Prepare release v3.0.0-beta3

Improve Kubernetes support documentation
Co-authored-by: Kevin Pollet <pollet.kevin@gmail.com>
2025-10-19 07:33:17 +03:00 · 2023-06-22 01:18:05 +02:00 · 2023-06-21 10:06:05 +02:00 · 2023-06-20 19:33:05 +02:00 · 2023-06-20 17:12:05 +02:00 · 2023-06-20 10:26:05 +02:00
987 changed files with 22742 additions and 24178 deletions
--- a/.github/PULL_REQUEST_TEMPLATE.md
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@@ -2,12 +2,12 @@
 PLEASE READ THIS MESSAGE.
 Documentation fixes or enhancements:
- for Traefik v2: use branch v2.9
+- for Traefik v2: use branch v2.10
- for Traefik v3: use branch master
+- for Traefik v3: use branch v3.0
 Bug fixes:
- for Traefik v2: use branch v2.9
+- for Traefik v2: use branch v2.10
- for Traefik v3: use branch master
+- for Traefik v3: use branch v3.0
 Enhancements:
 - for Traefik v2: we only accept bug fixes
--- a/.github/workflows/build.yaml
+++ b/.github/workflows/build.yaml
@@ -6,7 +6,7 @@ on:
      - '*'
 env:
-  GO_VERSION: 1.19
+  GO_VERSION: '1.20'
  CGO_ENABLED: 0
  IN_DOCKER: ""
--- a/.github/workflows/check_doc.yml
+++ b/.github/workflows/check_doc.yml
@@ -19,3 +19,7 @@ jobs:
      - name: Check documentation
        run: make docs-pull-images docs
        env:
          # These variables are not passed to workflows that are triggered by a pull request from a fork.
          DOCS_VERIFY_SKIP: ${{ vars.DOCS_VERIFY_SKIP }}
          DOCS_LINT_SKIP: ${{ vars.DOCS_LINT_SKIP }}
--- a/.github/workflows/documentation.yml
+++ b/.github/workflows/documentation.yml
@@ -7,7 +7,7 @@ on:
      - v*
 env:
-  STRUCTOR_VERSION: v1.11.2
+  STRUCTOR_VERSION: v1.13.2
  MIXTUS_VERSION: v0.4.1
 jobs:
@@ -41,12 +41,12 @@ jobs:
      - name: Build documentation
        run: $HOME/bin/structor -o traefik -r traefik --dockerfile-url="https://raw.githubusercontent.com/traefik/traefik/v1.7/docs.Dockerfile" --menu.js-url="https://raw.githubusercontent.com/traefik/structor/master/traefik-menu.js.gotmpl" --rqts-url="https://raw.githubusercontent.com/traefik/structor/master/requirements-override.txt" --force-edit-url --exp-branch=master --debug
        env:
-          STRUCTOR_LATEST_TAG: ${{ secrets.STRUCTOR_LATEST_TAG }}
+          STRUCTOR_LATEST_TAG: ${{ vars.STRUCTOR_LATEST_TAG }}
      - name: Apply seo
        run: $HOME/bin/seo -path=./site -product=traefik
      - name: Publish documentation
-        run: $HOME/bin/mixtus --dst-doc-path="./traefik" --dst-owner=traefik --dst-repo-name=doc --git-user-email="30906710+traefiker@users.noreply.github.com" --git-user-name=traefiker --src-doc-path="./site" --src-owner=containous --src-repo-name=traefik
+        run: $HOME/bin/mixtus --dst-doc-path="./traefik" --dst-owner=traefik --dst-repo-name=doc --git-user-email="30906710+traefiker@users.noreply.github.com" --git-user-name=traefiker --src-doc-path="./site" --src-owner=traefik --src-repo-name=traefik
        env:
          GITHUB_TOKEN: ${{ secrets.GH_TOKEN_REPO }}
--- a/.github/workflows/test-unit.yaml
+++ b/.github/workflows/test-unit.yaml
@@ -6,7 +6,7 @@ on:
      - '*'
 env:
-  GO_VERSION: 1.19
+  GO_VERSION: '1.20'
  IN_DOCKER: ""
 jobs:
--- a/.github/workflows/validate.yaml
+++ b/.github/workflows/validate.yaml
@@ -6,8 +6,8 @@ on:
      - '*'
 env:
-  GO_VERSION: 1.19
+  GO_VERSION: '1.20'
-  GOLANGCI_LINT_VERSION: v1.50.0
+  GOLANGCI_LINT_VERSION: v1.53.1
  MISSSPELL_VERSION: v0.4.0
  IN_DOCKER: ""
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -6,9 +6,10 @@ run:
 linters-settings:
  govet:
-    check-shadowing: false
+    enable-all: true
-  golint:
+    disable:
-    min-confidence: 0
+      - shadow
      - fieldalignment
  gocyclo:
    min-complexity: 14
  goconst:
@@ -25,48 +26,123 @@ linters-settings:
      - ^spew\.Print(f|ln)?$
      - ^spew\.Dump$
  depguard:
-    list-type: denylist
+    rules:
-    include-go-root: false
+      main:
-    packages:
+        deny:
-      - github.com/pkg/errors
+          - pkg: "github.com/instana/testify"
            desc: not allowed
          - pkg: "github.com/pkg/errors"
            desc: Should be replaced by standard lib errors package
          - pkg: "k8s.io/api/networking/v1beta1"
            desc: This API is deprecated
          - pkg: "k8s.io/api/extensions/v1beta1"
            desc: This API is deprecated
  godox:
    keywords:
      - FIXME
  importas:
-    corev1: k8s.io/api/core/v1
+    no-unaliased: true
-    networkingv1beta1: k8s.io/api/networking/v1beta1
+    alias:
-    extensionsv1beta1: k8s.io/api/extensions/v1beta1
+      - alias: composeapi
-    metav1: k8s.io/apimachinery/pkg/apis/meta/v1
+        pkg: github.com/docker/compose/v2/pkg/api
-    kubeerror: k8s.io/apimachinery/pkg/api/errors
+
-    composeapi: github.com/docker/compose/v2/pkg/api
+      # Standard Kubernetes rewrites:
      - alias: corev1
        pkg: "k8s.io/api/core/v1"
      - alias: netv1
        pkg: "k8s.io/api/networking/v1"
      - alias: admv1
        pkg: "k8s.io/api/admission/v1"
      - alias: admv1beta1
        pkg: "k8s.io/api/admission/v1beta1"
      - alias: metav1
        pkg: "k8s.io/apimachinery/pkg/apis/meta/v1"
      - alias: ktypes
        pkg: "k8s.io/apimachinery/pkg/types"
      - alias: kerror
        pkg: "k8s.io/apimachinery/pkg/api/errors"
      - alias: kclientset
        pkg: "k8s.io/client-go/kubernetes"
      - alias: kinformers
        pkg: "k8s.io/client-go/informers"
      - alias: ktesting
        pkg: "k8s.io/client-go/testing"
      - alias: kschema
        pkg: "k8s.io/apimachinery/pkg/runtime/schema"
      - alias: kscheme
        pkg: "k8s.io/client-go/kubernetes/scheme"
      - alias: kversion
        pkg: "k8s.io/apimachinery/pkg/version"
      - alias: kubefake
        pkg: "k8s.io/client-go/kubernetes/fake"
      - alias: discoveryfake
        pkg: "k8s.io/client-go/discovery/fake"
      # Kubernetes Gateway rewrites:
      - alias: gateclientset
        pkg: "sigs.k8s.io/gateway-api/pkg/client/clientset/gateway/versioned"
      - alias: gateinformers
        pkg: "sigs.k8s.io/gateway-api/pkg/client/informers/gateway/externalversions"
      - alias: gatev1alpha2
        pkg: "sigs.k8s.io/gateway-api/apis/v1alpha2"
      # Traefik Kubernetes rewrites:
      - alias: containousv1alpha1
        pkg: "github.com/traefik/traefik/v3/pkg/provider/kubernetes/crd/traefikcontainous/v1alpha1"
      - alias: traefikv1alpha1
        pkg: "github.com/traefik/traefik/v3/pkg/provider/kubernetes/crd/traefikio/v1alpha1"
      - alias: traefikclientset
        pkg: "github.com/traefik/traefik/v3/pkg/provider/kubernetes/crd/generated/clientset/versioned"
      - alias: traefikinformers
        pkg: "github.com/traefik/traefik/v3/pkg/provider/kubernetes/crd/generated/informers/externalversions"
      - alias: traefikscheme
        pkg: "github.com/traefik/traefik/v3/pkg/provider/kubernetes/crd/generated/clientset/versioned/scheme"
      - alias: traefikcrdfake
        pkg: "github.com/traefik/traefik/v3/pkg/provider/kubernetes/crd/generated/clientset/versioned/fake"
  tagalign:
    align: false
    sort: true
    order:
      - description
      - json
      - toml
      - yaml
      - yml
      - label
      - label-slice-as-struct
      - file
      - kv
      - export
  revive:
    rules:
      - name: struct-tag
-  rules:
+      - name: blank-imports
-    - name: blank-imports
+      - name: context-as-argument
-    - name: context-as-argument
+      - name: context-keys-type
-    - name: context-keys-type
+      - name: dot-imports
-    - name: dot-imports
+      - name: error-return
-    - name: error-return
+      - name: error-strings
-    - name: error-strings
+      - name: error-naming
-    - name: error-naming
+      - name: exported
-    - name: exported
+        disabled: true
-    - name: if-return
+      - name: if-return
-    - name: increment-decrement
+      - name: increment-decrement
-    - name: var-naming
+      - name: var-naming
-    - name: var-declaration
+      - name: var-declaration
-    - name: package-comments
+      - name: package-comments
-    - name: range
+        disabled: true
-    - name: receiver-naming
+      - name: range
-    - name: time-naming
+      - name: receiver-naming
-    - name: unexported-return
+      - name: time-naming
-    - name: indent-error-flow
+      - name: unexported-return
-    - name: errorf
+      - name: indent-error-flow
-    - name: empty-block
+      - name: errorf
-    - name: superfluous-else
+      - name: empty-block
-    - name: unused-parameter
+      - name: superfluous-else
-    - name: unreachable-code
+      - name: unused-parameter
-    - name: redefines-builtin-id
+        disabled: true
      - name: unreachable-code
      - name: redefines-builtin-id
  gomoddirectives:
    replace-allow-list:
      - github.com/abbot/go-http-auth
@@ -126,6 +202,7 @@ linters:
    - containedctx # too many false-positive
    - maintidx # kind of duplicate of gocyclo
    - nonamedreturns # Too strict
    - gosmopolitan  # not relevant
 issues:
  exclude-use-default: false
@@ -179,3 +256,11 @@ issues:
      text: 'Duplicate words \(sub\) found'
      linters:
        - dupword
    - path: pkg/provider/kubernetes/crd/kubernetes.go
      text: "Function 'loadConfigurationFromCRD' has too many statements"
      linters:
        - funlen
    - path: pkg/provider/kubernetes/gateway/client_mock_test.go
      text: 'unusedwrite: unused write to field'
      linters:
        - govet
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@@ -11,7 +11,7 @@ builds:
    env:
      - CGO_ENABLED=0
    ldflags:
-      - -s -w -X github.com/traefik/traefik/v2/pkg/version.Version={{.Version}} -X github.com/traefik/traefik/v2/pkg/version.Codename={{.Env.CODENAME}} -X github.com/traefik/traefik/v2/pkg/version.BuildDate={{.Date}}
+      - -s -w -X github.com/traefik/traefik/v3/pkg/version.Version={{.Version}} -X github.com/traefik/traefik/v3/pkg/version.Codename={{.Env.CODENAME}} -X github.com/traefik/traefik/v3/pkg/version.BuildDate={{.Date}}
    flags:
      - -trimpath
    goos:
--- a/.semaphore/semaphore.yml
+++ b/.semaphore/semaphore.yml
@@ -3,7 +3,7 @@ name: Traefik
 agent:
  machine:
    type: e1-standard-4
-    os_image: ubuntu1804
+    os_image: ubuntu2004
 fail_fast:
  stop:
@@ -19,13 +19,13 @@ global_job_config:
  prologue:
    commands:
      - curl -sSfL https://raw.githubusercontent.com/ldez/semgo/master/godownloader.sh | sudo sh -s -- -b "/usr/local/bin"
-      - sudo semgo go1.19
+      - sudo semgo go1.20
      - export "GOPATH=$(go env GOPATH)"
      - export "SEMAPHORE_GIT_DIR=${GOPATH}/src/github.com/traefik/${SEMAPHORE_PROJECT_NAME}"
      - export "PATH=${GOPATH}/bin:${PATH}"
      - mkdir -vp "${SEMAPHORE_GIT_DIR}" "${GOPATH}/bin"
      - export GOPROXY=https://proxy.golang.org,direct
-      - curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b "${GOPATH}/bin" v1.50.0
+      - curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b "${GOPATH}/bin" v1.52.2
      - curl -sSfL https://gist.githubusercontent.com/traefiker/6d7ac019c11d011e4f131bb2cca8900e/raw/goreleaser.sh | bash -s -- -b "${GOPATH}/bin"
      - checkout
      - cache restore traefik-$(checksum go.sum)
@@ -57,7 +57,7 @@ blocks:
      agent:
        machine:
          type: e1-standard-8
-          os_image: ubuntu1804
+          os_image: ubuntu2004
      secrets:
        - name: traefik
      env_vars:
@@ -73,7 +73,7 @@ blocks:
          - curl -sSL -o /tmp/gh_${GH_VERSION}_linux_amd64.tar.gz https://github.com/cli/cli/releases/download/v${GH_VERSION}/gh_${GH_VERSION}_linux_amd64.tar.gz
          - tar -zxvf /tmp/gh_${GH_VERSION}_linux_amd64.tar.gz -C /tmp
          - sudo mv /tmp/gh_${GH_VERSION}_linux_amd64/bin/gh /usr/local/bin/gh
-          - sudo rm -rf ~/.phpbrew ~/.kerl ~/.sbt ~/.nvm ~/.npm ~/.kiex /usr/lib/jvm /opt/az /opt/firefox # Remove unnecessary data.
+          - sudo rm -rf ~/.phpbrew ~/.kerl ~/.sbt ~/.nvm ~/.npm ~/.kiex /usr/lib/jvm /opt/az /opt/firefox /usr/lib/google-cloud-sdk ~/.rbenv ~/.pip_download_cache # Remove unnecessary data.
          - sudo service docker stop && sudo umount /var/lib/docker && sudo service docker start # Unmounts the docker disk and the whole system disk is usable.
      jobs:
        - name: Release
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,243 @@
 ## [v3.0.0-beta3](https://github.com/traefik/traefik/tree/v3.0.0-beta3) (2023-06-21)
 [All Commits](https://github.com/traefik/traefik/compare/v3.0.0-beta2...v3.0.0-beta3)
 **Enhancements:**
 - **[docker,docker/swarm]** Split Docker provider ([#9652](https://github.com/traefik/traefik/pull/9652) by [ldez](https://github.com/ldez))
 - **[k8s,hub]** Remove deprecated code ([#9804](https://github.com/traefik/traefik/pull/9804) by [ldez](https://github.com/ldez))
 - **[k8s,k8s/gatewayapi]** Support HostSNIRegexp in GatewayAPI TLS routes ([#9486](https://github.com/traefik/traefik/pull/9486) by [ddtmachado](https://github.com/ddtmachado))
 - **[k8s/gatewayapi]** Add support for HTTPRequestRedirectFilter in k8s Gateway API ([#9408](https://github.com/traefik/traefik/pull/9408) by [romantomjak](https://github.com/romantomjak))
 - **[k8s/ingress,k8s]** Remove support of the networking.k8s.io/v1beta1 APIVersion ([#9949](https://github.com/traefik/traefik/pull/9949) by [rtribotte](https://github.com/rtribotte))
 - **[k8s/ingress,k8s]** Add option to the Ingress provider to disable IngressClass lookup ([#9281](https://github.com/traefik/traefik/pull/9281) by [jandillenkofer](https://github.com/jandillenkofer))
 - **[marathon]** Remove Marathon provider ([#9614](https://github.com/traefik/traefik/pull/9614) by [rtribotte](https://github.com/rtribotte))
 - **[metrics]** Remove InfluxDB v1 metrics middleware ([#9612](https://github.com/traefik/traefik/pull/9612) by [tomMoulard](https://github.com/tomMoulard))
 - **[rancher]** Remove Rancher v1 provider ([#9613](https://github.com/traefik/traefik/pull/9613) by [tomMoulard](https://github.com/tomMoulard))
 - **[rules]** Remove containous/mux from HTTP muxer ([#9558](https://github.com/traefik/traefik/pull/9558) by [tomMoulard](https://github.com/tomMoulard))
 - **[tls,tcp,service]** Add TCP Servers Transports support ([#9465](https://github.com/traefik/traefik/pull/9465) by [sdelicata](https://github.com/sdelicata))
 - **[webui]** Added router priority to webui&#39;s list and detail page ([#9004](https://github.com/traefik/traefik/pull/9004) by [bendre90](https://github.com/bendre90))
 **Bug fixes:**
 - **[metrics]** Fix OpenTelemetry metrics ([#9962](https://github.com/traefik/traefik/pull/9962) by [rtribotte](https://github.com/rtribotte))
 - **[metrics]** Remove config reload failure metrics ([#9660](https://github.com/traefik/traefik/pull/9660) by [rtribotte](https://github.com/rtribotte))
 - **[metrics]** Fix open connections metric ([#9656](https://github.com/traefik/traefik/pull/9656) by [mpl](https://github.com/mpl))
 - **[metrics]** Fix OpenTelemetry service name ([#9619](https://github.com/traefik/traefik/pull/9619) by [tomMoulard](https://github.com/tomMoulard))
 - **[tcp]** Don&#39;t log EOF or timeout errors while peeking first bytes in Postgres StartTLS hook ([#9663](https://github.com/traefik/traefik/pull/9663) by [rtribotte](https://github.com/rtribotte))
 - **[webui]** Detect dashboard assets content types ([#9622](https://github.com/traefik/traefik/pull/9622) by [tomMoulard](https://github.com/tomMoulard))
 - **[webui]** fix: detect dashboard content types ([#9594](https://github.com/traefik/traefik/pull/9594) by [ldez](https://github.com/ldez))
 **Documentation:**
 - **[k8s]** Improve Kubernetes support documentation ([#9974](https://github.com/traefik/traefik/pull/9974) by [rtribotte](https://github.com/rtribotte))
 - Adjust quick start ([#9790](https://github.com/traefik/traefik/pull/9790) by [svx](https://github.com/svx))
 - Mention PathPrefix matcher changes in V3 Migration Guide ([#9727](https://github.com/traefik/traefik/pull/9727) by [aofei](https://github.com/aofei))
 - Fix yaml indentation in the HTTP3 example ([#9724](https://github.com/traefik/traefik/pull/9724) by [benwaffle](https://github.com/benwaffle))
 - Add OpenTelemetry in observability overview ([#9654](https://github.com/traefik/traefik/pull/9654) by [tomMoulard](https://github.com/tomMoulard))
 **Misc:**
 - Merge branch v2.10 into v3.0 ([#9977](https://github.com/traefik/traefik/pull/9977) by [ldez](https://github.com/ldez))
 - Merge branch v2.10 into v3.0 ([#9931](https://github.com/traefik/traefik/pull/9931) by [ldez](https://github.com/ldez))
 - Merge branch v2.10 into v3.0 ([#9896](https://github.com/traefik/traefik/pull/9896) by [ldez](https://github.com/ldez))
 - Merge branch v2.10 into v3.0 ([#9867](https://github.com/traefik/traefik/pull/9867) by [ldez](https://github.com/ldez))
 - Merge branch v2.10 into v3.0 ([#9850](https://github.com/traefik/traefik/pull/9850) by [ldez](https://github.com/ldez))
 - Merge branch v2.10 into v3.0 ([#9845](https://github.com/traefik/traefik/pull/9845) by [ldez](https://github.com/ldez))
 - Merge branch v2.10 into v3.0 ([#9803](https://github.com/traefik/traefik/pull/9803) by [ldez](https://github.com/ldez))
 - Merge branch v2.10 into v3.0 ([#9793](https://github.com/traefik/traefik/pull/9793) by [ldez](https://github.com/ldez))
 - Merge branch v2.9 into v3.0 ([#9722](https://github.com/traefik/traefik/pull/9722) by [rtribotte](https://github.com/rtribotte))
 - Merge branch v2.9 into v3.0 ([#9650](https://github.com/traefik/traefik/pull/9650) by [tomMoulard](https://github.com/tomMoulard))
 - Merge branch v2.9 into v3.0 ([#9632](https://github.com/traefik/traefik/pull/9632) by [kevinpollet](https://github.com/kevinpollet))
 ## [v2.10.3](https://github.com/traefik/traefik/tree/v2.10.3) (2023-06-17)
 [All Commits](https://github.com/traefik/traefik/compare/v2.10.2...v2.10.3)
 **Bug fixes:**
 - **[acme]** Update go-acme/lego to v4.12.2 ([#9935](https://github.com/traefik/traefik/pull/9971) by [ldez](https://github.com/ldez))
 ## [v2.10.2](https://github.com/traefik/traefik/tree/v2.10.2) (2023-06-17)
 [All Commits](https://github.com/traefik/traefik/compare/v2.10.1...v2.10.2)
 **Bug fixes:**
 - **[acme]** Update go-acme/lego to v4.12.1 ([#9935](https://github.com/traefik/traefik/pull/9935) by [ldez](https://github.com/ldez))
 - **[acme]** Update go-acme/lego to v4.12.0 ([#9918](https://github.com/traefik/traefik/pull/9918) by [ldez](https://github.com/ldez))
 - **[acme]** Update go-acme/lego to v4.11.0 ([#9883](https://github.com/traefik/traefik/pull/9883) by [ldez](https://github.com/ldez))
 - **[acme]** Do not check for wildcard domains for non DNS challenge ([#9881](https://github.com/traefik/traefik/pull/9881) by [erkexzcx](https://github.com/erkexzcx))
 - **[k8s/crd]** Fix multiple subsets endpoint ([#9914](https://github.com/traefik/traefik/pull/9914) by [joaosilva15](https://github.com/joaosilva15))
 - **[k8s/ingress,k8s/crd,k8s,hub]** Clean code related to Hub ([#9894](https://github.com/traefik/traefik/pull/9894) by [ldez](https://github.com/ldez))
 - **[metrics]** Enable Prometheus provider cleanup when only the router&#39;s metrics level is activated ([#9887](https://github.com/traefik/traefik/pull/9887) by [rtribotte](https://github.com/rtribotte))
 - **[middleware]** Encode query semicolons ([#9943](https://github.com/traefik/traefik/pull/9943) by [LandryBe](https://github.com/LandryBe))
 - **[middleware]** Missing trailer with custom errors middleware ([#9942](https://github.com/traefik/traefik/pull/9942) by [rtribotte](https://github.com/rtribotte))
 - **[middleware]** Support informational headers in middlewares redefining the response writer. ([#9938](https://github.com/traefik/traefik/pull/9938) by [rtribotte](https://github.com/rtribotte))
 - **[plugins]** Improve error messages related to plugins ([#9924](https://github.com/traefik/traefik/pull/9924) by [ldez](https://github.com/ldez))
 - **[tracing]** Update DataDog tracing dependency to v1.50.1 ([#9953](https://github.com/traefik/traefik/pull/9953) by [der-eismann](https://github.com/der-eismann))
 **Documentation:**
 - **[accesslogs]** Fix over-indented yaml configuration of access logs ([#9930](https://github.com/traefik/traefik/pull/9930) by [ufUNnxagpM](https://github.com/ufUNnxagpM))
 - **[tls]** Add FAQ documentation about TLS certificates ([#9868](https://github.com/traefik/traefik/pull/9868) by [rtribotte](https://github.com/rtribotte))
 - Fix typo ([#9966](https://github.com/traefik/traefik/pull/9966) by [green1052](https://github.com/green1052))
 - Add business callouts ([#9940](https://github.com/traefik/traefik/pull/9940) by [tomatokoolaid](https://github.com/tomatokoolaid))
 - Add logo for GitHub dark mode ([#9890](https://github.com/traefik/traefik/pull/9890) by [ldez](https://github.com/ldez))
 ## [v2.10.1](https://github.com/traefik/traefik/tree/v2.10.1) (2023-04-27)
 [All Commits](https://github.com/traefik/traefik/compare/v2.10.0...v2.10.1)
 **Bug fixes:**
 - **[middleware,oxy]** Update vulcand/oxy to be5cf38 ([#9874](https://github.com/traefik/traefik/pull/9874) by [rtribotte](https://github.com/rtribotte))
 **Documentation:**
 - Fix v2.10 migration guide ([#9863](https://github.com/traefik/traefik/pull/9863) by [rtribotte](https://github.com/rtribotte))
 ## [v2.10.0](https://github.com/traefik/traefik/tree/v2.10.0) (2023-04-24)
 [All Commits](https://github.com/traefik/traefik/compare/v2.9.0-rc1...v2.10.0)
 **Enhancements:**
 - **[docker]** Expose ContainerName in Docker provider ([#9770](https://github.com/traefik/traefik/pull/9770) by [quinot](https://github.com/quinot))
 - **[hub]** Remove hub configuration out of experimental ([#9792](https://github.com/traefik/traefik/pull/9792) by [mpl](https://github.com/mpl))
 - **[k8s/crd]** Introduce traefik.io API Group CRDs ([#9765](https://github.com/traefik/traefik/pull/9765) by [rtribotte](https://github.com/rtribotte))
 - **[k8s/ingress,k8s/crd,k8s]** Native Kubernetes service load-balancing ([#9740](https://github.com/traefik/traefik/pull/9740) by [rtribotte](https://github.com/rtribotte))
 - **[middleware,metrics]** Add prometheus metric requests_total with headers ([#9783](https://github.com/traefik/traefik/pull/9783) by [rtribotte](https://github.com/rtribotte))
 - **[nomad]** Support multiple namespaces in the Nomad Provider ([#9794](https://github.com/traefik/traefik/pull/9794) by [rtribotte](https://github.com/rtribotte))
 - **[tracing]** Add support to send DataDog traces via Unix Socket ([#9714](https://github.com/traefik/traefik/pull/9714) by [der-eismann](https://github.com/der-eismann))
 - **[webui]** Modify the Hub Button ([#9851](https://github.com/traefik/traefik/pull/9851) by [mdeliatf](https://github.com/mdeliatf))
 - **[webui]** Display period setting of the RateLimit middleware in the webui ([#9822](https://github.com/traefik/traefik/pull/9822) by [smatyas](https://github.com/smatyas))
 **Bug fixes:**
 - **[docker]** Only warn about missing docker network when network_mode is not host or container ([#9799](https://github.com/traefik/traefik/pull/9799) by [sentriz](https://github.com/sentriz))
 - **[k8s/ingress,k8s]** Bump k8s.io/client-go from v0.22.1 to v0.26.3 ([#9808](https://github.com/traefik/traefik/pull/9808) by [ldez](https://github.com/ldez))
 - **[plugins]** Improve DeepCopy of PluginConf ([#9846](https://github.com/traefik/traefik/pull/9846) by [ldez](https://github.com/ldez))
 - **[plugins]** Update Yaegi to v0.15.1 ([#9815](https://github.com/traefik/traefik/pull/9815) by [ldez](https://github.com/ldez))
 - **[server]** Update vulcand/oxy to 03de175b3822 ([#9849](https://github.com/traefik/traefik/pull/9849) by [longit644](https://github.com/longit644))
 **Documentation:**
 - Prepare release v2.10.0-rc1 ([#9802](https://github.com/traefik/traefik/pull/9802) by [ldez](https://github.com/ldez))
 - Fix order of log levels ([#9791](https://github.com/traefik/traefik/pull/9791) by [svx](https://github.com/svx))
 - **[docker]** Update wording - add link descriptions ([#9816](https://github.com/traefik/traefik/pull/9816) by [svx](https://github.com/svx))
 - **[middleware]** Add accessControlAllowHeaders example ([#9810](https://github.com/traefik/traefik/pull/9810) by [yingshaoxo](https://github.com/yingshaoxo))
 - **[tls]** More details on Kubernetes options for mTLS ([#9835](https://github.com/traefik/traefik/pull/9835) by [mloiseleur](https://github.com/mloiseleur))
 - Prepare release v2.10.0-rc2 ([#9830](https://github.com/traefik/traefik/pull/9830) by [mpl](https://github.com/mpl))
 - Update Call To Actions ([#9824](https://github.com/traefik/traefik/pull/9824) by [svx](https://github.com/svx))
 - Improve concepts page ([#9813](https://github.com/traefik/traefik/pull/9813) by [svx](https://github.com/svx))
 - Update wording ([#9811](https://github.com/traefik/traefik/pull/9811) by [svx](https://github.com/svx))
 **Misc:**
 - Merge branch v2.9 into v2.10 ([#9798](https://github.com/traefik/traefik/pull/9798) by [ldez](https://github.com/ldez))
 - Merge branch v2.9 into v2.10 ([#9829](https://github.com/traefik/traefik/pull/9829) by [mpl](https://github.com/mpl))
 ## [v2.10.0-rc2](https://github.com/traefik/traefik/tree/v2.10.0-rc2) (2023-04-07)
 [All Commits](https://github.com/traefik/traefik/compare/v2.10.0-rc1...v2.10.0-rc2)
 **Enhancements:**
 - **[webui]** Display period setting of the RateLimit middleware in the webui ([#9822](https://github.com/traefik/traefik/pull/9822) by [smatyas](https://github.com/smatyas))
 **Bug fixes:**
 - **[docker]** Only warn about missing docker network when network_mode is not host or container ([#9799](https://github.com/traefik/traefik/pull/9799) by [sentriz](https://github.com/sentriz))
 - **[k8s/ingress,k8s]** chore: bump k8s.io/client-go from v0.22.1 to v0.26.3 ([#9808](https://github.com/traefik/traefik/pull/9808) by [ldez](https://github.com/ldez))
 - **[plugins]** Update Yaegi to v0.15.1 ([#9815](https://github.com/traefik/traefik/pull/9815) by [ldez](https://github.com/ldez))
 **Documentation:**
 - **[docker]** Update wording - add link descriptions ([#9816](https://github.com/traefik/traefik/pull/9816) by [svx](https://github.com/svx))
 - **[middleware]** Add accessControlAllowHeaders example ([#9810](https://github.com/traefik/traefik/pull/9810) by [yingshaoxo](https://github.com/yingshaoxo))
 - Update Call To Actions ([#9824](https://github.com/traefik/traefik/pull/9824) by [svx](https://github.com/svx))
 - Improve concepts page ([#9813](https://github.com/traefik/traefik/pull/9813) by [svx](https://github.com/svx))
 - Update wording ([#9811](https://github.com/traefik/traefik/pull/9811) by [svx](https://github.com/svx))
 ## [v2.9.10](https://github.com/traefik/traefik/tree/v2.9.10) (2023-04-06)
 [All Commits](https://github.com/traefik/traefik/compare/v2.9.9...v2.9.10)
 ## [v2.10.0-rc1](https://github.com/traefik/traefik/tree/v2.10.0-rc1) (2023-03-22)
 [All Commits](https://github.com/traefik/traefik/compare/b3f162a8a61d89beaa9edc8adc12cc4cb3e1de0f...v2.10.0-rc1)
 **Enhancements:**
 - **[docker]** Expose ContainerName in Docker provider ([#9770](https://github.com/traefik/traefik/pull/9770) by [quinot](https://github.com/quinot))
 - **[hub]** hub: get out of experimental. ([#9792](https://github.com/traefik/traefik/pull/9792) by [mpl](https://github.com/mpl))
 - **[k8s/crd]** Introduce traefik.io API Group CRDs ([#9765](https://github.com/traefik/traefik/pull/9765) by [rtribotte](https://github.com/rtribotte))
 - **[k8s/ingress,k8s/crd,k8s]** Native Kubernetes service load-balancing ([#9740](https://github.com/traefik/traefik/pull/9740) by [rtribotte](https://github.com/rtribotte))
 - **[middleware,metrics]** Add prometheus metric requests_total with headers ([#9783](https://github.com/traefik/traefik/pull/9783) by [rtribotte](https://github.com/rtribotte))
 - **[nomad]** Support multiple namespaces in the Nomad Provider ([#9794](https://github.com/traefik/traefik/pull/9794) by [rtribotte](https://github.com/rtribotte))
 - **[tracing]** Add support to send DataDog traces via Unix Socket ([#9714](https://github.com/traefik/traefik/pull/9714) by [der-eismann](https://github.com/der-eismann))
 **Documentation:**
 - docs: update order of log levels ([#9791](https://github.com/traefik/traefik/pull/9791) by [svx](https://github.com/svx))
 **Misc:**
 - Merge current v2.9 into v2.10 ([#9798](https://github.com/traefik/traefik/pull/9798) by [ldez](https://github.com/ldez))
 ## [v2.9.9](https://github.com/traefik/traefik/tree/v2.9.9) (2023-03-21)
 [All Commits](https://github.com/traefik/traefik/compare/v2.9.8...v2.9.9)
 **Bug fixes:**
 - **[acme]** Update go-acme/lego to v4.10.2 ([#9749](https://github.com/traefik/traefik/pull/9749) by [ldez](https://github.com/ldez))
 - **[http3]** Update quic-go to v0.33.0 ([#9737](https://github.com/traefik/traefik/pull/9737) by [ldez](https://github.com/ldez))
 - **[metrics]** Include user-defined default cert for traefik_tls_certs_not_after metric ([#9742](https://github.com/traefik/traefik/pull/9742) by [rtribotte](https://github.com/rtribotte))
 - **[middleware]** Update vulcand/oxy to a0e9f7ff1040 ([#9750](https://github.com/traefik/traefik/pull/9750) by [ldez](https://github.com/ldez))
 - **[nomad]** Fix default configuration settings for Nomad Provider ([#9758](https://github.com/traefik/traefik/pull/9758) by [aofei](https://github.com/aofei))
 - **[nomad]** Fix Nomad client TLS defaults ([#9795](https://github.com/traefik/traefik/pull/9795) by [rtribotte](https://github.com/rtribotte))
 - **[server]** Remove User-Agent header removal from ReverseProxy director func ([#9752](https://github.com/traefik/traefik/pull/9752) by [rtribotte](https://github.com/rtribotte))
 **Documentation:**
 - **[middleware]** Clarify ratelimit middleware ([#9777](https://github.com/traefik/traefik/pull/9777) by [mpl](https://github.com/mpl))
 - **[tcp]** Correcting variable name &#39;server address&#39; in TCP Router ([#9743](https://github.com/traefik/traefik/pull/9743) by [ralphg6](https://github.com/ralphg6))
 ## [v2.9.8](https://github.com/traefik/traefik/tree/v2.9.8) (2023-02-15)
 [All Commits](https://github.com/traefik/traefik/compare/v2.9.7...v2.9.8)
 **Bug fixes:**
 - **[server]** Update golang.org/x/net to v0.7.0 ([#9716](https://github.com/traefik/traefik/pull/9716) by [ldez](https://github.com/ldez))
 ## [v2.9.7](https://github.com/traefik/traefik/tree/v2.9.7) (2023-02-14)
 [All Commits](https://github.com/traefik/traefik/compare/v2.9.6...v2.9.7)
 **Bug fixes:**
 - **[acme]** Update go-acme/lego to v4.10.0 ([#9705](https://github.com/traefik/traefik/pull/9705) by [ldez](https://github.com/ldez))
 - **[ecs]** Prevent panicking when a container has no network interfaces ([#9661](https://github.com/traefik/traefik/pull/9661) by [rtribotte](https://github.com/rtribotte))
 - **[file]** Make file provider more resilient wrt first configuration ([#9595](https://github.com/traefik/traefik/pull/9595) by [mpl](https://github.com/mpl))
 - **[logs]** Differentiate UDP stream and TCP connection in logs ([#9687](https://github.com/traefik/traefik/pull/9687) by [rtribotte](https://github.com/rtribotte))
 - **[middleware]** Prevent from no rate limiting when average is zero ([#9621](https://github.com/traefik/traefik/pull/9621) by [witalisoft](https://github.com/witalisoft))
 - **[middleware]** Prevents superfluous WriteHeader call in the error middleware ([#9620](https://github.com/traefik/traefik/pull/9620) by [tomMoulard](https://github.com/tomMoulard))
 - **[middleware]** Sanitize X-Forwarded-Proto header in RedirectScheme middleware ([#9598](https://github.com/traefik/traefik/pull/9598) by [ldez](https://github.com/ldez))
 - **[plugins]** Update paerser to v0.2.0 ([#9671](https://github.com/traefik/traefik/pull/9671) by [ldez](https://github.com/ldez))
 - **[plugins]** Update Yaegi to v0.15.0 ([#9700](https://github.com/traefik/traefik/pull/9700) by [ldez](https://github.com/ldez))
 - **[tls,http3]** Bump quic-go to 89769f409f ([#9685](https://github.com/traefik/traefik/pull/9685) by [mpl](https://github.com/mpl))
 - **[tls,tcp]** Adds the support for IPv6 in the TCP HostSNI matcher ([#9692](https://github.com/traefik/traefik/pull/9692) by [rtribotte](https://github.com/rtribotte))
 **Documentation:**
 - **[acme]** Add CNAME support and gotchas ([#9698](https://github.com/traefik/traefik/pull/9698) by [mpl](https://github.com/mpl))
 - **[acme]** Further Let&#39;s Encrypt ratelimit warnings ([#9627](https://github.com/traefik/traefik/pull/9627) by [hcooper](https://github.com/hcooper))
 - **[k8s]** Add info admonition about routing to k8 services ([#9645](https://github.com/traefik/traefik/pull/9645) by [svx](https://github.com/svx))
 - **[k8s]** Improve TLSStore CRD documentation ([#9579](https://github.com/traefik/traefik/pull/9579) by [mloiseleur](https://github.com/mloiseleur))
 - **[middleware]** doc: add note about remoteaddr strategy ([#9701](https://github.com/traefik/traefik/pull/9701) by [mpl](https://github.com/mpl))
 - Update copyright to match new standard ([#9651](https://github.com/traefik/traefik/pull/9651) by [paulocfjunior](https://github.com/paulocfjunior))
 - Update copyright for 2023 ([#9631](https://github.com/traefik/traefik/pull/9631) by [kevinpollet](https://github.com/kevinpollet))
 - Update submitting pull requests to include language about drafts ([#9609](https://github.com/traefik/traefik/pull/9609) by [tfny](https://github.com/tfny))
 ## [v3.0.0-beta2](https://github.com/traefik/traefik/tree/v3.0.0-beta2) (2022-12-07)
 [All Commits](https://github.com/traefik/traefik/compare/v3.0.0-beta1...v3.0.0-beta2)
 **Enhancements:**
 - **[http3]** Moves HTTP/3 outside the experimental section ([#9570](https://github.com/traefik/traefik/pull/9570) by [sdelicata](https://github.com/sdelicata))
 **Bug fixes:**
 - **[logs]** Change traefik cmd error log to error level ([#9569](https://github.com/traefik/traefik/pull/9569) by [tomMoulard](https://github.com/tomMoulard))
 - **[rules]** Rework Host and HostRegexp matchers ([#9559](https://github.com/traefik/traefik/pull/9559) by [tomMoulard](https://github.com/tomMoulard))
 **Misc:**
 - Merge current v2.9 into master ([#9586](https://github.com/traefik/traefik/pull/9586) by [tomMoulard](https://github.com/tomMoulard))
 ## [v2.9.6](https://github.com/traefik/traefik/tree/v2.9.6) (2022-12-07)
 [All Commits](https://github.com/traefik/traefik/compare/v2.9.5...v2.9.6)
 **Bug fixes:**
 - **[acme]** Update go-acme/lego to v4.9.1 ([#9550](https://github.com/traefik/traefik/pull/9550) by [ldez](https://github.com/ldez))
 - **[k8s/crd]** Support of allowEmptyServices in TraefikService ([#9424](https://github.com/traefik/traefik/pull/9424) by [jeromeguiard](https://github.com/jeromeguiard))
 - **[logs]** Remove logs of the request ([#9574](https://github.com/traefik/traefik/pull/9574) by [ldez](https://github.com/ldez))
 - **[plugins]** Increase the timeout on plugin download ([#9529](https://github.com/traefik/traefik/pull/9529) by [ldez](https://github.com/ldez))
 - **[server]** Update golang.org/x/net ([#9582](https://github.com/traefik/traefik/pull/9582) by [ldez](https://github.com/ldez))
 - **[tls]** Handle broken TLS conf better ([#9572](https://github.com/traefik/traefik/pull/9572) by [mpl](https://github.com/mpl))
 - **[tracing]** Update DataDog tracing dependency to v1.43.1 ([#9526](https://github.com/traefik/traefik/pull/9526) by [rtribotte](https://github.com/rtribotte))
 - **[webui]** Add missing serialNumber passTLSClientCert option to middleware panel ([#9539](https://github.com/traefik/traefik/pull/9539) by [rtribotte](https://github.com/rtribotte))
 **Documentation:**
 - **[docker]** Add networking example ([#9542](https://github.com/traefik/traefik/pull/9542) by [Janik-Haag](https://github.com/Janik-Haag))
 - **[hub]** Add information about the Hub Agent ([#9560](https://github.com/traefik/traefik/pull/9560) by [nmengin](https://github.com/nmengin))
 - **[k8s/helm]** Update Helm installation section ([#9564](https://github.com/traefik/traefik/pull/9564) by [mloiseleur](https://github.com/mloiseleur))
 - **[middleware]** Clarify PathPrefix matcher greediness ([#9519](https://github.com/traefik/traefik/pull/9519) by [mpl](https://github.com/mpl))
 ## [v3.0.0-beta1](https://github.com/traefik/traefik/tree/v3.0.0-beta1) (2022-12-05)
 [All Commits](https://github.com/traefik/traefik/compare/v2.9.0-rc1...v3.0.0-beta1)
@@ -110,13 +350,7 @@ Release canceled.
 - **[acme]** Fix ACME panic ([#9365](https://github.com/traefik/traefik/pull/9365) by [ldez](https://github.com/ldez))
 **Documentation:**
 - Prepare release v2.9.0 ([#9409](https://github.com/traefik/traefik/pull/9409) by [tomMoulard](https://github.com/tomMoulard))
 - **[metrics]** Rework metrics overview page ([#9366](https://github.com/traefik/traefik/pull/9366) by [ddtmachado](https://github.com/ddtmachado))
 - Prepare release v2.9.0-rc5 ([#9402](https://github.com/traefik/traefik/pull/9402) by [ldez](https://github.com/ldez))
 - Prepare release v2.9.0-rc4 ([#9372](https://github.com/traefik/traefik/pull/9372) by [kevinpollet](https://github.com/kevinpollet))
 - Prepare release v2.9.0-rc3 ([#9344](https://github.com/traefik/traefik/pull/9344) by [kevinpollet](https://github.com/kevinpollet))
 - Prepare release v2.9.0-rc2 ([6c2c561](https://github.com/traefik/traefik/commit/6c2c561d8f935d76ccd07d28e1455c7768adc153) by [ldez](https://github.com/ldez))
 - Prepare release v2.9.0-rc1 ([#9334](https://github.com/traefik/traefik/pull/9334) by [rtribotte](https://github.com/rtribotte))
 **Misc:**
 - Merge current v2.8 into v2.9 ([#9400](https://github.com/traefik/traefik/pull/9400) by [ldez](https://github.com/ldez))
--- a/LICENSE.md
+++ b/LICENSE.md
@@ -1,6 +1,6 @@
 The MIT License (MIT)
-Copyright (c) 2016-2020 Containous SAS; 2020-2022 Traefik Labs
+Copyright (c) 2016-2020 Containous SAS; 2020-2023 Traefik Labs
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
--- a/2
+++ b/2
@@ -189,7 +189,7 @@ generate-genconf:
 .PHONY: release-packages
 release-packages: generate-webui build-dev-image
 	rm -rf dist
-	$(if $(IN_DOCKER),$(DOCKER_RUN_TRAEFIK_NOTTY)) goreleaser release --skip-publish -p 4 --timeout="90m"
+	$(if $(IN_DOCKER),$(DOCKER_RUN_TRAEFIK_NOTTY)) goreleaser release --skip-publish -p 2 --timeout="90m"
 	$(if $(IN_DOCKER),$(DOCKER_RUN_TRAEFIK_NOTTY)) tar cfz dist/traefik-${VERSION}.src.tar.gz \
 		--exclude-vcs \
 		--exclude .idea \
--- a/README.md
+++ b/README.md
@@ -1,6 +1,10 @@
 <p align="center">
-<img src="docs/content/assets/img/traefik.logo.png" alt="Traefik" title="Traefik" />
+    <picture>
      <source media="(prefers-color-scheme: dark)" srcset="docs/content/assets/img/traefik.logo-dark.png">
      <source media="(prefers-color-scheme: light)" srcset="docs/content/assets/img/traefik.logo.png">
      <img alt="Traefik" title="Traefik" src="docs/content/assets/img/traefik.logo.png">
    </picture>
 </p>
 [![Build Status SemaphoreCI](https://semaphoreci.com/api/v1/containous/traefik/branches/master/shields_badge.svg)](https://semaphoreci.com/containous/traefik)
@@ -11,7 +15,7 @@
 [![Twitter](https://img.shields.io/twitter/follow/traefik.svg?style=social)](https://twitter.com/intent/follow?screen_name=traefik)
 Traefik (pronounced _traffic_) is a modern HTTP reverse proxy and load balancer that makes deploying microservices easy.
-Traefik integrates with your existing infrastructure components ([Docker](https://www.docker.com/), [Swarm mode](https://docs.docker.com/engine/swarm/), [Kubernetes](https://kubernetes.io), [Marathon](https://mesosphere.github.io/marathon/), [Consul](https://www.consul.io/), [Etcd](https://coreos.com/etcd/), [Rancher](https://rancher.com), [Amazon ECS](https://aws.amazon.com/ecs), ...) and configures itself automatically and dynamically.
+Traefik integrates with your existing infrastructure components ([Docker](https://www.docker.com/), [Swarm mode](https://docs.docker.com/engine/swarm/), [Kubernetes](https://kubernetes.io), [Consul](https://www.consul.io/), [Etcd](https://coreos.com/etcd/), [Rancher v2](https://rancher.com), [Amazon ECS](https://aws.amazon.com/ecs), ...) and configures itself automatically and dynamically.
 Pointing Traefik at your orchestrator should be the _only_ configuration step you need.
 ---
@@ -58,7 +62,7 @@ _(But if you'd rather configure some of your routes manually, Traefik supports t
 - Circuit breakers, retry
 - See the magic through its clean web UI
 - Websocket, HTTP/2, gRPC ready
- Provides metrics (Rest, Prometheus, Datadog, Statsd, InfluxDB)
+- Provides metrics (Rest, Prometheus, Datadog, Statsd, InfluxDB 2.X)
 - Keeps access logs (JSON, CLF)
 - Fast
 - Exposes a Rest API
@@ -68,8 +72,6 @@ _(But if you'd rather configure some of your routes manually, Traefik supports t
 - [Docker](https://doc.traefik.io/traefik/providers/docker/) / [Swarm mode](https://doc.traefik.io/traefik/providers/docker/)
 - [Kubernetes](https://doc.traefik.io/traefik/providers/kubernetes-crd/)
 - [Marathon](https://doc.traefik.io/traefik/providers/marathon/)
 - [Rancher](https://doc.traefik.io/traefik/providers/rancher/) (Metadata)
 - [File](https://doc.traefik.io/traefik/providers/file/)
 ## Quickstart
--- a/build.Dockerfile
+++ b/build.Dockerfile
@@ -1,4 +1,4 @@
-FROM golang:1.19-alpine
+FROM golang:1.20-alpine
 RUN apk --no-cache --no-progress add git mercurial bash gcc musl-dev curl tar ca-certificates tzdata \
    && update-ca-certificates \
@@ -13,7 +13,7 @@ RUN mkdir -p /usr/local/bin \
    | tar -xzC /usr/local/bin --transform 's#^.+/##x'
 # Download golangci-lint binary to bin folder in $GOPATH
-RUN curl -sfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | bash -s -- -b $GOPATH/bin v1.50.0
+RUN curl -sfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | bash -s -- -b $GOPATH/bin v1.52.2
 # Download misspell binary to bin folder in $GOPATH
 RUN curl -sfL https://raw.githubusercontent.com/golangci/misspell/master/install-misspell.sh | bash -s -- -b $GOPATH/bin v0.4.0
--- a/cmd/configuration.go
+++ b/cmd/configuration.go
@@ -4,7 +4,7 @@ import (
 	"time"
 	ptypes "github.com/traefik/paerser/types"
-	"github.com/traefik/traefik/v2/pkg/config/static"
+	"github.com/traefik/traefik/v3/pkg/config/static"
 )
 // TraefikCmdConfiguration wraps the static configuration and extra parameters.
@@ -28,6 +28,10 @@ func NewTraefikConfiguration() *TraefikCmdConfiguration {
 			ServersTransport: &static.ServersTransport{
 				MaxIdleConnsPerHost: 200,
 			},
 			TCPServersTransport: &static.TCPServersTransport{
 				DialTimeout:   ptypes.Duration(30 * time.Second),
 				DialKeepAlive: ptypes.Duration(15 * time.Second),
 			},
 		},
 		ConfigFile: "",
 	}
--- a/cmd/healthcheck/healthcheck.go
+++ b/cmd/healthcheck/healthcheck.go
@@ -8,7 +8,7 @@ import (
 	"time"
 	"github.com/traefik/paerser/cli"
-	"github.com/traefik/traefik/v2/pkg/config/static"
+	"github.com/traefik/traefik/v3/pkg/config/static"
 )
 // NewCmd builds a new HealthCheck command.
--- a/cmd/internal/gen/main.go
+++ b/cmd/internal/gen/main.go
@@ -11,7 +11,7 @@ import (
 	"strings"
 )
-const rootPkg = "github.com/traefik/traefik/v2/pkg/config/dynamic"
+const rootPkg = "github.com/traefik/traefik/v3/pkg/config/dynamic"
 const (
 	destModuleName = "github.com/traefik/genconf"
@@ -57,8 +57,8 @@ func run(dest string) error {
 	}
 	centrifuge.IncludedImports = []string{
-		"github.com/traefik/traefik/v2/pkg/tls",
+		"github.com/traefik/traefik/v3/pkg/tls",
-		"github.com/traefik/traefik/v2/pkg/types",
+		"github.com/traefik/traefik/v3/pkg/types",
 	}
 	centrifuge.ExcludedTypes = []string{
@@ -71,8 +71,8 @@ func run(dest string) error {
 	}
 	centrifuge.ExcludedFiles = []string{
-		"github.com/traefik/traefik/v2/pkg/types/logs.go",
+		"github.com/traefik/traefik/v3/pkg/types/logs.go",
-		"github.com/traefik/traefik/v2/pkg/types/metrics.go",
+		"github.com/traefik/traefik/v3/pkg/types/metrics.go",
 	}
 	centrifuge.TypeCleaner = cleanType
@@ -87,11 +87,11 @@ func run(dest string) error {
 }
 func cleanType(typ types.Type, base string) string {
-	if typ.String() == "github.com/traefik/traefik/v2/pkg/tls.FileOrContent" {
+	if typ.String() == "github.com/traefik/traefik/v3/pkg/tls.FileOrContent" {
 		return "string"
 	}
-	if typ.String() == "[]github.com/traefik/traefik/v2/pkg/tls.FileOrContent" {
+	if typ.String() == "[]github.com/traefik/traefik/v3/pkg/tls.FileOrContent" {
 		return "[]string"
 	}
@@ -103,8 +103,8 @@ func cleanType(typ types.Type, base string) string {
 		return strings.ReplaceAll(typ.String(), base+".", "")
 	}
-	if strings.Contains(typ.String(), "github.com/traefik/traefik/v2/pkg/") {
+	if strings.Contains(typ.String(), "github.com/traefik/traefik/v3/pkg/") {
-		return strings.ReplaceAll(typ.String(), "github.com/traefik/traefik/v2/pkg/", "")
+		return strings.ReplaceAll(typ.String(), "github.com/traefik/traefik/v3/pkg/", "")
 	}
 	return typ.String()
@@ -114,9 +114,9 @@ func cleanPackage(src string) string {
 	switch src {
 	case "github.com/traefik/paerser/types":
 		return ""
-	case "github.com/traefik/traefik/v2/pkg/tls":
+	case "github.com/traefik/traefik/v3/pkg/tls":
 		return path.Join(destModuleName, destPkg, "tls")
-	case "github.com/traefik/traefik/v2/pkg/types":
+	case "github.com/traefik/traefik/v3/pkg/types":
 		return path.Join(destModuleName, destPkg, "types")
 	default:
 		return src
--- a/cmd/traefik/logger.go
+++ b/cmd/traefik/logger.go
@@ -11,8 +11,8 @@ import (
 	"github.com/rs/zerolog"
 	"github.com/rs/zerolog/log"
 	"github.com/sirupsen/logrus"
-	"github.com/traefik/traefik/v2/pkg/config/static"
+	"github.com/traefik/traefik/v3/pkg/config/static"
-	"github.com/traefik/traefik/v2/pkg/logs"
+	"github.com/traefik/traefik/v3/pkg/logs"
 )
 func init() {
--- a/cmd/traefik/plugins.go
+++ b/cmd/traefik/plugins.go
@@ -3,8 +3,8 @@ package main
 import (
 	"fmt"
-	"github.com/traefik/traefik/v2/pkg/config/static"
+	"github.com/traefik/traefik/v3/pkg/config/static"
-	"github.com/traefik/traefik/v2/pkg/plugins"
+	"github.com/traefik/traefik/v3/pkg/plugins"
 )
 const outputDir = "./plugins-storage/"
@@ -35,12 +35,12 @@ func initPlugins(staticCfg *static.Configuration) (*plugins.Client, map[string]p
 		var err error
 		client, err = plugins.NewClient(opts)
 		if err != nil {
-			return nil, nil, nil, err
+			return nil, nil, nil, fmt.Errorf("unable to create plugins client: %w", err)
 		}
 		err = plugins.SetupRemotePlugins(client, staticCfg.Experimental.Plugins)
 		if err != nil {
-			return nil, nil, nil, err
+			return nil, nil, nil, fmt.Errorf("unable to set up plugins environment: %w", err)
 		}
 		plgs = staticCfg.Experimental.Plugins
--- a/cmd/traefik/traefik.go
+++ b/cmd/traefik/traefik.go
@@ -21,31 +21,31 @@ import (
 	"github.com/sirupsen/logrus"
 	"github.com/spiffe/go-spiffe/v2/workloadapi"
 	"github.com/traefik/paerser/cli"
-	"github.com/traefik/traefik/v2/cmd"
+	"github.com/traefik/traefik/v3/cmd"
-	"github.com/traefik/traefik/v2/cmd/healthcheck"
+	"github.com/traefik/traefik/v3/cmd/healthcheck"
-	cmdVersion "github.com/traefik/traefik/v2/cmd/version"
+	cmdVersion "github.com/traefik/traefik/v3/cmd/version"
-	tcli "github.com/traefik/traefik/v2/pkg/cli"
+	tcli "github.com/traefik/traefik/v3/pkg/cli"
-	"github.com/traefik/traefik/v2/pkg/collector"
+	"github.com/traefik/traefik/v3/pkg/collector"
-	"github.com/traefik/traefik/v2/pkg/config/dynamic"
+	"github.com/traefik/traefik/v3/pkg/config/dynamic"
-	"github.com/traefik/traefik/v2/pkg/config/runtime"
+	"github.com/traefik/traefik/v3/pkg/config/runtime"
-	"github.com/traefik/traefik/v2/pkg/config/static"
+	"github.com/traefik/traefik/v3/pkg/config/static"
-	"github.com/traefik/traefik/v2/pkg/logs"
+	"github.com/traefik/traefik/v3/pkg/logs"
-	"github.com/traefik/traefik/v2/pkg/metrics"
+	"github.com/traefik/traefik/v3/pkg/metrics"
-	"github.com/traefik/traefik/v2/pkg/middlewares/accesslog"
+	"github.com/traefik/traefik/v3/pkg/middlewares/accesslog"
-	"github.com/traefik/traefik/v2/pkg/provider/acme"
+	"github.com/traefik/traefik/v3/pkg/provider/acme"
-	"github.com/traefik/traefik/v2/pkg/provider/aggregator"
+	"github.com/traefik/traefik/v3/pkg/provider/aggregator"
-	"github.com/traefik/traefik/v2/pkg/provider/hub"
+	"github.com/traefik/traefik/v3/pkg/provider/tailscale"
-	"github.com/traefik/traefik/v2/pkg/provider/tailscale"
+	"github.com/traefik/traefik/v3/pkg/provider/traefik"
-	"github.com/traefik/traefik/v2/pkg/provider/traefik"
+	"github.com/traefik/traefik/v3/pkg/safe"
-	"github.com/traefik/traefik/v2/pkg/safe"
+	"github.com/traefik/traefik/v3/pkg/server"
-	"github.com/traefik/traefik/v2/pkg/server"
+	"github.com/traefik/traefik/v3/pkg/server/middleware"
-	"github.com/traefik/traefik/v2/pkg/server/middleware"
+	"github.com/traefik/traefik/v3/pkg/server/service"
-	"github.com/traefik/traefik/v2/pkg/server/service"
+	"github.com/traefik/traefik/v3/pkg/tcp"
-	traefiktls "github.com/traefik/traefik/v2/pkg/tls"
+	traefiktls "github.com/traefik/traefik/v3/pkg/tls"
-	"github.com/traefik/traefik/v2/pkg/tracing"
+	"github.com/traefik/traefik/v3/pkg/tracing"
-	"github.com/traefik/traefik/v2/pkg/tracing/jaeger"
+	"github.com/traefik/traefik/v3/pkg/tracing/jaeger"
-	"github.com/traefik/traefik/v2/pkg/types"
+	"github.com/traefik/traefik/v3/pkg/types"
-	"github.com/traefik/traefik/v2/pkg/version"
+	"github.com/traefik/traefik/v3/pkg/version"
 )
 func main() {
@@ -79,7 +79,7 @@ Complete documentation is available at https://traefik.io`,
 	err = cli.Execute(cmdTraefik)
 	if err != nil {
-		stdlog.Println(err)
+		log.Error().Err(err).Msg("Command error")
 		logrus.Exit(1)
 	}
@@ -192,9 +192,14 @@ func setupServer(staticConfiguration *static.Configuration) (*server.Server, err
 	tsProviders := initTailscaleProviders(staticConfiguration, &providerAggregator)
 	// Metrics
 	metricRegistries := registerMetricClients(staticConfiguration.Metrics)
 	metricsRegistry := metrics.NewMultiRegistry(metricRegistries)
 	// Entrypoints
-	serverEntryPointsTCP, err := server.NewTCPEntryPoints(staticConfiguration.EntryPoints, staticConfiguration.HostResolver)
+	serverEntryPointsTCP, err := server.NewTCPEntryPoints(staticConfiguration.EntryPoints, staticConfiguration.HostResolver, metricsRegistry)
 	if err != nil {
 		return nil, err
 	}
@@ -229,24 +234,6 @@ func setupServer(staticConfiguration *static.Configuration) (*server.Server, err
 		}
 	}
 	// Traefik Hub
 	if staticConfiguration.Hub != nil {
 		if err = providerAggregator.AddProvider(staticConfiguration.Hub); err != nil {
 			return nil, fmt.Errorf("adding Traefik Hub provider: %w", err)
 		}
 		// API is mandatory for Traefik Hub to access the dynamic configuration.
 		if staticConfiguration.API == nil {
 			staticConfiguration.API = &static.API{}
 		}
 	}
 	// Metrics
 	metricRegistries := registerMetricClients(staticConfiguration.Metrics)
 	metricsRegistry := metrics.NewMultiRegistry(metricRegistries)
 	// Service manager factory
 	var spiffeX509Source *workloadapi.X509Source
@@ -269,6 +256,7 @@ func setupServer(staticConfiguration *static.Configuration) (*server.Server, err
 	}
 	roundTripperManager := service.NewRoundTripperManager(spiffeX509Source)
 	dialerManager := tcp.NewDialerManager(spiffeX509Source)
 	acmeHTTPHandler := getHTTPChallengeHandler(acmeProviders, httpChallengeProvider)
 	managerFactory := service.NewManagerFactory(*staticConfiguration, routinesPool, metricsRegistry, roundTripperManager, acmeHTTPHandler)
@@ -278,7 +266,7 @@ func setupServer(staticConfiguration *static.Configuration) (*server.Server, err
 	tracer := setupTracing(staticConfiguration.Tracing)
 	chainBuilder := middleware.NewChainBuilder(metricsRegistry, accessLog, tracer)
-	routerFactory := server.NewRouterFactory(*staticConfiguration, managerFactory, tlsManager, chainBuilder, pluginBuilder, metricsRegistry)
+	routerFactory := server.NewRouterFactory(*staticConfiguration, managerFactory, tlsManager, chainBuilder, pluginBuilder, metricsRegistry, dialerManager)
 	// Watcher
@@ -295,7 +283,7 @@ func setupServer(staticConfiguration *static.Configuration) (*server.Server, err
 		tlsManager.UpdateConfigs(ctx, conf.TLS.Stores, conf.TLS.Options, conf.TLS.Certificates)
 		gauge := metricsRegistry.TLSCertsNotAfterTimestampGauge()
-		for _, certificate := range tlsManager.GetCertificates() {
+		for _, certificate := range tlsManager.GetServerCertificates() {
 			appendCertMetric(gauge, certificate)
 		}
 	})
@@ -309,13 +297,14 @@ func setupServer(staticConfiguration *static.Configuration) (*server.Server, err
 	// Server Transports
 	watcher.AddListener(func(conf dynamic.Configuration) {
 		roundTripperManager.Update(conf.HTTP.ServersTransports)
 		dialerManager.Update(conf.TCP.ServersTransports)
 	})
 	// Switch router
 	watcher.AddListener(switchRouter(routerFactory, serverEntryPointsTCP, serverEntryPointsUDP))
 	// Metrics
-	if metricsRegistry.IsEpEnabled() || metricsRegistry.IsSvcEnabled() {
+	if metricsRegistry.IsEpEnabled() || metricsRegistry.IsRouterEnabled() || metricsRegistry.IsSvcEnabled() {
 		var eps []string
 		for key := range serverEntryPointsTCP {
 			eps = append(eps, key)
@@ -351,10 +340,7 @@ func setupServer(staticConfiguration *static.Configuration) (*server.Server, err
 				continue
 			}
-			if _, ok := resolverNames[rt.TLS.CertResolver]; !ok &&
+			if _, ok := resolverNames[rt.TLS.CertResolver]; !ok {
 				// "traefik-hub" is an allowed certificate resolver name in a Traefik Hub Experimental feature context.
 				// It is used to activate its own certificate resolution, even though it is not a "classical" traefik certificate resolver.
 				(staticConfiguration.Hub == nil || rt.TLS.CertResolver != "traefik-hub") {
 				log.Error().Err(err).Str(logs.RouterName, rtName).Str("certificateResolver", rt.TLS.CertResolver).
 					Msg("Router uses a non-existent certificate resolver")
 			}
@@ -394,11 +380,6 @@ func getDefaultsEntrypoints(staticConfiguration *static.Configuration) []string
 			continue
 		}
 		// Traefik Hub entryPoint should not be used as a default entryPoint.
 		if hub.APIEntrypoint == name || hub.TunnelEntrypoint == name {
 			continue
 		}
 		protocol, err := cfg.GetProtocol()
 		if err != nil {
 			// Should never happen because Traefik should not start if protocol is invalid.
@@ -520,16 +501,6 @@ func registerMetricClients(metricsConfig *types.Metrics) []metrics.Registry {
 			Msg("Configured StatsD metrics")
 	}
 	if metricsConfig.InfluxDB != nil {
 		logger := log.With().Str(logs.MetricsProviderName, "influxdb").Logger()
 		registries = append(registries, metrics.RegisterInfluxDB(logger.WithContext(context.Background()), metricsConfig.InfluxDB))
 		logger.Debug().
 			Str("address", metricsConfig.InfluxDB.Address).
 			Str("pushInterval", metricsConfig.InfluxDB.PushInterval.String()).
 			Msg("Configured InfluxDB metrics")
 	}
 	if metricsConfig.InfluxDB2 != nil {
 		logger := log.With().Str(logs.MetricsProviderName, "influxdb2").Logger()
--- a/cmd/traefik/traefik_test.go
+++ b/cmd/traefik/traefik_test.go
@@ -9,7 +9,7 @@ import (
 	"github.com/go-kit/kit/metrics"
 	"github.com/stretchr/testify/assert"
 	"github.com/stretchr/testify/require"
-	"github.com/traefik/traefik/v2/pkg/config/static"
+	"github.com/traefik/traefik/v3/pkg/config/static"
 )
 // FooCert is a PEM-encoded TLS cert.
--- a/cmd/version/version.go
+++ b/cmd/version/version.go
@@ -8,7 +8,7 @@ import (
 	"text/template"
 	"github.com/traefik/paerser/cli"
-	"github.com/traefik/traefik/v2/pkg/version"
+	"github.com/traefik/traefik/v3/pkg/version"
 )
 var versionTemplate = `Version:      {{.Version}}
--- a/contrib/grafana/traefik-kubernetes.json
+++ b/contrib/grafana/traefik-kubernetes.json
--- a/contrib/grafana/traefik.json
+++ b/contrib/grafana/traefik.json
@@ -15,7 +15,7 @@
      "type": "grafana",
      "id": "grafana",
      "name": "Grafana",
-      "version": "9.2.2"
+      "version": "9.3.1"
    },
    {
      "type": "panel",
@@ -64,8 +64,10 @@
      }
    ]
  },
-  "editable": true,
+  "description": "Official dashboard for Standalone Traefik",
  "editable": false,
  "fiscalYearStartMonth": 0,
  "gnetId": 17346,
  "graphTooltip": 0,
  "id": null,
  "links": [],
@@ -133,7 +135,7 @@
        },
        "textMode": "auto"
      },
-      "pluginVersion": "9.2.2",
+      "pluginVersion": "9.3.1",
      "targets": [
        {
          "datasource": {
@@ -470,7 +472,7 @@
              }
            ]
          },
-          "unit": "ms"
+          "unit": "s"
        },
        "overrides": []
      },
@@ -669,8 +671,7 @@
                "mode": "absolute",
                "steps": [
                  {
-                    "color": "green",
+                    "color": "green"
                    "value": null
                  }
                ]
              },
@@ -764,8 +765,7 @@
                "mode": "absolute",
                "steps": [
                  {
-                    "color": "green",
+                    "color": "green"
                    "value": null
                  }
                ]
              },
@@ -873,8 +873,7 @@
                "mode": "absolute",
                "steps": [
                  {
-                    "color": "green",
+                    "color": "green"
                    "value": null
                  },
                  {
                    "color": "red",
@@ -887,10 +886,10 @@
            "overrides": []
          },
          "gridPos": {
-            "h": 8,
+            "h": 12,
-            "w": 12,
+            "w": 8,
            "x": 0,
-            "y": 27
+            "y": 19
          },
          "id": 17,
          "options": {
@@ -900,7 +899,7 @@
                "max"
              ],
              "displayMode": "table",
-              "placement": "right",
+              "placement": "bottom",
              "showLegend": true,
              "sortBy": "Mean",
              "sortDesc": true
@@ -973,8 +972,7 @@
                "mode": "absolute",
                "steps": [
                  {
-                    "color": "green",
+                    "color": "green"
                    "value": null
                  },
                  {
                    "color": "red",
@@ -987,10 +985,10 @@
            "overrides": []
          },
          "gridPos": {
-            "h": 8,
+            "h": 12,
-            "w": 12,
+            "w": 8,
-            "x": 12,
+            "x": 8,
-            "y": 27
+            "y": 19
          },
          "id": 18,
          "options": {
@@ -1000,7 +998,7 @@
                "max"
              ],
              "displayMode": "table",
-              "placement": "right",
+              "placement": "bottom",
              "showLegend": true,
              "sortBy": "Mean",
              "sortDesc": true
@@ -1073,8 +1071,7 @@
                "mode": "absolute",
                "steps": [
                  {
-                    "color": "green",
+                    "color": "green"
                    "value": null
                  },
                  {
                    "color": "red",
@@ -1087,10 +1084,10 @@
            "overrides": []
          },
          "gridPos": {
-            "h": 8,
+            "h": 12,
-            "w": 12,
+            "w": 8,
-            "x": 0,
+            "x": 16,
-            "y": 35
+            "y": 19
          },
          "id": 19,
          "options": {
@@ -1100,7 +1097,7 @@
                "max"
              ],
              "displayMode": "table",
-              "placement": "right",
+              "placement": "bottom",
              "showLegend": true,
              "sortBy": "Mean",
              "sortDesc": true
@@ -1173,8 +1170,7 @@
                "mode": "absolute",
                "steps": [
                  {
-                    "color": "green",
+                    "color": "green"
                    "value": null
                  },
                  {
                    "color": "red",
@@ -1189,8 +1185,8 @@
          "gridPos": {
            "h": 8,
            "w": 12,
-            "x": 12,
+            "x": 0,
-            "y": 35
+            "y": 31
          },
          "id": 20,
          "options": {
@@ -1240,6 +1236,7 @@
              "custom": {
                "axisCenteredZero": false,
                "axisColorMode": "text",
                "axisGridShow": true,
                "axisLabel": "",
                "axisPlacement": "auto",
                "barAlignment": 0,
@@ -1272,8 +1269,105 @@
                "mode": "absolute",
                "steps": [
                  {
-                    "color": "green",
+                    "color": "green"
-                    "value": null
+                  },
                  {
                    "color": "red",
                    "value": 80
                  }
                ]
              },
              "unit": "binBps"
            },
            "overrides": []
          },
          "gridPos": {
            "h": 8,
            "w": 12,
            "x": 12,
            "y": 31
          },
          "id": 24,
          "options": {
            "legend": {
              "calcs": [
                "mean",
                "max"
              ],
              "displayMode": "table",
              "placement": "right",
              "showLegend": true,
              "sortBy": "Mean",
              "sortDesc": true
            },
            "tooltip": {
              "mode": "multi",
              "sort": "desc"
            }
          },
          "targets": [
            {
              "datasource": {
                "type": "prometheus",
                "uid": "${DS_PROMETHEUS}"
              },
              "editorMode": "code",
              "expr": "topk(15,\n    label_replace(\n        sum by (service,method) \n          (rate(traefik_service_responses_bytes_total{service=~\"$service.*\",protocol=\"http\"}[1m])) > 0,\n        \"service\", \"$1\", \"service\", \"([^-]+-[^-]+).*\")\n)",
              "legendFormat": "{{method}} on {{service}}",
              "range": true,
              "refId": "A"
            }
          ],
          "title": "Responses Size",
          "type": "timeseries"
        },
        {
          "datasource": {
            "type": "prometheus",
            "uid": "${DS_PROMETHEUS}"
          },
          "description": "",
          "fieldConfig": {
            "defaults": {
              "color": {
                "mode": "palette-classic"
              },
              "custom": {
                "axisCenteredZero": false,
                "axisColorMode": "text",
                "axisLabel": "",
                "axisPlacement": "auto",
                "barAlignment": 0,
                "drawStyle": "line",
                "fillOpacity": 0,
                "gradientMode": "none",
                "hideFrom": {
                  "legend": false,
                  "tooltip": false,
                  "viz": false
                },
                "lineInterpolation": "linear",
                "lineWidth": 1,
                "pointSize": 5,
                "scaleDistribution": {
                  "type": "linear"
                },
                "showPoints": "auto",
                "spanNulls": false,
                "stacking": {
                  "group": "A",
                  "mode": "none"
                },
                "thresholdsStyle": {
                  "mode": "off"
                }
              },
              "mappings": [],
              "thresholds": {
                "mode": "absolute",
                "steps": [
                  {
                    "color": "green"
                  },
                  {
                    "color": "red",
@@ -1289,7 +1383,7 @@
            "h": 8,
            "w": 12,
            "x": 0,
-            "y": 43
+            "y": 39
          },
          "id": 2,
          "options": {
@@ -1371,8 +1465,7 @@
                "mode": "absolute",
                "steps": [
                  {
-                    "color": "green",
+                    "color": "green"
                    "value": null
                  },
                  {
                    "color": "red",
@@ -1388,7 +1481,7 @@
            "h": 8,
            "w": 12,
            "x": 12,
-            "y": 43
+            "y": 39
          },
          "id": 21,
          "options": {
@@ -1444,7 +1537,8 @@
        "hide": 0,
        "includeAll": false,
        "multi": false,
-        "name": "datasource",
+        "name": "DS_PROMETHEUS",
        "label": "datasource",
        "options": [],
        "query": "prometheus",
        "refresh": 1,
@@ -1491,7 +1585,7 @@
          "refId": "StandardVariableQuery"
        },
        "refresh": 2,
-        "regex": "/([^-]+-[^-]+).*/",
+        "regex": "",
        "skipUrlSync": false,
        "sort": 1,
        "type": "query"
@@ -1505,7 +1599,7 @@
  "timepicker": {},
  "timezone": "",
  "title": "Traefik Official Standalone Dashboard",
-  "uid": "n5bu_kv4k",
+  "uid": "n5bu_kv45",
-  "version": 3,
+  "version": 6,
  "weekStart": ""
 }
--- a/docs/content/assets/img/traefik.logo-dark.png
+++ b/docs/content/assets/img/traefik.logo-dark.png
--- a/docs/content/contributing/advocating.md
+++ b/docs/content/contributing/advocating.md
@@ -9,7 +9,7 @@ Spread the Love & Tell Us about It
 {: .subtitle }
 Traefik Proxy was started by the community for the community.
-You can contribute to the Traefik community in three main ways: 
+You can contribute to the Traefik community in three main ways:
 **Spread the word!** Guides, videos, blog posts, how-to articles, and showing off your network design all help spread the word about Traefik Proxy
 and teach others in the community how to best implement it.
@@ -28,4 +28,4 @@ Luckily, as an open source community, our users can help by [building awesome fe
 We are a big community, so we do need to prioritize a bit.
 That is why we use the tag `contributor/wanted` to let you know which pull requests will make it to the front of the queue for design support and review.
 Feel free to grab one of these and run with it.
-Top contributors get unique swag to celebrate. 
+Top contributors get unique swag to celebrate.
--- a/docs/content/contributing/data-collection.md
+++ b/docs/content/contributing/data-collection.md
@@ -10,8 +10,8 @@ Understanding How Traefik is Being Used
 ## Configuration Example
-Understanding how you use Traefik is very important to us: it helps us improve the solution in many different ways.  
+Understanding how you use Traefik is very important to us: it helps us improve the solution in many different ways.
-For this very reason, the sendAnonymousUsage option is mandatory: we want you to take time to consider whether or not you wish to share anonymous data with us so we can benefit from your experience and use cases.
+For this very reason, the sendAnonymousUsage option is mandatory: we want you to take time to consider whether or not you wish to share anonymous data with us, so we can benefit from your experience and use cases.
 !!! example "Enabling Data Collection"
@@ -34,9 +34,7 @@ For this very reason, the sendAnonymousUsage option is mandatory: we want you to
 ## Collected Data
-This feature comes from the public proposal [here](https://github.com/traefik/traefik/issues/2369).
+This feature comes from this [public proposal](https://github.com/traefik/traefik/issues/2369).
 This feature is activated when using Traefik Pilot to better understand the community's need, and also to get information about plug-ins popularity.
 In order to help us learn more about how Traefik is being used and improve it, we collect anonymous usage statistics from running instances.
 Those data help us prioritize our developments and focus on what's important for our users (for example, which provider is popular, and which is not).
@@ -47,7 +45,7 @@ Once a day (the first call begins 10 minutes after the start of Traefik), we col
 - the Traefik version number
 - a hash of the configuration
- an **anonymized version** of the static configuration (token, user name, password, URL, IP, domain, email, etc, are removed).
+- an **anonymized version** of the static configuration (token, username, password, URL, IP, domain, email, etc., are removed).
 !!! info
@@ -68,7 +66,6 @@ providers:
  docker:
    endpoint: "tcp://10.10.10.10:2375"
    exposedByDefault: true
    swarmMode: true
    tls:
      ca: dockerCA
@@ -88,7 +85,6 @@ providers:
  docker:
    endpoint: "xxxx"
    exposedByDefault: true
    swarmMode: true
    tls:
      ca: xxxx
@@ -101,4 +97,4 @@ providers:
 If you want to dig into more details, here is the source code of the collecting system: [collector.go](https://github.com/traefik/traefik/blob/master/pkg/collector/collector.go)
-By default we anonymize all configuration fields, except fields tagged with `export=true`.
+By default, we anonymize all configuration fields, except fields tagged with `export=true`.
--- a/docs/content/contributing/maintainers-guidelines.md
+++ b/docs/content/contributing/maintainers-guidelines.md
@@ -11,7 +11,7 @@ Note: the document is a work in progress.
 Welcome to the Traefik Community.
 This document describes how to be part of the core team
-as well as various responsibilities
+together with various responsibilities
 and guidelines for Traefik maintainers.
 We are strongly promoting a philosophy of openness and sharing,
 and firmly standing against the elitist closed approach.
@@ -20,7 +20,7 @@ and wants to be part of that journey!
 ## Onboarding Process
-If you consider joining our community please drop us a line using Twitter or leave a note in the issue.
+If you consider joining our community, please drop us a line using Twitter or leave a note in the issue.
 We will schedule a quick call to meet you and learn more about your motivation.
 During the call, the team will discuss the process of becoming a maintainer.
 We will be happy to answer any questions and explain all your doubts.
@@ -53,7 +53,7 @@ but we can suggest you start with activities such as:
      Each of the issues that are labeled as bug/possible bug/confirmed requires a reproducible use case. 
      You can help in creating a reproducible use case if it has not been added to the issue
      or use the sample code provided by the reporter.
-      Typically, a simple docker compose should be enough to reproduce the issue.
+      Typically, a simple Docker Compose should be enough to reproduce the issue.
 - Code contribution.
 - Documentation contribution.
    - Technical documentation is one of the most important components of the product.
@@ -61,7 +61,7 @@ but we can suggest you start with activities such as:
      using the official documentation,
      is a game changer.
 - You will be listed on our Maintainers GitHub page
-  as well as on our website in the section [maintainers](maintainers.md).
+  and on our website in the section [maintainers](maintainers.md).
 - We will be promoting you on social channels (mostly on Twitter).
 ## Governance
@@ -71,7 +71,7 @@ but we can suggest you start with activities such as:
 ## Communicating
 - All of our maintainers are added to Slack #traefik-maintainers channel that belongs to Traefik labs workspace.
-  Having the team in one place helps us to communicate effectively. 
+  Having the team in one place helps us to communicate effectively.
  You can reach Traefik core developers directly,
  which offers the possibility to discuss issues, pull requests, enhancements more efficiently
  and get the feedback almost immediately.
@@ -112,9 +112,9 @@ maintainers' activity and involvement will be reviewed on a regular basis.
 - Be able to put yourself in users’ shoes.
 - Be open-minded and respectful with other maintainers and other community members.
- Keep the communication public - 
+- Keep the communication public -
  if anyone tries to communicate with you directly,
-  ask him politely to move the conversation to a public communication channel.
+  ask politely to move the conversation to a public communication channel.
 - Stay away from defensive comments.
 - Please try to express your thoughts clearly enough
  and note that some of us are not native English speakers.
@@ -122,7 +122,7 @@ maintainers' activity and involvement will be reviewed on a regular basis.
  none of us is able to predict your thoughts.
 - There are a lot of use cases of using Traefik
  and even more issues that are difficult to reproduce.
-  If the issue can’t be replicated due to a lack of reproducible case (a simple docker compose should be enough) - 
+  If the issue can’t be replicated due to a lack of reproducible case (a simple Docker Compose should be enough) -
  set your time limits while working on the issue
  and express clearly that you were not able to replicate it.
  You can come back later to that case.
--- a/docs/content/contributing/maintainers.md
+++ b/docs/content/contributing/maintainers.md
@@ -107,7 +107,6 @@ The `status/*` labels represent the desired state in the workflow.
 * `area/provider/kv`: KV related.
 * `area/provider/marathon`: Marathon related.
 * `area/provider/mesos`: Mesos related.
 * `area/provider/rancher`: Rancher related.
 * `area/provider/servicefabric`: Azure service fabric related.
 * `area/provider/zk`: Zoo Keeper related.
 * `area/rules`: Rules related.
--- a/docs/content/contributing/submitting-issues.md
+++ b/docs/content/contributing/submitting-issues.md
@@ -9,10 +9,10 @@ Help Us Help You!
 {: .subtitle }
 Issues are perfect for requesting a feature/enhancement or reporting a suspected bug.
-We use the [GitHub issue tracker](https://github.com/traefik/traefik/issues) to keep track of issues in Traefik. 
+We use the [GitHub issue tracker](https://github.com/traefik/traefik/issues) to keep track of issues in Traefik.
 The process of sorting and checking the issues is a daunting task, and requires a lot of work (more than an hour a day ... just for sorting).
-To help us (and other community members) quickly and easily understand what you need,
+To help us (and other community members) quickly and effortlessly understand what you need,
 be sure to follow the guidelines below.
 !!! important "Getting Help Vs Reporting an Issue"
@@ -33,16 +33,17 @@ Examples:
 ## Feature Request
-Traefik is an open source project and aims to be the best edge router possible. 
+Traefik is an open source project and aims to be the best edge router possible.
 Remember when asking for new features that these must be useful to the majority (and not only useful in edge case scenarios, or hack-like setups).
 Follow the [issue template](https://github.com/traefik/traefik/blob/master/.github/ISSUE_TEMPLATE/feature-request.yml) as much as possible.
 Do your best to explain what you're looking for, and why it would improve Traefik for everyone.
 Be detailed and share the use-case(s) to allow us to see the value of your feature request as quickly as possible.
 Features with a lot of positive interaction (claps, +1s, conversation about how this would impact them) indicate higher community interest and help us to prioritize.  
-If you are interested in creating a PR for your feature request, let us know in the the issue so we can work with you.  
+Features with a lot of positive interaction (claps, +1s, conversation about how this would impact them) indicate higher community interest and help us to prioritize.
 If you are interested in creating a PR for your feature request, let us know in the issue, so we can work with you.
 It can take a lot of work to make sure a PR can integrate with our existing code and planning with the team ahead of time can make sure that your PR can be accepted and merged quickly.
 ## Issues or Possible Bug Reports
@@ -50,13 +51,13 @@ It can take a lot of work to make sure a PR can integrate with our existing code
 Follow the [issue template](https://github.com/traefik/traefik/blob/master/.github/ISSUE_TEMPLATE/bug_report.yml) as much as possible.
 Explain the conditions in which you encountered the issue; what is your context?
-Share any logs you may have and make sure to share the steps it takes to reproduce your issue or bug. 
+Share any logs you may have, and make sure to share the steps it takes to reproduce your issue or bug.
 Remain as clear and concise as possible.
-Take time to polish the format of your message so we'll enjoy reading it and working on it. 
+Take time to polish the format of your message, so we'll enjoy reading it and working on it.
 Help your readers focus on what matters and help them understand the structure of your message (see the [GitHub Markdown Syntax](https://docs.github.com/en/get-started/writing-on-github)).
 ## International English
-Every maintainer / Traefik user is not a native English speaker, so if you feel sometimes that some messages sound rude, remember that it probably is a language barrier problem from someone willing to help you.
+Every maintainer / Traefik user is not a native English speaker, so if you sometimes feel that some messages sound rude, remember that it probably is a language barrier problem from someone willing to help you.
--- a/docs/content/contributing/submitting-pull-requests.md
+++ b/docs/content/contributing/submitting-pull-requests.md
@@ -5,22 +5,22 @@ description: "Looking to contribute to Traefik Proxy? This guide will show you t
 # Before You Submit a Pull Request
-This guide is for contributors who already have a pull request to submit. 
+This guide is for contributors who already have a pull request to submit.
-If you are looking for information on setting up your developer environment 
+If you are looking for information on setting up your developer environment
-and creating code to contribute to Traefik Proxy or related projects, 
+and creating code to contribute to Traefik Proxy or related projects,
 see the [development guide](https://docs.traefik.io/contributing/building-testing/).
-Looking for a way to contribute to Traefik Proxy? 
+Looking for a way to contribute to Traefik Proxy?
-Check out this list of [Priority Issues](https://github.com/traefik/traefik/labels/contributor%2Fwanted), 
+Check out this list of [Priority Issues](https://github.com/traefik/traefik/labels/contributor%2Fwanted),
-the [Good First Issue](https://github.com/traefik/traefik/labels/contributor%2Fgood-first-issue) list, 
+the [Good First Issue](https://github.com/traefik/traefik/labels/contributor%2Fgood-first-issue) list,
 or the list of [confirmed bugs](https://github.com/traefik/traefik/labels/kind%2Fbug%2Fconfirmed) waiting to be remedied.
 ## How We Prioritize
-We wish we could review every pull request right away. 
+We wish we could review every pull request right away.
-Unfortunately, our team has to prioritize pull requests (PRs) for review 
+Unfortunately, our team has to prioritize pull requests (PRs) for review
-(but we are welcoming new [maintainers](https://github.com/traefik/traefik/blob/master/docs/content/contributing/maintainers-guidelines.md) to speed this up, 
+(but we are welcoming new [maintainers](https://github.com/traefik/traefik/blob/master/docs/content/contributing/maintainers-guidelines.md) to speed this up,
-so if you are interested, check it out and apply). 
+if you are interested, check it out and apply).
 The PRs we are able to handle fastest are:
@@ -30,20 +30,20 @@ The PRs we are able to handle fastest are:
 PRs that take more time to address include:
-* Enhancements or Features without the `contributor/wanted` tag.  
+* Enhancements or Features without the `contributor/wanted` tag.
-  
+
-If you have an idea for an enhancement or feature that you would like to build, 
+If you have an idea for an enhancement or feature that you would like to build,
-[create an issue](https://github.com/traefik/traefik/issues/new/choose) for it first 
+[create an issue](https://github.com/traefik/traefik/issues/new/choose) for it first
-and tell us you are interested in writing the PR. 
+and tell us you are interested in writing the PR.
-If an issue already exists, definitely comment on it to tell us you are interested in creating a PR. 
+If an issue already exists, definitely comment on it to tell us you are interested in creating a PR.
 This will allow us to communicate directly and let you know if it is something we would accept.
 It also allows us to make sure you have all the information you need during the design phase
 so that it can be reviewed and merged quickly.
 Read more about the [Triage process](https://github.com/traefik/contributors-guide/blob/master/issue_triage.md) in the docs.
 This will allow us to communicate directly and let you know if it is something we would accept. 
 It also allows us to make sure you have all the information you need during the design phase 
 so that it can be reviewed and merged quickly. 
 If you have questions about the Triage process,
 [read more here](https://github.com/traefik/contributors-guide/blob/master/issue_triage.md).  
 ## The Pull Request Submit Process
 Merging a PR requires the following steps to be completed before it is merged automatically.
@@ -56,14 +56,15 @@ Merging a PR requires the following steps to be completed before it is merged au
    * Do not open the PR from an organization repository.
    * Keep "allows edit from maintainer" checked.
    * Use semantic line breaks for documentation.
    * Ensure your PR is not a draft. We do not review drafts, but do answer questions and confer with developers on them as needed.
 * Pass the validation check.
 * Pass all tests.
 * Receive 3 approving reviews maintainers.
 ## Pull Request Review Cycle
-You can read about our Triage Process [here](https://github.com/traefik/contributors-guide/blob/master/issue_triage.md), 
+Learn about our [Triage Process](https://github.com/traefik/contributors-guide/blob/master/issue_triage.md),
-but in short, it looks like this:
+in short, it looks like this:
 * We triage every new PR or comment before entering it into the review process.
    * We ensure that all prerequisites for review have been met.
@@ -75,20 +76,20 @@ but in short, it looks like this:
 * Code Review.
    * We review the code in-depth and run tests.
    * We may ask for changes here.
-    * During code review, we ask that you be reasonably responsive, 
+    * During code review, we ask that you be reasonably responsive,
-      if a PR languishes in code review it is at risk of rejection, 
+      if a PR languishes in code review it is at risk of rejection,
      or we may take ownership of the PR and the contributor will become a co-author.
-* Merge. 
+* Merge.
    * Success!
 !!! note
-    Occasionally, we may freeze our codebase when working towards a specific feature or goal that could impact other development. 
+    Occasionally, we may freeze our codebase when working towards a specific feature or goal that could impact other development.
    During this time, your pull request could remain unmerged while the release work is completed.
 ## Run Local Verifications
-You must run these local verifications before you submit your pull request to predict the pass or failure of continuous integration. 
+You must run these local verifications before you submit your pull request to predict the pass or failure of continuous integration.
 Your PR will not be reviewed until these are green on the CI.
 * `make validate`
@@ -97,10 +98,10 @@ Your PR will not be reviewed until these are green on the CI.
 ## The Testing and Merge Workflow
-Pull Requests are managed by the bot [Myrmica Lobicornis](https://github.com/traefik/lobicornis). 
+Pull Requests are managed by the bot [Myrmica Lobicornis](https://github.com/traefik/lobicornis).
-This bot is responsible for verifying GitHub Checks (CI, Tests, etc), mergability, and minimum reviews. 
+This bot is responsible for verifying GitHub Checks (CI, Tests, etc), mergability, and minimum reviews.
-In addition, it rebases or merges with the base PR branch if needed. 
+In addition, it rebases or merges with the base PR branch if needed.
-It performs several other housekeeping items 
+It performs several other housekeeping items
 and you can read more about those on the [README](https://github.com/traefik/lobicornis) for Lobicornis.
 The maintainer giving the final LGTM must add the `status/3-needs-merge` label to trigger the merge bot.
@@ -109,7 +110,7 @@ By default, a squash-rebase merge will be carried out.
 The status `status/4-merge-in-progress` is only used by the bot.
-If the bot is not able to perform the merge, the label `bot/need-human-merge` is added. 
+If the bot is not able to perform the merge, the label `bot/need-human-merge` is added.
 In such a situation, solve the conflicts/CI/... and then remove the label `bot/need-human-merge`.
 To prevent the bot from automatically merging a PR, add the label `bot/no-merge`.
@@ -125,23 +126,23 @@ This label can be used when:
 ## Why Was My Pull Request Closed?
-Traefik Proxy is made by the community for the community, 
+Traefik Proxy is made by the community for the community,
-as such the goal is to engage the community to make Traefik the best reverse proxy available. 
+as such the goal is to engage the community to make Traefik the best reverse proxy available.
-Part of this goal is maintaining a lean codebase and ensuring code velocity. 
+Part of this goal is maintaining a lean codebase and ensuring code velocity.
 unfortunately, this means that sometimes we will not be able to merge a pull request.
-Because we respect the work you did, you will always be told why we are closing your pull request. 
+Because we respect the work you did, you will always be told why we are closing your pull request.
-If you do not agree with our decision, do not worry; closed pull requests are easy to recreate, 
+If you do not agree with our decision, do not worry; closed pull requests are effortless to recreate,
 and little work is lost by closing a pull request that subsequently needs to be reopened.
 Your pull request might be closed if:
-* Your PR's design conflicts with our existing codebase in such a way that Merging is not an option 
+* Your PR's design conflicts with our existing codebase in such a way that merging is not an option
  and the work needed to make your pull request usable is too high.
    * To prevent this, make sure you created an issue first
      and think about including Traefik Proxy maintainers in your design phase to minimize conflicts.
 * Your PR is for an enhancement or feature that we will not use.
-    * Please remember to create an issue for any pull request **before** you create a PR 
+    * Please remember to create an issue for any pull request **before** you create a PR
      to ensure that your goal is something we can merge and that you have any design insight you might need from the team.
 * Your PR has been waiting for feedback from the contributor for over 90 days.
@@ -149,54 +150,54 @@ Your pull request might be closed if:
 A few factors affect how long your pull request might wait for review.
-We must prioritize which PRs we focus on. 
+We must prioritize which PRs we focus on.
-Our first priority is PRs we have identified as having high community engagement and broad applicability. 
+Our first priority is PRs we have identified as having high community engagement and broad applicability.
-We put our top priorities on our roadmap and you can identify them by the `contributor/wanted` tag. 
+We put our top priorities on our roadmap, and you can identify them by the `contributor/wanted` tag.
-These PRs will enter our review process the fastest. 
+These PRs will enter our review process the fastest.
-Our second priority is bug fixes. 
+Our second priority is bug fixes.
-Especially for bugs that have already been tagged with `bug/confirmed`. 
+Especially for bugs that have already been tagged with `bug/confirmed`.
 These reviews enter the process quickly.
-If your PR does not meet the criteria above, 
+If your PR does not meet the criteria above,
-it will take longer for us to review as any PRs that do meet the criteria above will be prioritized. 
+it will take longer for us to review, as any PRs that do meet the criteria above will be prioritized.
-Additionally, during the last few weeks of a milestone, we stop reviewing PRs to reduce churn and stabilize. 
+Additionally, during the last few weeks of a milestone, we stop reviewing PRs to reduce churn and stabilize.
-We will resume after the release. 
+We will resume after the release.
-The second major reason that we deprioritize your PR is that you are not following best practices. 
+The second major reason that we deprioritize your PR is that you are not following best practices.
 The most common failures to follow best practices are:
-* You did not create an issue for the PR you wish to make. 
+* You did not create an issue for the PR you wish to make.
-  If you do not create an issue before submitting your PR, 
+  If you do not create an issue before submitting your PR,
-  we will not be able to answer any design questions and let you know how likely your PR is to be merged. 
+  we will not be able to answer any design questions and let you know how likely your PR is to be merged.
 * You created pull requests that are too large to review.
    * Break your pull requests up.
-      If you can extract whole ideas from your pull request and send those as pull requests of their own, 
+      If you can extract whole ideas from your pull request and send those as pull requests of their own,
-      you should do that instead. 
+      you should do that instead.
-      It is better to have many pull requests addressing one thing than one pull request addressing many things. 
+      It is better to have many pull requests addressing one thing than one pull request addressing many things.
-    * Traefik Proxy is a fast-moving codebase — lock in your changes ASAP with your small pull request, 
+    * Traefik Proxy is a fast-moving codebase — lock in your changes ASAP with your small pull request,
      and make merges be someone else's problem.
-      We want every pull request to be useful on its own, 
+      We want every pull request to be useful on its own,
      so use your best judgment on what should be a pull request vs. a commit.
 * You did not comment well.
    * Comment everything.
-Please remember that we are working internationally, cross-culturally, and with different use-cases. 
+Please remember that we are working internationally, cross-culturally, and with different use-cases.
 Your reviewer will not intuitively understand the problem the same way you do or solve it the same way you would.
-This is why every change you make must be explained and your strategy for coding must also be explained.   
+This is why every change you make must be explained, and your strategy for coding must also be explained.
 * Your tests were inadequate or absent.
-    * If you do not know how to test your PR, please ask! 
+    * If you do not know how to test your PR, please ask!
      We will be happy to help you or suggest appropriate test cases.
-If you have already followed the best practices and your PR still has not received a response, 
+If you have already followed the best practices and your PR still has not received a response,
 here are some things you can do to move the process along:
-* If you have fixed all the issues from a review, 
+* If you have fixed all the issues from a review,
-  remember to re-request a review (using the designated button) to let your reviewer know that you are ready. 
+  remember to re-request a review (using the designated button) to let your reviewer know that you are ready.
-  You can choose to comment with the changes you made. 
+  You can choose to comment with the changes you made.
 * Ping `@tfny` if you have not been assigned to a reviewer.
 For more information on best practices, try these links:
@@ -208,23 +209,23 @@ For more information on best practices, try these links:
 ## It's OK to Push Back
-Sometimes reviewers make mistakes. 
+Sometimes reviewers make mistakes.
-It is OK to push back on changes your reviewer requested. 
+It is OK to push back on changes your reviewer requested.
 If you have a good reason for doing something a certain way, you are absolutely allowed to debate the merits of a requested change.
 Both the reviewer and reviewee should strive to discuss these issues in a polite and respectful manner.
-You might be overruled, but you might also prevail. 
+You might be overruled, but you might also prevail.
 We are pretty reasonable people.
 Another phenomenon of open-source projects (where anyone can comment on any issue) is the dog-pile -
-your pull request gets so many comments from so many people it becomes hard to follow. 
+your pull request gets so many comments from so many people it becomes hard to follow.
-In this situation, you can ask the primary reviewer (assignee) whether they want you to fork a new pull request 
+In this situation, you can ask the primary reviewer (assignee) whether they want you to fork a new pull request
-to clear out all the comments. 
+to clear out all the comments.
-You do not have to fix every issue raised by every person who feels like commenting, 
+You do not have to fix every issue raised by every person who feels like commenting,
 but you should answer reasonable comments with an explanation.
 ## Common Sense and Courtesy
-No document can take the place of common sense and good taste. 
+No document can take the place of common sense and good taste.
-Use your best judgment, while you put a bit of thought into how your work can be made easier to review. 
+Use your best judgment, while you put a bit of thought into how your work can be made easier to review.
-If you do these things your pull requests will get merged with less friction.
+If you do these things, your pull requests will get merged with less friction.
--- a/docs/content/contributing/submitting-security-issues.md
+++ b/docs/content/contributing/submitting-security-issues.md
@@ -12,7 +12,7 @@ You can subscribe sending a mail to security+subscribe@traefik.io or on [the onl
 ## CVE
-Reported vulnerabilities can be found on 
+Reported vulnerabilities can be found on
 [cve.mitre.org](https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=traefik).
 ## Report a Vulnerability
--- a/docs/content/deprecation/features.md
+++ b/docs/content/deprecation/features.md
@@ -2,4 +2,22 @@
 This page is maintained and updated periodically to reflect our roadmap and any decisions around feature deprecation.
-There is no feature deprecation in Traefik v3 for now.
+| Feature                                                                                                              | Deprecated | End of Support | Removal |
 |----------------------------------------------------------------------------------------------------------------------|------------|----------------|---------|
 | [Kubernetes CRDs API Version `traefik.io/v1alpha1`](#kubernetes-crds-api-version-traefikiov1alpha1)                  | N/A        | N/A            | 3.0     |
 | [Kubernetes Ingress API Version `networking.k8s.io/v1beta1`](#kubernetes-ingress-api-version-networkingk8siov1beta1) | N/A        | N/A            | 3.0     |
 | [CRD API Version `apiextensions.k8s.io/v1beta1`](#kubernetes-ingress-api-version-networkingk8siov1beta1)             | N/A        | N/A            | 3.0     |
 ## Impact
 ### Kubernetes CRDs API Version `traefik.io/v1alpha1`
 The newly introduced Kubernetes CRD API Version `traefik.io/v1alpha1` will subsequently be removed in Traefik v3. The following version will be `traefik.io/v1`.
 ### Kubernetes Ingress API Version `networking.k8s.io/v1beta1`
 The Kubernetes Ingress API Version `networking.k8s.io/v1beta1` is removed in v3. Please use the API Group `networking.k8s.io/v1` instead.
 ### Traefik CRD API Version `apiextensions.k8s.io/v1beta1`
 The Traefik CRD API Version `apiextensions.k8s.io/v1beta1` is removed in v3. Please use the API Group `apiextensions.k8s.io/v1` instead.
--- a/docs/content/deprecation/releases.md
+++ b/docs/content/deprecation/releases.md
@@ -6,7 +6,8 @@ Below is a non-exhaustive list of versions and their maintenance status:
 | Version | Release Date | Active Support     | Security Support | 
 |---------|--------------|--------------------|------------------|
-| 2.9     | Oct 03, 2022 | Yes                | Yes              |
+| 2.10    | Apr 24, 2023 | Yes                | Yes              |
 | 2.9     | Oct 03, 2022 | Ended Apr 24, 2023 | No               |
 | 2.8     | Jun 29, 2022 | Ended Oct 03, 2022 | No               |
 | 2.7     | May 24, 2022 | Ended Jun 29, 2022 | No               |
 | 2.6     | Jan 24, 2022 | Ended May 24, 2022 | No               |
--- a/docs/content/getting-started/concepts.md
+++ b/docs/content/getting-started/concepts.md
@@ -1,19 +1,34 @@
 ---
-title: "Traefik Concepts Documentation"
+title: Concepts
-description: "Get started with Traefik Proxy. Read the technical documentation for an introduction into the key concepts behind our open source edge router."
+description: Traefik - base concepts and main features
 ---
 # Concepts
-Everything You Need to Know
+This page explains the base concepts of Traefik.
-{: .subtitle }
+
 ---
 ## Introduction
 Traefik is based on the concept of EntryPoints, Routers, Middlewares and Services.
 The main features include dynamic configuration, automatic service discovery, and support for multiple backends and protocols.
 1. [EntryPoints](../routing/entrypoints.md "Link to docs about EntryPoints"): EntryPoints are the network entry points into Traefik. They define the port which will receive the packets, and whether to listen for TCP or UDP.
 2. [Routers](../routing/routers/index.md "Link to docs about routers"): A router is in charge of connecting incoming requests to the services that can handle them.
 3. [Middlewares](../middlewares/overview.md "Link to docs about middlewares"): Attached to the routers, middlewares can modify the requests or responses before they are sent to your service
 4. [Services](../routing/services/index.md "Link to docs about services"): Services are responsible for configuring how to reach the actual services that will eventually handle the incoming requests.
 ## Edge Router
-Traefik is an _Edge Router_, it means that it's the door to your platform, and that it intercepts and routes every incoming request:
+Traefik is an *Edge Router*, it means that it's the door to your platform, and that it intercepts and routes every incoming request:
-it knows all the logic and every rule that determine which services handle which requests (based on the [path](../routing/routers/index.md#rule), the [host](../routing/routers/index.md#rule), [headers](../routing/routers/index.md#rule), [and so on](../routing/routers/index.md#rule) ...).
+it knows all the logic and every [rule](../routing/routers/index.md#rule "Link to docs about routing rules") that determine which services handle which requests (based on the *path*, the *host*, *headers*, etc.).
-![The Door to Your Infrastructure](../assets/img/traefik-concepts-1.png)
+![The Door to Your Infrastructure](../assets/img/traefik-concepts-1.png "Picture explaining the infrastructure")
 ## Auto Service Discovery
@@ -21,7 +36,7 @@ Where traditionally edge routers (or reverse proxies) need a configuration file
 Deploying your services, you attach information that tells Traefik the characteristics of the requests the services can handle.
-![Decentralized Configuration](../assets/img/traefik-concepts-2.png)
+![Decentralized Configuration](../assets/img/traefik-concepts-2.png "Picture about Decentralized Configuration")
 It means that when a service is deployed, Traefik detects it immediately and updates the routing rules in real time.
 Similarly, when a service is removed from the infrastructure, the corresponding route is deleted accordingly.
@@ -30,14 +45,16 @@ You no longer need to create and synchronize configuration files cluttered with
 !!! info "Many different rules"
-    In the example above, we used the request [path](../routing/routers/index.md#rule) to determine which service was in charge, but of course you can use many other different [rules](../routing/routers/index.md#rule).
+    In the example above, we used the request [path rule](../routing/routers/index.md#rule "Link to docs about routing rules") to determine which service was in charge.
    Certainly, you can use many other different [rules](../routing/routers/index.md#rule "Link to docs about routing rules").
 !!! info "Updating the requests"
-    In the [middleware](../middlewares/overview.md) section, you can learn about how to update the requests before forwarding them to the services.
+    In the [middleware](../middlewares/overview.md "Link to middleware documentation") section, you can learn about how to update the requests before forwarding them to the services.
 !!! question "How does Traefik discover the services?"
-    Traefik is able to use your cluster API to discover the services and read the attached information. In Traefik, these connectors are called [providers](../providers/overview.md) because they _provide_ the configuration to Traefik. To learn more about them, read the [provider overview](../providers/overview.md) section.
+    Traefik is able to use your cluster API to discover the services and read the attached information.
    In Traefik, these connectors are called [providers](../providers/overview.md "Link to overview about Traefik providers") because they *provide* the configuration to Traefik.
 {!traefik-for-business-applications.md!}
--- a/docs/content/getting-started/faq.md
+++ b/docs/content/getting-started/faq.md
@@ -158,6 +158,56 @@ By default, the following headers are automatically added when proxying requests
 For more details,
 please check out the [forwarded header](../routing/entrypoints.md#forwarded-headers) documentation.
 ## How Traefik is Storing and Serving TLS Certificates?
 ### Storing TLS Certificates
 [TLS](../https/tls.md "Link to Traefik TLS docs") certificates are either provided directly by the [dynamic configuration](./configuration-overview.md#the-dynamic-configuration "Link to dynamic configuration overview") from [providers](../https/tls.md#user-defined "Link to the TLS configuration"),
 or by [ACME resolvers](../https/acme.md#providers "Link to ACME resolvers"), which act themselves as providers internally.
 For each TLS certificate, Traefik produces an identifier used as a key to store it.
 This identifier is constructed as the alphabetically ordered concatenation of the SANs `DNSNames` and `IPAddresses` of the TLScertificate.
 #### Examples:
 | X509v3 Subject Alternative Name         | TLS Certificate Identifier  |
 |-----------------------------------------|-----------------------------|
 | `DNS:example.com, IP Address:127.0.0.1` | `127.0.0.1,example.com`     |
 | `DNS:example.com, DNS:*.example.com`    | `*.example.com,example.com` |
 The identifier is used to store TLS certificates in order to be later used to handle TLS connections.
 This operation happens each time there are configuration changes.
 If multiple TLS certificates are provided with the same SANs definition (same identifier), only the one processed first is kept.
 Because the dynamic configuration is aggregated from all providers,
 when processing it to gather TLS certificates,
 there is no guarantee of the order in which they would be processed.
 This means that along with configurations applied, it is possible that the TLS certificate retained for a given identifier differs.
 ### Serving TLS Certificates
 For each incoming connection, Traefik is serving the "best" matching TLS certificate for the provided server name.
 The TLS certificate selection process narrows down the list of TLS certificates matching the server name,
 and then selects the last TLS certificate in this list after having ordered it by the identifier alphabetically.
 #### Examples:
 | Selected TLS Certificates Identifiers               | Sorted TLS Certificates Identifiers                 | Served Certificate Identifier |
 |-----------------------------------------------------|-----------------------------------------------------|-------------------------------|
 | `127.0.0.1,example.com`,`*.example.com,example.com` | `*.example.com,example.com`,`127.0.0.1,example.com` | `127.0.0.1,example.com`       |
 | `*.example.com,example.com`,`example.com`           | `*.example.com,example.com`,`example.com`           | `example.com`                 |
 ### Caching TLS Certificates
 While Traefik is serving the best matching TLS certificate for each incoming connection,
 the selection process cost for each incoming connection is avoided thanks to a cache mechanism.
 Once a TLS certificate has been selected as the "best" TLS certificate for a server name,
 it is cached for an hour, avoiding the selection process for further connections.
 Nonetheless, when a new configuration is applied, the cache is reset.
 ## What does the "field not found" error mean?
 ```shell
@@ -181,3 +231,23 @@ and the message should help in figuring out the mistake(s) in the configuration,
 When using the file provider,
 one easy way to check if the dynamic configuration is well-formed is to validate it with the [JSON Schema of the dynamic configuration](https://json.schemastore.org/traefik-v2-file-provider.json).
 ## Why does Let's Encrypt wildcard certificate renewal/generation with DNS challenge fail?
 If you're trying to renew wildcard certificates, with DNS challenge,
 and you're getting errors such as:
 ```txt
 msg="Error renewing certificate from LE: {example.com [*.example.com]}"
 providerName=letsencrypt.acme error="error: one or more domains had a problem:
 [example.com] acme: error presenting token: gandiv5: unexpected authZone example.com. for fqdn example.com."
 ```
 then it could be due to `CNAME` support.
 In which case, you should make sure your infrastructure is properly set up for a
 `DNS` challenge that does not rely on `CNAME`, and you should try disabling `CNAME` support with:
 ```bash
 LEGO_DISABLE_CNAME_SUPPORT=true
 ```
--- a/docs/content/getting-started/install-traefik.md
+++ b/docs/content/getting-started/install-traefik.md
@@ -16,8 +16,8 @@ You can install Traefik with the following flavors:
 Choose one of the [official Docker images](https://hub.docker.com/_/traefik) and run it with one sample configuration file:
-* [YAML](https://raw.githubusercontent.com/traefik/traefik/v2.9/traefik.sample.yml)
+* [YAML](https://raw.githubusercontent.com/traefik/traefik/v3.0/traefik.sample.yml)
-* [TOML](https://raw.githubusercontent.com/traefik/traefik/v2.9/traefik.sample.toml)
+* [TOML](https://raw.githubusercontent.com/traefik/traefik/v3.0/traefik.sample.toml)
 ```bash
 docker run -d -p 8080:8080 -p 80:80 \
@@ -121,7 +121,7 @@ by defining and applying an IngressRoute CRD (`kubectl apply -f dashboard.yaml`)
 ```yaml
 # dashboard.yaml
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
  name: dashboard
--- a/docs/content/getting-started/quick-start-with-kubernetes.md
+++ b/docs/content/getting-started/quick-start-with-kubernetes.md
@@ -316,3 +316,5 @@ curl -v http://localhost/
    - [Filter the ingresses](../providers/kubernetes-ingress.md#ingressclass) to use with [IngressClass](https://kubernetes.io/docs/concepts/services-networking/ingress/#ingress-class)
    - Use [IngressRoute CRD](../providers/kubernetes-crd.md)
    - Protect [ingresses with TLS](../routing/providers/kubernetes-ingress.md#enabling-tls-via-annotations)
 {!traefik-api-management-kubernetes.md!}
--- a/docs/content/getting-started/quick-start.md
+++ b/docs/content/getting-started/quick-start.md
@@ -1,11 +1,11 @@
 ---
 title: "Traefik Getting Started Quickly"
-description: "Looking to get started with Traefik Proxy quickly? Read the technical documentation to learn a simple use case that leverages Docker."
+description: "Looking to get started with Traefik Proxy quickly? Read the technical documentation to see a basic use case that leverages Docker."
 ---
 # Quick Start
-A Simple Use Case Using Docker
+A Basic Use Case Using Docker
 {: .subtitle }
 ![quickstart-diagram](../assets/img/quickstart-diagram.png)
@@ -19,9 +19,9 @@ version: '3'
 services:
  reverse-proxy:
-    # The official v2 Traefik docker image
+    # The official v3 Traefik Docker image
    image: traefik:v3.0
-    # Enables the web UI and tells Traefik to listen to docker
+    # Enables the web UI and tells Traefik to listen to Docker
    command: --api.insecure=true --providers.docker
    ports:
      # The HTTP port
@@ -63,7 +63,7 @@ services:
      - "traefik.http.routers.whoami.rule=Host(`whoami.docker.localhost`)"
 ```
-The above defines `whoami`: a simple web service that outputs information about the machine it is deployed on (its IP address, host, and so on).
+The above defines [`whoami`](https://github.com/traefik/whoami "Link to whoami app on GitHub"), a web service that outputs information about the machine it is deployed on (its IP address, host, etc.).
 Start the `whoami` service with the following command:
@@ -71,9 +71,9 @@ Start the `whoami` service with the following command:
 docker-compose up -d whoami
 ```
-Go back to your browser (`http://localhost:8080/api/rawdata`) and see that Traefik has automatically detected the new container and updated its own configuration.
+Browse `http://localhost:8080/api/rawdata` and see that Traefik has automatically detected the new container and updated its own configuration.
-When Traefik detects new services, it creates the corresponding routes so you can call them ... _let's see!_  (Here, we're using curl)
+When Traefik detects new services, it creates the corresponding routes, so you can call them ... _let's see!_  (Here, we're using curl)
 ```shell
 curl -H Host:whoami.docker.localhost http://127.0.0.1
@@ -95,7 +95,7 @@ Run more instances of your `whoami` service with the following command:
 docker-compose up -d --scale whoami=2
 ```
-Go back to your browser (`http://localhost:8080/api/rawdata`) and see that Traefik has automatically detected the new instance of the container.
+Browse to `http://localhost:8080/api/rawdata` and see that Traefik has automatically detected the new instance of the container.
 Finally, see that Traefik load-balances between the two instances of your service by running the following command twice:
@@ -119,6 +119,6 @@ IP: 172.27.0.4
 !!! question "Where to Go Next?"
-    Now that you have a basic understanding of how Traefik can automatically create the routes to your services and load balance them, it is time to dive into [the documentation](/) and let Traefik work for you!
+    Now that you have a basic understanding of how Traefik can automatically create the routes to your services and load balance them, it is time to dive into [the documentation](/ "Link to the docs landing page") and let Traefik work for you!
 {!traefik-for-business-applications.md!}
--- a/docs/content/https/acme.md
+++ b/docs/content/https/acme.md
@@ -11,7 +11,11 @@ Automatic HTTPS
 You can configure Traefik to use an ACME provider (like Let's Encrypt) for automatic certificate generation.
 !!! warning "Let's Encrypt and Rate Limiting"
-    Note that Let's Encrypt API has [rate limiting](https://letsencrypt.org/docs/rate-limits).
+    Note that Let's Encrypt API has [rate limiting](https://letsencrypt.org/docs/rate-limits). These last up to __one week__, and can not be overridden.
    When running Traefik in a container this file should be persisted across restarts. 
    If Traefik requests new certificates each time it starts up, a crash-looping container can quickly reach Let's Encrypt's ratelimits.
    To configure where certificates are stored, please take a look at the [storage](#storage) configuration.
    Use Let's Encrypt staging server with the [`caServer`](#caserver) configuration option
    when experimenting to avoid hitting this limit too fast.
@@ -279,8 +283,19 @@ Use the `DNS-01` challenge to generate and renew ACME certificates by provisioni
    # ...
    ```
-    !!! important
+!!! warning "`CNAME` support"
-        A `provider` is mandatory.
+
    `CNAME` are supported (and sometimes even [encouraged](https://letsencrypt.org/2019/10/09/onboarding-your-customers-with-lets-encrypt-and-acme.html#the-advantages-of-a-cname)),
    but there are a few cases where they can be [problematic](../../getting-started/faq/#why-does-lets-encrypt-wildcard-certificate-renewalgeneration-with-dns-challenge-fail).
    If needed, `CNAME` support can be disabled with the following environment variable:
    ```bash
    LEGO_DISABLE_CNAME_SUPPORT=true
    ```
 !!! important
    A `provider` is mandatory.
 #### `providers`
@@ -293,117 +308,127 @@ For example, `CF_API_EMAIL_FILE=/run/secrets/traefik_cf-api-email` could be used
 For complete details, refer to your provider's _Additional configuration_ link.
-| Provider Name                                                                                      | Provider Code      | Environment Variables                                                                                                                       |                                                                                 |
+| Provider Name                                                          | Provider Code      | Environment Variables                                                                                                                       |                                                                                 |
-|----------------------------------------------------------------------------------------------------|--------------------|---------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------|
+|------------------------------------------------------------------------|--------------------|---------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------------------|
-| [ACME DNS](https://github.com/joohoi/acme-dns)                                                     | `acme-dns`         | `ACME_DNS_API_BASE`, `ACME_DNS_STORAGE_PATH`                                                                                                | [Additional configuration](https://go-acme.github.io/lego/dns/acme-dns)         |
+| [ACME DNS](https://github.com/joohoi/acme-dns)                         | `acme-dns`         | `ACME_DNS_API_BASE`, `ACME_DNS_STORAGE_PATH`                                                                                                | [Additional configuration](https://go-acme.github.io/lego/dns/acme-dns)         |
-| [Alibaba Cloud](https://www.alibabacloud.com)                                                      | `alidns`           | `ALICLOUD_ACCESS_KEY`, `ALICLOUD_SECRET_KEY`, `ALICLOUD_REGION_ID`                                                                          | [Additional configuration](https://go-acme.github.io/lego/dns/alidns)           |
+| [Alibaba Cloud](https://www.alibabacloud.com)                          | `alidns`           | `ALICLOUD_ACCESS_KEY`, `ALICLOUD_SECRET_KEY`, `ALICLOUD_REGION_ID`                                                                          | [Additional configuration](https://go-acme.github.io/lego/dns/alidns)           |
-| [all-inkl](https://all-inkl.com)                                                                   | `allinkl`          | `ALL_INKL_LOGIN`, `ALL_INKL_PASSWORD`                                                                                                       | [Additional configuration](https://go-acme.github.io/lego/dns/allinkl)          |
+| [all-inkl](https://all-inkl.com)                                       | `allinkl`          | `ALL_INKL_LOGIN`, `ALL_INKL_PASSWORD`                                                                                                       | [Additional configuration](https://go-acme.github.io/lego/dns/allinkl)          |
-| [ArvanCloud](https://www.arvancloud.com/en)                                                        | `arvancloud`       | `ARVANCLOUD_API_KEY`                                                                                                                        | [Additional configuration](https://go-acme.github.io/lego/dns/arvancloud)       |
+| [ArvanCloud](https://www.arvancloud.com/en)                            | `arvancloud`       | `ARVANCLOUD_API_KEY`                                                                                                                        | [Additional configuration](https://go-acme.github.io/lego/dns/arvancloud)       |
-| [Auroradns](https://www.pcextreme.com/dns-health-checks)                                           | `auroradns`        | `AURORA_USER_ID`, `AURORA_KEY`, `AURORA_ENDPOINT`                                                                                           | [Additional configuration](https://go-acme.github.io/lego/dns/auroradns)        |
+| [Auroradns](https://www.pcextreme.com/dns-health-checks)               | `auroradns`        | `AURORA_USER_ID`, `AURORA_KEY`, `AURORA_ENDPOINT`                                                                                           | [Additional configuration](https://go-acme.github.io/lego/dns/auroradns)        |
-| [Autodns](https://www.internetx.com/domains/autodns/)                                              | `autodns`          | `AUTODNS_API_USER`, `AUTODNS_API_PASSWORD`                                                                                                  | [Additional configuration](https://go-acme.github.io/lego/dns/autodns)          |
+| [Autodns](https://www.internetx.com/domains/autodns/)                  | `autodns`          | `AUTODNS_API_USER`, `AUTODNS_API_PASSWORD`                                                                                                  | [Additional configuration](https://go-acme.github.io/lego/dns/autodns)          |
-| [Azure](https://azure.microsoft.com/services/dns/)                                                 | `azure`            | `AZURE_CLIENT_ID`, `AZURE_CLIENT_SECRET`, `AZURE_SUBSCRIPTION_ID`, `AZURE_TENANT_ID`, `AZURE_RESOURCE_GROUP`, `[AZURE_METADATA_ENDPOINT]`   | [Additional configuration](https://go-acme.github.io/lego/dns/azure)            |
+| [Azure](https://azure.microsoft.com/services/dns/)                     | `azure`            | `AZURE_CLIENT_ID`, `AZURE_CLIENT_SECRET`, `AZURE_SUBSCRIPTION_ID`, `AZURE_TENANT_ID`, `AZURE_RESOURCE_GROUP`, `[AZURE_METADATA_ENDPOINT]`   | [Additional configuration](https://go-acme.github.io/lego/dns/azure)            |
-| [Bindman](https://github.com/labbsr0x/bindman-dns-webhook)                                         | `bindman`          | `BINDMAN_MANAGER_ADDRESS`                                                                                                                   | [Additional configuration](https://go-acme.github.io/lego/dns/bindman)          |
+| [Bindman](https://github.com/labbsr0x/bindman-dns-webhook)             | `bindman`          | `BINDMAN_MANAGER_ADDRESS`                                                                                                                   | [Additional configuration](https://go-acme.github.io/lego/dns/bindman)          |
-| [Blue Cat](https://www.bluecatnetworks.com/)                                                       | `bluecat`          | `BLUECAT_SERVER_URL`, `BLUECAT_USER_NAME`, `BLUECAT_PASSWORD`, `BLUECAT_CONFIG_NAME`, `BLUECAT_DNS_VIEW`                                    | [Additional configuration](https://go-acme.github.io/lego/dns/bluecat)          |
+| [Blue Cat](https://www.bluecatnetworks.com/)                           | `bluecat`          | `BLUECAT_SERVER_URL`, `BLUECAT_USER_NAME`, `BLUECAT_PASSWORD`, `BLUECAT_CONFIG_NAME`, `BLUECAT_DNS_VIEW`                                    | [Additional configuration](https://go-acme.github.io/lego/dns/bluecat)          |
-| [Checkdomain](https://www.checkdomain.de/)                                                         | `checkdomain`      | `CHECKDOMAIN_TOKEN`,                                                                                                                        | [Additional configuration](https://go-acme.github.io/lego/dns/checkdomain/)     |
+| [Brandit](https://www.brandit.com)                                     | `brandit`          | `BRANDIT_API_USERNAME`, `BRANDIT_API_KEY`                                                                                                   | [Additional configuration](https://go-acme.github.io/lego/dns/brandit)          |
-| [Civo](https://www.civo.com/)                                                                      | `civo`             | `CIVO_TOKEN`                                                                                                                                | [Additional configuration](https://go-acme.github.io/lego/dns/civo)             |
+| [Bunny](https://bunny.net)                                             | `bunny`            | `BUNNY_API_KEY`                                                                                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/bunny)            |
-| [CloudDNS](https://vshosting.eu/)                                                                  | `clouddns`         | `CLOUDDNS_CLIENT_ID`, `CLOUDDNS_EMAIL`, `CLOUDDNS_PASSWORD`                                                                                 | [Additional configuration](https://go-acme.github.io/lego/dns/clouddns)         |
+| [Checkdomain](https://www.checkdomain.de/)                             | `checkdomain`      | `CHECKDOMAIN_TOKEN`,                                                                                                                        | [Additional configuration](https://go-acme.github.io/lego/dns/checkdomain/)     |
-| [Cloudflare](https://www.cloudflare.com)                                                           | `cloudflare`       | `CF_API_EMAIL`, `CF_API_KEY` [^5] or `CF_DNS_API_TOKEN`, `[CF_ZONE_API_TOKEN]`                                                              | [Additional configuration](https://go-acme.github.io/lego/dns/cloudflare)       |
+| [Civo](https://www.civo.com/)                                          | `civo`             | `CIVO_TOKEN`                                                                                                                                | [Additional configuration](https://go-acme.github.io/lego/dns/civo)             |
-| [ClouDNS](https://www.cloudns.net/)                                                                | `cloudns`          | `CLOUDNS_AUTH_ID`, `CLOUDNS_AUTH_PASSWORD`                                                                                                  | [Additional configuration](https://go-acme.github.io/lego/dns/cloudns)          |
+| [CloudDNS](https://vshosting.eu/)                                      | `clouddns`         | `CLOUDDNS_CLIENT_ID`, `CLOUDDNS_EMAIL`, `CLOUDDNS_PASSWORD`                                                                                 | [Additional configuration](https://go-acme.github.io/lego/dns/clouddns)         |
-| [CloudXNS](https://www.cloudxns.net)                                                               | `cloudxns`         | `CLOUDXNS_API_KEY`, `CLOUDXNS_SECRET_KEY`                                                                                                   | [Additional configuration](https://go-acme.github.io/lego/dns/cloudxns)         |
+| [Cloudflare](https://www.cloudflare.com)                               | `cloudflare`       | `CF_API_EMAIL`, `CF_API_KEY` [^5] or `CF_DNS_API_TOKEN`, `[CF_ZONE_API_TOKEN]`                                                              | [Additional configuration](https://go-acme.github.io/lego/dns/cloudflare)       |
-| [ConoHa](https://www.conoha.jp)                                                                    | `conoha`           | `CONOHA_TENANT_ID`, `CONOHA_API_USERNAME`, `CONOHA_API_PASSWORD`                                                                            | [Additional configuration](https://go-acme.github.io/lego/dns/conoha)           |
+| [ClouDNS](https://www.cloudns.net/)                                    | `cloudns`          | `CLOUDNS_AUTH_ID`, `CLOUDNS_AUTH_PASSWORD`                                                                                                  | [Additional configuration](https://go-acme.github.io/lego/dns/cloudns)          |
-| [Constellix](https://constellix.com)                                                               | `constellix`       | `CONSTELLIX_API_KEY`, `CONSTELLIX_SECRET_KEY`                                                                                               | [Additional configuration](https://go-acme.github.io/lego/dns/constellix)       |
+| [CloudXNS](https://www.cloudxns.net)                                   | `cloudxns`         | `CLOUDXNS_API_KEY`, `CLOUDXNS_SECRET_KEY`                                                                                                   | [Additional configuration](https://go-acme.github.io/lego/dns/cloudxns)         |
-| [deSEC](https://desec.io)                                                                          | `desec`            | `DESEC_TOKEN`                                                                                                                               | [Additional configuration](https://go-acme.github.io/lego/dns/desec)            |
+| [ConoHa](https://www.conoha.jp)                                        | `conoha`           | `CONOHA_TENANT_ID`, `CONOHA_API_USERNAME`, `CONOHA_API_PASSWORD`                                                                            | [Additional configuration](https://go-acme.github.io/lego/dns/conoha)           |
-| [DigitalOcean](https://www.digitalocean.com)                                                       | `digitalocean`     | `DO_AUTH_TOKEN`                                                                                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/digitalocean)     |
+| [Constellix](https://constellix.com)                                   | `constellix`       | `CONSTELLIX_API_KEY`, `CONSTELLIX_SECRET_KEY`                                                                                               | [Additional configuration](https://go-acme.github.io/lego/dns/constellix)       |
-| [DNS Made Easy](https://dnsmadeeasy.com)                                                           | `dnsmadeeasy`      | `DNSMADEEASY_API_KEY`, `DNSMADEEASY_API_SECRET`, `DNSMADEEASY_SANDBOX`                                                                      | [Additional configuration](https://go-acme.github.io/lego/dns/dnsmadeeasy)      |
+| [Derak Cloud](https://derak.cloud/)                                    | `derak`            | `DERAK_API_KEY`                                                                                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/derak)            |
-| [DNSimple](https://dnsimple.com)                                                                   | `dnsimple`         | `DNSIMPLE_OAUTH_TOKEN`, `DNSIMPLE_BASE_URL`                                                                                                 | [Additional configuration](https://go-acme.github.io/lego/dns/dnsimple)         |
+| [deSEC](https://desec.io)                                              | `desec`            | `DESEC_TOKEN`                                                                                                                               | [Additional configuration](https://go-acme.github.io/lego/dns/desec)            |
-| [DNSPod](https://www.dnspod.com/)                                                                  | `dnspod`           | `DNSPOD_API_KEY`                                                                                                                            | [Additional configuration](https://go-acme.github.io/lego/dns/dnspod)           |
+| [DigitalOcean](https://www.digitalocean.com)                           | `digitalocean`     | `DO_AUTH_TOKEN`                                                                                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/digitalocean)     |
-| [Domain Offensive (do.de)](https://www.do.de/)                                                     | `dode`             | `DODE_TOKEN`                                                                                                                                | [Additional configuration](https://go-acme.github.io/lego/dns/dode)             |
+| [DNS Made Easy](https://dnsmadeeasy.com)                               | `dnsmadeeasy`      | `DNSMADEEASY_API_KEY`, `DNSMADEEASY_API_SECRET`, `DNSMADEEASY_SANDBOX`                                                                      | [Additional configuration](https://go-acme.github.io/lego/dns/dnsmadeeasy)      |
-| [Domeneshop](https://domene.shop)                                                                  | `domeneshop`       | `DOMENESHOP_API_TOKEN`, `DOMENESHOP_API_SECRET`                                                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/domeneshop)       |
+| [dnsHome.de](https://www.dnshome.de)                                   | `dnsHomede`        | `DNSHOMEDE_CREDENTIALS`                                                                                                                     | [Additional configuration](https://go-acme.github.io/lego/dns/dnshomede)        |
-| [DreamHost](https://www.dreamhost.com/)                                                            | `dreamhost`        | `DREAMHOST_API_KEY`                                                                                                                         | [Additional configuration](https://go-acme.github.io/lego/dns/dreamhost)        |
+| [DNSimple](https://dnsimple.com)                                       | `dnsimple`         | `DNSIMPLE_OAUTH_TOKEN`, `DNSIMPLE_BASE_URL`                                                                                                 | [Additional configuration](https://go-acme.github.io/lego/dns/dnsimple)         |
-| [Duck DNS](https://www.duckdns.org/)                                                               | `duckdns`          | `DUCKDNS_TOKEN`                                                                                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/duckdns)          |
+| [DNSPod](https://www.dnspod.com/)                                      | `dnspod`           | `DNSPOD_API_KEY`                                                                                                                            | [Additional configuration](https://go-acme.github.io/lego/dns/dnspod)           |
-| [Dyn](https://dyn.com)                                                                             | `dyn`              | `DYN_CUSTOMER_NAME`, `DYN_USER_NAME`, `DYN_PASSWORD`                                                                                        | [Additional configuration](https://go-acme.github.io/lego/dns/dyn)              |
+| [Domain Offensive (do.de)](https://www.do.de/)                         | `dode`             | `DODE_TOKEN`                                                                                                                                | [Additional configuration](https://go-acme.github.io/lego/dns/dode)             |
-| [Dynu](https://www.dynu.com)                                                                       | `dynu`             | `DYNU_API_KEY`                                                                                                                              | [Additional configuration](https://go-acme.github.io/lego/dns/dynu)             |
+| [Domeneshop](https://domene.shop)                                      | `domeneshop`       | `DOMENESHOP_API_TOKEN`, `DOMENESHOP_API_SECRET`                                                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/domeneshop)       |
-| [EasyDNS](https://easydns.com/)                                                                    | `easydns`          | `EASYDNS_TOKEN`, `EASYDNS_KEY`                                                                                                              | [Additional configuration](https://go-acme.github.io/lego/dns/easydns)          |
+| [DreamHost](https://www.dreamhost.com/)                                | `dreamhost`        | `DREAMHOST_API_KEY`                                                                                                                         | [Additional configuration](https://go-acme.github.io/lego/dns/dreamhost)        |
-| [EdgeDNS](https://www.akamai.com/)                                                                 | `edgedns`          | `AKAMAI_CLIENT_TOKEN`,  `AKAMAI_CLIENT_SECRET`,  `AKAMAI_ACCESS_TOKEN`                                                                      | [Additional configuration](https://go-acme.github.io/lego/dns/edgedns)          |
+| [Duck DNS](https://www.duckdns.org/)                                   | `duckdns`          | `DUCKDNS_TOKEN`                                                                                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/duckdns)          |
-| [Epik](https://www.epik.com)                                                                       | `epik`             | `EPIK_SIGNATURE`                                                                                                                            | [Additional configuration](https://go-acme.github.io/lego/dns/epik)             |
+| [Dyn](https://dyn.com)                                                 | `dyn`              | `DYN_CUSTOMER_NAME`, `DYN_USER_NAME`, `DYN_PASSWORD`                                                                                        | [Additional configuration](https://go-acme.github.io/lego/dns/dyn)              |
-| [Exoscale](https://www.exoscale.com)                                                               | `exoscale`         | `EXOSCALE_API_KEY`, `EXOSCALE_API_SECRET`, `EXOSCALE_ENDPOINT`                                                                              | [Additional configuration](https://go-acme.github.io/lego/dns/exoscale)         |
+| [Dynu](https://www.dynu.com)                                           | `dynu`             | `DYNU_API_KEY`                                                                                                                              | [Additional configuration](https://go-acme.github.io/lego/dns/dynu)             |
-| [Fast DNS](https://www.akamai.com/)                                                                | `fastdns`          | `AKAMAI_CLIENT_TOKEN`,  `AKAMAI_CLIENT_SECRET`,  `AKAMAI_ACCESS_TOKEN`                                                                      | [Additional configuration](https://go-acme.github.io/lego/dns/edgedns)          |
+| [EasyDNS](https://easydns.com/)                                        | `easydns`          | `EASYDNS_TOKEN`, `EASYDNS_KEY`                                                                                                              | [Additional configuration](https://go-acme.github.io/lego/dns/easydns)          |
-| [Freemyip.com](https://freemyip.com)                                                               | `freemyip`         | `FREEMYIP_TOKEN`                                                                                                                            | [Additional configuration](https://go-acme.github.io/lego/dns/freemyip)         |
+| [EdgeDNS](https://www.akamai.com/)                                     | `edgedns`          | `AKAMAI_CLIENT_TOKEN`,  `AKAMAI_CLIENT_SECRET`,  `AKAMAI_ACCESS_TOKEN`                                                                      | [Additional configuration](https://go-acme.github.io/lego/dns/edgedns)          |
-| [G-Core Lab](https://gcorelabs.com/dns/)                                                           | `gcore`            | `GCORE_PERMANENT_API_TOKEN`                                                                                                                 | [Additional configuration](https://go-acme.github.io/lego/dns/gcore)            |
+| [Epik](https://www.epik.com)                                           | `epik`             | `EPIK_SIGNATURE`                                                                                                                            | [Additional configuration](https://go-acme.github.io/lego/dns/epik)             |
-| [Gandi v5](https://doc.livedns.gandi.net)                                                          | `gandiv5`          | `GANDIV5_API_KEY`                                                                                                                           | [Additional configuration](https://go-acme.github.io/lego/dns/gandiv5)          |
+| [Exoscale](https://www.exoscale.com)                                   | `exoscale`         | `EXOSCALE_API_KEY`, `EXOSCALE_API_SECRET`, `EXOSCALE_ENDPOINT`                                                                              | [Additional configuration](https://go-acme.github.io/lego/dns/exoscale)         |
-| [Gandi](https://www.gandi.net)                                                                     | `gandi`            | `GANDI_API_KEY`                                                                                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/gandi)            |
+| [Fast DNS](https://www.akamai.com/)                                    | `fastdns`          | `AKAMAI_CLIENT_TOKEN`,  `AKAMAI_CLIENT_SECRET`,  `AKAMAI_ACCESS_TOKEN`                                                                      | [Additional configuration](https://go-acme.github.io/lego/dns/edgedns)          |
-| [Glesys](https://glesys.com/)                                                                      | `glesys`           | `GLESYS_API_USER`, `GLESYS_API_KEY`, `GLESYS_DOMAIN`                                                                                        | [Additional configuration](https://go-acme.github.io/lego/dns/glesys)           |
+| [Freemyip.com](https://freemyip.com)                                   | `freemyip`         | `FREEMYIP_TOKEN`                                                                                                                            | [Additional configuration](https://go-acme.github.io/lego/dns/freemyip)         |
-| [GoDaddy](https://godaddy.com/)                                                                    | `godaddy`          | `GODADDY_API_KEY`, `GODADDY_API_SECRET`                                                                                                     | [Additional configuration](https://go-acme.github.io/lego/dns/godaddy)          |
+| [G-Core Lab](https://gcorelabs.com/dns/)                               | `gcore`            | `GCORE_PERMANENT_API_TOKEN`                                                                                                                 | [Additional configuration](https://go-acme.github.io/lego/dns/gcore)            |
-| [Google Cloud DNS](https://cloud.google.com/dns/docs/)                                             | `gcloud`           | `GCE_PROJECT`, Application Default Credentials [^2] [^3], [`GCE_SERVICE_ACCOUNT_FILE`]                                                      | [Additional configuration](https://go-acme.github.io/lego/dns/gcloud)           |
+| [Gandi v5](https://doc.livedns.gandi.net)                              | `gandiv5`          | `GANDIV5_API_KEY`                                                                                                                           | [Additional configuration](https://go-acme.github.io/lego/dns/gandiv5)          |
-| [Hetzner](https://hetzner.com)                                                                     | `hetzner`          | `HETZNER_API_KEY`                                                                                                                           | [Additional configuration](https://go-acme.github.io/lego/dns/hetzner)          |
+| [Gandi](https://www.gandi.net)                                         | `gandi`            | `GANDI_API_KEY`                                                                                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/gandi)            |
-| [hosting.de](https://www.hosting.de)                                                               | `hostingde`        | `HOSTINGDE_API_KEY`, `HOSTINGDE_ZONE_NAME`                                                                                                  | [Additional configuration](https://go-acme.github.io/lego/dns/hostingde)        |
+| [Glesys](https://glesys.com/)                                          | `glesys`           | `GLESYS_API_USER`, `GLESYS_API_KEY`, `GLESYS_DOMAIN`                                                                                        | [Additional configuration](https://go-acme.github.io/lego/dns/glesys)           |
-| [Hosttech](https://www.hosttech.eu)                                                                | `hosttech`         | `HOSTTECH_API_KEY`                                                                                                                          | [Additional configuration](https://go-acme.github.io/lego/dns/hosttech)         |
+| [GoDaddy](https://www.godaddy.com)                                     | `godaddy`          | `GODADDY_API_KEY`, `GODADDY_API_SECRET`                                                                                                     | [Additional configuration](https://go-acme.github.io/lego/dns/godaddy)          |
-| [Hurricane Electric](https://dns.he.net)                                                           | `hurricane`        | `HURRICANE_TOKENS` [^6]                                                                                                                     | [Additional configuration](https://go-acme.github.io/lego/dns/hurricane)        |
+| [Google Domains](https://domains.google)                               | `googledomains`    | `GOOGLE_DOMAINS_ACCESS_TOKEN`                                                                                                               | [Additional configuration](https://go-acme.github.io/lego/dns/googledomains)    |
-| [HyperOne](https://www.hyperone.com)                                                               | `hyperone`         | `HYPERONE_PASSPORT_LOCATION`, `HYPERONE_LOCATION_ID`                                                                                        | [Additional configuration](https://go-acme.github.io/lego/dns/hyperone)         |
+| [Google Cloud DNS](https://cloud.google.com/dns/docs/)                 | `gcloud`           | `GCE_PROJECT`, Application Default Credentials [^2] [^3], [`GCE_SERVICE_ACCOUNT_FILE`]                                                      | [Additional configuration](https://go-acme.github.io/lego/dns/gcloud)           |
-| [IBM Cloud (SoftLayer)](https://www.ibm.com/cloud/)                                                | `ibmcloud`         | `SOFTLAYER_USERNAME`, `SOFTLAYER_API_KEY`                                                                                                   | [Additional configuration](https://go-acme.github.io/lego/dns/ibmcloud)         |
+| [Hetzner](https://hetzner.com)                                         | `hetzner`          | `HETZNER_API_KEY`                                                                                                                           | [Additional configuration](https://go-acme.github.io/lego/dns/hetzner)          |
-| [IIJ DNS Platform Service](https://www.iij.ad.jp)                                                  | `iijdpf`           | `IIJ_DPF_API_TOKEN` , `IIJ_DPF_DPM_SERVICE_CODE`                                                                                            | [Additional configuration](https://go-acme.github.io/lego/dns/iijdpf)           |
+| [hosting.de](https://www.hosting.de)                                   | `hostingde`        | `HOSTINGDE_API_KEY`, `HOSTINGDE_ZONE_NAME`                                                                                                  | [Additional configuration](https://go-acme.github.io/lego/dns/hostingde)        |
-| [IIJ](https://www.iij.ad.jp/)                                                                      | `iij`              | `IIJ_API_ACCESS_KEY`, `IIJ_API_SECRET_KEY`, `IIJ_DO_SERVICE_CODE`                                                                           | [Additional configuration](https://go-acme.github.io/lego/dns/iij)              |
+| [Hosttech](https://www.hosttech.eu)                                    | `hosttech`         | `HOSTTECH_API_KEY`                                                                                                                          | [Additional configuration](https://go-acme.github.io/lego/dns/hosttech)         |
-| [Infoblox](https://www.infoblox.com/)                                                              | `infoblox`         | `INFOBLOX_USERNAME`, `INFOBLOX_PASSWORD`, `INFOBLOX_HOST`                                                                                   | [Additional configuration](https://go-acme.github.io/lego/dns/infoblox)         |
+| [Hurricane Electric](https://dns.he.net)                               | `hurricane`        | `HURRICANE_TOKENS` [^6]                                                                                                                     | [Additional configuration](https://go-acme.github.io/lego/dns/hurricane)        |
-| [Infomaniak](https://www.infomaniak.com)                                                           | `infomaniak`       | `INFOMANIAK_ACCESS_TOKEN`                                                                                                                   | [Additional configuration](https://go-acme.github.io/lego/dns/infomaniak)       |
+| [HyperOne](https://www.hyperone.com)                                   | `hyperone`         | `HYPERONE_PASSPORT_LOCATION`, `HYPERONE_LOCATION_ID`                                                                                        | [Additional configuration](https://go-acme.github.io/lego/dns/hyperone)         |
-| [Internet.bs](https://internetbs.net)                                                              | `internetbs`       | `INTERNET_BS_API_KEY`, `INTERNET_BS_PASSWORD`                                                                                               | [Additional configuration](https://go-acme.github.io/lego/dns/internetbs)       |
+| [IBM Cloud (SoftLayer)](https://www.ibm.com/cloud/)                    | `ibmcloud`         | `SOFTLAYER_USERNAME`, `SOFTLAYER_API_KEY`                                                                                                   | [Additional configuration](https://go-acme.github.io/lego/dns/ibmcloud)         |
-| [INWX](https://www.inwx.de/en)                                                                     | `inwx`             | `INWX_USERNAME`, `INWX_PASSWORD`                                                                                                            | [Additional configuration](https://go-acme.github.io/lego/dns/inwx)             |
+| [IIJ DNS Platform Service](https://www.iij.ad.jp)                      | `iijdpf`           | `IIJ_DPF_API_TOKEN` , `IIJ_DPF_DPM_SERVICE_CODE`                                                                                            | [Additional configuration](https://go-acme.github.io/lego/dns/iijdpf)           |
-| [ionos](https://ionos.com/)                                                                        | `ionos`            | `IONOS_API_KEY`                                                                                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/ionos)            |
+| [IIJ](https://www.iij.ad.jp/)                                          | `iij`              | `IIJ_API_ACCESS_KEY`, `IIJ_API_SECRET_KEY`, `IIJ_DO_SERVICE_CODE`                                                                           | [Additional configuration](https://go-acme.github.io/lego/dns/iij)              |
-| [iwantmyname](https://iwantmyname.com)                                                             | `iwantmyname`      | `IWANTMYNAME_USERNAME` , `IWANTMYNAME_PASSWORD`                                                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/iwantmyname)      |
+| [Infoblox](https://www.infoblox.com/)                                  | `infoblox`         | `INFOBLOX_USERNAME`, `INFOBLOX_PASSWORD`, `INFOBLOX_HOST`                                                                                   | [Additional configuration](https://go-acme.github.io/lego/dns/infoblox)         |
-| [Joker.com](https://joker.com)                                                                     | `joker`            | `JOKER_API_MODE` with `JOKER_API_KEY` or `JOKER_USERNAME`, `JOKER_PASSWORD`                                                                 | [Additional configuration](https://go-acme.github.io/lego/dns/joker)            |
+| [Infomaniak](https://www.infomaniak.com)                               | `infomaniak`       | `INFOMANIAK_ACCESS_TOKEN`                                                                                                                   | [Additional configuration](https://go-acme.github.io/lego/dns/infomaniak)       |
-| [Lightsail](https://aws.amazon.com/lightsail/)                                                     | `lightsail`        | `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `DNS_ZONE`                                                                                    | [Additional configuration](https://go-acme.github.io/lego/dns/lightsail)        |
+| [Internet.bs](https://internetbs.net)                                  | `internetbs`       | `INTERNET_BS_API_KEY`, `INTERNET_BS_PASSWORD`                                                                                               | [Additional configuration](https://go-acme.github.io/lego/dns/internetbs)       |
-| [Linode v4](https://www.linode.com)                                                                | `linode`           | `LINODE_TOKEN`                                                                                                                              | [Additional configuration](https://go-acme.github.io/lego/dns/linode)           |
+| [INWX](https://www.inwx.de/en)                                         | `inwx`             | `INWX_USERNAME`, `INWX_PASSWORD`                                                                                                            | [Additional configuration](https://go-acme.github.io/lego/dns/inwx)             |
-| [Liquid Web](https://www.liquidweb.com/)                                                           | `liquidweb`        | `LIQUID_WEB_PASSWORD`, `LIQUID_WEB_USERNAME`, `LIQUID_WEB_ZONE`                                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/liquidweb)        |
+| [ionos](https://ionos.com/)                                            | `ionos`            | `IONOS_API_KEY`                                                                                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/ionos)            |
-| [Loopia](https://loopia.com/)                                                                      | `loopia`           | `LOOPIA_API_PASSWORD`, `LOOPIA_API_USER`                                                                                                    | [Additional configuration](https://go-acme.github.io/lego/dns/loopia)           |
+| [iwantmyname](https://iwantmyname.com)                                 | `iwantmyname`      | `IWANTMYNAME_USERNAME` , `IWANTMYNAME_PASSWORD`                                                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/iwantmyname)      |
-| [LuaDNS](https://luadns.com)                                                                       | `luadns`           | `LUADNS_API_USERNAME`, `LUADNS_API_TOKEN`                                                                                                   | [Additional configuration](https://go-acme.github.io/lego/dns/luadns)           |
+| [Joker.com](https://joker.com)                                         | `joker`            | `JOKER_API_MODE` with `JOKER_API_KEY` or `JOKER_USERNAME`, `JOKER_PASSWORD`                                                                 | [Additional configuration](https://go-acme.github.io/lego/dns/joker)            |
-| [MyDNS.jp](https://www.mydns.jp/)                                                                  | `mydnsjp`          | `MYDNSJP_MASTER_ID`, `MYDNSJP_PASSWORD`                                                                                                     | [Additional configuration](https://go-acme.github.io/lego/dns/mydnsjp)          |
+| [Liara](https://liara.ir)                                              | `liara`            | `LIARA_API_KEY`                                                                                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/liara)            |
-| [Mythic Beasts](https://www.mythic-beasts.com)                                                     | `mythicbeasts`     | `MYTHICBEASTS_USER_NAME`, `MYTHICBEASTS_PASSWORD`                                                                                           | [Additional configuration](https://go-acme.github.io/lego/dns/mythicbeasts)     |
+| [Lightsail](https://aws.amazon.com/lightsail/)                         | `lightsail`        | `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `DNS_ZONE`                                                                                    | [Additional configuration](https://go-acme.github.io/lego/dns/lightsail)        |
-| [name.com](https://www.name.com/)                                                                  | `namedotcom`       | `NAMECOM_USERNAME`, `NAMECOM_API_TOKEN`, `NAMECOM_SERVER`                                                                                   | [Additional configuration](https://go-acme.github.io/lego/dns/namedotcom)       |
+| [Linode v4](https://www.linode.com)                                    | `linode`           | `LINODE_TOKEN`                                                                                                                              | [Additional configuration](https://go-acme.github.io/lego/dns/linode)           |
-| [Namecheap](https://www.namecheap.com)                                                             | `namecheap`        | `NAMECHEAP_API_USER`, `NAMECHEAP_API_KEY`                                                                                                   | [Additional configuration](https://go-acme.github.io/lego/dns/namecheap)        |
+| [Liquid Web](https://www.liquidweb.com/)                               | `liquidweb`        | `LIQUID_WEB_PASSWORD`, `LIQUID_WEB_USERNAME`, `LIQUID_WEB_ZONE`                                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/liquidweb)        |
-| [Namesilo](https://www.namesilo.com/)                                                              | `namesilo`         | `NAMESILO_API_KEY`                                                                                                                          | [Additional configuration](https://go-acme.github.io/lego/dns/namesilo)         |
+| [Loopia](https://loopia.com/)                                          | `loopia`           | `LOOPIA_API_PASSWORD`, `LOOPIA_API_USER`                                                                                                    | [Additional configuration](https://go-acme.github.io/lego/dns/loopia)           |
-| [NearlyFreeSpeech.NET](https://www.nearlyfreespeech.net/)                                          | `nearlyfreespeech` | `NEARLYFREESPEECH_API_KEY`, `NEARLYFREESPEECH_LOGIN`                                                                                        | [Additional configuration](https://go-acme.github.io/lego/dns/nearlyfreespeech) |
+| [LuaDNS](https://luadns.com)                                           | `luadns`           | `LUADNS_API_USERNAME`, `LUADNS_API_TOKEN`                                                                                                   | [Additional configuration](https://go-acme.github.io/lego/dns/luadns)           |
-| [Netcup](https://www.netcup.eu/)                                                                   | `netcup`           | `NETCUP_CUSTOMER_NUMBER`, `NETCUP_API_KEY`, `NETCUP_API_PASSWORD`                                                                           | [Additional configuration](https://go-acme.github.io/lego/dns/netcup)           |
+| [MyDNS.jp](https://www.mydns.jp/)                                      | `mydnsjp`          | `MYDNSJP_MASTER_ID`, `MYDNSJP_PASSWORD`                                                                                                     | [Additional configuration](https://go-acme.github.io/lego/dns/mydnsjp)          |
-| [Netlify](https://www.netlify.com)                                                                 | `netlify`          | `NETLIFY_TOKEN`                                                                                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/netlify)          |
+| [Mythic Beasts](https://www.mythic-beasts.com)                         | `mythicbeasts`     | `MYTHICBEASTS_USER_NAME`, `MYTHICBEASTS_PASSWORD`                                                                                           | [Additional configuration](https://go-acme.github.io/lego/dns/mythicbeasts)     |
-| [Nicmanager](https://www.nicmanager.com)                                                           | `nicmanager`       | `NICMANAGER_API_EMAIL`, `NICMANAGER_API_PASSWORD`                                                                                           | [Additional configuration](https://go-acme.github.io/lego/dns/nicmanager)       |
+| [name.com](https://www.name.com/)                                      | `namedotcom`       | `NAMECOM_USERNAME`, `NAMECOM_API_TOKEN`, `NAMECOM_SERVER`                                                                                   | [Additional configuration](https://go-acme.github.io/lego/dns/namedotcom)       |
-| [NIFCloud](https://cloud.nifty.com/service/dns.htm)                                                | `nifcloud`         | `NIFCLOUD_ACCESS_KEY_ID`, `NIFCLOUD_SECRET_ACCESS_KEY`                                                                                      | [Additional configuration](https://go-acme.github.io/lego/dns/nifcloud)         |
+| [Namecheap](https://www.namecheap.com)                                 | `namecheap`        | `NAMECHEAP_API_USER`, `NAMECHEAP_API_KEY`                                                                                                   | [Additional configuration](https://go-acme.github.io/lego/dns/namecheap)        |
-| [Njalla](https://njal.la)                                                                          | `njalla`           | `NJALLA_TOKEN`                                                                                                                              | [Additional configuration](https://go-acme.github.io/lego/dns/njalla)           |
+| [Namesilo](https://www.namesilo.com/)                                  | `namesilo`         | `NAMESILO_API_KEY`                                                                                                                          | [Additional configuration](https://go-acme.github.io/lego/dns/namesilo)         |
-| [NS1](https://ns1.com/)                                                                            | `ns1`              | `NS1_API_KEY`                                                                                                                               | [Additional configuration](https://go-acme.github.io/lego/dns/ns1)              |
+| [NearlyFreeSpeech.NET](https://www.nearlyfreespeech.net/)              | `nearlyfreespeech` | `NEARLYFREESPEECH_API_KEY`, `NEARLYFREESPEECH_LOGIN`                                                                                        | [Additional configuration](https://go-acme.github.io/lego/dns/nearlyfreespeech) |
-| [Open Telekom Cloud](https://cloud.telekom.de)                                                     | `otc`              | `OTC_DOMAIN_NAME`, `OTC_USER_NAME`, `OTC_PASSWORD`, `OTC_PROJECT_NAME`, `OTC_IDENTITY_ENDPOINT`                                             | [Additional configuration](https://go-acme.github.io/lego/dns/otc)              |
+| [Netcup](https://www.netcup.eu/)                                       | `netcup`           | `NETCUP_CUSTOMER_NUMBER`, `NETCUP_API_KEY`, `NETCUP_API_PASSWORD`                                                                           | [Additional configuration](https://go-acme.github.io/lego/dns/netcup)           |
-| [Openstack Designate](https://docs.openstack.org/designate)                                        | `designate`        | `OS_AUTH_URL`, `OS_USERNAME`, `OS_PASSWORD`, `OS_TENANT_NAME`, `OS_REGION_NAME`                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/designate)        |
+| [Netlify](https://www.netlify.com)                                     | `netlify`          | `NETLIFY_TOKEN`                                                                                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/netlify)          |
-| [Oracle Cloud](https://cloud.oracle.com/home)                                                      | `oraclecloud`      | `OCI_COMPARTMENT_OCID`, `OCI_PRIVKEY_FILE`, `OCI_PRIVKEY_PASS`, `OCI_PUBKEY_FINGERPRINT`, `OCI_REGION`, `OCI_TENANCY_OCID`, `OCI_USER_OCID` | [Additional configuration](https://go-acme.github.io/lego/dns/oraclecloud)      |
+| [Nicmanager](https://www.nicmanager.com)                               | `nicmanager`       | `NICMANAGER_API_EMAIL`, `NICMANAGER_API_PASSWORD`                                                                                           | [Additional configuration](https://go-acme.github.io/lego/dns/nicmanager)       |
-| [OVH](https://www.ovh.com)                                                                         | `ovh`              | `OVH_ENDPOINT`, `OVH_APPLICATION_KEY`, `OVH_APPLICATION_SECRET`, `OVH_CONSUMER_KEY`                                                         | [Additional configuration](https://go-acme.github.io/lego/dns/ovh)              |
+| [NIFCloud](https://cloud.nifty.com/service/dns.htm)                    | `nifcloud`         | `NIFCLOUD_ACCESS_KEY_ID`, `NIFCLOUD_SECRET_ACCESS_KEY`                                                                                      | [Additional configuration](https://go-acme.github.io/lego/dns/nifcloud)         |
-| [Porkbun](https://porkbun.com/)                                                                    | `porkbun`          | `PORKBUN_SECRET_API_KEY`, `PORKBUN_API_KEY`                                                                                                 | [Additional configuration](https://go-acme.github.io/lego/dns/porkbun)          |
+| [Njalla](https://njal.la)                                              | `njalla`           | `NJALLA_TOKEN`                                                                                                                              | [Additional configuration](https://go-acme.github.io/lego/dns/njalla)           |
-| [PowerDNS](https://www.powerdns.com)                                                               | `pdns`             | `PDNS_API_KEY`, `PDNS_API_URL`                                                                                                              | [Additional configuration](https://go-acme.github.io/lego/dns/pdns)             |
+| [Nodion](https://www.nodion.com)                                       | `nodion`           | `NODION_API_TOKEN`                                                                                                                          | [Additional configuration](https://go-acme.github.io/lego/dns/nodion)           |
-| [Rackspace](https://www.rackspace.com/cloud/dns)                                                   | `rackspace`        | `RACKSPACE_USER`, `RACKSPACE_API_KEY`                                                                                                       | [Additional configuration](https://go-acme.github.io/lego/dns/rackspace)        |
+| [NS1](https://ns1.com/)                                                | `ns1`              | `NS1_API_KEY`                                                                                                                               | [Additional configuration](https://go-acme.github.io/lego/dns/ns1)              |
-| [reg.ru](https://www.reg.ru)                                                                       | `regru`            | `REGRU_USERNAME`, `REGRU_PASSWORD`                                                                                                          | [Additional configuration](https://go-acme.github.io/lego/dns/regru)            |
+| [Open Telekom Cloud](https://cloud.telekom.de)                         | `otc`              | `OTC_DOMAIN_NAME`, `OTC_USER_NAME`, `OTC_PASSWORD`, `OTC_PROJECT_NAME`, `OTC_IDENTITY_ENDPOINT`                                             | [Additional configuration](https://go-acme.github.io/lego/dns/otc)              |
-| [RFC2136](https://tools.ietf.org/html/rfc2136)                                                     | `rfc2136`          | `RFC2136_TSIG_KEY`, `RFC2136_TSIG_SECRET`, `RFC2136_TSIG_ALGORITHM`, `RFC2136_NAMESERVER`                                                   | [Additional configuration](https://go-acme.github.io/lego/dns/rfc2136)          |
+| [Openstack Designate](https://docs.openstack.org/designate)            | `designate`        | `OS_AUTH_URL`, `OS_USERNAME`, `OS_PASSWORD`, `OS_TENANT_NAME`, `OS_REGION_NAME`                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/designate)        |
-| [RimuHosting](https://rimuhosting.com)                                                             | `rimuhosting`      | `RIMUHOSTING_API_KEY`                                                                                                                       | [Additional configuration](https://go-acme.github.io/lego/dns/rimuhosting)      |
+| [Oracle Cloud](https://cloud.oracle.com/home)                          | `oraclecloud`      | `OCI_COMPARTMENT_OCID`, `OCI_PRIVKEY_FILE`, `OCI_PRIVKEY_PASS`, `OCI_PUBKEY_FINGERPRINT`, `OCI_REGION`, `OCI_TENANCY_OCID`, `OCI_USER_OCID` | [Additional configuration](https://go-acme.github.io/lego/dns/oraclecloud)      |
-| [Route 53](https://aws.amazon.com/route53/)                                                        | `route53`          | `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `[AWS_REGION]`, `[AWS_HOSTED_ZONE_ID]` or a configured user/instance IAM profile.             | [Additional configuration](https://go-acme.github.io/lego/dns/route53)          |
+| [OVH](https://www.ovh.com)                                             | `ovh`              | `OVH_ENDPOINT`, `OVH_APPLICATION_KEY`, `OVH_APPLICATION_SECRET`, `OVH_CONSUMER_KEY`                                                         | [Additional configuration](https://go-acme.github.io/lego/dns/ovh)              |
-| [Sakura Cloud](https://cloud.sakura.ad.jp/)                                                        | `sakuracloud`      | `SAKURACLOUD_ACCESS_TOKEN`, `SAKURACLOUD_ACCESS_TOKEN_SECRET`                                                                               | [Additional configuration](https://go-acme.github.io/lego/dns/sakuracloud)      |
+| [Plesk](https://www.plesk.com)                                         | `plesk`            | `PLESK_SERVER_BASE_URL`, `PLESK_USERNAME`, `PLESK_PASSWORD`                                                                                 | [Additional configuration](https://go-acme.github.io/lego/dns/plesk)            |
-| [Scaleway](https://www.scaleway.com)                                                               | `scaleway`         | `SCALEWAY_API_TOKEN`                                                                                                                        | [Additional configuration](https://go-acme.github.io/lego/dns/scaleway)         |
+| [Porkbun](https://porkbun.com/)                                        | `porkbun`          | `PORKBUN_SECRET_API_KEY`, `PORKBUN_API_KEY`                                                                                                 | [Additional configuration](https://go-acme.github.io/lego/dns/porkbun)          |
-| [Selectel](https://selectel.ru/en/)                                                                | `selectel`         | `SELECTEL_API_TOKEN`                                                                                                                        | [Additional configuration](https://go-acme.github.io/lego/dns/selectel)         |
+| [PowerDNS](https://www.powerdns.com)                                   | `pdns`             | `PDNS_API_KEY`, `PDNS_API_URL`                                                                                                              | [Additional configuration](https://go-acme.github.io/lego/dns/pdns)             |
-| [Servercow](https://servercow.de)                                                                  | `servercow`        | `SERVERCOW_USERNAME`, `SERVERCOW_PASSWORD`                                                                                                  | [Additional configuration](https://go-acme.github.io/lego/dns/servercow)        |
+| [Rackspace](https://www.rackspace.com/cloud/dns)                       | `rackspace`        | `RACKSPACE_USER`, `RACKSPACE_API_KEY`                                                                                                       | [Additional configuration](https://go-acme.github.io/lego/dns/rackspace)        |
-| [Simply.com](https://www.simply.com/en/domains/)                                                   | `simply`           | `SIMPLY_ACCOUNT_NAME`, `SIMPLY_API_KEY`                                                                                                     | [Additional configuration](https://go-acme.github.io/lego/dns/simply)           |
+| [reg.ru](https://www.reg.ru)                                           | `regru`            | `REGRU_USERNAME`, `REGRU_PASSWORD`                                                                                                          | [Additional configuration](https://go-acme.github.io/lego/dns/regru)            |
-| [Sonic](https://www.sonic.com/)                                                                    | `sonic`            | `SONIC_USER_ID`, `SONIC_API_KEY`                                                                                                            | [Additional configuration](https://go-acme.github.io/lego/dns/sonic)            |
+| [RFC2136](https://tools.ietf.org/html/rfc2136)                         | `rfc2136`          | `RFC2136_TSIG_KEY`, `RFC2136_TSIG_SECRET`, `RFC2136_TSIG_ALGORITHM`, `RFC2136_NAMESERVER`                                                   | [Additional configuration](https://go-acme.github.io/lego/dns/rfc2136)          |
-| [Stackpath](https://www.stackpath.com/)                                                            | `stackpath`        | `STACKPATH_CLIENT_ID`, `STACKPATH_CLIENT_SECRET`, `STACKPATH_STACK_ID`                                                                      | [Additional configuration](https://go-acme.github.io/lego/dns/stackpath)        |
+| [RimuHosting](https://rimuhosting.com)                                 | `rimuhosting`      | `RIMUHOSTING_API_KEY`                                                                                                                       | [Additional configuration](https://go-acme.github.io/lego/dns/rimuhosting)      |
-| [Tencent Cloud DNS](https://cloud.tencent.com/product/cns)                                         | `tencentcloud`     | `TENCENTCLOUD_SECRET_ID`, `TENCENTCLOUD_SECRET_KEY`                                                                                         | [Additional configuration](https://go-acme.github.io/lego/dns/tencentcloud)     |
+| [Route 53](https://aws.amazon.com/route53/)                            | `route53`          | `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `[AWS_REGION]`, `[AWS_HOSTED_ZONE_ID]` or a configured user/instance IAM profile.             | [Additional configuration](https://go-acme.github.io/lego/dns/route53)          |
-| [TransIP](https://www.transip.nl/)                                                                 | `transip`          | `TRANSIP_ACCOUNT_NAME`, `TRANSIP_PRIVATE_KEY_PATH`                                                                                          | [Additional configuration](https://go-acme.github.io/lego/dns/transip)          |
+| [Sakura Cloud](https://cloud.sakura.ad.jp/)                            | `sakuracloud`      | `SAKURACLOUD_ACCESS_TOKEN`, `SAKURACLOUD_ACCESS_TOKEN_SECRET`                                                                               | [Additional configuration](https://go-acme.github.io/lego/dns/sakuracloud)      |
-| [UKFast SafeDNS](https://www.ans.co.uk/cloud-and-infrastructure/dedicated-servers/dns-management/) | `safedns`          | `SAFEDNS_AUTH_TOKEN`                                                                                                                        | [Additional configuration](https://go-acme.github.io/lego/dns/safedns)          |
+| [Scaleway](https://www.scaleway.com)                                   | `scaleway`         | `SCALEWAY_API_TOKEN`                                                                                                                        | [Additional configuration](https://go-acme.github.io/lego/dns/scaleway)         |
-| [Variomedia](https://www.variomedia.de/)                                                           | `variomedia`       | `VARIOMEDIA_API_TOKEN`                                                                                                                      | [Additional configuration](https://go-acme.github.io/lego/dns/variomedia)       |
+| [Selectel](https://selectel.ru/en/)                                    | `selectel`         | `SELECTEL_API_TOKEN`                                                                                                                        | [Additional configuration](https://go-acme.github.io/lego/dns/selectel)         |
-| [VegaDNS](https://github.com/shupp/VegaDNS-API)                                                    | `vegadns`          | `SECRET_VEGADNS_KEY`, `SECRET_VEGADNS_SECRET`, `VEGADNS_URL`                                                                                | [Additional configuration](https://go-acme.github.io/lego/dns/vegadns)          |
+| [Servercow](https://servercow.de)                                      | `servercow`        | `SERVERCOW_USERNAME`, `SERVERCOW_PASSWORD`                                                                                                  | [Additional configuration](https://go-acme.github.io/lego/dns/servercow)        |
-| [Vercel](https://vercel.com)                                                                       | `vercel`           | `VERCEL_API_TOKEN`                                                                                                                          | [Additional configuration](https://go-acme.github.io/lego/dns/vercel)           |
+| [Simply.com](https://www.simply.com/en/domains/)                       | `simply`           | `SIMPLY_ACCOUNT_NAME`, `SIMPLY_API_KEY`                                                                                                     | [Additional configuration](https://go-acme.github.io/lego/dns/simply)           |
-| [Versio](https://www.versio.nl/domeinnamen)                                                        | `versio`           | `VERSIO_USERNAME`, `VERSIO_PASSWORD`                                                                                                        | [Additional configuration](https://go-acme.github.io/lego/dns/versio)           |
+| [Sonic](https://www.sonic.com/)                                        | `sonic`            | `SONIC_USER_ID`, `SONIC_API_KEY`                                                                                                            | [Additional configuration](https://go-acme.github.io/lego/dns/sonic)            |
-| [VinylDNS](https://www.vinyldns.io)                                                                | `vinyldns`         | `VINYLDNS_ACCESS_KEY`, `VINYLDNS_SECRET_KEY`, `VINYLDNS_HOST`                                                                               | [Additional configuration](https://go-acme.github.io/lego/dns/vinyldns)         |
+| [Stackpath](https://www.stackpath.com/)                                | `stackpath`        | `STACKPATH_CLIENT_ID`, `STACKPATH_CLIENT_SECRET`, `STACKPATH_STACK_ID`                                                                      | [Additional configuration](https://go-acme.github.io/lego/dns/stackpath)        |
-| [VK Cloud](https://mcs.mail.ru/)                                                                   | `vkcloud`          | `VK_CLOUD_PASSWORD`, `VK_CLOUD_PROJECT_ID`, `VK_CLOUD_USERNAME`                                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/vkcloud)          |
+| [Tencent Cloud DNS](https://cloud.tencent.com/product/cns)             | `tencentcloud`     | `TENCENTCLOUD_SECRET_ID`, `TENCENTCLOUD_SECRET_KEY`                                                                                         | [Additional configuration](https://go-acme.github.io/lego/dns/tencentcloud)     |
-| [Vscale](https://vscale.io/)                                                                       | `vscale`           | `VSCALE_API_TOKEN`                                                                                                                          | [Additional configuration](https://go-acme.github.io/lego/dns/vscale)           |
+| [TransIP](https://www.transip.nl/)                                     | `transip`          | `TRANSIP_ACCOUNT_NAME`, `TRANSIP_PRIVATE_KEY_PATH`                                                                                          | [Additional configuration](https://go-acme.github.io/lego/dns/transip)          |
-| [VULTR](https://www.vultr.com)                                                                     | `vultr`            | `VULTR_API_KEY`                                                                                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/vultr)            |
+| [UKFast SafeDNS](https://docs.ukfast.co.uk/domains/safedns/index.html) | `safedns`          | `SAFEDNS_AUTH_TOKEN`                                                                                                                        | [Additional configuration](https://go-acme.github.io/lego/dns/safedns)          |
-| [WEDOS](https://www.wedos.com)                                                                     | `wedos`            | `WEDOS_USERNAME`, `WEDOS_WAPI_PASSWORD`                                                                                                     | [Additional configuration](https://go-acme.github.io/lego/dns/wedos)            |
+| [Ultradns](https://neustarsecurityservices.com/dns-services)           | `ultradns`         | `ULTRADNS_USERNAME`, `ULTRADNS_PASSWORD`                                                                                                    | [Additional configuration](https://go-acme.github.io/lego/dns/ultradns)         |
-| [Yandex Cloud](https://cloud.yandex.com/en/)                                                       | `yandexcloud`      | `YANDEX_CLOUD_FOLDER_ID`, `YANDEX_CLOUD_IAM_TOKEN`                                                                                          | [Additional configuration](https://go-acme.github.io/lego/dns/yandexcloud)      |
+| [Variomedia](https://www.variomedia.de/)                               | `variomedia`       | `VARIOMEDIA_API_TOKEN`                                                                                                                      | [Additional configuration](https://go-acme.github.io/lego/dns/variomedia)       |
-| [Yandex](https://yandex.com)                                                                       | `yandex`           | `YANDEX_PDD_TOKEN`                                                                                                                          | [Additional configuration](https://go-acme.github.io/lego/dns/yandex)           |
+| [VegaDNS](https://github.com/shupp/VegaDNS-API)                        | `vegadns`          | `SECRET_VEGADNS_KEY`, `SECRET_VEGADNS_SECRET`, `VEGADNS_URL`                                                                                | [Additional configuration](https://go-acme.github.io/lego/dns/vegadns)          |
-| [Zone.ee](https://www.zone.ee)                                                                     | `zoneee`           | `ZONEEE_API_USER`, `ZONEEE_API_KEY`                                                                                                         | [Additional configuration](https://go-acme.github.io/lego/dns/zoneee)           |
+| [Vercel](https://vercel.com)                                           | `vercel`           | `VERCEL_API_TOKEN`                                                                                                                          | [Additional configuration](https://go-acme.github.io/lego/dns/vercel)           |
-| [Zonomi](https://zonomi.com)                                                                       | `zonomi`           | `ZONOMI_API_KEY`                                                                                                                            | [Additional configuration](https://go-acme.github.io/lego/dns/zonomi)           |
+| [Versio](https://www.versio.nl/domeinnamen)                            | `versio`           | `VERSIO_USERNAME`, `VERSIO_PASSWORD`                                                                                                        | [Additional configuration](https://go-acme.github.io/lego/dns/versio)           |
-| External Program                                                                                   | `exec`             | `EXEC_PATH`                                                                                                                                 | [Additional configuration](https://go-acme.github.io/lego/dns/exec)             |
+| [VinylDNS](https://www.vinyldns.io)                                    | `vinyldns`         | `VINYLDNS_ACCESS_KEY`, `VINYLDNS_SECRET_KEY`, `VINYLDNS_HOST`                                                                               | [Additional configuration](https://go-acme.github.io/lego/dns/vinyldns)         |
-| HTTP request                                                                                       | `httpreq`          | `HTTPREQ_ENDPOINT`, `HTTPREQ_MODE`, `HTTPREQ_USERNAME`, `HTTPREQ_PASSWORD` [^1]                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/httpreq)          |
+| [VK Cloud](https://mcs.mail.ru/)                                       | `vkcloud`          | `VK_CLOUD_PASSWORD`, `VK_CLOUD_PROJECT_ID`, `VK_CLOUD_USERNAME`                                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/vkcloud)          |
-| manual                                                                                             | `manual`           | none, but you need to run Traefik interactively [^4], turn on debug log to see instructions and press <kbd>Enter</kbd>.                     |                                                                                 |
+| [Vscale](https://vscale.io/)                                           | `vscale`           | `VSCALE_API_TOKEN`                                                                                                                          | [Additional configuration](https://go-acme.github.io/lego/dns/vscale)           |
 | [VULTR](https://www.vultr.com)                                         | `vultr`            | `VULTR_API_KEY`                                                                                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/vultr)            |
 | [Websupport](https://websupport.sk)                                    | `websupport`       | `WEBSUPPORT_API_KEY`, `WEBSUPPORT_SECRET`                                                                                                   | [Additional configuration](https://go-acme.github.io/lego/dns/websupport)       |
 | [WEDOS](https://www.wedos.com)                                         | `wedos`            | `WEDOS_USERNAME`, `WEDOS_WAPI_PASSWORD`                                                                                                     | [Additional configuration](https://go-acme.github.io/lego/dns/wedos)            |
 | [Yandex Cloud](https://cloud.yandex.com/en/)                           | `yandexcloud`      | `YANDEX_CLOUD_FOLDER_ID`, `YANDEX_CLOUD_IAM_TOKEN`                                                                                          | [Additional configuration](https://go-acme.github.io/lego/dns/yandexcloud)      |
 | [Yandex](https://yandex.com)                                           | `yandex`           | `YANDEX_PDD_TOKEN`                                                                                                                          | [Additional configuration](https://go-acme.github.io/lego/dns/yandex)           |
 | [Zone.ee](https://www.zone.ee)                                         | `zoneee`           | `ZONEEE_API_USER`, `ZONEEE_API_KEY`                                                                                                         | [Additional configuration](https://go-acme.github.io/lego/dns/zoneee)           |
 | [Zonomi](https://zonomi.com)                                           | `zonomi`           | `ZONOMI_API_KEY`                                                                                                                            | [Additional configuration](https://go-acme.github.io/lego/dns/zonomi)           |
 | External Program                                                       | `exec`             | `EXEC_PATH`                                                                                                                                 | [Additional configuration](https://go-acme.github.io/lego/dns/exec)             |
 | HTTP request                                                           | `httpreq`          | `HTTPREQ_ENDPOINT`, `HTTPREQ_MODE`, `HTTPREQ_USERNAME`, `HTTPREQ_PASSWORD` [^1]                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/httpreq)          |
 | manual                                                                 | `manual`           | none, but you need to run Traefik interactively [^4], turn on debug log to see instructions and press <kbd>Enter</kbd>.                     |                                                                                 |
 [^1]: More information about the HTTP message format can be found [here](https://go-acme.github.io/lego/dns/httpreq/).
 [^2]: [Providing credentials to your application](https://cloud.google.com/docs/authentication/production).
--- a/docs/content/https/include-acme-multiple-domains-example.md
+++ b/docs/content/https/include-acme-multiple-domains-example.md
@@ -1,5 +1,5 @@
-```yaml tab="Docker"
+```yaml tab="Docker & Swarm"
 ## Dynamic configuration
 labels:
  - traefik.http.routers.blog.rule=Host(`example.com`) && Path(`/blog`)
@@ -22,7 +22,7 @@ deploy:
 ```
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
  name: blogtls
@@ -43,27 +43,6 @@ spec:
      - '*.example.org'
 ```
 ```json tab="Marathon"
 labels: {
  "traefik.http.routers.blog.rule": "Host(`example.com`) && Path(`/blog`)",
  "traefik.http.routers.blog.tls": "true",
  "traefik.http.routers.blog.tls.certresolver": "myresolver",
  "traefik.http.routers.blog.tls.domains[0].main": "example.com",
  "traefik.http.routers.blog.tls.domains[0].sans": "*.example.com",
  "traefik.http.services.blog-svc.loadbalancer.server.port": "8080"
 }
 ```
 ```yaml tab="Rancher"
 ## Dynamic configuration
 labels:
  - traefik.http.routers.blog.rule=Host(`example.com`) && Path(`/blog`)
  - traefik.http.routers.blog.tls=true
  - traefik.http.routers.blog.tls.certresolver=myresolver
  - traefik.http.routers.blog.tls.domains[0].main=example.org
  - traefik.http.routers.blog.tls.domains[0].sans=*.example.org
 ```
 ```yaml tab="File (YAML)"
 ## Dynamic configuration
 http:
--- a/docs/content/https/include-acme-multiple-domains-from-rule-example.md
+++ b/docs/content/https/include-acme-multiple-domains-from-rule-example.md
@@ -1,5 +1,5 @@
-```yaml tab="Docker"
+```yaml tab="Docker & Swarm"
 ## Dynamic configuration
 labels:
  - traefik.http.routers.blog.rule=(Host(`example.com`) && Path(`/blog`)) || Host(`blog.example.org`)
@@ -18,7 +18,7 @@ deploy:
 ```
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
  name: blogtls
@@ -35,23 +35,6 @@ spec:
    certResolver: myresolver
 ```
 ```json tab="Marathon"
 labels: {
  "traefik.http.routers.blog.rule": "(Host(`example.com`) && Path(`/blog`)) || Host(`blog.example.org`)",
  "traefik.http.routers.blog.tls": "true",
  "traefik.http.routers.blog.tls.certresolver": "myresolver",
  "traefik.http.services.blog-svc.loadbalancer.server.port": "8080"
 }
 ```
 ```yaml tab="Rancher"
 ## Dynamic configuration
 labels:
  - traefik.http.routers.blog.rule=(Host(`example.com`) && Path(`/blog`)) || Host(`blog.example.org`)
  - traefik.http.routers.blog.tls=true
  - traefik.http.routers.blog.tls.certresolver=myresolver
 ```
 ```yaml tab="File (YAML)"
 ## Dynamic configuration
 http:
--- a/docs/content/https/include-acme-single-domain-example.md
+++ b/docs/content/https/include-acme-single-domain-example.md
@@ -1,5 +1,5 @@
-```yaml tab="Docker"
+```yaml tab="Docker & Swarm"
 ## Dynamic configuration
 labels:
  - traefik.http.routers.blog.rule=Host(`example.com`) && Path(`/blog`)
@@ -18,7 +18,7 @@ deploy:
 ```
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
  name: blogtls
@@ -35,23 +35,6 @@ spec:
    certResolver: myresolver
 ```
 ```json tab="Marathon"
 labels: {
  "traefik.http.routers.blog.rule": "Host(`example.com`) && Path(`/blog`)",
  "traefik.http.routers.blog.tls": "true",
  "traefik.http.routers.blog.tls.certresolver": "myresolver",
  "traefik.http.services.blog-svc.loadbalancer.server.port": "8080"
 }
 ```
 ```yaml tab="Rancher"
 ## Dynamic configuration
 labels:
  - traefik.http.routers.blog.rule=Host(`example.com`) && Path(`/blog`)
  - traefik.http.routers.blog.tls=true
  - traefik.http.routers.blog.tls.certresolver=myresolver
 ```
 ```yaml tab="File (YAML)"
 ## Dynamic configuration
 http:
--- a/docs/content/https/spiffe.md
+++ b/docs/content/https/spiffe.md
@@ -28,7 +28,9 @@ The `workloadAPIAddr` configuration defines the address of the SPIFFE [Workload
 !!! info "Enabling SPIFFE in ServersTransports"
    Enabling SPIFFE does not imply that backend connections are going to use it automatically.
-    Each [ServersTransport](../routing/services/index.md#serverstransport_1) that is meant to be secured with SPIFFE must [explicitly](../routing/services/index.md#spiffe) enable it.
+    Each [ServersTransport](../routing/services/index.md#serverstransport_1) or [TCPServersTransport](../routing/services/index.md#serverstransport_2),
 	that is meant to be secured with SPIFFE,
 	must explicitly enable it (see [SPIFFE with ServersTransport](../routing/services/index.md#spiffe) or [SPIFFE with TCPServersTransport](../routing/services/index.md#spiffe_1)).
 !!! warning "SPIFFE can cause Traefik to stall"
 	When using SPIFFE,
--- a/docs/content/https/tailscale.md
+++ b/docs/content/https/tailscale.md
@@ -87,7 +87,7 @@ A certificate resolver requests certificates for a set of domain names inferred
 !!! example "Domain from Router's Rule Example"
-    ```yaml tab="Docker"
+    ```yaml tab="Docker & Swarm"
    ## Dynamic configuration
    labels:
      - traefik.http.routers.blog.rule=Host(`monitoring.yak-bebop.ts.net`) && Path(`/metrics`)
@@ -103,7 +103,7 @@ A certificate resolver requests certificates for a set of domain names inferred
    ```
    ```yaml tab="Kubernetes"
-    apiVersion: traefik.containo.us/v1alpha1
+    apiVersion: traefik.io/v1alpha1
    kind: IngressRoute
    metadata:
      name: blogtls
@@ -120,20 +120,6 @@ A certificate resolver requests certificates for a set of domain names inferred
        certResolver: myresolver
    ```
    ```json tab="Marathon"
    labels: {
      "traefik.http.routers.blog.rule": "Host(`monitoring.yak-bebop.ts.net`) && Path(`/metrics`)",
      "traefik.http.routers.blog.tls.certresolver": "myresolver",
    }
    ```
    ```yaml tab="Rancher"
    ## Dynamic configuration
    labels:
      - traefik.http.routers.blog.rule=Host(`monitoring.yak-bebop.ts.net`) && Path(`/metrics`)
      - traefik.http.routers.blog.tls.certresolver=myresolver
    ```
    ```yaml tab="File (YAML)"
    ## Dynamic configuration
    http:
@@ -155,7 +141,7 @@ A certificate resolver requests certificates for a set of domain names inferred
 !!! example "Domain from Router's tls.domain Example"
-    ```yaml tab="Docker"
+    ```yaml tab="Docker & Swarm"
    ## Dynamic configuration
    labels:
      - traefik.http.routers.blog.rule=Path(`/metrics`)
@@ -173,7 +159,7 @@ A certificate resolver requests certificates for a set of domain names inferred
    ```
    ```yaml tab="Kubernetes"
-    apiVersion: traefik.containo.us/v1alpha1
+    apiVersion: traefik.io/v1alpha1
    kind: IngressRoute
    metadata:
      name: blogtls
@@ -192,22 +178,6 @@ A certificate resolver requests certificates for a set of domain names inferred
          - main: monitoring.yak-bebop.ts.net
    ```
    ```json tab="Marathon"
    labels: {
      "traefik.http.routers.blog.rule": "Path(`/metrics`)",
      "traefik.http.routers.blog.tls.certresolver": "myresolver",
      "traefik.http.routers.blog.tls.domains[0].main": "monitoring.yak-bebop.ts.net",
    }
    ```
    ```yaml tab="Rancher"
    ## Dynamic configuration
    labels:
      - traefik.http.routers.blog.rule=Path(`/metrics`)
      - traefik.http.routers.blog.tls.certresolver=myresolver
      - traefik.http.routers.blog.tls.domains[0].main=monitoring.yak-bebop.ts.net
    ```
    ```yaml tab="File (YAML)"
    ## Dynamic configuration
    http:
--- a/docs/content/https/tls.md
+++ b/docs/content/https/tls.md
@@ -134,7 +134,7 @@ tls:
 ```
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: TLSStore
 metadata:
  name: default
@@ -195,7 +195,7 @@ tls:
 ```
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: TLSStore
 metadata:
  name: default
@@ -211,7 +211,7 @@ spec:
        - bar.example.org
 ```
-```yaml tab="Docker"
+```yaml tab="Docker & Swarm"
 ## Dynamic configuration
 labels:
  - "traefik.tls.stores.default.defaultgeneratedcert.resolver=myresolver"
@@ -219,14 +219,6 @@ labels:
  - "traefik.tls.stores.default.defaultgeneratedcert.domain.sans=foo.example.org, bar.example.org"
 ```
 ```json tab="Marathon"
 labels: {
  "traefik.tls.stores.default.defaultgeneratedcert.resolver": "myresolver",
  "traefik.tls.stores.default.defaultgeneratedcert.domain.main": "example.org",
  "traefik.tls.stores.default.defaultgeneratedcert.domain.sans": "foo.example.org, bar.example.org",
 }
 ```
 ## TLS Options
 The TLS options allow one to configure some parameters of the TLS connection.
@@ -277,7 +269,7 @@ tls:
 ```
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: TLSOption
 metadata:
  name: default
@@ -287,7 +279,7 @@ spec:
  minVersion: VersionTLS12
 ---
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: TLSOption
 metadata:
  name: mintls13
@@ -328,7 +320,7 @@ tls:
 ```
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: TLSOption
 metadata:
  name: default
@@ -338,7 +330,7 @@ spec:
  maxVersion: VersionTLS13
 ---
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: TLSOption
 metadata:
  name: maxtls12
@@ -373,7 +365,7 @@ tls:
 ```
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: TLSOption
 metadata:
  name: default
@@ -418,7 +410,7 @@ tls:
 ```
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: TLSOption
 metadata:
  name: default
@@ -454,7 +446,7 @@ tls:
 ```
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: TLSOption
 metadata:
  name: default
@@ -493,7 +485,7 @@ tls:
 ```
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: TLSOption
 metadata:
  name: default
@@ -509,15 +501,17 @@ spec:
 Traefik supports mutual authentication, through the `clientAuth` section.
-For authentication policies that require verification of the client certificate, the certificate authority for the certificate should be set in `clientAuth.caFiles`.
+For authentication policies that require verification of the client certificate, the certificate authority for the certificates should be set in `clientAuth.caFiles`.
 In Kubernetes environment, CA certificate can be set in `clientAuth.secretNames`. See [TLSOption resource](../../routing/providers/kubernetes-crd#kind-tlsoption) for more details.
 The `clientAuth.clientAuthType` option governs the behaviour as follows:
 - `NoClientCert`: disregards any client certificate.
 - `RequestClientCert`: asks for a certificate but proceeds anyway if none is provided.
- `RequireAnyClientCert`: requires a certificate but does not verify if it is signed by a CA listed in `clientAuth.caFiles`.
+- `RequireAnyClientCert`: requires a certificate but does not verify if it is signed by a CA listed in `clientAuth.caFiles` or in `clientAuth.secretNames`.
- `VerifyClientCertIfGiven`: if a certificate is provided, verifies if it is signed by a CA listed in `clientAuth.caFiles`. Otherwise proceeds without any certificate.
+- `VerifyClientCertIfGiven`: if a certificate is provided, verifies if it is signed by a CA listed in `clientAuth.caFiles` or in `clientAuth.secretNames`. Otherwise proceeds without any certificate.
- `RequireAndVerifyClientCert`: requires a certificate, which must be signed by a CA listed in `clientAuth.caFiles`.
+- `RequireAndVerifyClientCert`: requires a certificate, which must be signed by a CA listed in `clientAuth.caFiles` or in `clientAuth.secretNames`.
 ```yaml tab="File (YAML)"
 # Dynamic configuration
@@ -545,7 +539,7 @@ tls:
 ```
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: TLSOption
 metadata:
  name: default
--- a/docs/content/includes/kubernetes-requirements.md
+++ b/docs/content/includes/kubernetes-requirements.md
@@ -0,0 +1,3 @@
 Traefik follows the [Kubernetes support policy](https://kubernetes.io/releases/version-skew-policy/#supported-versions),
 and supports at least the latest three minor versions of Kubernetes.
 General functionality cannot be guaranteed for versions older than that.
--- a/docs/content/includes/traefik-api-management-kubernetes.md
+++ b/docs/content/includes/traefik-api-management-kubernetes.md
@@ -0,0 +1,11 @@
 ---
 !!! question "Managing APIs in Kubernetes?"
    If your organization is publishing, securing, and managing APIs, consider [Traefik Hub](https://traefik.io/traefik-hub/) for your API management solution.
    - K8s services auto-discovery, 100% CRDs configuration, & full GitOps compliance
    - Centralized control plane for all APIs, users, & infrastructure components
    - Self-serve API portal with API discovery, documentation, testing, & access control
    Traefik Hub makes managing APIs easier than ever before. See for yourself in this [short video walkthrough](https://info.traefik.io/watch-traefik-hub-demo).
--- a/docs/content/includes/traefik-for-business-applications.md
+++ b/docs/content/includes/traefik-for-business-applications.md
@@ -2,15 +2,10 @@
 !!! question "Using Traefik for Business Applications?"
-    If you are using Traefik for commercial applications,
+    If you are using Traefik in your organization, consider [Traefik Enterprise](https://traefik.io/traefik-enterprise/). You can use it as your:
    consider the [Enterprise Edition](https://traefik.io/traefik-enterprise/).
    You can use it as your:
    - [API Gateway](https://traefik.io/solutions/api-gateway/)
    - [Kubernetes Ingress Controller](https://traefik.io/solutions/kubernetes-ingress/)
    - [Docker Swarm Ingress Controller](https://traefik.io/solutions/docker-swarm-ingress/)
    - [API Gateway](https://traefik.io/solutions/api-gateway/)
-    Traefik Enterprise enables centralized access management,
+    Traefik Enterprise simplifies the discovery, security, and deployment of APIs and microservices across any environment. See it in action in [this short video walkthrough](https://info.traefik.io/watch-traefikee-demo).
    distributed Let's Encrypt,
    and other advanced capabilities.
    Learn more in [this 15-minute technical walkthrough](https://info.traefik.io/watch-traefikee-demo).
--- a/docs/content/index.md
+++ b/docs/content/index.md
@@ -13,7 +13,7 @@ It receives requests on behalf of your system and finds out which components are
 What sets Traefik apart, besides its many features, is that it automatically discovers the right configuration for your services. 
 The magic happens when Traefik inspects your infrastructure, where it finds relevant information and discovers which service serves which request. 
-Traefik is natively compliant with every major cluster technology, such as Kubernetes, Docker, Docker Swarm, AWS, Mesos, Marathon, and [the list goes on](providers/overview.md); and can handle many at the same time. (It even works for legacy software running on bare metal.)
+Traefik is natively compliant with every major cluster technology, such as Kubernetes, Docker, Docker Swarm, AWS, and [the list goes on](providers/overview.md); and can handle many at the same time. (It even works for legacy software running on bare metal.)
 With Traefik, there is no need to maintain and synchronize a separate configuration file: everything happens automatically, in real time (no restarts, no connection interruptions).
 With Traefik, you spend time developing and deploying new features to your system, not on configuring and maintaining its working state.   
@@ -24,10 +24,8 @@ Developing Traefik, our main goal is to make it simple to use, and we're sure yo
 !!! info
-    Join our user friendly and active [Community Forum](https://community.traefik.io) to discuss, learn, and connect with the traefik community.
+    Join our user friendly and active [Community Forum](https://community.traefik.io "Link to Traefik Community Forum") to discuss, learn, and connect with the traefik community.
-    
+
-    Using Traefik for commercial applications?
+    Using Traefik in your organization? Consider [Traefik Enterprise](https://traefik.io/traefik-enterprise/ "Lino to Traefik Enterprise"), our unified API Gateway and Ingress that simplifies the discovery, security, and deployment of APIs and microservices across any environment.
-    Consider the [Enterprise Edition](https://traefik.io/traefik-enterprise/) of Traefik as your [Kubernetes Ingress](https://traefik.io/solutions/kubernetes-ingress/), 
+
-    your [Docker Swarm Load Balancer](https://traefik.io/solutions/docker-swarm-ingress/), 
+    See it in action in [this short video walkthrough](https://info.traefik.io/watch-traefikee-demo "Link to video walkthrough").
    or your [API gateway](https://traefik.io/solutions/api-gateway/). 
    Get started with a [free 30-day trial](https://info.traefik.io/get-traefik-enterprise-free-for-30-days).
--- a/docs/content/middlewares/http/addprefix.md
+++ b/docs/content/middlewares/http/addprefix.md
@@ -14,7 +14,7 @@ The AddPrefix middleware updates the path of a request before forwarding it.
 ## Configuration Examples
-```yaml tab="Docker"
+```yaml tab="Docker & Swarm"
 # Prefixing with /foo
 labels:
  - "traefik.http.middlewares.add-foo.addprefix.prefix=/foo"
@@ -22,7 +22,7 @@ labels:
 ```yaml tab="Kubernetes"
 # Prefixing with /foo
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
  name: add-foo
@@ -36,18 +36,6 @@ spec:
 - "traefik.http.middlewares.add-foo.addprefix.prefix=/foo"
 ```
 ```json tab="Marathon"
 "labels": {
  "traefik.http.middlewares.add-foo.addprefix.prefix": "/foo"
 }
 ```
 ```yaml tab="Rancher"
 # Prefixing with /foo
 labels:
  - "traefik.http.middlewares.add-foo.addprefix.prefix=/foo"
 ```
 ```yaml tab="File (YAML)"
 # Prefixing with /foo
 http:
--- a/docs/content/middlewares/http/basicauth.md
+++ b/docs/content/middlewares/http/basicauth.md
@@ -14,7 +14,7 @@ The BasicAuth middleware restricts access to your services to known users.
 ## Configuration Examples
-```yaml tab="Docker"
+```yaml tab="Docker & Swarm"
 # Declaring the user list
 #
 # Note: when used in docker-compose.yml all dollar signs in the hash need to be doubled for escaping.
@@ -28,7 +28,7 @@ labels:
 ```yaml tab="Kubernetes"
 # Declaring the user list
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
  name: test-auth
@@ -41,18 +41,6 @@ spec:
 - "traefik.http.middlewares.test-auth.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"
 ```
 ```json tab="Marathon"
 "labels": {
  "traefik.http.middlewares.test-auth.basicauth.users": "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"
 }
 ```
 ```yaml tab="Rancher"
 # Declaring the user list
 labels:
  - "traefik.http.middlewares.test-auth.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"
 ```
 ```yaml tab="File (YAML)"
 # Declaring the user list
 http:
@@ -100,7 +88,7 @@ The `users` option is an array of authorized users. Each user must be declared u
    Please note that these keys are not hashed or encrypted in any way, and therefore is less secure than other methods.
    You can find more information on the [Kubernetes Basic Authentication Secret Documentation](https://kubernetes.io/docs/concepts/configuration/secret/#basic-authentication-secret)
-```yaml tab="Docker"
+```yaml tab="Docker & Swarm"
 # Declaring the user list
 #
 # Note: when used in docker-compose.yml all dollar signs in the hash need to be doubled for escaping.
@@ -114,7 +102,7 @@ labels:
 ```yaml tab="Kubernetes"
 # Declaring the user list
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
  name: test-auth
@@ -157,18 +145,6 @@ data:
 - "traefik.http.middlewares.test-auth.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"
 ```
 ```json tab="Marathon"
 "labels": {
  "traefik.http.middlewares.test-auth.basicauth.users": "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"
 }
 ```
 ```yaml tab="Rancher"
 # Declaring the user list
 labels:
  - "traefik.http.middlewares.test-auth.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/,test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"
 ```
 ```yaml tab="File (YAML)"
 # Declaring the user list
 http:
@@ -201,13 +177,13 @@ The file content is a list of `name:hashed-password`.
    - If both `users` and `usersFile` are provided, the two are merged. The contents of `usersFile` have precedence over the values in `users`.
    - Because it does not make much sense to refer to a file path on Kubernetes, the `usersFile` field doesn't exist for Kubernetes IngressRoute, and one should use the `secret` field instead.
-```yaml tab="Docker"
+```yaml tab="Docker & Swarm"
 labels:
  - "traefik.http.middlewares.test-auth.basicauth.usersfile=/path/to/my/usersfile"
 ```
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
  name: test-auth
@@ -232,17 +208,6 @@ data:
 - "traefik.http.middlewares.test-auth.basicauth.usersfile=/path/to/my/usersfile"
 ```
 ```json tab="Marathon"
 "labels": {
  "traefik.http.middlewares.test-auth.basicauth.usersfile": "/path/to/my/usersfile"
 }
 ```
 ```yaml tab="Rancher"
 labels:
  - "traefik.http.middlewares.test-auth.basicauth.usersfile=/path/to/my/usersfile"
 ```
 ```yaml tab="File (YAML)"
 http:
  middlewares:
@@ -268,13 +233,13 @@ http:
 You can customize the realm for the authentication with the `realm` option. The default value is `traefik`.
-```yaml tab="Docker"
+```yaml tab="Docker & Swarm"
 labels:
  - "traefik.http.middlewares.test-auth.basicauth.realm=MyRealm"
 ```
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
  name: test-auth
@@ -287,17 +252,6 @@ spec:
 - "traefik.http.middlewares.test-auth.basicauth.realm=MyRealm"
 ```
 ```json tab="Marathon"
 "labels": {
  "traefik.http.middlewares.test-auth.basicauth.realm": "MyRealm"
 }
 ```
 ```yaml tab="Rancher"
 labels:
  - "traefik.http.middlewares.test-auth.basicauth.realm=MyRealm"
 ```
 ```yaml tab="File (YAML)"
 http:
  middlewares:
@@ -316,13 +270,13 @@ http:
 You can define a header field to store the authenticated user using the `headerField`option.
-```yaml tab="Docker"
+```yaml tab="Docker & Swarm"
 labels:
  - "traefik.http.middlewares.my-auth.basicauth.headerField=X-WebAuth-User"
 ```
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
  name: my-auth
@@ -336,12 +290,6 @@ spec:
 - "traefik.http.middlewares.my-auth.basicauth.headerField=X-WebAuth-User"
 ```
 ```json tab="Marathon"
 "labels": {
  "traefik.http.middlewares.my-auth.basicauth.headerField": "X-WebAuth-User"
 }
 ```
 ```yaml tab="File (YAML)"
 http:
  middlewares:
@@ -361,13 +309,13 @@ http:
 Set the `removeHeader` option to `true` to remove the authorization header before forwarding the request to your service. (Default value is `false`.)
-```yaml tab="Docker"
+```yaml tab="Docker & Swarm"
 labels:
  - "traefik.http.middlewares.test-auth.basicauth.removeheader=true"
 ```
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
  name: test-auth
@@ -380,17 +328,6 @@ spec:
 - "traefik.http.middlewares.test-auth.basicauth.removeheader=true"
 ```
 ```json tab="Marathon"
 "labels": {
  "traefik.http.middlewares.test-auth.basicauth.removeheader": "true"
 }
 ```
 ```yaml tab="Rancher"
 labels:
  - "traefik.http.middlewares.test-auth.basicauth.removeheader=true"
 ```
 ```yaml tab="File (YAML)"
 http:
  middlewares:
--- a/docs/content/middlewares/http/buffering.md
+++ b/docs/content/middlewares/http/buffering.md
@@ -18,7 +18,7 @@ This can help services avoid large amounts of data (`multipart/form-data` for ex
 ## Configuration Examples
-```yaml tab="Docker"
+```yaml tab="Docker & Swarm"
 # Sets the maximum request body to 2MB
 labels:
  - "traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=2000000"
@@ -26,7 +26,7 @@ labels:
 ```yaml tab="Kubernetes"
 # Sets the maximum request body to 2MB
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
  name: limit
@@ -40,18 +40,6 @@ spec:
 - "traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=2000000"
 ```
 ```json tab="Marathon"
 "labels": {
  "traefik.http.middlewares.limit.buffering.maxRequestBodyBytes": "2000000"
 }
 ```
 ```yaml tab="Rancher"
 # Sets the maximum request body to 2MB
 labels:
  - "traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=2000000"
 ```
 ```yaml tab="File (YAML)"
 # Sets the maximum request body to 2MB
 http:
@@ -78,13 +66,13 @@ The `maxRequestBodyBytes` option configures the maximum allowed body size for th
 If the request exceeds the allowed size, it is not forwarded to the service, and the client gets a `413` (Request Entity Too Large) response.
-```yaml tab="Docker"
+```yaml tab="Docker & Swarm"
 labels:
  - "traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=2000000"
 ```
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
  name: limit
@@ -97,17 +85,6 @@ spec:
 - "traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=2000000"
 ```
 ```json tab="Marathon"
 "labels": {
  "traefik.http.middlewares.limit.buffering.maxRequestBodyBytes": "2000000"
 }
 ```
 ```yaml tab="Rancher"
 labels:
  - "traefik.http.middlewares.limit.buffering.maxRequestBodyBytes=2000000"
 ```
 ```yaml tab="File (YAML)"
 http:
  middlewares:
@@ -128,13 +105,13 @@ _Optional, Default=1048576_
 You can configure a threshold (in bytes) from which the request will be buffered on disk instead of in memory with the `memRequestBodyBytes` option.
-```yaml tab="Docker"
+```yaml tab="Docker & Swarm"
 labels:
  - "traefik.http.middlewares.limit.buffering.memRequestBodyBytes=2000000"
 ```
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
  name: limit
@@ -147,17 +124,6 @@ spec:
 - "traefik.http.middlewares.limit.buffering.memRequestBodyBytes=2000000"
 ```
 ```json tab="Marathon"
 "labels": {
  "traefik.http.middlewares.limit.buffering.memRequestBodyBytes": "2000000"
 }
 ```
 ```yaml tab="Rancher"
 labels:
  - "traefik.http.middlewares.limit.buffering.memRequestBodyBytes=2000000"
 ```
 ```yaml tab="File (YAML)"
 http:
  middlewares:
@@ -180,13 +146,13 @@ The `maxResponseBodyBytes` option configures the maximum allowed response size f
 If the response exceeds the allowed size, it is not forwarded to the client. The client gets a `500` (Internal Server Error) response instead.
-```yaml tab="Docker"
+```yaml tab="Docker & Swarm"
 labels:
  - "traefik.http.middlewares.limit.buffering.maxResponseBodyBytes=2000000"
 ```
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
  name: limit
@@ -199,17 +165,6 @@ spec:
 - "traefik.http.middlewares.limit.buffering.maxResponseBodyBytes=2000000"
 ```
 ```json tab="Marathon"
 "labels": {
  "traefik.http.middlewares.limit.buffering.maxResponseBodyBytes": "2000000"
 }
 ```
 ```yaml tab="Rancher"
 labels:
  - "traefik.http.middlewares.limit.buffering.maxResponseBodyBytes=2000000"
 ```
 ```yaml tab="File (YAML)"
 http:
  middlewares:
@@ -230,13 +185,13 @@ _Optional, Default=1048576_
 You can configure a threshold (in bytes) from which the response will be buffered on disk instead of in memory with the `memResponseBodyBytes` option.
-```yaml tab="Docker"
+```yaml tab="Docker & Swarm"
 labels:
  - "traefik.http.middlewares.limit.buffering.memResponseBodyBytes=2000000"
 ```
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
  name: limit
@@ -249,17 +204,6 @@ spec:
 - "traefik.http.middlewares.limit.buffering.memResponseBodyBytes=2000000"
 ```
 ```json tab="Marathon"
 "labels": {
  "traefik.http.middlewares.limit.buffering.memResponseBodyBytes": "2000000"
 }
 ```
 ```yaml tab="Rancher"
 labels:
  - "traefik.http.middlewares.limit.buffering.memResponseBodyBytes=2000000"
 ```
 ```yaml tab="File (YAML)"
 http:
  middlewares:
@@ -282,13 +226,13 @@ You can have the Buffering middleware replay the request using `retryExpression`
 ??? example "Retries once in the case of a network error"
-    ```yaml tab="Docker"
+    ```yaml tab="Docker & Swarm"
    labels:
      - "traefik.http.middlewares.limit.buffering.retryExpression=IsNetworkError() && Attempts() < 2"
    ```
    ```yaml tab="Kubernetes"
-    apiVersion: traefik.containo.us/v1alpha1
+    apiVersion: traefik.io/v1alpha1
    kind: Middleware
    metadata:
      name: limit
@@ -301,17 +245,6 @@ You can have the Buffering middleware replay the request using `retryExpression`
    - "traefik.http.middlewares.limit.buffering.retryExpression=IsNetworkError() && Attempts() < 2"
    ```
    ```json tab="Marathon"
    "labels": {
      "traefik.http.middlewares.limit.buffering.retryExpression": "IsNetworkError() && Attempts() < 2"
    }
    ```
    ```yaml tab="Rancher"
    labels:
      - "traefik.http.middlewares.limit.buffering.retryExpression=IsNetworkError() && Attempts() < 2"
    ```
    ```yaml tab="File (YAML)"
    http:
      middlewares:
--- a/docs/content/middlewares/http/chain.md
+++ b/docs/content/middlewares/http/chain.md
@@ -17,7 +17,7 @@ It makes reusing the same groups easier.
 Below is an example of a Chain containing `AllowList`, `BasicAuth`, and `RedirectScheme`.
-```yaml tab="Docker"
+```yaml tab="Docker & Swarm"
 labels:
  - "traefik.http.routers.router1.service=service1"
  - "traefik.http.routers.router1.middlewares=secured"
@@ -30,7 +30,7 @@ labels:
 ```
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
  name: test
@@ -47,7 +47,7 @@ spec:
      middlewares:
        - name: secured
 ---
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
  name: secured
@@ -58,7 +58,7 @@ spec:
    - name: known-ips
    - name: auth-users
 ---
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
  name: auth-users
@@ -67,7 +67,7 @@ spec:
    users:
    - test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/
 ---
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
  name: https-only
@@ -75,7 +75,7 @@ spec:
  redirectScheme:
    scheme: https
 ---
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
  name: known-ips
@@ -97,31 +97,6 @@ spec:
 - "traefik.http.services.service1.loadbalancer.server.port=80"
 ```
 ```json tab="Marathon"
 "labels": {
  "traefik.http.routers.router1.service": "service1",
  "traefik.http.routers.router1.middlewares": "secured",
  "traefik.http.routers.router1.rule": "Host(`mydomain`)",
  "traefik.http.middlewares.secured.chain.middlewares": "https-only,known-ips,auth-users",
  "traefik.http.middlewares.auth-users.basicauth.users": "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
  "traefik.http.middlewares.https-only.redirectscheme.scheme": "https",
  "traefik.http.middlewares.known-ips.ipallowlist.sourceRange": "192.168.1.7,127.0.0.1/32",
  "traefik.http.services.service1.loadbalancer.server.port": "80"
 }
 ```
 ```yaml tab="Rancher"
 labels:
  - "traefik.http.routers.router1.service=service1"
  - "traefik.http.routers.router1.middlewares=secured"
  - "traefik.http.routers.router1.rule=Host(`mydomain`)"
  - "traefik.http.middlewares.secured.chain.middlewares=https-only,known-ips,auth-users"
  - "traefik.http.middlewares.auth-users.basicauth.users=test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
  - "traefik.http.middlewares.https-only.redirectscheme.scheme=https"
  - "traefik.http.middlewares.known-ips.ipallowlist.sourceRange=192.168.1.7,127.0.0.1/32"
  - "traefik.http.services.service1.loadbalancer.server.port=80"
 ```
 ```yaml tab="File (YAML)"
 # ...
 http:
--- a/docs/content/middlewares/http/circuitbreaker.md
+++ b/docs/content/middlewares/http/circuitbreaker.md
@@ -30,7 +30,7 @@ To assess if your system is healthy, the circuit breaker constantly monitors the
 ## Configuration Examples
-```yaml tab="Docker"
+```yaml tab="Docker & Swarm"
 # Latency Check
 labels:
  - "traefik.http.middlewares.latency-check.circuitbreaker.expression=LatencyAtQuantileMS(50.0) > 100"
@@ -38,7 +38,7 @@ labels:
 ```yaml tab="Kubernetes"
 # Latency Check
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
  name: latency-check
@@ -52,18 +52,6 @@ spec:
 - "traefik.http.middlewares.latency-check.circuitbreaker.expression=LatencyAtQuantileMS(50.0) > 100"
 ```
 ```json tab="Marathon"
 "labels": {
  "traefik.http.middlewares.latency-check.circuitbreaker.expression": "LatencyAtQuantileMS(50.0) > 100"
 }
 ```
 ```yaml tab="Rancher"
 # Latency Check
 labels:
  - "traefik.http.middlewares.latency-check.circuitbreaker.expression=LatencyAtQuantileMS(50.0) > 100"
 ```
 ```yaml tab="File (YAML)"
 # Latency Check
 http:
--- a/docs/content/middlewares/http/compress.md
+++ b/docs/content/middlewares/http/compress.md
@@ -15,7 +15,7 @@ The activation of compression, and the compression method choice rely (among oth
 ## Configuration Examples
-```yaml tab="Docker"
+```yaml tab="Docker & Swarm"
 # Enable compression
 labels:
  - "traefik.http.middlewares.test-compress.compress=true"
@@ -23,7 +23,7 @@ labels:
 ```yaml tab="Kubernetes"
 # Enable compression
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
  name: test-compress
@@ -36,18 +36,6 @@ spec:
 - "traefik.http.middlewares.test-compress.compress=true"
 ```
 ```json tab="Marathon"
 "labels": {
  "traefik.http.middlewares.test-compress.compress": "true"
 }
 ```
 ```yaml tab="Rancher"
 # Enable compression
 labels:
  - "traefik.http.middlewares.test-compress.compress=true"
 ```
 ```yaml tab="File (YAML)"
 # Enable compression
 http:
@@ -94,13 +82,13 @@ Content types are compared in a case-insensitive, whitespace-ignored manner.
    Note that `application/grpc` is never compressed.
-```yaml tab="Docker"
+```yaml tab="Docker & Swarm"
 labels:
  - "traefik.http.middlewares.test-compress.compress.excludedcontenttypes=text/event-stream"
 ```
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
  name: test-compress
@@ -114,17 +102,6 @@ spec:
 - "traefik.http.middlewares.test-compress.compress.excludedcontenttypes=text/event-stream"
 ```
 ```json tab="Marathon"
 "labels": {
  "traefik.http.middlewares.test-compress.compress.excludedcontenttypes": "text/event-stream"
 }
 ```
 ```yaml tab="Rancher"
 labels:
  - "traefik.http.middlewares.test-compress.compress.excludedcontenttypes=text/event-stream"
 ```
 ```yaml tab="File (YAML)"
 http:
  middlewares:
@@ -148,13 +125,13 @@ _Optional, Default=1024_
 Responses smaller than the specified values will not be compressed.
-```yaml tab="Docker"
+```yaml tab="Docker & Swarm"
 labels:
  - "traefik.http.middlewares.test-compress.compress.minresponsebodybytes=1200"
 ```
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
  name: test-compress
@@ -167,17 +144,6 @@ spec:
 - "traefik.http.middlewares.test-compress.compress.minresponsebodybytes=1200"
 ```
 ```json tab="Marathon"
 "labels": {
  "traefik.http.middlewares.test-compress.compress.minresponsebodybytes": 1200
 }
 ```
 ```yaml tab="Rancher"
 labels:
  - "traefik.http.middlewares.test-compress.compress.minresponsebodybytes=1200"
 ```
 ```yaml tab="File (YAML)"
 http:
  middlewares:
--- a/docs/content/middlewares/http/contenttype.md
+++ b/docs/content/middlewares/http/contenttype.md
@@ -18,7 +18,7 @@ when it is not set by the backend.
 ## Configuration Examples
-```yaml tab="Docker"
+```yaml tab="Docker & Swarm"
 # Enable auto-detection
 labels:
  - "traefik.http.middlewares.autodetect.contenttype=true"
@@ -26,7 +26,7 @@ labels:
 ```yaml tab="Kubernetes"
 # Enable auto-detection
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
  name: autodetect
@@ -39,18 +39,6 @@ spec:
 - "traefik.http.middlewares.autodetect.contenttype=true"
 ```
 ```json tab="Marathon"
 "labels": {
  "traefik.http.middlewares.autodetect.contenttype": "true"
 }
 ```
 ```yaml tab="Rancher"
 # Enable auto-detection
 labels:
  - "traefik.http.middlewares.autodetect.contenttype=true"
 ```
 ```yaml tab="File (YAML)"
 # Enable auto-detection
 http:
@@ -63,4 +51,4 @@ http:
 # Enable auto-detection
 [http.middlewares]
  [http.middlewares.autodetect.contentType]
-```
+```
--- a/docs/content/middlewares/http/digestauth.md
+++ b/docs/content/middlewares/http/digestauth.md
@@ -14,7 +14,7 @@ The DigestAuth middleware restricts access to your services to known users.
 ## Configuration Examples
-```yaml tab="Docker"
+```yaml tab="Docker & Swarm"
 # Declaring the user list
 labels:
  - "traefik.http.middlewares.test-auth.digestauth.users=test:traefik:a2688e031edb4be6a3797f3882655c05,test2:traefik:518845800f9e2bfb1f1f740ec24f074e"
@@ -22,7 +22,7 @@ labels:
 ```yaml tab="Kubernetes"
 # Declaring the user list
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
  name: test-auth
@@ -36,18 +36,6 @@ spec:
 - "traefik.http.middlewares.test-auth.digestauth.users=test:traefik:a2688e031edb4be6a3797f3882655c05,test2:traefik:518845800f9e2bfb1f1f740ec24f074e"
 ```
 ```json tab="Marathon"
 "labels": {
  "traefik.http.middlewares.test-auth.digestauth.users": "test:traefik:a2688e031edb4be6a3797f3882655c05,test2:traefik:518845800f9e2bfb1f1f740ec24f074e"
 }
 ```
 ```yaml tab="Rancher"
 # Declaring the user list
 labels:
  - "traefik.http.middlewares.test-auth.digestauth.users=test:traefik:a2688e031edb4be6a3797f3882655c05,test2:traefik:518845800f9e2bfb1f1f740ec24f074e"
 ```
 ```yaml tab="File (YAML)"
 # Declaring the user list
 http:
@@ -84,13 +72,13 @@ The `users` option is an array of authorized users. Each user will be declared u
    - If both `users` and `usersFile` are provided, the two are merged. The contents of `usersFile` have precedence over the values in `users`.
    - For security reasons, the field `users` doesn't exist for Kubernetes IngressRoute, and one should use the `secret` field instead.
-```yaml tab="Docker"
+```yaml tab="Docker & Swarm"
 labels:
  - "traefik.http.middlewares.test-auth.digestauth.users=test:traefik:a2688e031edb4be6a3797f3882655c05,test2:traefik:518845800f9e2bfb1f1f740ec24f074e"
 ```
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
  name: test-auth
@@ -114,17 +102,6 @@ data:
 - "traefik.http.middlewares.test-auth.digestauth.users=test:traefik:a2688e031edb4be6a3797f3882655c05,test2:traefik:518845800f9e2bfb1f1f740ec24f074e"
 ```
 ```json tab="Marathon"
 "labels": {
  "traefik.http.middlewares.test-auth.digestauth.users": "test:traefik:a2688e031edb4be6a3797f3882655c05,test2:traefik:518845800f9e2bfb1f1f740ec24f074e"
 }
 ```
 ```yaml tab="Rancher"
 labels:
  - "traefik.http.middlewares.test-auth.digestauth.users=test:traefik:a2688e031edb4be6a3797f3882655c05,test2:traefik:518845800f9e2bfb1f1f740ec24f074e"
 ```
 ```yaml tab="File (YAML)"
 http:
  middlewares:
@@ -155,13 +132,13 @@ The file content is a list of `name:realm:encoded-password`.
    - If both `users` and `usersFile` are provided, the two are merged. The contents of `usersFile` have precedence over the values in `users`.
    - Because it does not make much sense to refer to a file path on Kubernetes, the `usersFile` field doesn't exist for Kubernetes IngressRoute, and one should use the `secret` field instead.
-```yaml tab="Docker"
+```yaml tab="Docker & Swarm"
 labels:
  - "traefik.http.middlewares.test-auth.digestauth.usersfile=/path/to/my/usersfile"
 ```
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
  name: test-auth
@@ -186,17 +163,6 @@ data:
 - "traefik.http.middlewares.test-auth.digestauth.usersfile=/path/to/my/usersfile"
 ```
 ```json tab="Marathon"
 "labels": {
  "traefik.http.middlewares.test-auth.digestauth.usersfile": "/path/to/my/usersfile"
 }
 ```
 ```yaml tab="Rancher"
 labels:
  - "traefik.http.middlewares.test-auth.digestauth.usersfile=/path/to/my/usersfile"
 ```
 ```yaml tab="File (YAML)"
 http:
  middlewares:
@@ -222,13 +188,13 @@ http:
 You can customize the realm for the authentication with the `realm` option. The default value is `traefik`.
-```yaml tab="Docker"
+```yaml tab="Docker & Swarm"
 labels:
  - "traefik.http.middlewares.test-auth.digestauth.realm=MyRealm"
 ```
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
  name: test-auth
@@ -241,17 +207,6 @@ spec:
 - "traefik.http.middlewares.test-auth.digestauth.realm=MyRealm"
 ```
 ```json tab="Marathon"
 "labels": {
  "traefik.http.middlewares.test-auth.digestauth.realm": "MyRealm"
 }
 ```
 ```yaml tab="Rancher"
 labels:
  - "traefik.http.middlewares.test-auth.digestauth.realm=MyRealm"
 ```
 ```yaml tab="File (YAML)"
 http:
  middlewares:
@@ -270,13 +225,13 @@ http:
 You can customize the header field for the authenticated user using the `headerField`option.
-```yaml tab="Docker"
+```yaml tab="Docker & Swarm"
 labels:
  - "traefik.http.middlewares.my-auth.digestauth.headerField=X-WebAuth-User"
 ```
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
  name: my-auth
@@ -290,17 +245,6 @@ spec:
 - "traefik.http.middlewares.my-auth.digestauth.headerField=X-WebAuth-User"
 ```
 ```json tab="Marathon"
 "labels": {
  "traefik.http.middlewares.my-auth.digestauth.headerField": "X-WebAuth-User"
 }
 ```
 ```yaml tab="Rancher"
 labels:
  - "traefik.http.middlewares.my-auth.digestauth.headerField=X-WebAuth-User"
 ```
 ```yaml tab="File (YAML)"
 http:
  middlewares:
@@ -320,13 +264,13 @@ http:
 Set the `removeHeader` option to `true` to remove the authorization header before forwarding the request to your service. (Default value is `false`.)
-```yaml tab="Docker"
+```yaml tab="Docker & Swarm"
 labels:
  - "traefik.http.middlewares.test-auth.digestauth.removeheader=true"
 ```
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
  name: test-auth
@@ -339,17 +283,6 @@ spec:
 - "traefik.http.middlewares.test-auth.digestauth.removeheader=true"
 ```
 ```json tab="Marathon"
 "labels": {
  "traefik.http.middlewares.test-auth.digestauth.removeheader": "true"
 }
 ```
 ```yaml tab="Rancher"
 labels:
  - "traefik.http.middlewares.test-auth.digestauth.removeheader=true"
 ```
 ```yaml tab="File (YAML)"
 http:
  middlewares:
--- a/docs/content/middlewares/http/errorpages.md
+++ b/docs/content/middlewares/http/errorpages.md
@@ -18,7 +18,7 @@ The Errors middleware returns a custom page in lieu of the default, according to
 ## Configuration Examples
-```yaml tab="Docker"
+```yaml tab="Docker & Swarm"
 # Dynamic Custom Error Page for 5XX Status Code
 labels:
  - "traefik.http.middlewares.test-errors.errors.status=500-599"
@@ -27,7 +27,7 @@ labels:
 ```
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
  name: test-errors
@@ -48,22 +48,6 @@ spec:
 - "traefik.http.middlewares.test-errors.errors.query=/{status}.html"
 ```
 ```json tab="Marathon"
 "labels": {
  "traefik.http.middlewares.test-errors.errors.status": "500-599",
  "traefik.http.middlewares.test-errors.errors.service": "serviceError",
  "traefik.http.middlewares.test-errors.errors.query": "/{status}.html"
 }
 ```
 ```yaml tab="Rancher"
 # Dynamic Custom Error Page for 5XX Status Code
 labels:
  - "traefik.http.middlewares.test-errors.errors.status=500-599"
  - "traefik.http.middlewares.test-errors.errors.service=serviceError"
  - "traefik.http.middlewares.test-errors.errors.query=/{status}.html"
 ```
 ```yaml tab="File (YAML)"
 # Custom Error Page for 5XX
 http:
--- a/docs/content/middlewares/http/forwardauth.md
+++ b/docs/content/middlewares/http/forwardauth.md
@@ -16,7 +16,7 @@ Otherwise, the response from the authentication server is returned.
 ## Configuration Examples
-```yaml tab="Docker"
+```yaml tab="Docker & Swarm"
 # Forward authentication to example.com
 labels:
  - "traefik.http.middlewares.test-auth.forwardauth.address=https://example.com/auth"
@@ -24,7 +24,7 @@ labels:
 ```yaml tab="Kubernetes"
 # Forward authentication to example.com
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
  name: test-auth
@@ -38,18 +38,6 @@ spec:
 - "traefik.http.middlewares.test-auth.forwardauth.address=https://example.com/auth"
 ```
 ```json tab="Marathon"
 "labels": {
  "traefik.http.middlewares.test-auth.forwardauth.address": "https://example.com/auth"
 }
 ```
 ```yaml tab="Rancher"
 # Forward authentication to example.com
 labels:
  - "traefik.http.middlewares.test-auth.forwardauth.address=https://example.com/auth"
 ```
 ```yaml tab="File (YAML)"
 # Forward authentication to example.com
 http:
@@ -84,13 +72,13 @@ The following request properties are provided to the forward-auth target endpoin
 The `address` option defines the authentication server address.
-```yaml tab="Docker"
+```yaml tab="Docker & Swarm"
 labels:
  - "traefik.http.middlewares.test-auth.forwardauth.address=https://example.com/auth"
 ```
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
  name: test-auth
@@ -103,17 +91,6 @@ spec:
 - "traefik.http.middlewares.test-auth.forwardauth.address=https://example.com/auth"
 ```
 ```json tab="Marathon"
 "labels": {
  "traefik.http.middlewares.test-auth.forwardauth.address": "https://example.com/auth"
 }
 ```
 ```yaml tab="Rancher"
 labels:
  - "traefik.http.middlewares.test-auth.forwardauth.address=https://example.com/auth"
 ```
 ```yaml tab="File (YAML)"
 http:
  middlewares:
@@ -132,13 +109,13 @@ http:
 Set the `trustForwardHeader` option to `true` to trust all `X-Forwarded-*` headers.
-```yaml tab="Docker"
+```yaml tab="Docker & Swarm"
 labels:
  - "traefik.http.middlewares.test-auth.forwardauth.trustForwardHeader=true"
 ```
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
  name: test-auth
@@ -152,17 +129,6 @@ spec:
 - "traefik.http.middlewares.test-auth.forwardauth.trustForwardHeader=true"
 ```
 ```json tab="Marathon"
 "labels": {
  "traefik.http.middlewares.test-auth.forwardauth.trustForwardHeader": "true"
 }
 ```
 ```yaml tab="Rancher"
 labels:
  - "traefik.http.middlewares.test-auth.forwardauth.trustForwardHeader=true"
 ```
 ```yaml tab="File (YAML)"
 http:
  middlewares:
@@ -184,13 +150,13 @@ http:
 The `authResponseHeaders` option is the list of headers to copy from the authentication server response and set on
 forwarded request, replacing any existing conflicting headers.
-```yaml tab="Docker"
+```yaml tab="Docker & Swarm"
 labels:
  - "traefik.http.middlewares.test-auth.forwardauth.authResponseHeaders=X-Auth-User, X-Secret"
 ```
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
  name: test-auth
@@ -206,17 +172,6 @@ spec:
 - "traefik.http.middlewares.test-auth.forwardauth.authResponseHeaders=X-Auth-User, X-Secret"
 ```
 ```json tab="Marathon"
 "labels": {
  "traefik.http.middlewares.test-auth.forwardauth.authResponseHeaders": "X-Auth-User,X-Secret"
 }
 ```
 ```yaml tab="Rancher"
 labels:
  - "traefik.http.middlewares.test-auth.forwardauth.authResponseHeaders=X-Auth-User, X-Secret"
 ```
 ```yaml tab="File (YAML)"
 http:
  middlewares:
@@ -242,13 +197,13 @@ set on forwarded request, after stripping all headers that match the regex.
 It allows partial matching of the regular expression against the header key.
 The start of string (`^`) and end of string (`$`) anchors should be used to ensure a full match against the header key.
-```yaml tab="Docker"
+```yaml tab="Docker & Swarm"
 labels:
  - "traefik.http.middlewares.test-auth.forwardauth.authResponseHeadersRegex=^X-"
 ```
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
  name: test-auth
@@ -262,17 +217,6 @@ spec:
 - "traefik.http.middlewares.test-auth.forwardauth.authResponseHeadersRegex=^X-"
 ```
 ```json tab="Marathon"
 "labels": {
  "traefik.http.middlewares.test-auth.forwardauth.authResponseHeadersRegex": "^X-"
 }
 ```
 ```yaml tab="Rancher"
 labels:
  - "traefik.http.middlewares.test-auth.forwardauth.authResponseHeadersRegex=^X-"
 ```
 ```yaml tab="File (YAML)"
 http:
  middlewares:
@@ -301,13 +245,13 @@ The `authRequestHeaders` option is the list of the headers to copy from the requ
 It allows filtering headers that should not be passed to the authentication server.
 If not set or empty then all request headers are passed.
-```yaml tab="Docker"
+```yaml tab="Docker & Swarm"
 labels:
  - "traefik.http.middlewares.test-auth.forwardauth.authRequestHeaders=Accept,X-CustomHeader"
 ```
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
  name: test-auth
@@ -323,17 +267,6 @@ spec:
 - "traefik.http.middlewares.test-auth.forwardauth.authRequestHeaders=Accept,X-CustomHeader"
 ```
 ```json tab="Marathon"
 "labels": {
  "traefik.http.middlewares.test-auth.forwardauth.authRequestHeaders": "Accept,X-CustomHeader"
 }
 ```
 ```yaml tab="Rancher"
 labels:
  - "traefik.http.middlewares.test-auth.forwardauth.authRequestHeaders=Accept,X-CustomHeader"
 ```
 ```yaml tab="File (YAML)"
 http:
  middlewares:
@@ -365,13 +298,13 @@ _Optional_
 `ca` is the path to the certificate authority used for the secured connection to the authentication server,
 it defaults to the system bundle.
-```yaml tab="Docker"
+```yaml tab="Docker & Swarm"
 labels:
  - "traefik.http.middlewares.test-auth.forwardauth.tls.ca=path/to/local.crt"
 ```
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
  name: test-auth
@@ -397,17 +330,6 @@ data:
 - "traefik.http.middlewares.test-auth.forwardauth.tls.ca=path/to/local.crt"
 ```
 ```json tab="Marathon"
 "labels": {
  "traefik.http.middlewares.test-auth.forwardauth.tls.ca": "path/to/local.crt"
 }
 ```
 ```yaml tab="Rancher"
 labels:
  - "traefik.http.middlewares.test-auth.forwardauth.tls.ca=path/to/local.crt"
 ```
 ```yaml tab="File (YAML)"
 http:
  middlewares:
@@ -433,14 +355,14 @@ _Optional_
 `cert` is the path to the public certificate used for the secure connection to the authentication server.
 When using this option, setting the `key` option is required.
-```yaml tab="Docker"
+```yaml tab="Docker & Swarm"
 labels:
  - "traefik.http.middlewares.test-auth.forwardauth.tls.cert=path/to/foo.cert"
  - "traefik.http.middlewares.test-auth.forwardauth.tls.key=path/to/foo.key"
 ```
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
  name: test-auth
@@ -467,19 +389,6 @@ data:
 - "traefik.http.middlewares.test-auth.forwardauth.tls.key=path/to/foo.key"
 ```
 ```json tab="Marathon"
 "labels": {
  "traefik.http.middlewares.test-auth.forwardauth.tls.cert": "path/to/foo.cert",
  "traefik.http.middlewares.test-auth.forwardauth.tls.key": "path/to/foo.key"
 }
 ```
 ```yaml tab="Rancher"
 labels:
  - "traefik.http.middlewares.test-auth.forwardauth.tls.cert=path/to/foo.cert"
  - "traefik.http.middlewares.test-auth.forwardauth.tls.key=path/to/foo.key"
 ```
 ```yaml tab="File (YAML)"
 http:
  middlewares:
@@ -511,14 +420,14 @@ _Optional_
 `key` is the path to the private key used for the secure connection to the authentication server.
 When using this option, setting the `cert` option is required.
-```yaml tab="Docker"
+```yaml tab="Docker & Swarm"
 labels:
  - "traefik.http.middlewares.test-auth.forwardauth.tls.cert=path/to/foo.cert"
  - "traefik.http.middlewares.test-auth.forwardauth.tls.key=path/to/foo.key"
 ```
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
  name: test-auth
@@ -545,19 +454,6 @@ data:
 - "traefik.http.middlewares.test-auth.forwardauth.tls.key=path/to/foo.key"
 ```
 ```json tab="Marathon"
 "labels": {
  "traefik.http.middlewares.test-auth.forwardauth.tls.cert": "path/to/foo.cert",
  "traefik.http.middlewares.test-auth.forwardauth.tls.key": "path/to/foo.key"
 }
 ```
 ```yaml tab="Rancher"
 labels:
  - "traefik.http.middlewares.test-auth.forwardauth.tls.cert=path/to/foo.cert"
  - "traefik.http.middlewares.test-auth.forwardauth.tls.key=path/to/foo.key"
 ```
 ```yaml tab="File (YAML)"
 http:
  middlewares:
@@ -588,13 +484,13 @@ _Optional, Default=false_
 If `insecureSkipVerify` is `true`, the TLS connection to the authentication server accepts any certificate presented by the server regardless of the hostnames it covers.
-```yaml tab="Docker"
+```yaml tab="Docker & Swarm"
 labels:
  - "traefik.http.middlewares.test-auth.forwardauth.tls.insecureSkipVerify=true"
 ```
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
  name: test-auth
@@ -609,17 +505,6 @@ spec:
 - "traefik.http.middlewares.test-auth.forwardauth.tls.InsecureSkipVerify=true"
 ```
 ```json tab="Marathon"
 "labels": {
  "traefik.http.middlewares.test-auth.forwardauth.tls.insecureSkipVerify": "true"
 }
 ```
 ```yaml tab="Rancher"
 labels:
  - "traefik.http.middlewares.test-auth.forwardauth.tls.InsecureSkipVerify=true"
 ```
 ```yaml tab="File (YAML)"
 http:
  middlewares:
--- a/docs/content/middlewares/http/grpcweb.md
+++ b/docs/content/middlewares/http/grpcweb.md
@@ -17,13 +17,13 @@ The GrpcWeb middleware converts gRPC Web requests to HTTP/2 gRPC requests before
 ## Configuration Examples
-```yaml tab="Docker"
+```yaml tab="Docker & Swarm"
 labels:
  - "traefik.http.middlewares.test-grpcweb.grpcweb.allowOrigins=*"
 ```
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
  name: test-grpcweb
@@ -37,17 +37,6 @@ spec:
 - "traefik.http.middlewares.test-grpcweb.grpcWeb.allowOrigins=*"
 ```
 ```json tab="Marathon"
 "labels": {
  "traefik.http.middlewares.test-grpcweb.grpcweb.alloworigins": "*"
 }
 ```
 ```yaml tab="Rancher"
 labels:
  - "traefik.http.middlewares.test-grpcweb.grpcweb.alloworigins=*"
 ```
 ```yaml tab="File (YAML)"
 http:
  middlewares:
--- a/docs/content/middlewares/http/headers.md
+++ b/docs/content/middlewares/http/headers.md
@@ -20,14 +20,14 @@ A set of forwarded headers are automatically added by default. See the [FAQ](../
 The following example adds the `X-Script-Name` header to the proxied request and the `X-Custom-Response-Header` header to the response
-```yaml tab="Docker"
+```yaml tab="Docker & Swarm"
 labels:
  - "traefik.http.middlewares.testHeader.headers.customrequestheaders.X-Script-Name=test"
  - "traefik.http.middlewares.testHeader.headers.customresponseheaders.X-Custom-Response-Header=value"
 ```
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
  name: test-header
@@ -44,19 +44,6 @@ spec:
 - "traefik.http.middlewares.testheader.headers.customresponseheaders.X-Custom-Response-Header=value"
 ```
 ```json tab="Marathon"
 "labels": {
  "traefik.http.middlewares.testheader.headers.customrequestheaders.X-Script-Name": "test",
  "traefik.http.middlewares.testheader.headers.customresponseheaders.X-Custom-Response-Header": "value"
 }
 ```
 ```yaml tab="Rancher"
 labels:
  - "traefik.http.middlewares.testheader.headers.customrequestheaders.X-Script-Name=test"
  - "traefik.http.middlewares.testheader.headers.customresponseheaders.X-Custom-Response-Header=value"
 ```
 ```yaml tab="File (YAML)"
 http:
  middlewares:
@@ -82,7 +69,7 @@ http:
 In the following example, requests are proxied with an extra `X-Script-Name` header while their `X-Custom-Request-Header` header gets stripped,
 and responses are stripped of their `X-Custom-Response-Header` header.
-```yaml tab="Docker"
+```yaml tab="Docker & Swarm"
 labels:
  - "traefik.http.middlewares.testheader.headers.customrequestheaders.X-Script-Name=test"
  - "traefik.http.middlewares.testheader.headers.customrequestheaders.X-Custom-Request-Header="
@@ -90,7 +77,7 @@ labels:
 ```
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
  name: test-header
@@ -109,21 +96,6 @@ spec:
 - "traefik.http.middlewares.testheader.headers.customresponseheaders.X-Custom-Response-Header="
 ```
 ```json tab="Marathon"
 "labels": {
  "traefik.http.middlewares.testheader.headers.customrequestheaders.X-Script-Name": "test",
  "traefik.http.middlewares.testheader.headers.customrequestheaders.X-Custom-Request-Header": "",
  "traefik.http.middlewares.testheader.headers.customresponseheaders.X-Custom-Response-Header": "",
 }
 ```
 ```yaml tab="Rancher"
 labels:
  - "traefik.http.middlewares.testheader.headers.customrequestheaders.X-Script-Name=test"
  - "traefik.http.middlewares.testheader.headers.customrequestheaders.X-Custom-Request-Header="
  - "traefik.http.middlewares.testheader.headers.customresponseheaders.X-Custom-Response-Header="
 ```
 ```yaml tab="File (YAML)"
 http:
  middlewares:
@@ -151,14 +123,14 @@ http:
 Security-related headers (HSTS headers, Browser XSS filter, etc) can be managed similarly to custom headers as shown above.
 This functionality makes it possible to easily use security features by adding headers.
-```yaml tab="Docker"
+```yaml tab="Docker & Swarm"
 labels:
  - "traefik.http.middlewares.testHeader.headers.framedeny=true"
  - "traefik.http.middlewares.testHeader.headers.browserxssfilter=true"
 ```
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
  name: test-header
@@ -173,19 +145,6 @@ spec:
 - "traefik.http.middlewares.testheader.headers.browserxssfilter=true"
 ```
 ```json tab="Marathon"
 "labels": {
  "traefik.http.middlewares.testheader.headers.framedeny": "true",
  "traefik.http.middlewares.testheader.headers.browserxssfilter": "true"
 }
 ```
 ```yaml tab="Rancher"
 labels:
  - "traefik.http.middlewares.testheader.headers.framedeny=true"
  - "traefik.http.middlewares.testheader.headers.browserxssfilter=true"
 ```
 ```yaml tab="File (YAML)"
 http:
  middlewares:
@@ -207,18 +166,21 @@ http:
 CORS (Cross-Origin Resource Sharing) headers can be added and configured in a manner similar to the custom headers above.
 This functionality allows for more advanced security features to quickly be set.
 If CORS headers are set, then the middleware does not pass preflight requests to any service,
-instead the response will be generated and sent back to the client directly.
+instead the response will be generated and sent back to the client directly.  
 Please note that the example below is by no means authoritative or exhaustive,
 and should not be used as is for production.
-```yaml tab="Docker"
+```yaml tab="Docker & Swarm"
 labels:
  - "traefik.http.middlewares.testheader.headers.accesscontrolallowmethods=GET,OPTIONS,PUT"
  - "traefik.http.middlewares.testheader.headers.accesscontrolallowheaders=*"
  - "traefik.http.middlewares.testheader.headers.accesscontrolalloworiginlist=https://foo.bar.org,https://example.org"
  - "traefik.http.middlewares.testheader.headers.accesscontrolmaxage=100"
  - "traefik.http.middlewares.testheader.headers.addvaryheader=true"
 ```
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
  name: test-header
@@ -228,6 +190,7 @@ spec:
      - "GET"
      - "OPTIONS"
      - "PUT"
    accessControlAllowHeaders: "*"
    accessControlAllowOriginList:
      - "https://foo.bar.org"
      - "https://example.org"
@@ -237,28 +200,12 @@ spec:
 ```yaml tab="Consul Catalog"
 - "traefik.http.middlewares.testheader.headers.accesscontrolallowmethods=GET,OPTIONS,PUT"
 - "traefik.http.middlewares.testheader.headers.accesscontrolallowheaders=*"
 - "traefik.http.middlewares.testheader.headers.accesscontrolalloworiginlist=https://foo.bar.org,https://example.org"
 - "traefik.http.middlewares.testheader.headers.accesscontrolmaxage=100"
 - "traefik.http.middlewares.testheader.headers.addvaryheader=true"
 ```
 ```json tab="Marathon"
 "labels": {
  "traefik.http.middlewares.testheader.headers.accesscontrolallowmethods": "GET,OPTIONS,PUT",
  "traefik.http.middlewares.testheader.headers.accesscontrolalloworiginlist": "https://foo.bar.org,https://example.org",
  "traefik.http.middlewares.testheader.headers.accesscontrolmaxage": "100",
  "traefik.http.middlewares.testheader.headers.addvaryheader": "true"
 }
 ```
 ```yaml tab="Rancher"
 labels:
  - "traefik.http.middlewares.testheader.headers.accesscontrolallowmethods=GET,OPTIONS,PUT"
  - "traefik.http.middlewares.testheader.headers.accesscontrolalloworiginlist=https://foo.bar.org,https://example.org"
  - "traefik.http.middlewares.testheader.headers.accesscontrolmaxage=100"
  - "traefik.http.middlewares.testheader.headers.addvaryheader=true"
 ```
 ```yaml tab="File (YAML)"
 http:
  middlewares:
@@ -268,6 +215,7 @@ http:
          - GET
          - OPTIONS
          - PUT
        accessControlAllowHeaders: "*"
        accessControlAllowOriginList:
          - https://foo.bar.org
          - https://example.org
@@ -279,6 +227,7 @@ http:
 [http.middlewares]
  [http.middlewares.testHeader.headers]
    accessControlAllowMethods= ["GET", "OPTIONS", "PUT"]
    accessControlAllowHeaders= "*"
    accessControlAllowOriginList = ["https://foo.bar.org","https://example.org"]
    accessControlMaxAge = 100
    addVaryHeader = true
--- a/docs/content/middlewares/http/inflightreq.md
+++ b/docs/content/middlewares/http/inflightreq.md
@@ -14,13 +14,13 @@ To proactively prevent services from being overwhelmed with high load, the numbe
 ## Configuration Examples
-```yaml tab="Docker"
+```yaml tab="Docker & Swarm"
 labels:
  - "traefik.http.middlewares.test-inflightreq.inflightreq.amount=10"
 ```
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
  name: test-inflightreq
@@ -34,18 +34,6 @@ spec:
 - "traefik.http.middlewares.test-inflightreq.inflightreq.amount=10"
 ```
 ```json tab="Marathon"
 "labels": {
  "traefik.http.middlewares.test-inflightreq.inflightreq.amount": "10"
 }
 ```
 ```yaml tab="Rancher"
 # Limiting to 10 simultaneous connections
 labels:
  - "traefik.http.middlewares.test-inflightreq.inflightreq.amount=10"
 ```
 ```yaml tab="File (YAML)"
 # Limiting to 10 simultaneous connections
 http:
@@ -69,13 +57,13 @@ http:
 The `amount` option defines the maximum amount of allowed simultaneous in-flight request.
 The middleware responds with `HTTP 429 Too Many Requests` if there are already `amount` requests in progress (based on the same `sourceCriterion` strategy).
-```yaml tab="Docker"
+```yaml tab="Docker & Swarm"
 labels:
  - "traefik.http.middlewares.test-inflightreq.inflightreq.amount=10"
 ```
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
  name: test-inflightreq
@@ -89,18 +77,6 @@ spec:
 - "traefik.http.middlewares.test-inflightreq.inflightreq.amount=10"
 ```
 ```json tab="Marathon"
 "labels": {
  "traefik.http.middlewares.test-inflightreq.inflightreq.amount": "10"
 }
 ```
 ```yaml tab="Rancher"
 # Limiting to 10 simultaneous connections
 labels:
  - "traefik.http.middlewares.test-inflightreq.inflightreq.amount=10"
 ```
 ```yaml tab="File (YAML)"
 # Limiting to 10 simultaneous connections
 http:
@@ -127,6 +103,8 @@ If none are set, the default is to use the `requestHost`.
 The `ipStrategy` option defines two parameters that configures how Traefik determines the client IP: `depth`, and `excludedIPs`.
 !!! important "As a middleware, InFlightReq happens before the actual proxying to the backend takes place. In addition, the previous network hop only gets appended to `X-Forwarded-For` during the last stages of proxying, i.e. after it has already passed through the middleware. Therefore, during InFlightReq, as the previous network hop is not yet present in `X-Forwarded-For`, it cannot be used and/or relied upon."
 ##### `ipStrategy.depth`
 The `depth` option tells Traefik to use the `X-Forwarded-For` header and select the IP located at the `depth` position (starting from the right).
@@ -144,13 +122,13 @@ The `depth` option tells Traefik to use the `X-Forwarded-For` header and select
    | `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `3`     | `"11.0.0.1"` |
    | `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `5`     | `""`         |
-```yaml tab="Docker"
+```yaml tab="Docker & Swarm"
 labels:
  - "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.ipstrategy.depth=2"
 ```
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
  name: test-inflightreq
@@ -165,17 +143,6 @@ spec:
 - "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.ipstrategy.depth=2"
 ```
 ```json tab="Marathon"
 "labels": {
  "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.ipstrategy.depth": "2"
 }
 ```
 ```yaml tab="Rancher"
 labels:
  - "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.ipstrategy.depth=2"
 ```
 ```yaml tab="File (YAML)"
 http:
  middlewares:
@@ -209,13 +176,13 @@ http:
    | `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `"15.0.0.1,16.0.0.1"` | `"13.0.0.1"` |
    | `"10.0.0.1,11.0.0.1"`                   | `"10.0.0.1,11.0.0.1"` | `""`         |
-```yaml tab="Docker"
+```yaml tab="Docker & Swarm"
 labels:
  - "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
 ```
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
  name: test-inflightreq
@@ -232,17 +199,6 @@ spec:
 - "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
 ```
 ```json tab="Marathon"
 "labels": {
  "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.ipstrategy.excludedips": "127.0.0.1/32, 192.168.1.7"
 }
 ```
 ```yaml tab="Rancher"
 labels:
  - "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
 ```
 ```yaml tab="File (YAML)"
 http:
  middlewares:
@@ -266,13 +222,13 @@ http:
 Name of the header used to group incoming requests.
-```yaml tab="Docker"
+```yaml tab="Docker & Swarm"
 labels:
  - "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.requestheadername=username"
 ```
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
  name: test-inflightreq
@@ -286,17 +242,6 @@ spec:
 - "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.requestheadername=username"
 ```
 ```json tab="Marathon"
 "labels": {
  "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.requestheadername": "username"
 }
 ```
 ```yaml tab="Rancher"
 labels:
  - "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.requestheadername=username"
 ```
 ```yaml tab="File (YAML)"
 http:
  middlewares:
@@ -317,13 +262,13 @@ http:
 Whether to consider the request host as the source.
-```yaml tab="Docker"
+```yaml tab="Docker & Swarm"
 labels:
  - "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.requesthost=true"
 ```
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
  name: test-inflightreq
@@ -337,17 +282,6 @@ spec:
 - "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.requesthost=true"
 ```
 ```json tab="Marathon"
 "labels": {
  "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.requesthost": "true"
 }
 ```
 ```yaml tab="Rancher"
 labels:
  - "traefik.http.middlewares.test-inflightreq.inflightreq.sourcecriterion.requesthost=true"
 ```
 ```yaml tab="File (YAML)"
 http:
  middlewares:
--- a/docs/content/middlewares/http/ipallowlist.md
+++ b/docs/content/middlewares/http/ipallowlist.md
@@ -12,14 +12,14 @@ IPAllowList accepts / refuses requests based on the client IP.
 ## Configuration Examples
-```yaml tab="Docker"
+```yaml tab="Docker & Swarm"
 # Accepts request from defined IP
 labels:
  - "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
 ```
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
  name: test-ipallowlist
@@ -35,18 +35,6 @@ spec:
 - "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
 ```
 ```json tab="Marathon"
 "labels": {
  "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange": "127.0.0.1/32,192.168.1.7"
 }
 ```
 ```yaml tab="Rancher"
 # Accepts request from defined IP
 labels:
  - "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
 ```
 ```yaml tab="File (YAML)"
 # Accepts request from defined IP
 http:
@@ -73,7 +61,10 @@ The `sourceRange` option sets the allowed IPs (or ranges of allowed IPs by using
 ### `ipStrategy`
-The `ipStrategy` option defines two parameters that set how Traefik determines the client IP: `depth`, and `excludedIPs`.
+The `ipStrategy` option defines two parameters that set how Traefik determines the client IP: `depth`, and `excludedIPs`.  
 If no strategy is set, the default behavior is to match `sourceRange` against the Remote address found in the request.
 !!! important "As a middleware, whitelisting happens before the actual proxying to the backend takes place. In addition, the previous network hop only gets appended to `X-Forwarded-For` during the last stages of proxying, i.e. after it has already passed through whitelisting. Therefore, during whitelisting, as the previous network hop is not yet present in `X-Forwarded-For`, it cannot be matched against `sourceRange`."
 #### `ipStrategy.depth`
@@ -92,7 +83,7 @@ The `depth` option tells Traefik to use the `X-Forwarded-For` header and take th
    | `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `3`     | `"11.0.0.1"` |
    | `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `5`     | `""`         |
-```yaml tab="Docker"
+```yaml tab="Docker & Swarm"
 # Allowlisting Based on `X-Forwarded-For` with `depth=2`
 labels:
  - "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
@@ -101,7 +92,7 @@ labels:
 ```yaml tab="Kubernetes"
 # Allowlisting Based on `X-Forwarded-For` with `depth=2`
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
  name: test-ipallowlist
@@ -120,20 +111,6 @@ spec:
 - "traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.depth=2"
 ```
 ```json tab="Marathon"
 "labels": {
  "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange": "127.0.0.1/32, 192.168.1.7",
  "traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.depth": "2"
 }
 ```
 ```yaml tab="Rancher"
 # Allowlisting Based on `X-Forwarded-For` with `depth=2`
 labels:
  - "traefik.http.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
  - "traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.depth=2"
 ```
 ```yaml tab="File (YAML)"
 # Allowlisting Based on `X-Forwarded-For` with `depth=2`
 http:
@@ -172,7 +149,7 @@ http:
    | `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `"15.0.0.1,16.0.0.1"` | `"13.0.0.1"` |
    | `"10.0.0.1,11.0.0.1"`                   | `"10.0.0.1,11.0.0.1"` | `""`         |
-```yaml tab="Docker"
+```yaml tab="Docker & Swarm"
 # Exclude from `X-Forwarded-For`
 labels:
    - "traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
@@ -180,7 +157,7 @@ labels:
 ```yaml tab="Kubernetes"
 # Exclude from `X-Forwarded-For`
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
  name: test-ipallowlist
@@ -197,18 +174,6 @@ spec:
 - "traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
 ```
 ```json tab="Marathon"
 "labels": {
  "traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.excludedips": "127.0.0.1/32, 192.168.1.7"
 }
 ```
 ```yaml tab="Rancher"
 # Exclude from `X-Forwarded-For`
 labels:
  - "traefik.http.middlewares.test-ipallowlist.ipallowlist.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
 ```
 ```yaml tab="File (YAML)"
 # Exclude from `X-Forwarded-For`
 http:
--- a/docs/content/middlewares/http/overview.md
+++ b/docs/content/middlewares/http/overview.md
@@ -12,7 +12,7 @@ Controlling connections
 ## Configuration Example
-```yaml tab="Docker"
+```yaml tab="Docker & Swarm"
 # As a Docker Label
 whoami:
  #  A container that exposes an API to show its IP address
@@ -26,21 +26,8 @@ whoami:
 ```yaml tab="Kubernetes IngressRoute"
 # As a Kubernetes Traefik IngressRoute
 apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
 metadata:
  name: middlewares.traefik.containo.us
 spec:
  group: traefik.containo.us
  version: v1alpha1
  names:
    kind: Middleware
    plural: middlewares
    singular: middleware
  scope: Namespaced
 ---
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
  name: stripprefix
@@ -50,7 +37,7 @@ spec:
      - /stripit
 ---
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
  name: ingressroute
@@ -69,22 +56,6 @@ spec:
 - "traefik.http.routers.router1.middlewares=foo-add-prefix@consulcatalog"
 ```
 ```json tab="Marathon"
 "labels": {
  "traefik.http.middlewares.foo-add-prefix.addprefix.prefix": "/foo",
  "traefik.http.routers.router1.middlewares": "foo-add-prefix@marathon"
 }
 ```
 ```yaml tab="Rancher"
 # As a Rancher Label
 labels:
  # Create a middleware named `foo-add-prefix`
  - "traefik.http.middlewares.foo-add-prefix.addprefix.prefix=/foo"
  # Apply the middleware named `foo-add-prefix` to the router named `router1`
  - "traefik.http.routers.router1.middlewares=foo-add-prefix@rancher"
 ```
 ```toml tab="File (TOML)"
 # As TOML Configuration File
 [http.routers]
--- a/docs/content/middlewares/http/passtlsclientcert.md
+++ b/docs/content/middlewares/http/passtlsclientcert.md
@@ -18,14 +18,14 @@ PassTLSClientCert adds the selected data from the passed client TLS certificate
 Pass the pem in the `X-Forwarded-Tls-Client-Cert` header.
-```yaml tab="Docker"
+```yaml tab="Docker & Swarm"
 # Pass the pem in the `X-Forwarded-Tls-Client-Cert` header.
 labels:
  - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.pem=true"
 ```
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
  name: test-passtlsclientcert
@@ -39,18 +39,6 @@ spec:
 - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.pem=true"
 ```
 ```json tab="Marathon"
 "labels": {
  "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.pem": "true"
 }
 ```
 ```yaml tab="Rancher"
 # Pass the pem in the `X-Forwarded-Tls-Client-Cert` header.
 labels:
  - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.pem=true"
 ```
 ```yaml tab="File (YAML)"
 # Pass the pem in the `X-Forwarded-Tls-Client-Cert` header.
 http:
@@ -69,7 +57,7 @@ http:
 ??? example "Pass the pem in the `X-Forwarded-Tls-Client-Cert` header"
-    ```yaml tab="Docker"
+    ```yaml tab="Docker & Swarm"
    # Pass all the available info in the `X-Forwarded-Tls-Client-Cert-Info` header
    labels:
      - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.notafter=true"
@@ -95,7 +83,7 @@ http:
    ```yaml tab="Kubernetes"
    # Pass all the available info in the `X-Forwarded-Tls-Client-Cert-Info` header
-    apiVersion: traefik.containo.us/v1alpha1
+    apiVersion: traefik.io/v1alpha1
    kind: Middleware
    metadata:
      name: test-passtlsclientcert
@@ -146,52 +134,6 @@ http:
    - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.serialnumber=true"
    ```
    ```json tab="Marathon"
    "labels": {
      "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.notafter": "true",
      "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.notbefore": "true",
      "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.sans": "true",
      "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.commonname": "true",
      "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.country": "true",
      "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.domaincomponent": "true",
      "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.locality": "true",
      "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.organization": "true",
      "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.organizationalunit": "true",
      "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.province": "true",
      "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.serialnumber": "true",
      "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.commonname": "true",
      "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.country": "true",
      "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.domaincomponent": "true",
      "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.locality": "true",
      "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.organization": "true",
      "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.province": "true",
      "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.serialnumber": "true"
    }
    ```
    ```yaml tab="Rancher"
    # Pass all the available info in the `X-Forwarded-Tls-Client-Cert-Info` header
    labels:
      - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.notafter=true"
      - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.notbefore=true"
      - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.sans=true"
      - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.commonname=true"
      - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.country=true"
      - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.domaincomponent=true"
      - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.locality=true"
      - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.organization=true"
      - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.organizationalunit=true"
      - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.province=true"
      - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.serialnumber=true"
      - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.commonname=true"
      - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.country=true"
      - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.domaincomponent=true"
      - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.locality=true"
      - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.organization=true"
      - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.province=true"
      - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.issuer.serialnumber=true"
    ```
    ```yaml tab="File (YAML)"
    # Pass all the available info in the `X-Forwarded-Tls-Client-Cert-Info` header
    http:
--- a/docs/content/middlewares/http/ratelimit.md
+++ b/docs/content/middlewares/http/ratelimit.md
@@ -10,9 +10,11 @@ To Control the Number of Requests Going to a Service
 The RateLimit middleware ensures that services will receive a _fair_ amount of requests, and allows one to define what fair is.
 It is based on a [token bucket](https://en.wikipedia.org/wiki/Token_bucket) implementation. In this analogy, the [average](#average) parameter (defined below) is the rate at which the bucket refills, and the [burst](#burst) is the size (volume) of the bucket.
 ## Configuration Example
-```yaml tab="Docker"
+```yaml tab="Docker & Swarm"
 # Here, an average of 100 requests per second is allowed.
 # In addition, a burst of 50 requests is allowed.
 labels:
@@ -23,7 +25,7 @@ labels:
 ```yaml tab="Kubernetes"
 # Here, an average of 100 requests per second is allowed.
 # In addition, a burst of 50 requests is allowed.
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
  name: test-ratelimit
@@ -40,21 +42,6 @@ spec:
 - "traefik.http.middlewares.test-ratelimit.ratelimit.burst=50"
 ```
 ```json tab="Marathon"
 "labels": {
  "traefik.http.middlewares.test-ratelimit.ratelimit.average": "100",
  "traefik.http.middlewares.test-ratelimit.ratelimit.burst": "50"
 }
 ```
 ```yaml tab="Rancher"
 # Here, an average of 100 requests per second is allowed.
 # In addition, a burst of 50 requests is allowed.
 labels:
  - "traefik.http.middlewares.test-ratelimit.ratelimit.average=100"
  - "traefik.http.middlewares.test-ratelimit.ratelimit.burst=50"
 ```
 ```yaml tab="File (YAML)"
 # Here, an average of 100 requests per second is allowed.
 # In addition, a burst of 50 requests is allowed.
@@ -86,7 +73,7 @@ It defaults to `0`, which means no rate limiting.
 The rate is actually defined by dividing `average` by `period`.
 So for a rate below 1 req/s, one needs to define a `period` larger than a second.
-```yaml tab="Docker"
+```yaml tab="Docker & Swarm"
 # 100 reqs/s
 labels:
  - "traefik.http.middlewares.test-ratelimit.ratelimit.average=100"
@@ -94,7 +81,7 @@ labels:
 ```yaml tab="Kubernetes"
 # 100 reqs/s
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
  name: test-ratelimit
@@ -108,17 +95,6 @@ spec:
 - "traefik.http.middlewares.test-ratelimit.ratelimit.average=100"
 ```
 ```json tab="Marathon"
 "labels": {
  "traefik.http.middlewares.test-ratelimit.ratelimit.average": "100",
 }
 ```
 ```yaml tab="Rancher"
 labels:
  - "traefik.http.middlewares.test-ratelimit.ratelimit.average=100"
 ```
 ```yaml tab="File (YAML)"
 # 100 reqs/s
 http:
@@ -145,7 +121,7 @@ r = average / period
 It defaults to `1` second.
-```yaml tab="Docker"
+```yaml tab="Docker & Swarm"
 # 6 reqs/minute
 labels:
  - "traefik.http.middlewares.test-ratelimit.ratelimit.average=6"
@@ -154,7 +130,7 @@ labels:
 ```yaml tab="Kubernetes"
 # 6 reqs/minute
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
  name: test-ratelimit
@@ -170,20 +146,6 @@ spec:
 - "traefik.http.middlewares.test-ratelimit.ratelimit.period=1m"
 ```
 ```json tab="Marathon"
 "labels": {
  "traefik.http.middlewares.test-ratelimit.ratelimit.average": "6",
  "traefik.http.middlewares.test-ratelimit.ratelimit.period": "1m",
 }
 ```
 ```yaml tab="Rancher"
 # 6 reqs/minute
 labels:
  - "traefik.http.middlewares.test-ratelimit.ratelimit.average=6"
  - "traefik.http.middlewares.test-ratelimit.ratelimit.period=1m"
 ```
 ```yaml tab="File (YAML)"
 # 6 reqs/minute
 http:
@@ -208,13 +170,13 @@ http:
 It defaults to `1`.
-```yaml tab="Docker"
+```yaml tab="Docker & Swarm"
 labels:
  - "traefik.http.middlewares.test-ratelimit.ratelimit.burst=100"
 ```
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
  name: test-ratelimit
@@ -227,17 +189,6 @@ spec:
 - "traefik.http.middlewares.test-ratelimit.ratelimit.burst=100"
 ```
 ```json tab="Marathon"
 "labels": {
  "traefik.http.middlewares.test-ratelimit.ratelimit.burst": "100",
 }
 ```
 ```yaml tab="Rancher"
 labels:
  - "traefik.http.middlewares.test-ratelimit.ratelimit.burst=100"
 ```
 ```yaml tab="File (YAML)"
 http:
  middlewares:
@@ -262,6 +213,8 @@ If none are set, the default is to use the request's remote address field (as an
 The `ipStrategy` option defines two parameters that configures how Traefik determines the client IP: `depth`, and `excludedIPs`.
 !!! important "As a middleware, rate-limiting happens before the actual proxying to the backend takes place. In addition, the previous network hop only gets appended to `X-Forwarded-For` during the last stages of proxying, i.e. after it has already passed through rate-limiting. Therefore, during rate-limiting, as the previous network hop is not yet present in `X-Forwarded-For`, it cannot be found and/or relied upon."
 ##### `ipStrategy.depth`
 The `depth` option tells Traefik to use the `X-Forwarded-For` header and select the IP located at the `depth` position (starting from the right).
@@ -279,13 +232,13 @@ The `depth` option tells Traefik to use the `X-Forwarded-For` header and select
    | `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `3`     | `"11.0.0.1"` |
    | `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `5`     | `""`         |
-```yaml tab="Docker"
+```yaml tab="Docker & Swarm"
 labels:
  - "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.ipstrategy.depth=2"
 ```
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
  name: test-ratelimit
@@ -300,17 +253,6 @@ spec:
 - "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.ipstrategy.depth=2"
 ```
 ```json tab="Marathon"
 "labels": {
  "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.ipstrategy.depth": "2"
 }
 ```
 ```yaml tab="Rancher"
 labels:
  - "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.ipstrategy.depth=2"
 ```
 ```yaml tab="File (YAML)"
 http:
  middlewares:
@@ -371,13 +313,13 @@ and the first IP that is _not_ in the pool (if any) is returned.
    | `"10.0.0.1,11.0.0.1,13.0.0.1"` | `"15.0.0.1,16.0.0.1"` | `"13.0.0.1"` |
    | `"10.0.0.1,11.0.0.1"`          | `"10.0.0.1,11.0.0.1"` | `""`         |
-```yaml tab="Docker"
+```yaml tab="Docker & Swarm"
 labels:
  - "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
 ```
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
  name: test-ratelimit
@@ -394,17 +336,6 @@ spec:
 - "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
 ```
 ```json tab="Marathon"
 "labels": {
  "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.ipstrategy.excludedips": "127.0.0.1/32, 192.168.1.7"
 }
 ```
 ```yaml tab="Rancher"
 labels:
  - "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.ipstrategy.excludedips=127.0.0.1/32, 192.168.1.7"
 ```
 ```yaml tab="File (YAML)"
 http:
  middlewares:
@@ -428,13 +359,13 @@ http:
 Name of the header used to group incoming requests.
-```yaml tab="Docker"
+```yaml tab="Docker & Swarm"
 labels:
  - "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.requestheadername=username"
 ```
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
  name: test-ratelimit
@@ -448,17 +379,6 @@ spec:
 - "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.requestheadername=username"
 ```
 ```json tab="Marathon"
 "labels": {
  "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.requestheadername": "username"
 }
 ```
 ```yaml tab="Rancher"
 labels:
  - "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.requestheadername=username"
 ```
 ```yaml tab="File (YAML)"
 http:
  middlewares:
@@ -479,13 +399,13 @@ http:
 Whether to consider the request host as the source.
-```yaml tab="Docker"
+```yaml tab="Docker & Swarm"
 labels:
  - "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.requesthost=true"
 ```
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
  name: test-ratelimit
@@ -499,17 +419,6 @@ spec:
 - "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.requesthost=true"
 ```
 ```json tab="Marathon"
 "labels": {
  "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.requesthost": "true"
 }
 ```
 ```yaml tab="Rancher"
 labels:
  - "traefik.http.middlewares.test-ratelimit.ratelimit.sourcecriterion.requesthost=true"
 ```
 ```yaml tab="File (YAML)"
 http:
  middlewares:
--- a/docs/content/middlewares/http/redirectregex.md
+++ b/docs/content/middlewares/http/redirectregex.md
@@ -16,7 +16,7 @@ The RedirectRegex redirects a request using regex matching and replacement.
 ## Configuration Examples
-```yaml tab="Docker"
+```yaml tab="Docker & Swarm"
 # Redirect with domain replacement
 # Note: all dollar signs need to be doubled for escaping.
 labels:
@@ -26,7 +26,7 @@ labels:
 ```yaml tab="Kubernetes"
 # Redirect with domain replacement
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
  name: test-redirectregex
@@ -43,21 +43,6 @@ spec:
 - "traefik.http.middlewares.test-redirectregex.redirectregex.replacement=http://mydomain/$${1}"
 ```
 ```json tab="Marathon"
 "labels": {
  "traefik.http.middlewares.test-redirectregex.redirectregex.regex": "^http://localhost/(.*)",
  "traefik.http.middlewares.test-redirectregex.redirectregex.replacement": "http://mydomain/${1}"
 }
 ```
 ```yaml tab="Rancher"
 # Redirect with domain replacement
 # Note: all dollar signs need to be doubled for escaping.
 labels:
  - "traefik.http.middlewares.test-redirectregex.redirectregex.regex=^http://localhost/(.*)"
  - "traefik.http.middlewares.test-redirectregex.redirectregex.replacement=http://mydomain/$${1}"
 ```
 ```yaml tab="File (YAML)"
 # Redirect with domain replacement
 http:
--- a/docs/content/middlewares/http/redirectscheme.md
+++ b/docs/content/middlewares/http/redirectscheme.md
@@ -25,7 +25,7 @@ The RedirectScheme middleware redirects the request if the request scheme is dif
 ## Configuration Examples
-```yaml tab="Docker"
+```yaml tab="Docker & Swarm"
 # Redirect to https
 labels:
  - "traefik.http.middlewares.test-redirectscheme.redirectscheme.scheme=https"
@@ -34,7 +34,7 @@ labels:
 ```yaml tab="Kubernetes"
 # Redirect to https
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
  name: test-redirectscheme
@@ -51,20 +51,6 @@ labels:
  - "traefik.http.middlewares.test-redirectscheme.redirectscheme.permanent=true"
 ```
 ```json tab="Marathon"
 "labels": {
  "traefik.http.middlewares.test-redirectscheme.redirectscheme.scheme": "https"
  "traefik.http.middlewares.test-redirectscheme.redirectscheme.permanent": "true"
 }
 ```
 ```yaml tab="Rancher"
 # Redirect to https
 labels:
  - "traefik.http.middlewares.test-redirectscheme.redirectscheme.scheme=https"
  - "traefik.http.middlewares.test-redirectscheme.redirectscheme.permanent=true"
 ```
 ```yaml tab="File (YAML)"
 # Redirect to https
 http:
@@ -89,7 +75,7 @@ http:
 Set the `permanent` option to `true` to apply a permanent redirection.
-```yaml tab="Docker"
+```yaml tab="Docker & Swarm"
 # Redirect to https
 labels:
  # ...
@@ -98,7 +84,7 @@ labels:
 ```yaml tab="Kubernetes"
 # Redirect to https
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
  name: test-redirectscheme
@@ -115,20 +101,6 @@ labels:
  - "traefik.http.middlewares.test-redirectscheme.redirectscheme.permanent=true"
 ```
 ```json tab="Marathon"
 "labels": {
  "traefik.http.middlewares.test-redirectscheme.redirectscheme.permanent": "true"
 }
 ```
 ```yaml tab="Rancher"
 # Redirect to https
 labels:
  # ...
  - "traefik.http.middlewares.test-redirectscheme.redirectscheme.permanent=true"
 ```
 ```yaml tab="File (YAML)"
 # Redirect to https
 http:
@@ -151,7 +123,7 @@ http:
 The `scheme` option defines the scheme of the new URL.
-```yaml tab="Docker"
+```yaml tab="Docker & Swarm"
 # Redirect to https
 labels:
  - "traefik.http.middlewares.test-redirectscheme.redirectscheme.scheme=https"
@@ -159,7 +131,7 @@ labels:
 ```yaml tab="Kubernetes"
 # Redirect to https
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
  name: test-redirectscheme
@@ -174,18 +146,6 @@ labels:
  - "traefik.http.middlewares.test-redirectscheme.redirectscheme.scheme=https"
 ```
 ```json tab="Marathon"
 "labels": {
  "traefik.http.middlewares.test-redirectscheme.redirectscheme.scheme": "https"
 }
 ```
 ```yaml tab="Rancher"
 # Redirect to https
 labels:
  - "traefik.http.middlewares.test-redirectscheme.redirectscheme.scheme=https"
 ```
 ```yaml tab="File (YAML)"
 # Redirect to https
 http:
@@ -206,7 +166,7 @@ http:
 The `port` option defines the port of the new URL.
-```yaml tab="Docker"
+```yaml tab="Docker & Swarm"
 # Redirect to https
 labels:
  # ...
@@ -215,7 +175,7 @@ labels:
 ```yaml tab="Kubernetes"
 # Redirect to https
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
  name: test-redirectscheme
@@ -232,20 +192,6 @@ labels:
  - "traefik.http.middlewares.test-redirectscheme.redirectscheme.port=443"
 ```
 ```json tab="Marathon"
 "labels": {
  "traefik.http.middlewares.test-redirectscheme.redirectscheme.port": "443"
 }
 ```
 ```yaml tab="Rancher"
 # Redirect to https
 labels:
  # ...
  - "traefik.http.middlewares.test-redirectscheme.redirectscheme.port=443"
 ```
 ```yaml tab="File (YAML)"
 # Redirect to https
 http:
--- a/docs/content/middlewares/http/replacepath.md
+++ b/docs/content/middlewares/http/replacepath.md
@@ -16,7 +16,7 @@ Replace the path of the request URL.
 ## Configuration Examples
-```yaml tab="Docker"
+```yaml tab="Docker & Swarm"
 # Replace the path with /foo
 labels:
  - "traefik.http.middlewares.test-replacepath.replacepath.path=/foo"
@@ -24,7 +24,7 @@ labels:
 ```yaml tab="Kubernetes"
 # Replace the path with /foo
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
  name: test-replacepath
@@ -38,18 +38,6 @@ spec:
 - "traefik.http.middlewares.test-replacepath.replacepath.path=/foo"
 ```
 ```json tab="Marathon"
 "labels": {
  "traefik.http.middlewares.test-replacepath.replacepath.path": "/foo"
 }
 ```
 ```yaml tab="Rancher"
 # Replace the path with /foo
 labels:
  - "traefik.http.middlewares.test-replacepath.replacepath.path=/foo"
 ```
 ```yaml tab="File (YAML)"
 # Replace the path with /foo
 http:
--- a/docs/content/middlewares/http/replacepathregex.md
+++ b/docs/content/middlewares/http/replacepathregex.md
@@ -16,7 +16,7 @@ The ReplaceRegex replaces the path of a URL using regex matching and replacement
 ## Configuration Examples
-```yaml tab="Docker"
+```yaml tab="Docker & Swarm"
 # Replace path with regex
 labels:
  - "traefik.http.middlewares.test-replacepathregex.replacepathregex.regex=^/foo/(.*)"
@@ -25,7 +25,7 @@ labels:
 ```yaml tab="Kubernetes"
 # Replace path with regex
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
  name: test-replacepathregex
@@ -41,20 +41,6 @@ spec:
 - "traefik.http.middlewares.test-replacepathregex.replacepathregex.replacement=/bar/$1"
 ```
 ```json tab="Marathon"
 "labels": {
  "traefik.http.middlewares.test-replacepathregex.replacepathregex.regex": "^/foo/(.*)",
  "traefik.http.middlewares.test-replacepathregex.replacepathregex.replacement": "/bar/$1"
 }
 ```
 ```yaml tab="Rancher"
 # Replace path with regex
 labels:
  - "traefik.http.middlewares.test-replacepathregex.replacepathregex.regex=^/foo/(.*)"
  - "traefik.http.middlewares.test-replacepathregex.replacepathregex.replacement=/bar/$1"
 ```
 ```yaml tab="File (YAML)"
 # Replace path with regex
 http:
--- a/docs/content/middlewares/http/retry.md
+++ b/docs/content/middlewares/http/retry.md
@@ -18,7 +18,7 @@ The Retry middleware has an optional configuration to enable an exponential back
 ## Configuration Examples
-```yaml tab="Docker"
+```yaml tab="Docker & Swarm"
 # Retry 4 times with exponential backoff
 labels:
  - "traefik.http.middlewares.test-retry.retry.attempts=4"
@@ -27,7 +27,7 @@ labels:
 ```yaml tab="Kubernetes"
 # Retry 4 times with exponential backoff
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
  name: test-retry
@@ -43,20 +43,6 @@ spec:
 - "traefik.http.middlewares.test-retry.retry.initialinterval=100ms"
 ```
 ```json tab="Marathon"
 "labels": {
  "traefik.http.middlewares.test-retry.retry.attempts": "4",
  "traefik.http.middlewares.test-retry.retry.initialinterval": "100ms",
 }
 ```
 ```yaml tab="Rancher"
 # Retry 4 times with exponential backoff
 labels:
  - "traefik.http.middlewares.test-retry.retry.attempts=4"
  - "traefik.http.middlewares.test-retry.retry.initialinterval=100ms"
 ```
 ```yaml tab="File (YAML)"
 # Retry 4 times with exponential backoff
 http:
--- a/docs/content/middlewares/http/stripprefix.md
+++ b/docs/content/middlewares/http/stripprefix.md
@@ -16,7 +16,7 @@ Remove the specified prefixes from the URL path.
 ## Configuration Examples
-```yaml tab="Docker"
+```yaml tab="Docker & Swarm"
 # Strip prefix /foobar and /fiibar
 labels:
  - "traefik.http.middlewares.test-stripprefix.stripprefix.prefixes=/foobar,/fiibar"
@@ -24,7 +24,7 @@ labels:
 ```yaml tab="Kubernetes"
 # Strip prefix /foobar and /fiibar
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
  name: test-stripprefix
@@ -40,18 +40,6 @@ spec:
 - "traefik.http.middlewares.test-stripprefix.stripprefix.prefixes=/foobar,/fiibar"
 ```
 ```json tab="Marathon"
 "labels": {
  "traefik.http.middlewares.test-stripprefix.stripprefix.prefixes": "/foobar,/fiibar"
 }
 ```
 ```yaml tab="Rancher"
 # Strip prefix /foobar and /fiibar
 labels:
  - "traefik.http.middlewares.test-stripprefix.stripprefix.prefixes=/foobar,/fiibar"
 ```
 ```yaml tab="File (YAML)"
 # Strip prefix /foobar and /fiibar
 http:
--- a/docs/content/middlewares/http/stripprefixregex.md
+++ b/docs/content/middlewares/http/stripprefixregex.md
@@ -12,13 +12,13 @@ Remove the matching prefixes from the URL path.
 ## Configuration Examples
-```yaml tab="Docker"
+```yaml tab="Docker & Swarm"
 labels:
  - "traefik.http.middlewares.test-stripprefixregex.stripprefixregex.regex=/foo/[a-z0-9]+/[0-9]+/"
 ```
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
  name: test-stripprefixregex
@@ -32,17 +32,6 @@ spec:
 - "traefik.http.middlewares.test-stripprefixregex.stripprefixregex.regex=/foo/[a-z0-9]+/[0-9]+/"
 ```
 ```json tab="Marathon"
 "labels": {
  "traefik.http.middlewares.test-stripprefixregex.stripprefixregex.regex": "/foo/[a-z0-9]+/[0-9]+/"
 }
 ```
 ```yaml tab="Rancher"
 labels:
  - "traefik.http.middlewares.test-stripprefixregex.stripprefixregex.regex=/foo/[a-z0-9]+/[0-9]+/"
 ```
 ```yaml tab="File (YAML)"
 http:
  middlewares:
--- a/docs/content/middlewares/overview.md
+++ b/docs/content/middlewares/overview.md
@@ -23,7 +23,7 @@ Middlewares that use the same protocol can be combined into chains to fit every
 ## Configuration Example
-```yaml tab="Docker"
+```yaml tab="Docker & Swarm"
 # As a Docker Label
 whoami:
  #  A container that exposes an API to show its IP address
@@ -37,7 +37,7 @@ whoami:
 ```yaml tab="Kubernetes IngressRoute"
 ---
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
  name: stripprefix
@@ -47,7 +47,7 @@ spec:
      - /stripit
 ---
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
  name: ingressroute
@@ -66,22 +66,6 @@ spec:
 - "traefik.http.routers.router1.middlewares=foo-add-prefix@consulcatalog"
 ```
 ```json tab="Marathon"
 "labels": {
  "traefik.http.middlewares.foo-add-prefix.addprefix.prefix": "/foo",
  "traefik.http.routers.router1.middlewares": "foo-add-prefix@marathon"
 }
 ```
 ```yaml tab="Rancher"
 # As a Rancher Label
 labels:
  # Create a middleware named `foo-add-prefix`
  - "traefik.http.middlewares.foo-add-prefix.addprefix.prefix=/foo"
  # Apply the middleware named `foo-add-prefix` to the router named `router1`
  - "traefik.http.routers.router1.middlewares=foo-add-prefix@rancher"
 ```
 ```yaml tab="File (YAML)"
 # As YAML Configuration File
 http:
--- a/docs/content/middlewares/tcp/inflightconn.md
+++ b/docs/content/middlewares/tcp/inflightconn.md
@@ -7,13 +7,13 @@ To proactively prevent services from being overwhelmed with high load, the numbe
 ## Configuration Examples
-```yaml tab="Docker"
+```yaml tab="Docker & Swarm"
 labels:
  - "traefik.tcp.middlewares.test-inflightconn.inflightconn.amount=10"
 ```
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: MiddlewareTCP
 metadata:
  name: test-inflightconn
@@ -27,18 +27,6 @@ spec:
 - "traefik.tcp.middlewares.test-inflightconn.inflightconn.amount=10"
 ```
 ```json tab="Marathon"
 "labels": {
  "traefik.tcp.middlewares.test-inflightconn.inflightconn.amount": "10"
 }
 ```
 ```yaml tab="Rancher"
 # Limiting to 10 simultaneous connections.
 labels:
  - "traefik.tcp.middlewares.test-inflightconn.inflightconn.amount=10"
 ```
 ```yaml tab="File (YAML)"
 # Limiting to 10 simultaneous connections.
 tcp:
--- a/docs/content/middlewares/tcp/ipallowlist.md
+++ b/docs/content/middlewares/tcp/ipallowlist.md
@@ -12,14 +12,14 @@ IPAllowList accepts / refuses connections based on the client IP.
 ## Configuration Examples
-```yaml tab="Docker"
+```yaml tab="Docker & Swarm"
 # Accepts connections from defined IP
 labels:
  - "traefik.tcp.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
 ```
 ```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: MiddlewareTCP
 metadata:
  name: test-ipallowlist
@@ -35,18 +35,6 @@ spec:
 - "traefik.tcp.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
 ```
 ```json tab="Marathon"
 "labels": {
  "traefik.tcp.middlewares.test-ipallowlist.ipallowlist.sourcerange": "127.0.0.1/32,192.168.1.7"
 }
 ```
 ```yaml tab="Rancher"
 # Accepts request from defined IP
 labels:
  - "traefik.tcp.middlewares.test-ipallowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
 ```
 ```toml tab="File (TOML)"
 # Accepts request from defined IP
 [tcp.middlewares]
--- a/docs/content/middlewares/tcp/overview.md
+++ b/docs/content/middlewares/tcp/overview.md
@@ -12,7 +12,7 @@ Controlling connections
 ## Configuration Example
-```yaml tab="Docker"
+```yaml tab="Docker & Swarm"
 # As a Docker Label
 whoami:
  #  A container that exposes an API to show its IP address
@@ -26,21 +26,8 @@ whoami:
 ```yaml tab="Kubernetes IngressRoute"
 # As a Kubernetes Traefik IngressRoute
 apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
 metadata:
  name: middlewaretcps.traefik.containo.us
 spec:
  group: traefik.containo.us
  version: v1alpha1
  names:
    kind: MiddlewareTCP
    plural: middlewaretcps
    singular: middlewaretcp
  scope: Namespaced
 ---
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: MiddlewareTCP
 metadata:
  name: foo-ip-allowlist
@@ -51,7 +38,7 @@ spec:
      - 192.168.1.7
 ---
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: IngressRouteTCP
 metadata:
  name: ingressroute
@@ -70,22 +57,6 @@ spec:
 - "traefik.tcp.routers.router1.middlewares=foo-ip-allowlist@consulcatalog"
 ```
 ```json tab="Marathon"
 "labels": {
  "traefik.tcp.middlewares.foo-ip-allowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7",
  "traefik.tcp.routers.router1.middlewares=foo-ip-allowlist@marathon"
 }
 ```
 ```yaml tab="Rancher"
 # As a Rancher Label
 labels:
  # Create a middleware named `foo-ip-allowlist`
  - "traefik.tcp.middlewares.foo-ip-allowlist.ipallowlist.sourcerange=127.0.0.1/32, 192.168.1.7"
  # Apply the middleware named `foo-ip-allowlist` to the router named `router1`
  - "traefik.tcp.routers.router1.middlewares=foo-ip-allowlist@rancher"
 ```
 ```toml tab="File (TOML)"
 # As TOML Configuration File
 [tcp.routers]
--- a/docs/content/migration/v1-to-v2.md
+++ b/docs/content/migration/v1-to-v2.md
@@ -38,7 +38,7 @@ Then any router can refer to an instance of the wanted middleware.
    !!! info "v1"
-    ```yaml tab="Docker"
+    ```yaml tab="Docker & Swarm"
    labels:
      - "traefik.frontend.rule=Host:test.localhost;PathPrefix:/test"
      - "traefik.frontend.auth.basic.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
@@ -100,7 +100,7 @@ Then any router can refer to an instance of the wanted middleware.
    !!! info "v2"
-    ```yaml tab="Docker"
+    ```yaml tab="Docker & Swarm"
    labels:
      - "traefik.http.routers.router0.rule=Host(`test.localhost`) && PathPrefix(`/test`)"
      - "traefik.http.routers.router0.middlewares=auth"
@@ -110,7 +110,7 @@ Then any router can refer to an instance of the wanted middleware.
    ```yaml tab="K8s IngressRoute"
    # The definitions below require the definitions for the Middleware and IngressRoute kinds.
    # https://doc.traefik.io/traefik/reference/dynamic-configuration/kubernetes-crd/#definitions
-    apiVersion: traefik.containo.us/v1alpha1
+    apiVersion: traefik.io/v1alpha1
    kind: Middleware
    metadata:
      name: basicauth
@@ -123,7 +123,7 @@ Then any router can refer to an instance of the wanted middleware.
          - test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0
    ---
-    apiVersion: traefik.containo.us/v1alpha1
+    apiVersion: traefik.io/v1alpha1
    kind: IngressRoute
    metadata:
      name: ingressroutebar
@@ -281,7 +281,7 @@ Then, a [router's TLS field](../routing/routers/index.md#tls) can refer to one o
    ```yaml tab="K8s IngressRoute"
    # The definitions below require the definitions for the TLSOption and IngressRoute kinds.
    # https://doc.traefik.io/traefik/reference/dynamic-configuration/kubernetes-crd/#definitions
-    apiVersion: traefik.containo.us/v1alpha1
+    apiVersion: traefik.io/v1alpha1
    kind: TLSOption
    metadata:
      name: mytlsoption
@@ -297,7 +297,7 @@ Then, a [router's TLS field](../routing/routers/index.md#tls) can refer to one o
 	    - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
    ---
-    apiVersion: traefik.containo.us/v1alpha1
+    apiVersion: traefik.io/v1alpha1
    kind: IngressRoute
    metadata:
      name: ingressroutebar
@@ -317,7 +317,7 @@ Then, a [router's TLS field](../routing/routers/index.md#tls) can refer to one o
          namespace: default
    ```
-    ```yaml tab="Docker"
+    ```yaml tab="Docker & Swarm"
    labels:
      # myTLSOptions must be defined by another provider, in this instance in the File Provider.
      # see the cross provider section
@@ -428,7 +428,7 @@ To apply a redirection:
    !!! info "v2"
-    ```yaml tab="Docker"
+    ```yaml tab="Docker & Swarm"
    labels:
      traefik.http.routers.app.rule: Host(`example.net`)
      traefik.http.routers.app.entrypoints: web
@@ -443,7 +443,7 @@ To apply a redirection:
    ```
    ```yaml tab="K8s IngressRoute"
-    apiVersion: traefik.containo.us/v1alpha1
+    apiVersion: traefik.io/v1alpha1
    kind: IngressRoute
    metadata:
      name: http-redirect-ingressroute
@@ -461,7 +461,7 @@ To apply a redirection:
            - name: https-redirect
    ---
-    apiVersion: traefik.containo.us/v1alpha1
+    apiVersion: traefik.io/v1alpha1
    kind: IngressRoute
    metadata:
      name: https-ingressroute
@@ -478,7 +478,7 @@ To apply a redirection:
      tls: {}
    ---
-    apiVersion: traefik.containo.us/v1alpha1
+    apiVersion: traefik.io/v1alpha1
    kind: Middleware
    metadata:
      name: https-redirect
@@ -556,7 +556,7 @@ with the path `/admin` stripped, e.g. to `http://<IP>:<port>/`. In this case, yo
    !!! info "v1"
-    ```yaml tab="Docker"
+    ```yaml tab="Docker & Swarm"
    labels:
      - "traefik.frontend.rule=Host:example.org;PathPrefixStrip:/admin"
    ```
@@ -588,7 +588,7 @@ with the path `/admin` stripped, e.g. to `http://<IP>:<port>/`. In this case, yo
    !!! info "v2"
-    ```yaml tab="Docker"
+    ```yaml tab="Docker & Swarm"
    labels:
      - "traefik.http.routers.admin.rule=Host(`example.org`) && PathPrefix(`/admin`)"
      - "traefik.http.routers.admin.middlewares=admin-stripprefix"
@@ -597,7 +597,7 @@ with the path `/admin` stripped, e.g. to `http://<IP>:<port>/`. In this case, yo
    ```yaml tab="Kubernetes IngressRoute"
    ---
-    apiVersion: traefik.containo.us/v1alpha1
+    apiVersion: traefik.io/v1alpha1
    kind: IngressRoute
    metadata:
      name: http-redirect-ingressroute
@@ -614,7 +614,7 @@ with the path `/admin` stripped, e.g. to `http://<IP>:<port>/`. In this case, yo
          middlewares:
            - name: admin-stripprefix
    ---
-    apiVersion: traefik.containo.us/v1alpha1
+    apiVersion: traefik.io/v1alpha1
    kind: Middleware
    metadata:
      name: admin-stripprefix
@@ -1044,7 +1044,7 @@ To activate the dashboard, you can either:
    !!! info "v2"
-    ```yaml tab="Docker"
+    ```yaml tab="Docker & Swarm"
    # dynamic configuration
    labels:
      - "traefik.http.routers.api.rule=Host(`traefik.docker.localhost`)"
--- a/docs/content/migration/v2-to-v3.md
+++ b/docs/content/migration/v2-to-v3.md
@@ -26,20 +26,22 @@ In v3, the reported status code for gRPC requests is now the value of the `Grpc-
 - The `pilot` option has been removed from the static configuration.
 - The `tracing.datadog.globaltag` option has been removed.
 - The `namespace` option of Consul, Consul Catalog and Nomad providers has been removed.
- The `tls.caOptional` option has been removed from the ForwardAuth middleware, as well as from the HTTP, Consul, Etcd, Redis, ZooKeeper, Marathon, Consul Catalog, and Docker providers.
+- The `tls.caOptional` option has been removed from the ForwardAuth middleware, as well as from the HTTP, Consul, Etcd, Redis, ZooKeeper, Consul Catalog, and Docker providers.
 - `sslRedirect`, `sslTemporaryRedirect`, `sslHost`, `sslForceHost` and `featurePolicy` options of the Headers middleware have been removed.
 - The `forceSlash` option of the StripPrefix middleware has been removed.
- the `preferServerCipherSuites` option has been removed.
+- The `preferServerCipherSuites` option has been removed.
 ## Matchers
 In v3, the `Headers` and `HeadersRegexp` matchers have been renamed to `Header` and `HeaderRegexp` respectively.
 `PathPrefix` no longer uses regular expressions to match path prefixes.
 `QueryRegexp` has been introduced to match query values using a regular expression.
 `HeaderRegexp`, `HostRegexp`, `PathRegexp`, `QueryRegexp`, and `HostSNIRegexp` matchers now uses the [Go regexp syntax](https://golang.org/pkg/regexp/syntax/).
-All matchers now take a single value (except `Headers`, `HeaderRegexp`, `Query`, and `QueryRegexp` which take two)
+All matchers now take a single value (except `Header`, `HeaderRegexp`, `Query`, and `QueryRegexp` which take two)
 and should be explicitly combined using logical operators to mimic previous behavior.
 `Query` can take a single value to match is the query value that has no value (e.g. `/search?mobile`).
@@ -50,3 +52,57 @@ and should be explicitly combined using logical operators to mimic previous beha
 In v3, the `Content-Type` header is not auto-detected anymore when it is not set by the backend.
 One should use the `ContentType` middleware to enable the `Content-Type` header value auto-detection.
 ## HTTP/3
 In v3, HTTP/3 is no longer an experimental feature.
 The `experimental.http3` option has been removed from the static configuration.
 ## TCP ServersTransport
 In v3, the support of `TCPServersTransport` has been introduced.
 When using the KubernetesCRD provider, it is therefore necessary to update [RBAC](../reference/dynamic-configuration/kubernetes-crd.md#rbac) and [CRD](../reference/dynamic-configuration/kubernetes-crd.md) manifests.
 ### TCP LoadBalancer `terminationDelay` option
 The TCP LoadBalancer `terminationDelay` option has been removed.
 This option can now be configured directly on the `TCPServersTransport` level, please take a look at this [documentation](../routing/services/index.md#terminationdelay)
 ## Rancher v1
 In v3, the rancher v1 provider has been removed because Rancher v1 is [no longer actively maintaned](https://rancher.com/docs/os/v1.x/en/support/) and v2 is supported as a standard Kubernetes provider.
 Rancher 2.x requires Kubernetes and does not have a metadata endpoint of its own for Traefik to query.
 As such, Rancher 2.x users should utilize the [Kubernetes CRD provider](../providers/kubernetes-crd.md) directly.
 ## Marathon provider
 In v3, the Marathon provider has been removed.
 ## InfluxDB v1
 In v3, the InfluxDB v1 metrics provider has been removed because InfluxDB v1.x maintenance [ended in 2021](https://www.influxdata.com/blog/influxdb-oss-and-enterprise-roadmap-update-from-influxdays-emea/).
 ### Kubernetes CRDs API Group `traefik.containo.us`
 In v3, the Kubernetes CRDs API Group `traefik.containo.us` has been removed. 
 Please use the API Group `traefik.io` instead.
 ## Docker & Docker Swarm
 In v3, the provider Docker has been split into 2 providers:
 - Docker provider (without Swarm support)
 - Swarm provider  (Swarm support only)
 ### Kubernetes Ingress API Group `networking.k8s.io/v1beta1`
 In v3, the Kubernetes Ingress API Group `networking.k8s.io/v1beta1` ([removed since Kubernetes v1.22](https://kubernetes.io/docs/reference/using-api/deprecation-guide/#ingress-v122)) support has been removed.
 Please use the API Group `networking.k8s.io/v1` instead.
 ### Traefik CRD API Version `apiextensions.k8s.io/v1beta1`
 In v3, the Traefik CRD API Version `apiextensions.k8s.io/v1beta1` ([removed since Kubernetes v1.22](https://kubernetes.io/docs/reference/using-api/deprecation-guide/#customresourcedefinition-v122)) support has been removed.
 Please use the CRD definition with the API Version `apiextensions.k8s.io/v1` instead.
--- a/docs/content/migration/v2.md
+++ b/docs/content/migration/v2.md
@@ -65,13 +65,19 @@ rules:
    verbs:
      - update
  - apiGroups:
      - traefik.io
      - traefik.containo.us
    resources:
      - middlewares
      - middlewaretcps
      - ingressroutes
      - traefikservices
      - ingressroutetcps
      - ingressrouteudps
      - tlsoptions
      - tlsstores
      - serverstransports
      - serverstransporttcps
    verbs:
      - get
      - list
@@ -164,20 +170,23 @@ rules:
    verbs:
      - update
  - apiGroups:
      - traefik.io
      - traefik.containo.us
    resources:
      - middlewares
      - middlewaretcps
      - ingressroutes
      - traefikservices
      - ingressroutetcps
      - ingressrouteudps
      - tlsoptions
      - tlsstores
      - serverstransports
      - serverstransporttcps
    verbs:
      - get
      - list
      - watch
 ```
 After having both resources applied, Traefik will work properly.
@@ -496,3 +505,24 @@ In `v2.9`, Traefik Pilot support has been removed.
 ### Nomad Namespace
 In `v2.10`, the `namespace` option of the Nomad provider is deprecated, please use the `namespaces` options instead.
 ### Kubernetes CRDs
 In `v2.10`, the Kubernetes CRDs API Group `traefik.containo.us` is deprecated, and its support will end starting with Traefik v3. Please use the API Group `traefik.io` instead.
 As the Kubernetes CRD provider still works with both API Versions (`traefik.io/v1alpha1` and `traefik.containo.us/v1alpha1`),
 it means that for the same kind, namespace and name, the provider will only keep the `traefik.io/v1alpha1` resource.
 In addition, the Kubernetes CRDs API Version `traefik.io/v1alpha1` will not be supported in Traefik v3 itself.
 Please note that it is a requirement to update the CRDs and the RBAC in the cluster before upgrading Traefik.
 To do so, please apply the required [CRDs](https://raw.githubusercontent.com/traefik/traefik/v2.10/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml) and [RBAC](https://raw.githubusercontent.com/traefik/traefik/v2.10/docs/content/reference/dynamic-configuration/kubernetes-crd-rbac.yml) manifests for v2.10:
 ```bash
 kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.10/docs/content/reference/dynamic-configuration/kubernetes-crd-rbac.yml
 kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.10/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
 ```
 ### Traefik Hub
 In `v2.10`, Traefik Hub configuration has been removed because Traefik Hub v2 doesn't require this configuration.
--- a/docs/content/observability/access-logs.md
+++ b/docs/content/observability/access-logs.md
@@ -154,9 +154,9 @@ accessLog:
    headers:
      defaultMode: keep
      names:
-          User-Agent: redact
+        User-Agent: redact
-          Authorization: drop
+        Authorization: drop
-          Content-Type: keep
+        Content-Type: keep
 ```
 ```toml tab="File (TOML)"
--- a/docs/content/observability/logs.md
+++ b/docs/content/observability/logs.md
@@ -64,7 +64,9 @@ log:
 #### `level`
-By default, the `level` is set to `ERROR`. Alternative logging levels are `TRACE`, `DEBUG`, `PANIC`, `FATAL`, `ERROR`, `WARN`, and `INFO`.
+By default, the `level` is set to `ERROR`.
 Alternative logging levels are `TRACE`, `DEBUG`, `INFO`, `WARN`, `ERROR`, `FATAL`, and `PANIC`.
 ```yaml tab="File (YAML)"
 log:
--- a/docs/content/observability/metrics/influxdb.md
+++ b/docs/content/observability/metrics/influxdb.md
@@ -1,268 +0,0 @@
 ---
 title: "Traefik InfluxDB Documentation"
 description: "Traefik supports several metrics backends, including InfluxDB. Learn how to implement it for observability in Traefik Proxy. Read the technical documentation."
 ---
 # InfluxDB
 To enable the InfluxDB:
 ```yaml tab="File (YAML)"
 metrics:
  influxDB: {}
 ```
 ```toml tab="File (TOML)"
 [metrics]
  [metrics.influxDB]
 ```
 ```bash tab="CLI"
 --metrics.influxdb=true
 ```
 #### `address`
 _Required, Default="localhost:8089"_
 Address instructs exporter to send metrics to influxdb at this address.
 ```yaml tab="File (YAML)"
 metrics:
  influxDB:
    address: localhost:8089
 ```
 ```toml tab="File (TOML)"
 [metrics]
  [metrics.influxDB]
    address = "localhost:8089"
 ```
 ```bash tab="CLI"
 --metrics.influxdb.address=localhost:8089
 ```
 #### `protocol`
 _Required, Default="udp"_
 InfluxDB's address protocol (udp or http).
 ```yaml tab="File (YAML)"
 metrics:
  influxDB:
    protocol: udp
 ```
 ```toml tab="File (TOML)"
 [metrics]
  [metrics.influxDB]
    protocol = "udp"
 ```
 ```bash tab="CLI"
 --metrics.influxdb.protocol=udp
 ```
 #### `database`
 _Optional, Default=""_
 InfluxDB database used when protocol is http.
 ```yaml tab="File (YAML)"
 metrics:
  influxDB:
    database: db
 ```
 ```toml tab="File (TOML)"
 [metrics]
  [metrics.influxDB]
    database = "db"
 ```
 ```bash tab="CLI"
 --metrics.influxdb.database=db
 ```
 #### `retentionPolicy`
 _Optional, Default=""_
 InfluxDB retention policy used when protocol is http.
 ```yaml tab="File (YAML)"
 metrics:
  influxDB:
    retentionPolicy: two_hours
 ```
 ```toml tab="File (TOML)"
 [metrics]
  [metrics.influxDB]
    retentionPolicy = "two_hours"
 ```
 ```bash tab="CLI"
 --metrics.influxdb.retentionPolicy=two_hours
 ```
 #### `username`
 _Optional, Default=""_
 InfluxDB username (only with http).
 ```yaml tab="File (YAML)"
 metrics:
  influxDB:
    username: john
 ```
 ```toml tab="File (TOML)"
 [metrics]
  [metrics.influxDB]
    username = "john"
 ```
 ```bash tab="CLI"
 --metrics.influxdb.username=john
 ```
 #### `password`
 _Optional, Default=""_
 InfluxDB password (only with http).
 ```yaml tab="File (YAML)"
 metrics:
  influxDB:
    password: secret
 ```
 ```toml tab="File (TOML)"
 [metrics]
  [metrics.influxDB]
    password = "secret"
 ```
 ```bash tab="CLI"
 --metrics.influxdb.password=secret
 ```
 #### `addEntryPointsLabels`
 _Optional, Default=true_
 Enable metrics on entry points.
 ```yaml tab="File (YAML)"
 metrics:
  influxDB:
    addEntryPointsLabels: true
 ```
 ```toml tab="File (TOML)"
 [metrics]
  [metrics.influxDB]
    addEntryPointsLabels = true
 ```
 ```bash tab="CLI"
 --metrics.influxdb.addEntryPointsLabels=true
 ```
 #### `addRoutersLabels`
 _Optional, Default=false_
 Enable metrics on routers.
 ```yaml tab="File (YAML)"
 metrics:
  influxDB:
    addRoutersLabels: true
 ```
 ```toml tab="File (TOML)"
 [metrics]
  [metrics.influxDB]
    addRoutersLabels = true
 ```
 ```bash tab="CLI"
 --metrics.influxdb.addrouterslabels=true
 ```
 #### `addServicesLabels`
 _Optional, Default=true_
 Enable metrics on services.
 ```yaml tab="File (YAML)"
 metrics:
  influxDB:
    addServicesLabels: true
 ```
 ```toml tab="File (TOML)"
 [metrics]
  [metrics.influxDB]
    addServicesLabels = true
 ```
 ```bash tab="CLI"
 --metrics.influxdb.addServicesLabels=true
 ```
 #### `pushInterval`
 _Optional, Default=10s_
 The interval used by the exporter to push metrics to influxdb.
 ```yaml tab="File (YAML)"
 metrics:
  influxDB:
    pushInterval: 10s
 ```
 ```toml tab="File (TOML)"
 [metrics]
  [metrics.influxDB]
    pushInterval = "10s"
 ```
 ```bash tab="CLI"
 --metrics.influxdb.pushInterval=10s
 ```
 #### `additionalLabels`
 _Optional, Default={}_
 Additional labels (influxdb tags) on all metrics.
 ```yaml tab="File (YAML)"
 metrics:
  influxDB:
    additionalLabels:
      host: example.com
      environment: production
 ```
 ```toml tab="File (TOML)"
 [metrics]
  [metrics.influxDB]
    [metrics.influxDB.additionalLabels]
      host = "example.com"
      environment = "production"
 ```
 ```bash tab="CLI"
 --metrics.influxdb.additionallabels.host=example.com --metrics.influxdb.additionallabels.environment=production
 ```
--- a/docs/content/observability/metrics/opentelemetry.md
+++ b/docs/content/observability/metrics/opentelemetry.md
@@ -208,7 +208,7 @@ metrics:
 #### `path`
-_Required, Default="/v1/traces"_
+_Required, Default="/v1/metrics"_
 Allows to override the default URL path used for sending metrics.
 This option has no effect when using gRPC transport.
@@ -216,17 +216,17 @@ This option has no effect when using gRPC transport.
 ```yaml tab="File (YAML)"
 metrics:
  openTelemetry:
-    path: /foo/v1/traces
+    path: /foo/v1/metrics
 ```
 ```toml tab="File (TOML)"
 [metrics]
  [metrics.openTelemetry]
-    path = "/foo/v1/traces"
+    path = "/foo/v1/metrics"
 ```
 ```bash tab="CLI"
--metrics.openTelemetry.path=/foo/v1/traces
+--metrics.openTelemetry.path=/foo/v1/metrics
 ```
 #### `tls`
--- a/docs/content/observability/metrics/overview.md
+++ b/docs/content/observability/metrics/overview.md
@@ -1,6 +1,6 @@
 ---
 title: "Traefik Metrics Overview"
-description: "Traefik Proxy supports these metrics backend systems: Datadog, InfluxDB, Prometheus, and StatsD. Read the full documentation to get started."
+description: "Traefik Proxy supports these metrics backend systems: Datadog, InfluxDB 2.X, Prometheus, and StatsD. Read the full documentation to get started."
 ---
 # Metrics
@@ -8,7 +8,6 @@ description: "Traefik Proxy supports these metrics backend systems: Datadog, Inf
 Traefik supports these metrics backends:
 - [Datadog](./datadog.md)
 - [InfluxDB](./influxdb.md)
 - [InfluxDB2](./influxdb2.md)
 - [Prometheus](./prometheus.md)
 - [StatsD](./statsd.md)
@@ -17,27 +16,31 @@ Traefik Proxy hosts an official Grafana dashboard for both [on-premises](https:/
 ## Global Metrics
-| Metric                                      | Type    | Description                                             |
+| Metric                     | Type  | [Labels](#labels)        | Description                                                        |
-|---------------------------------------------|---------|---------------------------------------------------------|
+|----------------------------|-------|--------------------------|--------------------------------------------------------------------|
-| Config reload total                         | Count   | The total count of configuration reloads.               |
+| Config reload total        | Count |                          | The total count of configuration reloads.                          |
-| Config reload last success                  | Gauge   | The timestamp of the last configuration reload success. |
+| Config reload last success | Gauge |                          | The timestamp of the last configuration reload success.            |
-| TLS certificates not after                  | Gauge   | The expiration date of certificates.                    |
+| Open connections           | Gauge | `entrypoint`, `protocol` | The current count of open connections, by entrypoint and protocol. |
 | TLS certificates not after | Gauge |                          | The expiration date of certificates.                               |
 ```prom tab="Prometheus"
 traefik_config_reloads_total
 traefik_config_last_reload_success
 traefik_open_connections
 traefik_tls_certs_not_after
 ```
 ```dd tab="Datadog"
 config.reload.total
 config.reload.lastSuccessTimestamp
 open.connections
 tls.certs.notAfterTimestamp
 ```
-```influxdb tab="InfluxDB / InfluxDB2"
+```influxdb tab="InfluxDB2"
 traefik.config.reload.total
 traefik.config.reload.lastSuccessTimestamp
 traefik.open.connections
 traefik.tls.certs.notAfterTimestamp
 ```
@@ -45,17 +48,35 @@ traefik.tls.certs.notAfterTimestamp
 # Default prefix: "traefik"
 {prefix}.config.reload.total
 {prefix}.config.reload.lastSuccessTimestamp
 {prefix}.open.connections
 {prefix}.tls.certs.notAfterTimestamp
 ```
-## EntryPoint Metrics
+```opentelemetry tab="OpenTelemetry"
 traefik_config_reloads_total
 traefik_config_last_reload_success
 traefik_open_connections
 traefik_tls_certs_not_after
 ```
 ### Labels
 Here is a comprehensive list of labels that are provided by the global metrics:
 | Label         | Description                            | example              |
 |---------------|----------------------------------------|----------------------|
 | `entrypoint`  | Entrypoint that handled the connection | "example_entrypoint" |
 | `protocol`    | Connection protocol                    | "TCP"                |
 ## HTTP Metrics
 ### EntryPoint Metrics
 | Metric                | Type      | [Labels](#labels)                          | Description                                                         |
 |-----------------------|-----------|--------------------------------------------|---------------------------------------------------------------------|
 | Requests total        | Count     | `code`, `method`, `protocol`, `entrypoint` | The total count of HTTP requests received by an entrypoint.         |
 | Requests TLS total    | Count     | `tls_version`, `tls_cipher`, `entrypoint`  | The total count of HTTPS requests received by an entrypoint.        |
 | Request duration      | Histogram | `code`, `method`, `protocol`, `entrypoint` | Request processing duration histogram on an entrypoint.             |
 | Open connections      | Count     | `method`, `protocol`, `entrypoint`         | The current count of open connections on an entrypoint.             |
 | Requests bytes total  | Count     | `code`, `method`, `protocol`, `entrypoint` | The total size of HTTP requests in bytes handled by an entrypoint.  |
 | Responses bytes total | Count     | `code`, `method`, `protocol`, `entrypoint` | The total size of HTTP responses in bytes handled by an entrypoint. |
@@ -63,7 +84,6 @@ traefik.tls.certs.notAfterTimestamp
 traefik_entrypoint_requests_total
 traefik_entrypoint_requests_tls_total
 traefik_entrypoint_request_duration_seconds
 traefik_entrypoint_open_connections
 traefik_entrypoint_requests_bytes_total
 traefik_entrypoint_responses_bytes_total
 ```
@@ -72,16 +92,14 @@ traefik_entrypoint_responses_bytes_total
 entrypoint.request.total
 entrypoint.request.tls.total
 entrypoint.request.duration
 entrypoint.connections.open
 entrypoint.requests.bytes.total
 entrypoint.responses.bytes.total
 ```
-```influxdb tab="InfluxDB / InfluxDB2"
+```influxdb tab="InfluxDB2"
 traefik.entrypoint.requests.total
 traefik.entrypoint.requests.tls.total
 traefik.entrypoint.request.duration
 traefik.entrypoint.connections.open
 traefik.entrypoint.requests.bytes.total
 traefik.entrypoint.responses.bytes.total
 ```
@@ -91,19 +109,25 @@ traefik.entrypoint.responses.bytes.total
 {prefix}.entrypoint.request.total
 {prefix}.entrypoint.request.tls.total
 {prefix}.entrypoint.request.duration
 {prefix}.entrypoint.connections.open
 {prefix}.entrypoint.requests.bytes.total
 {prefix}.entrypoint.responses.bytes.total
 ```
-## Router Metrics
+```opentelemetry tab="OpenTelemetry"
 traefik_entrypoint_requests_total
 traefik_entrypoint_requests_tls_total
 traefik_entrypoint_request_duration_seconds
 traefik_entrypoint_requests_bytes_total
 traefik_entrypoint_responses_bytes_total
 ```
 ### Router Metrics
 | Metric                | Type      | [Labels](#labels)                                 | Description                                                    |
 |-----------------------|-----------|---------------------------------------------------|----------------------------------------------------------------|
 | Requests total        | Count     | `code`, `method`, `protocol`, `router`, `service` | The total count of HTTP requests handled by a router.          |
 | Requests TLS total    | Count     | `tls_version`, `tls_cipher`, `router`, `service`  | The total count of HTTPS requests handled by a router.         |
 | Request duration      | Histogram | `code`, `method`, `protocol`, `router`, `service` | Request processing duration histogram on a router.             |
 | Open connections      | Count     | `method`, `protocol`, `router`, `service`         | The current count of open connections on a router.             |
 | Requests bytes total  | Count     | `code`, `method`, `protocol`, `router`, `service` | The total size of HTTP requests in bytes handled by a router.  |
 | Responses bytes total | Count     | `code`, `method`, `protocol`, `router`, `service` | The total size of HTTP responses in bytes handled by a router. |
@@ -111,7 +135,6 @@ traefik.entrypoint.responses.bytes.total
 traefik_router_requests_total
 traefik_router_requests_tls_total
 traefik_router_request_duration_seconds
 traefik_router_open_connections
 traefik_router_requests_bytes_total
 traefik_router_responses_bytes_total
 ```
@@ -120,16 +143,14 @@ traefik_router_responses_bytes_total
 router.request.total
 router.request.tls.total
 router.request.duration
 router.connections.open
 router.requests.bytes.total
 router.responses.bytes.total
 ```
-```influxdb tab="InfluxDB / InfluxDB2"
+```influxdb tab="InfluxDB2"
 traefik.router.requests.total
 traefik.router.requests.tls.total
 traefik.router.request.duration
 traefik.router.connections.open
 traefik.router.requests.bytes.total
 traefik.router.responses.bytes.total
 ```
@@ -139,19 +160,25 @@ traefik.router.responses.bytes.total
 {prefix}.router.request.total
 {prefix}.router.request.tls.total
 {prefix}.router.request.duration
 {prefix}.router.connections.open
 {prefix}.router.requests.bytes.total
 {prefix}.router.responses.bytes.total
 ```
-## Service Metrics
+```opentelemetry tab="OpenTelemetry"
 traefik_router_requests_total
 traefik_router_requests_tls_total
 traefik_router_request_duration_seconds
 traefik_router_requests_bytes_total
 traefik_router_responses_bytes_total
 ```
 ### Service Metrics
 | Metric                | Type      | Labels                                  | Description                                                 |
 |-----------------------|-----------|-----------------------------------------|-------------------------------------------------------------|
 | Requests total        | Count     | `code`, `method`, `protocol`, `service` | The total count of HTTP requests processed on a service.    |
 | Requests TLS total    | Count     | `tls_version`, `tls_cipher`, `service`  | The total count of HTTPS requests processed on a service.   |
 | Request duration      | Histogram | `code`, `method`, `protocol`, `service` | Request processing duration histogram on a service.         |
 | Open connections      | Count     | `method`, `protocol`, `service`         | The current count of open connections on a service.         |
 | Retries total         | Count     | `service`                               | The count of requests retries on a service.                 |
 | Server UP             | Gauge     | `service`, `url`                        | Current service's server status, 0 for a down or 1 for up.  |
 | Requests bytes total  | Count     | `code`, `method`, `protocol`, `service` | The total size of requests in bytes received by a service.  |
@@ -161,7 +188,6 @@ traefik.router.responses.bytes.total
 traefik_service_requests_total
 traefik_service_requests_tls_total
 traefik_service_request_duration_seconds
 traefik_service_open_connections
 traefik_service_retries_total
 traefik_service_server_up
 traefik_service_requests_bytes_total
@@ -172,18 +198,16 @@ traefik_service_responses_bytes_total
 service.request.total
 router.service.tls.total
 service.request.duration
 service.connections.open
 service.retries.total
 service.server.up
 service.requests.bytes.total
 service.responses.bytes.total
 ```
-```influxdb tab="InfluxDB / InfluxDB2"
+```influxdb tab="InfluxDB2"
 traefik.service.requests.total
 traefik.service.requests.tls.total
 traefik.service.request.duration
 traefik.service.connections.open
 traefik.service.retries.total
 traefik.service.server.up
 traefik.service.requests.bytes.total
@@ -195,14 +219,23 @@ traefik.service.responses.bytes.total
 {prefix}.service.request.total
 {prefix}.service.request.tls.total
 {prefix}.service.request.duration
 {prefix}.service.connections.open
 {prefix}.service.retries.total
 {prefix}.service.server.up
 {prefix}.service.requests.bytes.total
 {prefix}.service.responses.bytes.total
 ```
-## Labels
+```opentelemetry tab="OpenTelemetry"
 traefik_service_requests_total
 traefik_service_requests_tls_total
 traefik_service_request_duration_seconds
 traefik_service_retries_total
 traefik_service_server_up
 traefik_service_requests_bytes_total
 traefik_service_responses_bytes_total
 ```
 ### Labels
 Here is a comprehensive list of labels that are provided by the metrics:
--- a/docs/content/observability/metrics/prometheus.md
+++ b/docs/content/observability/metrics/prometheus.md
@@ -165,3 +165,66 @@ metrics:
 ```bash tab="CLI"
 --metrics.prometheus.manualrouting=true
 ```
 #### `headerLabels`
 _Optional_
 Defines the extra labels for the `requests_total` metrics, and for each of them, the request header containing the value for this label.
 Please note that if the header is not present in the request it will be added nonetheless with an empty value.
 In addition, the label should be a valid label name for Prometheus metrics, 
 otherwise, the Prometheus metrics provider will fail to serve any Traefik-related metric.
 ```yaml tab="File (YAML)"
 metrics:
  prometheus:
    headerLabels:
      label: headerKey
 ```
 ```toml tab="File (TOML)"
 [metrics]
  [metrics.prometheus]
    [metrics.prometheus.headerLabels]
      label = "headerKey"
 ```
 ```bash tab="CLI"
 --metrics.prometheus.headerlabels.label=headerKey
 ```
 ##### Example
 Here is an example of the entryPoint `requests_total` metric with an additional "useragent" label.
 When configuring the label in Static Configuration:
 ```yaml tab="File (YAML)"
 metrics:
  prometheus:
    headerLabels:
      useragent: User-Agent
 ```
 ```toml tab="File (TOML)"
 [metrics]
  [metrics.prometheus]
    [metrics.prometheus.headerLabels]
      useragent = "User-Agent"
 ```
 ```bash tab="CLI"
 --metrics.prometheus.headerlabels.useragent=User-Agent
 ```
 And performing a request with a custom User-Agent:
 ```bash
 curl -H "User-Agent: foobar" http://localhost
 ```
 The following metric is produced :
 ```bash
 traefik_entrypoint_requests_total{code="200",entrypoint="web",method="GET",protocol="http",useragent="foobar"} 1
 ```
--- a/docs/content/observability/tracing/datadog.md
+++ b/docs/content/observability/tracing/datadog.md
@@ -23,24 +23,46 @@ tracing:
 #### `localAgentHostPort`
-_Required, Default="127.0.0.1:8126"_
+_Optional, Default="localhost:8126"_
 Local Agent Host Port instructs the reporter to send spans to the Datadog Agent at this address (host:port).
 ```yaml tab="File (YAML)"
 tracing:
  datadog:
-    localAgentHostPort: 127.0.0.1:8126
+    localAgentHostPort: localhost:8126
 ```
 ```toml tab="File (TOML)"
 [tracing]
  [tracing.datadog]
-    localAgentHostPort = "127.0.0.1:8126"
+    localAgentHostPort = "localhost:8126"
 ```
 ```bash tab="CLI"
--tracing.datadog.localAgentHostPort=127.0.0.1:8126
+--tracing.datadog.localAgentHostPort=localhost:8126
 ```
 #### `localAgentSocket`
 _Optional, Default=""_
 Local Agent Socket instructs the reporter to send spans to the Datadog Agent at this UNIX socket.
 ```yaml tab="File (YAML)"
 tracing:
  datadog:
    localAgentSocket: /var/run/datadog/apm.socket
 ```
 ```toml tab="File (TOML)"
 [tracing]
  [tracing.datadog]
    localAgentSocket = "/var/run/datadog/apm.socket"
 ```
 ```bash tab="CLI"
 --tracing.datadog.localAgentSocket=/var/run/datadog/apm.socket
 ```
 #### `debug`
--- a/docs/content/observability/tracing/overview.md
+++ b/docs/content/observability/tracing/overview.md
@@ -12,7 +12,7 @@ The tracing system allows developers to visualize call flows in their infrastruc
 Traefik uses OpenTracing, an open standard designed for distributed tracing.
-Traefik supports six tracing backends:
+Traefik supports seven tracing backends:
 - [Jaeger](./jaeger.md)
 - [Zipkin](./zipkin.md)
@@ -20,6 +20,7 @@ Traefik supports six tracing backends:
 - [Instana](./instana.md)
 - [Haystack](./haystack.md)
 - [Elastic](./elastic.md)
 - [OpenTelemetry](./opentelemetry.md)
 ## Configuration
--- a/docs/content/operations/include-api-examples.md
+++ b/docs/content/operations/include-api-examples.md
@@ -1,4 +1,4 @@
-```yaml tab="Docker"
+```yaml tab="Docker & Swarm"
 # Dynamic Configuration
 labels:
  - "traefik.http.routers.api.rule=Host(`traefik.example.com`)"
@@ -20,7 +20,7 @@ deploy:
 ```
 ```yaml tab="Kubernetes CRD"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
  name: traefik-dashboard
@@ -34,7 +34,7 @@ spec:
    middlewares:
      - name: auth
 ---
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
  name: auth
@@ -51,24 +51,6 @@ spec:
 - "traefik.http.middlewares.auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
 ```
 ```json tab="Marathon"
 "labels": {
  "traefik.http.routers.api.rule": "Host(`traefik.example.com`)",
  "traefik.http.routers.api.service": "api@internal",
  "traefik.http.routers.api.middlewares": "auth",
  "traefik.http.middlewares.auth.basicauth.users": "test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
 }
 ```
 ```yaml tab="Rancher"
 # Dynamic Configuration
 labels:
  - "traefik.http.routers.api.rule=Host(`traefik.example.com`)"
  - "traefik.http.routers.api.service=api@internal"
  - "traefik.http.routers.api.middlewares=auth"
  - "traefik.http.middlewares.auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
 ```
 ```yaml tab="File (YAML)"
 # Dynamic Configuration
 http:
--- a/docs/content/operations/include-dashboard-examples.md
+++ b/docs/content/operations/include-dashboard-examples.md
@@ -1,4 +1,4 @@
-```yaml tab="Docker"
+```yaml tab="Docker & Swarm"
 # Dynamic Configuration
 labels:
  - "traefik.http.routers.dashboard.rule=Host(`traefik.example.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
@@ -20,7 +20,7 @@ deploy:
 ```
 ```yaml tab="Kubernetes CRD"
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: IngressRoute
 metadata:
  name: traefik-dashboard
@@ -34,7 +34,7 @@ spec:
    middlewares:
      - name: auth
 ---
-apiVersion: traefik.containo.us/v1alpha1
+apiVersion: traefik.io/v1alpha1
 kind: Middleware
 metadata:
  name: auth
@@ -51,24 +51,6 @@ spec:
 - "traefik.http.middlewares.auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
 ```
 ```json tab="Marathon"
 "labels": {
  "traefik.http.routers.dashboard.rule": "Host(`traefik.example.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))",
  "traefik.http.routers.dashboard.service": "api@internal",
  "traefik.http.routers.dashboard.middlewares": "auth",
  "traefik.http.middlewares.auth.basicauth.users": "test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
 }
 ```
 ```yaml tab="Rancher"
 # Dynamic Configuration
 labels:
  - "traefik.http.routers.dashboard.rule=Host(`traefik.example.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
  - "traefik.http.routers.dashboard.service=api@internal"
  - "traefik.http.routers.dashboard.middlewares=auth"
  - "traefik.http.middlewares.auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
 ```
 ```yaml tab="File (YAML)"
 # Dynamic Configuration
 http:
--- a/docs/content/providers/docker.md
+++ b/docs/content/providers/docker.md
@@ -12,8 +12,7 @@ A Story of Labels & Containers
 Attach labels to your containers and let Traefik do the rest!
-Traefik works with both [Docker (standalone) Engine](https://docs.docker.com/engine/)
+This provider works with [Docker (standalone) Engine](https://docs.docker.com/engine/).
 and [Docker Swarm Mode](https://docs.docker.com/engine/swarm/).
 !!! tip "The Quick Start Uses Docker"
@@ -49,53 +48,10 @@ and [Docker Swarm Mode](https://docs.docker.com/engine/swarm/).
          - traefik.http.routers.my-container.rule=Host(`example.com`)
    ```
 ??? example "Configuring Docker Swarm & Deploying / Exposing Services"
    Enabling the docker provider (Swarm Mode)
    ```yaml tab="File (YAML)"
    providers:
      docker:
        # swarm classic (1.12-)
        # endpoint: "tcp://127.0.0.1:2375"
        # docker swarm mode (1.12+)
        endpoint: "tcp://127.0.0.1:2377"
        swarmMode: true
    ```
    ```toml tab="File (TOML)"
    [providers.docker]
      # swarm classic (1.12-)
      # endpoint = "tcp://127.0.0.1:2375"
      # docker swarm mode (1.12+)
      endpoint = "tcp://127.0.0.1:2377"
      swarmMode = true
    ```
    ```bash tab="CLI"
    # swarm classic (1.12-)
    # --providers.docker.endpoint=tcp://127.0.0.1:2375
    # docker swarm mode (1.12+)
    --providers.docker.endpoint=tcp://127.0.0.1:2377
    --providers.docker.swarmMode=true
    ```
    Attach labels to services (not to containers) while in Swarm mode (in your docker compose file)
    ```yaml
    version: "3"
    services:
      my-container:
        deploy:
          labels:
            - traefik.http.routers.my-container.rule=Host(`example.com`)
            - traefik.http.services.my-container-service.loadbalancer.server.port=8080
    ```
 ## Routing Configuration
 When using Docker as a [provider](./overview.md),
-Traefik uses [container labels](https://docs.docker.com/engine/reference/commandline/run/#set-metadata-on-container--l---label---label-file) to retrieve its routing configuration.
+Traefik uses [container labels](https://docs.docker.com/engine/reference/commandline/run/#label) to retrieve its routing configuration.
 See the list of labels in the dedicated [routing](../routing/providers/docker.md) section.
@@ -124,14 +80,13 @@ Port detection works as follows:
 - If a container [exposes](https://docs.docker.com/engine/reference/builder/#expose) multiple ports,
  or does not expose any port, then you must manually specify which port Traefik should use for communication
  by using the label `traefik.http.services.<service_name>.loadbalancer.server.port`
-  (Read more on this label in the dedicated section in [routing](../routing/providers/docker.md#port)).
+  (Read more on this label in the dedicated section in [routing](../routing/providers/docker.md#services)).
 ### Host networking
 When exposing containers that are configured with [host networking](https://docs.docker.com/network/host/),
 the IP address of the host is resolved as follows:
 <!-- TODO: verify and document the swarm mode case with container.Node.IPAddress coming from the API -->
 - try a lookup of `host.docker.internal`
 - if the lookup was unsuccessful, try a lookup of `host.containers.internal`, ([Podman](https://docs.podman.io/en/latest/) equivalent of `host.docker.internal`)
 - if that lookup was also unsuccessful, fall back to `127.0.0.1`
@@ -175,7 +130,6 @@ You can specify which Docker API Endpoint to use with the directive [`endpoint`]
        - Authorization with the [Docker Authorization Plugin Mechanism](https://web.archive.org/web/20190920092526/https://docs.docker.com/engine/extend/plugins_authorization/)
        - Accounting at networking level, by exposing the socket only inside a Docker private network, only available for Traefik.
        - Accounting at container level, by exposing the socket on a another container than Traefik's.
          With Swarm mode, it allows scheduling of Traefik on worker nodes, with only the "socket exposer" container on the manager nodes.
        - Accounting at kernel level, by enforcing kernel calls with mechanisms like [SELinux](https://en.wikipedia.org/wiki/Security-Enhanced_Linux), to only allows an identified set of actions for Traefik's process (or the "socket exposer" process).
        - SSH public key authentication (SSH is supported with Docker > 18.09)
@@ -192,69 +146,13 @@ You can specify which Docker API Endpoint to use with the directive [`endpoint`]
        - [Letting Traefik run on Worker Nodes](https://blog.mikesir87.io/2018/07/letting-traefik-run-on-worker-nodes/)
        - [Docker Socket Proxy from Tecnativa](https://github.com/Tecnativa/docker-socket-proxy)
 ## Docker Swarm Mode
 To enable Docker Swarm (instead of standalone Docker) as a configuration provider,
 set the [`swarmMode`](#swarmmode) directive to `true`.
 ### Routing Configuration with Labels
 While in Swarm Mode, Traefik uses labels found on services, not on individual containers.
 Therefore, if you use a compose file with Swarm Mode, labels should be defined in the
 [`deploy`](https://docs.docker.com/compose/compose-file/compose-file-v3/#labels-1) part of your service.
 This behavior is only enabled for docker-compose version 3+ ([Compose file reference](https://docs.docker.com/compose/compose-file/compose-file-v3/)).
 ### Port Detection
 Docker Swarm does not provide any [port detection](#port-detection) information to Traefik.
 Therefore, you **must** specify the port to use for communication by using the label `traefik.http.services.<service_name>.loadbalancer.server.port`
 (Check the reference for this label in the [routing section for Docker](../routing/providers/docker.md#port)).
 ### Docker API Access
 Docker Swarm Mode follows the same rules as Docker [API Access](#docker-api-access).
 Since the Swarm API is only exposed on the [manager nodes](https://docs.docker.com/engine/swarm/how-swarm-mode-works/nodes/#manager-nodes),
 these are the nodes that Traefik should be scheduled on by deploying Traefik with a constraint on the node "role":
 ```shell tab="With Docker CLI"
 docker service create \
  --constraint=node.role==manager \
  #... \
 ```
 ```yml tab="With Docker Compose"
 version: '3'
 services:
  traefik:
    # ...
    deploy:
      placement:
        constraints:
          - node.role == manager
 ```
 !!! tip "Scheduling Traefik on Worker Nodes"
    Following the guidelines given in the previous section ["Docker API Access"](#docker-api-access),
    if you expose the Docker API through TCP, then Traefik can be scheduled on any node if the TCP
    socket is reachable.
    Please consider the security implications by reading the [Security Note](#security-note).
    A good example can be found on [Bret Fisher's repository](https://github.com/BretFisher/dogvscat/blob/master/stack-proxy-global.yml#L124).
 ## Provider Configuration
 ### `endpoint`
 _Required, Default="unix:///var/run/docker.sock"_
-See the sections [Docker API Access](#docker-api-access) and [Docker Swarm API Access](#docker-api-access_1) for more information.
+See the [Docker API Access](#docker-api-access) section for more information.
 ??? example "Using the docker.sock"
@@ -440,10 +338,11 @@ _Optional, Default=```Host(`{{ normalize .Name }}`)```_
 The `defaultRule` option defines what routing rule to apply to a container if no rule is defined by a label.
-It must be a valid [Go template](https://pkg.go.dev/text/template/), and can use
+It must be a valid [Go template](https://pkg.go.dev/text/template/),
-[sprig template functions](https://masterminds.github.io/sprig/).
+and can use [sprig template functions](https://masterminds.github.io/sprig/).
-The container service name can be accessed with the `Name` identifier,
+The container name can be accessed with the `ContainerName` identifier.
-and the template has access to all the labels defined on this container.
+The service name can be accessed with the `Name` identifier.
 The template has access to all the labels defined on this container with the `Labels` identifier.
 ```yaml tab="File (YAML)"
 providers:
@@ -463,54 +362,6 @@ providers:
 # ...
 ```
 ### `swarmMode`
 _Optional, Default=false_
 Enables the Swarm Mode (instead of standalone Docker).
 ```yaml tab="File (YAML)"
 providers:
  docker:
    swarmMode: true
    # ...
 ```
 ```toml tab="File (TOML)"
 [providers.docker]
  swarmMode = true
  # ...
 ```
 ```bash tab="CLI"
 --providers.docker.swarmMode=true
 # ...
 ```
 ### `swarmModeRefreshSeconds`
 _Optional, Default=15_
 Defines the polling interval (in seconds) for Swarm Mode.
 ```yaml tab="File (YAML)"
 providers:
  docker:
    swarmModeRefreshSeconds: 30
    # ...
 ```
 ```toml tab="File (TOML)"
 [providers.docker]
  swarmModeRefreshSeconds = 30
  # ...
 ```
 ```bash tab="CLI"
 --providers.docker.swarmModeRefreshSeconds=30
 # ...
 ```
 ### `httpClientTimeout`
 _Optional, Default=0_
--- a/docs/content/providers/kubernetes-crd.md
+++ b/docs/content/providers/kubernetes-crd.md
@@ -14,7 +14,9 @@ However, as the community expressed the need to benefit from Traefik features wi
 the Traefik engineering team developed a [Custom Resource Definition](https://kubernetes.io/docs/concepts/extend-kubernetes/api-extension/custom-resources/)
 (CRD) for an IngressRoute type, defined below, in order to provide a better way to configure access to a Kubernetes cluster.
-## Configuration Requirements
+## Requirements
 {!kubernetes-requirements.md!}
 !!! tip "All Steps for a Successful Deployment"
@@ -25,20 +27,14 @@ the Traefik engineering team developed a [Custom Resource Definition](https://ku
        * Apply the needed kubernetesCRD provider [configuration](#provider-configuration)
    * Add all necessary Traefik custom [resources](../reference/dynamic-configuration/kubernetes-crd.md#resources)
 !!! warning "Deprecated apiextensions.k8s.io/v1beta1 CRD"
    The `apiextensions.k8s.io/v1beta1` CustomResourceDefinition is deprecated in Kubernetes `v1.16+` and will be removed in `v1.22+`.
    For Kubernetes `v1.16+`, please use the Traefik `apiextensions.k8s.io/v1` CRDs instead.
 !!! example "Installing Resource Definition and RBAC"
    ```bash
    # Install Traefik Resource Definitions:
-    kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.9/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
+    kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.0/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
    # Install RBAC for Traefik:
-    kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.9/docs/content/reference/dynamic-configuration/kubernetes-crd-rbac.yml
+    kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.0/docs/content/reference/dynamic-configuration/kubernetes-crd-rbac.yml
    ```
 ## Resource Configuration
@@ -345,4 +341,4 @@ providers:
 For additional information, refer to the [full example](../user-guides/crd-acme/index.md) with Let's Encrypt.
-{!traefik-for-business-applications.md!}
+{!traefik-api-management-kubernetes.md!}
--- a/docs/content/providers/kubernetes-gateway.md
+++ b/docs/content/providers/kubernetes-gateway.md
@@ -41,7 +41,9 @@ This provider is proposed as an experimental feature and partially supports the
    --experimental.kubernetesgateway=true --providers.kubernetesgateway=true #...
    ```
-## Configuration Requirements
+## Requirements
 {!kubernetes-requirements.md!}
 !!! tip "All Steps for a Successful Deployment"
@@ -268,3 +270,5 @@ providers:
 ```bash tab="CLI"
 --providers.kubernetesgateway.throttleDuration=10s
 ```
 {!traefik-api-management-kubernetes.md!}
--- a/docs/content/providers/kubernetes-ingress.md
+++ b/docs/content/providers/kubernetes-ingress.md
@@ -13,7 +13,7 @@ it manages access to cluster services by supporting the [Ingress](https://kubern
 ## Requirements
-Traefik supports `1.14+` Kubernetes clusters.
+{!kubernetes-requirements.md!}
 ## Routing Configuration
@@ -68,28 +68,6 @@ spec:
                  number: 80
 ```
 ```yaml tab="Ingress v1beta1 (deprecated)"
 apiVersion: networking.k8s.io/v1beta1
 kind: Ingress
 metadata:
  name: foo
  namespace: production
 spec:
  rules:
    - host: example.net
      http:
        paths:
          - path: /bar
            backend:
              serviceName: service1
              servicePort: 80
          - path: /foo
            backend:
              serviceName: service1
              servicePort: 80
 ```
 ## LetsEncrypt Support with the Ingress Provider
 By design, Traefik is a stateless application,
@@ -257,46 +235,7 @@ Value of `kubernetes.io/ingress.class` annotation that identifies Ingress object
 If the parameter is set, only Ingresses containing an annotation with the same value are processed.
 Otherwise, Ingresses missing the annotation, having an empty value, or the value `traefik` are processed.
-??? info "Kubernetes 1.18+"
+??? info "Example"
    If the Kubernetes cluster version is 1.18+,
    the new `IngressClass` resource can be leveraged to identify Ingress objects that should be processed.
    In that case, Traefik will look for an `IngressClass` in the cluster with the controller value equal to *traefik.io/ingress-controller*.
    In addition to the controller value matching mechanism, the property `ingressClass` (if set) will be used to select IngressClasses by applying a strict matching on their name.
    Please see [this article](https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/) for more information or the example below.
    ```yaml tab="IngressClass"
    apiVersion: networking.k8s.io/v1beta1
    kind: IngressClass
    metadata:
      name: traefik-lb
    spec:
      controller: traefik.io/ingress-controller
    ```
    ```yaml tab="Ingress"
    apiVersion: networking.k8s.io/v1beta1
    kind: Ingress
    metadata:
      name: example-ingress
    spec:
      ingressClassName: traefik-lb
      rules:
      - host: "*.example.com"
        http:
          paths:
          - path: /example
            backend:
              serviceName: example-service
              servicePort: 80
    ```
 ??? info "Kubernetes 1.19+"
    If the Kubernetes cluster version is 1.19+,
    prefer using the `networking.k8s.io/v1` [apiVersion](https://v1-19.docs.kubernetes.io/docs/setup/release/notes/#api-change) of `Ingress` and `IngressClass`.
    ```yaml tab="IngressClass"
    apiVersion: networking.k8s.io/v1
@@ -344,6 +283,35 @@ providers:
 --providers.kubernetesingress.ingressclass=traefik-internal
 ```
 ### `disableIngressClassLookup`
 _Optional, Default: false_
 If the parameter is set to `true`,
 Traefik will not discover IngressClasses in the cluster.
 By doing so, it alleviates the requirement of giving Traefik the rights to look IngressClasses up.
 Furthermore, when this option is set to `true`,
 Traefik is not able to handle Ingresses with IngressClass references,
 therefore such Ingresses will be ignored.
 Please note that annotations are not affected by this option.
 ```yaml tab="File (YAML)"
 providers:
  kubernetesIngress:
    disableIngressClassLookup: true
    # ...
 ```
 ```toml tab="File (TOML)"
 [providers.kubernetesIngress]
  disableIngressClassLookup = true
  # ...
 ```
 ```bash tab="CLI"
 --providers.kubernetesingress.disableingressclasslookup=true
 ```
 ### `ingressEndpoint`
 #### `hostname`
@@ -502,6 +470,6 @@ providers:
 ### Further
 To learn more about the various aspects of the Ingress specification that Traefik supports,
-many examples of Ingresses definitions are located in the test [examples](https://github.com/traefik/traefik/tree/v2.9/pkg/provider/kubernetes/ingress/fixtures) of the Traefik repository.
+many examples of Ingresses definitions are located in the test [examples](https://github.com/traefik/traefik/tree/v3.0/pkg/provider/kubernetes/ingress/fixtures) of the Traefik repository.
-{!traefik-for-business-applications.md!}
+{!traefik-api-management-kubernetes.md!}
--- a/docs/content/providers/marathon.md
+++ b/docs/content/providers/marathon.md
@@ -1,583 +0,0 @@
 ---
 title: "Traefik Configuration for Marathon"
 description: "Traefik Proxy can be configured to use Marathon as a provider. Read the technical documentation to learn how."
 ---
 # Traefik & Marathon
 Traefik can be configured to use Marathon as a provider.
 {: .subtitle }
 For additional information, refer to [Marathon user guide](../user-guides/marathon.md).
 ## Configuration Examples
 ??? example "Configuring Marathon & Deploying / Exposing Applications"
    Enabling the Marathon provider
    ```yaml tab="File (YAML)"
    providers:
      marathon: {}
    ```
    ```toml tab="File (TOML)"
    [providers.marathon]
    ```
    ```bash tab="CLI"
    --providers.marathon=true
    ```
    Attaching labels to Marathon applications
    ```json
 	{
 		"id": "/whoami",
 		"container": {
 			"type": "DOCKER",
 			"docker": {
 				"image": "traefik/whoami",
 				"network": "BRIDGE",
 				"portMappings": [
 					{
 						"containerPort": 80,
 						"hostPort": 0,
 						"protocol": "tcp"
 					}
 				]
 			}
 		},
 		"labels": {
 			"traefik.http.Routers.app.Rule": "PathPrefix(`/app`)"
 		}
 	}
    ```
 ## Routing Configuration
 See the dedicated section in [routing](../routing/providers/marathon.md).
 ## Provider Configuration
 ### `basic`
 _Optional_
 Enables Marathon basic authentication.
 ```yaml tab="File (YAML)"
 providers:
  marathon:
    basic:
      httpBasicAuthUser: foo
      httpBasicPassword: bar
 ```
 ```toml tab="File (TOML)"
 [providers.marathon.basic]
  httpBasicAuthUser = "foo"
  httpBasicPassword = "bar"
 ```
 ```bash tab="CLI"
 --providers.marathon.basic.httpbasicauthuser=foo
 --providers.marathon.basic.httpbasicpassword=bar
 ```
 ### `dcosToken`
 _Optional_
 Datacenter Operating System (DCOS) Token for DCOS environment.
 If set, it overrides the Authorization header.
 ```toml tab="File (YAML)"
 providers:
  marathon:
    dcosToken: "xxxxxx"
    # ...
 ```
 ```toml tab="File (TOML)"
 [providers.marathon]
  dcosToken = "xxxxxx"
  # ...
 ```
 ```bash tab="CLI"
 --providers.marathon.dcosToken=xxxxxx
 ```
 ### `defaultRule`
 _Optional, Default=```Host(`{{ normalize .Name }}`)```_
 The default host rule for all services.
 For a given application, if no routing rule was defined by a label, it is defined by this `defaultRule` instead.
 It must be a valid [Go template](https://pkg.go.dev/text/template/),
 and can include [sprig template functions](https://masterminds.github.io/sprig/).
 The app ID can be accessed with the `Name` identifier,
 and the template has access to all the labels defined on this Marathon application.
 ```yaml tab="File (YAML)"
 providers:
  marathon:
    defaultRule: "Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
    # ...
 ```
 ```toml tab="File (TOML)"
 [providers.marathon]
  defaultRule = "Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
  # ...
 ```
 ```bash tab="CLI"
 --providers.marathon.defaultRule=Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)
 # ...
 ```
 ### `dialerTimeout`
 _Optional, Default=5s_
 Amount of time the Marathon provider should wait before timing out,
 when trying to open a TCP connection to a Marathon master.
 The value of `dialerTimeout` should be provided in seconds or as a valid duration format,
 see [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration).
 ```yaml tab="File (YAML)"
 providers:
  marathon:
    dialerTimeout: "10s"
    # ...
 ```
 ```toml tab="File (TOML)"
 [providers.marathon]
  dialerTimeout = "10s"
  # ...
 ```
 ```bash tab="CLI"
 --providers.marathon.dialerTimeout=10s
 ```
 ### `endpoint`
 _Optional, Default=http://127.0.0.1:8080_
 Marathon server endpoint.
 You can optionally specify multiple endpoints.
 ```yaml tab="File (YAML)"
 providers:
  marathon:
    endpoint: "http://10.241.1.71:8080,10.241.1.72:8080,10.241.1.73:8080"
    # ...
 ```
 ```toml tab="File (TOML)"
 [providers.marathon]
  endpoint = "http://10.241.1.71:8080,10.241.1.72:8080,10.241.1.73:8080"
  # ...
 ```
 ```bash tab="CLI"
 --providers.marathon.endpoint=http://10.241.1.71:8080,10.241.1.72:8080,10.241.1.73:8080
 ```
 ### `exposedByDefault`
 _Optional, Default=true_
 Exposes Marathon applications by default through Traefik.
 If set to `false`, applications that do not have a `traefik.enable=true` label are ignored from the resulting routing configuration.
 For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#restrict-the-scope-of-service-discovery).
 ```yaml tab="File (YAML)"
 providers:
  marathon:
    exposedByDefault: false
    # ...
 ```
 ```toml tab="File (TOML)"
 [providers.marathon]
  exposedByDefault = false
  # ...
 ```
 ```bash tab="CLI"
 --providers.marathon.exposedByDefault=false
 # ...
 ```
 ### `constraints`
 _Optional, Default=""_
 The `constraints` option can be set to an expression that Traefik matches against the application labels to determine whether
 to create any route for that application. If none of the application labels match the expression, no route for that application is
 created. In addition, the expression is also matched against the application constraints, such as described
 in [Marathon constraints](https://mesosphere.github.io/marathon/docs/constraints.html).
 If the expression is empty, all detected applications are included.
 The expression syntax is based on the `Label("key", "value")`, and `LabelRegex("key", "value")` functions, as well as the usual boolean logic.
 In addition, to match against Marathon constraints, the function `MarathonConstraint("field:operator:value")` can be used, where the field, operator, and value parts are concatenated in a single string using the `:` separator.
 ??? example "Constraints Expression Examples"
    ```toml
    # Includes only applications having a label with key `a.label.name` and value `foo`
    constraints = "Label(`a.label.name`, `foo`)"
    ```
    ```toml
    # Excludes applications having any label with key `a.label.name` and value `foo`
    constraints = "!Label(`a.label.name`, `value`)"
    ```
    ```toml
    # With logical AND.
    constraints = "Label(`a.label.name`, `valueA`) && Label(`another.label.name`, `valueB`)"
    ```
    ```toml
    # With logical OR.
    constraints = "Label(`a.label.name`, `valueA`) || Label(`another.label.name`, `valueB`)"
    ```
    ```toml
    # With logical AND and OR, with precedence set by parentheses.
    constraints = "Label(`a.label.name`, `valueA`) && (Label(`another.label.name`, `valueB`) || Label(`yet.another.label.name`, `valueC`))"
    ```
    ```toml
    # Includes only applications having a label with key `a.label.name` and a value matching the `a.+` regular expression.
    constraints = "LabelRegex(`a.label.name`, `a.+`)"
    ```
    ```toml
    # Includes only applications having a Marathon constraint with field `A`, operator `B`, and value `C`.
    constraints = "MarathonConstraint(`A:B:C`)"
    ```
    ```toml
    # Uses both Marathon constraint and application label with logical operator.
    constraints = "MarathonConstraint(`A:B:C`) && Label(`a.label.name`, `value`)"
    ```
 For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#restrict-the-scope-of-service-discovery).
 ```yaml tab="File (YAML)"
 providers:
  marathon:
    constraints: "Label(`a.label.name`,`foo`)"
    # ...
 ```
 ```toml tab="File (TOML)"
 [providers.marathon]
  constraints = "Label(`a.label.name`,`foo`)"
  # ...
 ```
 ```bash tab="CLI"
 --providers.marathon.constraints=Label(`a.label.name`,`foo`)
 # ...
 ```
 ### `forceTaskHostname`
 _Optional, Default=false_
 By default, the task IP address (as returned by the Marathon API) is used as backend server if an IP-per-task configuration can be found;
 otherwise, the name of the host running the task is used.
 The latter behavior can be enforced by setting this option to `true`.
 ```yaml tab="File (YAML)"
 providers:
  marathon:
    forceTaskHostname: true
    # ...
 ```
 ```toml tab="File (TOML)"
 [providers.marathon]
  forceTaskHostname = true
  # ...
 ```
 ```bash tab="CLI"
 --providers.marathon.forceTaskHostname=true
 # ...
 ```
 ### `keepAlive`
 _Optional, Default=10s_
 Set the TCP Keep Alive duration for the Marathon HTTP Client.
 The value of `keepAlive` should be provided in seconds or as a valid duration format,
 see [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration).
 ```yaml tab="File (YAML)"
 providers:
  marathon:
    keepAlive: "30s"
    # ...
 ```
 ```toml tab="File (TOML)"
 [providers.marathon]
  keepAlive = "30s"
  # ...
 ```
 ```bash tab="CLI"
 --providers.marathon.keepAlive=30s
 # ...
 ```
 ### `respectReadinessChecks`
 _Optional, Default=false_
 Applications may define readiness checks which are probed by Marathon during deployments periodically, and these check results are exposed via the API.
 Enabling `respectReadinessChecks` causes Traefik to filter out tasks whose readiness checks have not succeeded.
 Note that the checks are only valid during deployments.
 See the Marathon guide for details.
 ```yaml tab="File (YAML)"
 providers:
  marathon:
    respectReadinessChecks: true
    # ...
 ```
 ```toml tab="File (TOML)"
 [providers.marathon]
  respectReadinessChecks = true
  # ...
 ```
 ```bash tab="CLI"
 --providers.marathon.respectReadinessChecks=true
 # ...
 ```
 ### `responseHeaderTimeout`
 _Optional, Default=60s_
 Amount of time the Marathon provider should wait before timing out when waiting for the first response header
 from a Marathon master.
 The value of `responseHeaderTimeout` should be provided in seconds or as a valid duration format,
 see [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration).
 ```yaml tab="File (YAML)"
 providers:
  marathon:
    responseHeaderTimeout: "66s"
    # ...
 ```
 ```toml tab="File (TOML)"
 [providers.marathon]
  responseHeaderTimeout = "66s"
  # ...
 ```
 ```bash tab="CLI"
 --providers.marathon.responseHeaderTimeout=66s
 # ...
 ```
 ### `tls`
 _Optional_
 Defines the TLS configuration used for the secure connection to Marathon.
 #### `ca`
 `ca` is the path to the certificate authority used for the secure connection to Marathon,
 it defaults to the system bundle.
 ```yaml tab="File (YAML)"
 providers:
  marathon:
    tls:
      ca: path/to/ca.crt
 ```
 ```toml tab="File (TOML)"
 [providers.marathon.tls]
  ca = "path/to/ca.crt"
 ```
 ```bash tab="CLI"
 --providers.marathon.tls.ca=path/to/ca.crt
 ```
 #### `cert`
 _Optional_
 `cert` is the path to the public certificate used for the secure connection to Marathon.
 When using this option, setting the `key` option is required.
 ```yaml tab="File (YAML)"
 providers:
  marathon:
    tls:
      cert: path/to/foo.cert
      key: path/to/foo.key
 ```
 ```toml tab="File (TOML)"
 [providers.marathon.tls]
  cert = "path/to/foo.cert"
  key = "path/to/foo.key"
 ```
 ```bash tab="CLI"
 --providers.marathon.tls.cert=path/to/foo.cert
 --providers.marathon.tls.key=path/to/foo.key
 ```
 #### `key`
 _Optional_
 `key` is the path to the private key used for the secure connection to Marathon.
 When using this option, setting the `cert` option is required.
 ```yaml tab="File (YAML)"
 providers:
  marathon:
    tls:
      cert: path/to/foo.cert
      key: path/to/foo.key
 ```
 ```toml tab="File (TOML)"
 [providers.marathon.tls]
  cert = "path/to/foo.cert"
  key = "path/to/foo.key"
 ```
 ```bash tab="CLI"
 --providers.marathon.tls.cert=path/to/foo.cert
 --providers.marathon.tls.key=path/to/foo.key
 ```
 #### `insecureSkipVerify`
 _Optional, Default=false_
 If `insecureSkipVerify` is `true`, the TLS connection to Marathon accepts any certificate presented by the server regardless of the hostnames it covers.
 ```yaml tab="File (YAML)"
 providers:
  marathon:
    tls:
      insecureSkipVerify: true
 ```
 ```toml tab="File (TOML)"
 [providers.marathon.tls]
  insecureSkipVerify = true
 ```
 ```bash tab="CLI"
 --providers.marathon.tls.insecureSkipVerify=true
 ```
 ### `tlsHandshakeTimeout`
 _Optional, Default=5s_
 Amount of time the Marathon provider should wait before timing out,
 when waiting for the TLS handshake to complete.
 The value of `tlsHandshakeTimeout` should be provided in seconds or as a valid duration format,
 see [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration).
 ```yaml tab="File (YAML)"
 providers:
  marathon:
    tlsHandshakeTimeout: "10s"
    # ...
 ```
 ```toml tab="File (TOML)"
 [providers.marathon]
  tlsHandshakeTimeout = "10s"
  # ...
 ```
 ```bash tab="CLI"
 --providers.marathon.tlsHandshakeTimeout=10s
 # ...
 ```
 ### `trace`
 _Optional, Default=false_
 Displays additional provider logs when available.
 ```yaml tab="File (YAML)"
 providers:
  marathon:
    trace: true
    # ...
 ```
 ```toml tab="File (TOML)"
 [providers.marathon]
  trace = true
  # ...
 ```
 ```bash tab="CLI"
 --providers.marathon.trace=true
 # ...
 ```
 ### `watch`
 _Optional, Default=true_
 When set to `true`, watches for Marathon changes.
 ```yaml tab="File (YAML)"
 providers:
  marathon:
    watch: false
    # ...
 ```
 ```toml tab="File (TOML)"
 [providers.marathon]
  watch = false
  # ...
 ```
 ```bash tab="CLI"
 --providers.marathon.watch=false
 # ...
 ```
--- a/docs/content/providers/nomad.md
+++ b/docs/content/providers/nomad.md
@@ -442,6 +442,36 @@ For additional information, refer to [Restrict the Scope of Service Discovery](.
 ### `namespaces`
 ??? warning "Deprecated in favor of the [`namespaces`](#namespaces) option."
    _Optional, Default=""_
    The `namespace` option defines the namespace in which the Nomad services will be discovered.
    !!! warning
        One should only define either the `namespaces` option or the `namespace` option.
    ```yaml tab="File (YAML)"
    providers:
      nomad:
        namespace: "production"
        # ...
    ```
    ```toml tab="File (TOML)"
    [providers.nomad]
      namespace = "production"
      # ...
    ```
    ```bash tab="CLI"
    --providers.nomad.namespace=production
    # ...
    ```
 ### `namespaces`
 _Optional, Default=""_
 The `namespaces` option defines the namespaces in which the nomad services will be discovered.
--- a/docs/content/providers/overview.md
+++ b/docs/content/providers/overview.md
@@ -72,7 +72,7 @@ For the list of the providers names, see the [supported providers](#supported-pr
    Using the add-foo-prefix middleware from other providers:
-    ```yaml tab="Docker"
+    ```yaml tab="Docker & Swarm"
    your-container: #
      image: your-docker-image
@@ -82,7 +82,7 @@ For the list of the providers names, see the [supported providers](#supported-pr
    ```
    ```yaml tab="Kubernetes Ingress Route"
-    apiVersion: traefik.containo.us/v1alpha1
+    apiVersion: traefik.io/v1alpha1
    kind: IngressRoute
    metadata:
      name: ingressroutestripprefix
@@ -104,7 +104,7 @@ For the list of the providers names, see the [supported providers](#supported-pr
    ```
    ```yaml tab="Kubernetes Ingress"
-    apiVersion: traefik.containo.us/v1alpha1
+    apiVersion: traefik.io/v1alpha1
    kind: Middleware
    metadata:
      name: stripprefix
@@ -141,8 +141,6 @@ Below is the list of the currently supported providers in Traefik.
 | [Consul Catalog](./consul-catalog.md)             | Orchestrator | Label                | `consulcatalog`     |
 | [Nomad](./nomad.md)                               | Orchestrator | Label                | `nomad`             |
 | [ECS](./ecs.md)                                   | Orchestrator | Label                | `ecs`               |
 | [Marathon](./marathon.md)                         | Orchestrator | Label                | `marathon`          |
 | [Rancher](./rancher.md)                           | Orchestrator | Label                | `rancher`           |
 | [File](./file.md)                                 | Manual       | YAML/TOML format     | `file`              |
 | [Consul](./consul.md)                             | KV           | KV                   | `consul`            |
 | [Etcd](./etcd.md)                                 | KV           | KV                   | `etcd`              |
@@ -216,8 +214,6 @@ List of providers that support these features:
 - [ECS](./ecs.md#exposedbydefault)
 - [Consul Catalog](./consul-catalog.md#exposedbydefault)
 - [Nomad](./nomad.md#exposedbydefault)
 - [Rancher](./rancher.md#exposedbydefault)
 - [Marathon](./marathon.md#exposedbydefault)
 ### Constraints
@@ -227,8 +223,6 @@ List of providers that support constraints:
 - [ECS](./ecs.md#constraints)
 - [Consul Catalog](./consul-catalog.md#constraints)
 - [Nomad](./nomad.md#constraints)
 - [Rancher](./rancher.md#constraints)
 - [Marathon](./marathon.md#constraints)
 - [Kubernetes CRD](./kubernetes-crd.md#labelselector)
 - [Kubernetes Ingress](./kubernetes-ingress.md#labelselector)
 - [Kubernetes Gateway](./kubernetes-gateway.md#labelselector)
--- a/docs/content/providers/rancher.md
+++ b/docs/content/providers/rancher.md
@@ -1,286 +0,0 @@
 ---
 title: ""Traefik Configuration Discovery: Rancher""
 description: "Read the official Traefik documentation to learn how to expose Rancher services by default in Traefik Proxy."
 ---
 # Traefik & Rancher
 A Story of Labels, Services & Containers
 {: .subtitle }
 ![Rancher](../assets/img/providers/rancher.png)
 Attach labels to your services and let Traefik do the rest!
 !!! important "This provider is specific to Rancher 1.x."
    Rancher 2.x requires Kubernetes and does not have a metadata endpoint of its own for Traefik to query.
    As such, Rancher 2.x users should utilize the [Kubernetes CRD provider](./kubernetes-crd.md) directly.
 ## Configuration Examples
 ??? example "Configuring Rancher & Deploying / Exposing Services"
    Enabling the Rancher provider
    ```yaml tab="File (YAML)"
    providers:
      rancher: {}
    ```
    ```toml tab="File (TOML)"
    [providers.rancher]
    ```
    ```bash tab="CLI"
    --providers.rancher=true
    ```
    Attaching labels to services
    ```yaml
    labels:
      - traefik.http.services.my-service.rule=Host(`example.com`)
    ```
 ## Routing Configuration
 See the dedicated section in [routing](../routing/providers/rancher.md).
 ## Provider Configuration
 ??? tip "Browse the Reference"
    For an overview of all the options that can be set with the Rancher provider, see the following snippets:
    ```yaml tab="File (YAML)"
    --8<-- "content/providers/rancher.yml"
    ```
    ```toml tab="File (TOML)"
    --8<-- "content/providers/rancher.toml"
    ```
    ```bash tab="CLI"
    --8<-- "content/providers/rancher.txt"
    ```
 ### `exposedByDefault`
 _Optional, Default=true_
 Expose Rancher services by default in Traefik.
 If set to `false`, services that do not have a `traefik.enable=true` label are ignored from the resulting routing configuration.
 For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#restrict-the-scope-of-service-discovery).
 ```yaml tab="File (YAML)"
 providers:
  rancher:
    exposedByDefault: false
    # ...
 ```
 ```toml tab="File (TOML)"
 [providers.rancher]
  exposedByDefault = false
  # ...
 ```
 ```bash tab="CLI"
 --providers.rancher.exposedByDefault=false
 # ...
 ```
 ### `defaultRule`
 _Optional, Default=```Host(`{{ normalize .Name }}`)```_
 The default host rule for all services.
 The `defaultRule` option defines what routing rule to apply to a container if no rule is defined by a label.
 It must be a valid [Go template](https://pkg.go.dev/text/template/), and can use
 [sprig template functions](https://masterminds.github.io/sprig/).
 The service name can be accessed with the `Name` identifier,
 and the template has access to all the labels defined on this container.
 This option can be overridden on a container basis with the `traefik.http.routers.Router1.rule` label.
 ```yaml tab="File (YAML)"
 providers:
  rancher:
    defaultRule: "Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
    # ...
 ```
 ```toml tab="File (TOML)"
 [providers.rancher]
  defaultRule = "Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
  # ...
 ```
 ```bash tab="CLI"
 --providers.rancher.defaultRule=Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)
 # ...
 ```
 ### `enableServiceHealthFilter`
 _Optional, Default=true_
 Filter out services with unhealthy states and inactive states.
 ```yaml tab="File (YAML)"
 providers:
  rancher:
    enableServiceHealthFilter: false
    # ...
 ```
 ```toml tab="File (TOML)"
 [providers.rancher]
  enableServiceHealthFilter = false
  # ...
 ```
 ```bash tab="CLI"
 --providers.rancher.enableServiceHealthFilter=false
 # ...
 ```
 ### `refreshSeconds`
 _Optional, Default=15_
 Defines the polling interval (in seconds).
 ```yaml tab="File (YAML)"
 providers:
  rancher:
    refreshSeconds: 30
    # ...
 ```
 ```toml tab="File (TOML)"
 [providers.rancher]
  refreshSeconds = 30
  # ...
 ```
 ```bash tab="CLI"
 --providers.rancher.refreshSeconds=30
 # ...
 ```
 ### `intervalPoll`
 _Optional, Default=false_
 Poll the Rancher metadata service for changes every `rancher.refreshSeconds`,
 which is less accurate than the default long polling technique which provides near instantaneous updates to Traefik.
 ```yaml tab="File (YAML)"
 providers:
  rancher:
    intervalPoll: true
    # ...
 ```
 ```toml tab="File (TOML)"
 [providers.rancher]
  intervalPoll = true
  # ...
 ```
 ```bash tab="CLI"
 --providers.rancher.intervalPoll=true
 # ...
 ```
 ### `prefix`
 _Optional, Default="/latest"_
 Prefix used for accessing the Rancher metadata service.
 ```yaml tab="File (YAML)"
 providers:
  rancher:
    prefix: "/test"
    # ...
 ```
 ```toml tab="File (TOML)"
 [providers.rancher]
  prefix = "/test"
  # ...
 ```
 ```bash tab="CLI"
 --providers.rancher.prefix=/test
 # ...
 ```
 ### `constraints`
 _Optional, Default=""_
 The `constraints` option can be set to an expression that Traefik matches against the container labels to determine whether
 to create any route for that container. If none of the container tags match the expression, no route for that container is
 created. If the expression is empty, all detected containers are included.
 The expression syntax is based on the `Label("key", "value")`, and `LabelRegex("key", "value")` functions, as well as
 the usual boolean logic, as shown in examples below.
 ??? example "Constraints Expression Examples"
    ```toml
    # Includes only containers having a label with key `a.label.name` and value `foo`
    constraints = "Label(`a.label.name`, `foo`)"
    ```
    ```toml
    # Excludes containers having any label with key `a.label.name` and value `foo`
    constraints = "!Label(`a.label.name`, `value`)"
    ```
    ```toml
    # With logical AND.
    constraints = "Label(`a.label.name`, `valueA`) && Label(`another.label.name`, `valueB`)"
    ```
    ```toml
    # With logical OR.
    constraints = "Label(`a.label.name`, `valueA`) || Label(`another.label.name`, `valueB`)"
    ```
    ```toml
    # With logical AND and OR, with precedence set by parentheses.
    constraints = "Label(`a.label.name`, `valueA`) && (Label(`another.label.name`, `valueB`) || Label(`yet.another.label.name`, `valueC`))"
    ```
    ```toml
    # Includes only containers having a label with key `a.label.name` and a value matching the `a.+` regular expression.
    constraints = "LabelRegex(`a.label.name`, `a.+`)"
    ```
 For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#restrict-the-scope-of-service-discovery).
 ```yaml tab="File (YAML)"
 providers:
  rancher:
    constraints: "Label(`a.label.name`,`foo`)"
    # ...
 ```
 ```toml tab="File (TOML)"
 [providers.rancher]
  constraints = "Label(`a.label.name`,`foo`)"
  # ...
 ```
 ```bash tab="CLI"
 --providers.rancher.constraints=Label(`a.label.name`,`foo`)
 # ...
 ```
--- a/docs/content/providers/rancher.toml
+++ b/docs/content/providers/rancher.toml
@@ -1,20 +0,0 @@
 # Enable Rancher Provider.
 [providers.rancher]
  # Expose Rancher services by default in Traefik.
  exposedByDefault = true
  # Enable watch Rancher changes.
  watch = true
  # Filter services with unhealthy states and inactive states.
  enableServiceHealthFilter = true
  # Defines the polling interval (in seconds).
  refreshSeconds = 15
  # Poll the Rancher metadata service for changes every `rancher.refreshSeconds`, which is less accurate
  intervalPoll = false
  # Prefix used for accessing the Rancher metadata service
  prefix = "/latest"
--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Ludovic Fernandez	52d2d959af	Prepare release v3.0.0-beta3	2023-06-22 01:18:05 +02:00
Romain	0a35fa096a	Improve Kubernetes support documentation Co-authored-by: Kevin Pollet <pollet.kevin@gmail.com>	2023-06-21 10:06:05 +02:00
Fernandez Ludovic	a7ef965412	Merge branch v2.10 into v3.0	2023-06-20 19:33:05 +02:00
Romain	0a861716d4	Update release documentation	2023-06-20 17:12:05 +02:00
Romain	4fbe9b81ec	Remove support of the networking.k8s.io/v1beta1 APIVersion	2023-06-20 10:26:05 +02:00
Romain	5fd6913ee5	Fix OpenTelemetry metrics Co-authored-by: LandryBe <[lbenguigui@gmail.com](mailto:lbenguigui@gmail.com)>	2023-06-20 09:12:05 +02:00
Ludovic Fernandez	7741c68eaa	Prepare release v2.10.3	2023-06-19 18:14:30 +02:00
Ludovic Fernandez	18077ff69a	Update go-acme/lego to v4.12.2	2023-06-19 18:08:05 +02:00
Michael	fa555d0d29	fix: Remove unnecessary data on release ci	2023-06-19 17:34:05 +02:00
Jakob Miksch	0e5898b2f8	Minor Typo	2023-06-19 14:36:05 +02:00
Ludovic Fernandez	aae76408e2	Prepare release v2.10.2	2023-06-19 12:00:06 +02:00
green1052	9cc9ed6a0c	Fix typo	2023-06-17 21:52:05 +02:00
Michael	fecaec7a4a	feat: new endpoint for collect	2023-06-16 23:08:05 +02:00
LandryBe	e62fe64ec9	Encode query semicolons Co-authored-by: Romain <rtribotte@users.noreply.github.com>	2023-06-15 18:20:06 +02:00
Romain	6885e410f0	Support informational headers in middlewares redefining the response writer. Co-authored-by: LandryBe <lbenguigui@gmail.com>	2023-06-14 17:42:44 +02:00
Philipp Trulson	68ed875966	Update DataDog tracing dependency to v1.50.1	2023-06-14 17:00:06 +02:00
Romain	d1bdeb3a92	Fix missing trailer with custom errors middleware Co-authored-by: LandryBe <lbenguigui@gmail.com>	2023-06-14 14:48:05 +02:00
Dylan Rodgers	878e7de56a	Add business callouts	2023-06-09 09:18:05 +02:00
Ludovic Fernandez	27353d0740	Update go-acme/lego to v4.12.1	2023-06-07 09:30:05 +02:00
Fernandez Ludovic	606281a4a5	Merge branch v2.10 into v3.0	2023-06-05 11:43:02 +02:00
Ludovic Fernandez	c5f23493ab	chore: update linter	2023-06-05 10:24:06 +02:00
Chromo-residuum-opec	db515195f0	docs: fix over-indented yaml configuration of access logs	2023-06-04 08:00:05 +02:00
Ludovic Fernandez	9aa57f362b	fix: improve error messages related to plugins	2023-06-02 11:34:06 +02:00
João Silva	6977b68b72	Fix multiple subsets endpoint	2023-05-31 11:40:05 +02:00
Ludovic Fernandez	8d8717d421	Update go-acme/lego to v4.12.0	2023-05-29 13:04:05 +02:00
Fernandez Ludovic	981ad74870	Merge branch v2.10 into v3.0	2023-05-17 11:18:37 +02:00
Erikas	021f37ff71	Do not check for wildcard domains for non DNS challenge	2023-05-16 16:00:06 +02:00
Ludovic Fernandez	511762cbf3	fix: clean code related to Hub	2023-05-15 16:38:05 +02:00
Ludovic Fernandez	466d7461b7	Split Docker provider	2023-05-10 15:28:05 +02:00
Ludovic Fernandez	1522afe2ec	doc: add logo for GitHub dark mode	2023-05-10 09:54:05 +02:00
Romain	9c73c4c584	Enable Prometheus provider cleanup when only the router's metrics level is activated Co-authored-by: Kevin Pollet <pollet.kevin@gmail.com>	2023-05-09 17:38:05 +02:00
Ludovic Fernandez	8f206ce319	Update go-acme/lego to v4.11.0	2023-05-03 10:20:05 +02:00
Romain	65c59c9a09	Add FAQ documentation about TLS certificates	2023-04-28 17:56:05 +02:00
mloiseleur	e044e2b765	chore: update CI base OS	2023-04-28 15:36:05 +02:00
Romain	7805c683e3	Prepare release v2.10.1	2023-04-27 16:46:11 +02:00
Romain	e38c0c3969	Update vulcand/oxy to be5cf38	2023-04-27 16:28:06 +02:00
Fernandez Ludovic	2cebd0a083	Merge branch v2.10 into v3.0	2023-04-26 11:44:44 +02:00
Ludovic Fernandez	c0e03ae17d	Update Structor to v1.13.2	2023-04-26 06:54:05 +02:00
Romain	9060522414	Fix v2.10 migration guide	2023-04-25 11:14:05 +02:00
Romain	bb4eb32b1c	Prepare release v2.10.0	2023-04-24 15:38:05 +02:00
Massimiliano D	30f991effa	Modify the Hub Button	2023-04-18 11:44:05 +02:00
Fernandez Ludovic	fc071a5ebe	Merge branch v2.10 into master	2023-04-18 09:20:53 +02:00
Ngọc Long	6082b22922	Update vulcand/oxy to 03de175b3822	2023-04-18 09:16:20 +02:00
Ludovic Fernandez	5635687a3e	fix: DeepCopy of PluginConf	2023-04-17 17:22:05 +02:00
Ludovic Fernandez	a3f1009170	chore: update pull request template (#9847 )	2023-04-17 15:57:41 +02:00
Fernandez Ludovic	79c5f34156	Merge branch v2.10 into v3.0	2023-04-17 11:58:01 +02:00
Fernandez Ludovic	928db9bc42	chore: update linter	2023-04-17 11:01:26 +02:00
mloiseleur	c4bea197ab	More details on for mTLS	2023-04-12 12:10:05 +02:00
mpl	e8878fe6ac	Prepare release v2.10.0-rc2	2023-04-07 11:00:06 +02:00
mpl	f344239bef	Merge branch 'v2.9' into v2.10	2023-04-06 18:44:23 +02:00
mpl	4ed3964b35	Prepare release v2.9.10	2023-04-06 18:10:03 +02:00
sven	11966c2098	Improve concepts page	2023-04-05 14:44:06 +02:00
sven	0d1bb72306	docs: update wording - add link descriptions	2023-04-05 14:16:06 +02:00
Mátyás Somfai	4c9765b52d	Display period setting of the RateLimit middleware in the webui	2023-04-04 18:12:06 +02:00
sven	5f514b0d16	Update Call To Actions	2023-04-04 16:42:06 +02:00
yingshaoxo	01f346f239	Add accessControlAllowHeaders example	2023-04-04 14:36:11 +02:00
Ludovic Fernandez	be1b1a6489	chore: update linter	2023-04-03 10:06:06 +02:00
Ludovic Fernandez	ae65d5ff78	Update Yaegi to v0.15.1	2023-03-30 12:10:05 +02:00
sven	7fc07c31a0	docs: update wording	2023-03-29 17:16:05 +02:00
Ludovic Fernandez	f2eda3aa6d	chore: bump k8s.io/client-go from v0.22.1 to v0.26.3	2023-03-27 12:14:05 +02:00
Senan Kelly	ac9d88e5a2	Only warn about missing docker network when network_mode is not host or container	2023-03-24 01:26:07 +01:00
sven	598caf6f78	Adjust quick start	2023-03-22 16:53:41 +01:00
Ludovic Fernandez	77509b0913	fix: decrease parallel build during the release	2023-03-22 16:53:08 +01:00
Ludovic Fernandez	8b47c5adf7	Remove deprecated code	2023-03-22 16:40:06 +01:00
Fernandez Ludovic	a3bcf0f39e	Merge branch v2.10 into v3.0	2023-03-22 12:52:38 +01:00
Ludovic Fernandez	be702c2b61	Prepare release v2.10.0-rc1	2023-03-22 11:06:05 +01:00
Fernandez Ludovic	54f6144ef2	Merge branch v2.9 into v2.10	2023-03-21 17:11:20 +01:00
Romain	a020ab640d	Prepare release v2.9.9	2023-03-21 16:47:43 +01:00
Fernandez Ludovic	7875826bd9	Merge branch v2.10 into v3.0	2023-03-21 16:45:33 +01:00
Romain	f7be1e97df	Support multiple namespaces in the Nomad Provider	2023-03-21 15:50:06 +01:00
Romain	48a2c8e41c	Fix Nomad client TLS defaults	2023-03-21 15:32:06 +01:00
mpl	358f47443e	hub: get out of experimental. Co-authored-by: Romain <rtribotte@users.noreply.github.com>	2023-03-20 21:14:05 +01:00
sven	3b9e155807	docs: update order of log levels	2023-03-20 18:56:06 +01:00
Michael	2083e4bc16	feat: use env variable in github actions	2023-03-20 18:30:08 +01:00
Romain	c823879097	Add prometheus metric requests_total with headers Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com>	2023-03-20 18:06:07 +01:00
Thomas Quinot	4bc2305ed3	Expose ContainerName in Docker provider	2023-03-20 17:42:06 +01:00
Philipp Trulson	99d779a546	Add support to send DataDog traces via Unix Socket	2023-03-20 17:16:08 +01:00
Romain	6e460cd652	Native Kubernetes service load-balancing	2023-03-20 16:46:05 +01:00
mpl	7c2af10bbd	Fix open connections metric Co-authored-by: Romain <rtribotte@users.noreply.github.com>	2023-03-20 16:02:06 +01:00
Romain	7af9d16208	Introduce traefik.io API Group CRDs	2023-03-20 15:38:08 +01:00
Romain	598a257ae1	Remove config reload failure metrics	2023-03-20 15:14:05 +01:00
Aofei Sheng	b3f162a8a6	Fix default configuration settings for Nomad Provider	2023-03-20 10:44:05 +01:00
Romain	4aa3496092	Add HTTP 103 early hints unit test Co-authored-by: Mathieu Lonjaret <mathieu.lonjaret@gmail.com>	2023-03-17 16:46:06 +01:00
mpl	bbe6a5c07b	doc: clarify ratelimit middleware	2023-03-14 14:58:06 +01:00
mpl	20e47d9102	compress: add no compress unit tests	2023-03-02 10:26:05 +01:00
Romain	21c455cf20	Remove User-Agent header removal from ReverseProxy director func	2023-02-28 17:06:05 +01:00
Ludovic Fernandez	667b2a4078	Update vulcand/oxy to a0e9f7ff1040 Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com>	2023-02-27 15:24:21 +01:00
Ludovic Fernandez	4ae07d91a4	Update go-acme/lego to v4.10.2	2023-02-27 09:36:06 +01:00
Raphael Pinto	7bdf13ebdc	Correcting variable name 'server address' in TCP Router	2023-02-23 23:38:05 +01:00
Romain	807feef176	Include user-defined default cert for traefik_tls_certs_not_after metric Co-authored-by: Mathieu Lonjaret <mathieu.lonjaret@gmail.com>	2023-02-23 16:14:06 +01:00
Ludovic Fernandez	7202038649	chore: update to go1.20	2023-02-23 15:06:05 +01:00
Ludovic Fernandez	dd710dbeb7	chore: update quic-go to v0.33.0	2023-02-23 10:54:05 +01:00
Aofei Sheng	f26e250648	Mention PathPrefix matcher changes in V3 Migration Guide	2023-02-16 15:54:05 +01:00
Ben Iofel	80790cba17	Fix yaml indentation in the HTTP3 example	2023-02-16 14:36:05 +01:00
Romain	2e6e5cbd03	Prepare release v2.9.8	2023-02-15 16:02:06 +01:00
romain	241fb5093a	Merge current v2.9 into v3.0	2023-02-15 11:29:28 +01:00
Ludovic Fernandez	ab36ea7844	fix: update golang.org/x/net to v0.7.0	2023-02-15 09:56:19 +01:00
Romain	cfef9d9df2	Prepare release v2.9.7	2023-02-14 16:09:19 +01:00
Fernandez Ludovic	9ce69fbdef	chore: update some dependencies	2023-02-14 15:44:21 +01:00
Romain	1a6dfe1f6b	Adds the support for IPv6 in the TCP HostSNI matcher	2023-02-14 15:04:05 +01:00
Ludovic Fernandez	e053eb6f17	Update go-acme/lego to v4.10.0	2023-02-10 11:36:10 +01:00
mpl	780936eff9	doc: add note about remoteaddr strategy	2023-02-09 17:34:06 +01:00
mpl	0503253cfe	doc: add CNAME support and gotchas	2023-02-09 17:12:06 +01:00
Ludovic Fernandez	39331e41a8	Update Yaegi to v0.15.0	2023-02-09 11:52:05 +01:00
Ludovic Fernandez	044dc6a221	fix: go module	2023-02-03 15:24:05 +01:00
Romain	38f5024ed0	Differentiate UDP stream and TCP connection in logs	2023-01-31 16:00:10 +01:00
mpl	479878503d	quic-go: bump to 89769f409f	2023-01-31 14:38:05 +01:00
Ludovic Fernandez	6f6c1f7fec	Update dependencies	2023-01-30 09:34:44 +01:00
Ludovic Fernandez	e50bf21a84	Update Structor to v1.12.0	2023-01-23 10:44:04 +01:00
Ludovic Fernandez	d66875f903	Update paerser to v0.2.0	2023-01-23 09:34:04 +01:00
Romain	707f84e2e4	Don't log EOF or timeout errors while peeking first bytes in Postgres StartTLS hook	2023-01-12 12:28:04 +01:00
Pedro González Serrano	f94298e867	Fix datasource variable of the Grafana dashboard	2023-01-11 15:16:06 +01:00
Romain	b995a11d63	Prevent panicking when a container has no network interfaces Co-authored-by: Kevin Pollet <pollet.kevin@gmail.com>	2023-01-11 15:14:05 +01:00
Tom Moulard	e1abf103c0	Add OpenTelemetry in observability overview Co-authored-by: Romain <rtribotte@users.noreply.github.com>	2023-01-10 17:06:04 +01:00
Paulo Júnior	f01a668d53	feat: update copyright to match new standard	2023-01-09 19:56:04 +01:00
bendre90	8cd4923e72	Added router priority to webui's list and detail page	2023-01-09 17:24:05 +01:00
Tom Moulard	cd90b9761a	Merge current v2.9 into v3.0	2023-01-09 16:21:45 +01:00
sven	e82976e001	Add info admonition about routing to k8 services	2023-01-09 16:07:09 +01:00
Tom Moulard	f0f5f41fb9	Fix OpenTelemetry service name Co-authored-by: Kevin Pollet <pollet.kevin@gmail.com>	2023-01-06 09:10:05 +01:00
hcooper	c9e9e8dee2	Further Let's Encrypt ratelimit warnings	2023-01-04 12:10:05 +01:00
Witold Duranek	0861c47e54	fix no rate limiting if average is 0	2023-01-03 16:16:05 +01:00
Baptiste Mayelle	8bf68b7efd	Grafana dashboard showing ms instead of s	2023-01-02 17:34:04 +01:00
Tom Moulard	e1e86763e3	Prevents superfluous WriteHeader call in the error middleware Co-authored-by: LandryBe <lbenguigui@gmail.com>	2023-01-02 17:00:05 +01:00
kevinpollet	b22aef7fff	Merge branch v2.9 into v3.0	2023-01-02 15:20:39 +01:00
Kevin Pollet	b9a175f5c2	Update copyright for 2023	2023-01-02 12:12:05 +01:00
Tom Moulard	a2016a2953	Detect dashboard assets content types Co-authored-by: Romain <rtribotte@users.noreply.github.com>	2022-12-29 09:46:04 +01:00
Tom Moulard	c38d405cfd	Remove containous/mux from HTTP muxer Co-authored-by: Simon Delicata <simon.delicata@traefik.io>	2022-12-22 17:16:04 +01:00
jandillenkofer	8c98234c07	Add option to the Ingress provider to disable IngressClass lookup	2022-12-22 16:30:05 +01:00
Roman Tomjak	d046af2e91	Add support for HTTPRequestRedirectFilter in k8s Gateway API	2022-12-22 15:02:05 +01:00
Tom Moulard	943238faba	Remove InfluxDB v1 metrics middleware	2022-12-19 14:32:04 +01:00
Romain	2b67f1f66f	Remove Marathon provider	2022-12-19 11:52:05 +01:00
tfny	943811fad6	Update submitting pull requests to include language about drafts	2022-12-19 11:42:04 +01:00
Tom Moulard	2ad1fd725a	Remove Rancher v1 provider	2022-12-19 10:42:05 +01:00
Charlie Haley	7129f03dc9	fix: update opentelemetry dependency versions	2022-12-19 09:54:04 +01:00
Ludovic Fernandez	29b8b6911e	fix: sanitize X-Forwarded-Proto header in RedirectScheme middleware Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com>	2022-12-16 10:34:04 +01:00
mloiseleur	e7baf44a2e	doc: Improve TLSStore CRD documentation	2022-12-15 14:32:06 +01:00
mpl	74ef79ea23	mitigate race against server readiness in test Co-authored-by: Romain <rtribotte@users.noreply.github.com>	2022-12-15 11:18:05 +01:00
mloiseleur	748254b6c5	doc: Update Grafana Official Dashboards	2022-12-13 16:16:06 +01:00
Douglas De Toni Machado	a08a428787	Support HostSNIRegexp in GatewayAPI TLS routes	2022-12-12 16:30:05 +01:00
Simon Delicata	3eeea2bb2b	Add TCP Servers Transports support Co-authored-by: Romain <rtribotte@users.noreply.github.com>	2022-12-09 09:58:05 +01:00
mpl	da93dab828	make file provider more resilient wrt first configuration Co-authored-by: Romain <rtribotte@users.noreply.github.com> Co-authored-by: Tom Moulard <tom.moulard@traefik.io>	2022-12-09 09:48:04 +01:00
Ludovic Fernandez	c2dac39da1	fix: detect dashboard content types Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com>	2022-12-09 08:24:05 +01:00
Tom Moulard	e54ee89330	Prepare release v3.0.0-beta2	2022-12-07 17:26:04 +01:00
Simon Delicata	fdd3f2abef	Moves HTTP/3 outside the experimental section	2022-12-07 17:02:05 +01:00
Tom Moulard	517917cd7c	Merge current v2.9 into master	2022-12-07 15:55:46 +01:00
Tom Moulard	d97d3a6726	Prepare release v2.9.6	2022-12-07 15:14:05 +01:00
Tom Moulard	6c75052a13	Change traefik cmd error log to error level	2022-12-07 11:34:06 +01:00
Ludovic Fernandez	a8df674dcf	fix: flaky tests	2022-12-07 10:56:05 +01:00
Ludovic Fernandez	abd569701f	fix: update golang.org/x/net	2022-12-07 10:02:04 +01:00
mpl	7e3fe48b80	Handle broken TLS conf better Co-authored-by: Jean-Baptiste Doumenjou <925513+jbdoumenjou@users.noreply.github.com> Co-authored-by: Romain <rtribotte@users.noreply.github.com>	2022-12-06 18:28:05 +01:00
Tom Moulard	8cf9385938	Rework Host and HostRegexp matchers Co-authored-by: Simon Delicata <simon.delicata@traefik.io>	2022-12-06 10:40:06 +01:00