To start Traefik on the Kubernetes cluster,
a [`Deployment`](https://kubernetes.io/docs/reference/kubernetes-api/workload-resources/deployment-v1/) resource must exist to describe how to configure
and scale containers horizontally to support larger workloads.
Start by creating a file called `02-traefik.yml` and paste the following `Deployment` resource:
```yaml tab="02-traefik.yml"
kind: Deployment
apiVersion: apps/v1
metadata:
name: traefik-deployment
labels:
app: traefik
spec:
replicas: 1
selector:
matchLabels:
app: traefik
template:
metadata:
labels:
app: traefik
spec:
serviceAccountName: traefik-account
containers:
- name: traefik
image: traefik:v2.8
args:
- --api.insecure
- --providers.kubernetesingress
ports:
- name: web
containerPort: 80
- name: dashboard
containerPort: 8080
```
The deployment contains an important attribute for customizing Traefik: `args`.
These arguments are the static configuration for Traefik.
From here, it is possible to enable the dashboard,
configure entry points,
select dynamic configuration providers,
and [more](../reference/static-configuration/cli.md)...
In this deployment,
the static configuration enables the Traefik dashboard,
and uses Kubernetes native Ingress resources as router definitions to route incoming requests.
!!! info "When there is no entry point in the static configuration"
Traefik creates a default one called `web` using the port `80` routing HTTP requests.
!!! info "When enabling the [`api.insecure`](../../operations/api/#insecure) mode, Traefik exposes the dashboard on the port `8080`."
A deployment manages scaling and then can create lots of containers, called [Pods](https://kubernetes.io/docs/concepts/workloads/pods/).
Each Pod is configured following the `spec` field in the deployment.
Given that, a Deployment can run multiple Traefik Proxy Pods,
a piece is required to forward the traffic to any of the instance:
namely a [`Service`](https://kubernetes.io/docs/reference/kubernetes-api/service-resources/service-v1/#Service).
Create a file called `02-traefik-services.yml` and insert the two `Service` resources:
```yaml tab="02-traefik-services.yml"
apiVersion: v1
kind: Service
metadata:
name: traefik-dashboard-service
spec:
type: LoadBalancer
ports:
- port: 8080
targetPort: dashboard
selector:
app: traefik
---
apiVersion: v1
kind: Service
metadata:
name: traefik-web-service
spec:
type: LoadBalancer
ports:
- targetPort: web
port: 80
selector:
app: traefik
```
!!! warning "It is possible to expose a service in different ways."
Depending on your working environment and use case, the `spec.type` might change.
It is strongly recommended to understand the available [service types](https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types) before proceeding to the next step.
It is now time to apply those files on your cluster to start Traefik.
```shell
kubectl apply -f 00-role.yml \
-f 00-account.yml \
-f 01-role-binding.yml \
-f 02-traefik.yml \
-f 02-traefik-services.yml
```
## Proxying applications
The only part still missing is the business application behind the reverse proxy.
For this guide, we use the example application [traefik/whoami](https://github.com/traefik/whoami),
but the principles are applicable to any other application.
The `whoami` application is a simple HTTP server running on port 80 which answers host-related information to the incoming requests.
As usual, start by creating a file called `03-whoami.yml` and paste the following `Deployment` resource:
```yaml tab="03-whoami.yml"
kind: Deployment
apiVersion: apps/v1
metadata:
name: whoami
labels:
app: whoami
spec:
replicas: 1
selector:
matchLabels:
app: whoami
template:
metadata:
labels:
app: whoami
spec:
containers:
- name: whoami
image: traefik/whoami
ports:
- name: web
containerPort: 80
```
And continue by creating the following `Service` resource in a file called `03-whoami-services.yml`:
```yaml tab="03-whoami-services.yml"
apiVersion: v1
kind: Service
metadata:
name: whoami
spec:
ports:
- name: web
port: 80
targetPort: web
selector:
app: whoami
```
Thanks to the Kubernetes API,
Traefik is notified when an Ingress resource is created, updated, or deleted.
This makes the process dynamic.
The ingresses are, in a way, the [dynamic configuration](../../providers/kubernetes-ingress/) for Traefik.
!!! tip
Find more information on [ingress controller](https://kubernetes.io/docs/concepts/services-networking/ingress-controllers/),
and [Ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/) in the official Kubernetes documentation.
Create a file called `04-whoami-ingress.yml` and insert the `Ingress` resource:
```yaml tab="04-whoami-ingress.yml"
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
name: whoami-ingress
spec:
rules:
- http:
paths:
- path: /
pathType: Prefix
backend:
service:
name: whoami
port:
name: web
```
This `Ingress` configures Traefik to redirect any incoming requests starting with `/` to the `whoami:80` service.
At this point, all the configurations are ready.
It is time to apply those new files:
```shell
kubectl apply -f 03-whoami.yml \
-f 03-whoami-services.yml \
-f 04-whoami-ingress.yml
```
Now you should be able to access the `whoami` application and the Traefik dashboard.
Load the dashboard on a web browser: [`http://localhost:8080`](http://localhost:8080).
And now access the `whoami` application:
```shell
curl -v http://localhost/
```
!!! question "Going further"
- [Filter the ingresses](../providers/kubernetes-ingress.md#ingressclass) to use with [IngressClass](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class)
- Use [IngressRoute CRD](../providers/kubernetes-crd.md)
- Protect [ingresses with TLS](../routing/providers/kubernetes-ingress.md#enabling-tls-via-annotations)

3
docs/content/getting-started/quick-start.md
View File

@@ -113,4 +113,7 @@ IP: 172.27.0.4
```
!!! question "Where to Go Next?"
Now that you have a basic understanding of how Traefik can automatically create the routes to your services and load balance them, it is time to dive into [the documentation](/) and let Traefik work for you!
{!traefik-for-business-applications.md!}

218
docs/content/https/acme.md
View File

@@ -293,112 +293,112 @@ For example, `CF_API_EMAIL_FILE=/run/secrets/traefik_cf-api-email` could be used
For complete details, refer to your provider's _Additional configuration_ link.
| Provider Name | Provider Code | Environment Variables | |
|-------------------------------------------------------------|----------------|---------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------|
| [ACME DNS](https://github.com/joohoi/acme-dns) | `acme-dns` | `ACME_DNS_API_BASE`, `ACME_DNS_STORAGE_PATH` | [Additional configuration](https://go-acme.github.io/lego/dns/acme-dns) |
| [Alibaba Cloud](https://www.alibabacloud.com) | `alidns` | `ALICLOUD_ACCESS_KEY`, `ALICLOUD_SECRET_KEY`, `ALICLOUD_REGION_ID` | [Additional configuration](https://go-acme.github.io/lego/dns/alidns) |
| [all-inkl](https://all-inkl.com) | `allinkl` | `ALL_INKL_LOGIN`, `ALL_INKL_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/allinkl) |
| [ArvanCloud](https://www.arvancloud.com/en) | `arvancloud` | `ARVANCLOUD_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/arvancloud) |
| [Auroradns](https://www.pcextreme.com/dns-health-checks) | `auroradns` | `AURORA_USER_ID`, `AURORA_KEY`, `AURORA_ENDPOINT` | [Additional configuration](https://go-acme.github.io/lego/dns/auroradns) |
| [Autodns](https://www.internetx.com/domains/autodns/) | `autodns` | `AUTODNS_API_USER`, `AUTODNS_API_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/autodns) |
| [Azure](https://azure.microsoft.com/services/dns/) | `azure` | `AZURE_CLIENT_ID`, `AZURE_CLIENT_SECRET`, `AZURE_SUBSCRIPTION_ID`, `AZURE_TENANT_ID`, `AZURE_RESOURCE_GROUP`, `[AZURE_METADATA_ENDPOINT]` | [Additional configuration](https://go-acme.github.io/lego/dns/azure) |
| [Bindman](https://github.com/labbsr0x/bindman-dns-webhook) | `bindman` | `BINDMAN_MANAGER_ADDRESS` | [Additional configuration](https://go-acme.github.io/lego/dns/bindman) |
| [Blue Cat](https://www.bluecatnetworks.com/) | `bluecat` | `BLUECAT_SERVER_URL`, `BLUECAT_USER_NAME`, `BLUECAT_PASSWORD`, `BLUECAT_CONFIG_NAME`, `BLUECAT_DNS_VIEW` | [Additional configuration](https://go-acme.github.io/lego/dns/bluecat) |
| [Checkdomain](https://www.checkdomain.de/) | `checkdomain` | `CHECKDOMAIN_TOKEN`, | [Additional configuration](https://go-acme.github.io/lego/dns/checkdomain/) |
| [CloudDNS](https://vshosting.eu/) | `clouddns` | `CLOUDDNS_CLIENT_ID`, `CLOUDDNS_EMAIL`, `CLOUDDNS_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/clouddns) |
| [Cloudflare](https://www.cloudflare.com) | `cloudflare` | `CF_API_EMAIL`, `CF_API_KEY` [^5] or `CF_DNS_API_TOKEN`, `[CF_ZONE_API_TOKEN]` | [Additional configuration](https://go-acme.github.io/lego/dns/cloudflare) |
| [ClouDNS](https://www.cloudns.net/) | `cloudns` | `CLOUDNS_AUTH_ID`, `CLOUDNS_AUTH_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/cloudns) |
| [CloudXNS](https://www.cloudxns.net) | `cloudxns` | `CLOUDXNS_API_KEY`, `CLOUDXNS_SECRET_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/cloudxns) |
| [ConoHa](https://www.conoha.jp) | `conoha` | `CONOHA_TENANT_ID`, `CONOHA_API_USERNAME`, `CONOHA_API_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/conoha) |
| [Constellix](https://constellix.com) | `constellix` | `CONSTELLIX_API_KEY`, `CONSTELLIX_SECRET_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/constellix) |
| [deSEC](https://desec.io) | `desec` | `DESEC_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/desec) |
| [DigitalOcean](https://www.digitalocean.com) | `digitalocean` | `DO_AUTH_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/digitalocean) |
| [DNS Made Easy](https://dnsmadeeasy.com) | `dnsmadeeasy` | `DNSMADEEASY_API_KEY`, `DNSMADEEASY_API_SECRET`, `DNSMADEEASY_SANDBOX` | [Additional configuration](https://go-acme.github.io/lego/dns/dnsmadeeasy) |
| [DNSimple](https://dnsimple.com) | `dnsimple` | `DNSIMPLE_OAUTH_TOKEN`, `DNSIMPLE_BASE_URL` | [Additional configuration](https://go-acme.github.io/lego/dns/dnsimple) |
| [DNSPod](https://www.dnspod.com/) | `dnspod` | `DNSPOD_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/dnspod) |
| [Domain Offensive (do.de)](https://www.do.de/) | `dode` | `DODE_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/dode) |
| [Domeneshop](https://domene.shop) | `domeneshop` | `DOMENESHOP_API_TOKEN`, `DOMENESHOP_API_SECRET` | [Additional configuration](https://go-acme.github.io/lego/dns/domeneshop) |
| [DreamHost](https://www.dreamhost.com/) | `dreamhost` | `DREAMHOST_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/dreamhost) |
| [Duck DNS](https://www.duckdns.org/) | `duckdns` | `DUCKDNS_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/duckdns) |
| [Dyn](https://dyn.com) | `dyn` | `DYN_CUSTOMER_NAME`, `DYN_USER_NAME`, `DYN_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/dyn) |
| [Dynu](https://www.dynu.com) | `dynu` | `DYNU_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/dynu) |
| [EasyDNS](https://easydns.com/) | `easydns` | `EASYDNS_TOKEN`, `EASYDNS_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/easydns) |
| [EdgeDNS](https://www.akamai.com/) | `edgedns` | `AKAMAI_CLIENT_TOKEN`, `AKAMAI_CLIENT_SECRET`, `AKAMAI_ACCESS_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/edgedns) |
| [Epik](https://www.epik.com) | `epik` | `EPIK_SIGNATURE` | [Additional configuration](https://go-acme.github.io/lego/dns/epik) |
| [Exoscale](https://www.exoscale.com) | `exoscale` | `EXOSCALE_API_KEY`, `EXOSCALE_API_SECRET`, `EXOSCALE_ENDPOINT` | [Additional configuration](https://go-acme.github.io/lego/dns/exoscale) |
| [Fast DNS](https://www.akamai.com/) | `fastdns` | `AKAMAI_CLIENT_TOKEN`, `AKAMAI_CLIENT_SECRET`, `AKAMAI_ACCESS_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/edgedns) |
| [Freemyip.com](https://freemyip.com) | `freemyip` | `FREEMYIP_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/freemyip) |
| [G-Core Lab](https://gcorelabs.com/dns/) | `gcore` | `GCORE_PERMANENT_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/gcore) |
| [Gandi v5](https://doc.livedns.gandi.net) | `gandiv5` | `GANDIV5_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/gandiv5) |
| [Gandi](https://www.gandi.net) | `gandi` | `GANDI_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/gandi) |
| [Glesys](https://glesys.com/) | `glesys` | `GLESYS_API_USER`, `GLESYS_API_KEY`, `GLESYS_DOMAIN` | [Additional configuration](https://go-acme.github.io/lego/dns/glesys) |
| [GoDaddy](https://godaddy.com/) | `godaddy` | `GODADDY_API_KEY`, `GODADDY_API_SECRET` | [Additional configuration](https://go-acme.github.io/lego/dns/godaddy) |
| [Google Cloud DNS](https://cloud.google.com/dns/docs/) | `gcloud` | `GCE_PROJECT`, Application Default Credentials [^2] [^3], [`GCE_SERVICE_ACCOUNT_FILE`] | [Additional configuration](https://go-acme.github.io/lego/dns/gcloud) |
| [Hetzner](https://hetzner.com) | `hetzner` | `HETZNER_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/hetzner) |
| [hosting.de](https://www.hosting.de) | `hostingde` | `HOSTINGDE_API_KEY`, `HOSTINGDE_ZONE_NAME` | [Additional configuration](https://go-acme.github.io/lego/dns/hostingde) |
| [Hosttech](https://www.hosttech.eu) | `hosttech` | `HOSTTECH_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/hosttech) |
| [Hurricane Electric](https://dns.he.net) | `hurricane` | `HURRICANE_TOKENS` [^6] | [Additional configuration](https://go-acme.github.io/lego/dns/hurricane) |
| [HyperOne](https://www.hyperone.com) | `hyperone` | `HYPERONE_PASSPORT_LOCATION`, `HYPERONE_LOCATION_ID` | [Additional configuration](https://go-acme.github.io/lego/dns/hyperone) |
| [IBM Cloud (SoftLayer)](https://www.ibm.com/cloud/) | `ibmcloud` | `SOFTLAYER_USERNAME`, `SOFTLAYER_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/ibmcloud) |
| [IIJ DNS Platform Service](https://www.iij.ad.jp) | `iijdpf` | `IIJ_DPF_API_TOKEN` , `IIJ_DPF_DPM_SERVICE_CODE` | [Additional configuration](https://go-acme.github.io/lego/dns/iijdpf) |
| [IIJ](https://www.iij.ad.jp/) | `iij` | `IIJ_API_ACCESS_KEY`, `IIJ_API_SECRET_KEY`, `IIJ_DO_SERVICE_CODE` | [Additional configuration](https://go-acme.github.io/lego/dns/iij) |
| [Infoblox](https://www.infoblox.com/) | `infoblox` | `INFOBLOX_USER`, `INFOBLOX_PASSWORD`, `INFOBLOX_HOST` | [Additional configuration](https://go-acme.github.io/lego/dns/infoblox) |
| [Infomaniak](https://www.infomaniak.com) | `infomaniak` | `INFOMANIAK_ACCESS_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/infomaniak) |
| [Internet.bs](https://internetbs.net) | `internetbs` | `INTERNET_BS_API_KEY`, `INTERNET_BS_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/internetbs) |
| [INWX](https://www.inwx.de/en) | `inwx` | `INWX_USERNAME`, `INWX_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/inwx) |
| [ionos](https://ionos.com/) | `ionos` | `IONOS_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/ionos) |
| [iwantmyname](https://iwantmyname.com) | `iwantmyname` | `IWANTMYNAME_USERNAME` , `IWANTMYNAME_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/iwantmyname) |
| [Joker.com](https://joker.com) | `joker` | `JOKER_API_MODE` with `JOKER_API_KEY` or `JOKER_USERNAME`, `JOKER_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/joker) |
| [Lightsail](https://aws.amazon.com/lightsail/) | `lightsail` | `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `DNS_ZONE` | [Additional configuration](https://go-acme.github.io/lego/dns/lightsail) |
| [Linode v4](https://www.linode.com) | `linode` | `LINODE_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/linode) |
| [Liquid Web](https://www.liquidweb.com/) | `liquidweb` | `LIQUID_WEB_PASSWORD`, `LIQUID_WEB_USERNAME`, `LIQUID_WEB_ZONE` | [Additional configuration](https://go-acme.github.io/lego/dns/liquidweb) |
| [Loopia](https://loopia.com/) | `loopia` | `LOOPIA_API_PASSWORD`, `LOOPIA_API_USER` | [Additional configuration](https://go-acme.github.io/lego/dns/loopia) |
| [LuaDNS](https://luadns.com) | `luadns` | `LUADNS_API_USERNAME`, `LUADNS_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/luadns) |
| [MyDNS.jp](https://www.mydns.jp/) | `mydnsjp` | `MYDNSJP_MASTER_ID`, `MYDNSJP_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/mydnsjp) |
| [Mythic Beasts](https://www.mythic-beasts.com) | `mythicbeasts` | `MYTHICBEASTS_USER_NAME`, `MYTHICBEASTS_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/mythicbeasts) |
| [name.com](https://www.name.com/) | `namedotcom` | `NAMECOM_USERNAME`, `NAMECOM_API_TOKEN`, `NAMECOM_SERVER` | [Additional configuration](https://go-acme.github.io/lego/dns/namedotcom) |
| [Namecheap](https://www.namecheap.com) | `namecheap` | `NAMECHEAP_API_USER`, `NAMECHEAP_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/namecheap) |
| [Namesilo](https://www.namesilo.com/) | `namesilo` | `NAMESILO_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/namesilo) |
| [Netcup](https://www.netcup.eu/) | `netcup` | `NETCUP_CUSTOMER_NUMBER`, `NETCUP_API_KEY`, `NETCUP_API_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/netcup) |
| [Netlify](https://www.netlify.com) | `netlify` | `NETLIFY_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/netlify) |
| [Nicmanager](https://www.nicmanager.com) | `nicmanager` | `NICMANAGER_API_EMAIL`, `NICMANAGER_API_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/nicmanager) |
| [NIFCloud](https://cloud.nifty.com/service/dns.htm) | `nifcloud` | `NIFCLOUD_ACCESS_KEY_ID`, `NIFCLOUD_SECRET_ACCESS_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/nifcloud) |
| [Njalla](https://njal.la) | `njalla` | `NJALLA_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/njalla) |
| [NS1](https://ns1.com/) | `ns1` | `NS1_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/ns1) |
| [Open Telekom Cloud](https://cloud.telekom.de) | `otc` | `OTC_DOMAIN_NAME`, `OTC_USER_NAME`, `OTC_PASSWORD`, `OTC_PROJECT_NAME`, `OTC_IDENTITY_ENDPOINT` | [Additional configuration](https://go-acme.github.io/lego/dns/otc) |
| [Openstack Designate](https://docs.openstack.org/designate) | `designate` | `OS_AUTH_URL`, `OS_USERNAME`, `OS_PASSWORD`, `OS_TENANT_NAME`, `OS_REGION_NAME` | [Additional configuration](https://go-acme.github.io/lego/dns/designate) |
| [Oracle Cloud](https://cloud.oracle.com/home) | `oraclecloud` | `OCI_COMPARTMENT_OCID`, `OCI_PRIVKEY_FILE`, `OCI_PRIVKEY_PASS`, `OCI_PUBKEY_FINGERPRINT`, `OCI_REGION`, `OCI_TENANCY_OCID`, `OCI_USER_OCID` | [Additional configuration](https://go-acme.github.io/lego/dns/oraclecloud) |
| [OVH](https://www.ovh.com) | `ovh` | `OVH_ENDPOINT`, `OVH_APPLICATION_KEY`, `OVH_APPLICATION_SECRET`, `OVH_CONSUMER_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/ovh) |
| [Porkbun](https://porkbun.com/) | `porkbun` | `PORKBUN_SECRET_API_KEY`, `PORKBUN_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/porkbun) |
| [PowerDNS](https://www.powerdns.com) | `pdns` | `PDNS_API_KEY`, `PDNS_API_URL` | [Additional configuration](https://go-acme.github.io/lego/dns/pdns) |
| [Rackspace](https://www.rackspace.com/cloud/dns) | `rackspace` | `RACKSPACE_USER`, `RACKSPACE_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/rackspace) |
| [reg.ru](https://www.reg.ru) | `regru` | `REGRU_USERNAME`, `REGRU_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/regru) |
| [RFC2136](https://tools.ietf.org/html/rfc2136) | `rfc2136` | `RFC2136_TSIG_KEY`, `RFC2136_TSIG_SECRET`, `RFC2136_TSIG_ALGORITHM`, `RFC2136_NAMESERVER` | [Additional configuration](https://go-acme.github.io/lego/dns/rfc2136) |
| [RimuHosting](https://rimuhosting.com) | `rimuhosting` | `RIMUHOSTING_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/rimuhosting) |
| [Route 53](https://aws.amazon.com/route53/) | `route53` | `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `[AWS_REGION]`, `[AWS_HOSTED_ZONE_ID]` or a configured user/instance IAM profile. | [Additional configuration](https://go-acme.github.io/lego/dns/route53) |
| [Sakura Cloud](https://cloud.sakura.ad.jp/) | `sakuracloud` | `SAKURACLOUD_ACCESS_TOKEN`, `SAKURACLOUD_ACCESS_TOKEN_SECRET` | [Additional configuration](https://go-acme.github.io/lego/dns/sakuracloud) |
| [Scaleway](https://www.scaleway.com) | `scaleway` | `SCALEWAY_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/scaleway) |
| [Selectel](https://selectel.ru/en/) | `selectel` | `SELECTEL_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/selectel) |
| [Servercow](https://servercow.de) | `servercow` | `SERVERCOW_USERNAME`, `SERVERCOW_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/servercow) |
| [Simply.com](https://www.simply.com/en/domains/) | `simply` | `SIMPLY_ACCOUNT_NAME`, `SIMPLY_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/simply) |
| [Sonic](https://www.sonic.com/) | `sonic` | `SONIC_USER_ID`, `SONIC_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/sonic) |
| [Stackpath](https://www.stackpath.com/) | `stackpath` | `STACKPATH_CLIENT_ID`, `STACKPATH_CLIENT_SECRET`, `STACKPATH_STACK_ID` | [Additional configuration](https://go-acme.github.io/lego/dns/stackpath) |
| [Tencent Cloud DNS](https://cloud.tencent.com/product/cns) | `tencentcloud` | `TENCENTCLOUD_SECRET_ID`, `TENCENTCLOUD_SECRET_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/tencentcloud) |
| [TransIP](https://www.transip.nl/) | `transip` | `TRANSIP_ACCOUNT_NAME`, `TRANSIP_PRIVATE_KEY_PATH` | [Additional configuration](https://go-acme.github.io/lego/dns/transip) |
| [UKFast SafeDNS](https://www.ukfast.co.uk/dns-hosting.html) | `safedns` | `SAFEDNS_AUTH_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/safedns) |
| [VegaDNS](https://github.com/shupp/VegaDNS-API) | `vegadns` | `SECRET_VEGADNS_KEY`, `SECRET_VEGADNS_SECRET`, `VEGADNS_URL` | [Additional configuration](https://go-acme.github.io/lego/dns/vegadns) |
| [Vercel](https://vercel.com) | `vercel` | `VERCEL_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/vercel) |
| [Versio](https://www.versio.nl/domeinnamen) | `versio` | `VERSIO_USERNAME`, `VERSIO_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/versio) |
| [VinylDNS](https://www.vinyldns.io) | `vinyldns` | `VINYLDNS_ACCESS_KEY`, `VINYLDNS_SECRET_KEY`, `VINYLDNS_HOST` | [Additional configuration](https://go-acme.github.io/lego/dns/vinyldns) |
| [Vscale](https://vscale.io/) | `vscale` | `VSCALE_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/vscale) |
| [VULTR](https://www.vultr.com) | `vultr` | `VULTR_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/vultr) |
| [WEDOS](https://www.wedos.com) | `wedos` | `WEDOS_USERNAME`, `WEDOS_WAPI_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/wedos) |
| [Yandex](https://yandex.com) | `yandex` | `YANDEX_PDD_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/yandex) |
| [Zone.ee](https://www.zone.ee) | `zoneee` | `ZONEEE_API_USER`, `ZONEEE_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/zoneee) |
| [Zonomi](https://zonomi.com) | `zonomi` | `ZONOMI_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/zonomi) |
| External Program | `exec` | `EXEC_PATH` | [Additional configuration](https://go-acme.github.io/lego/dns/exec) |
| HTTP request | `httpreq` | `HTTPREQ_ENDPOINT`, `HTTPREQ_MODE`, `HTTPREQ_USERNAME`, `HTTPREQ_PASSWORD` [^1] | [Additional configuration](https://go-acme.github.io/lego/dns/httpreq) |
| manual | `manual` | none, but you need to run Traefik interactively [^4], turn on debug log to see instructions and press <kbd>Enter</kbd>. | |
| Provider Name | Provider Code | Environment Variables | |
|----------------------------------------------------------------------------------------------------|----------------|---------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------|
| [ACME DNS](https://github.com/joohoi/acme-dns) | `acme-dns` | `ACME_DNS_API_BASE`, `ACME_DNS_STORAGE_PATH` | [Additional configuration](https://go-acme.github.io/lego/dns/acme-dns) |
| [Alibaba Cloud](https://www.alibabacloud.com) | `alidns` | `ALICLOUD_ACCESS_KEY`, `ALICLOUD_SECRET_KEY`, `ALICLOUD_REGION_ID` | [Additional configuration](https://go-acme.github.io/lego/dns/alidns) |
| [all-inkl](https://all-inkl.com) | `allinkl` | `ALL_INKL_LOGIN`, `ALL_INKL_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/allinkl) |
| [ArvanCloud](https://www.arvancloud.com/en) | `arvancloud` | `ARVANCLOUD_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/arvancloud) |
| [Auroradns](https://www.pcextreme.com/dns-health-checks) | `auroradns` | `AURORA_USER_ID`, `AURORA_KEY`, `AURORA_ENDPOINT` | [Additional configuration](https://go-acme.github.io/lego/dns/auroradns) |
| [Autodns](https://www.internetx.com/domains/autodns/) | `autodns` | `AUTODNS_API_USER`, `AUTODNS_API_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/autodns) |
| [Azure](https://azure.microsoft.com/services/dns/) | `azure` | `AZURE_CLIENT_ID`, `AZURE_CLIENT_SECRET`, `AZURE_SUBSCRIPTION_ID`, `AZURE_TENANT_ID`, `AZURE_RESOURCE_GROUP`, `[AZURE_METADATA_ENDPOINT]` | [Additional configuration](https://go-acme.github.io/lego/dns/azure) |
| [Bindman](https://github.com/labbsr0x/bindman-dns-webhook) | `bindman` | `BINDMAN_MANAGER_ADDRESS` | [Additional configuration](https://go-acme.github.io/lego/dns/bindman) |
| [Blue Cat](https://www.bluecatnetworks.com/) | `bluecat` | `BLUECAT_SERVER_URL`, `BLUECAT_USER_NAME`, `BLUECAT_PASSWORD`, `BLUECAT_CONFIG_NAME`, `BLUECAT_DNS_VIEW` | [Additional configuration](https://go-acme.github.io/lego/dns/bluecat) |
| [Checkdomain](https://www.checkdomain.de/) | `checkdomain` | `CHECKDOMAIN_TOKEN`, | [Additional configuration](https://go-acme.github.io/lego/dns/checkdomain/) |
| [CloudDNS](https://vshosting.eu/) | `clouddns` | `CLOUDDNS_CLIENT_ID`, `CLOUDDNS_EMAIL`, `CLOUDDNS_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/clouddns) |
| [Cloudflare](https://www.cloudflare.com) | `cloudflare` | `CF_API_EMAIL`, `CF_API_KEY` [^5] or `CF_DNS_API_TOKEN`, `[CF_ZONE_API_TOKEN]` | [Additional configuration](https://go-acme.github.io/lego/dns/cloudflare) |
| [ClouDNS](https://www.cloudns.net/) | `cloudns` | `CLOUDNS_AUTH_ID`, `CLOUDNS_AUTH_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/cloudns) |
| [CloudXNS](https://www.cloudxns.net) | `cloudxns` | `CLOUDXNS_API_KEY`, `CLOUDXNS_SECRET_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/cloudxns) |
| [ConoHa](https://www.conoha.jp) | `conoha` | `CONOHA_TENANT_ID`, `CONOHA_API_USERNAME`, `CONOHA_API_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/conoha) |
| [Constellix](https://constellix.com) | `constellix` | `CONSTELLIX_API_KEY`, `CONSTELLIX_SECRET_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/constellix) |
| [deSEC](https://desec.io) | `desec` | `DESEC_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/desec) |
| [DigitalOcean](https://www.digitalocean.com) | `digitalocean` | `DO_AUTH_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/digitalocean) |
| [DNS Made Easy](https://dnsmadeeasy.com) | `dnsmadeeasy` | `DNSMADEEASY_API_KEY`, `DNSMADEEASY_API_SECRET`, `DNSMADEEASY_SANDBOX` | [Additional configuration](https://go-acme.github.io/lego/dns/dnsmadeeasy) |
| [DNSimple](https://dnsimple.com) | `dnsimple` | `DNSIMPLE_OAUTH_TOKEN`, `DNSIMPLE_BASE_URL` | [Additional configuration](https://go-acme.github.io/lego/dns/dnsimple) |
| [DNSPod](https://www.dnspod.com/) | `dnspod` | `DNSPOD_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/dnspod) |
| [Domain Offensive (do.de)](https://www.do.de/) | `dode` | `DODE_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/dode) |
| [Domeneshop](https://domene.shop) | `domeneshop` | `DOMENESHOP_API_TOKEN`, `DOMENESHOP_API_SECRET` | [Additional configuration](https://go-acme.github.io/lego/dns/domeneshop) |
| [DreamHost](https://www.dreamhost.com/) | `dreamhost` | `DREAMHOST_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/dreamhost) |
| [Duck DNS](https://www.duckdns.org/) | `duckdns` | `DUCKDNS_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/duckdns) |
| [Dyn](https://dyn.com) | `dyn` | `DYN_CUSTOMER_NAME`, `DYN_USER_NAME`, `DYN_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/dyn) |
| [Dynu](https://www.dynu.com) | `dynu` | `DYNU_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/dynu) |
| [EasyDNS](https://easydns.com/) | `easydns` | `EASYDNS_TOKEN`, `EASYDNS_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/easydns) |
| [EdgeDNS](https://www.akamai.com/) | `edgedns` | `AKAMAI_CLIENT_TOKEN`, `AKAMAI_CLIENT_SECRET`, `AKAMAI_ACCESS_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/edgedns) |
| [Epik](https://www.epik.com) | `epik` | `EPIK_SIGNATURE` | [Additional configuration](https://go-acme.github.io/lego/dns/epik) |
| [Exoscale](https://www.exoscale.com) | `exoscale` | `EXOSCALE_API_KEY`, `EXOSCALE_API_SECRET`, `EXOSCALE_ENDPOINT` | [Additional configuration](https://go-acme.github.io/lego/dns/exoscale) |
| [Fast DNS](https://www.akamai.com/) | `fastdns` | `AKAMAI_CLIENT_TOKEN`, `AKAMAI_CLIENT_SECRET`, `AKAMAI_ACCESS_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/edgedns) |
| [Freemyip.com](https://freemyip.com) | `freemyip` | `FREEMYIP_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/freemyip) |
| [G-Core Lab](https://gcorelabs.com/dns/) | `gcore` | `GCORE_PERMANENT_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/gcore) |
| [Gandi v5](https://doc.livedns.gandi.net) | `gandiv5` | `GANDIV5_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/gandiv5) |
| [Gandi](https://www.gandi.net) | `gandi` | `GANDI_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/gandi) |
| [Glesys](https://glesys.com/) | `glesys` | `GLESYS_API_USER`, `GLESYS_API_KEY`, `GLESYS_DOMAIN` | [Additional configuration](https://go-acme.github.io/lego/dns/glesys) |
| [GoDaddy](https://godaddy.com/) | `godaddy` | `GODADDY_API_KEY`, `GODADDY_API_SECRET` | [Additional configuration](https://go-acme.github.io/lego/dns/godaddy) |
| [Google Cloud DNS](https://cloud.google.com/dns/docs/) | `gcloud` | `GCE_PROJECT`, Application Default Credentials [^2] [^3], [`GCE_SERVICE_ACCOUNT_FILE`] | [Additional configuration](https://go-acme.github.io/lego/dns/gcloud) |
| [Hetzner](https://hetzner.com) | `hetzner` | `HETZNER_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/hetzner) |
| [hosting.de](https://www.hosting.de) | `hostingde` | `HOSTINGDE_API_KEY`, `HOSTINGDE_ZONE_NAME` | [Additional configuration](https://go-acme.github.io/lego/dns/hostingde) |
| [Hosttech](https://www.hosttech.eu) | `hosttech` | `HOSTTECH_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/hosttech) |
| [Hurricane Electric](https://dns.he.net) | `hurricane` | `HURRICANE_TOKENS` [^6] | [Additional configuration](https://go-acme.github.io/lego/dns/hurricane) |
| [HyperOne](https://www.hyperone.com) | `hyperone` | `HYPERONE_PASSPORT_LOCATION`, `HYPERONE_LOCATION_ID` | [Additional configuration](https://go-acme.github.io/lego/dns/hyperone) |
| [IBM Cloud (SoftLayer)](https://www.ibm.com/cloud/) | `ibmcloud` | `SOFTLAYER_USERNAME`, `SOFTLAYER_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/ibmcloud) |
| [IIJ DNS Platform Service](https://www.iij.ad.jp) | `iijdpf` | `IIJ_DPF_API_TOKEN` , `IIJ_DPF_DPM_SERVICE_CODE` | [Additional configuration](https://go-acme.github.io/lego/dns/iijdpf) |
| [IIJ](https://www.iij.ad.jp/) | `iij` | `IIJ_API_ACCESS_KEY`, `IIJ_API_SECRET_KEY`, `IIJ_DO_SERVICE_CODE` | [Additional configuration](https://go-acme.github.io/lego/dns/iij) |
| [Infoblox](https://www.infoblox.com/) | `infoblox` | `INFOBLOX_USERNAME`, `INFOBLOX_PASSWORD`, `INFOBLOX_HOST` | [Additional configuration](https://go-acme.github.io/lego/dns/infoblox) |
| [Infomaniak](https://www.infomaniak.com) | `infomaniak` | `INFOMANIAK_ACCESS_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/infomaniak) |
| [Internet.bs](https://internetbs.net) | `internetbs` | `INTERNET_BS_API_KEY`, `INTERNET_BS_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/internetbs) |
| [INWX](https://www.inwx.de/en) | `inwx` | `INWX_USERNAME`, `INWX_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/inwx) |
| [ionos](https://ionos.com/) | `ionos` | `IONOS_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/ionos) |
| [iwantmyname](https://iwantmyname.com) | `iwantmyname` | `IWANTMYNAME_USERNAME` , `IWANTMYNAME_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/iwantmyname) |
| [Joker.com](https://joker.com) | `joker` | `JOKER_API_MODE` with `JOKER_API_KEY` or `JOKER_USERNAME`, `JOKER_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/joker) |
| [Lightsail](https://aws.amazon.com/lightsail/) | `lightsail` | `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `DNS_ZONE` | [Additional configuration](https://go-acme.github.io/lego/dns/lightsail) |
| [Linode v4](https://www.linode.com) | `linode` | `LINODE_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/linode) |
| [Liquid Web](https://www.liquidweb.com/) | `liquidweb` | `LIQUID_WEB_PASSWORD`, `LIQUID_WEB_USERNAME`, `LIQUID_WEB_ZONE` | [Additional configuration](https://go-acme.github.io/lego/dns/liquidweb) |
| [Loopia](https://loopia.com/) | `loopia` | `LOOPIA_API_PASSWORD`, `LOOPIA_API_USER` | [Additional configuration](https://go-acme.github.io/lego/dns/loopia) |
| [LuaDNS](https://luadns.com) | `luadns` | `LUADNS_API_USERNAME`, `LUADNS_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/luadns) |
| [MyDNS.jp](https://www.mydns.jp/) | `mydnsjp` | `MYDNSJP_MASTER_ID`, `MYDNSJP_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/mydnsjp) |
| [Mythic Beasts](https://www.mythic-beasts.com) | `mythicbeasts` | `MYTHICBEASTS_USER_NAME`, `MYTHICBEASTS_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/mythicbeasts) |
| [name.com](https://www.name.com/) | `namedotcom` | `NAMECOM_USERNAME`, `NAMECOM_API_TOKEN`, `NAMECOM_SERVER` | [Additional configuration](https://go-acme.github.io/lego/dns/namedotcom) |
| [Namecheap](https://www.namecheap.com) | `namecheap` | `NAMECHEAP_API_USER`, `NAMECHEAP_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/namecheap) |
| [Namesilo](https://www.namesilo.com/) | `namesilo` | `NAMESILO_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/namesilo) |
| [Netcup](https://www.netcup.eu/) | `netcup` | `NETCUP_CUSTOMER_NUMBER`, `NETCUP_API_KEY`, `NETCUP_API_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/netcup) |
| [Netlify](https://www.netlify.com) | `netlify` | `NETLIFY_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/netlify) |
| [Nicmanager](https://www.nicmanager.com) | `nicmanager` | `NICMANAGER_API_EMAIL`, `NICMANAGER_API_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/nicmanager) |
| [NIFCloud](https://cloud.nifty.com/service/dns.htm) | `nifcloud` | `NIFCLOUD_ACCESS_KEY_ID`, `NIFCLOUD_SECRET_ACCESS_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/nifcloud) |
| [Njalla](https://njal.la) | `njalla` | `NJALLA_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/njalla) |
| [NS1](https://ns1.com/) | `ns1` | `NS1_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/ns1) |
| [Open Telekom Cloud](https://cloud.telekom.de) | `otc` | `OTC_DOMAIN_NAME`, `OTC_USER_NAME`, `OTC_PASSWORD`, `OTC_PROJECT_NAME`, `OTC_IDENTITY_ENDPOINT` | [Additional configuration](https://go-acme.github.io/lego/dns/otc) |
| [Openstack Designate](https://docs.openstack.org/designate) | `designate` | `OS_AUTH_URL`, `OS_USERNAME`, `OS_PASSWORD`, `OS_TENANT_NAME`, `OS_REGION_NAME` | [Additional configuration](https://go-acme.github.io/lego/dns/designate) |
| [Oracle Cloud](https://cloud.oracle.com/home) | `oraclecloud` | `OCI_COMPARTMENT_OCID`, `OCI_PRIVKEY_FILE`, `OCI_PRIVKEY_PASS`, `OCI_PUBKEY_FINGERPRINT`, `OCI_REGION`, `OCI_TENANCY_OCID`, `OCI_USER_OCID` | [Additional configuration](https://go-acme.github.io/lego/dns/oraclecloud) |
| [OVH](https://www.ovh.com) | `ovh` | `OVH_ENDPOINT`, `OVH_APPLICATION_KEY`, `OVH_APPLICATION_SECRET`, `OVH_CONSUMER_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/ovh) |
| [Porkbun](https://porkbun.com/) | `porkbun` | `PORKBUN_SECRET_API_KEY`, `PORKBUN_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/porkbun) |
| [PowerDNS](https://www.powerdns.com) | `pdns` | `PDNS_API_KEY`, `PDNS_API_URL` | [Additional configuration](https://go-acme.github.io/lego/dns/pdns) |
| [Rackspace](https://www.rackspace.com/cloud/dns) | `rackspace` | `RACKSPACE_USER`, `RACKSPACE_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/rackspace) |
| [reg.ru](https://www.reg.ru) | `regru` | `REGRU_USERNAME`, `REGRU_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/regru) |
| [RFC2136](https://tools.ietf.org/html/rfc2136) | `rfc2136` | `RFC2136_TSIG_KEY`, `RFC2136_TSIG_SECRET`, `RFC2136_TSIG_ALGORITHM`, `RFC2136_NAMESERVER` | [Additional configuration](https://go-acme.github.io/lego/dns/rfc2136) |
| [RimuHosting](https://rimuhosting.com) | `rimuhosting` | `RIMUHOSTING_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/rimuhosting) |
| [Route 53](https://aws.amazon.com/route53/) | `route53` | `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `[AWS_REGION]`, `[AWS_HOSTED_ZONE_ID]` or a configured user/instance IAM profile. | [Additional configuration](https://go-acme.github.io/lego/dns/route53) |
| [Sakura Cloud](https://cloud.sakura.ad.jp/) | `sakuracloud` | `SAKURACLOUD_ACCESS_TOKEN`, `SAKURACLOUD_ACCESS_TOKEN_SECRET` | [Additional configuration](https://go-acme.github.io/lego/dns/sakuracloud) |
| [Scaleway](https://www.scaleway.com) | `scaleway` | `SCALEWAY_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/scaleway) |
| [Selectel](https://selectel.ru/en/) | `selectel` | `SELECTEL_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/selectel) |
| [Servercow](https://servercow.de) | `servercow` | `SERVERCOW_USERNAME`, `SERVERCOW_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/servercow) |
| [Simply.com](https://www.simply.com/en/domains/) | `simply` | `SIMPLY_ACCOUNT_NAME`, `SIMPLY_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/simply) |
| [Sonic](https://www.sonic.com/) | `sonic` | `SONIC_USER_ID`, `SONIC_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/sonic) |
| [Stackpath](https://www.stackpath.com/) | `stackpath` | `STACKPATH_CLIENT_ID`, `STACKPATH_CLIENT_SECRET`, `STACKPATH_STACK_ID` | [Additional configuration](https://go-acme.github.io/lego/dns/stackpath) |
| [Tencent Cloud DNS](https://cloud.tencent.com/product/cns) | `tencentcloud` | `TENCENTCLOUD_SECRET_ID`, `TENCENTCLOUD_SECRET_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/tencentcloud) |
| [TransIP](https://www.transip.nl/) | `transip` | `TRANSIP_ACCOUNT_NAME`, `TRANSIP_PRIVATE_KEY_PATH` | [Additional configuration](https://go-acme.github.io/lego/dns/transip) |
| [UKFast SafeDNS](https://www.ans.co.uk/cloud-and-infrastructure/dedicated-servers/dns-management/) | `safedns` | `SAFEDNS_AUTH_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/safedns) |
| [VegaDNS](https://github.com/shupp/VegaDNS-API) | `vegadns` | `SECRET_VEGADNS_KEY`, `SECRET_VEGADNS_SECRET`, `VEGADNS_URL` | [Additional configuration](https://go-acme.github.io/lego/dns/vegadns) |
| [Vercel](https://vercel.com) | `vercel` | `VERCEL_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/vercel) |
| [Versio](https://www.versio.nl/domeinnamen) | `versio` | `VERSIO_USERNAME`, `VERSIO_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/versio) |
| [VinylDNS](https://www.vinyldns.io) | `vinyldns` | `VINYLDNS_ACCESS_KEY`, `VINYLDNS_SECRET_KEY`, `VINYLDNS_HOST` | [Additional configuration](https://go-acme.github.io/lego/dns/vinyldns) |
| [Vscale](https://vscale.io/) | `vscale` | `VSCALE_API_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/vscale) |
| [VULTR](https://www.vultr.com) | `vultr` | `VULTR_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/vultr) |
| [WEDOS](https://www.wedos.com) | `wedos` | `WEDOS_USERNAME`, `WEDOS_WAPI_PASSWORD` | [Additional configuration](https://go-acme.github.io/lego/dns/wedos) |
| [Yandex](https://yandex.com) | `yandex` | `YANDEX_PDD_TOKEN` | [Additional configuration](https://go-acme.github.io/lego/dns/yandex) |
| [Zone.ee](https://www.zone.ee) | `zoneee` | `ZONEEE_API_USER`, `ZONEEE_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/zoneee) |
| [Zonomi](https://zonomi.com) | `zonomi` | `ZONOMI_API_KEY` | [Additional configuration](https://go-acme.github.io/lego/dns/zonomi) |
| External Program | `exec` | `EXEC_PATH` | [Additional configuration](https://go-acme.github.io/lego/dns/exec) |
| HTTP request | `httpreq` | `HTTPREQ_ENDPOINT`, `HTTPREQ_MODE`, `HTTPREQ_USERNAME`, `HTTPREQ_PASSWORD` [^1] | [Additional configuration](https://go-acme.github.io/lego/dns/httpreq) |
| manual | `manual` | none, but you need to run Traefik interactively [^4], turn on debug log to see instructions and press <kbd>Enter</kbd>. | |
[^1]: More information about the HTTP message format can be found [here](https://go-acme.github.io/lego/dns/httpreq/).
[^2]: [Providing credentials to your application](https://cloud.google.com/docs/authentication/production).
@@ -661,8 +661,10 @@ certificatesResolvers:
If Let's Encrypt is not reachable, the following certificates will apply:
1. Previously generated ACME certificates (before downtime)
1. Expired ACME certificates
1. Provided certificates
2. Expired ACME certificates
3. Provided certificates
!!! important
For new (sub)domains which need Let's Encrypt authentication, the default Traefik certificate will be used until Traefik is restarted.
{!traefik-for-business-applications.md!}

2
docs/content/https/overview.md
View File

@@ -19,3 +19,5 @@ The next sections of this documentation explain how to configure the TLS connect
That is to say, how to obtain [TLS certificates](./tls.md#certificates-definition):
either through a definition in the dynamic configuration, or through [Let's Encrypt](./acme.md) (ACME).
And how to configure [TLS options](./tls.md#tls-options), and [certificates stores](./tls.md#certificates-stores).
{!traefik-for-business-applications.md!}

35
docs/content/https/tls.md
View File

@@ -396,39 +396,6 @@ spec:
sniStrict: true
```
### Prefer Server Cipher Suites
This option allows the server to choose its most preferred cipher suite instead of the client's.
Please note that this is enabled automatically when `minVersion` or `maxVersion` are set.
```yaml tab="File (YAML)"
# Dynamic configuration
tls:
options:
default:
preferServerCipherSuites: true
```
```toml tab="File (TOML)"
# Dynamic configuration
[tls.options]
[tls.options.default]
preferServerCipherSuites = true
```
```yaml tab="Kubernetes"
apiVersion: traefik.containo.us/v1alpha1
kind: TLSOption
metadata:
name: default
namespace: default
spec:
preferServerCipherSuites: true
```
### ALPN Protocols
_Optional, Default="h2, http/1.1, acme-tls/1"_
@@ -523,3 +490,5 @@ spec:
- secretCA
clientAuthType: RequireAndVerifyClientCert
```
{!traefik-for-business-applications.md!}

4
docs/content/includes/.markdownlint.json Normal file
View File

@@ -0,0 +1,4 @@
{
"extends": "../../.markdownlint.json",
"MD041": false
}

16
docs/content/includes/traefik-for-business-applications.md Normal file
View File

@@ -0,0 +1,16 @@
---
!!! question "Using Traefik for Business Applications?"
If you are using Traefik for commercial applications,
consider the [Enterprise Edition](https://traefik.io/traefik-enterprise/).
You can use it as your:
- [Kubernetes Ingress Controller](https://traefik.io/solutions/kubernetes-ingress/)
- [Docker Swarm Ingress Controller](https://traefik.io/solutions/docker-swarm-ingress/)
- [API Gateway](https://traefik.io/solutions/api-gateway/)
Traefik Enterprise enables centralized access management,
distributed Let's Encrypt,
and other advanced capabilities.
Learn more in [this 15-minute technical walkthrough](https://info.traefik.io/watch-traefikee-demo).

9
docs/content/index.md
View File

@@ -26,7 +26,8 @@ Developing Traefik, our main goal is to make it simple to use, and we're sure yo
Join our user friendly and active [Community Forum](https://community.traefik.io) to discuss, learn, and connect with the traefik community.
If you're a business running critical services behind Traefik,
know that [Traefik Labs](https://traefik.io), the company that sponsors Traefik's development,
can provide [commercial support](https://info.traefik.io/commercial-services)
and develops an [Enterprise Edition](https://traefik.io/traefik-enterprise/) of Traefik.
Using Traefik for commercial applications?
Consider the [Enterprise Edition](https://traefik.io/traefik-enterprise/) of Traefik as your [Kubernetes Ingress](https://traefik.io/solutions/kubernetes-ingress/),
your [Docker Swarm Load Balancer](https://traefik.io/solutions/docker-swarm-ingress/),
or your [API gateway](https://traefik.io/solutions/api-gateway/).
Get started with a [free 30-day trial](https://info.traefik.io/get-traefik-enterprise-free-for-30-days).

2
docs/content/middlewares/http/headers.md
View File

@@ -469,3 +469,5 @@ The `permissionsPolicy` allows sites to control browser features.
Set `isDevelopment` to `true` when developing to mitigate the unwanted effects of the `AllowedHosts`, SSL, and STS options.
Usually testing takes place using HTTP, not HTTPS, and on `localhost`, not your production domain.
If you would like your development environment to mimic production with complete Host blocking, SSL redirects, and STS headers, leave this as `false`.
{!traefik-for-business-applications.md!}

6
docs/content/middlewares/http/overview.md
View File

@@ -153,3 +153,9 @@ http:
| [Retry](retry.md) | Automatically retries in case of error | Request lifecycle |
| [StripPrefix](stripprefix.md) | Changes the path of the request | Path Modifier |
| [StripPrefixRegex](stripprefixregex.md) | Changes the path of the request | Path Modifier |
## Community Middlewares
Please take a look at the community-contributed plugins in the [plugin catalog](https://pilot.traefik.io/plugins).
{!traefik-for-business-applications.md!}

25
docs/content/middlewares/http/passtlsclientcert.md
View File

@@ -445,6 +445,23 @@ Subject="DC=org,DC=cheese,C=FR,C=US,ST=Cheese org state,ST=Cheese com state,L=TO
If there are more than one certificate, they are separated by a `,`.
#### `info.serialNumber`
Set the `info.serialNumber` option to `true` to add the `Serial Number` of the certificate.
The data is taken from the following certificate part:
```text
Serial Number:
6a:2f:20:f8:ce:8d:48:52:ba:d9:bb:be:60:ec:bf:79
```
And it is formatted as follows in the header (decimal representation):
```text
SerialNumber="141142874255168551917600297745052909433"
```
#### `info.notAfter`
Set the `info.notAfter` option to `true` to add the `Not After` information from the `Validity` part.
@@ -452,8 +469,8 @@ Set the `info.notAfter` option to `true` to add the `Not After` information from
The data is taken from the following certificate part:
```text
Validity
Not After : Dec 5 11:10:16 2020 GMT
Validity
Not After : Dec 5 11:10:16 2020 GMT
```
And it is formatted as follows in the header:
@@ -486,8 +503,8 @@ Set the `info.sans` option to `true` to add the `Subject Alternative Name` infor
The data is taken from the following certificate part:
```text
X509v3 Subject Alternative Name:
DNS:*.example.org, DNS:*.example.net, DNS:*.example.com, IP Address:10.0.1.0, IP Address:10.0.1.2, email:test@example.org, email:test@example.net
X509v3 Subject Alternative Name:
DNS:*.example.org, DNS:*.example.net, DNS:*.example.com, IP Address:10.0.1.0, IP Address:10.0.1.2, email:test@example.org, email:test@example.net
```
And it is formatted as follows in the header:

11
docs/content/middlewares/http/redirectscheme.md
View File

@@ -12,7 +12,16 @@ Redirecting the Client to a Different Scheme/Port
TODO: add schema
-->
RedirectScheme redirects requests from a scheme/port to another.
The RedirectScheme middleware redirects the request if the request scheme is different from the configured scheme.
!!! warning "When behind another reverse-proxy"
When there is at least one other reverse-proxy between the client and Traefik,
the other reverse-proxy (i.e. the last hop) needs to be a [trusted](../../routing/entrypoints.md#forwarded-headers) one.
Otherwise, Traefik would clean up the X-Forwarded headers coming from this last hop,
and as the RedirectScheme middleware relies on them to determine the scheme used,
it would not function as intended.
## Configuration Examples

2
docs/content/middlewares/overview.md
View File

@@ -129,3 +129,5 @@ http:
A list of HTTP middlewares can be found [here](http/overview.md).
A list of TCP middlewares can be found [here](tcp/overview.md).
{!traefik-for-business-applications.md!}

13
docs/content/migration/v2.md
View File

@@ -50,6 +50,7 @@ rules:
- watch
- apiGroups:
- extensions
- networking.k8s.io
resources:
- ingresses
verbs:
@@ -58,6 +59,7 @@ rules:
- watch
- apiGroups:
- extensions
- networking.k8s.io
resources:
- ingresses/status
verbs:
@@ -147,6 +149,7 @@ rules:
- watch
- apiGroups:
- extensions
- networking.k8s.io
resources:
- ingresses
verbs:
@@ -155,6 +158,7 @@ rules:
- watch
- apiGroups:
- extensions
- networking.k8s.io
resources:
- ingresses/status
verbs:
@@ -441,7 +445,7 @@ To enable HTTP/3 on an EntryPoint, please check out the [HTTP/3 configuration](.
### Kubernetes Gateway API Provider
In `v2.6`, the [Kubernetes Gateway API provider](../providers/kubernetes-gateway.md) now only supports the version [v1alpha2](https://gateway-api.sigs.k8s.io/v1alpha2/guides/getting-started/) of the specification and
[route namespaces](https://gateway-api.sigs.k8s.io/v1alpha2/references/spec/#gateway.networking.k8s.io/v1alpha2.RouteNamespaces) selectors, which requires Traefik to fetch and watch the cluster namespaces.
[route namespaces](https://gateway-api.sigs.k8s.io/v1alpha2/references/spec/#gateway.networking.k8s.io/v1beta1.RouteNamespaces) selectors, which requires Traefik to fetch and watch the cluster namespaces.
Therefore, the [RBAC](../reference/dynamic-configuration/kubernetes-gateway.md#rbac) and [CRD](../reference/dynamic-configuration/kubernetes-gateway.md#definitions) definitions must be updated.
## v2.6.0 to v2.6.1
@@ -473,3 +477,10 @@ In `v2.8`, the `namespace` option of Consul and Consul Catalog providers is depr
In `v2.8`, the `pilot.token` and `pilot.dashboard` options are deprecated.
Please check our Blog for migration instructions later this year.
## v2.8.2
Since `v2.5.0`, the `PreferServerCipherSuites` is [deprecated and ignored](https://tip.golang.org/doc/go1.17#crypto/tls) by Go,
in `v2.8.2` the `preferServerCipherSuites` option is also deprecated and ignored in Traefik.
In `v2.8.2`, Traefik now reject certificates signed with the SHA-1 hash function. ([details](https://tip.golang.org/doc/go1.18#sha1))

2
docs/content/operations/dashboard.md
View File

@@ -128,3 +128,5 @@ api:
You can now access the dashboard on the port `8080` of the Traefik instance,
at the following URL: `http://<Traefik IP>:8080/dashboard/` (trailing slash is mandatory).
{!traefik-for-business-applications.md!}

50
docs/content/plugins/index.md
View File

@@ -1,54 +1,32 @@
---
title: "Traefik Plugins Documentation"
description: "Learn how to connect Traefik Proxy with Pilot, a SaaS platform that offers features for metrics, alerts, and plugins. Read the technical documentation."
description: "Learn how to use Traefik Plugins. Read the technical documentation."
---
# Plugins and Traefik Pilot
# Traefik Plugins and the Plugin Catalog
Traefik Pilot is a software-as-a-service (SaaS) platform that connects to Traefik to extend its capabilities.
It offers a number of features to enhance observability and control of Traefik through a global control plane and dashboard, including:
Plugins are a powerful feature for extending Traefik with custom features and behaviors.
The [Plugin Catalog](https://plugins.traefik.io/) is a software-as-a-service (SaaS) platform that provides an exhaustive list of the existing plugins.
* Metrics for network activity of Traefik proxies and groups of proxies
* Alerts for service health issues and security vulnerabilities
* Plugins that extend the functionality of Traefik
??? note "Plugin Catalog Access"
You can reach the [Plugin Catalog](https://plugins.traefik.io/) from the Traefik Dashboard using the `Plugins` menu entry.
!!! important "Learn More About Traefik Pilot"
This section is intended only as a brief overview for Traefik users who are not familiar with Traefik Pilot.
To explore all that Traefik Pilot has to offer, please consult the [Traefik Pilot Documentation](https://doc.traefik.io/traefik-pilot/)
To add a new plugin to a Traefik instance, you must change that instance's static configuration.
Each plugin's **Install** section provides a static configuration example.
Many plugins have their own section in the Traefik dynamic configuration.
!!! Note "Prerequisites"
Traefik Pilot is compatible with Traefik Proxy 2.3 or later.
## Connecting to Traefik Pilot
To connect your Traefik proxies to Traefik Pilot, login or create an account at the [Traefik Pilot homepage](https://pilot.traefik.io) and choose **Register New Traefik Instance**.
To complete the connection, Traefik Pilot will issue a token that must be added to your Traefik static configuration, according to the instructions provided by the Traefik Pilot dashboard.
For more information, consult the [Quick Start Guide](https://doc.traefik.io/traefik-pilot/connecting/)
Health and security alerts for registered Traefik instances can be enabled from the Preferences in your [Traefik Pilot Profile](https://pilot.traefik.io/profile).
## Plugins
Plugins are available to any Traefik proxies that are connected to Traefik Pilot.
They are a powerful feature for extending Traefik with custom features and behaviors.
You can browse community-contributed plugins from the catalog in the [Traefik Pilot Dashboard](https://pilot.traefik.io/plugins).
To add a new plugin to a Traefik instance, you must modify that instance's static configuration.
The code to be added is provided for you when you choose **Install the Plugin** from the Traefik Pilot dashboard.
To learn more about Traefik plugins, consult the [documentation](https://doc.traefik.io/traefik-pilot/plugins/overview/).
To learn more about Traefik plugins, consult the [documentation](https://plugins.traefik.io/install).
!!! danger "Experimental Features"
Plugins can potentially modify the behavior of Traefik in unforeseen ways.
Plugins can change the behavior of Traefik in unforeseen ways.
Exercise caution when adding new plugins to production Traefik instances.
## Build Your Own Plugins
Traefik users can create their own plugins and contribute them to the Traefik Pilot catalog to share them with the community.
Traefik users can create their own plugins and share them with the community using the Plugin Catalog.
Traefik plugins are loaded dynamically.
Traefik will load plugins dynamically.
They need not be compiled, and no complex toolchain is necessary to build them.
The experience of implementing a Traefik plugin is comparable to writing a web browser extension.
To learn more and see code for example Traefik plugins, please see the [developer documentation](https://doc.traefik.io/traefik-pilot/plugins/plugin-dev/).
To learn more about Traefik plugin creation, please refer to the [developer documentation](https://plugins.traefik.io/create).

4
docs/content/providers/docker.md
View File

@@ -531,7 +531,7 @@ providers:
_Optional, Default=true_
Watch Docker Swarm events.
Watch Docker events.
```yaml tab="File (YAML)"
providers:
@@ -714,3 +714,5 @@ providers:
```bash tab="CLI"
--providers.docker.tls.insecureSkipVerify=true
```
{!traefik-for-business-applications.md!}

67
docs/content/providers/ecs.md
View File

@@ -65,7 +65,7 @@ _Optional, Default=false_
Search for services in cluster list.
- If set to `true` service discovery is disabled on configured clusters, but enabled for all other clusters.
- If set to `true` service discovery is enabled for all clusters.
- If set to `false` service discovery is enabled on configured clusters only.
```yaml tab="File (YAML)"
@@ -91,6 +91,7 @@ providers:
_Optional, Default=["default"]_
Search for services in cluster list.
This option is ignored if `autoDiscoverClusters` is set to `true`.
```yaml tab="File (YAML)"
providers:
@@ -137,6 +138,70 @@ providers:
# ...
```
### `constraints`
_Optional, Default=""_
The `constraints` option can be set to an expression that Traefik matches against the container labels (task),
to determine whether to create any route for that container.
If none of the container labels match the expression, no route for that container is created.
If the expression is empty, all detected containers are included.
The expression syntax is based on the `Label("key", "value")`, and `LabelRegex("key", "value")` functions,
as well as the usual boolean logic, as shown in examples below.
??? example "Constraints Expression Examples"
```toml
# Includes only containers having a label with key `a.label.name` and value `foo`
constraints = "Label(`a.label.name`, `foo`)"
```
```toml
# Excludes containers having any label with key `a.label.name` and value `foo`
constraints = "!Label(`a.label.name`, `value`)"
```
```toml
# With logical AND.
constraints = "Label(`a.label.name`, `valueA`) && Label(`another.label.name`, `valueB`)"
```
```toml
# With logical OR.
constraints = "Label(`a.label.name`, `valueA`) || Label(`another.label.name`, `valueB`)"
```
```toml
# With logical AND and OR, with precedence set by parentheses.
constraints = "Label(`a.label.name`, `valueA`) && (Label(`another.label.name`, `valueB`) || Label(`yet.another.label.name`, `valueC`))"
```
```toml
# Includes only containers having a label with key `a.label.name` and a value matching the `a.+` regular expression.
constraints = "LabelRegex(`a.label.name`, `a.+`)"
```
For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#restrict-the-scope-of-service-discovery).
```yaml tab="File (YAML)"
providers:
ecs:
constraints: "Label(`a.label.name`,`foo`)"
# ...
```
```toml tab="File (TOML)"
[providers.ecs]
constraints = "Label(`a.label.name`,`foo`)"
# ...
```
```bash tab="CLI"
--providers.ecs.constraints=Label(`a.label.name`,`foo`)
# ...
```
### `defaultRule`
_Optional, Default=```Host(`{{ normalize .Name }}`)```_

2
docs/content/providers/file.md
View File

@@ -291,3 +291,5 @@ To illustrate, it is possible to easily define multiple routers, services, and T
# ...
{{ end }}
```
{!traefik-for-business-applications.md!}

19
docs/content/providers/kubernetes-crd.md
View File

@@ -31,15 +31,14 @@ the Traefik engineering team developed a [Custom Resource Definition](https://ku
For Kubernetes `v1.16+`, please use the Traefik `apiextensions.k8s.io/v1` CRDs instead.
??? example "Initializing Resource Definition and RBAC"
!!! example "Installing Resource Definition and RBAC"
```yaml tab="Traefik Resource Definition"
# All resources definition must be declared
--8<-- "content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml"
```
```yaml tab="RBAC for Traefik CRD"
--8<-- "content/reference/dynamic-configuration/kubernetes-crd-rbac.yml"
```bash
# Install Traefik Resource Definitions:
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.8/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
# Install RBAC for Traefik:
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.8/docs/content/reference/dynamic-configuration/kubernetes-crd-rbac.yml
```
## Resource Configuration
@@ -161,7 +160,7 @@ providers:
_Optional, Default: []_
Array of namespaces to watch.
If left empty, watches all namespaces if the value of `namespaces`.
If left empty, Traefik watches all namespaces.
```yaml tab="File (YAML)"
providers:
@@ -345,3 +344,5 @@ providers:
## Full Example
For additional information, refer to the [full example](../user-guides/crd-acme/index.md) with Let's Encrypt.
{!traefik-for-business-applications.md!}

2
docs/content/providers/kubernetes-gateway.md
View File

@@ -193,7 +193,7 @@ providers:
_Optional, Default: []_
Array of namespaces to watch.
If left empty, watches all namespaces if the value of `namespaces`.
If left empty, Traefik watches all namespaces.
```yaml tab="File (YAML)"
providers:

10
docs/content/providers/kubernetes-ingress.md
View File

@@ -201,7 +201,7 @@ providers:
_Optional, Default: []_
Array of namespaces to watch.
If left empty, watches all namespaces if the value of `namespaces`.
If left empty, Traefik watches all namespaces.
```yaml tab="File (YAML)"
providers:
@@ -374,7 +374,7 @@ providers:
_Optional, Default: ""_
IP used for Kubernetes Ingress endpoints.
This IP will get copied to Ingress `status.loadbalancer.ip`, and currently only supports one IP value (IPv4 or IPv6).
```yaml tab="File (YAML)"
providers:
@@ -398,7 +398,9 @@ providers:
_Optional, Default: ""_
Published Kubernetes Service to copy status from.
The Kubernetes service to copy status from.
When using third parties tools like External-DNS, this option can be used to copy the service `loadbalancer.status` (containing the service's endpoints IPs) to the ingresses.
Format: `namespace/servicename`.
```yaml tab="File (YAML)"
@@ -501,3 +503,5 @@ providers:
To learn more about the various aspects of the Ingress specification that Traefik supports,
many examples of Ingresses definitions are located in the test [examples](https://github.com/traefik/traefik/tree/v2.8/pkg/provider/kubernetes/ingress/fixtures) of the Traefik repository.
{!traefik-for-business-applications.md!}

79
docs/content/providers/nomad.md
View File

@@ -158,33 +158,6 @@ providers:
# ...
```
#### `datacenter`
_Optional, Default=""_
Defines the datacenter to use.
If not provided in Traefik, Nomad uses the agent datacenter.
```yaml tab="File (YAML)"
providers:
nomad:
endpoint:
datacenter: dc1
# ...
```
```toml tab="File (TOML)"
[providers.nomad]
[providers.nomad.endpoint]
datacenter = "dc1"
# ...
```
```bash tab="CLI"
--providers.nomad.endpoint.datacenter=dc1
# ...
```
#### `token`
_Optional, Default=""_
@@ -238,58 +211,6 @@ providers:
# ...
```
#### `httpAuth`
_Optional_
Used to authenticate the HTTP client using HTTP Basic Authentication.
##### `username`
_Optional, Default=""_
Username to use for HTTP Basic Authentication.
```yaml tab="File (YAML)"
providers:
nomad:
endpoint:
httpAuth:
username: admin
```
```toml tab="File (TOML)"
[providers.nomad.endpoint.httpAuth]
username = "admin"
```
```bash tab="CLI"
--providers.nomad.endpoint.httpauth.username=admin
```
##### `password`
_Optional, Default=""_
Password to use for HTTP Basic Authentication.
```yaml tab="File (YAML)"
providers:
nomad:
endpoint:
httpAuth:
password: passw0rd
```
```toml tab="File (TOML)"
[providers.nomad.endpoint.httpAuth]
password = "passw0rd"
```
```bash tab="CLI"
--providers.nomad.endpoint.httpauth.password=passw0rd
```
#### `tls`
_Optional_

4
docs/content/providers/overview.md
View File

@@ -213,6 +213,7 @@ you can do so in two different ways:
List of providers that support these features:
- [Docker](./docker.md#exposedbydefault)
- [ECS](./ecs.md#exposedbydefault)
- [Consul Catalog](./consul-catalog.md#exposedbydefault)
- [Nomad](./nomad.md#exposedbydefault)
- [Rancher](./rancher.md#exposedbydefault)
@@ -223,6 +224,7 @@ List of providers that support these features:
List of providers that support constraints:
- [Docker](./docker.md#constraints)
- [ECS](./ecs.md#constraints)
- [Consul Catalog](./consul-catalog.md#constraints)
- [Nomad](./nomad.md#constraints)
- [Rancher](./rancher.md#constraints)
@@ -230,3 +232,5 @@ List of providers that support constraints:
- [Kubernetes CRD](./kubernetes-crd.md#labelselector)
- [Kubernetes Ingress](./kubernetes-ingress.md#labelselector)
- [Kubernetes Gateway](./kubernetes-gateway.md#labelselector)
{!traefik-for-business-applications.md!}

2275
docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
View File

File diff suppressed because it is too large Load Diff

1
docs/content/reference/dynamic-configuration/kubernetes-crd-rbac.yml
View File

@@ -26,6 +26,7 @@ rules:
- watch
- apiGroups:
- extensions
- networking.k8s.io
resources:
- ingresses/status
verbs:

10
docs/content/reference/dynamic-configuration/kubernetes-crd.md
View File

@@ -8,13 +8,19 @@ description: "Learn about the definitions, resources, and RBAC of dynamic config
Dynamic configuration with Kubernetes Custom Resource
{: .subtitle }
!!! warning "Deprecated apiextensions.k8s.io/v1beta1 CRD"
The `apiextensions.k8s.io/v1beta1` CustomResourceDefinition is deprecated in Kubernetes `v1.16+` and will be removed in `v1.22+`.
For Kubernetes `v1.16+`, please use the Traefik `apiextensions.k8s.io/v1` CRDs instead.
## Definitions
```yaml tab="apiextensions.k8s.io/v1"
```yaml tab="apiextensions.k8s.io/v1 (Kubernetes v1.16+)"
--8<-- "content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml"
```
```yaml tab="apiextensions.k8s.io/v1beta1"
```yaml tab="apiextensions.k8s.io/v1beta1 (Deprecated)"
--8<-- "content/reference/dynamic-configuration/kubernetes-crd-definition-v1beta1.yml"
```

124
docs/content/reference/dynamic-configuration/traefik.containo.us_ingressroutes.yaml
View File

@@ -19,7 +19,7 @@ spec:
- name: v1alpha1
schema:
openAPIV3Schema:
description: IngressRoute is an Ingress CRD specification.
description: IngressRoute is the CRD implementation of a Traefik HTTP Router.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
@@ -34,96 +34,151 @@ spec:
metadata:
type: object
spec:
description: IngressRouteSpec is a specification for a IngressRouteSpec
resource.
description: IngressRouteSpec defines the desired state of IngressRoute.
properties:
entryPoints:
description: 'EntryPoints defines the list of entry point names to
bind to. Entry points have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v2.8/routing/entrypoints/
Default: all.'
items:
type: string
type: array
routes:
description: Routes defines the list of routes.
items:
description: Route contains the set of routes.
description: Route holds the HTTP route configuration.
properties:
kind:
description: Kind defines the kind of the route. Rule is the
only supported kind.
enum:
- Rule
type: string
match:
description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v2.8/routing/routers/#rule'
type: string
middlewares:
description: 'Middlewares defines the list of references to
Middleware resources. More info: https://doc.traefik.io/traefik/v2.8/routing/providers/kubernetes-crd/#kind-middleware'
items:
description: MiddlewareRef is a ref to the Middleware resources.
description: MiddlewareRef is a reference to a Middleware
resource.
properties:
name:
description: Name defines the name of the referenced Middleware
resource.
type: string
namespace:
description: Namespace defines the namespace of the referenced
Middleware resource.
type: string
required:
- name
type: object
type: array
priority:
description: 'Priority defines the router''s priority. More
info: https://doc.traefik.io/traefik/v2.8/routing/routers/#priority'
type: integer
services:
description: Services defines the list of Service. It can contain
any combination of TraefikService and/or reference to a Kubernetes
Service.
items:
description: Service defines an upstream to proxy traffic.
description: Service defines an upstream HTTP service to proxy
traffic to.
properties:
kind:
description: Kind defines the kind of the Service.
enum:
- Service
- TraefikService
type: string
name:
description: Name is a reference to a Kubernetes Service
object (for a load-balancer of servers), or to a TraefikService
object (service load-balancer, mirroring, etc). The
differentiation between the two is specified in the
Kind field.
description: Name defines the name of the referenced Kubernetes
Service or TraefikService. The differentiation between
the two is specified in the Kind field.
type: string
namespace:
description: Namespace defines the namespace of the referenced
Kubernetes Service or TraefikService.
type: string
passHostHeader:
description: PassHostHeader defines whether the client
Host header is forwarded to the upstream Kubernetes
Service. By default, passHostHeader is true.
type: boolean
port:
anyOf:
- type: integer
- type: string
description: Port defines the port of a Kubernetes Service.
This can be a reference to a named port.
x-kubernetes-int-or-string: true
responseForwarding:
description: ResponseForwarding holds configuration for
the forward of the response.
description: ResponseForwarding defines how Traefik forwards
the response from the upstream Kubernetes Service to
the client.
properties:
flushInterval:
description: 'FlushInterval defines the interval,
in milliseconds, in between flushes to the client
while copying the response body. A negative value
means to flush immediately after each write to the
client. This configuration is ignored when ReverseProxy
recognizes a response as a streaming response; for
such responses, writes are flushed to the client
immediately. Default: 100ms'
type: string
type: object
scheme:
description: Scheme defines the scheme to use for the
request to the upstream Kubernetes Service. It defaults
to https when Kubernetes Service port is 443, http otherwise.
type: string
serversTransport:
description: ServersTransport defines the name of ServersTransport
resource to use. It allows to configure the transport
between Traefik and your servers. Can only be used on
a Kubernetes Service.
type: string
sticky:
description: Sticky holds the sticky configuration.
description: 'Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v2.8/routing/services/#sticky-sessions'
properties:
cookie:
description: Cookie holds the sticky configuration
based on cookie.
description: Cookie defines the sticky cookie configuration.
properties:
httpOnly:
description: HTTPOnly defines whether the cookie
can be accessed by client-side APIs, such as
JavaScript.
type: boolean
name:
description: Name defines the Cookie name.
type: string
sameSite:
description: 'SameSite defines the same site policy.
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
type: string
secure:
description: Secure defines whether the cookie
can only be transmitted over an encrypted connection
(i.e. HTTPS).
type: boolean
type: object
type: object
strategy:
description: Strategy defines the load balancing strategy
between the servers. RoundRobin is the only supported
value at the moment.
type: string
weight:
description: Weight should only be specified when Name
references a TraefikService object (and to be precise,
one that embeds a Weighted Round Robin).
description: Weight defines the weight and should only
be specified when Name references a TraefikService object
(and to be precise, one that embeds a Weighted Round
Robin).
type: integer
required:
- name
@@ -135,32 +190,42 @@ spec:
type: object
type: array
tls:
description: "TLS contains the TLS certificates configuration of the
routes. To enable Let's Encrypt, use an empty TLS struct, e.g. in
YAML: \n \t tls: {} # inline format \n \t tls: \t secretName:
# block format"
description: 'TLS defines the TLS configuration. More info: https://doc.traefik.io/traefik/v2.8/routing/routers/#tls'
properties:
certResolver:
description: 'CertResolver defines the name of the certificate
resolver to use. Cert resolvers have to be configured in the
static configuration. More info: https://doc.traefik.io/traefik/v2.8/https/acme/#certificate-resolvers'
type: string
domains:
description: 'Domains defines the list of domains that will be
used to issue certificates. More info: https://doc.traefik.io/traefik/v2.8/routing/routers/#domains'
items:
description: Domain holds a domain name with SANs.
properties:
main:
description: Main defines the main domain name.
type: string
sans:
description: SANs defines the subject alternative domain
names.
items:
type: string
type: array
type: object
type: array
options:
description: Options is a reference to a TLSOption, that specifies
the parameters of the TLS connection.
description: 'Options defines the reference to a TLSOption, that
specifies the parameters of the TLS connection. If not defined,
the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v2.8/https/tls/#tls-options'
properties:
name:
description: 'Name defines the name of the referenced TLSOption.
More info: https://doc.traefik.io/traefik/v2.8/routing/providers/kubernetes-crd/#kind-tlsoption'
type: string
namespace:
description: 'Namespace defines the namespace of the referenced
TLSOption. More info: https://doc.traefik.io/traefik/v2.8/routing/providers/kubernetes-crd/#kind-tlsoption'
type: string
required:
- name
@@ -170,12 +235,17 @@ spec:
Secret to specify the certificate details.
type: string
store:
description: Store is a reference to a TLSStore, that specifies
the parameters of the TLS store.
description: Store defines the reference to the TLSStore, that
will be used to store certificates. Please note that only `default`
TLSStore can be used.
properties:
name:
description: 'Name defines the name of the referenced TLSStore.
More info: https://doc.traefik.io/traefik/v2.8/routing/providers/kubernetes-crd/#kind-tlsstore'
type: string
namespace:
description: 'Namespace defines the namespace of the referenced
TLSStore. More info: https://doc.traefik.io/traefik/v2.8/routing/providers/kubernetes-crd/#kind-tlsstore'
type: string
required:
- name

79
docs/content/reference/dynamic-configuration/traefik.containo.us_ingressroutetcps.yaml
View File

@@ -19,7 +19,7 @@ spec:
- name: v1alpha1
schema:
openAPIV3Schema:
description: IngressRouteTCP is an Ingress CRD specification.
description: IngressRouteTCP is the CRD implementation of a Traefik TCP Router.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
@@ -34,58 +34,89 @@ spec:
metadata:
type: object
spec:
description: IngressRouteTCPSpec is a specification for a IngressRouteTCPSpec
resource.
description: IngressRouteTCPSpec defines the desired state of IngressRouteTCP.
properties:
entryPoints:
description: 'EntryPoints defines the list of entry point names to
bind to. Entry points have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v2.8/routing/entrypoints/
Default: all.'
items:
type: string
type: array
routes:
description: Routes defines the list of routes.
items:
description: RouteTCP contains the set of routes.
description: RouteTCP holds the TCP route configuration.
properties:
match:
description: 'Match defines the router''s rule. More info: https://doc.traefik.io/traefik/v2.8/routing/routers/#rule_1'
type: string
middlewares:
description: Middlewares contains references to MiddlewareTCP
description: Middlewares defines the list of references to MiddlewareTCP
resources.
items:
description: ObjectReference is a generic reference to a Traefik
resource.
properties:
name:
description: Name defines the name of the referenced Traefik
resource.
type: string
namespace:
description: Namespace defines the namespace of the referenced
Traefik resource.
type: string
required:
- name
type: object
type: array
priority:
description: 'Priority defines the router''s priority. More
info: https://doc.traefik.io/traefik/v2.8/routing/routers/#priority_1'
type: integer
services:
description: Services defines the list of TCP services.
items:
description: ServiceTCP defines an upstream to proxy traffic.
description: ServiceTCP defines an upstream TCP service to
proxy traffic to.
properties:
name:
description: Name defines the name of the referenced Kubernetes
Service.
type: string
namespace:
description: Namespace defines the namespace of the referenced
Kubernetes Service.
type: string
port:
anyOf:
- type: integer
- type: string
description: Port defines the port of a Kubernetes Service.
This can be a reference to a named port.
x-kubernetes-int-or-string: true
proxyProtocol:
description: ProxyProtocol holds the ProxyProtocol configuration.
description: 'ProxyProtocol defines the PROXY protocol
configuration. More info: https://doc.traefik.io/traefik/v2.8/routing/services/#proxy-protocol'
properties:
version:
description: Version defines the PROXY Protocol version
to use.
type: integer
type: object
terminationDelay:
description: TerminationDelay defines the deadline that
the proxy sets, after one of its connected peers indicates
it has closed the writing capability of its connection,
to close the reading capability as well, hence fully
terminating the connection. It is a duration in milliseconds,
defaulting to 100. A negative value means an infinite
deadline (i.e. the reading capability is never closed).
type: integer
weight:
description: Weight defines the weight used when balancing
requests between multiple Kubernetes Service.
type: integer
required:
- name
@@ -97,49 +128,67 @@ spec:
type: object
type: array
tls:
description: "TLSTCP contains the TLS certificates configuration of
the routes. To enable Let's Encrypt, use an empty TLS struct, e.g.
in YAML: \n \t tls: {} # inline format \n \t tls: \t secretName:
# block format"
description: 'TLS defines the TLS configuration on a layer 4 / TCP
Route. More info: https://doc.traefik.io/traefik/v2.8/routing/routers/#tls_1'
properties:
certResolver:
description: 'CertResolver defines the name of the certificate
resolver to use. Cert resolvers have to be configured in the
static configuration. More info: https://doc.traefik.io/traefik/v2.8/https/acme/#certificate-resolvers'
type: string
domains:
description: 'Domains defines the list of domains that will be
used to issue certificates. More info: https://doc.traefik.io/traefik/v2.8/routing/routers/#domains'
items:
description: Domain holds a domain name with SANs.
properties:
main:
description: Main defines the main domain name.
type: string
sans:
description: SANs defines the subject alternative domain
names.
items:
type: string
type: array
type: object
type: array
options:
description: Options is a reference to a TLSOption, that specifies
the parameters of the TLS connection.
description: 'Options defines the reference to a TLSOption, that
specifies the parameters of the TLS connection. If not defined,
the `default` TLSOption is used. More info: https://doc.traefik.io/traefik/v2.8/https/tls/#tls-options'
properties:
name:
description: Name defines the name of the referenced Traefik
resource.
type: string
namespace:
description: Namespace defines the namespace of the referenced
Traefik resource.
type: string
required:
- name
type: object
passthrough:
description: Passthrough defines whether a TLS router will terminate
the TLS connection.
type: boolean
secretName:
description: SecretName is the name of the referenced Kubernetes
Secret to specify the certificate details.
type: string
store:
description: Store is a reference to a TLSStore, that specifies
the parameters of the TLS store.
description: Store defines the reference to the TLSStore, that
will be used to store certificates. Please note that only `default`
TLSStore can be used.
properties:
name:
description: Name defines the name of the referenced Traefik
resource.
type: string
namespace:
description: Namespace defines the namespace of the referenced
Traefik resource.
type: string
required:
- name

24
docs/content/reference/dynamic-configuration/traefik.containo.us_ingressrouteudps.yaml
View File

@@ -19,7 +19,7 @@ spec:
- name: v1alpha1
schema:
openAPIV3Schema:
description: IngressRouteUDP is an Ingress CRD specification.
description: IngressRouteUDP is a CRD implementation of a Traefik UDP Router.
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
@@ -34,31 +34,45 @@ spec:
metadata:
type: object
spec:
description: IngressRouteUDPSpec is a specification for a IngressRouteUDPSpec
resource.
description: IngressRouteUDPSpec defines the desired state of a IngressRouteUDP.
properties:
entryPoints:
description: 'EntryPoints defines the list of entry point names to
bind to. Entry points have to be configured in the static configuration.
More info: https://doc.traefik.io/traefik/v2.8/routing/entrypoints/
Default: all.'
items:
type: string
type: array
routes:
description: Routes defines the list of routes.
items:
description: RouteUDP contains the set of routes.
description: RouteUDP holds the UDP route configuration.
properties:
services:
description: Services defines the list of UDP services.
items:
description: ServiceUDP defines an upstream to proxy traffic.
description: ServiceUDP defines an upstream UDP service to
proxy traffic to.
properties:
name:
description: Name defines the name of the referenced Kubernetes
Service.
type: string
namespace:
description: Namespace defines the namespace of the referenced
Kubernetes Service.
type: string
port:
anyOf:
- type: integer
- type: string
description: Port defines the port of a Kubernetes Service.
This can be a reference to a named port.
x-kubernetes-int-or-string: true
weight:
description: Weight defines the weight used when balancing
requests between multiple Kubernetes Service.
type: integer
required:
- name

477
docs/content/reference/dynamic-configuration/traefik.containo.us_middlewares.yaml
View File

@@ -19,7 +19,8 @@ spec:
- name: v1alpha1
schema:
openAPIV3Schema:
description: Middleware is a specification for a Middleware resource.
description: 'Middleware is the CRD implementation of a Traefik Middleware.
More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/overview/'
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
@@ -34,54 +35,99 @@ spec:
metadata:
type: object
spec:
description: MiddlewareSpec holds the Middleware configuration.
description: MiddlewareSpec defines the desired state of a Middleware.
properties:
addPrefix:
description: AddPrefix holds the AddPrefix configuration.
description: 'AddPrefix holds the add prefix middleware configuration.
This middleware updates the path of a request before forwarding
it. More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/addprefix/'
properties:
prefix:
description: Prefix is the string to add before the current path
in the requested URL. It should include a leading slash (/).
type: string
type: object
basicAuth:
description: BasicAuth holds the HTTP basic authentication configuration.
description: 'BasicAuth holds the basic auth middleware configuration.
This middleware restricts access to your services to known users.
More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/basicauth/'
properties:
headerField:
description: 'HeaderField defines a header field to store the
authenticated user. More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/basicauth/#headerfield'
type: string
realm:
description: 'Realm allows the protected resources on a server
to be partitioned into a set of protection spaces, each with
its own authentication scheme. Default: traefik.'
type: string
removeHeader:
description: 'RemoveHeader sets the removeHeader option to true
to remove the authorization header before forwarding the request
to your service. Default: false.'
type: boolean
secret:
description: Secret is the name of the referenced Kubernetes Secret
containing user credentials.
type: string
type: object
buffering:
description: Buffering holds the request/response buffering configuration.
description: 'Buffering holds the buffering middleware configuration.
This middleware retries or limits the size of requests that can
be forwarded to backends. More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/buffering/#maxrequestbodybytes'
properties:
maxRequestBodyBytes:
description: 'MaxRequestBodyBytes defines the maximum allowed
body size for the request (in bytes). If the request exceeds
the allowed size, it is not forwarded to the service, and the
client gets a 413 (Request Entity Too Large) response. Default:
0 (no maximum).'
format: int64
type: integer
maxResponseBodyBytes:
description: 'MaxResponseBodyBytes defines the maximum allowed
response size from the service (in bytes). If the response exceeds
the allowed size, it is not forwarded to the client. The client
gets a 500 (Internal Server Error) response instead. Default:
0 (no maximum).'
format: int64
type: integer
memRequestBodyBytes:
description: 'MemRequestBodyBytes defines the threshold (in bytes)
from which the request will be buffered on disk instead of in
memory. Default: 1048576 (1Mi).'
format: int64
type: integer
memResponseBodyBytes:
description: 'MemResponseBodyBytes defines the threshold (in bytes)
from which the response will be buffered on disk instead of
in memory. Default: 1048576 (1Mi).'
format: int64
type: integer
retryExpression:
description: 'RetryExpression defines the retry conditions. It
is a logical combination of functions with operators AND (&&)
and OR (||). More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/buffering/#retryexpression'
type: string
type: object
chain:
description: Chain holds a chain of middlewares.
description: 'Chain holds the configuration of the chain middleware.
This middleware enables to define reusable combinations of other
pieces of middleware. More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/chain/'
properties:
middlewares:
description: Middlewares is the list of MiddlewareRef which composes
the chain.
items:
description: MiddlewareRef is a ref to the Middleware resources.
description: MiddlewareRef is a reference to a Middleware resource.
properties:
name:
description: Name defines the name of the referenced Middleware
resource.
type: string
namespace:
description: Namespace defines the namespace of the referenced
Middleware resource.
type: string
required:
- name
@@ -119,159 +165,249 @@ spec:
x-kubernetes-int-or-string: true
type: object
compress:
description: Compress holds the compress configuration.
description: 'Compress holds the compress middleware configuration.
This middleware compresses responses before sending them to the
client, using gzip compression. More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/compress/'
properties:
excludedContentTypes:
description: ExcludedContentTypes defines the list of content
types to compare the Content-Type header of the incoming requests
and responses before compressing.
items:
type: string
type: array
minResponseBodyBytes:
description: 'MinResponseBodyBytes defines the minimum amount
of bytes a response body must have to be compressed. Default:
1024.'
type: integer
type: object
contentType:
description: ContentType middleware - or rather its unique `autoDetect`
option - specifies whether to let the `Content-Type` header, if
it has not been set by the backend, be automatically set to a value
derived from the contents of the response. As a proxy, the default
behavior should be to leave the header alone, regardless of what
the backend did with it. However, the historic default was to always
auto-detect and set the header if it was nil, and it is going to
be kept that way in order to support users currently relying on
it. This middleware exists to enable the correct behavior until
at least the default one can be changed in a future version.
description: ContentType holds the content-type middleware configuration.
This middleware exists to enable the correct behavior until at least
the default one can be changed in a future version.
properties:
autoDetect:
description: AutoDetect specifies whether to let the `Content-Type`
header, if it has not been set by the backend, be automatically
set to a value derived from the contents of the response. As
a proxy, the default behavior should be to leave the header
alone, regardless of what the backend did with it. However,
the historic default was to always auto-detect and set the header
if it was nil, and it is going to be kept that way in order
to support users currently relying on it.
type: boolean
type: object
digestAuth:
description: DigestAuth holds the Digest HTTP authentication configuration.
description: 'DigestAuth holds the digest auth middleware configuration.
This middleware restricts access to your services to known users.
More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/digestauth/'
properties:
headerField:
description: 'HeaderField defines a header field to store the
authenticated user. More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/basicauth/#headerfield'
type: string
realm:
description: 'Realm allows the protected resources on a server
to be partitioned into a set of protection spaces, each with
its own authentication scheme. Default: traefik.'
type: string
removeHeader:
description: RemoveHeader defines whether to remove the authorization
header before forwarding the request to the backend.
type: boolean
secret:
description: Secret is the name of the referenced Kubernetes Secret
containing user credentials.
type: string
type: object
errors:
description: ErrorPage holds the custom error page configuration.
description: 'ErrorPage holds the custom error middleware configuration.
This middleware returns a custom page in lieu of the default, according
to configured ranges of HTTP Status codes. More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/errorpages/'
properties:
query:
description: Query defines the URL for the error page (hosted
by service). The {status} variable can be used in order to insert
the status code in the URL.
type: string
service:
description: Service defines an upstream to proxy traffic.
description: 'Service defines the reference to a Kubernetes Service
that will serve the error page. More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/errorpages/#service'
properties:
kind:
description: Kind defines the kind of the Service.
enum:
- Service
- TraefikService
type: string
name:
description: Name is a reference to a Kubernetes Service object
(for a load-balancer of servers), or to a TraefikService
object (service load-balancer, mirroring, etc). The differentiation
between the two is specified in the Kind field.
description: Name defines the name of the referenced Kubernetes
Service or TraefikService. The differentiation between the
two is specified in the Kind field.
type: string
namespace:
description: Namespace defines the namespace of the referenced
Kubernetes Service or TraefikService.
type: string
passHostHeader:
description: PassHostHeader defines whether the client Host
header is forwarded to the upstream Kubernetes Service.
By default, passHostHeader is true.
type: boolean
port:
anyOf:
- type: integer
- type: string
description: Port defines the port of a Kubernetes Service.
This can be a reference to a named port.
x-kubernetes-int-or-string: true
responseForwarding:
description: ResponseForwarding holds configuration for the
forward of the response.
description: ResponseForwarding defines how Traefik forwards
the response from the upstream Kubernetes Service to the
client.
properties:
flushInterval:
description: 'FlushInterval defines the interval, in milliseconds,
in between flushes to the client while copying the response
body. A negative value means to flush immediately after
each write to the client. This configuration is ignored
when ReverseProxy recognizes a response as a streaming
response; for such responses, writes are flushed to
the client immediately. Default: 100ms'
type: string
type: object
scheme:
description: Scheme defines the scheme to use for the request
to the upstream Kubernetes Service. It defaults to https
when Kubernetes Service port is 443, http otherwise.
type: string
serversTransport:
description: ServersTransport defines the name of ServersTransport
resource to use. It allows to configure the transport between
Traefik and your servers. Can only be used on a Kubernetes
Service.
type: string
sticky:
description: Sticky holds the sticky configuration.
description: 'Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v2.8/routing/services/#sticky-sessions'
properties:
cookie:
description: Cookie holds the sticky configuration based
on cookie.
description: Cookie defines the sticky cookie configuration.
properties:
httpOnly:
description: HTTPOnly defines whether the cookie can
be accessed by client-side APIs, such as JavaScript.
type: boolean
name:
description: Name defines the Cookie name.
type: string
sameSite:
description: 'SameSite defines the same site policy.
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
type: string
secure:
description: Secure defines whether the cookie can
only be transmitted over an encrypted connection
(i.e. HTTPS).
type: boolean
type: object
type: object
strategy:
description: Strategy defines the load balancing strategy
between the servers. RoundRobin is the only supported value
at the moment.
type: string
weight:
description: Weight should only be specified when Name references
a TraefikService object (and to be precise, one that embeds
a Weighted Round Robin).
description: Weight defines the weight and should only be
specified when Name references a TraefikService object (and
to be precise, one that embeds a Weighted Round Robin).
type: integer
required:
- name
type: object
status:
description: Status defines which status or range of statuses
should result in an error page. It can be either a status code
as a number (500), as multiple comma-separated numbers (500,502),
as ranges by separating two codes with a dash (500-599), or
a combination of the two (404,418,500-599).
items:
type: string
type: array
type: object
forwardAuth:
description: ForwardAuth holds the http forward authentication configuration.
description: 'ForwardAuth holds the forward auth middleware configuration.
This middleware delegates the request authentication to a Service.
More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/forwardauth/'
properties:
address:
description: Address defines the authentication server address.
type: string
authRequestHeaders:
description: AuthRequestHeaders defines the list of the headers
to copy from the request to the authentication server. If not
set or empty then all request headers are passed.
items:
type: string
type: array
authResponseHeaders:
description: AuthResponseHeaders defines the list of headers to
copy from the authentication server response and set on forwarded
request, replacing any existing conflicting headers.
items:
type: string
type: array
authResponseHeadersRegex:
description: 'AuthResponseHeadersRegex defines the regex to match
headers to copy from the authentication server response and
set on forwarded request, after stripping all headers that match
the regex. More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/forwardauth/#authresponseheadersregex'
type: string
tls:
description: ClientTLS holds TLS specific configurations as client.
description: TLS defines the configuration used to secure the
connection to the authentication server.
properties:
caOptional:
type: boolean
caSecret:
description: CASecret is the name of the referenced Kubernetes
Secret containing the CA to validate the server certificate.
The CA certificate is extracted from key `tls.ca` or `ca.crt`.
type: string
certSecret:
description: CertSecret is the name of the referenced Kubernetes
Secret containing the client certificate. The client certificate
is extracted from the keys `tls.crt` and `tls.key`.
type: string
insecureSkipVerify:
description: InsecureSkipVerify defines whether the server
certificates should be validated.
type: boolean
type: object
trustForwardHeader:
description: 'TrustForwardHeader defines whether to trust (ie:
forward) all X-Forwarded-* headers.'
type: boolean
type: object
headers:
description: Headers holds the custom header configuration.
description: 'Headers holds the headers middleware configuration.
This middleware manages the requests and responses headers. More
info: https://doc.traefik.io/traefik/v2.8/middlewares/http/headers/#customrequestheaders'
properties:
accessControlAllowCredentials:
description: AccessControlAllowCredentials is only valid if true.
false is ignored.
description: AccessControlAllowCredentials defines whether the
request can include user credentials.
type: boolean
accessControlAllowHeaders:
description: AccessControlAllowHeaders must be used in response
to a preflight request with Access-Control-Request-Headers set.
description: AccessControlAllowHeaders defines the Access-Control-Request-Headers
values sent in preflight response.
items:
type: string
type: array
accessControlAllowMethods:
description: AccessControlAllowMethods must be used in response
to a preflight request with Access-Control-Request-Method set.
description: AccessControlAllowMethods defines the Access-Control-Request-Method
values sent in preflight response.
items:
type: string
type: array
@@ -288,60 +424,96 @@ spec:
type: string
type: array
accessControlExposeHeaders:
description: AccessControlExposeHeaders sets valid headers for
the response.
description: AccessControlExposeHeaders defines the Access-Control-Expose-Headers
values sent in preflight response.
items:
type: string
type: array
accessControlMaxAge:
description: AccessControlMaxAge sets the time that a preflight
description: AccessControlMaxAge defines the time that a preflight
request may be cached.
format: int64
type: integer
addVaryHeader:
description: AddVaryHeader controls if the Vary header is automatically
added/updated when the AccessControlAllowOriginList is set.
description: AddVaryHeader defines whether the Vary header is
automatically added/updated when the AccessControlAllowOriginList
is set.
type: boolean
allowedHosts:
description: AllowedHosts defines the fully qualified list of
allowed domain names.
items:
type: string
type: array
browserXssFilter:
description: BrowserXSSFilter defines whether to add the X-XSS-Protection
header with the value 1; mode=block.
type: boolean
contentSecurityPolicy:
description: ContentSecurityPolicy defines the Content-Security-Policy
header value.
type: string
contentTypeNosniff:
description: ContentTypeNosniff defines whether to add the X-Content-Type-Options
header with the nosniff value.
type: boolean
customBrowserXSSValue:
description: CustomBrowserXSSValue defines the X-XSS-Protection
header value. This overrides the BrowserXssFilter option.
type: string
customFrameOptionsValue:
description: CustomFrameOptionsValue defines the X-Frame-Options
header value. This overrides the FrameDeny option.
type: string
customRequestHeaders:
additionalProperties:
type: string
description: CustomRequestHeaders defines the header names and
values to apply to the request.
type: object
customResponseHeaders:
additionalProperties:
type: string
description: CustomResponseHeaders defines the header names and
values to apply to the response.
type: object
featurePolicy:
description: 'Deprecated: use PermissionsPolicy instead.'
type: string
forceSTSHeader:
description: ForceSTSHeader defines whether to add the STS header
even when the connection is HTTP.
type: boolean
frameDeny:
description: FrameDeny defines whether to add the X-Frame-Options
header with the DENY value.
type: boolean
hostsProxyHeaders:
description: HostsProxyHeaders defines the header keys that may
hold a proxied hostname value for the request.
items:
type: string
type: array
isDevelopment:
description: IsDevelopment defines whether to mitigate the unwanted
effects of the AllowedHosts, SSL, and STS options when developing.
Usually testing takes place using HTTP, not HTTPS, and on localhost,
not your production domain. If you would like your development
environment to mimic production with complete Host blocking,
SSL redirects, and STS headers, leave this as false.
type: boolean
permissionsPolicy:
description: PermissionsPolicy defines the Permissions-Policy
header value. This allows sites to control browser features.
type: string
publicKey:
description: PublicKey is the public key that implements HPKP
to prevent MITM attacks with forged certificates.
type: string
referrerPolicy:
description: ReferrerPolicy defines the Referrer-Policy header
value. This allows sites to control whether browsers forward
the Referer header to other sites.
type: string
sslForceHost:
description: 'Deprecated: use RedirectRegex instead.'
@@ -352,6 +524,10 @@ spec:
sslProxyHeaders:
additionalProperties:
type: string
description: 'SSLProxyHeaders defines the header keys with associated
values that would indicate a valid HTTPS request. It can be
useful when using other proxies (example: "X-Forwarded-Proto":
"https").'
type: object
sslRedirect:
description: 'Deprecated: use EntryPoint redirection or RedirectScheme
@@ -362,221 +538,366 @@ spec:
instead.'
type: boolean
stsIncludeSubdomains:
description: STSIncludeSubdomains defines whether the includeSubDomains
directive is appended to the Strict-Transport-Security header.
type: boolean
stsPreload:
description: STSPreload defines whether the preload flag is appended
to the Strict-Transport-Security header.
type: boolean
stsSeconds:
description: STSSeconds defines the max-age of the Strict-Transport-Security
header. If set to 0, the header is not set.
format: int64
type: integer
type: object
inFlightReq:
description: InFlightReq limits the number of requests being processed
and served concurrently.
description: 'InFlightReq holds the in-flight request middleware configuration.
This middleware limits the number of requests being processed and
served concurrently. More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/inflightreq/'
properties:
amount:
description: Amount defines the maximum amount of allowed simultaneous
in-flight request. The middleware responds with HTTP 429 Too
Many Requests if there are already amount requests in progress
(based on the same sourceCriterion strategy).
format: int64
type: integer
sourceCriterion:
description: SourceCriterion defines what criterion is used to
group requests as originating from a common source. If none
are set, the default is to use the request's remote address
field. All fields are mutually exclusive.
description: 'SourceCriterion defines what criterion is used to
group requests as originating from a common source. If several
strategies are defined at the same time, an error will be raised.
If none are set, the default is to use the requestHost. More
info: https://doc.traefik.io/traefik/v2.8/middlewares/http/inflightreq/#sourcecriterion'
properties:
ipStrategy:
description: IPStrategy holds the ip strategy configuration.
description: 'IPStrategy holds the IP strategy configuration
used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/ipwhitelist/#ipstrategy'
properties:
depth:
description: Depth tells Traefik to use the X-Forwarded-For
header and take the IP located at the depth position
(starting from the right).
type: integer
excludedIPs:
description: ExcludedIPs configures Traefik to scan the
X-Forwarded-For header and select the first IP not in
the list.
items:
type: string
type: array
type: object
requestHeaderName:
description: RequestHeaderName defines the name of the header
used to group incoming requests.
type: string
requestHost:
description: RequestHost defines whether to consider the request
Host as the source.
type: boolean
type: object
type: object
ipWhiteList:
description: IPWhiteList holds the ip white list configuration.
description: 'IPWhiteList holds the IP whitelist middleware configuration.
This middleware accepts / refuses requests based on the client IP.
More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/ipwhitelist/'
properties:
ipStrategy:
description: IPStrategy holds the ip strategy configuration.
description: 'IPStrategy holds the IP strategy configuration used
by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/ipwhitelist/#ipstrategy'
properties:
depth:
description: Depth tells Traefik to use the X-Forwarded-For
header and take the IP located at the depth position (starting
from the right).
type: integer
excludedIPs:
description: ExcludedIPs configures Traefik to scan the X-Forwarded-For
header and select the first IP not in the list.
items:
type: string
type: array
type: object
sourceRange:
description: SourceRange defines the set of allowed IPs (or ranges
of allowed IPs by using CIDR notation).
items:
type: string
type: array
type: object
passTLSClientCert:
description: PassTLSClientCert holds the TLS client cert headers configuration.
description: 'PassTLSClientCert holds the pass TLS client cert middleware
configuration. This middleware adds the selected data from the passed
client TLS certificate to a header. More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/passtlsclientcert/'
properties:
info:
description: TLSClientCertificateInfo holds the client TLS certificate
info configuration.
description: Info selects the specific client certificate details
you want to add to the X-Forwarded-Tls-Client-Cert-Info header.
properties:
issuer:
description: TLSClientCertificateIssuerDNInfo holds the client
TLS certificate distinguished name info configuration. cf
https://tools.ietf.org/html/rfc3739
description: Issuer defines the client certificate issuer
details to add to the X-Forwarded-Tls-Client-Cert-Info header.
properties:
commonName:
description: CommonName defines whether to add the organizationalUnit
information into the issuer.
type: boolean
country:
description: Country defines whether to add the country
information into the issuer.
type: boolean
domainComponent:
description: DomainComponent defines whether to add the
domainComponent information into the issuer.
type: boolean
locality:
description: Locality defines whether to add the locality
information into the issuer.
type: boolean
organization:
description: Organization defines whether to add the organization
information into the issuer.
type: boolean
province:
description: Province defines whether to add the province
information into the issuer.
type: boolean
serialNumber:
description: SerialNumber defines whether to add the serialNumber
information into the issuer.
type: boolean
type: object
notAfter:
description: NotAfter defines whether to add the Not After
information from the Validity part.
type: boolean
notBefore:
description: NotBefore defines whether to add the Not Before
information from the Validity part.
type: boolean
sans:
description: Sans defines whether to add the Subject Alternative
Name information from the Subject Alternative Name part.
type: boolean
serialNumber:
description: SerialNumber defines whether to add the client
serialNumber information.
type: boolean
subject:
description: TLSClientCertificateSubjectDNInfo holds the client
TLS certificate distinguished name info configuration. cf
https://tools.ietf.org/html/rfc3739
description: Subject defines the client certificate subject
details to add to the X-Forwarded-Tls-Client-Cert-Info header.
properties:
commonName:
description: CommonName defines whether to add the organizationalUnit
information into the subject.
type: boolean
country:
description: Country defines whether to add the country
information into the subject.
type: boolean
domainComponent:
description: DomainComponent defines whether to add the
domainComponent information into the subject.
type: boolean
locality:
description: Locality defines whether to add the locality
information into the subject.
type: boolean
organization:
description: Organization defines whether to add the organization
information into the subject.
type: boolean
organizationalUnit:
description: OrganizationalUnit defines whether to add
the organizationalUnit information into the subject.
type: boolean
province:
description: Province defines whether to add the province
information into the subject.
type: boolean
serialNumber:
description: SerialNumber defines whether to add the serialNumber
information into the subject.
type: boolean
type: object
type: object
pem:
description: PEM sets the X-Forwarded-Tls-Client-Cert header with
the escaped certificate.
type: boolean
type: object
plugin:
additionalProperties:
x-kubernetes-preserve-unknown-fields: true
description: 'Plugin defines the middleware plugin configuration.
More info: https://doc.traefik.io/traefik/plugins/'
type: object
rateLimit:
description: RateLimit holds the rate limiting configuration for a
given router.
description: 'RateLimit holds the rate limit configuration. This middleware
ensures that services will receive a fair amount of requests, and
allows one to define what fair is. More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/ratelimit/'
properties:
average:
description: Average is the maximum rate, by default in requests/s,
allowed for the given source. It defaults to 0, which means
no rate limiting. The rate is actually defined by dividing Average
by Period. So for a rate below 1req/s, one needs to define a
Period larger than a second.
format: int64
type: integer
burst:
description: Burst is the maximum number of requests allowed to
arrive in the same arbitrarily small period of time. It defaults
to 1.
format: int64
type: integer
period:
anyOf:
- type: integer
- type: string
description: 'Period, in combination with Average, defines the
actual maximum rate, such as: r = Average / Period. It defaults
to a second.'
x-kubernetes-int-or-string: true
sourceCriterion:
description: SourceCriterion defines what criterion is used to
group requests as originating from a common source. If none
are set, the default is to use the request's remote address
field. All fields are mutually exclusive.
group requests as originating from a common source. If several
strategies are defined at the same time, an error will be raised.
If none are set, the default is to use the request's remote
address field (as an ipStrategy).
properties:
ipStrategy:
description: IPStrategy holds the ip strategy configuration.
description: 'IPStrategy holds the IP strategy configuration
used by Traefik to determine the client IP. More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/ipwhitelist/#ipstrategy'
properties:
depth:
description: Depth tells Traefik to use the X-Forwarded-For
header and take the IP located at the depth position
(starting from the right).
type: integer
excludedIPs:
description: ExcludedIPs configures Traefik to scan the
X-Forwarded-For header and select the first IP not in
the list.
items:
type: string
type: array
type: object
requestHeaderName:
description: RequestHeaderName defines the name of the header
used to group incoming requests.
type: string
requestHost:
description: RequestHost defines whether to consider the request
Host as the source.
type: boolean
type: object
type: object
redirectRegex:
description: RedirectRegex holds the redirection configuration.
description: 'RedirectRegex holds the redirect regex middleware configuration.
This middleware redirects a request using regex matching and replacement.
More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/redirectregex/#regex'
properties:
permanent:
description: Permanent defines whether the redirection is permanent
(301).
type: boolean
regex:
description: Regex defines the regex used to match and capture
elements from the request URL.
type: string
replacement:
description: Replacement defines how to modify the URL to have
the new target URL.
type: string
type: object
redirectScheme:
description: RedirectScheme holds the scheme redirection configuration.
description: 'RedirectScheme holds the redirect scheme middleware
configuration. This middleware redirects requests from a scheme/port
to another. More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/redirectscheme/'
properties:
permanent:
description: Permanent defines whether the redirection is permanent
(301).
type: boolean
port:
description: Port defines the port of the new URL.
type: string
scheme:
description: Scheme defines the scheme of the new URL.
type: string
type: object
replacePath:
description: ReplacePath holds the ReplacePath configuration.
description: 'ReplacePath holds the replace path middleware configuration.
This middleware replaces the path of the request URL and store the
original path in an X-Replaced-Path header. More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/replacepath/'
properties:
path:
description: Path defines the path to use as replacement in the
request URL.
type: string
type: object
replacePathRegex:
description: ReplacePathRegex holds the ReplacePathRegex configuration.
description: 'ReplacePathRegex holds the replace path regex middleware
configuration. This middleware replaces the path of a URL using
regex matching and replacement. More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/replacepathregex/'
properties:
regex:
description: Regex defines the regular expression used to match
and capture the path from the request URL.
type: string
replacement:
description: Replacement defines the replacement path format,
which can include captured variables.
type: string
type: object
retry:
description: Retry holds the retry configuration.
description: 'Retry holds the retry middleware configuration. This
middleware reissues requests a given number of times to a backend
server if that server does not reply. As soon as the server answers,
the middleware stops retrying, regardless of the response status.
More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/retry/'
properties:
attempts:
description: Attempts defines how many times the request should
be retried.
type: integer
initialInterval:
anyOf:
- type: integer
- type: string
description: InitialInterval defines the first wait time in the
exponential backoff series. The maximum interval is calculated
as twice the initialInterval. If unspecified, requests will
be retried immediately. The value of initialInterval should
be provided in seconds or as a valid duration format, see https://pkg.go.dev/time#ParseDuration.
x-kubernetes-int-or-string: true
type: object
stripPrefix:
description: StripPrefix holds the StripPrefix configuration.
description: 'StripPrefix holds the strip prefix middleware configuration.
This middleware removes the specified prefixes from the URL path.
More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/stripprefix/'
properties:
forceSlash:
description: 'ForceSlash ensures that the resulting stripped path
is not the empty string, by replacing it with / when necessary.
Default: true.'
type: boolean
prefixes:
description: Prefixes defines the prefixes to strip from the request
URL.
items:
type: string
type: array
type: object
stripPrefixRegex:
description: StripPrefixRegex holds the StripPrefixRegex configuration.
description: 'StripPrefixRegex holds the strip prefix regex middleware
configuration. This middleware removes the matching prefixes from
the URL path. More info: https://doc.traefik.io/traefik/v2.8/middlewares/http/stripprefixregex/'
properties:
regex:
description: Regex defines the regular expression to match the
path prefix from the request URL.
items:
type: string
type: array

14
docs/content/reference/dynamic-configuration/traefik.containo.us_middlewaretcps.yaml
View File

@@ -19,7 +19,8 @@ spec:
- name: v1alpha1
schema:
openAPIV3Schema:
description: MiddlewareTCP is a specification for a MiddlewareTCP resource.
description: 'MiddlewareTCP is the CRD implementation of a Traefik TCP middleware.
More info: https://doc.traefik.io/traefik/v2.8/middlewares/overview/'
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
@@ -34,19 +35,24 @@ spec:
metadata:
type: object
spec:
description: MiddlewareTCPSpec holds the MiddlewareTCP configuration.
description: MiddlewareTCPSpec defines the desired state of a MiddlewareTCP.
properties:
inFlightConn:
description: TCPInFlightConn holds the TCP in flight connection configuration.
description: InFlightConn defines the InFlightConn middleware configuration.
properties:
amount:
description: Amount defines the maximum amount of allowed simultaneous
connections. The middleware closes the connection if there are
already amount connections opened.
format: int64
type: integer
type: object
ipWhiteList:
description: TCPIPWhiteList holds the TCP ip white list configuration.
description: IPWhiteList defines the IPWhiteList middleware configuration.
properties:
sourceRange:
description: SourceRange defines the allowed IPs (or ranges of
allowed IPs by using CIDR notation).
items:
type: string
type: array

40
docs/content/reference/dynamic-configuration/traefik.containo.us_serverstransports.yaml
View File

@@ -19,7 +19,10 @@ spec:
- name: v1alpha1
schema:
openAPIV3Schema:
description: ServersTransport is a specification for a ServersTransport resource.
description: 'ServersTransport is the CRD implementation of a ServersTransport.
If no serversTransport is specified, the default@internal will be used.
The default@internal serversTransport is created from the static configuration.
More info: https://doc.traefik.io/traefik/v2.8/routing/services/#serverstransport_1'
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
@@ -34,27 +37,28 @@ spec:
metadata:
type: object
spec:
description: ServersTransportSpec options to configure communication between
Traefik and the servers.
description: ServersTransportSpec defines the desired state of a ServersTransport.
properties:
certificatesSecrets:
description: Certificates for mTLS.
description: CertificatesSecrets defines a list of secret storing
client certificates for mTLS.
items:
type: string
type: array
disableHTTP2:
description: Disable HTTP/2 for connections with backend servers.
description: DisableHTTP2 disables HTTP/2 for connections with backend
servers.
type: boolean
forwardingTimeouts:
description: Timeouts for requests forwarded to the backend servers.
description: ForwardingTimeouts defines the timeouts for requests
forwarded to the backend servers.
properties:
dialTimeout:
anyOf:
- type: integer
- type: string
description: DialTimeout is the amount of time to wait until a
connection to a backend server can be established. If zero,
no timeout exists.
connection to a backend server can be established.
x-kubernetes-int-or-string: true
idleConnTimeout:
anyOf:
@@ -77,7 +81,7 @@ spec:
- type: string
description: ReadIdleTimeout is the timeout after which a health
check using ping frame will be carried out if no frame is received
on the HTTP/2 connection. If zero, no health check is performed.
on the HTTP/2 connection.
x-kubernetes-int-or-string: true
responseHeaderTimeout:
anyOf:
@@ -85,27 +89,29 @@ spec:
- type: string
description: ResponseHeaderTimeout is the amount of time to wait
for a server's response headers after fully writing the request
(including its body, if any). If zero, no timeout exists.
(including its body, if any).
x-kubernetes-int-or-string: true
type: object
insecureSkipVerify:
description: Disable SSL certificate verification.
description: InsecureSkipVerify disables SSL certificate verification.
type: boolean
maxIdleConnsPerHost:
description: If non-zero, controls the maximum idle (keep-alive) to
keep per-host. If zero, DefaultMaxIdleConnsPerHost is used.
description: MaxIdleConnsPerHost controls the maximum idle (keep-alive)
to keep per-host.
type: integer
peerCertURI:
description: URI used to match against SAN URI during the peer certificate
verification.
description: PeerCertURI defines the peer cert URI used to match against
SAN URI during the peer certificate verification.
type: string
rootCAsSecrets:
description: Add cert file for self-signed certificate.
description: RootCAsSecrets defines a list of CA secret used to validate
self-signed certificate.
items:
type: string
type: array
serverName:
description: ServerName used to contact the server.
description: ServerName defines the server name used to contact the
server.
type: string
type: object
required:

33
docs/content/reference/dynamic-configuration/traefik.containo.us_tlsoptions.yaml
View File

@@ -19,7 +19,9 @@ spec:
- name: v1alpha1
schema:
openAPIV3Schema:
description: TLSOption is a specification for a TLSOption resource.
description: 'TLSOption is the CRD implementation of a Traefik TLS Option,
allowing to configure some parameters of the TLS connection. More info:
https://doc.traefik.io/traefik/v2.8/https/tls/#tls-options'
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
@@ -34,19 +36,24 @@ spec:
metadata:
type: object
spec:
description: TLSOptionSpec configures TLS for an entry point.
description: TLSOptionSpec defines the desired state of a TLSOption.
properties:
alpnProtocols:
description: 'ALPNProtocols defines the list of supported application
level protocols for the TLS handshake, in order of preference. More
info: https://doc.traefik.io/traefik/v2.8/https/tls/#alpn-protocols'
items:
type: string
type: array
cipherSuites:
description: 'CipherSuites defines the list of supported cipher suites
for TLS versions up to TLS 1.2. More info: https://doc.traefik.io/traefik/v2.8/https/tls/#cipher-suites'
items:
type: string
type: array
clientAuth:
description: ClientAuth defines the parameters of the client authentication
part of the TLS connection, if any.
description: ClientAuth defines the server's policy for TLS Client
Authentication.
properties:
clientAuthType:
description: ClientAuthType defines the client authentication
@@ -59,23 +66,37 @@ spec:
- RequireAndVerifyClientCert
type: string
secretNames:
description: SecretName is the name of the referenced Kubernetes
Secret to specify the certificate details.
description: SecretNames defines the names of the referenced Kubernetes
Secret storing certificate details.
items:
type: string
type: array
type: object
curvePreferences:
description: 'CurvePreferences defines the preferred elliptic curves
in a specific order. More info: https://doc.traefik.io/traefik/v2.8/https/tls/#curve-preferences'
items:
type: string
type: array
maxVersion:
description: 'MaxVersion defines the maximum TLS version that Traefik
will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12,
VersionTLS13. Default: None.'
type: string
minVersion:
description: 'MinVersion defines the minimum TLS version that Traefik
will accept. Possible values: VersionTLS10, VersionTLS11, VersionTLS12,
VersionTLS13. Default: VersionTLS10.'
type: string
preferServerCipherSuites:
description: 'PreferServerCipherSuites defines whether the server
chooses a cipher suite among his own instead of among the client''s.
It is enabled automatically when minVersion or maxVersion is set.
Deprecated: https://github.com/golang/go/issues/45430'
type: boolean
sniStrict:
description: SniStrict defines whether Traefik allows connections
from clients connections that do not specify a server_name extension.
type: boolean
type: object
required:

10
docs/content/reference/dynamic-configuration/traefik.containo.us_tlsstores.yaml
View File

@@ -19,7 +19,10 @@ spec:
- name: v1alpha1
schema:
openAPIV3Schema:
description: TLSStore is a specification for a TLSStore resource.
description: 'TLSStore is the CRD implementation of a Traefik TLS Store. For
the time being, only the TLSStore named default is supported. This means
that you cannot have two stores that are named default in different Kubernetes
namespaces. More info: https://doc.traefik.io/traefik/v2.8/https/tls/#certificates-stores'
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
@@ -34,7 +37,7 @@ spec:
metadata:
type: object
spec:
description: TLSStoreSpec configures a TLSStore resource.
description: TLSStoreSpec defines the desired state of a TLSStore.
properties:
certificates:
description: Certificates is a list of secret names, each secret holding
@@ -51,8 +54,7 @@ spec:
type: object
type: array
defaultCertificate:
description: DefaultCertificate is the name of the secret holding
the default key/certificate pair for the store.
description: DefaultCertificate defines the default certificate configuration.
properties:
secretName:
description: SecretName is the name of the referenced Kubernetes

213
docs/content/reference/dynamic-configuration/traefik.containo.us_traefikservices.yaml
View File

@@ -19,10 +19,9 @@ spec:
- name: v1alpha1
schema:
openAPIV3Schema:
description: TraefikService is the specification for a service (that an IngressRoute
refers to) that is usually not a terminal service (i.e. not a pod of servers),
as opposed to a Kubernetes Service. That is to say, it usually refers to
other (children) services, which themselves can be TraefikServices or Services.
description: 'TraefikService is the CRD implementation of a Traefik Service.
TraefikService object allows to: - Apply weight to Services on load-balancing
- Mirror traffic on services More info: https://doc.traefik.io/traefik/v2.8/routing/providers/kubernetes-crd/#kind-traefikservice'
properties:
apiVersion:
description: 'APIVersion defines the versioned schema of this representation
@@ -37,220 +36,332 @@ spec:
metadata:
type: object
spec:
description: ServiceSpec defines whether a TraefikService is a load-balancer
of services or a mirroring service.
description: TraefikServiceSpec defines the desired state of a TraefikService.
properties:
mirroring:
description: Mirroring defines a mirroring service, which is composed
of a main load-balancer, and a list of mirrors.
description: Mirroring defines the Mirroring service configuration.
properties:
kind:
description: Kind defines the kind of the Service.
enum:
- Service
- TraefikService
type: string
maxBodySize:
description: MaxBodySize defines the maximum size allowed for
the body of the request. If the body is larger, the request
is not mirrored. Default value is -1, which means unlimited
size.
format: int64
type: integer
mirrors:
description: Mirrors defines the list of mirrors where Traefik
will duplicate the traffic.
items:
description: MirrorService defines one of the mirrors of a Mirroring
service.
description: MirrorService holds the mirror configuration.
properties:
kind:
description: Kind defines the kind of the Service.
enum:
- Service
- TraefikService
type: string
name:
description: Name is a reference to a Kubernetes Service
object (for a load-balancer of servers), or to a TraefikService
object (service load-balancer, mirroring, etc). The differentiation
between the two is specified in the Kind field.
description: Name defines the name of the referenced Kubernetes
Service or TraefikService. The differentiation between
the two is specified in the Kind field.
type: string
namespace:
description: Namespace defines the namespace of the referenced
Kubernetes Service or TraefikService.
type: string
passHostHeader:
description: PassHostHeader defines whether the client Host
header is forwarded to the upstream Kubernetes Service.
By default, passHostHeader is true.
type: boolean
percent:
description: 'Percent defines the part of the traffic to
mirror. Supported values: 0 to 100.'
type: integer
port:
anyOf:
- type: integer
- type: string
description: Port defines the port of a Kubernetes Service.
This can be a reference to a named port.
x-kubernetes-int-or-string: true
responseForwarding:
description: ResponseForwarding holds configuration for
the forward of the response.
description: ResponseForwarding defines how Traefik forwards
the response from the upstream Kubernetes Service to the
client.
properties:
flushInterval:
description: 'FlushInterval defines the interval, in
milliseconds, in between flushes to the client while
copying the response body. A negative value means
to flush immediately after each write to the client.
This configuration is ignored when ReverseProxy recognizes
a response as a streaming response; for such responses,
writes are flushed to the client immediately. Default:
100ms'
type: string
type: object
scheme:
description: Scheme defines the scheme to use for the request
to the upstream Kubernetes Service. It defaults to https
when Kubernetes Service port is 443, http otherwise.
type: string
serversTransport:
description: ServersTransport defines the name of ServersTransport
resource to use. It allows to configure the transport
between Traefik and your servers. Can only be used on
a Kubernetes Service.
type: string
sticky:
description: Sticky holds the sticky configuration.
description: 'Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v2.8/routing/services/#sticky-sessions'
properties:
cookie:
description: Cookie holds the sticky configuration based
on cookie.
description: Cookie defines the sticky cookie configuration.
properties:
httpOnly:
description: HTTPOnly defines whether the cookie
can be accessed by client-side APIs, such as JavaScript.
type: boolean
name:
description: Name defines the Cookie name.
type: string
sameSite:
description: 'SameSite defines the same site policy.
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
type: string
secure:
description: Secure defines whether the cookie can
only be transmitted over an encrypted connection
(i.e. HTTPS).
type: boolean
type: object
type: object
strategy:
description: Strategy defines the load balancing strategy
between the servers. RoundRobin is the only supported
value at the moment.
type: string
weight:
description: Weight should only be specified when Name references
a TraefikService object (and to be precise, one that embeds
a Weighted Round Robin).
description: Weight defines the weight and should only be
specified when Name references a TraefikService object
(and to be precise, one that embeds a Weighted Round Robin).
type: integer
required:
- name
type: object
type: array
name:
description: Name is a reference to a Kubernetes Service object
(for a load-balancer of servers), or to a TraefikService object
(service load-balancer, mirroring, etc). The differentiation
between the two is specified in the Kind field.
description: Name defines the name of the referenced Kubernetes
Service or TraefikService. The differentiation between the two
is specified in the Kind field.
type: string
namespace:
description: Namespace defines the namespace of the referenced
Kubernetes Service or TraefikService.
type: string
passHostHeader:
description: PassHostHeader defines whether the client Host header
is forwarded to the upstream Kubernetes Service. By default,
passHostHeader is true.
type: boolean
port:
anyOf:
- type: integer
- type: string
description: Port defines the port of a Kubernetes Service. This
can be a reference to a named port.
x-kubernetes-int-or-string: true
responseForwarding:
description: ResponseForwarding holds configuration for the forward
of the response.
description: ResponseForwarding defines how Traefik forwards the
response from the upstream Kubernetes Service to the client.
properties:
flushInterval:
description: 'FlushInterval defines the interval, in milliseconds,
in between flushes to the client while copying the response
body. A negative value means to flush immediately after
each write to the client. This configuration is ignored
when ReverseProxy recognizes a response as a streaming response;
for such responses, writes are flushed to the client immediately.
Default: 100ms'
type: string
type: object
scheme:
description: Scheme defines the scheme to use for the request
to the upstream Kubernetes Service. It defaults to https when
Kubernetes Service port is 443, http otherwise.
type: string
serversTransport:
description: ServersTransport defines the name of ServersTransport
resource to use. It allows to configure the transport between
Traefik and your servers. Can only be used on a Kubernetes Service.
type: string
sticky:
description: Sticky holds the sticky configuration.
description: 'Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v2.8/routing/services/#sticky-sessions'
properties:
cookie:
description: Cookie holds the sticky configuration based on
cookie.
description: Cookie defines the sticky cookie configuration.
properties:
httpOnly:
description: HTTPOnly defines whether the cookie can be
accessed by client-side APIs, such as JavaScript.
type: boolean
name:
description: Name defines the Cookie name.
type: string
sameSite:
description: 'SameSite defines the same site policy. More
info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
type: string
secure:
description: Secure defines whether the cookie can only
be transmitted over an encrypted connection (i.e. HTTPS).
type: boolean
type: object
type: object
strategy:
description: Strategy defines the load balancing strategy between
the servers. RoundRobin is the only supported value at the moment.
type: string
weight:
description: Weight should only be specified when Name references
a TraefikService object (and to be precise, one that embeds
a Weighted Round Robin).
description: Weight defines the weight and should only be specified
when Name references a TraefikService object (and to be precise,
one that embeds a Weighted Round Robin).
type: integer
required:
- name
type: object
weighted:
description: WeightedRoundRobin defines a load-balancer of services.
description: Weighted defines the Weighted Round Robin configuration.
properties:
services:
description: Services defines the list of Kubernetes Service and/or
TraefikService to load-balance, with weight.
items:
description: Service defines an upstream to proxy traffic.
description: Service defines an upstream HTTP service to proxy
traffic to.
properties:
kind:
description: Kind defines the kind of the Service.
enum:
- Service
- TraefikService
type: string
name:
description: Name is a reference to a Kubernetes Service
object (for a load-balancer of servers), or to a TraefikService
object (service load-balancer, mirroring, etc). The differentiation
between the two is specified in the Kind field.
description: Name defines the name of the referenced Kubernetes
Service or TraefikService. The differentiation between
the two is specified in the Kind field.
type: string
namespace:
description: Namespace defines the namespace of the referenced
Kubernetes Service or TraefikService.
type: string
passHostHeader:
description: PassHostHeader defines whether the client Host
header is forwarded to the upstream Kubernetes Service.
By default, passHostHeader is true.
type: boolean
port:
anyOf:
- type: integer
- type: string
description: Port defines the port of a Kubernetes Service.
This can be a reference to a named port.
x-kubernetes-int-or-string: true
responseForwarding:
description: ResponseForwarding holds configuration for
the forward of the response.
description: ResponseForwarding defines how Traefik forwards
the response from the upstream Kubernetes Service to the
client.
properties:
flushInterval:
description: 'FlushInterval defines the interval, in
milliseconds, in between flushes to the client while
copying the response body. A negative value means
to flush immediately after each write to the client.
This configuration is ignored when ReverseProxy recognizes
a response as a streaming response; for such responses,
writes are flushed to the client immediately. Default:
100ms'
type: string
type: object
scheme:
description: Scheme defines the scheme to use for the request
to the upstream Kubernetes Service. It defaults to https
when Kubernetes Service port is 443, http otherwise.
type: string
serversTransport:
description: ServersTransport defines the name of ServersTransport
resource to use. It allows to configure the transport
between Traefik and your servers. Can only be used on
a Kubernetes Service.
type: string
sticky:
description: Sticky holds the sticky configuration.
description: 'Sticky defines the sticky sessions configuration.
More info: https://doc.traefik.io/traefik/v2.8/routing/services/#sticky-sessions'
properties:
cookie:
description: Cookie holds the sticky configuration based
on cookie.
description: Cookie defines the sticky cookie configuration.
properties:
httpOnly:
description: HTTPOnly defines whether the cookie
can be accessed by client-side APIs, such as JavaScript.
type: boolean
name:
description: Name defines the Cookie name.
type: string
sameSite:
description: 'SameSite defines the same site policy.
More info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
type: string
secure:
description: Secure defines whether the cookie can
only be transmitted over an encrypted connection
(i.e. HTTPS).
type: boolean
type: object
type: object
strategy:
description: Strategy defines the load balancing strategy
between the servers. RoundRobin is the only supported
value at the moment.
type: string
weight:
description: Weight should only be specified when Name references
a TraefikService object (and to be precise, one that embeds
a Weighted Round Robin).
description: Weight defines the weight and should only be
specified when Name references a TraefikService object
(and to be precise, one that embeds a Weighted Round Robin).
type: integer
required:
- name
type: object
type: array
sticky:
description: Sticky holds the sticky configuration.
description: 'Sticky defines whether sticky sessions are enabled.
More info: https://doc.traefik.io/traefik/v2.8/routing/providers/kubernetes-crd/#stickiness-and-load-balancing'
properties:
cookie:
description: Cookie holds the sticky configuration based on
cookie.
description: Cookie defines the sticky cookie configuration.
properties:
httpOnly:
description: HTTPOnly defines whether the cookie can be
accessed by client-side APIs, such as JavaScript.
type: boolean
name:
description: Name defines the Cookie name.
type: string
sameSite:
description: 'SameSite defines the same site policy. More
info: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite'
type: string
secure:
description: Secure defines whether the cookie can only
be transmitted over an encrypted connection (i.e. HTTPS).
type: boolean
type: object
type: object

2
docs/content/reference/static-configuration/cli-ref.md
View File

@@ -562,7 +562,7 @@ TLS key
Use the ip address from the bound port, rather than from the inner network. (Default: ```false```)
`--providers.docker.watch`:
Watch Docker Swarm events. (Default: ```true```)
Watch Docker events. (Default: ```true```)
`--providers.ecs`:
Enable AWS ECS backend with default settings. (Default: ```false```)

2
docs/content/reference/static-configuration/env-ref.md
View File

@@ -562,7 +562,7 @@ TLS key
Use the ip address from the bound port, rather than from the inner network. (Default: ```false```)
`TRAEFIK_PROVIDERS_DOCKER_WATCH`:
Watch Docker Swarm events. (Default: ```true```)
Watch Docker events. (Default: ```true```)
`TRAEFIK_PROVIDERS_ECS`:
Enable AWS ECS backend with default settings. (Default: ```false```)

2
docs/content/routing/entrypoints.md
View File

@@ -967,3 +967,5 @@ entryPoints:
entrypoints.foo.address=:8000/udp
entrypoints.foo.udp.timeout=10s
```
{!traefik-for-business-applications.md!}

2
docs/content/routing/overview.md
View File

@@ -406,3 +406,5 @@ serversTransport:
## Static configuration
--serversTransport.forwardingTimeouts.idleConnTimeout=1s
```
{!traefik-for-business-applications.md!}

2
docs/content/routing/providers/docker.md
View File

@@ -360,7 +360,7 @@ you'd add the label `traefik.http.services.<name-of-your-choice>.loadbalancer.pa
See [health check](../services/index.md#health-check) for more information.
```yaml
- "traefik.http.services.myservice.loadbalancer.healthcheck.timeout=10"
- "traefik.http.services.myservice.loadbalancer.healthcheck.timeout=10s"
```
??? info "`traefik.http.services.<service_name>.loadbalancer.healthcheck.followredirects`"

132
docs/content/routing/providers/kubernetes-crd.md
View File

@@ -298,10 +298,10 @@ You can find an excerpt of the available custom resources in the table below:
| Kind | Purpose | Concept Behind |
|--------------------------------------------|--------------------------------------------------------------------|----------------------------------------------------------------|
| [IngressRoute](#kind-ingressroute) | HTTP Routing | [HTTP router](../routers/index.md#configuring-http-routers) |
| [Middleware](#kind-middleware) | Tweaks the HTTP requests before they are sent to your service | [HTTP Middlewares](../../middlewares/http/overview.md) |
| [Middleware](#kind-middleware) | Tweaks the HTTP requests before they are sent to your service | [HTTP Middlewares](../../middlewares/http/overview.md) |
| [TraefikService](#kind-traefikservice) | Abstraction for HTTP loadbalancing/mirroring | [HTTP service](../services/index.md#configuring-http-services) |
| [IngressRouteTCP](#kind-ingressroutetcp) | TCP Routing | [TCP router](../routers/index.md#configuring-tcp-routers) |
| [MiddlewareTCP](#kind-middlewaretcp) | Tweaks the TCP requests before they are sent to your service | [TCP Middlewares](../../middlewares/tcp/overview.md) |
| [MiddlewareTCP](#kind-middlewaretcp) | Tweaks the TCP requests before they are sent to your service | [TCP Middlewares](../../middlewares/tcp/overview.md) |
| [IngressRouteUDP](#kind-ingressrouteudp) | UDP Routing | [UDP router](../routers/index.md#configuring-udp-routers) |
| [TLSOptions](#kind-tlsoption) | Allows to configure some parameters of the TLS connection | [TLSOptions](../../https/tls.md#tls-options) |
| [TLSStores](#kind-tlsstore) | Allows to configure the default TLS store | [TLSStores](../../https/tls.md#certificates-stores) |
@@ -583,6 +583,62 @@ Register the `IngressRoute` [kind](../../reference/dynamic-configuration/kuberne
- port: 80
```
#### Load Balancing
More information in the dedicated server [load balancing](../services/index.md#load-balancing) section.
!!! info "Declaring and using Kubernetes Service Load Balancing"
```yaml tab="IngressRoute"
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: ingressroutebar
namespace: default
spec:
entryPoints:
- web
routes:
- match: Host(`example.com`) && PathPrefix(`/foo`)
kind: Rule
services:
- name: svc1
namespace: default
- name: svc2
namespace: default
```
```yaml tab="K8s Service"
apiVersion: v1
kind: Service
metadata:
name: svc1
namespace: default
spec:
ports:
- name: http
port: 80
selector:
app: traefiklabs
task: app1
---
apiVersion: v1
kind: Service
metadata:
name: svc2
namespace: default
spec:
ports:
- name: http
port: 80
selector:
app: traefiklabs
task: app2
```
### Kind: `Middleware`
`Middleware` is the CRD implementation of a [Traefik middleware](../../middlewares/http/overview.md).
@@ -642,7 +698,7 @@ More information about available middlewares in the dedicated [middlewares secti
Register the `TraefikService` [kind](../../reference/dynamic-configuration/kubernetes-crd.md#definitions) in the Kubernetes cluster before creating `TraefikService` objects,
referencing services in the [`IngressRoute`](#kind-ingressroute) objects, or recursively in others `TraefikService` objects.
!!! info "Disambiguate Traefik and Kubernetes Services "
!!! info "Disambiguate Traefik and Kubernetes Services"
As the field `name` can reference different types of objects, use the field `kind` to avoid any ambiguity.
@@ -653,65 +709,8 @@ referencing services in the [`IngressRoute`](#kind-ingressroute) objects, or rec
`TraefikService` object allows to use any (valid) combinations of:
* servers [load balancing](#server-load-balancing).
* services [Weighted Round Robin](#weighted-round-robin) load balancing.
* services [mirroring](#mirroring).
#### Server Load Balancing
More information in the dedicated server [load balancing](../services/index.md#load-balancing) section.
??? "Declaring and Using Server Load Balancing"
```yaml tab="IngressRoute"
apiVersion: traefik.containo.us/v1alpha1
kind: IngressRoute
metadata:
name: ingressroutebar
namespace: default
spec:
entryPoints:
- web
routes:
- match: Host(`example.com`) && PathPrefix(`/foo`)
kind: Rule
services:
- name: svc1
namespace: default
- name: svc2
namespace: default
```
```yaml tab="K8s Service"
apiVersion: v1
kind: Service
metadata:
name: svc1
namespace: default
spec:
ports:
- name: http
port: 80
selector:
app: traefiklabs
task: app1
---
apiVersion: v1
kind: Service
metadata:
name: svc2
namespace: default
spec:
ports:
- name: http
port: 80
selector:
app: traefiklabs
task: app2
```
* [Weighted Round Robin](#weighted-round-robin) load balancing.
* [Mirroring](#mirroring).
#### Weighted Round Robin
@@ -1074,7 +1073,7 @@ and there is a second level because each whoami service is a `replicaset` and is
assuming `10.42.0.6` is the IP address of one of the replicas (a pod then) of the `whoami1` service.
### Kind `IngressRouteTCP`
### Kind: `IngressRouteTCP`
`IngressRouteTCP` is the CRD implementation of a [Traefik TCP router](../routers/index.md#configuring-tcp-routers).
@@ -1327,7 +1326,7 @@ Register the `MiddlewareTCP` [kind](../../reference/dynamic-configuration/kubern
More information about available TCP middlewares in the dedicated [middlewares section](../../middlewares/tcp/overview.md).
### Kind `IngressRouteUDP`
### Kind: `IngressRouteUDP`
`IngressRouteUDP` is the CRD implementation of a [Traefik UDP router](../routers/index.md#configuring-udp-routers).
@@ -1616,8 +1615,7 @@ or referencing TLS stores in the [`IngressRoute`](#kind-ingressroute) / [`Ingres
!!! important "Default TLS Store"
Traefik currently only uses the [TLS Store named "default"](../../https/tls.md#certificates-stores).
This means that if you have two stores that are named default in different kubernetes namespaces,
they may be randomly chosen.
This means that you cannot have two stores that are named default in different Kubernetes namespaces.
For the time being, please only configure one TLSStore named default.
!!! info "TLSStore Attributes"
@@ -1784,3 +1782,5 @@ If the ServersTransport CRD is defined in another provider the cross-provider fo
## Further
Also see the [full example](../../user-guides/crd-acme/index.md) with Let's Encrypt.
{!traefik-for-business-applications.md!}

5
docs/content/routing/providers/kubernetes-ingress.md
View File

@@ -47,6 +47,7 @@ which in turn will create the resulting routers, services, handlers, etc.
- watch
- apiGroups:
- extensions
- networking.k8s.io
resources:
- ingresses/status
verbs:
@@ -438,6 +439,7 @@ This way, any Ingress attached to this Entrypoint will have TLS termination by d
- watch
- apiGroups:
- extensions
- networking.k8s.io
resources:
- ingresses/status
verbs:
@@ -645,6 +647,7 @@ For more options, please refer to the available [annotations](#on-ingress).
- watch
- apiGroups:
- extensions
- networking.k8s.io
resources:
- ingresses/status
verbs:
@@ -944,3 +947,5 @@ This will allow users to create a "default router" that will match all unmatched
to avoid this global ingress from satisfying requests that could match other ingresses.
To do this, use the `traefik.ingress.kubernetes.io/router.priority` annotation (as seen in [Annotations on Ingress](#on-ingress)) on your ingresses accordingly.
{!traefik-for-business-applications.md!}

42
docs/content/routing/routers/index.md
View File

@@ -233,18 +233,18 @@ If the rule is verified, the router becomes active, calls middlewares, and then
The table below lists all the available matchers:
| Rule | Description |
|------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------|
| ```Headers(`key`, `value`)``` | Check if there is a key `key`defined in the headers, with the value `value` |
| ```HeadersRegexp(`key`, `regexp`)``` | Check if there is a key `key`defined in the headers, with a value that matches the regular expression `regexp` |
| ```Host(`example.com`, ...)``` | Check if the request domain (host header value) targets one of the given `domains`. |
| ```HostHeader(`example.com`, ...)``` | Same as `Host`, only exists for historical reasons. |
| ```HostRegexp(`example.com`, `{subdomain:[a-z]+}.example.com`, ...)``` | Match the request domain. See "Regexp Syntax" below. |
| ```Method(`GET`, ...)``` | Check if the request method is one of the given `methods` (`GET`, `POST`, `PUT`, `DELETE`, `PATCH`, `HEAD`) |
| ```Path(`/path`, `/articles/{cat:[a-z]+}/{id:[0-9]+}`, ...)``` | Match exact request path. See "Regexp Syntax" below. |
| ```PathPrefix(`/products/`, `/articles/{cat:[a-z]+}/{id:[0-9]+}`)``` | Match request prefix path. See "Regexp Syntax" below. |
| ```Query(`foo=bar`, `bar=baz`)``` | Match Query String parameters. It accepts a sequence of key=value pairs. |
| ```ClientIP(`10.0.0.0/16`, `::1`)``` | Match if the request client IP is one of the given IP/CIDR. It accepts IPv4, IPv6 and CIDR formats. |
| Rule | Description |
|--------------------------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------|
| ```Headers(`key`, `value`)``` | Check if there is a key `key`defined in the headers, with the value `value` |
| ```HeadersRegexp(`key`, `regexp`)``` | Check if there is a key `key`defined in the headers, with a value that matches the regular expression `regexp` |
| ```Host(`example.com`, ...)``` | Check if the request domain (host header value) targets one of the given `domains`. |
| ```HostHeader(`example.com`, ...)``` | Same as `Host`, only exists for historical reasons. |
| ```HostRegexp(`example.com`, `{subdomain:[a-z]+}.example.com`, ...)``` | Match the request domain. See "Regexp Syntax" below. |
| ```Method(`GET`, ...)``` | Check if the request method is one of the given `methods` (`GET`, `POST`, `PUT`, `DELETE`, `PATCH`, `HEAD`) |
| ```Path(`/path`, `/articles/{cat:[a-z]+}/{id:[0-9]+}`, ...)``` | Match exact request path. See "Regexp Syntax" below. |
| ```PathPrefix(`/products/`, `/articles/{cat:[a-z]+}/{id:[0-9]+}`)``` | Match request prefix path. See "Regexp Syntax" below. |
| ```Query(`foo=bar`, `bar=baz`)``` | Match Query String parameters. It accepts a sequence of key=value pairs. |
| ```ClientIP(`10.0.0.0/16`, `::1`)``` | Match if the request client IP is one of the given IP/CIDR. It accepts IPv4, IPv6 and CIDR formats. |
!!! important "Non-ASCII Domain Names"
@@ -259,6 +259,7 @@ The table below lists all the available matchers:
The regexp name (`name` in the above example) is an arbitrary value, that exists only for historical reasons.
Any `regexp` supported by [Go's regexp package](https://golang.org/pkg/regexp/) may be used.
For example, here is a case insensitive path matcher syntax: ```Path(`/{path:(?i:Products)}`)```.
!!! info "Combining Matchers Using Operators and Parenthesis"
@@ -673,6 +674,21 @@ If no matching route is found for the TCP routers, then the HTTP routers will ta
If not specified, TCP routers will accept requests from all defined entry points.
If you want to limit the router scope to a set of entry points, set the entry points option.
??? info "How to handle Server First protocols?"
To correctly handle a request, Traefik needs to wait for the first
few bytes to arrive before it can decide what to do with it.
For protocols where the server is expected to send first, such
as SMTP, if no specific setup is in place, we could end up in
a situation where both sides are waiting for data and the
connection appears to have hanged.
The only way that Traefik can deal with such a case, is to make
sure that on the concerned entry point, there is no TLS router
whatsoever (neither TCP nor HTTP), and there is at least one
non-TLS TCP router that leads to the server in question.
??? example "Listens to Every Entry Point"
**Dynamic Configuration**
@@ -1306,3 +1322,5 @@ There must be one (and only one) UDP [service](../services/index.md) referenced
Services are the target for the router.
!!! important "UDP routers can only target UDP services (and not HTTP or TCP services)."
{!traefik-for-business-applications.md!}

20
docs/content/routing/services/index.md
View File

@@ -322,14 +322,14 @@ To propagate status changes (e.g. all servers of this service are down) upwards,
Below are the available options for the health check mechanism:
- `path` is appended to the server URL to set the health check endpoint.
- `scheme`, if defined, will replace the server URL `scheme` for the health check endpoint
- `hostname`, if defined, will apply `Host` header `hostname` to the health check request.
- `port`, if defined, will replace the server URL `port` for the health check endpoint.
- `interval` defines the frequency of the health check calls.
- `timeout` defines the maximum duration Traefik will wait for a health check request before considering the server failed (unhealthy).
- `headers` defines custom headers to be sent to the health check endpoint.
- `followRedirects` defines whether redirects should be followed during the health check calls (default: true).
- `path` (required), defines the server URL path for the health check endpoint .
- `scheme` (optional), replaces the server URL `scheme` for the health check endpoint.
- `hostname` (optional), sets the value of `hostname` in the `Host` header of the health check request.
- `port` (optional), replaces the server URL `port` for the health check endpoint.
- `interval` (default: 30s), defines the frequency of the health check calls.
- `timeout` (default: 5s), defines the maximum duration Traefik will wait for a health check request before considering the server unhealthy.
- `headers` (optional), defines custom headers to be sent to the health check endpoint.
- `followRedirects` (default: true), defines whether redirects should be followed during the health check calls.
!!! info "Interval & Timeout Format"
@@ -677,7 +677,7 @@ metadata:
name: myca
data:
tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=
ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=
```
#### `maxIdleConnsPerHost`
@@ -1645,3 +1645,5 @@ udp:
[[udp.services.appv2.loadBalancer.servers]]
address = "private-ip-server-2:8080/"
```
{!traefik-for-business-applications.md!}

17
docs/content/user-guides/crd-acme/05-tlsoption.yml Normal file
View File

@@ -0,0 +1,17 @@
---
apiVersion: traefik.containo.us/v1alpha1
kind: TLSOption
metadata:
name: default
namespace: default
spec:
minVersion: VersionTLS12
cipherSuites:
- TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 # TLS 1.2
- TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305 # TLS 1.2
- TLS_AES_256_GCM_SHA384 # TLS 1.3
- TLS_CHACHA20_POLY1305_SHA256 # TLS 1.3
curvePreferences:
- CurveP521
- CurveP384
sniStrict: true

36
docs/content/user-guides/crd-acme/index.md
View File

@@ -44,20 +44,25 @@ Let's now have a look (in the order they should be applied, if using `kubectl ap
### IngressRoute Definition
First, the definition of the `IngressRoute` and the `Middleware` kinds.
Also note the RBAC authorization resources; they'll be referenced through the `serviceAccountName` of the deployment, later on.
First, you will need to install Traefik CRDs containing the definition of the `IngressRoute` and the `Middleware` kinds,
and the RBAC authorization resources which will be referenced through the `serviceAccountName` of the deployment.
```yaml
--8<-- "content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml"
```bash
# Install Traefik Resource Definitions:
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.8/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
---
--8<-- "content/reference/dynamic-configuration/kubernetes-crd-rbac.yml"
# Install RBAC for Traefik:
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.8/docs/content/reference/dynamic-configuration/kubernetes-crd-rbac.yml
```
### Services
Then, the services. One for Traefik itself, and one for the app it routes for, i.e. in this case our demo HTTP server: [whoami](https://github.com/traefik/whoami).
```bash
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.8/docs/content/user-guides/crd-acme/02-services.yml
```
```yaml
--8<-- "content/user-guides/crd-acme/02-services.yml"
```
@@ -67,6 +72,10 @@ Then, the services. One for Traefik itself, and one for the app it routes for, i
Next, the deployments, i.e. the actual pods behind the services.
Again, one pod for Traefik, and one for the whoami app.
```bash
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.8/docs/content/user-guides/crd-acme/03-deployments.yml
```
```yaml
--8<-- "content/user-guides/crd-acme/03-deployments.yml"
```
@@ -91,7 +100,7 @@ Look it up.
We can now finally apply the actual ingressRoutes, with:
```bash
kubectl apply -f 04-ingressroutes.yml
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.8/docs/content/user-guides/crd-acme/04-ingressroutes.yml
```
```yaml
@@ -110,3 +119,16 @@ curl http://your.example.com:8000/notls
```
Note that you'll have to use `-k` as long as you're using the staging server of Let's Encrypt, since it is not an authorized certificate authority on systems where it hasn't been manually added.
### Force TLS v1.2+
Nowadays, TLS v1.0 and v1.1 are deprecated.
In order to force TLS v1.2 or later on all your IngressRoute, you can define the `default` TLSOption:
```bash
kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.8/docs/content/user-guides/crd-acme/05-tlsoption.yml
```
```yaml
--8<-- "content/user-guides/crd-acme/05-tlsoption.yml"
```

2
docs/content/user-guides/docker-compose/basic-example/index.md
View File

@@ -93,3 +93,5 @@ whoami:
# Allow request only from the predefined entry point named "web"
- "traefik.http.routers.whoami.entrypoints=web"
```
{!traefik-for-business-applications.md!}

12
docs/mkdocs.yml
View File

@@ -55,9 +55,9 @@ markdown_extensions:
- pymdownx.tasklist
- pymdownx.snippets:
check_paths: true
# - markdown_include.include:
# base_path: content/includes/
# encoding: utf-8
- markdown_include.include:
base_path: content/includes/
encoding: utf-8
- toc:
permalink: true
@@ -66,7 +66,9 @@ nav:
- 'Welcome': 'index.md'
- 'Getting Started':
- 'Concepts' : 'getting-started/concepts.md'
- 'Quick Start': 'getting-started/quick-start.md'
- 'Quick Start':
- 'Docker': 'getting-started/quick-start.md'
- 'Kubernetes': 'getting-started/quick-start-with-kubernetes.md'
- 'Configuration Introduction': 'getting-started/configuration-overview.md'
- 'Install Traefik': 'getting-started/install-traefik.md'
- 'Frequently Asked Questions': 'getting-started/faq.md'
@@ -138,7 +140,7 @@ nav:
- 'InFlightConn': 'middlewares/tcp/inflightconn.md'
- 'IpWhitelist': 'middlewares/tcp/ipwhitelist.md'
- 'Traefik Hub': 'traefik-hub/index.md'
- 'Plugins & Traefik Pilot': 'plugins/index.md'
- 'Plugins & Plugin Catalog': 'plugins/index.md'
- 'Operations':
- 'CLI': 'operations/cli.md'
- 'Dashboard' : 'operations/dashboard.md'

1
docs/readme.md
View File

@@ -8,7 +8,6 @@
| mkdocs-material | [documentation][mkdocs-material] | [Sources][mkdocs-material-src] |
| pymdown-extensions| [documentation][pymdown-extensions] | [Sources][pymdown-extensions-src] |
[mkdocs]: https://www.mkdocs.org "Mkdocs"
[mkdocs-src]: https://github.com/mkdocs/mkdocs "Mkdocs - Sources"

2
docs/requirements.txt
View File

@@ -32,7 +32,7 @@ Pygments==2.11.2
pymdown-extensions==7.0
pyparsing==2.4.7
python-dateutil==2.8.2
PyYAML==6.0
PyYAML==6.0.1
pyyaml-env-tag==0.1
requests==2.25.1
retrying==1.3.3

16
docs/scripts/netlify-run.sh
View File

@@ -1,16 +0,0 @@
#!/bin/bash
#
# This script is run in netlify environment to build and validate
# the website for documentation
CURRENT_DIR="$(cd "$(dirname "${0}")" && pwd -P)"
#### Build website
# Provide the URL for this deployment to Mkdocs
echo "${DEPLOY_PRIME_URL}" > "${CURRENT_DIR}/../CNAME"
sed -i "s#site_url:.*#site_url: ${DEPLOY_PRIME_URL}#" "${CURRENT_DIR}/../mkdocs.yml"
# Build
mkdocs build
exit 0

2
exp.Dockerfile
View File

@@ -12,7 +12,7 @@ RUN yarn install
RUN yarn build
# BUILD
FROM golang:1.17-alpine as gobuild
FROM golang:1.19-alpine as gobuild
RUN apk --no-cache --no-progress add git mercurial bash gcc musl-dev curl tar ca-certificates tzdata \
&& update-ca-certificates \

94
go.mod
View File

@@ -1,13 +1,13 @@
module github.com/traefik/traefik/v2
go 1.17
go 1.19
require (
github.com/BurntSushi/toml v1.0.0
github.com/BurntSushi/toml v1.1.0
github.com/ExpediaDotCom/haystack-client-go v0.0.0-20190315171017-e7edbdf53a61
github.com/Masterminds/sprig/v3 v3.2.2
github.com/abbot/go-http-auth v0.0.0-00010101000000-000000000000
github.com/aws/aws-sdk-go v1.39.0
github.com/aws/aws-sdk-go v1.44.47
github.com/cenkalti/backoff/v4 v4.1.1
github.com/compose-spec/compose-go v1.0.3
github.com/containous/alice v0.0.0-20181107144136-d83ebdd94cbd
@@ -28,16 +28,16 @@ require (
github.com/gorilla/websocket v1.5.0
github.com/hashicorp/consul v1.10.4
github.com/hashicorp/consul/api v1.12.0
github.com/hashicorp/go-hclog v0.16.1
github.com/hashicorp/go-hclog v0.16.2
github.com/hashicorp/go-multierror v1.1.1
github.com/hashicorp/go-version v1.3.0
github.com/hashicorp/nomad/api v0.0.0-20220506174431-b5665129cd1f
github.com/influxdata/influxdb-client-go/v2 v2.7.0
github.com/influxdata/influxdb1-client v0.0.0-20191209144304-8bf82d3c094d
github.com/instana/go-sensor v1.38.3
github.com/klauspost/compress v1.13.0
github.com/kvtools/valkeyrie v0.4.0
github.com/lucas-clemente/quic-go v0.27.0
github.com/klauspost/compress v1.14.2
github.com/kvtools/valkeyrie v0.4.2-0.20220810161836-a9a70ee3f199
github.com/lucas-clemente/quic-go v0.28.1
github.com/mailgun/ttlmap v0.0.0-20170619185759-c1c17f74874f
github.com/miekg/dns v1.1.47
github.com/mitchellh/copystructure v1.0.0
@@ -49,14 +49,14 @@ require (
github.com/patrickmn/go-cache v2.1.0+incompatible
github.com/pires/go-proxyproto v0.6.1
github.com/pmezard/go-difflib v1.0.0
github.com/prometheus/client_golang v1.11.0
github.com/prometheus/client_golang v1.12.2-0.20220704083116-e8f91604d835
github.com/prometheus/client_model v0.2.0
github.com/rancher/go-rancher-metadata v0.0.0-20200311180630-7f4c936a06ac
github.com/sirupsen/logrus v1.8.1
github.com/stretchr/testify v1.7.1
github.com/stretchr/testify v1.8.0
github.com/stvp/go-udp-testing v0.0.0-20191102171040-06b61409b154
github.com/traefik/paerser v0.1.5
github.com/traefik/yaegi v0.12.0
github.com/traefik/paerser v0.1.9
github.com/traefik/yaegi v0.14.2
github.com/uber/jaeger-client-go v2.30.0+incompatible
github.com/uber/jaeger-lib v2.2.0+incompatible
github.com/unrolled/render v1.0.2
@@ -67,13 +67,14 @@ require (
go.elastic.co/apm v1.13.1
go.elastic.co/apm/module/apmot v1.13.1
golang.org/x/mod v0.4.2
golang.org/x/net v0.0.0-20220425223048-2871e0cb64e4
golang.org/x/time v0.0.0-20210723032227-1f47c861a9ac
golang.org/x/net v0.0.0-20220927171203-f486391704dc
golang.org/x/text v0.3.7
golang.org/x/time v0.0.0-20211116232009-f0f3c7e86c11
golang.org/x/tools v0.1.6-0.20210726203631-07bc1bf47fb2
google.golang.org/grpc v1.38.0
gopkg.in/DataDog/dd-trace-go.v1 v1.19.0
gopkg.in/DataDog/dd-trace-go.v1 v1.38.1
gopkg.in/fsnotify.v1 v1.4.7
gopkg.in/yaml.v3 v3.0.0-20210107192922-496545a6307b
gopkg.in/yaml.v3 v3.0.1
k8s.io/api v0.22.1
k8s.io/apiextensions-apiserver v0.21.3
k8s.io/apimachinery v0.22.1
@@ -98,11 +99,14 @@ require (
github.com/Azure/go-autorest/autorest/validation v0.3.1 // indirect
github.com/Azure/go-autorest/logger v0.2.1 // indirect
github.com/Azure/go-autorest/tracing v0.6.0 // indirect
github.com/DataDog/datadog-go v3.2.0+incompatible // indirect
github.com/DataDog/datadog-agent/pkg/obfuscate v0.0.0-20211129110424-6491aa3bf583 // indirect
github.com/DataDog/datadog-go v4.8.2+incompatible // indirect
github.com/DataDog/datadog-go/v5 v5.0.2 // indirect
github.com/DataDog/sketches-go v1.0.0 // indirect
github.com/HdrHistogram/hdrhistogram-go v1.1.2 // indirect
github.com/Masterminds/goutils v1.1.1 // indirect
github.com/Masterminds/semver/v3 v3.1.1 // indirect
github.com/Microsoft/go-winio v0.4.17 // indirect
github.com/Microsoft/go-winio v0.5.1 // indirect
github.com/Microsoft/hcsshim v0.8.23 // indirect
github.com/OpenDNS/vegadns2client v0.0.0-20180418235048-a3fa4a771d87 // indirect
github.com/Shopify/sarama v1.23.1 // indirect
@@ -115,7 +119,7 @@ require (
github.com/beorn7/perks v1.0.1 // indirect
github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc // indirect
github.com/buger/goterm v1.0.0 // indirect
github.com/cespare/xxhash/v2 v2.1.1 // indirect
github.com/cespare/xxhash/v2 v2.1.2 // indirect
github.com/cheekybits/genny v1.0.0 // indirect
github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible // indirect
github.com/circonus-labs/circonusllhist v0.1.3 // indirect
@@ -130,6 +134,8 @@ require (
github.com/coreos/go-systemd/v22 v22.3.2 // indirect
github.com/cpu/goacmedns v0.1.1 // indirect
github.com/deepmap/oapi-codegen v1.8.2 // indirect
github.com/dgraph-io/ristretto v0.1.0 // indirect
github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect
github.com/dimchansky/utfbom v1.1.1 // indirect
github.com/distribution/distribution/v3 v3.0.0-20210316161203-a01c71e2477e // indirect
github.com/dnsimple/dnsimple-go v0.70.1 // indirect
@@ -140,6 +146,7 @@ require (
github.com/docker/go-metrics v0.0.1 // indirect
github.com/docker/go-units v0.4.0 // indirect
github.com/donovanhide/eventsource v0.0.0-20170630084216-b8f31a59085e // indirect
github.com/dustin/go-humanize v1.0.0 // indirect
github.com/elastic/go-licenser v0.3.1 // indirect
github.com/elastic/go-sysinfo v1.1.1 // indirect
github.com/elastic/go-windows v1.0.0 // indirect
@@ -150,18 +157,19 @@ require (
github.com/fsnotify/fsnotify v1.5.1 // indirect
github.com/fvbommel/sortorder v1.0.1 // indirect
github.com/go-errors/errors v1.0.1 // indirect
github.com/go-logfmt/logfmt v0.5.0 // indirect
github.com/go-logfmt/logfmt v0.5.1 // indirect
github.com/go-logr/logr v0.4.0 // indirect
github.com/go-redis/redis/v8 v8.11.5 // indirect
github.com/go-resty/resty/v2 v2.1.1-0.20191201195748-d7b97669fe48 // indirect
github.com/go-task/slim-sprig v0.0.0-20210107165309-348f09dbbbc0 // indirect
github.com/go-zookeeper/zk v1.0.2 // indirect
github.com/gofrs/flock v0.8.0 // indirect
github.com/gofrs/uuid v3.3.0+incompatible // indirect
github.com/gofrs/uuid v4.0.0+incompatible // indirect
github.com/gogo/googleapis v1.4.0 // indirect
github.com/gogo/protobuf v1.3.2 // indirect
github.com/golang/glog v0.0.0-20160126235308-23def4e6c14b // indirect
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
github.com/golang/mock v1.6.0 // indirect
github.com/golang/snappy v0.0.3 // indirect
github.com/google/btree v1.0.1 // indirect
github.com/google/go-cmp v0.5.7 // indirect
github.com/google/go-querystring v1.1.0 // indirect
@@ -172,15 +180,14 @@ require (
github.com/googleapis/gnostic v0.5.5 // indirect
github.com/gophercloud/gophercloud v0.16.0 // indirect
github.com/gophercloud/utils v0.0.0-20210216074907-f6de111f2eae // indirect
github.com/gorilla/context v1.1.1 // indirect
github.com/gravitational/trace v1.1.16-0.20220114165159-14a9a7dd6aaf // indirect
github.com/grpc-ecosystem/go-grpc-middleware v1.2.0 // indirect
github.com/grpc-ecosystem/grpc-opentracing v0.0.0-20180507213350-8e809c8a8645 // indirect
github.com/hashicorp/consul/sdk v0.8.0 // indirect
github.com/hashicorp/cronexpr v1.1.1 // indirect
github.com/hashicorp/errwrap v1.0.0 // indirect
github.com/hashicorp/errwrap v1.1.0 // indirect
github.com/hashicorp/go-cleanhttp v0.5.2 // indirect
github.com/hashicorp/go-immutable-radix v1.3.0 // indirect
github.com/hashicorp/go-immutable-radix v1.3.1 // indirect
github.com/hashicorp/go-msgpack v0.5.5 // indirect
github.com/hashicorp/go-retryablehttp v0.7.1 // indirect
github.com/hashicorp/go-rootcerts v1.0.2 // indirect
@@ -205,6 +212,7 @@ require (
github.com/jmespath/go-jmespath v0.4.0 // indirect
github.com/joeshaw/multierror v0.0.0-20140124173710-69b34d4ec901 // indirect
github.com/jonboulle/clockwork v0.2.2 // indirect
github.com/josharian/intern v1.0.0 // indirect
github.com/json-iterator/go v1.1.12 // indirect
github.com/k0kubun/go-ansi v0.0.0-20180517002512-3bf9e2903213 // indirect
github.com/kballard/go-shellquote v0.0.0-20180428030007-95032a82bc51 // indirect
@@ -219,12 +227,14 @@ require (
github.com/mailgun/minheap v0.0.0-20170619185613-3dbe6c6bf55f // indirect
github.com/mailgun/multibuf v0.1.2 // indirect
github.com/mailgun/timetools v0.0.0-20141028012446-7e6055773c51 // indirect
github.com/mailru/easyjson v0.7.7 // indirect
github.com/marten-seemann/qpack v0.2.1 // indirect
github.com/marten-seemann/qtls-go1-16 v0.1.5 // indirect
github.com/marten-seemann/qtls-go1-17 v0.1.1 // indirect
github.com/marten-seemann/qtls-go1-18 v0.1.1 // indirect
github.com/mattn/go-colorable v0.1.8 // indirect
github.com/mattn/go-isatty v0.0.12 // indirect
github.com/marten-seemann/qtls-go1-17 v0.1.2 // indirect
github.com/marten-seemann/qtls-go1-18 v0.1.2 // indirect
github.com/marten-seemann/qtls-go1-19 v0.1.0-beta.1 // indirect
github.com/mattn/go-colorable v0.1.11 // indirect
github.com/mattn/go-isatty v0.0.14 // indirect
github.com/mattn/go-shellwords v1.0.12 // indirect
github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 // indirect
github.com/mgutz/ansi v0.0.0-20170206155736-9520e82c474b // indirect
@@ -250,18 +260,18 @@ require (
github.com/nrdcg/namesilo v0.2.1 // indirect
github.com/nrdcg/porkbun v0.1.1 // indirect
github.com/nxadm/tail v1.4.8 // indirect
github.com/onsi/ginkgo v1.16.4 // indirect
github.com/onsi/ginkgo v1.16.5 // indirect
github.com/opencontainers/go-digest v1.0.0 // indirect
github.com/opencontainers/image-spec v1.0.2 // indirect
github.com/opencontainers/runc v1.0.2 // indirect
github.com/opentracing-contrib/go-observer v0.0.0-20170622124052-a52f23424492 // indirect
github.com/oracle/oci-go-sdk v24.3.0+incompatible // indirect
github.com/ovh/go-ovh v1.1.0 // indirect
github.com/philhofer/fwd v1.0.0 // indirect
github.com/philhofer/fwd v1.1.1 // indirect
github.com/pkg/errors v0.9.1 // indirect
github.com/pquerna/otp v1.3.0 // indirect
github.com/prometheus/common v0.26.0 // indirect
github.com/prometheus/procfs v0.6.0 // indirect
github.com/prometheus/common v0.35.0 // indirect
github.com/prometheus/procfs v0.7.3 // indirect
github.com/sacloud/libsacloud v1.36.2 // indirect
github.com/sanathkr/go-yaml v0.0.0-20170819195128-ed9d249f429b // indirect
github.com/santhosh-tekuri/jsonschema v1.2.4 // indirect
@@ -275,11 +285,11 @@ require (
github.com/spf13/cast v1.3.1 // indirect
github.com/spf13/cobra v1.2.1 // indirect
github.com/spf13/pflag v1.0.5 // indirect
github.com/stretchr/objx v0.3.0 // indirect
github.com/stretchr/objx v0.4.0 // indirect
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common v1.0.287 // indirect
github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/dnspod v1.0.287 // indirect
github.com/theupdateframework/notary v0.6.1 // indirect
github.com/tinylib/msgp v1.0.2 // indirect
github.com/tinylib/msgp v1.1.2 // indirect
github.com/tonistiigi/fsutil v0.0.0-20201103201449-0834f99b7b85 // indirect
github.com/tonistiigi/units v0.0.0-20180711220420-6950e57a87ea // indirect
github.com/transip/gotransip/v6 v6.6.1 // indirect
@@ -291,9 +301,9 @@ require (
github.com/xeipuuv/gojsonschema v1.2.0 // indirect
go.elastic.co/apm/module/apmhttp v1.13.1 // indirect
go.elastic.co/fastjson v1.1.0 // indirect
go.etcd.io/etcd/api/v3 v3.5.0 // indirect
go.etcd.io/etcd/client/pkg/v3 v3.5.0 // indirect
go.etcd.io/etcd/client/v3 v3.5.0 // indirect
go.etcd.io/etcd/api/v3 v3.5.4 // indirect
go.etcd.io/etcd/client/pkg/v3 v3.5.4 // indirect
go.etcd.io/etcd/client/v3 v3.5.4 // indirect
go.opencensus.io v0.23.0 // indirect
go.uber.org/atomic v1.7.0 // indirect
go.uber.org/multierr v1.6.0 // indirect
@@ -301,20 +311,18 @@ require (
go.uber.org/zap v1.18.1 // indirect
golang.org/x/crypto v0.0.0-20220427172511-eb4f295cb31f // indirect
golang.org/x/lint v0.0.0-20210508222113-6edffad5e616 // indirect
golang.org/x/oauth2 v0.0.0-20210402161424-2e8d93401602 // indirect
golang.org/x/oauth2 v0.0.0-20220223155221-ee480838109b // indirect
golang.org/x/sync v0.0.0-20210220032951-036812b2e83c // indirect
golang.org/x/sys v0.0.0-20220307203707-22a9840ba4d7 // indirect
golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10 // indirect
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211 // indirect
golang.org/x/text v0.3.7 // indirect
golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect
google.golang.org/api v0.44.0 // indirect
google.golang.org/appengine v1.6.7 // indirect
google.golang.org/genproto v0.0.0-20210602131652-f16073e35f0c // indirect
google.golang.org/protobuf v1.27.1 // indirect
google.golang.org/protobuf v1.28.0 // indirect
gopkg.in/inf.v0 v0.9.1 // indirect
gopkg.in/ini.v1 v1.62.0 // indirect
gopkg.in/ns1/ns1-go.v2 v2.6.2 // indirect
gopkg.in/redis.v5 v5.2.9 // indirect
gopkg.in/square/go-jose.v2 v2.6.0 // indirect
gopkg.in/tomb.v1 v1.0.0-20141024135613-dd632973f1e7 // indirect
gopkg.in/yaml.v2 v2.4.0 // indirect
@@ -329,7 +337,7 @@ require (
replace (
github.com/abbot/go-http-auth => github.com/containous/go-http-auth v0.4.1-0.20200324110947-a37a7636d23e
github.com/go-check/check => github.com/containous/check v0.0.0-20170915194414-ca0bf163426a
github.com/gorilla/mux => github.com/containous/mux v0.0.0-20220113180107-8ffa4f6d063c
github.com/gorilla/mux => github.com/containous/mux v0.0.0-20220627093034-b2dd784e613f
github.com/mailgun/minheap => github.com/containous/minheap v0.0.0-20190809180810-6e71eb837595
)

453
go.sum
View File

File diff suppressed because it is too large Load Diff

4
integration/consul_catalog_test.go
View File

@@ -603,7 +603,7 @@ func (s *ConsulCatalogSuite) TestConsulServiceWithOneMissingLabels(c *check.C) {
c.Assert(err, checker.IsNil)
req.Host = "my.super.host"
// FIXME Need to wait than 500 milliseconds more (for swarm or traefik to boot up ?)
// TODO Need to wait than 500 milliseconds more (for swarm or traefik to boot up ?)
// TODO validate : run on 80
// Expected a 404 as we did not configure anything
err = try.Request(req, 1500*time.Millisecond, try.StatusCodeIs(http.StatusNotFound))
@@ -681,7 +681,7 @@ func (s *ConsulCatalogSuite) TestConsulServiceWithHealthCheck(c *check.C) {
c.Assert(err, checker.IsNil)
req.Host = "whoami"
// FIXME Need to wait for up to 10 seconds (for consul discovery or traefik to boot up ?)
// TODO Need to wait for up to 10 seconds (for consul discovery or traefik to boot up ?)
err = try.Request(req, 10*time.Second, try.StatusCodeIs(200), try.BodyContainsOr("Hostname: whoami2"))
c.Assert(err, checker.IsNil)

4
integration/consul_test.go
View File

@@ -2,6 +2,7 @@ package integration
import (
"bytes"
"context"
"encoding/json"
"fmt"
"net"
@@ -36,6 +37,7 @@ func (s *ConsulSuite) setupStore(c *check.C) {
consul.Register()
kv, err := valkeyrie.NewStore(
context.Background(),
store.CONSUL,
[]string{consulAddr},
&store.Config{
@@ -105,7 +107,7 @@ func (s *ConsulSuite) TestSimpleConfiguration(c *check.C) {
}
for k, v := range data {
err := s.kvClient.Put(k, []byte(v), nil)
err := s.kvClient.Put(context.Background(), k, []byte(v), nil)
c.Assert(err, checker.IsNil)
}

10
integration/docker_test.go
View File

@@ -78,7 +78,7 @@ func (s *DockerSuite) TestDefaultDockerContainers(c *check.C) {
c.Assert(err, checker.IsNil)
req.Host = fmt.Sprintf("simple-%s.docker.localhost", s.composeProject.Name)
// FIXME Need to wait than 500 milliseconds more (for swarm or traefik to boot up ?)
// TODO Need to wait than 500 milliseconds more (for swarm or traefik to boot up ?)
resp, err := try.ResponseUntilStatusCode(req, 1500*time.Millisecond, http.StatusOK)
c.Assert(err, checker.IsNil)
@@ -147,7 +147,7 @@ func (s *DockerSuite) TestDockerContainersWithLabels(c *check.C) {
c.Assert(err, checker.IsNil)
req.Host = "my-super.host"
// FIXME Need to wait than 500 milliseconds more (for swarm or traefik to boot up ?)
// TODO Need to wait than 500 milliseconds more (for swarm or traefik to boot up ?)
_, err = try.ResponseUntilStatusCode(req, 1500*time.Millisecond, http.StatusOK)
c.Assert(err, checker.IsNil)
@@ -155,7 +155,7 @@ func (s *DockerSuite) TestDockerContainersWithLabels(c *check.C) {
c.Assert(err, checker.IsNil)
req.Host = "my.super.host"
// FIXME Need to wait than 500 milliseconds more (for swarm or traefik to boot up ?)
// TODO Need to wait than 500 milliseconds more (for swarm or traefik to boot up ?)
resp, err := try.ResponseUntilStatusCode(req, 1500*time.Millisecond, http.StatusOK)
c.Assert(err, checker.IsNil)
@@ -194,7 +194,7 @@ func (s *DockerSuite) TestDockerContainersWithOneMissingLabels(c *check.C) {
c.Assert(err, checker.IsNil)
req.Host = "my.super.host"
// FIXME Need to wait than 500 milliseconds more (for swarm or traefik to boot up ?)
// TODO Need to wait than 500 milliseconds more (for swarm or traefik to boot up ?)
// TODO validate : run on 80
// Expected a 404 as we did not configure anything
err = try.Request(req, 1500*time.Millisecond, try.StatusCodeIs(http.StatusNotFound))
@@ -227,7 +227,7 @@ func (s *DockerSuite) TestRestartDockerContainers(c *check.C) {
c.Assert(err, checker.IsNil)
req.Host = "my.super.host"
// FIXME Need to wait than 500 milliseconds more (for swarm or traefik to boot up ?)
// TODO Need to wait than 500 milliseconds more (for swarm or traefik to boot up ?)
resp, err := try.ResponseUntilStatusCode(req, 1500*time.Millisecond, http.StatusOK)
c.Assert(err, checker.IsNil)

4
integration/etcd_test.go
View File

@@ -2,6 +2,7 @@ package integration
import (
"bytes"
"context"
"encoding/json"
"net"
"net/http"
@@ -35,6 +36,7 @@ func (s *EtcdSuite) SetUpSuite(c *check.C) {
var err error
s.etcdAddr = net.JoinHostPort(s.getComposeServiceIP(c, "etcd"), "2379")
s.kvClient, err = valkeyrie.NewStore(
context.Background(),
store.ETCDV3,
[]string{s.etcdAddr},
&store.Config{
@@ -101,7 +103,7 @@ func (s *EtcdSuite) TestSimpleConfiguration(c *check.C) {
}
for k, v := range data {
err := s.kvClient.Put(k, []byte(v), nil)
err := s.kvClient.Put(context.Background(), k, []byte(v), nil)
c.Assert(err, checker.IsNil)
}

79
integration/fixtures/https/clientca/README.md
View File

@@ -1,9 +1,38 @@
# This is how the certs were created
Password: traefik
```bash
# ca1.example.com
# Country Name (2 letter code) [AU]:.
# State or Province Name (full name) [Some-State]:.
# Locality Name (eg, city) []:.
# Organization Name (eg, company) [Internet Widgits Pty Ltd]:.
# Organizational Unit Name (eg, section) []:.
# Common Name (e.g. server FQDN or YOUR name) []:ca1.example.com
# Email Address []:.
openssl req -new -newkey rsa:2048 -x509 -days 3650 -extensions v3_ca -keyout ca1.pem -out ca1.crt
# ca2.example.com
# Country Name (2 letter code) [AU]:.
# State or Province Name (full name) [Some-State]:.
# Locality Name (eg, city) []:.
# Organization Name (eg, company) [Internet Widgits Pty Ltd]:.
# Organizational Unit Name (eg, section) []:.
# Common Name (e.g. server FQDN or YOUR name) []:ca2.example.com
# Email Address []:.
openssl req -new -newkey rsa:2048 -x509 -days 3650 -extensions v3_ca -keyout ca2.pem -out ca2.crt
# ca3.example.com
# Country Name (2 letter code) [AU]:.
# State or Province Name (full name) [Some-State]:.
# Locality Name (eg, city) []:.
# Organization Name (eg, company) [Internet Widgits Pty Ltd]:.
# Organizational Unit Name (eg, section) []:.
# Common Name (e.g. server FQDN or YOUR name) []:ca3.example.com
# Email Address []:.
openssl req -new -newkey rsa:2048 -x509 -days 3650 -extensions v3_ca -keyout ca3.pem -out ca3.crt
openssl rsa -in ca1.pem -out ca1.key
openssl rsa -in ca2.pem -out ca2.key
openssl rsa -in ca3.pem -out ca3.key
@@ -14,8 +43,58 @@ openssl genrsa -out client1.key 2048
openssl genrsa -out client2.key 2048
openssl genrsa -out client3.key 2048
# Country Name (2 letter code) [AU]:.
# State or Province Name (full name) [Some-State]:.
# Locality Name (eg, city) []:.
# Organization Name (eg, company) [Internet Widgits Pty Ltd]:.
# Organizational Unit Name (eg, section) []:.
# Common Name (e.g. server FQDN or YOUR name) []:clien1.example.com
# Email Address []:.
#
# Please enter the following 'extra' attributes
# to be sent with your certificate request
# A challenge password []:
#
# Issuer
# CN = ca1.example.com
# Subject
# CN = clien1.example.com
openssl req -key client1.key -new -out client1.csr
# Country Name (2 letter code) [AU]:.
# State or Province Name (full name) [Some-State]:.
# Locality Name (eg, city) []:.
# Organization Name (eg, company) [Internet Widgits Pty Ltd]:.
# Organizational Unit Name (eg, section) []:.
# Common Name (e.g. server FQDN or YOUR name) []:client2.example.com
# Email Address []:.
#
# Please enter the following 'extra' attributes
# to be sent with your certificate request
# A challenge password []:
#
# Issuer
# CN = ca2.example.com
# Subject
# CN = client2.example.com
openssl req -key client2.key -new -out client2.csr
# Country Name (2 letter code) [AU]:.
# State or Province Name (full name) [Some-State]:.
# Locality Name (eg, city) []:.
# Organization Name (eg, company) [Internet Widgits Pty Ltd]:.
# Organizational Unit Name (eg, section) []:.
# Common Name (e.g. server FQDN or YOUR name) []:client3.example.com
# Email Address []:.
#
# Please enter the following 'extra' attributes
# to be sent with your certificate request
# A challenge password []:
#
# Issuer
# CN = ca3.example.com
# Subject
# CN = client3.example.com
openssl req -key client3.key -new -out client3.csr
openssl x509 -req -days 3650 -in client1.csr -CA ca1.crt -CAkey ca1.key -CAcreateserial -out client1.crt

35
integration/fixtures/https/clientca/ca1.crt
View File

@@ -1,20 +1,19 @@
-----BEGIN CERTIFICATE-----
MIIDMjCCAhqgAwIBAgIJAKXHiSnQw6LqMA0GCSqGSIb3DQEBBQUAMBoxGDAWBgNV
BAMTD2NhMS5leGFtcGxlLmNvbTAeFw0xNjA2MTgxMzAyNDdaFw0yNjA2MTYxMzAy
NDdaMBoxGDAWBgNVBAMTD2NhMS5leGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBAL9ZNf1Pqu30i/DUyAAbEVFfCvGEmN9hfGAK44IrBqfC
1ziW2Lfg2AkswNIC/T6M+lcoN0ftPhJpnP2Cdz9U/gF9FMd/XAGY/SOiun7wC8so
qdab7CMDlHP1c/XiL7lGEdm9RfynLcJ5JJn2X7mXwEZTviFtiJVmaoAl3TVNy3MZ
ZyfjNac9sA5idpX66TpVO9tE1gu71nRkBvTEzO/IYv8rcWQmogvH7DN3UurP3RUK
weij01rekG3OOOXUlQgZO6mhuvrKes9Xoc901bmTkOgTq7wIFf2AZozU4wy6kZfM
0sdzmjMpuEr7oROepvtzFiVyNIEGDJ3QvEEY4QJaFvcCAwEAAaN7MHkwHQYDVR0O
BBYEFFyJ/cSOOvcsfu+WLZbi/u3t8W/uMEoGA1UdIwRDMEGAFFyJ/cSOOvcsfu+W
LZbi/u3t8W/uoR6kHDAaMRgwFgYDVQQDEw9jYTEuZXhhbXBsZS5jb22CCQClx4kp
0MOi6jAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQCOBLJJF0esBVLX
xmj0xa0TREXTxco40e/fmUU1cGYgl1UCCZI7MLDcl6k6Km9Sbp/LCpZx88mtLwGY
wUss2mQ058kqiUrpb/U8xEbglLrRtsp1y8z7lood/8ru39zj1/9X4MFyqNi6390I
zxZNf2QauUS1TMxgv6UhVE52JaAL+sn2hqA6IaSYeT9NFzFsulCr29mxlIC9SzUr
Mbqri9LKX5aciy78+hQBKdXoJ5raRwttBvULabOrLhZdyvvL6QfcdgRV+JOT7vKn
htQahWSKoqhdpM6Q2pXP42/MyuKXFB5Nk8fnFiIoXH0Bs9vlPLOvToM2jYJ+LlDd
85qbL4eP
MIIDFTCCAf2gAwIBAgIUd9ORKqy5CUX4DnPlEEZ/d+IiUvYwDQYJKoZIhvcNAQEL
BQAwGjEYMBYGA1UEAwwPY2ExLmV4YW1wbGUuY29tMB4XDTIyMDgwODEyNTQwMVoX
DTMyMDgwNTEyNTQwMVowGjEYMBYGA1UEAwwPY2ExLmV4YW1wbGUuY29tMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8AxPNLi5i9HrE2EdUgrKNIaLHaZP
44hVkqbt6eKlTTs2u9TUNQM+DFPOHhZ5vyRCEthNv1gXhIY0K7qcJZd8Ot1+h+Yo
sEoSU3i4WCeYhG5QWgcRmxPsZ40HGd943HkyFPE3MIAkviZ2oLxoU7Iw3F8Ly2n+
5oFJOlPrIMKYF4JmMpa5WqHwjAZBkNa9avrjXmNaPHTB0a7DRCeq+qackoaseTJ2
X0wfFSZsd4d0anyhYKaUlJGe8bSukkyXKzl//15zWf9TBtCf+gi38Iprn5jpr8hj
We0o7393UmXwQyKvPZds46p3l4Lx0PRcqf867pBtbpTVJiLVr48G462aPQIDAQAB
o1MwUTAdBgNVHQ4EFgQURvvnzmb0HYP3fSIlUKBTuUljwJ0wHwYDVR0jBBgwFoAU
Rvvnzmb0HYP3fSIlUKBTuUljwJ0wDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0B
AQsFAAOCAQEAcBY+kp7Rn4pfJXKCusgaLQ21SKuZXecnZeXYUn8TwUgfjL+oNVzh
ftQq6kD+CaYXFwAzYMi43nbJevMULqsH3R14ZTeE2zBKu+u4Q+qYQEPfVV59OfQj
FxlS9yhmOnQK3FofDNbBXMpV50Zbadgq3uYL+2DiO/bTpZ2zM7jaBJkv6PRhgXM0
lw9Qg9lhQWShWocMXlSS5QTddNlDBLxWI70GARS1Qj6bjhF4WMV04/aAd+m7tVgD
ygfs3+y3lvfZxloUDoatVs6sM/03MgZFwSPNWryRzMol3162pPnm6B2PtWsCcJvu
YnXB6GI9cjYqjofBUQL/OgWBqgyghUbtMQ==
-----END CERTIFICATE-----

50
integration/fixtures/https/clientca/ca1.key
View File

@@ -1,27 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAv1k1/U+q7fSL8NTIABsRUV8K8YSY32F8YArjgisGp8LXOJbY
t+DYCSzA0gL9Poz6Vyg3R+0+Emmc/YJ3P1T+AX0Ux39cAZj9I6K6fvALyyip1pvs
IwOUc/Vz9eIvuUYR2b1F/KctwnkkmfZfuZfARlO+IW2IlWZqgCXdNU3LcxlnJ+M1
pz2wDmJ2lfrpOlU720TWC7vWdGQG9MTM78hi/ytxZCaiC8fsM3dS6s/dFQrB6KPT
Wt6Qbc445dSVCBk7qaG6+sp6z1ehz3TVuZOQ6BOrvAgV/YBmjNTjDLqRl8zSx3Oa
Mym4SvuhE56m+3MWJXI0gQYMndC8QRjhAloW9wIDAQABAoIBAGJ9g8mn6R5kImfK
zksno4lTt2lLS/im0AMLd8E3bkyJgIgTNOeopupKC9HNUhaRMAYOoC24kpudmv3t
2n1RvRB9FmX9SxlTavCdwQq3egqPGqRpS2lWXWI2dAKa8t+VjniZ8N00G9yeyFUr
OGhqEMDiN9oy6/uiZK0jUDIwocjS5FZMBh+epM7/CnKj3uvqarmFXKcJ4ni28ww4
RPrXDm+VvXa30/hK8q8Eo3C3u39TMvNEaRqMP/zqRY89fbpd1+Okno79dugFhz7D
r/Jae9z4ChFBXegDmA/OkWOdLY5LyvwvpJpONjD/5wImY1OAJlFTg7S+2FcSVvCF
diUJ7/ECgYEA9pHYlJsWAo/izRUVhKRtBAVVjnlidxExuvOGNXpyPjZd5ruXochu
J6tAKA0rSE4RsISFVCrkQmjDgjyKa2D+o/hsTTlW3yrD4TSLI8/MrDtfCw9XRqeE
KqfeqT79Hh0icnsUVYH4eoND9CKuJ/B9NcdyUqRPm7Pnrx07SnhGHd8CgYEAxqqy
MPIDO2dadRqUIhWwMPIBegkZC1eeuv4pNEyukZc4+pXRshKXhvhmvz5NgsaSsKxZ
O6FgqzgTceLEubVYF4hvy1TC+3Fc/PFvh4Fo3SKjtiJRJjRREDWBu6hl16Cw/83j
k6Im//8WD1ri9iFf8RjrBwYH1xHqGTkNEUHl+ekCgYEAzlIWD6uCDFzIJGGLIvXP
fvjTsadivE039r7Fw8QVCnfFtUetxyOHAUysH5d9a0BgTvtk8Zv+ao9tYXI1RUrh
aOV8AlaDmbQYOj8UWsAL/OalTgTlO+r6jhLwH2DkvqkUZQUWa8KY4DMszoGihysW
KsUcpYh2UMyGhqKINXVU/rMCgYEAqJxbG9trDtHLHjRuoPcTUJc01aQ/EzdMSpxH
0FF8n6he/Z6GGMJaxHyyh4GTO3jZKwU7vrZaWzb+mdvC53KXz3FGoKXRzqIKL8uh
wrn8jCJIG97ITMp+OmmPL/veY8HIN3NAwR4QR5jx2hpjIk51JSTm5FEj+k8EBmA7
TPhG/XECgYA9e9B0jgR2aFSAWzpGMZYPW+NdGQlySv94AJmfF8U5J7PmU2BojvVn
bhWNSQk2LI/mTjLgB+liYtLqFGkgIrJdbBOQ8hKSBPGQltSR0Dvf0ZK/0F1hqDTW
m3AUvPZthNMNJIYkTav5a246tyKkmg11nUQsgoqdxCrEiLyv48PFnw==
MIIEpAIBAAKCAQEA8AxPNLi5i9HrE2EdUgrKNIaLHaZP44hVkqbt6eKlTTs2u9TU
NQM+DFPOHhZ5vyRCEthNv1gXhIY0K7qcJZd8Ot1+h+YosEoSU3i4WCeYhG5QWgcR
mxPsZ40HGd943HkyFPE3MIAkviZ2oLxoU7Iw3F8Ly2n+5oFJOlPrIMKYF4JmMpa5
WqHwjAZBkNa9avrjXmNaPHTB0a7DRCeq+qackoaseTJ2X0wfFSZsd4d0anyhYKaU
lJGe8bSukkyXKzl//15zWf9TBtCf+gi38Iprn5jpr8hjWe0o7393UmXwQyKvPZds
46p3l4Lx0PRcqf867pBtbpTVJiLVr48G462aPQIDAQABAoIBAGCZQ4J+18QJbKT2
zrrGNsreXbtHwxxYL799R354Q3cJ3iPGKMNQk7aYPvjiqImfyKsWumrGw2gELZhv
VwjVpht2KMX9e+A9XpSSnvRysrCQR+uCrrYOVXLyUKo7wMJQTzQYQdJVrvOKPPDA
AOe1bG4yHWf1NquB2XsMbDFZvaSvgHafm5ZGs535TB9hejJ5CvWGaX98RC5lBIsk
VMQkRh5A7kynUhcb2ITajaIzNpYtGYaY4arpSrXJ64cmykNC69uviVvYnH6LMnSo
iwBpgooopK0PsDqfQiqpoo9QwvYUfmv0OooDjeilTUkLWsmn7lPkzaWaHOSC0bLJ
+04zzo0CgYEA+BSoMb/JD/VbTo1nOyYMGC+KPc2auyl3OwwzFIjRNhY7gTKnSxjK
a4k4mjtbOqVG6xQawmyP4wdgMgzndjD+gyKArG5QIUrwjtk2NBoW2FCkcUGEv8L/
qhrPcgSKAWPz8rgfSP+veIWPuMQfgngFwFlYL9q9YV512gD0kNUOkjsCgYEA97YC
T3EfxwsLalzjdjuy/ria0lnZJVqFX0/py2Qlf8bNpM9YvAe7llJxrMxF7AEunAt3
mVCQBXuvSBpnC/ii/vkUl2lPscukawP2tx6i/nxIzjkgCAOcceRspJrBCFggRykf
C6ZrHJ2wQ+2eGOvL4EEvkSjfujoBoA/8bpS9hecCgYBVJNnZQUajuIUe/78neNZ7
0o0yywdJJ2EpnfVGHfMYCidgH191kcufftgzbx3Pkfw2II9SnWoA9H4aj309fnFL
1qKtC6tq0cqgbIKC/VVL5tmZmXATVLzkyBDcxBwNgB2w92qdZkv2JHkAZCegYssu
ijuPKRcIfSAbs2o87zLyEwKBgQCd4tjeIdCLYbLI/KPOvIZ+bNPht3r8oBHaimkO
RqrQIrr4jWCVmKgsTChAZ4M5xhcbRwPYKM1jcU5rushrjPL3aXOCfpFZVd9ahpA+
b7ycUENnjmmoMgUJYvsMf8cBton8UW2EU3J6Ltgms9HNOJ4eNe5Hq7HOVSKsDwRq
x0t1iQKBgQDSbmsLFg91TqG3iBRY58vcJFxSUZWBSYn0v5TJBcoJn7ryPIwgNDSH
gcJKB0N7P7tR8fmkeCNFYixuUhUhMQRgsJ+alOoHzOI/TkD0dUXECHykppy2oxVY
/rpxpjrhEqzM0TovTXTTQzvHKgJraAdEurDTJk0zPAwsoF+kwpRGZg==
-----END RSA PRIVATE KEY-----

2
integration/fixtures/https/clientca/ca1.srl
View File

@@ -1 +1 @@
83E81F36599F4400
83E81F36599F4402

70
integration/fixtures/https/clientca/ca1and2.crt
View File

@@ -1,40 +1,38 @@
-----BEGIN CERTIFICATE-----
MIIDMjCCAhqgAwIBAgIJAKXHiSnQw6LqMA0GCSqGSIb3DQEBBQUAMBoxGDAWBgNV
BAMTD2NhMS5leGFtcGxlLmNvbTAeFw0xNjA2MTgxMzAyNDdaFw0yNjA2MTYxMzAy
NDdaMBoxGDAWBgNVBAMTD2NhMS5leGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBAL9ZNf1Pqu30i/DUyAAbEVFfCvGEmN9hfGAK44IrBqfC
1ziW2Lfg2AkswNIC/T6M+lcoN0ftPhJpnP2Cdz9U/gF9FMd/XAGY/SOiun7wC8so
qdab7CMDlHP1c/XiL7lGEdm9RfynLcJ5JJn2X7mXwEZTviFtiJVmaoAl3TVNy3MZ
ZyfjNac9sA5idpX66TpVO9tE1gu71nRkBvTEzO/IYv8rcWQmogvH7DN3UurP3RUK
weij01rekG3OOOXUlQgZO6mhuvrKes9Xoc901bmTkOgTq7wIFf2AZozU4wy6kZfM
0sdzmjMpuEr7oROepvtzFiVyNIEGDJ3QvEEY4QJaFvcCAwEAAaN7MHkwHQYDVR0O
BBYEFFyJ/cSOOvcsfu+WLZbi/u3t8W/uMEoGA1UdIwRDMEGAFFyJ/cSOOvcsfu+W
LZbi/u3t8W/uoR6kHDAaMRgwFgYDVQQDEw9jYTEuZXhhbXBsZS5jb22CCQClx4kp
0MOi6jAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQCOBLJJF0esBVLX
xmj0xa0TREXTxco40e/fmUU1cGYgl1UCCZI7MLDcl6k6Km9Sbp/LCpZx88mtLwGY
wUss2mQ058kqiUrpb/U8xEbglLrRtsp1y8z7lood/8ru39zj1/9X4MFyqNi6390I
zxZNf2QauUS1TMxgv6UhVE52JaAL+sn2hqA6IaSYeT9NFzFsulCr29mxlIC9SzUr
Mbqri9LKX5aciy78+hQBKdXoJ5raRwttBvULabOrLhZdyvvL6QfcdgRV+JOT7vKn
htQahWSKoqhdpM6Q2pXP42/MyuKXFB5Nk8fnFiIoXH0Bs9vlPLOvToM2jYJ+LlDd
85qbL4eP
MIIDFTCCAf2gAwIBAgIUd9ORKqy5CUX4DnPlEEZ/d+IiUvYwDQYJKoZIhvcNAQEL
BQAwGjEYMBYGA1UEAwwPY2ExLmV4YW1wbGUuY29tMB4XDTIyMDgwODEyNTQwMVoX
DTMyMDgwNTEyNTQwMVowGjEYMBYGA1UEAwwPY2ExLmV4YW1wbGUuY29tMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA8AxPNLi5i9HrE2EdUgrKNIaLHaZP
44hVkqbt6eKlTTs2u9TUNQM+DFPOHhZ5vyRCEthNv1gXhIY0K7qcJZd8Ot1+h+Yo
sEoSU3i4WCeYhG5QWgcRmxPsZ40HGd943HkyFPE3MIAkviZ2oLxoU7Iw3F8Ly2n+
5oFJOlPrIMKYF4JmMpa5WqHwjAZBkNa9avrjXmNaPHTB0a7DRCeq+qackoaseTJ2
X0wfFSZsd4d0anyhYKaUlJGe8bSukkyXKzl//15zWf9TBtCf+gi38Iprn5jpr8hj
We0o7393UmXwQyKvPZds46p3l4Lx0PRcqf867pBtbpTVJiLVr48G462aPQIDAQAB
o1MwUTAdBgNVHQ4EFgQURvvnzmb0HYP3fSIlUKBTuUljwJ0wHwYDVR0jBBgwFoAU
Rvvnzmb0HYP3fSIlUKBTuUljwJ0wDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0B
AQsFAAOCAQEAcBY+kp7Rn4pfJXKCusgaLQ21SKuZXecnZeXYUn8TwUgfjL+oNVzh
ftQq6kD+CaYXFwAzYMi43nbJevMULqsH3R14ZTeE2zBKu+u4Q+qYQEPfVV59OfQj
FxlS9yhmOnQK3FofDNbBXMpV50Zbadgq3uYL+2DiO/bTpZ2zM7jaBJkv6PRhgXM0
lw9Qg9lhQWShWocMXlSS5QTddNlDBLxWI70GARS1Qj6bjhF4WMV04/aAd+m7tVgD
ygfs3+y3lvfZxloUDoatVs6sM/03MgZFwSPNWryRzMol3162pPnm6B2PtWsCcJvu
YnXB6GI9cjYqjofBUQL/OgWBqgyghUbtMQ==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDMjCCAhqgAwIBAgIJAKjhXgiuPQexMA0GCSqGSIb3DQEBBQUAMBoxGDAWBgNV
BAMTD2NhMi5leGFtcGxlLmNvbTAeFw0xNjA2MTgxMzAzMjJaFw0yNjA2MTYxMzAz
MjJaMBoxGDAWBgNVBAMTD2NhMi5leGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBAMx8S4U3tdeMGn1NEUNWCmD7pIYUCUhtORrn2rqF5b2M
ZQJZXAIfWJ7KrGjn8W7KPx8/V2FREHF1Z6v1fpB2rfCIFo97HszhQEt6lduKup2j
09ItpFjec7RahwaMksYDwl4PaxgKe2OYdLFJ/QIv8+I01vWPXFmHgZkBHQWhR5nV
TvGM6MU834e+PXxCXfcaC8VYpbHYKYxHmM5Sxa5V9WlppBBshB0OL+KrCPXwPqHl
StZPkG2p2qJUjCZ38uDx605RYaORZ0eDhrKj4M3lJzOTTcC4I77BzTb74+GcRT+R
lJMrWrS22jNZONnawBdbTWIFM4PzaqVvE7qVwZK1M5UCAwEAAaN7MHkwHQYDVR0O
BBYEFPooSq3ZvoyIzRQ96/dwUC0LDBvRMEoGA1UdIwRDMEGAFPooSq3ZvoyIzRQ9
6/dwUC0LDBvRoR6kHDAaMRgwFgYDVQQDEw9jYTIuZXhhbXBsZS5jb22CCQCo4V4I
rj0HsTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQCvRgu11LrF7G9X
yuvUwBZJ8FgjAMPwXQIAYg47tlvD9ZDiZgXVulWOm6aHpT520MjNO9f0oKpsrSsh
7bsO4GSkbTPgGekbw4P3JtXAvlBEB5uabpdmF37Pg9s7dU/MeXCElzWF+yLVAo7o
Hj1UlENxh08FzlErNw6Djy2FZAADeSZ3LmHUl+50rrp5/DxrEhkHFm8dTTjFVPnK
KrnYLM8R7+v2Ysk6hTy4kwyiTKVZurK7ELRvS0RxWhtbVCXJ2HS1lv/LgEH1hyIP
SwvyZ25JhcGrBAL/jpzTxdDEGsPfUSVfrUhrhDWxg0dzY+ptwdTWHqxyR2YKmOgU
dKYIz/nK
MIIDFTCCAf2gAwIBAgIUIWnDZc2Ul/6Jjwl1ebxLY2X2WW0wDQYJKoZIhvcNAQEL
BQAwGjEYMBYGA1UEAwwPY2EyLmV4YW1wbGUuY29tMB4XDTIyMDgwODEyNTUwOFoX
DTMyMDgwNTEyNTUwOFowGjEYMBYGA1UEAwwPY2EyLmV4YW1wbGUuY29tMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0u67vlS3M+Camru1bEbatPmfJaya
Ovjr0tRzRGzos4V2x4S/j5FSM9a5K2aOaR8LzGlVqAzbBrweY0JJ4BeHmC8istkq
0PPyVYb8w3oLyORwIOF+MxMoHyAGUgzQCPe4uSiqEU3nCtKQlw+MtDuMRYRQMh/M
45AmUot4ZirAmkZd7UmC6HTPFMHVTmLaquvmuLV17278zKN+g8d2HRQRaSGBLVF4
mScwulQJdpoDWdRljpa6oe6pzXjzMqcNwQd8j9zJefs6HFo1xw8DzJUO86PIPzG6
ZLRlOUvM/D30LBwQLXEDaGxy0Lu9z8q02JX0n0/S++tOXPVB+8Q5hNtTiQIDAQAB
o1MwUTAdBgNVHQ4EFgQUZxCwBVEPiTUcnU6bSGQaALZdPP8wHwYDVR0jBBgwFoAU
ZxCwBVEPiTUcnU6bSGQaALZdPP8wDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0B
AQsFAAOCAQEAeVbg19gee+RkL8KMRshCllk2PSnAm6GqSqopAzaJqQg26r+rPWdK
LAelyB6h/UegXzFY7D59jURoAES29Bftje+OCxVoeYVamDj/1cqqdspmTdBfGj8e
25ys++7fl0DLTmGbpLjDFkVw52o8KF56EdZ26ZSHVCqurQACF6BmSed23NasA1VL
a7HErJv78gR0vIDIsJfxFic2ssEkuAOL1vVTf6sJtc/mD5Q7R/inDsn2kl/7/sfo
JRMsUvqT9glNKnrr5vLPwJGhEcS5WgpWdsFD0elB3GoHYJen8EoHYZ+gANPa2rSu
AiwDPiHEPM9AFUZA9MQMfzsXobZP7WElWg==
-----END CERTIFICATE-----

35
integration/fixtures/https/clientca/ca2.crt
View File

@@ -1,20 +1,19 @@
-----BEGIN CERTIFICATE-----
MIIDMjCCAhqgAwIBAgIJAKjhXgiuPQexMA0GCSqGSIb3DQEBBQUAMBoxGDAWBgNV
BAMTD2NhMi5leGFtcGxlLmNvbTAeFw0xNjA2MTgxMzAzMjJaFw0yNjA2MTYxMzAz
MjJaMBoxGDAWBgNVBAMTD2NhMi5leGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBAMx8S4U3tdeMGn1NEUNWCmD7pIYUCUhtORrn2rqF5b2M
ZQJZXAIfWJ7KrGjn8W7KPx8/V2FREHF1Z6v1fpB2rfCIFo97HszhQEt6lduKup2j
09ItpFjec7RahwaMksYDwl4PaxgKe2OYdLFJ/QIv8+I01vWPXFmHgZkBHQWhR5nV
TvGM6MU834e+PXxCXfcaC8VYpbHYKYxHmM5Sxa5V9WlppBBshB0OL+KrCPXwPqHl
StZPkG2p2qJUjCZ38uDx605RYaORZ0eDhrKj4M3lJzOTTcC4I77BzTb74+GcRT+R
lJMrWrS22jNZONnawBdbTWIFM4PzaqVvE7qVwZK1M5UCAwEAAaN7MHkwHQYDVR0O
BBYEFPooSq3ZvoyIzRQ96/dwUC0LDBvRMEoGA1UdIwRDMEGAFPooSq3ZvoyIzRQ9
6/dwUC0LDBvRoR6kHDAaMRgwFgYDVQQDEw9jYTIuZXhhbXBsZS5jb22CCQCo4V4I
rj0HsTAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQCvRgu11LrF7G9X
yuvUwBZJ8FgjAMPwXQIAYg47tlvD9ZDiZgXVulWOm6aHpT520MjNO9f0oKpsrSsh
7bsO4GSkbTPgGekbw4P3JtXAvlBEB5uabpdmF37Pg9s7dU/MeXCElzWF+yLVAo7o
Hj1UlENxh08FzlErNw6Djy2FZAADeSZ3LmHUl+50rrp5/DxrEhkHFm8dTTjFVPnK
KrnYLM8R7+v2Ysk6hTy4kwyiTKVZurK7ELRvS0RxWhtbVCXJ2HS1lv/LgEH1hyIP
SwvyZ25JhcGrBAL/jpzTxdDEGsPfUSVfrUhrhDWxg0dzY+ptwdTWHqxyR2YKmOgU
dKYIz/nK
MIIDFTCCAf2gAwIBAgIUIWnDZc2Ul/6Jjwl1ebxLY2X2WW0wDQYJKoZIhvcNAQEL
BQAwGjEYMBYGA1UEAwwPY2EyLmV4YW1wbGUuY29tMB4XDTIyMDgwODEyNTUwOFoX
DTMyMDgwNTEyNTUwOFowGjEYMBYGA1UEAwwPY2EyLmV4YW1wbGUuY29tMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0u67vlS3M+Camru1bEbatPmfJaya
Ovjr0tRzRGzos4V2x4S/j5FSM9a5K2aOaR8LzGlVqAzbBrweY0JJ4BeHmC8istkq
0PPyVYb8w3oLyORwIOF+MxMoHyAGUgzQCPe4uSiqEU3nCtKQlw+MtDuMRYRQMh/M
45AmUot4ZirAmkZd7UmC6HTPFMHVTmLaquvmuLV17278zKN+g8d2HRQRaSGBLVF4
mScwulQJdpoDWdRljpa6oe6pzXjzMqcNwQd8j9zJefs6HFo1xw8DzJUO86PIPzG6
ZLRlOUvM/D30LBwQLXEDaGxy0Lu9z8q02JX0n0/S++tOXPVB+8Q5hNtTiQIDAQAB
o1MwUTAdBgNVHQ4EFgQUZxCwBVEPiTUcnU6bSGQaALZdPP8wHwYDVR0jBBgwFoAU
ZxCwBVEPiTUcnU6bSGQaALZdPP8wDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0B
AQsFAAOCAQEAeVbg19gee+RkL8KMRshCllk2PSnAm6GqSqopAzaJqQg26r+rPWdK
LAelyB6h/UegXzFY7D59jURoAES29Bftje+OCxVoeYVamDj/1cqqdspmTdBfGj8e
25ys++7fl0DLTmGbpLjDFkVw52o8KF56EdZ26ZSHVCqurQACF6BmSed23NasA1VL
a7HErJv78gR0vIDIsJfxFic2ssEkuAOL1vVTf6sJtc/mD5Q7R/inDsn2kl/7/sfo
JRMsUvqT9glNKnrr5vLPwJGhEcS5WgpWdsFD0elB3GoHYJen8EoHYZ+gANPa2rSu
AiwDPiHEPM9AFUZA9MQMfzsXobZP7WElWg==
-----END CERTIFICATE-----

50
integration/fixtures/https/clientca/ca2.key
View File

@@ -1,27 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEpAIBAAKCAQEAzHxLhTe114wafU0RQ1YKYPukhhQJSG05GufauoXlvYxlAllc
Ah9YnsqsaOfxbso/Hz9XYVEQcXVnq/V+kHat8IgWj3sezOFAS3qV24q6naPT0i2k
WN5ztFqHBoySxgPCXg9rGAp7Y5h0sUn9Ai/z4jTW9Y9cWYeBmQEdBaFHmdVO8Yzo
xTzfh749fEJd9xoLxVilsdgpjEeYzlLFrlX1aWmkEGyEHQ4v4qsI9fA+oeVK1k+Q
banaolSMJnfy4PHrTlFho5FnR4OGsqPgzeUnM5NNwLgjvsHNNvvj4ZxFP5GUkyta
tLbaM1k42drAF1tNYgUzg/NqpW8TupXBkrUzlQIDAQABAoIBAGFMg2LQL2Zw8+nL
UfuIZUfgdViXEBO2ZQW4bQtzyu12cFm9y1n3MGPebEs+klL1STPFH/7eY8SY6MuZ
9K8oyXs6RgHfw7gZNk6z9bqROFrqKVBJB3qB3uxiZv1mxjASednn3D2EP1IUqPHz
EsCHsLRiECaoIHk5USFMtlKHe1pmmsvQrQX7EV9Qg0VSGvQlgxc/Pcg/WeB6uT6u
CS2serWpUE2dBUTJisnUuL7F5/3JbPEPbUG4eeTcO8IafvgdOgFEc5qUlYCFFai0
fvjSabXrJO9QE1Huw0gyC/5FHlVr5x4aJ8NzPKcMRYqn7jpdwA0eyLyBo/KtPIbJ
6s0PFAECgYEA98cKuyaBXpPyG7/Y0C89Mzlt5+Qr0fpPksH6GEelPJVdhrdXP32W
66ROgCVZpf2pQeCCHfXyWdZQwEdSf+8ee1DJMSNgIm4Usqp6yIDS0iZ7pPWz0KSI
un/dm3lRE7hFMIQfbNf3rA0WD8Ani3c76eZruwQ5DNdXNOM+z1DN38UCgYEA00V4
6UOCcA3romkXuIyeyh/tuJ6K1J3ApUxA+E42f4raSMSMgnlAwpL0Wmt11bBOmToi
UAtwFcTfJRJSOvfmM/nd66592FAV/D4xcDIiNGh4xNDi8LSKmSj0WRYPU3YjkdFN
SwI48LmQKMfj3P8fClazKsdcDccfO4pyhEK98ZECgYEAt8QZw1/1hw22/Lm2tgCz
JTCswNXLYjqBldjkAenxNROaf/WucdpVeoMr7YLGEIQnakJ2fn4QtmxrC5BaMaRJ
OTBbZ2RTQnXeR/yEf/x7X31HKrtIF7BP7/Ixi8PYTAXY2vjCzdkHScWS3S+opJlU
CE/rCpNBNLLpbMI1rVDCv/kCgYEAkP3/sg67yQ00prx7JBOVsl/hNK/R1YMCQC8p
838x1axEjGYfjDeM4zwZaKiRMPsTpgMIo2iGHtqCzh1Zw9B38znLPMD+6uJjhD5m
jXpKkS8VmvVEmi89Y0mBEFacZAoS9TLwWccHruWa8vHkBror4luIEJbLLUV3wNQO
LYjkdJECgYBcIjZ1iQiOmFL8lm/JlPOs2JcT33fjnubreHkiG42dZFN2S8D5MdU5
JBP6IVVllPmbptw9T4wcw+bjVa0LQtQMGZLMxdx5nJp5dmFE0Pj8MjLpLy641Vlx
5sv2O+eRpt4yCiuHcuvDrKPGTyM2YqF7ilQwSC5Cfki155InnU2QUg==
MIIEpAIBAAKCAQEA0u67vlS3M+Camru1bEbatPmfJayaOvjr0tRzRGzos4V2x4S/
j5FSM9a5K2aOaR8LzGlVqAzbBrweY0JJ4BeHmC8istkq0PPyVYb8w3oLyORwIOF+
MxMoHyAGUgzQCPe4uSiqEU3nCtKQlw+MtDuMRYRQMh/M45AmUot4ZirAmkZd7UmC
6HTPFMHVTmLaquvmuLV17278zKN+g8d2HRQRaSGBLVF4mScwulQJdpoDWdRljpa6
oe6pzXjzMqcNwQd8j9zJefs6HFo1xw8DzJUO86PIPzG6ZLRlOUvM/D30LBwQLXED
aGxy0Lu9z8q02JX0n0/S++tOXPVB+8Q5hNtTiQIDAQABAoIBAQCVRaORd0xLJzji
JdKnNKFUD49jzvk6oKvrALQuCVDIsruzSKt0A2iEDQHvx90iYXktCKI4khhydLCg
l+nF74Di3wCURwF47BpkEmpQP8+VNKxxaIKxzG3JURWH/U8/+Wc9iZyJMHNAAnGW
pcdySO3kyFUkk8KgjIPCSLdEvh6dTcQEjWmyFQAl5DCZZZ6wbs39EFGLtFXO/27D
nkrEyMZh1Lo5QbQjYyqhz3iJVenrc1yc2iubF+0N7iZk3xuMNhMMvbSN6YfcTYn4
FaH4XwG0OdFUMzXeI9wEen+VA30uD464ovxbtpQrDOx7bZAHUy8nGp2zyflrvv7p
A8KparFtAoGBAOn21mp2qfo4XihkeawQ3i/eV3b4Aqfcl+sBq0AnOlTUfdCARGx2
ciNXgHRwODoAqWf5PtDxzH3fc4EUQWDDgpxVJNMA2yOpCwzgNePzvdv3iTBkB1My
uplkh7pXRkLGv+qyDgy+On8xrHPhBBxMWogT57MXlmy4YYDEjAwGU+ErAoGBAObM
kxB/tZF0VbrZCpTdnjPBH6tR+w2IUSMkgvx3YRc9Lx5TYK+TFmMkDjG/enr88rYA
kMe6qBzfajfGZKhlaHyG/0rxnuvpJHUjD0XSpF97z6uzETjADMLcE6O48AT6cxZw
irpO4eZG0haobSsGlka6K9bMG3KGy75NHNAIdbwbAoGATMhZbe8rsZa2MANpevK+
OG97vOt/058trE6L6S32ksh50eeGjSICK18YJR5/FWoKLrk5yFDSj6y5t27yVdNU
FgJLZ4QsZvOfUMZ0aS8g7AO83ki1rrRDUPwRHzJtOJUJfviYa84yXHPs6Mq8Ep1s
SKRfsgLXty57sUrPu1KITKkCgYEA5Ix8rX/pywoKwyaeheAYA2Qg+kQKedIdltFX
LK8C5EJgYIVsXzEmoDJaJAVbQmMt7fENbdt3EnBi/KxnjSIun/IG6K3wE+khgyWe
wCPhRfSTJ5IBYdM8T9IjWKOQez2Prg7wMaJfrOtAq9NJl6vEMHG3a9Ne8sBtDhvK
hm96NzUCgYBhgRVgTdkRN/mtvwwpCM6+uCKqcLxfzaP8WBPNjCpAnHUhtjTzIu6d
rV4KmY4YwP2hpPerHTAFFF0xIGmK8LFf8yYgHZfGmU4RyXkcXPy5V/W+9HoL3BZJ
taP552nYQgjHYS8a1b0S1KOZdi9aD1XkUAr4yYY4XjtQOAnxxV00ng==
-----END RSA PRIVATE KEY-----

2
integration/fixtures/https/clientca/ca2.srl
View File

@@ -1 +1 @@
9EAC6D05226C2216
9EAC6D05226C2217

35
integration/fixtures/https/clientca/ca3.crt
View File

@@ -1,20 +1,19 @@
-----BEGIN CERTIFICATE-----
MIIDMjCCAhqgAwIBAgIJAK/JGxwwmv1jMA0GCSqGSIb3DQEBBQUAMBoxGDAWBgNV
BAMTD2NhMy5leGFtcGxlLmNvbTAeFw0xNjA2MTgxMzAzNTNaFw0yNjA2MTYxMzAz
NTNaMBoxGDAWBgNVBAMTD2NhMy5leGFtcGxlLmNvbTCCASIwDQYJKoZIhvcNAQEB
BQADggEPADCCAQoCggEBAO0B9iUp5w0m1NWC9QYWhxSE/emmmKcx99DWnzKZoIbj
TSRQtyhx+9c2z1dYAFZQpdVRSKQFn1IO8s51wlIc01KLFflz4EvSfAKZiAnkOOez
wzVQ8JWgKfOJV/ZctFPo4xtdhQmO1+U+YgSfU0ASEhHvHbIPTUJNRTfkJsGygq4q
/p9uA1TsjM4bh6AkiD1OlGjp0lbkzn3LLYpXWvgGsuejsdVkJS5pn2NKjkqVhhEg
g7hKKqm8Nc3mb+vGhw/fNppN/xeOswpMPaW77LppyFoDd/OmqqWrbzn2Fqw1nELh
zfo7AkKPyRm8eU3wSTIdmaXx1R5qPjqEmYrrDZ2HXa8CAwEAAaN7MHkwHQYDVR0O
BBYEFMR6dBZAeGgkxwSC/62xGwLEdXCdMEoGA1UdIwRDMEGAFMR6dBZAeGgkxwSC
/62xGwLEdXCdoR6kHDAaMRgwFgYDVQQDEw9jYTMuZXhhbXBsZS5jb22CCQCvyRsc
MJr9YzAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQB3VgvPnLEEfbj4
Z61q8oKneklZV+WpDyWSodI6M1l/0pXJCTDRROJ37KaQHLJRQo+rMJiYKvQkCU+y
9JhLdRdMEzy++9hIWiNbDiy3BNMUiQOS1234WVFBosQ6uXNhXbL/Anl4xgiFFRZG
FehjPo0XRvxmBHnrnE1Rce0EmU/1bwVglu8e7mG5bs0gQrXTRlTkxvucyi+B6npF
2vuzxj4q+KgeEYURxCt95JoULtMY2c0VifcdweYDO/2sYEhOVi1N+PhPvZxJD6vR
CxIuT6K3nRe58b1J/f7TH/dvURIb1mVG8+EDQVqa1bzH3JfytsIVG5VL1hppQlgZ
Y0G4haMn
MIIDFTCCAf2gAwIBAgIUE2XAk+pNqunIIlDljfERtUQU22UwDQYJKoZIhvcNAQEL
BQAwGjEYMBYGA1UEAwwPY2EzLmV4YW1wbGUuY29tMB4XDTIyMDgwODEyNTUzNloX
DTMyMDgwNTEyNTUzNlowGjEYMBYGA1UEAwwPY2EzLmV4YW1wbGUuY29tMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEArrtum7YU8772bC1PwTYoydk7dj0Z
Ku0JQ/rNnesN/PG7vUmdidz5s0j181MSdogyT6tf/w0derMVwBtu1SR1eF1i0Cm2
5MCEAn8rAz+S2DpLitM+VrgqjJUEzyAhQyGT0nXWXObU2Y483fvC59iJklKGYje7
ezP7cfMJwOO0Ox4NRNY05qKWoLjwWvn7gGSrXeeuoJgwTpPe+aZOEi/Hf05jb4UZ
KvJCd0SGrk4NU5PmXL7x6NjskXBDwM9hgRTvKM8J9chLqcAoq1bHJUGdIshDY190
ReRxMSMskF3VNkTWUiOgDdRTsD8DwB4LLXPPImntwOPGo+JmIDaLAMVtZwIDAQAB
o1MwUTAdBgNVHQ4EFgQU8DqrLr9VwRwdc5T6L2JdkFQu6/wwHwYDVR0jBBgwFoAU
8DqrLr9VwRwdc5T6L2JdkFQu6/wwDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0B
AQsFAAOCAQEAplcU42Wu+cLahP5bfvDFfLR9DkSwKZH1GizByMT7g0AqfZdvGL18
vmV8K/SRd0VKsfrjmOHtgkEM9xbESyIAWZmPNcSu+oQOr52TKSh5p3IXn53KT+Z2
7xM0yWXSRj9UERmuA3SXYjBRUnFp6GGelsOGRjT4nExIWanGif7U3oYVle9hBucH
5eLn+nhEausv2vGI18Lx4N25/7ieIryWcwlkvGtRl0rB5Pcp75BnSOFeN7DXhNLm
zmBD5SQHLDBBnVNI9/JQm414yL7o0/NHQzoGLnvCCJYUk8i1IxwFgS5XC9aQrI+H
0r/OlDjA9zI+n9QpmYPhjAoNnNeUgCg58w==
-----END CERTIFICATE-----

50
integration/fixtures/https/clientca/ca3.key
View File

@@ -1,27 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEA7QH2JSnnDSbU1YL1BhaHFIT96aaYpzH30NafMpmghuNNJFC3
KHH71zbPV1gAVlCl1VFIpAWfUg7yznXCUhzTUosV+XPgS9J8ApmICeQ457PDNVDw
laAp84lX9ly0U+jjG12FCY7X5T5iBJ9TQBISEe8dsg9NQk1FN+QmwbKCrir+n24D
VOyMzhuHoCSIPU6UaOnSVuTOfcstilda+Aay56Ox1WQlLmmfY0qOSpWGESCDuEoq
qbw1zeZv68aHD982mk3/F46zCkw9pbvsumnIWgN386aqpatvOfYWrDWcQuHN+jsC
Qo/JGbx5TfBJMh2ZpfHVHmo+OoSZiusNnYddrwIDAQABAoIBAD87j71YkaFro8sX
NmIabo2l8cx9uyqYZUKdkDnCzRZP3Iv80PEEgClqISVvgB+HQsdH+XZxXZFaFaPJ
vT+FG0hhfUphhQ0VqipTZf0lm50N094MqzNwWOD12rcLAr2EW9s4Nz9WkflCjIop
K9/jMlkAj86q0HUJApen0kNJah4nLPnkqKC9BQipGe2goERHA5N8MS/k/ODJrOzI
qdD77wE5oov5sIePsGp3zCKNw89qoVTfkH8eYos6lPsAibYfgm5z7LwEtfe0ZizG
myQfAYZx3Orl2eNxAb0c1dw+hNYKfeNAwn6h4J8AKuBHawZMb2ztlTj0ZludrhQC
VuwAcrkCgYEA9sFsszjoSO8pXDnbaQ8UNGwy+C1t0fcZIOxIebKPcfipGio0R9vr
SXEEfRQb+YdIFkQpe4hwAHt1Q75zh8z+oOTq8EHprxAwI9bzgyaEIHtGibvs99XT
iWSPtL274CISiwSL8NzMl/orD6sDhmJqiXhwtf2SDubUJu3gz13CeRsCgYEA9eMM
CYiOc4wLxKqyCqe3R86vnBFVauxp9eq9XTLvD+XoGqOksXupP8rE0jx26ILmKiQZ
z99MGJoQicEpo+BW3L9wr6OJQZSrs+NqWCxlmFRJL+p3sw53B4zjgYaimNl5KH4G
8pn7XbyRXtqhSBQ2kuNrkVI4SNxdEi1K+PoZ6v0CgYEAkwVcRsy5WftloVW3rTkW
yMVO+R/YNyoLBtrBtAD4BugpmTVcQRR/dBqqmfvJTzuTb/Dc5oW8dg0ZKWvoWhmB
/Utn0A71tSDoDfKc1J+2ScQpmxclceUtTMdl+EK0Fi827S2gU7q7DDI6RfOW/hLV
d2MThNu4krhl32wMboFmxdECgYACwAhZbvKQ7kcPaw1Uuy18mx4xs6vt5zkELBz0
Fua/mcWvzpa/+W8aLI1pAI4f6Z7jZ8X2Ijw6pjZ7I/LwR0kRbP64qC6X0i7dczS0
ScLVIlQzOf8evJGuPvAoebYF2aDWSBqRyhEaqkpB8lYNdVRq7io81NuWTQipdGI7
SKjTjQKBgBNSbDUWS2CAc+fsM/fBvYHKgrigVcKyvWwvb5LRXpWgPQH4LbqhG4uA
g/mFTB5B1UBg9exN/dX6uegREdRA1/X+jRAzCqXYTFESo0/UrJhJQZ3waFKJ5PZK
WChrSl6Lg5IMF2jYP5W0HwzbPPgRGibyELYBS5gZdAZpHgZToXeT
MIIEpQIBAAKCAQEArrtum7YU8772bC1PwTYoydk7dj0ZKu0JQ/rNnesN/PG7vUmd
idz5s0j181MSdogyT6tf/w0derMVwBtu1SR1eF1i0Cm25MCEAn8rAz+S2DpLitM+
VrgqjJUEzyAhQyGT0nXWXObU2Y483fvC59iJklKGYje7ezP7cfMJwOO0Ox4NRNY0
5qKWoLjwWvn7gGSrXeeuoJgwTpPe+aZOEi/Hf05jb4UZKvJCd0SGrk4NU5PmXL7x
6NjskXBDwM9hgRTvKM8J9chLqcAoq1bHJUGdIshDY190ReRxMSMskF3VNkTWUiOg
DdRTsD8DwB4LLXPPImntwOPGo+JmIDaLAMVtZwIDAQABAoIBAGG+fdhjGgNkHstS
6ZuGpXiMqaOx+AM4SAecJCuj0tZdj40KwjLdx10Qgm1UWi6ub557mp69gnEh/xfR
AMYAuCnV67HQs/vw6afP5YrSpF2K9rk5BFVUfpDXx7HqIlFAVkXUH08m3Yi59bij
3lr9ma+dtIj67ki0QoNy1lDtz+OFNkwOcga+Z5hMphJIBjL0kxO5AFPYdm6D4qBU
vpryujop5N0nCiN9FMtsGTDSBR4Ytz1gTYnYTc+1cLZ+u3/+x7hMVoEhFzaR0RQN
1KXJE/1kwlz4kIBpgYcI0+Rh/kfQ1RWXgLej1NOex5d4RB7a2wH/Kg70JdPzwGKk
kk8rhzECgYEA3CtpwO267FNGqghk0BEp0J07PLvcQjeRR1rCxRYXb/9xMEtW6p7e
OEaVT9P8yXs4hWExWcQIIUsyK01men97lSbV+5JOT93KZwQpeLUV0QwhE0srZ43M
dCAQEOIy7yyvW4DnB4AWduRHiSkiS3eHpe393YqoSrYmkp3jzDz90YkCgYEAyysH
gfb175iLtfc0Lkww+TW/khmE8BK8AEy9SktgZ3Ey+jzEkgkrGjLNDg1jjbzC/uZ0
OBQ9QwRbb0iZ/DVOMI6CoK1RBP7ddyV7+Ie/TGyCchBZGshn2/3umiALo3Tzv+Oh
7fes5Aq19r5zpB7QEdkXc4A297pM9NXvzgnFO28CgYEAm5t3R+r9dK+6vsvl7IRk
6FNoHZmsp4Q8gpDsHX1qnTaN2hM1X+deqamBOAVcoU4ceXBi/82j7VwHHkG7DxLw
1k63Z/FUte/McJipcu2ReMk4yzkSeULn4J8Um8ozM4WCfoqRPmTR+7+Fq7RNz8aw
MZ8OELlCDmPEyVUcPipRPfkCgYEAtNtlH4icfeEp3Z5l0SD6J551HrWg5aWHviyS
BOT8uJjIbIJT6jxHJlc6utuoV7BFVWwI4TMDJflm+7WBfkZliEwUdLxUd0H6G+o+
ZYtR+9JMfQWYjIMCEZAHKySDt8qQga09pPzp50axnSkFAIB9cKX0flkQlY4+m2Um
yB9id/kCgYEAn3f8W70IS+IB/B1p4v38FFF6MRLcaio7G1favMw8mZU/k0B4a0yh
fMHANkv0XQHvpw+KBbikK3hvQF4iaBE62mMaULKaJ/D7npzyJpYrgIkx1dYiqL5O
KnMLaUmTpvyksSztyaPSytoQCKV03XeIUGGAPq8KpDZOB0oy1arFIL8=
-----END RSA PRIVATE KEY-----

2
integration/fixtures/https/clientca/ca3.srl
View File

@@ -1 +1 @@
813218563E2DA0DE
813218563E2DA0DF

30
integration/fixtures/https/clientca/client1.crt
View File

@@ -1,17 +1,17 @@
-----BEGIN CERTIFICATE-----
MIICszCCAZsCCQCD6B82WZ9D/jANBgkqhkiG9w0BAQUFADAaMRgwFgYDVQQDEw9j
YTEuZXhhbXBsZS5jb20wHhcNMTYwNjE4MTMzODQ0WhcNMjYwNjE2MTMzODQ0WjAd
MRswGQYDVQQDExJjbGllbjEuZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDH75aclHoZkQfmeH3XpapxyF2/K73SpesY8Y8I3B33WnQc
vIy5y554pPJMtGH3ZwiN6ifo3TBEs/2WjSOWYwxfXh3utllYArApelSgUrI7SBkw
0MqVm9NG+X9cCTeWsCf+nldHOCnCARuyBEpLeRDPVlNmfgdNK2ar0KqqEPnN5UV+
k968nAuqSDtRL7Yl7R/uxEq4MglM/ocxOpGIrLTFh1eclPVaQ/dNsEJpkrnYQlFZ
aI1sWDzWoqtpAO15PgBBNnkW9EJGrF8dAds64U2jYBZLMKuHwvuERkEgOKEdUrB3
uu1dWJxS5BCumWM1C3xs6qsLeonWxZ5GXjjWObZNAgMBAAEwDQYJKoZIhvcNAQEF
BQADggEBAJKME0zm/0eokmXMCLJhKYgm8hDKOHKRFRZl7vwy9SC9cwhdlhcPEeeP
5M+dXQCtEQWgo7phoJX8nBipZ/Y0lsvDD/I3XucIkUlbOW4rk18L83nBIN4paKzW
I4CMJ6FQ72thP7L7wC/lzp3+qUCxmcpGjw9pkU3b1pQPkxBfOvfGtRFMG6E5+xj/
MtL3owJzpIH2f7vtmIszBPcgFWpvB0Sq0eJ+TwuC1huvcnmP+YZ7Iz0JhsSRw+pU
yiO9ByItBbGfK8x+DfUwCVsCL7vNscpjvTCgT3x2FNvS+XmiHZmZtpRGJPzvdI0m
Bd615VD5z+SoG/SiemqDGmt2Ank/zcI=
MIICszCCAZsCCQCD6B82WZ9EAjANBgkqhkiG9w0BAQsFADAaMRgwFgYDVQQDDA9j
YTEuZXhhbXBsZS5jb20wHhcNMjIwODA4MTMwMzMwWhcNMzIwODA1MTMwMzMwWjAd
MRswGQYDVQQDDBJjbGllbjEuZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDqLbCPwvQFGcxCDL4Q/ccmd4OsHYkFNuGt6teqGPuFBphx
7BUdPB3Q8A4SK5pX4m8YbXQeB563Q1PWW3Sx4sDtZA+vmkq5bOaFXnrDULGHAwAX
4SiLcqISKOnO/Bu8h2L8LOjL5eGJUKON0zfSP5/NHS0kDG5auiTfsStzWJd99kxj
CZKsSHfxzWwPQRPle6g0UHF2n+ezF2D+dXQorkECsVyAUB5vaN2lX6e6Sb3r0j/C
UaqMrnVKzTQDaQxzi2R2BnRZ22VaA4dDVk9ZCnm4VbFHLjPIroyIbxF7yqhY2E6y
GkyxLo4squP1xm85pM/aNbCCejZuuOKOywmOn8TbAgMBAAEwDQYJKoZIhvcNAQEL
BQADggEBAESVbNkdM6p3MJ6Mvf3Wkm3wRXvdEx5RZo1VKqpNDga1MvNqdN5GBMH+
dmzMHuIgFAIuBbpdDqf1qkOTYm8ZuJib6fbUym6KeRY4VfHiYhB12OC4m9szXU7W
/9/KkNrZ+mufslqpILkeH3gTyV21q5OWw8c2DESTOhRwpTb3n4Wl4H1p5c/2Q4CA
2p0wgeF/ccAf50cmWMVL3Itg5IuuTMxfsobk/yukiYzjSfOuyC6QxxrbHYnX4QmT
smMwpA3fqbMOE5ix0HiW1oBfMENtKltcJ2VyGAVItVq+/yrOFIjgJwSQGZygeN+G
lCkaLE7P3IOohkZc/Oo7rlaImVQ+wMc=
-----END CERTIFICATE-----

26
integration/fixtures/https/clientca/client1.csr
View File

@@ -1,15 +1,15 @@
-----BEGIN CERTIFICATE REQUEST-----
MIICYjCCAUoCAQAwHTEbMBkGA1UEAxMSY2xpZW4xLmV4YW1wbGUuY29tMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAx++WnJR6GZEH5nh916Wqcchdvyu9
0qXrGPGPCNwd91p0HLyMucueeKTyTLRh92cIjeon6N0wRLP9lo0jlmMMX14d7rZZ
WAKwKXpUoFKyO0gZMNDKlZvTRvl/XAk3lrAn/p5XRzgpwgEbsgRKS3kQz1ZTZn4H
TStmq9CqqhD5zeVFfpPevJwLqkg7US+2Je0f7sRKuDIJTP6HMTqRiKy0xYdXnJT1
WkP3TbBCaZK52EJRWWiNbFg81qKraQDteT4AQTZ5FvRCRqxfHQHbOuFNo2AWSzCr
h8L7hEZBIDihHVKwd7rtXVicUuQQrpljNQt8bOqrC3qJ1sWeRl441jm2TQIDAQAB
oAAwDQYJKoZIhvcNAQEFBQADggEBAEZ67vahAVydtW6LTXFI0cVY88vqunCWpOzz
UgJAzUnWG84CGDiyezj/llv/Nq3YbEEpBuxp/prOEwrJXAi/+tjx7wCh2iLJDqo2
aNRUiAvR/XZgafxq4NUrAze70u7BWR3QX+XSaxmIEEX1z1KJDGTfY6tYpCZNlUr+
/Hl6MXwlpWX0WR26zIrjx5u0dEsY4pviN6NxTZRQJxbQO1H1wHr6poVngOhIdErp
h2ZcqvTcASTkIEdKR6R8E2iYklgxIHNLWKaHZ6aBqW7lW17WKNSiGPfPVAtFhUTk
tBmgdVreAwMj+AdaweBVt0uBqb/9UKhqNThEnh4kJn1I0pMJzP4=
MIICYjCCAUoCAQAwHTEbMBkGA1UEAwwSY2xpZW4xLmV4YW1wbGUuY29tMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6i2wj8L0BRnMQgy+EP3HJneDrB2J
BTbhrerXqhj7hQaYcewVHTwd0PAOEiuaV+JvGG10Hgeet0NT1lt0seLA7WQPr5pK
uWzmhV56w1CxhwMAF+Eoi3KiEijpzvwbvIdi/Czoy+XhiVCjjdM30j+fzR0tJAxu
Wrok37Erc1iXffZMYwmSrEh38c1sD0ET5XuoNFBxdp/nsxdg/nV0KK5BArFcgFAe
b2jdpV+nukm969I/wlGqjK51Ss00A2kMc4tkdgZ0WdtlWgOHQ1ZPWQp5uFWxRy4z
yK6MiG8Re8qoWNhOshpMsS6OLKrj9cZvOaTP2jWwgno2brjijssJjp/E2wIDAQAB
oAAwDQYJKoZIhvcNAQELBQADggEBACOz/5DF2ViRsYPDIaffzBKcnqSDI5Z8k3C4
TsWukD2PywYErdDFx6lqcIk5u66JK+wEPDHkLgdIqy/NjSbgKwOOpRheOX8QtD4C
VVK92T0lmFBcITLToxKnaRvX8udLiQQgmGdJ2XHNSkbkOkdRsGJX6iD1s9TcQ4cY
NV2s7M2HlOxyQH4bXcYyeH0YKHep0mdKssh17ppRRQ4kClubderZqulCCAjXvrpV
hM0/qqPBQd6MO0bWccSBUkl0+ZhWCIxaYEEaTKTsAVeoErT+5qufLgpKVGnYsXS0
hl3KU4E/NcyRl2gUy+T9467r2OdfojW1swxFpj6i2Kf1HKtsxqs=
-----END CERTIFICATE REQUEST-----

50
integration/fixtures/https/clientca/client1.key
View File

@@ -1,27 +1,27 @@
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEAx++WnJR6GZEH5nh916Wqcchdvyu90qXrGPGPCNwd91p0HLyM
ucueeKTyTLRh92cIjeon6N0wRLP9lo0jlmMMX14d7rZZWAKwKXpUoFKyO0gZMNDK
lZvTRvl/XAk3lrAn/p5XRzgpwgEbsgRKS3kQz1ZTZn4HTStmq9CqqhD5zeVFfpPe
vJwLqkg7US+2Je0f7sRKuDIJTP6HMTqRiKy0xYdXnJT1WkP3TbBCaZK52EJRWWiN
bFg81qKraQDteT4AQTZ5FvRCRqxfHQHbOuFNo2AWSzCrh8L7hEZBIDihHVKwd7rt
XVicUuQQrpljNQt8bOqrC3qJ1sWeRl441jm2TQIDAQABAoIBAQCtD942uu7VooxM
GpATUfsvclhzWdF9vNC7TpyY9q+ZpFpNZYgKaw5JL73sV1dVZ4IoFT9mec+GKKag
4pqjWikjg7w1HPJJFEqYHKOUAwDz/3yOnKw+xBslnGF5sSDE9sYnx7eUljDPFVZ7
yOrmWW0Li5W1afG4ApFkt8KCYx9X8E0Mren2nfqoobM2l2LKFcF1Xs+M0iUAOoeN
ojS/NTvxjZibm92CMblp7x6e51y+oq3TJFoUwFSAj3U26jyubL5sYpJeAeTxyZg6
Y+UcEGmCpW5gsZSvRxvNxzCS4bCl9KOZXvyFtcVswHppfTynba6x8hDF7LkfJS7H
z/Ut+e+hAoGBAO2d2M2316eBpwP7x99DQSFpg7E/emdcfdRuHDEonBeJr2X2Fw0a
O/ZtUxcccovy4wrJcqiZsmjqetRUZ6ymsOaaASsPG21ChegFjm9D6+ZtejHpbuo3
8HQ//LW7hqoiRQh3ODihfYCTwwxIIuwAdUzoxpM9Yu57Zg7reYuNh48LAoGBANdn
c003ay1cq1fuuDJKENj10UZGotRdBxt+X1A7MhpMAqSaYJ+V2XOXpuMbIiX/qDfF
M4hcQhJygoCozNzsynztyIjpGtl57AG95igOi2Hah0OOMt/1Z9UwaukIaHHo8Tyk
sPZYoxBTstZcdsyHnGdU6n90SA9oYLBB89E3AocHAoGBAITR27M6FTCLl2jxn0qc
FFbx3OwB2JDYMXnBxr5vvbimfMWYpk/rnyLi/zQG8bxqmyCXdCDsML7WeqwfNgha
8L0lzotcGW+cZK9KE9D7/WvDPC+UFSyU8jJ45fBLjz2ghEf0JBf7pORvM/K0i9ix
dN/1qbH5+Ufm8Chc1Yb9KI37AoGAAbxDoYugwWzNtJenxD/0gsr4NKi9Bxj4xa/u
9KaFcNDL9KeJv79lURkXrxy42bWFlW1xTNfxcFSb2I2DmQQPXZJM202FedsRm7H7
+LalSNSJ4nFy13sSqxUIx3fZ35EQ4HwzMMjmB2ulNTTpgBxXlj2I5h35tqYQoVrm
q/jVfGECgYEAkU0L9bp1NPMzXgVJ2Os1VPSzoOywUQfx4NCJhTA1oZR+20JFsQBN
b6g0q6xean0xDuXjDRrjPET5V/GPOQ7stAPTLtqN42XPuRcFzSNj7Skh+ALTP5JS
bNZgBMwxQsbS89bUjRTDlRK/isuNIyUn0Zn7QlEsZEvJw0cNR3wPOc4=
MIIEpQIBAAKCAQEA6i2wj8L0BRnMQgy+EP3HJneDrB2JBTbhrerXqhj7hQaYcewV
HTwd0PAOEiuaV+JvGG10Hgeet0NT1lt0seLA7WQPr5pKuWzmhV56w1CxhwMAF+Eo
i3KiEijpzvwbvIdi/Czoy+XhiVCjjdM30j+fzR0tJAxuWrok37Erc1iXffZMYwmS
rEh38c1sD0ET5XuoNFBxdp/nsxdg/nV0KK5BArFcgFAeb2jdpV+nukm969I/wlGq
jK51Ss00A2kMc4tkdgZ0WdtlWgOHQ1ZPWQp5uFWxRy4zyK6MiG8Re8qoWNhOshpM
sS6OLKrj9cZvOaTP2jWwgno2brjijssJjp/E2wIDAQABAoIBAQCMX8kH1DAcYqN7
MFI6szVOzLOEV8wL8SME8tJGZ2VWD2cQWxkpBiFFXrDAmZySc+xucyX43k54woYd
54KjIy7M3n88nzuNvUbNyZ3DOLrCGL1UkyaPuK6IPjgxWBR0RZ/DVFRT7T/t5QW1
fVhn0rXC6WtmwYDhJ9X0tSo7oW5mFTl5PvF8SG5W2AKjmgnub+NsUO+MGVHqoD+l
Rl2WIkX8tA1ZtHlcr21KoyPq53mRGThwPbhwUmoNeJdSYoQi6iqYQUVl9EufGgcp
QLZ40/qle2M6Lo9RrBNlDLUWg7zSTCiBgkVNax6gJeUffqIZJ0laz8/KEJVCLLrZ
xZwW9/6hAoGBAPv3RCF4F76kXuH2gsW95joLp0sV8XEG4GSWAKhQEMA2oYnnKnFO
zy+LxZ8e/nRG9DK59KKwn1luX2s5TNokt+S+7MbRUiCPCULW1yzD/QFLmIA2UOkD
8b3As29xmBSi7bulwgX0NAVEXT83pq4CY5SmmrIcZ0BvtYItYrIA5X7rAoGBAO3t
hKnh/EZvRQUQsOxpKrD1PKG/WpOoi4DCyaKgS1EDDDFPdBNdB25KSj+rrIldbbde
2V+wP+ozHrOfxguT4R1xpgTipD/t0tJA0vBX2M0VegI1arCgScxDl08nvpMtEFUK
H8lCQ5c98IPESKD3l8D4plXEGRPqNnCBad4l1bXRAoGBAKgjL9a5wfaYzywwiMGV
4E05u5BSe0R2V0UoCBZJH3R0wEU6+kqUUZOjzONLFnfXZVt4VbQ+8ocGLSxrF0q2
l/RQJ8bgpdJOQNrWbM5Vlr7HiGN+W22zER0Tu2mRvu9+be/7Q8cfV5twLF1kMJkL
xRHMP4y9gXUxVkkhKiwohvyzAoGASLbHTZgIHoqRAGxKdeXqKyy3vAMcLnZbNB3T
u8TbX8XbqxJKOkS7KaTArlbMIysPhfQR4OGflvbKkkDpKM6oBPSftWyCoBsRzDoN
fXCLjJncsOIcWiCSjT+29XUDFD24eRTgBAUhXQ6L++k3/SHOGiajxyBoPaLdwmJ6
tW7AspECgYEAhk0jBX8R9cAXXuXs89vkMMFNlDSA+FgeQJrTEh/Rl8Shvfq9dZGB
+QrCGMWPJLB/bK6xU5pARkA2arLY+3+fX+OvuOSSk3nV2lf72HHlkd1Lt8nnoTO2
Wd9Lh6UaZt+sYsOOH35RgIMmAc6Lm1RC0JOamidqfk1LmY/pG03oAJA=
-----END RSA PRIVATE KEY-----

30
integration/fixtures/https/clientca/client2.crt
View File

@@ -1,17 +1,17 @@
-----BEGIN CERTIFICATE-----
MIICtDCCAZwCCQCerG0FImwiFjANBgkqhkiG9w0BAQUFADAaMRgwFgYDVQQDEw9j
YTIuZXhhbXBsZS5jb20wHhcNMTYwNjE4MTgxNDUxWhcNMjYwNjE2MTgxNDUxWjAe
MRwwGgYDVQQDExNjbGllbnQyLmV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEA9LaFxeiG1qpBTUIEl2vxvojOSWR1xkayaGtGsXBuqucf
wifulsVC7dw+t7lW42pWutIuR98iflAZ9+tFX7TsEITNIyV64ePn9TF935LW2DFm
AFkqYdZcTJ4qOkdsbbiHznlaIDPbMhIZFd9L8NEhrDTHuTtCav3g5B5V4okJfeNh
iSpKm3WLHP6lFwG1RISLhHTCeIMFxer49iHiQ+A33TV2l0bQGcv4e1+OoRsXGKGs
3oY6RJZ0GqzjeYqoybsLGBvZPPd2e8nH3RZac66XHMexsHHTV7L2tpWZm+JunMRg
hMXONc0b3V9mbUdrjHY/aGDPADEevZA4LLztGUc3VQIDAQABMA0GCSqGSIb3DQEB
BQUAA4IBAQCFo6IXUznH/iSuJtWrMtMkJTEg7o2qKRDgFApzw1J2URdvyYery15w
6FddKFvkYhNLFl9Nb3Z8HLxruZrrItqwjR2kIG9lW00uxnwIcgwTibmwDQL5nr7m
1cWzelhY/TVwBpLXRMg1YOXU8NRkT1VjkTUCpyIETI8b+wed67MkrofOadaY+FUL
gk1F3yDKz35UYIKnlxKwvrdySE8WFza0PmiXQDtTG1moTpe1BDEK1b60vhfudMBK
9vhE8kTooF01+su9gLUcrjVknI9H5PHtXID7FDiZ/disIAaWqSQLuvg/Kvb/cAFd
PwTKgnJQVcTKXkz2leJ6fsvzYwlANob1
MIICtDCCAZwCCQCerG0FImwiFzANBgkqhkiG9w0BAQsFADAaMRgwFgYDVQQDDA9j
YTIuZXhhbXBsZS5jb20wHhcNMjIwODA4MTMzODE4WhcNMzIwODA1MTMzODE4WjAe
MRwwGgYDVQQDDBNjbGllbnQyLmV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEF
AAOCAQ8AMIIBCgKCAQEAtWkvtUsFBD7REZmm8pUK0ZqOdIIpA5PJgqrrLQ6AOSJ9
Z7RQq7BJv8f520FjswIQH4o9PdGYjm9JLSfiRto6hmwB/51BT9Km+WkdT+UNBGu6
uK7dTbN3BUpei+dbzGxdmBagufQrlK9fkjIF80ZZXmE0c5weLUrhW+E0CPiFeJeH
oyJf9QcLu2GVmS0Yf3izsBhb0c6JxVG9ZDYiM+EspJZOf5ziSB5D4eEBwvYOzU7l
SwJBdfSYd91oLy2BSvgCgaSRJroANhD+PwBN8Jop7KIQ/bFgg7J/JFfZEWnh3GIC
OZsFUbfy+bk66HReoWdr7+0FsWUL7z7YFRuykJFPtQIDAQABMA0GCSqGSIb3DQEB
CwUAA4IBAQBHutUEmIdT2ZoLYs+S9eXYQlOe8R2ayPBnQTr+Hbb7YRSIeSAJUU/y
eY3GsPJp3nYa0gWMap6yb2n6pAdLXwqq75rnu82ktf1Y0dx3LBO7VOZ1LwIsn/QH
bDuH0RdWTGRkS0Bgnd/sSzalxMwHHl23rc0OQVtM4moxeOGs6UxgSZPpTc6nr7sr
D8wbIMLZjcIiyT+bQ94gVA2d90k50VuG78F0BOJ6DVbpfZQM33tDdiLuxWaR3vAg
dLZs0oscCGuIDUqW2vJ7jCzWqTOybsWLIzjSeOBQjOWKtofFgCt9JaccaAHeNVqC
6PYAQLes0qApVjAf0X0lcNrac9rUZame
-----END CERTIFICATE-----

Some files were not shown because too many files have changed in this diff Show More