Merge pull request #695 from containous/prepare-release-v1.0.3

Prepare release v1.0.3

.dockerignore

@@ -1,5 +1,5 @@
 dist/
-!dist/**/traefik
-site/
 vendor/
-.idea/
+!dist/traefik
+site/
+**/*.test

.gitattributes

@@ -1 +0,0 @@
-# vendor/github.com/go-acme/lego/providers/dns/cloudxns/cloudxns.go eol=crlf

.github/CONTRIBUTING.md

@@ -0,0 +1,126 @@
+# Contributing
+
+### Building
+
+You need either [Docker](https://github.com/docker/docker) and `make`, or `go` and `glide` in order to build traefik.
+
+#### Setting up your `go` environment
+
+- You need `go` v1.5
+- You need to set `export GO15VENDOREXPERIMENT=1` environment variable
+- You need `go-bindata` to be able to use `go generate` command (needed to build) : `go get github.com/jteeuwen/go-bindata/...`.
+- If you clone Træfɪk into something like `~/go/src/github.com/traefik`, your `GOPATH` variable will have to be set to `~/go`: export `GOPATH=~/go`.
+
+#### Using `Docker` and `Makefile`
+
+You need to run the `binary` target. This will create binaries for Linux platform in the `dist` folder.
+
+```bash
+$ make binary
+docker build -t "traefik-dev:no-more-godep-ever" -f build.Dockerfile .
+Sending build context to Docker daemon 295.3 MB
+Step 0 : FROM golang:1.5
+ ---> 8c6473912976
+Step 1 : RUN go get github.com/Masterminds/glide
+[...]
+docker run --rm  -v "/var/run/docker.sock:/var/run/docker.sock" -it -e OS_ARCH_ARG -e OS_PLATFORM_ARG -e TESTFLAGS -v "/home/emile/dev/go/src/github.com/containous/traefik/"dist":/go/src/github.com/containous/traefik/"dist"" "traefik-dev:no-more-godep-ever" ./script/make.sh generate binary
+---> Making bundle: generate (in .)
+removed 'gen.go'
+
+---> Making bundle: binary (in .)
+
+$ ls dist/
+traefik*
+```
+
+#### Using `glide`
+
+The idea behind `glide` is the following :
+
+- when checkout(ing) a project, **run `glide install`** to install
+  (`go get …`) the dependencies in the `GOPATH`.
+- if you need another dependency, import and use it in
+  the source, and **run `glide get github.com/Masterminds/cookoo`** to save it in
+  `vendor` and add it to your `glide.yaml`.
+
+```bash
+$ glide install
+# generate
+$ go generate
+# Simple go build
+$ go build
+# Using gox to build multiple platform
+$ gox "linux darwin" "386 amd64 arm" \
+    -output="dist/traefik_{{.OS}}-{{.Arch}}"
+# run other commands like tests
+$ go test ./...
+ok      _/home/vincent/src/github/vdemeester/traefik    0.004s
+```
+
+### Tests
+
+You can run unit tests using the `test-unit` target and the
+integration test using the `test-integration` target.
+
+```bash
+$ make test-unit
+docker build -t "traefik-dev:your-feature-branch" -f build.Dockerfile .
+# […]
+docker run --rm -it -e OS_ARCH_ARG -e OS_PLATFORM_ARG -e TESTFLAGS -v "/home/vincent/src/github/vdemeester/traefik/dist:/go/src/github.com/containous/traefik/dist" "traefik-dev:your-feature-branch" ./script/make.sh generate test-unit
+---> Making bundle: generate (in .)
+removed 'gen.go'
+
+---> Making bundle: test-unit (in .)
++ go test -cover -coverprofile=cover.out .
+ok      github.com/containous/traefik   0.005s  coverage: 4.1% of statements
+
+Test success
+```
+
+For development purpose, you can specifiy which tests to run by using:
+```
+# Run every tests in the MyTest suite
+TESTFLAGS="-check.f MyTestSuite" make test-integration
+
+# Run the test "MyTest" in the MyTest suite
+TESTFLAGS="-check.f MyTestSuite.MyTest" make test-integration
+
+# Run every tests starting with "My", in the MyTest suite
+TESTFLAGS="-check.f MyTestSuite.My" make test-integration
+
+# Run every tests ending with "Test", in the MyTest suite
+TESTFLAGS="-check.f MyTestSuite.*Test" make test-integration
+```
+
+More: https://labix.org/gocheck
+
+### Documentation
+
+The [documentation site](http://docs.traefik.io/) is built with [mkdocs](http://mkdocs.org/)
+
+First make sure you have python and pip installed
+
+```
+$ python --version
+Python 2.7.2
+$ pip --version
+pip 1.5.2
+```
+
+Then install mkdocs with pip
+
+```
+$ pip install mkdocs
+```
+
+To test documentaion localy run `mkdocs serve` in the root directory, this should start a server localy to preview your changes.
+
+```
+$ mkdocs serve
+INFO    -  Building documentation... 
+WARNING -  Config value: 'theme'. Warning: The theme 'united' will be removed in an upcoming MkDocs release. See http://www.mkdocs.org/about/release-notes/ for more details 
+INFO    -  Cleaning site directory 
+[I 160505 22:31:24 server:281] Serving on http://127.0.0.1:8000
+[I 160505 22:31:24 handlers:59] Start watching changes
+[I 160505 22:31:24 handlers:61] Start detecting changes
+```

.github/ISSUE_TEMPLATE.md

@@ -1,77 +0,0 @@
-<!-- PLEASE FOLLOW THE ISSUE TEMPLATE TO HELP TRIAGE AND SUPPORT! -->
-
-### Do you want to request a *feature* or report a *bug*?
-
-<!--
-DO NOT FILE ISSUES FOR GENERAL SUPPORT QUESTIONS.
-
-The issue tracker is for reporting bugs and feature requests only.
-For end-user related support questions, please refer to one of the following:
-
-- the Traefik community forum: https://community.traefik.io/
-
--->
-
-Bug
-
-<!--
-
-The configurations between 1.X and 2.X are NOT compatible.
-Please have a look here https://doc.traefik.io/traefik/getting-started/configuration-overview/.
-
--->
-
-### What did you do?
-
-<!--
-
-HOW TO WRITE A GOOD BUG REPORT?
-
-- Respect the issue template as much as possible.
-- The title should be short and descriptive.
-- Explain the conditions which led you to report this issue: the context.
-- The context should lead to something, an idea or a problem that you’re facing.
-- Remain clear and concise.
-- Format your messages to help the reader focus on what matters and understand the structure of your message, use Markdown syntax https://help.github.com/articles/github-flavored-markdown
-
--->
-
-### What did you expect to see?
-
-
-
-### What did you see instead?
-
-
-
-### Output of `traefik version`: (_What version of Traefik are you using?_)
-
-<!--
-`latest` is not considered as a valid version.
-
-For the Traefik Docker image:
-    docker run [IMAGE] version
-    ex: docker run traefik version
-
--->
-
-```
-(paste your output here)
-```
-
-### What is your environment & configuration (arguments, toml, provider, platform, ...)?
-
-```toml
-# (paste your configuration here)
-```
-
-<!--
-Add more configuration information here.
--->
-
-
-### If applicable, please paste the log output in DEBUG level (`--log.level=DEBUG` switch)
-
-```
-(paste your output here)
-```

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -1,82 +0,0 @@
-name: Bug Report (Traefik)
-description: Create a report to help us improve.
-body:
-  - type: checkboxes
-    id: terms
-    attributes:
-      label: Welcome!
-      description: |
-        The issue tracker is for reporting bugs and feature requests only.
-        For end-user related support questions, please use the [Traefik community forum](https://community.traefik.io/).
-
-        All new/updated issues are triaged regularly by the maintainers.
-        All issues closed by a bot are subsequently double-checked by the maintainers.
-
-        DO NOT FILE ISSUES FOR GENERAL SUPPORT QUESTIONS.
-
-      options:
-        - label: Yes, I've searched similar issues on [GitHub](https://github.com/traefik/traefik/issues) and didn't find any.
-          required: true
-        - label: Yes, I've searched similar issues on the [Traefik community forum](https://community.traefik.io) and didn't find any.
-          required: true
-
-  - type: textarea
-    attributes:
-      label: What did you do?
-      description: |
-        How to write a good bug report?
-
-        - Respect the issue template as much as possible.
-        - The title should be short and descriptive.
-        - Explain the conditions which led you to report this issue: the context.
-        - The context should lead to something, an idea or a problem that you’re facing.
-        - Remain clear and concise.
-        - Format your messages to help the reader focus on what matters and understand the structure of your message, use [Markdown syntax](https://help.github.com/articles/github-flavored-markdown)
-      placeholder: What did you do?
-    validations:
-      required: true
-
-  - type: textarea
-    attributes:
-      label: What did you see instead?
-      placeholder: What did you see instead?
-    validations:
-      required: true
-
-  - type: textarea
-    attributes:
-      label: What version of Traefik are you using?
-      description: |
-        `latest` is not considered as a valid version.
-
-        Output of `traefik version`.
-
-        For the Traefik Docker image (`docker run [IMAGE] version`), example:
-        ```console
-        $ docker run traefik version
-        ```
-      placeholder: Paste your output here.
-    validations:
-      required: true
-
-  - type: textarea
-    attributes:
-      label: What is your environment & configuration?
-      description: arguments, toml, provider, platform, ...
-      placeholder: Add information here.
-      value: |
-        ```yaml
-        # (paste your configuration here)
-        ```
-
-        Add more configuration information here.
-    validations:
-      required: true
-
-  - type: textarea
-    attributes:
-      label: If applicable, please paste the log output in DEBUG level
-      description: "`--log.level=DEBUG` switch."
-      placeholder: Paste your output here.
-    validations:
-      required: false

.github/ISSUE_TEMPLATE/config.yml

@@ -1,8 +0,0 @@
-blank_issues_enabled: false
-contact_links:
-  - name: Traefik Community Support
-    url: https://community.traefik.io/
-    about: If you have a question, or are looking for advice, please post on our Discuss forum! The community loves to chime in to help. Happy Coding!
-  - name: Traefik Helm Chart Issues
-    url: https://github.com/traefik/traefik-helm-chart
-    about: Are you submitting an issue or feature enhancement for the Traefik helm chart? Please post in the traefik-helm-chart GitHub Issues.

.github/ISSUE_TEMPLATE/feature-request.yml

@@ -1,33 +0,0 @@
-name: Feature Request (Traefik)
-description: Suggest an idea for this project.
-body:
-  - type: checkboxes
-    id: terms
-    attributes:
-      label: Welcome!
-      description: |
-        The issue tracker is for reporting bugs and feature requests only. For end-user related support questions, please refer to one of the following:
-        - the Traefik community forum: https://community.traefik.io/
-
-        DO NOT FILE ISSUES FOR GENERAL SUPPORT QUESTIONS.
-      options:
-        - label: Yes, I've searched similar issues on [GitHub](https://github.com/traefik/traefik/issues) and didn't find any.
-          required: true
-        - label: Yes, I've searched similar issues on the [Traefik community forum](https://community.traefik.io) and didn't find any.
-          required: true
-
-  - type: textarea
-    attributes:
-      label: What did you expect to see?
-      description: |
-        How to write a good issue?
-
-        - Respect the issue template as much as possible.
-        - The title should be short and descriptive.
-        - Explain the conditions which led you to report this issue: the context.
-        - The context should lead to something, an idea or a problem that you’re facing.
-        - Remain clear and concise.
-        - Format your messages to help the reader focus on what matters and understand the structure of your message, use [Markdown syntax](https://help.github.com/articles/github-flavored-markdown)
-      placeholder: What did you expect to see?
-    validations:
-      required: true

.github/PULL_REQUEST_TEMPLATE.md

@@ -1,37 +0,0 @@
-<!--
-PLEASE READ THIS MESSAGE.
-
-Documentation fixes or enhancements:
-- for Traefik v2: use branch v2.11
-- for Traefik v3: use branch v3.0
-
-Bug fixes:
-- for Traefik v2: use branch v2.11
-- for Traefik v3: use branch v3.0
-
-Enhancements:
-- for Traefik v2: we only accept bug fixes
-- for Traefik v3: use branch master
-
-HOW TO WRITE A GOOD PULL REQUEST? https://doc.traefik.io/traefik/contributing/submitting-pull-requests/
-
--->
-
-### What does this PR do?
-
-<!-- A brief description of the change being made with this pull request. -->
-
-
-### Motivation
-
-<!-- What inspired you to submit this pull request? -->
-
-
-### More
-
-- [ ] Added/updated tests
-- [ ] Added/updated documentation
-
-### Additional Notes
-
-<!-- Anything else we should know when reviewing? -->

.github/PULL_REQUEST_TEMPLATE/mergeback.md

@@ -1,7 +0,0 @@
-### What does this PR do?
-
-Merge v{{.Version}} into master
-
-### Motivation
-
-Be sync.

.github/PULL_REQUEST_TEMPLATE/release.md

@@ -1,7 +0,0 @@
-### What does this PR do?
-
-Prepare release v{{.Version}}.
-
-### Motivation
-
-Create a new release.

.github/workflows/build.yaml

@@ -1,74 +0,0 @@
-name: Build Binaries
-
-on:
-  pull_request:
-    branches:
-      - '*'
-
-env:
-  GO_VERSION: '1.22'
-  CGO_ENABLED: 0
-
-jobs:
-
-  build-webui:
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Check out code
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-
-      - name: Setup node
-        uses: actions/setup-node@v4
-        with:
-          node-version-file: webui/.nvmrc
-          cache: yarn
-          cache-dependency-path: webui/yarn.lock
-
-      - name: Build webui
-        working-directory: ./webui
-        run: |
-          yarn install
-          yarn build
-
-      - name: Package webui
-        run: |
-          tar czvf webui.tar.gz ./webui/static/
-
-      - name: Artifact webui
-        uses: actions/upload-artifact@v4
-        with:
-          name: webui.tar.gz
-          path: webui.tar.gz
-
-  build:
-    runs-on: ${{ matrix.os }}
-    strategy:
-      matrix:
-        os: [ ubuntu-latest, macos-latest, windows-latest ]
-    needs:
-      - build-webui
-
-    steps:
-      - name: Check out code
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-
-      - name: Set up Go ${{ env.GO_VERSION }}
-        uses: actions/setup-go@v5
-        with:
-          go-version: ${{ env.GO_VERSION }}
-
-      - name: Artifact webui
-        uses: actions/download-artifact@v4
-        with:
-          name: webui.tar.gz
-
-      - name: Untar webui
-        run: tar xvf webui.tar.gz
-
-      - name: Build
-        run: make binary

.github/workflows/check_doc.yml

@@ -1,25 +0,0 @@
-name: Check Documentation
-
-on:
-  pull_request:
-    branches:
-      - '*'
-
-jobs:
-
-  docs:
-    name: Check, verify and build documentation
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Check out code
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-
-      - name: Check documentation
-        run: make docs-pull-images docs
-        env:
-          # These variables are not passed to workflows that are triggered by a pull request from a fork.
-          DOCS_VERIFY_SKIP: ${{ vars.DOCS_VERIFY_SKIP }}
-          DOCS_LINT_SKIP: ${{ vars.DOCS_LINT_SKIP }}

.github/workflows/codeql.yml

@@ -1,70 +0,0 @@
-name: "CodeQL"
-
-on:
-  push:
-    branches:
-      - master
-      - v*
-  schedule:
-    - cron: '11 22 * * 1'
-
-jobs:
-  analyze:
-    name: Analyze
-    runs-on: ubuntu-latest
-    permissions:
-      actions: read
-      contents: read
-      security-events: write
-
-    strategy:
-      fail-fast: false
-      matrix:
-        language: [ 'javascript', 'go' ]
-        # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ]
-        # Use only 'java' to analyze code written in Java, Kotlin or both
-        # Use only 'javascript' to analyze code written in JavaScript, TypeScript or both
-        # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support
-
-    steps:
-    - name: Checkout repository
-      uses: actions/checkout@v4
-
-    - name: setup go
-      uses: actions/setup-go@v5
-      if: ${{ matrix.language == 'go' }}
-      with:
-        go-version-file: 'go.mod'
-
-    # Initializes the CodeQL tools for scanning.
-    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v3
-      with:
-        languages: ${{ matrix.language }}
-        # If you wish to specify custom queries, you can do so here or in a config file.
-        # By default, queries listed here will override any specified in a config file.
-        # Prefix the list here with "+" to use these queries and those in the config file.
-
-        # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
-        # queries: security-extended,security-and-quality
-
-
-    # Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift).
-    # If this step fails, then you should remove it and run the build manually (see below)
-    - name: Autobuild
-      uses: github/codeql-action/autobuild@v3
-
-    # ℹ️ Command-line programs to run using the OS shell.
-    # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
-
-    #   If the Autobuild fails above, remove it and uncomment the following three lines.
-    #   modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
-
-    # - run: |
-    #     echo "Run, Build Application using script"
-    #     ./location_of_script_within_repo/buildscript.sh
-
-    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v3
-      with:
-        category: "/language:${{matrix.language}}"

.github/workflows/documentation.yml

@@ -1,52 +0,0 @@
-name: Build and Publish Documentation
-
-on:
-  push:
-    branches:
-      - master
-      - v*
-
-env:
-  STRUCTOR_VERSION: v1.13.2
-  MIXTUS_VERSION: v0.4.1
-
-jobs:
-
-  docs:
-    name: Doc Process
-    runs-on: ubuntu-latest
-    if: github.repository == 'traefik/traefik'
-
-    steps:
-      - name: Check out code
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-
-      - name: Login to DockerHub
-        uses: docker/login-action@v1
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-
-      - name: Install Structor ${{ env.STRUCTOR_VERSION }}
-        run: curl -sSfL https://raw.githubusercontent.com/traefik/structor/master/godownloader.sh | sh -s -- -b $HOME/bin ${STRUCTOR_VERSION}
-
-      - name: Install Seo-doc
-        run: curl -sSfL https://raw.githubusercontent.com/traefik/seo-doc/master/godownloader.sh | sh -s -- -b "${HOME}/bin"
-
-      - name: Install Mixtus ${{ env.MIXTUS_VERSION }}
-        run: curl -sSfL https://raw.githubusercontent.com/traefik/mixtus/master/godownloader.sh | sh -s -- -b $HOME/bin ${MIXTUS_VERSION}
-
-      - name: Build documentation
-        run: $HOME/bin/structor -o traefik -r traefik --dockerfile-url="https://raw.githubusercontent.com/traefik/traefik/v1.7/docs.Dockerfile" --menu.js-url="https://raw.githubusercontent.com/traefik/structor/master/traefik-menu.js.gotmpl" --rqts-url="https://raw.githubusercontent.com/traefik/structor/master/requirements-override.txt" --force-edit-url --exp-branch=master --debug
-        env:
-          STRUCTOR_LATEST_TAG: ${{ vars.STRUCTOR_LATEST_TAG }}
-
-      - name: Apply seo
-        run: $HOME/bin/seo -path=./site -product=traefik
-
-      - name: Publish documentation
-        run: $HOME/bin/mixtus --dst-doc-path="./traefik" --dst-owner=traefik --dst-repo-name=doc --git-user-email="30906710+traefiker@users.noreply.github.com" --git-user-name=traefiker --src-doc-path="./site" --src-owner=traefik --src-repo-name=traefik
-        env:
-          GITHUB_TOKEN: ${{ secrets.GH_TOKEN_REPO }}

.github/workflows/experimental.yaml

@@ -1,68 +0,0 @@
-name: Build experimental image on branch
-
-on:
-  push:
-    branches:
-      - master
-      - v*
-
-env:
-  GO_VERSION: '1.22'
-  CGO_ENABLED: 0
-
-jobs:
-
-  experimental:
-    if: github.repository == 'traefik/traefik'
-    name: Build experimental image on branch
-    runs-on: ubuntu-latest
-
-    steps:
-
-      # https://github.com/marketplace/actions/checkout
-      - name: Check out code
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-
-      - name: Setup node
-        uses: actions/setup-node@v4
-        with:
-          node-version-file: webui/.nvmrc
-          cache: yarn
-          cache-dependency-path: webui/yarn.lock
-
-      - name: Build webui
-        working-directory: ./webui
-        run: |
-          yarn install
-          yarn build
-
-      - name: Set up Go ${{ env.GO_VERSION }}
-        uses: actions/setup-go@v5
-        with:
-          go-version: ${{ env.GO_VERSION }}
-
-      - name: Build
-        run: make generate binary
-
-      - name: Branch name
-        run: echo ${GITHUB_REF##*/}
-
-      - name: Login to Docker Hub
-        uses: docker/login-action@v3
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
-
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
-
-      - name: Build docker experimental image
-        env:
-          DOCKER_BUILDX_ARGS: "--push"
-        run: |
-          make multi-arch-image-experimental-${GITHUB_REF##*/}

.github/workflows/test-conformance.yaml

@@ -1,35 +0,0 @@
-name: Test K8s Gateway API conformance
-
-on:
-  pull_request:
-    branches:
-      - '*'
-    paths:
-      - 'pkg/provider/kubernetes/gateway/**'
-      - 'integration/k8s_conformance_test.go'
-
-env:
-  GO_VERSION: '1.22'
-  CGO_ENABLED: 0
-
-jobs:
-
-  test-conformance:
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Check out code
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-
-      - name: Set up Go ${{ env.GO_VERSION }}
-        uses: actions/setup-go@v5
-        with:
-          go-version: ${{ env.GO_VERSION }}
-
-      - name: Avoid generating webui
-        run: touch webui/static/index.html
-
-      - name: K8s Gateway API conformance test
-        run: make test-gateway-api-conformance

.github/workflows/test-integration.yaml

@@ -1,72 +0,0 @@
-name: Test Integration
-
-on:
-  pull_request:
-    branches:
-      - '*'
-
-env:
-  GO_VERSION: '1.22'
-  CGO_ENABLED: 0
-
-jobs:
-
-  build:
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Check out code
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-
-      - name: Set up Go ${{ env.GO_VERSION }}
-        uses: actions/setup-go@v5
-        with:
-          go-version: ${{ env.GO_VERSION }}
-
-      - name: Avoid generating webui
-        run: touch webui/static/index.html
-
-      - name: Build binary
-        run: make binary
-
-  test-integration:
-    runs-on: ubuntu-latest
-    needs:
-      - build
-    strategy:
-      fail-fast: true
-      matrix:
-        parallel: [12]
-        index: [0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11]
-
-    steps:
-      - name: Check out code
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-
-      - name: Set up Go ${{ env.GO_VERSION }}
-        uses: actions/setup-go@v5
-        with:
-          go-version: ${{ env.GO_VERSION }}
-
-      - name: Avoid generating webui
-        run: touch webui/static/index.html
-
-      - name: Build binary
-        run: make binary
-
-      - name: Generate go test Slice
-        id: test_split
-        uses: hashicorp-forge/go-test-split-action@v1
-        with:
-          packages: ./integration
-          total: ${{ matrix.parallel }}
-          index: ${{ matrix.index }}
-
-      - name: Run Integration tests
-        run: |
-          TESTS=$(echo "${{ steps.test_split.outputs.run}}" | sed 's/\$/\$\$/g')
-          TESTFLAGS="-run \"${TESTS}\"" make test-integration

.github/workflows/test-unit.yaml

@@ -1,52 +0,0 @@
-name: Test Unit
-
-on:
-  pull_request:
-    branches:
-      - '*'
-
-env:
-  GO_VERSION: '1.22'
-
-jobs:
-
-  test-unit:
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Check out code
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-
-      - name: Set up Go ${{ env.GO_VERSION }}
-        uses: actions/setup-go@v5
-        with:
-          go-version: ${{ env.GO_VERSION }}
-
-      - name: Avoid generating webui
-        run: touch webui/static/index.html
-
-      - name: Tests
-        run: make test-unit
-
-  test-ui-unit:
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Check out code
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-
-      - name: Set up Node.js ${{ env.NODE_VERSION }}
-        uses: actions/setup-node@v4
-        with:
-          node-version-file: webui/.nvmrc
-          cache: 'yarn'
-          cache-dependency-path: webui/yarn.lock
-
-      - name: UI unit tests
-        run: |
-          yarn --cwd webui install
-          yarn --cwd webui test:unit:ci

.github/workflows/validate.yaml

@@ -1,68 +0,0 @@
-name: Validate
-
-on:
-  pull_request:
-    branches:
-      - '*'
-
-env:
-  GO_VERSION: '1.22'
-  GOLANGCI_LINT_VERSION: v1.59.0
-  MISSSPELL_VERSION: v0.6.0
-
-jobs:
-
-  validate:
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Check out code
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-
-      - name: Set up Go ${{ env.GO_VERSION }}
-        uses: actions/setup-go@v5
-        with:
-          go-version: ${{ env.GO_VERSION }}
-
-      - name: Install golangci-lint ${{ env.GOLANGCI_LINT_VERSION }}
-        run: curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b $(go env GOPATH)/bin ${GOLANGCI_LINT_VERSION}
-
-      - name: Install missspell ${{ env.MISSSPELL_VERSION }}
-        run: curl -sfL https://raw.githubusercontent.com/golangci/misspell/master/install-misspell.sh | sh -s -- -b $(go env GOPATH)/bin ${MISSSPELL_VERSION}
-
-      - name: Avoid generating webui
-        run: touch webui/static/index.html
-
-      - name: Validate
-        run: make validate
-
-  validate-generate:
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: Check out code
-        uses: actions/checkout@v4
-        with:
-          fetch-depth: 0
-
-      - name: Set up Go ${{ env.GO_VERSION }}
-        uses: actions/setup-go@v5
-        with:
-          go-version: ${{ env.GO_VERSION }}
-
-      - name: go generate
-        run: |
-          make generate
-          git diff --exit-code
-
-      - name: go mod tidy
-        run: |
-          go mod tidy
-          git diff --exit-code
-
-      - name: make generate-crd
-        run: |
-          make generate-crd
-          git diff --exit-code

.gitignore

@@ -1,22 +1,15 @@
-.idea/
-.intellij/
-*.iml
-.vscode/
-.DS_Store
 /dist
-/webui/.tmp/
-/site/
-/docs/site/
-/autogen/
-/traefik
-/traefik.toml
-/traefik.yml
+gen.go
+.idea
+.intellij
+log
+*.iml
+traefik
+traefik.toml
+*.test
+vendor/
+static/
+.vscode/
+site/
 *.log
 *.exe
-cover.out
-vendor/
-plugins-storage/
-plugins-local/
-traefik_changelog.md
-integration/tailscale.secret
-integration/conformance-reports/

.golangci.yml

@@ -1,281 +0,0 @@
-run:
-  timeout: 10m
-
-linters-settings:
-  govet:
-    enable-all: true
-    disable:
-      - shadow
-      - fieldalignment
-  gocyclo:
-    min-complexity: 14
-  goconst:
-    min-len: 3
-    min-occurrences: 4
-  misspell:
-    locale: US
-  funlen:
-    lines: -1
-    statements: 120
-  forbidigo:
-    forbid:
-      - ^print(ln)?$
-      - ^spew\.Print(f|ln)?$
-      - ^spew\.Dump$
-  depguard:
-    rules:
-      main:
-        deny:
-          - pkg: "github.com/instana/testify"
-            desc: not allowed
-          - pkg: "github.com/pkg/errors"
-            desc: Should be replaced by standard lib errors package
-          - pkg: "k8s.io/api/networking/v1beta1"
-            desc: This API is deprecated
-          - pkg: "k8s.io/api/extensions/v1beta1"
-            desc: This API is deprecated
-  godox:
-    keywords:
-      - FIXME
-  importas:
-    no-unaliased: true
-    alias:
-      - alias: composeapi
-        pkg: github.com/docker/compose/v2/pkg/api
-
-      # Standard Kubernetes rewrites:
-      - alias: corev1
-        pkg: "k8s.io/api/core/v1"
-      - alias: netv1
-        pkg: "k8s.io/api/networking/v1"
-      - alias: admv1
-        pkg: "k8s.io/api/admission/v1"
-      - alias: admv1beta1
-        pkg: "k8s.io/api/admission/v1beta1"
-      - alias: metav1
-        pkg: "k8s.io/apimachinery/pkg/apis/meta/v1"
-      - alias: ktypes
-        pkg: "k8s.io/apimachinery/pkg/types"
-      - alias: kerror
-        pkg: "k8s.io/apimachinery/pkg/api/errors"
-      - alias: kclientset
-        pkg: "k8s.io/client-go/kubernetes"
-      - alias: kinformers
-        pkg: "k8s.io/client-go/informers"
-      - alias: ktesting
-        pkg: "k8s.io/client-go/testing"
-      - alias: kschema
-        pkg: "k8s.io/apimachinery/pkg/runtime/schema"
-      - alias: kscheme
-        pkg: "k8s.io/client-go/kubernetes/scheme"
-      - alias: kversion
-        pkg: "k8s.io/apimachinery/pkg/version"
-      - alias: kubefake
-        pkg: "k8s.io/client-go/kubernetes/fake"
-      - alias: discoveryfake
-        pkg: "k8s.io/client-go/discovery/fake"
-
-      # Kubernetes Gateway rewrites:
-      - alias: gateclientset
-        pkg: "sigs.k8s.io/gateway-api/pkg/client/clientset/gateway/versioned"
-      - alias: gateinformers
-        pkg: "sigs.k8s.io/gateway-api/pkg/client/informers/gateway/externalversions"
-      - alias: gatev1alpha2
-        pkg: "sigs.k8s.io/gateway-api/apis/v1alpha2"
-
-      # Traefik Kubernetes rewrites:
-      - alias: traefikv1alpha1
-        pkg: "github.com/traefik/traefik/v3/pkg/provider/kubernetes/crd/traefikio/v1alpha1"
-      - alias: traefikclientset
-        pkg: "github.com/traefik/traefik/v3/pkg/provider/kubernetes/crd/generated/clientset/versioned"
-      - alias: traefikinformers
-        pkg: "github.com/traefik/traefik/v3/pkg/provider/kubernetes/crd/generated/informers/externalversions"
-      - alias: traefikscheme
-        pkg: "github.com/traefik/traefik/v3/pkg/provider/kubernetes/crd/generated/clientset/versioned/scheme"
-      - alias: traefikcrdfake
-        pkg: "github.com/traefik/traefik/v3/pkg/provider/kubernetes/crd/generated/clientset/versioned/fake"
-  tagalign:
-    align: false
-    sort: true
-    order:
-      - description
-      - json
-      - toml
-      - yaml
-      - yml
-      - label
-      - label-slice-as-struct
-      - file
-      - kv
-      - export
-  revive:
-    rules:
-      - name: struct-tag
-      - name: blank-imports
-      - name: context-as-argument
-      - name: context-keys-type
-      - name: dot-imports
-      - name: error-return
-      - name: error-strings
-      - name: error-naming
-      - name: exported
-        disabled: true
-      - name: if-return
-      - name: increment-decrement
-      - name: var-naming
-      - name: var-declaration
-      - name: package-comments
-        disabled: true
-      - name: range
-      - name: receiver-naming
-      - name: time-naming
-      - name: unexported-return
-      - name: indent-error-flow
-      - name: errorf
-      - name: empty-block
-      - name: superfluous-else
-      - name: unused-parameter
-        disabled: true
-      - name: unreachable-code
-      - name: redefines-builtin-id
-  gomoddirectives:
-    replace-allow-list:
-      - github.com/abbot/go-http-auth
-      - github.com/gorilla/mux
-      - github.com/mailgun/minheap
-      - github.com/mailgun/multibuf
-      - github.com/jaguilar/vt100
-      - github.com/cucumber/godog
-  testifylint:
-    disable:
-      - suite-dont-use-pkg
-      - require-error
-      - go-require
-  staticcheck:
-    checks:
-      - all
-      - -SA1019
-  errcheck:
-    exclude-functions:
-      - fmt.Fprintln
-linters:
-  enable-all: true
-  disable:
-    - execinquery # deprecated
-    - gomnd # deprecated
-    - sqlclosecheck # not relevant (SQL)
-    - rowserrcheck # not relevant (SQL)
-    - cyclop # duplicate of gocyclo
-    - lll # Not relevant
-    - gocyclo # FIXME must be fixed
-    - gocognit # Too strict
-    - nestif # Too many false-positive.
-    - prealloc # Too many false-positive.
-    - makezero # Not relevant
-    - dupl # Too strict
-    - gosec # Too strict
-    - gochecknoinits
-    - gochecknoglobals
-    - wsl # Too strict
-    - nlreturn # Not relevant
-    - mnd # Too strict
-    - stylecheck # skip because report issues related to some generated files.
-    - testpackage # Too strict
-    - tparallel # Not relevant
-    - paralleltest # Not relevant
-    - exhaustive # Not relevant
-    - exhaustruct # Not relevant
-    - err113 # Too strict
-    - wrapcheck # Too strict
-    - noctx # Too strict
-    - bodyclose # too many false-positive
-    - forcetypeassert # Too strict
-    - tagliatelle # Too strict
-    - varnamelen # Not relevant
-    - nilnil # Not relevant
-    - ireturn # Not relevant
-    - contextcheck # too many false-positive
-    - containedctx # too many false-positive
-    - maintidx # kind of duplicate of gocyclo
-    - nonamedreturns # Too strict
-    - gosmopolitan  # not relevant
-    - exportloopref # Useless with go1.22
-    - musttag
-
-issues:
-  exclude-use-default: false
-  max-issues-per-linter: 0
-  max-same-issues: 0
-  exclude-dirs:
-    - pkg/provider/kubernetes/crd/generated/
-  exclude:
-    - 'Error return value of .((os\.)?std(out|err)\..*|.*Close|.*Flush|os\.Remove(All)?|.*printf?|os\.(Un)?Setenv). is not checked'
-    - "should have a package comment, unless it's in another file for this package"
-    - 'fmt.Sprintf can be replaced with string'
-  exclude-rules:
-    - path: '(.+)_test.go'
-      linters:
-        - goconst
-        - funlen
-        - godot
-        - canonicalheader
-        - fatcontext
-    - path: '(.+)_test.go'
-      text: ' always receives '
-      linters:
-        - unparam
-    - path: '(.+)\.go'
-      text: 'struct-tag: unknown option ''inline'' in JSON tag'
-      linters:
-        - revive
-    - path: pkg/server/service/bufferpool.go
-      text: 'SA6002: argument should be pointer-like to avoid allocations'
-    - path: pkg/server/middleware/middlewares.go
-      text: "Function 'buildConstructor' has too many statements"
-      linters:
-        - funlen
-    - path: pkg/logs/haystack.go
-      linters:
-        - goprintffuncname
-    - path: pkg/tracing/tracing.go
-      text: "printf-like formatting function 'SetErrorWithEvent' should be named 'SetErrorWithEventf'"
-      linters:
-        - goprintffuncname
-    - path: pkg/tls/tlsmanager_test.go
-      text: 'SA1019: config.ClientCAs.Subjects has been deprecated since Go 1.18'
-    - path: pkg/types/tls_test.go
-      text: 'SA1019: tlsConfig.RootCAs.Subjects has been deprecated since Go 1.18'
-    - path: pkg/provider/kubernetes/crd/kubernetes.go
-      text: 'SA1019: middleware.Spec.IPWhiteList is deprecated: please use IPAllowList instead.'
-    - path: pkg/server/middleware/tcp/middlewares.go
-      text: 'SA1019: config.IPWhiteList is deprecated: please use IPAllowList instead.'
-    - path: pkg/server/middleware/middlewares.go
-      text: 'SA1019: config.IPWhiteList is deprecated: please use IPAllowList instead.'
-    - path: pkg/provider/kubernetes/(crd|gateway)/client.go
-      linters:
-        - interfacebloat
-    - path: pkg/metrics/metrics.go
-      linters:
-        - interfacebloat
-    - path: integration/healthcheck_test.go
-      text: 'Duplicate words \(wsp2,\) found'
-      linters:
-        - dupword
-    - path: pkg/types/domain_test.go
-      text: 'Duplicate words \(sub\) found'
-      linters:
-        - dupword
-    - path: pkg/provider/kubernetes/crd/kubernetes.go
-      text: "Function 'loadConfigurationFromCRD' has too many statements"
-      linters:
-        - funlen
-    - path: pkg/provider/kubernetes/gateway/client_mock_test.go
-      text: 'unusedwrite: unused write to field'
-      linters:
-        - govet
-    - path: pkg/cli/deprecation.go
-      linters:
-        - goconst
-    - path: pkg/cli/loader_file.go
-      linters:
-        - goconst

.goreleaser.yml.tmpl

@@ -1,66 +0,0 @@
-project_name: traefik
-
-dist: "./dist/[[ .GOOS ]]"
-
-[[ if eq .GOOS "linux" ]]
-before:
-  hooks:
-    - go generate
-[[ end ]]
-
-builds:
-  - binary: traefik
-
-    main: ./cmd/traefik/
-    env:
-      - CGO_ENABLED=0
-    ldflags:
-      - -s -w -X github.com/traefik/traefik/v3/pkg/version.Version={{.Version}} -X github.com/traefik/traefik/v3/pkg/version.Codename={{.Env.CODENAME}} -X github.com/traefik/traefik/v3/pkg/version.BuildDate={{.Date}}
-    flags:
-      - -trimpath
-    goos:
-      - "[[ .GOOS ]]"
-    goarch:
-      - amd64
-      - '386'
-      - arm
-      - arm64
-      - ppc64le
-      - s390x
-      - riscv64
-    goarm:
-      - '7'
-      - '6'
-    ignore:
-      - goos: darwin
-        goarch: '386'
-      - goos: openbsd
-        goarch: arm
-      - goos: openbsd
-        goarch: arm64
-      - goos: freebsd
-        goarch: arm
-      - goos: freebsd
-        goarch: arm64
-      - goos: windows
-        goarch: arm
-
-changelog:
-  disable: true
-
-archives:
-  - id: traefik
-    name_template: '{{ .ProjectName }}_v{{ .Version }}_{{ .Os }}_{{ .Arch }}{{ if .Arm }}v{{ .Arm }}{{ end }}'
-    format: tar.gz
-    format_overrides:
-      - goos: windows
-        format: zip
-    files:
-      - LICENSE.md
-      - CHANGELOG.md
-
-checksum:
-  name_template: "{{ .ProjectName }}_v{{ .Version }}_checksums.txt"
-
-release:
-  disable: true

.pre-commit-config.yaml

@@ -0,0 +1,10 @@
+-   repo: git://github.com/pre-commit/pre-commit-hooks
+    sha: 44e1753f98b0da305332abe26856c3e621c5c439
+    hooks:
+    -   id: detect-private-key
+-   repo: git://github.com/containous/pre-commit-hooks
+    sha: 35e641b5107671e94102b0ce909648559e568d61
+    hooks:
+    -   id: goFmt
+    -   id: goLint
+    -   id: goErrcheck

.semaphore/semaphore.yml

@@ -1,63 +0,0 @@
-version: v1.0
-name: Traefik
-agent:
-  machine:
-    type: e1-standard-4
-    os_image: ubuntu2004
-
-fail_fast:
-  stop:
-    when: "branch != 'master'"
-
-auto_cancel:
-  queued:
-    when: "branch != 'master'"
-  running:
-    when: "branch != 'master'"
-
-global_job_config:
-  prologue:
-    commands:
-      - curl -sSfL https://raw.githubusercontent.com/ldez/semgo/master/godownloader.sh | sudo sh -s -- -b "/usr/local/bin"
-      - sudo semgo go1.22
-      - export "GOPATH=$(go env GOPATH)"
-      - export "SEMAPHORE_GIT_DIR=${GOPATH}/src/github.com/traefik/${SEMAPHORE_PROJECT_NAME}"
-      - export "PATH=${GOPATH}/bin:${PATH}"
-      - mkdir -vp "${SEMAPHORE_GIT_DIR}" "${GOPATH}/bin"
-      - export GOPROXY=https://proxy.golang.org,direct
-      - curl -sSfL https://raw.githubusercontent.com/golangci/golangci-lint/master/install.sh | sh -s -- -b "${GOPATH}/bin" v1.59.0
-      - curl -sSfL https://gist.githubusercontent.com/traefiker/6d7ac019c11d011e4f131bb2cca8900e/raw/goreleaser.sh | bash -s -- -b "${GOPATH}/bin"
-      - checkout
-      - cache restore traefik-$(checksum go.sum)
-
-blocks:
-  - name: Release
-    dependencies: []
-    run:
-      when: "tag =~ '.*'"
-    task:
-      agent:
-        machine:
-          type: e1-standard-8
-          os_image: ubuntu2004
-      secrets:
-        - name: traefik
-      env_vars:
-        - name: GH_VERSION
-          value: 2.32.1
-        - name: CODENAME
-          value: "beaufort"
-      prologue:
-        commands:
-          - export VERSION=${SEMAPHORE_GIT_TAG_NAME}
-          - curl -sSL -o /tmp/gh_${GH_VERSION}_linux_amd64.tar.gz https://github.com/cli/cli/releases/download/v${GH_VERSION}/gh_${GH_VERSION}_linux_amd64.tar.gz
-          - tar -zxvf /tmp/gh_${GH_VERSION}_linux_amd64.tar.gz -C /tmp
-          - sudo mv /tmp/gh_${GH_VERSION}_linux_amd64/bin/gh /usr/local/bin/gh
-          - sudo rm -rf ~/.phpbrew ~/.kerl ~/.sbt ~/.nvm ~/.npm ~/.kiex /usr/lib/jvm /opt/az /opt/firefox /usr/lib/google-cloud-sdk ~/.rbenv ~/.pip_download_cache # Remove unnecessary data.
-          - sudo service docker stop && sudo umount /var/lib/docker && sudo service docker start # Unmounts the docker disk and the whole system disk is usable.
-      jobs:
-        - name: Release
-          commands:
-            - make release-packages
-            - gh release create ${SEMAPHORE_GIT_TAG_NAME} ./dist/**/traefik*.{zip,tar.gz} ./dist/traefik*.{tar.gz,txt} --repo traefik/traefik --title ${SEMAPHORE_GIT_TAG_NAME} --notes ${SEMAPHORE_GIT_TAG_NAME}
-            - ./script/deploy.sh

.travis.yml

@@ -0,0 +1,33 @@
+branches:
+env:
+  global:
+    - secure: btt4r13t09gQlHb6gYrvGC2yGCMMHfnp1Mz1RQedc4Mpf/FfT8aE6xmK2a2i9CCvskjrP0t/BFaS4yxIURjnFRn+ugQIEa0pLspB9UJArW/vgOSpIWM9/OQ/fg8z5XuMxN6Md4DL1/iLypMNSageA1x0TRdt89+D1N1dALpg5XRCXLFbC84TLi0gjlFuib9ibPKzEhLT+anCRJ6iZMzeupDSoaCVbAtJMoDvXw4+4AcRZ1+k4MybBLyCib5boaEOt4pTT88mz4Kk0YaMwPVJyg9Qv36VqyUcPS09Yd95LuyVQ4+tZt8Y1ccbIzULsK+sLM3hLCzxlmlpN3dQBlZJiiRtQde0mgGAKyC0P0A1XjuDTywcsa5edB+fTk1Dsewz9xZ9V0NmMz8t+UNZnaSsAPga9i86jULbXUUwMVSzVRc+Xgx02liB/8qI1xYC9FM6ilStt7rn7mF0k3KbiWhcptgeXjO6Lah9FjEKd5w4MXsdUSTi/86rQaLo+kj+XdaTrXCTulKHyRyQEUj+8V1w0oVz7pcGjePHd7y5oU9ByifVQy6sytuFBfRZvugM5bKHo+i0pcWvixrZS42DrzwxZJsspANOvqSe5ifVbvOkfUppQdCBIwptxV5N1b49XPKU3W/w34QJ8xGmKp3TFA7WwVCztriFHjPgiRpB3EG99Bg=
+    - REPO: $TRAVIS_REPO_SLUG
+    - VERSION: $TRAVIS_TAG
+    - CODENAME: reblochon
+  matrix:
+    - DOCKER_VERSION=1.9.1
+    - DOCKER_VERSION=1.10.1
+sudo: required
+services:
+- docker
+install:
+- sudo service docker stop
+- sudo curl https://get.docker.com/builds/Linux/x86_64/docker-${DOCKER_VERSION} -o /usr/bin/docker
+- sudo chmod +x /usr/bin/docker
+- sudo service docker start
+- sleep 5
+- docker version
+- pip install --user mkdocs
+- pip install --user pymdown-extensions
+before_script:
+- make validate
+- make binary
+script:
+- make test-unit
+- make test-integration
+- make crossbinary
+- make image
+after_success:
+- make deploy
+- make deploy-pr

CODE_OF_CONDUCT.md

@@ -1,67 +0,0 @@
-# Contributor Covenant Code of Conduct
-
-## Our Pledge
-
-In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation.
-
-## Our Standards
-
-Examples of behavior that contributes to creating a positive environment include:
-
-* Using welcoming and inclusive language
-* Being respectful of differing viewpoints and experiences
-* Gracefully accepting constructive criticism
-* Focusing on what is best for the community
-* Showing empathy towards other community members
-
-Examples of unacceptable behavior by participants include:
-
-* The use of sexualized language or imagery and unwelcome sexual attention or advances
-* Trolling, insulting/derogatory comments, and personal or political attacks
-* Public or private harassment
-* Publishing others' private information, such as a physical or electronic address, without explicit permission
-* Other conduct which could reasonably be considered inappropriate in a professional setting
-
-## Our Responsibilities
-
-Project maintainers are responsible for clarifying the standards of acceptable behavior and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behavior.
-
-Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviors that they deem inappropriate, threatening, offensive, or harmful.
-
-## Scope
-
-This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or our community.
-
-Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event.
-Representation of a project may be further defined and clarified by project maintainers.
-
-## Enforcement
-
-Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project team at contact@traefik.io
-
-All complaints will be reviewed and investigated and will result in a response that is deemed necessary and appropriate to the circumstances.
-
-The project team is obligated to maintain confidentiality with regard to the reporter of an incident.
-
-Further details of specific enforcement policies may be posted separately.
-
-Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership.
-
-When an inapropriate behavior is reported, maintainers will discuss on the Maintainer's Discord before marking the message as "abuse". 
-This conversation beforehand avoids one-sided decisions.
-
-The first message will be edited and marked as abuse.
-The second edited message and marked as abuse results in a 7-day ban.
-The third edited message and marked as abuse results in a permanent ban.
-
-The content of edited messages is:
-`Dear user, we want traefik to provide a welcoming and respectful environment. Your [comment/issue/PR] has been reported and marked as abuse according to our [Code of Conduct](./CODE_OF_CONDUCT.md). Thank you.`
-
-The [report must be resolved](https://docs.github.com/en/communities/moderating-comments-and-conversations/managing-reported-content-in-your-organizations-repository#resolving-a-report) accordingly.
-
-## Attribution
-
-This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, available at [http://contributor-covenant.org/version/1/4][version]
-
-[homepage]: http://contributor-covenant.org
-[version]: http://contributor-covenant.org/version/1/4/

CONTRIBUTING.md

@@ -1,11 +0,0 @@
-# Contributing
-
-Here are some guidelines that should help to start contributing to the project.
-
-- [Submitting pull Requests](https://doc.traefik.io/traefik/contributing/submitting-pull-requests/)
-- [Submitting issues](https://doc.traefik.io/traefik/contributing/submitting-issues/)
-- [Submitting security issues](https://doc.traefik.io/traefik/contributing/submitting-security-issues/)
-- [Advocating for Traefik](https://doc.traefik.io/traefik/contributing/advocating/)
-- [Triage Process](https://github.com/traefik/contributors-guide/blob/master/issue_triage.md)
-
-If you are willing to become a maintainer of the project, please take a look at the [maintainers guidelines](docs/content/contributing/maintainers-guidelines.md).

Dockerfile

@@ -1,12 +1,5 @@
-# syntax=docker/dockerfile:1.2
-FROM alpine:3.20
-
-RUN apk add --no-cache --no-progress ca-certificates tzdata
-
-ARG TARGETPLATFORM
-COPY ./dist/$TARGETPLATFORM/traefik /
-
+FROM scratch
+COPY script/ca-certificates.crt /etc/ssl/certs/
+COPY dist/traefik /
 EXPOSE 80
-VOLUME ["/tmp"]
-
 ENTRYPOINT ["/traefik"]

LICENSE.md

@@ -1,6 +1,6 @@
 The MIT License (MIT)
 
-Copyright (c) 2016-2020 Containous SAS; 2020-2024 Traefik Labs
+Copyright (c) 2016 Containous SAS, Emile Vauge, emile@vauge.com
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

Makefile

@@ -1,205 +1,93 @@
-SRCS = $(shell git ls-files '*.go' | grep -v '^vendor/')
+.PHONY: all
 
-TAG_NAME := $(shell git tag -l --contains HEAD)
-SHA := $(shell git rev-parse HEAD)
-VERSION_GIT := $(if $(TAG_NAME),$(TAG_NAME),$(SHA))
-VERSION := $(if $(VERSION),$(VERSION),$(VERSION_GIT))
+TRAEFIK_ENVS := \
+	-e OS_ARCH_ARG \
+	-e OS_PLATFORM_ARG \
+	-e TESTFLAGS \
+	-e VERBOSE \
+	-e VERSION \
+	-e CODENAME
 
-GIT_BRANCH := $(subst heads/,,$(shell git rev-parse --abbrev-ref HEAD 2>/dev/null))
+SRCS = $(shell git ls-files '*.go' | grep -v '^external/')
 
+BIND_DIR := "dist"
+TRAEFIK_MOUNT := -v "$(CURDIR)/$(BIND_DIR):/go/src/github.com/containous/traefik/$(BIND_DIR)"
+
+GIT_BRANCH := $(shell git rev-parse --abbrev-ref HEAD 2>/dev/null)
+TRAEFIK_DEV_IMAGE := traefik-dev$(if $(GIT_BRANCH),:$(GIT_BRANCH))
 REPONAME := $(shell echo $(REPO) | tr '[:upper:]' '[:lower:]')
-BIN_NAME := traefik
-CODENAME ?= cheddar
+TRAEFIK_IMAGE := $(if $(REPONAME),$(REPONAME),"containous/traefik")
+INTEGRATION_OPTS := $(if $(MAKE_DOCKER_HOST),-e "DOCKER_HOST=$(MAKE_DOCKER_HOST)", -v "/var/run/docker.sock:/var/run/docker.sock")
 
-DATE := $(shell date -u '+%Y-%m-%d_%I:%M:%S%p')
+DOCKER_BUILD_ARGS := $(if $(DOCKER_VERSION), "--build-arg=DOCKER_VERSION=$(DOCKER_VERSION)",)
+DOCKER_RUN_TRAEFIK := docker run $(INTEGRATION_OPTS) -it $(TRAEFIK_ENVS) $(TRAEFIK_MOUNT) "$(TRAEFIK_DEV_IMAGE)"
 
-# Default build target
-GOOS := $(shell go env GOOS)
-GOARCH := $(shell go env GOARCH)
+print-%: ; @echo $*=$($*)
 
-LINT_EXECUTABLES = misspell shellcheck
+default: binary
 
-DOCKER_BUILD_PLATFORMS ?= linux/amd64,linux/arm64
+all: generate-webui build ## validate all checks, build linux binary, run all tests\ncross non-linux binaries
+	$(DOCKER_RUN_TRAEFIK) ./script/make.sh
 
-.PHONY: default
-#? default: Run `make generate` and `make binary`
-default: generate binary
+binary: generate-webui build ## build the linux binary
+	$(DOCKER_RUN_TRAEFIK) ./script/make.sh generate binary
 
-#? dist: Create the "dist" directory
-dist:
-	mkdir -p dist
+crossbinary: generate-webui build ## cross build the non-linux binaries
+	$(DOCKER_RUN_TRAEFIK) ./script/make.sh generate crossbinary
 
-.PHONY: build-webui-image
-#? build-webui-image: Build WebUI Docker image
-build-webui-image:
+test: build ## run the unit and integration tests
+	$(DOCKER_RUN_TRAEFIK) ./script/make.sh generate test-unit binary test-integration
+
+test-unit: build ## run the unit tests
+	$(DOCKER_RUN_TRAEFIK) ./script/make.sh generate test-unit
+
+test-integration: build ## run the integration tests
+	$(DOCKER_RUN_TRAEFIK) ./script/make.sh generate test-integration
+
+validate: build  ## validate gofmt, golint and go vet
+	$(DOCKER_RUN_TRAEFIK) ./script/make.sh  validate-gofmt validate-govet validate-golint 
+
+build: dist
+	docker build $(DOCKER_BUILD_ARGS) -t "$(TRAEFIK_DEV_IMAGE)" -f build.Dockerfile .
+
+build-webui:
 	docker build -t traefik-webui -f webui/Dockerfile webui
 
-.PHONY: clean-webui
-#? clean-webui: Clean WebUI static generated assets
-clean-webui:
-	rm -r webui/static
-	mkdir -p webui/static
-	printf 'For more information see `webui/readme.md`' > webui/static/DONT-EDIT-FILES-IN-THIS-DIRECTORY.md
+build-no-cache: dist
+	docker build --no-cache -t "$(TRAEFIK_DEV_IMAGE)" -f build.Dockerfile .
 
-webui/static/index.html:
-	$(MAKE) build-webui-image
-	docker run --rm -v "$(PWD)/webui/static":'/src/webui/static' traefik-webui npm run build:nc
-	docker run --rm -v "$(PWD)/webui/static":'/src/webui/static' traefik-webui chown -R $(shell id -u):$(shell id -g) ./static
+shell: build ## start a shell inside the build env
+	$(DOCKER_RUN_TRAEFIK) /bin/bash
 
-.PHONY: generate-webui
-#? generate-webui: Generate WebUI
-generate-webui: webui/static/index.html
+image: build ## build a docker traefik image 
+	docker build -t $(TRAEFIK_IMAGE) .
 
-.PHONY: generate
-#? generate: Generate code (Dynamic and Static configuration documentation reference files)
-generate:
+dist:
+	mkdir dist
+
+run-dev:
 	go generate
+	go build
+	./traefik
 
-.PHONY: binary
-#? binary: Build the binary
-binary: generate-webui dist
-	@echo SHA: $(VERSION) $(CODENAME) $(DATE)
-	CGO_ENABLED=0 GOGC=off GOOS=${GOOS} GOARCH=${GOARCH} go build ${FLAGS[*]} -ldflags "-s -w \
-    -X github.com/traefik/traefik/v3/pkg/version.Version=$(VERSION) \
-    -X github.com/traefik/traefik/v3/pkg/version.Codename=$(CODENAME) \
-    -X github.com/traefik/traefik/v3/pkg/version.BuildDate=$(DATE)" \
-    -installsuffix nocgo -o "./dist/${GOOS}/${GOARCH}/$(BIN_NAME)" ./cmd/traefik
+generate-webui: build-webui
+	if [ ! -d "static" ]; then \
+		mkdir -p static; \
+		docker run --rm -v "$$PWD/static":'/src/static' traefik-webui gulp; \
+		echo 'For more informations show `webui/readme.md`' > $$PWD/static/DONT-EDIT-FILES-IN-THIS-DIRECTORY.md; \
+	fi
 
-binary-linux-arm64: export GOOS := linux
-binary-linux-arm64: export GOARCH := arm64
-binary-linux-arm64:
-	@$(MAKE) binary
-
-binary-linux-amd64: export GOOS := linux
-binary-linux-amd64: export GOARCH := amd64
-binary-linux-amd64:
-	@$(MAKE) binary
-
-binary-windows-amd64: export GOOS := windows
-binary-windows-amd64: export GOARCH := amd64
-binary-windows-amd64: export BIN_NAME := traefik.exe
-binary-windows-amd64:
-	@$(MAKE) binary
-
-.PHONY: crossbinary-default
-#? crossbinary-default: Build the binary for the standard platforms (linux, darwin, windows)
-crossbinary-default: generate generate-webui
-	$(CURDIR)/script/crossbinary-default.sh
-
-.PHONY: test
-#? test: Run the unit and integration tests
-test: test-ui-unit test-unit test-integration
-
-.PHONY: test-unit
-#? test-unit: Run the unit tests
-test-unit:
-	GOOS=$(GOOS) GOARCH=$(GOARCH) go test -cover "-coverprofile=cover.out" -v $(TESTFLAGS) ./pkg/... ./cmd/...
-
-.PHONY: test-integration
-#? test-integration: Run the integration tests
-test-integration: binary
-	GOOS=$(GOOS) GOARCH=$(GOARCH) go test ./integration -test.timeout=20m -failfast -v $(TESTFLAGS)
-
-.PHONY: test-gateway-api-conformance
-#? test-gateway-api-conformance: Run the conformance tests
-test-gateway-api-conformance: build-image-dirty
-	GOOS=$(GOOS) GOARCH=$(GOARCH) go test ./integration -v -test.run K8sConformanceSuite -k8sConformance $(TESTFLAGS)
-
-.PHONY: test-ui-unit
-#? test-ui-unit: Run the unit tests for the webui
-test-ui-unit:
-	$(MAKE) build-webui-image
-	docker run --rm -v "$(PWD)/webui/static":'/src/webui/static' traefik-webui yarn --cwd webui install
-	docker run --rm -v "$(PWD)/webui/static":'/src/webui/static' traefik-webui yarn --cwd webui test:unit:ci
-
-.PHONY: pull-images
-#? pull-images: Pull all Docker images to avoid timeout during integration tests
-pull-images:
-	grep --no-filename -E '^\s+image:' ./integration/resources/compose/*.yml \
-		| awk '{print $$2}' \
-		| sort \
-		| uniq \
-		| xargs -P 6 -n 1 docker pull
-
-.PHONY: lint
-#? lint: Run golangci-lint
 lint:
-	golangci-lint run
+	script/validate-golint
 
-.PHONY: validate-files
-#? validate-files: Validate code and docs
-validate-files: lint
-	$(foreach exec,$(LINT_EXECUTABLES),\
-            $(if $(shell which $(exec)),,$(error "No $(exec) in PATH")))
-	$(CURDIR)/script/validate-misspell.sh
-	$(CURDIR)/script/validate-shell-script.sh
-
-.PHONY: validate
-#? validate: Validate code, docs, and vendor
-validate: lint
-	$(foreach exec,$(EXECUTABLES),\
-            $(if $(shell which $(exec)),,$(error "No $(exec) in PATH")))
-	$(CURDIR)/script/validate-vendor.sh
-	$(CURDIR)/script/validate-misspell.sh
-	$(CURDIR)/script/validate-shell-script.sh
-
-# Target for building images for multiple architectures.
-.PHONY: multi-arch-image-%
-multi-arch-image-%: binary-linux-amd64 binary-linux-arm64
-	docker buildx build $(DOCKER_BUILDX_ARGS) -t traefik/traefik:$* --platform=$(DOCKER_BUILD_PLATFORMS) -f Dockerfile .
-
-
-.PHONY: build-image
-#? build-image: Clean up static directory and build a Docker Traefik image
-build-image: export DOCKER_BUILDX_ARGS := --load
-build-image: export DOCKER_BUILD_PLATFORMS := linux/$(GOARCH)
-build-image: clean-webui
-	@$(MAKE) multi-arch-image-latest
-
-.PHONY: build-image-dirty
-#? build-image-dirty: Build a Docker Traefik image without re-building the webui when it's already built
-build-image-dirty: export DOCKER_BUILDX_ARGS := --load
-build-image-dirty: export DOCKER_BUILD_PLATFORMS := linux/$(GOARCH)
-build-image-dirty:
-	@$(MAKE) multi-arch-image-latest
-
-.PHONY: docs
-#? docs: Build documentation site
-docs:
-	make -C ./docs docs
-
-.PHONY: docs-serve
-#? docs-serve: Serve the documentation site locally
-docs-serve:
-	make -C ./docs docs-serve
-
-.PHONY: docs-pull-images
-#? docs-pull-images: Pull image for doc building
-docs-pull-images:
-	make -C ./docs docs-pull-images
-
-.PHONY: generate-crd
-#? generate-crd: Generate CRD clientset and CRD manifests
-generate-crd:
-	@$(CURDIR)/script/code-gen-docker.sh
-
-.PHONY: generate-genconf
-#? generate-genconf: Generate code from dynamic configuration github.com/traefik/genconf
-generate-genconf:
-	go run ./cmd/internal/gen/
-
-.PHONY: release-packages
-#? release-packages: Create packages for the release
-release-packages: generate-webui
-	$(CURDIR)/script/release-packages.sh
-
-.PHONY: fmt
-#? fmt: Format the Code
 fmt:
 	gofmt -s -l -w $(SRCS)
 
-.PHONY: help
-#? help: Get more info on make commands
-help: Makefile
-	@echo " Choose a command run in traefik:"
-	@sed -n 's/^#?//p' $< | column -t -s ':' |  sort | sed -e 's/^/ /'
+deploy:
+	./script/deploy.sh
+
+deploy-pr:
+	./script/deploy-pr.sh
+
+help: ## this help
+	@awk 'BEGIN {FS = ":.*?## "} /^[a-zA-Z_-]+:.*?## / {sub("\\\\n",sprintf("\n%22c"," "), $$2);printf "\033[36m%-20s\033[0m %s\n", $$1, $$2}' $(MAKEFILE_LIST)

README.md

@@ -1,161 +1,157 @@
 
 <p align="center">
-    <picture>
-      <source media="(prefers-color-scheme: dark)" srcset="docs/content/assets/img/traefik.logo-dark.png">
-      <source media="(prefers-color-scheme: light)" srcset="docs/content/assets/img/traefik.logo.png">
-      <img alt="Traefik" title="Traefik" src="docs/content/assets/img/traefik.logo.png">
-    </picture>
+<img src="docs/img/traefik.logo.png" alt="Træfɪk" title="Træfɪk" />
 </p>
 
-[![Build Status SemaphoreCI](https://semaphoreci.com/api/v1/containous/traefik/branches/master/shields_badge.svg)](https://semaphoreci.com/containous/traefik)
-[![Docs](https://img.shields.io/badge/docs-current-brightgreen.svg)](https://doc.traefik.io/traefik)
-[![Go Report Card](https://goreportcard.com/badge/traefik/traefik)](https://goreportcard.com/report/traefik/traefik)
-[![License](https://img.shields.io/badge/license-MIT-blue.svg)](https://github.com/traefik/traefik/blob/master/LICENSE.md)
-[![Join the community support forum at https://community.traefik.io/](https://img.shields.io/badge/style-register-green.svg?style=social&label=Discourse)](https://community.traefik.io/)
-[![Twitter](https://img.shields.io/twitter/follow/traefik.svg?style=social)](https://twitter.com/intent/follow?screen_name=traefik)
+[![Build Status](https://travis-ci.org/containous/traefik.svg?branch=master)](https://travis-ci.org/containous/traefik)
+[![Docs](https://img.shields.io/badge/docs-current-brightgreen.svg)](https://docs.traefik.io)
+[![Go Report Card](https://goreportcard.com/badge/kubernetes/helm)](http://goreportcard.com/report/containous/traefik)
+[![Image Layer](https://badge.imagelayers.io/traefik:latest.svg)](https://imagelayers.io/?images=traefik)
+[![License](https://img.shields.io/badge/license-MIT-blue.svg)](https://github.com/containous/traefik/blob/master/LICENSE.md)
+[![Join the chat at https://traefik.herokuapp.com](https://img.shields.io/badge/style-register-green.svg?style=social&label=Slack)](https://traefik.herokuapp.com)
+[![Twitter](https://img.shields.io/twitter/follow/traefikproxy.svg?style=social)](https://twitter.com/intent/follow?screen_name=traefikproxy)
 
-Traefik (pronounced _traffic_) is a modern HTTP reverse proxy and load balancer that makes deploying microservices easy.
-Traefik integrates with your existing infrastructure components ([Docker](https://www.docker.com/), [Swarm mode](https://docs.docker.com/engine/swarm/), [Kubernetes](https://kubernetes.io), [Consul](https://www.consul.io/), [Etcd](https://coreos.com/etcd/), [Rancher v2](https://rancher.com), [Amazon ECS](https://aws.amazon.com/ecs), ...) and configures itself automatically and dynamically.
-Pointing Traefik at your orchestrator should be the _only_ configuration step you need.
 
----
-
-. **[Overview](#overview)** .
-**[Features](#features)** .
-**[Supported backends](#supported-backends)** .
-**[Quickstart](#quickstart)** .
-**[Web UI](#web-ui)** .
-**[Documentation](#documentation)** .
-
-. **[Support](#support)** .
-**[Release cycle](#release-cycle)** .
-**[Contributing](#contributing)** .
-**[Maintainers](#maintainers)** .
-**[Credits](#credits)** .
-
----
-
-:warning: Please be aware that the old configurations for Traefik v1.x are NOT compatible with the v2.x config as of now. If you're running v2, please ensure you are using a [v2 configuration](https://doc.traefik.io/traefik/).
+Træfɪk is a modern HTTP reverse proxy and load balancer made to deploy microservices with ease.
+It supports several backends ([Docker](https://www.docker.com/), [Swarm](https://docs.docker.com/swarm), [Mesos/Marathon](https://mesosphere.github.io/marathon/), [Kubernetes](http://kubernetes.io/), [Consul](https://www.consul.io/), [Etcd](https://coreos.com/etcd/), [Zookeeper](https://zookeeper.apache.org), [BoltDB](https://github.com/boltdb/bolt), Rest API, file...) to manage its configuration automatically and dynamically.
 
 ## Overview
 
-Imagine that you have deployed a bunch of microservices with the help of an orchestrator (like Swarm or Kubernetes) or a service registry (like etcd or consul).
-Now you want users to access these microservices, and you need a reverse proxy.
+Imagine that you have deployed a bunch of microservices on your infrastructure. You probably used a service registry (like etcd or consul) and/or an orchestrator (swarm, Mesos/Marathon) to manage all these services.
+If you want your users to access some of your microservices from the Internet, you will have to use a reverse proxy and configure it using virtual hosts or prefix paths:
 
-Traditional reverse-proxies require that you configure _each_ route that will connect paths and subdomains to _each_ microservice. 
-In an environment where you add, remove, kill, upgrade, or scale your services _many_ times a day, the task of keeping the routes up to date becomes tedious. 
+- domain `api.domain.com` will point the microservice `api` in your private network
+- path `domain.com/web` will point the microservice `web` in your private network
+- domain `backoffice.domain.com` will point the microservices `backoffice` in your private network, load-balancing between your multiple instances
 
-**This is when Traefik can help you!**
+But a microservices architecture is dynamic... Services are added, removed, killed or upgraded often, eventually several times a day.
 
-Traefik listens to your service registry/orchestrator API and instantly generates the routes so your microservices are connected to the outside world -- without further intervention from your part. 
+Traditional reverse-proxies are not natively dynamic. You can't change their configuration and hot-reload easily.
 
-**Run Traefik and let it do the work for you!** 
-_(But if you'd rather configure some of your routes manually, Traefik supports that too!)_
+Here enters Træfɪk.
+
+![Architecture](docs/img/architecture.png)
+
+Træfɪk can listen to your service registry/orchestrator API, and knows each time a microservice is added, removed, killed or upgraded, and can generate its configuration automatically.
+Routes to your services will be created instantly.
+
+Run it and forget it!
+  
+  
 
-![Architecture](docs/content/assets/img/traefik-architecture.png)
 
 ## Features
 
-- Continuously updates its configuration (No restarts!)
-- Supports multiple load balancing algorithms
-- Provides HTTPS to your microservices by leveraging [Let's Encrypt](https://letsencrypt.org)  (wildcard certificates support)
-- Circuit breakers, retry
-- See the magic through its clean web UI
-- Websocket, HTTP/2, gRPC ready
-- Provides metrics (Rest, Prometheus, Datadog, Statsd, InfluxDB 2.X)
-- Keeps access logs (JSON, CLF)
-- Fast
-- Exposes a Rest API
-- Packaged as a single binary file (made with :heart: with go) and available as an [official](https://hub.docker.com/r/_/traefik/) docker image
+- [It's fast](http://docs.traefik.io/benchmarks)
+- No dependency hell, single binary made with go
+- Rest API
+- Multiple backends supported: Docker, Mesos/Marathon, Consul, Etcd, and more to come
+- Watchers for backends, can listen change in backends to apply a new configuration automatically
+- Hot-reloading of configuration. No need to restart the process
+- Graceful shutdown http connections
+- Circuit breakers on backends
+- Round Robin, rebalancer load-balancers
+- Rest Metrics
+- [Tiny](https://imagelayers.io/?images=traefik) [official](https://hub.docker.com/r/_/traefik/) docker image included
+- SSL backends support
+- SSL frontend support (with SNI)
+- Clean AngularJS Web UI
+- Websocket support
+- HTTP/2 support
+- Retry request if network error
+- [Let's Encrypt](https://letsencrypt.org) support (Automatic HTTPS with renewal)
 
-## Supported Backends
+## Demo
 
-- [Docker](https://doc.traefik.io/traefik/providers/docker/) / [Swarm mode](https://doc.traefik.io/traefik/providers/docker/)
-- [Kubernetes](https://doc.traefik.io/traefik/providers/kubernetes-crd/)
-- [ECS](https://doc.traefik.io/traefik/providers/ecs/)
-- [File](https://doc.traefik.io/traefik/providers/file/)
 
-## Quickstart
+Here is a talk (in french) given by [Emile Vauge](https://github.com/emilevauge) at the [Devoxx France 2016](http://www.devoxx.fr) conference. 
+You will learn fundamental Træfɪk features and see some demos with Docker, Mesos/Marathon and Lets'Encrypt. 
 
-To get your hands on Traefik, you can use the [5-Minute Quickstart](https://doc.traefik.io/traefik/getting-started/quick-start/) in our documentation (you will need Docker).
+[![Traefik Devoxx France](http://img.youtube.com/vi/QvAz9mVx5TI/0.jpg)](http://www.youtube.com/watch?v=QvAz9mVx5TI)
 
 ## Web UI
 
-You can access the simple HTML frontend of Traefik.
+You can access to a simple HTML frontend of Træfik.
 
-![Web UI Providers](docs/content/assets/img/webui-dashboard.png)
+![Web UI Providers](docs/img/web.frontend.png)
+![Web UI Health](docs/img/traefik-health.png)
 
-## Documentation
+## Plumbing
 
-You can find the complete documentation of Traefik v2 at [https://doc.traefik.io/traefik/](https://doc.traefik.io/traefik/).
+- [Oxy](https://github.com/vulcand/oxy): an awesome proxy library made by Mailgun guys
+- [Gorilla mux](https://github.com/gorilla/mux): famous request router
+- [Negroni](https://github.com/codegangsta/negroni): web middlewares made simple
+- [Manners](https://github.com/mailgun/manners): graceful shutdown of http.Handler servers
+- [Lego](https://github.com/xenolf/lego): the best [Let's Encrypt](https://letsencrypt.org) library in go
 
-A collection of contributions around Traefik can be found at [https://awesome.traefik.io](https://awesome.traefik.io).
+## Quick start
 
-## Support
-
-To get community support, you can:
-
-- join the Traefik community forum: [![Join the chat at https://community.traefik.io/](https://img.shields.io/badge/style-register-green.svg?style=social&label=Discourse)](https://community.traefik.io/)
-
-If you need commercial support, please contact [Traefik.io](https://traefik.io) by mail: <mailto:support@traefik.io>.
-
-## Download
-
-- Grab the latest binary from the [releases](https://github.com/traefik/traefik/releases) page and run it with the [sample configuration file](https://raw.githubusercontent.com/traefik/traefik/master/traefik.sample.toml):
+- The simple way: grab the latest binary from the [releases](https://github.com/containous/traefik/releases) page and just run it with the [sample configuration file](https://raw.githubusercontent.com/containous/traefik/master/traefik.sample.toml):
 
 ```shell
 ./traefik --configFile=traefik.toml
 ```
 
-- Or use the official tiny Docker image and run it with the [sample configuration file](https://raw.githubusercontent.com/traefik/traefik/master/traefik.sample.toml):
+- Use the tiny Docker image:
 
 ```shell
 docker run -d -p 8080:8080 -p 80:80 -v $PWD/traefik.toml:/etc/traefik/traefik.toml traefik
 ```
 
-- Or get the sources:
+- From sources:
 
 ```shell
-git clone https://github.com/traefik/traefik
+git clone https://github.com/containous/traefik
 ```
 
-## Introductory Videos
+## Documentation
 
-You can find high level and deep dive videos on [videos.traefik.io](https://videos.traefik.io).
-
-## Maintainers
-
-We are strongly promoting a philosophy of openness and sharing, and firmly standing against the elitist closed approach. Being part of the core team should be accessible to anyone who is motivated and want to be part of that journey!
-This [document](docs/content/contributing/maintainers-guidelines.md) describes how to be part of the [maintainers' team](docs/content/contributing/maintainers.md) as well as various responsibilities and guidelines for Traefik maintainers.
-You can also find more information on our process to review pull requests and manage issues [in this document](https://github.com/traefik/contributors-guide/blob/master/issue_triage.md).
+You can find the complete documentation [here](https://docs.traefik.io).
 
 ## Contributing
 
-If you'd like to contribute to the project, refer to the [contributing documentation](CONTRIBUTING.md).
+Please refer to [this section](.github/CONTRIBUTING.md).
 
-Please note that this project is released with a [Contributor Code of Conduct](CODE_OF_CONDUCT.md).
-By participating in this project, you agree to abide by its terms.
+## Support
 
-## Release Cycle
+You can join [![Join the chat at https://traefik.herokuapp.com](https://img.shields.io/badge/style-register-green.svg?style=social&label=Slack)](https://traefik.herokuapp.com) to get basic support.
+If you prefer a commercial support, please contact [containo.us](https://containo.us) by mail: <mailto:support@containo.us>.
 
-- We usually release 3/4 new versions (e.g. 1.1.0, 1.2.0, 1.3.0) per year.
-- Release Candidates are available before the release (e.g. 1.1.0-rc1, 1.1.0-rc2, 1.1.0-rc3, 1.1.0-rc4, before 1.1.0).
-- Bug-fixes (e.g. 1.1.1, 1.1.2, 1.2.1, 1.2.3) are released as needed (no additional features are delivered in those versions, bug-fixes only).
+## Træfɪk here and there
 
-Each version is supported until the next one is released (e.g. 1.1.x will be supported until 1.2.0 is out).
+These projects use Træfɪk internally. If your company uses Træfɪk, we would be glad to get your feedback :) Contact us on [![Join the chat at https://traefik.herokuapp.com](https://img.shields.io/badge/style-register-green.svg?style=social&label=Slack)](https://traefik.herokuapp.com)
 
-We use [Semantic Versioning](https://semver.org/).
+- Project [Mantl](https://mantl.io/) from Cisco
 
-## Mailing Lists
+![Web UI Providers](docs/img/mantl-logo.png)
+> Mantl is a modern platform for rapidly deploying globally distributed services. A container orchestrator, docker, a network stack, something to pool your logs, something to monitor health, a sprinkle of service discovery and some automation.
 
-- General announcements, new releases: mail at news+subscribe@traefik.io or on [the online viewer](https://groups.google.com/a/traefik.io/forum/#!forum/news).
-- Security announcements: mail at security+subscribe@traefik.io or on [the online viewer](https://groups.google.com/a/traefik.io/forum/#!forum/security).
+- Project [Apollo](http://capgemini.github.io/devops/apollo/) from Cap Gemini
+
+![Web UI Providers](docs/img/apollo-logo.png)
+> Apollo is an open source project to aid with building and deploying IAAS and PAAS services. It is particularly geared towards managing containerized applications across multiple hosts, and big data type workloads. Apollo leverages other open source components to provide basic mechanisms for deployment, maintenance, and scaling of infrastructure and applications.
+
+## Partners
+
+[![Zenika](docs/img/zenika.logo.png)](https://zenika.com)
+
+Zenika is one of the leading providers of professional Open Source services and agile methodologies in
+Europe. We provide consulting, development, training and support for the world’s leading Open Source
+software products.
+
+
+[![Asteris](docs/img/asteris.logo.png)](https://aster.is)
+
+Founded in 2014, Asteris creates next-generation infrastructure software for the modern datacenter. Asteris writes software that makes it easy for companies to implement continuous delivery and realtime data pipelines. We support the HashiCorp stack, along with Kubernetes, Apache Mesos, Spark and Kafka. We're core committers on mantl.io, consul-cli and mesos-consul.
+
+## Maintainers
+
+- Emile Vauge [@emilevauge](https://github.com/emilevauge)
+- Vincent Demeester [@vdemeester](https://github.com/vdemeester)
+- Samuel Berthe [@samber](https://github.com/samber)
+- Russell Clare [@Russell-IO](https://github.com/Russell-IO)
+- Ed Robinson [@errm](https://github.com/errm)
 
 ## Credits
 
-Kudos to [Peka](http://peka.byethost11.com/photoblog/) for his awesome work on the gopher's logo!.
-
-The gopher's logo of Traefik is licensed under the Creative Commons 3.0 Attributions license.
-
-The gopher's logo of Traefik was inspired by the gopher stickers made by [Takuya Ueda](https://twitter.com/tenntenn).
-The original Go gopher was designed by [Renee French](https://reneefrench.blogspot.com/).
+Kudos to [Peka](http://peka.byethost11.com/photoblog/) for his awesome work on the logo ![logo](docs/img/traefik.icon.png)

SECURITY.md

@@ -1,30 +0,0 @@
-# Security Policy
-
-You can join our security mailing list to be aware of the latest announcements from our security team.
-You can subscribe sending a mail to security+subscribe@traefik.io or on [the online viewer](https://groups.google.com/a/traefik.io/forum/#!forum/security).
-
-Reported vulnerabilities can be found on [cve.mitre.org](https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=traefik).
-
-## Supported Versions
-
-- We usually release 3/4 new versions (e.g. 1.1.0, 1.2.0, 1.3.0) per year.
-- Release Candidates are available before the release (e.g. 1.1.0-rc1, 1.1.0-rc2, 1.1.0-rc3, 1.1.0-rc4, before 1.1.0).
-- Bug-fixes (e.g. 1.1.1, 1.1.2, 1.2.1, 1.2.3) are released as needed (no additional features are delivered in those versions, bug-fixes only).
-
-Each version is supported until the next one is released (e.g. 1.1.x will be supported until 1.2.0 is out).
-
-We use [Semantic Versioning](https://semver.org/).
-
-| Version   | Supported          |
-|-----------|--------------------|
-| `2.2.x`   | :white_check_mark: |
-| `< 2.2.x` | :x:                |
-| `1.7.x`   | :white_check_mark: |
-| `< 1.7.x` | :x:                |
-
-## Reporting a Vulnerability
-
-We want to keep Traefik safe for everyone.
-If you've discovered a security vulnerability in Traefik,
-we appreciate your help in disclosing it to us in a responsible manner,
-by creating a [security advisory](https://github.com/traefik/traefik/security/advisories).

acme/acme.go

@@ -0,0 +1,479 @@
+package acme
+
+import (
+	"crypto"
+	"crypto/rand"
+	"crypto/rsa"
+	"crypto/tls"
+	"crypto/x509"
+	"encoding/json"
+	"errors"
+	"fmt"
+	log "github.com/Sirupsen/logrus"
+	"github.com/containous/traefik/safe"
+	"github.com/xenolf/lego/acme"
+	"io/ioutil"
+	fmtlog "log"
+	"os"
+	"reflect"
+	"strings"
+	"sync"
+	"time"
+)
+
+// Account is used to store lets encrypt registration info
+type Account struct {
+	Email              string
+	Registration       *acme.RegistrationResource
+	PrivateKey         []byte
+	DomainsCertificate DomainsCertificates
+}
+
+// GetEmail returns email
+func (a Account) GetEmail() string {
+	return a.Email
+}
+
+// GetRegistration returns lets encrypt registration resource
+func (a Account) GetRegistration() *acme.RegistrationResource {
+	return a.Registration
+}
+
+// GetPrivateKey returns private key
+func (a Account) GetPrivateKey() crypto.PrivateKey {
+	if privateKey, err := x509.ParsePKCS1PrivateKey(a.PrivateKey); err == nil {
+		return privateKey
+	}
+	log.Errorf("Cannot unmarshall private key %+v", a.PrivateKey)
+	return nil
+}
+
+// Certificate is used to store certificate info
+type Certificate struct {
+	Domain        string
+	CertURL       string
+	CertStableURL string
+	PrivateKey    []byte
+	Certificate   []byte
+}
+
+// DomainsCertificates stores a certificate for multiple domains
+type DomainsCertificates struct {
+	Certs []*DomainsCertificate
+	lock  *sync.RWMutex
+}
+
+func (dc *DomainsCertificates) init() error {
+	if dc.lock == nil {
+		dc.lock = &sync.RWMutex{}
+	}
+	dc.lock.Lock()
+	defer dc.lock.Unlock()
+	for _, domainsCertificate := range dc.Certs {
+		tlsCert, err := tls.X509KeyPair(domainsCertificate.Certificate.Certificate, domainsCertificate.Certificate.PrivateKey)
+		if err != nil {
+			return err
+		}
+		domainsCertificate.tlsCert = &tlsCert
+	}
+	return nil
+}
+
+func (dc *DomainsCertificates) renewCertificates(acmeCert *Certificate, domain Domain) error {
+	dc.lock.Lock()
+	defer dc.lock.Unlock()
+
+	for _, domainsCertificate := range dc.Certs {
+		if reflect.DeepEqual(domain, domainsCertificate.Domains) {
+			tlsCert, err := tls.X509KeyPair(acmeCert.Certificate, acmeCert.PrivateKey)
+			if err != nil {
+				return err
+			}
+			domainsCertificate.Certificate = acmeCert
+			domainsCertificate.tlsCert = &tlsCert
+			return nil
+		}
+	}
+	return errors.New("Certificate to renew not found for domain " + domain.Main)
+}
+
+func (dc *DomainsCertificates) addCertificateForDomains(acmeCert *Certificate, domain Domain) (*DomainsCertificate, error) {
+	dc.lock.Lock()
+	defer dc.lock.Unlock()
+
+	tlsCert, err := tls.X509KeyPair(acmeCert.Certificate, acmeCert.PrivateKey)
+	if err != nil {
+		return nil, err
+	}
+	cert := DomainsCertificate{Domains: domain, Certificate: acmeCert, tlsCert: &tlsCert}
+	dc.Certs = append(dc.Certs, &cert)
+	return &cert, nil
+}
+
+func (dc *DomainsCertificates) getCertificateForDomain(domainToFind string) (*DomainsCertificate, bool) {
+	dc.lock.RLock()
+	defer dc.lock.RUnlock()
+	for _, domainsCertificate := range dc.Certs {
+		domains := []string{}
+		domains = append(domains, domainsCertificate.Domains.Main)
+		domains = append(domains, domainsCertificate.Domains.SANs...)
+		for _, domain := range domains {
+			if domain == domainToFind {
+				return domainsCertificate, true
+			}
+		}
+	}
+	return nil, false
+}
+
+func (dc *DomainsCertificates) exists(domainToFind Domain) (*DomainsCertificate, bool) {
+	dc.lock.RLock()
+	defer dc.lock.RUnlock()
+	for _, domainsCertificate := range dc.Certs {
+		if reflect.DeepEqual(domainToFind, domainsCertificate.Domains) {
+			return domainsCertificate, true
+		}
+	}
+	return nil, false
+}
+
+// DomainsCertificate contains a certificate for multiple domains
+type DomainsCertificate struct {
+	Domains     Domain
+	Certificate *Certificate
+	tlsCert     *tls.Certificate
+}
+
+func (dc *DomainsCertificate) needRenew() bool {
+	for _, c := range dc.tlsCert.Certificate {
+		crt, err := x509.ParseCertificate(c)
+		if err != nil {
+			// If there's an error, we assume the cert is broken, and needs update
+			return true
+		}
+		// <= 7 days left, renew certificate
+		if crt.NotAfter.Before(time.Now().Add(time.Duration(24 * 7 * time.Hour))) {
+			return true
+		}
+	}
+
+	return false
+}
+
+// ACME allows to connect to lets encrypt and retrieve certs
+type ACME struct {
+	Email       string   `description:"Email address used for registration"`
+	Domains     []Domain `description:"SANs (alternative domains) to each main domain using format: --acme.domains='main.com,san1.com,san2.com' --acme.domains='main.net,san1.net,san2.net'"`
+	StorageFile string   `description:"File used for certificates storage."`
+	OnDemand    bool     `description:"Enable on demand certificate. This will request a certificate from Let's Encrypt during the first TLS handshake for a hostname that does not yet have a certificate."`
+	CAServer    string   `description:"CA server to use."`
+	EntryPoint  string   `description:"Entrypoint to proxy acme challenge to."`
+	storageLock sync.RWMutex
+}
+
+//Domains parse []Domain
+type Domains []Domain
+
+//Set []Domain
+func (ds *Domains) Set(str string) error {
+	fargs := func(c rune) bool {
+		return c == ',' || c == ';'
+	}
+	// get function
+	slice := strings.FieldsFunc(str, fargs)
+	if len(slice) < 1 {
+		return fmt.Errorf("Parse error ACME.Domain. Imposible to parse %s", str)
+	}
+	d := Domain{
+		Main: slice[0],
+		SANs: []string{},
+	}
+	if len(slice) > 1 {
+		d.SANs = slice[1:]
+	}
+	*ds = append(*ds, d)
+	return nil
+}
+
+//Get []Domain
+func (ds *Domains) Get() interface{} { return []Domain(*ds) }
+
+//String returns []Domain in string
+func (ds *Domains) String() string { return fmt.Sprintf("%+v", *ds) }
+
+//SetValue sets []Domain into the parser
+func (ds *Domains) SetValue(val interface{}) {
+	*ds = Domains(val.([]Domain))
+}
+
+// Domain holds a domain name with SANs
+type Domain struct {
+	Main string
+	SANs []string
+}
+
+// CreateConfig creates a tls.config from using ACME configuration
+func (a *ACME) CreateConfig(tlsConfig *tls.Config, CheckOnDemandDomain func(domain string) bool) error {
+	acme.Logger = fmtlog.New(ioutil.Discard, "", 0)
+
+	if len(a.StorageFile) == 0 {
+		return errors.New("Empty StorageFile, please provide a filename for certs storage")
+	}
+
+	log.Debugf("Generating default certificate...")
+	if len(tlsConfig.Certificates) == 0 {
+		// no certificates in TLS config, so we add a default one
+		cert, err := generateDefaultCertificate()
+		if err != nil {
+			return err
+		}
+		tlsConfig.Certificates = append(tlsConfig.Certificates, *cert)
+	}
+	var account *Account
+	var needRegister bool
+
+	// if certificates in storage, load them
+	if fileInfo, err := os.Stat(a.StorageFile); err == nil && fileInfo.Size() != 0 {
+		log.Infof("Loading ACME certificates...")
+		// load account
+		account, err = a.loadAccount(a)
+		if err != nil {
+			return err
+		}
+	} else {
+		log.Infof("Generating ACME Account...")
+		// Create a user. New accounts need an email and private key to start
+		privateKey, err := rsa.GenerateKey(rand.Reader, 4096)
+		if err != nil {
+			return err
+		}
+		account = &Account{
+			Email:      a.Email,
+			PrivateKey: x509.MarshalPKCS1PrivateKey(privateKey),
+		}
+		account.DomainsCertificate = DomainsCertificates{Certs: []*DomainsCertificate{}, lock: &sync.RWMutex{}}
+		needRegister = true
+	}
+
+	client, err := a.buildACMEClient(account)
+	if err != nil {
+		return err
+	}
+	client.ExcludeChallenges([]acme.Challenge{acme.HTTP01, acme.DNS01})
+	wrapperChallengeProvider := newWrapperChallengeProvider()
+	client.SetChallengeProvider(acme.TLSSNI01, wrapperChallengeProvider)
+
+	if needRegister {
+		// New users will need to register; be sure to save it
+		reg, err := client.Register()
+		if err != nil {
+			return err
+		}
+		account.Registration = reg
+	}
+
+	// The client has a URL to the current Let's Encrypt Subscriber
+	// Agreement. The user will need to agree to it.
+	err = client.AgreeToTOS()
+	if err != nil {
+		// Let's Encrypt Subscriber Agreement renew ?
+		reg, err := client.QueryRegistration()
+		if err != nil {
+			return err
+		}
+		account.Registration = reg
+		err = client.AgreeToTOS()
+		if err != nil {
+			log.Errorf("Error sending ACME agreement to TOS: %+v: %s", account, err.Error())
+		}
+	}
+	// save account
+	err = a.saveAccount(account)
+	if err != nil {
+		return err
+	}
+
+	safe.Go(func() {
+		a.retrieveCertificates(client, account)
+		if err := a.renewCertificates(client, account); err != nil {
+			log.Errorf("Error renewing ACME certificate %+v: %s", account, err.Error())
+		}
+	})
+
+	tlsConfig.GetCertificate = func(clientHello *tls.ClientHelloInfo) (*tls.Certificate, error) {
+		if challengeCert, ok := wrapperChallengeProvider.getCertificate(clientHello.ServerName); ok {
+			return challengeCert, nil
+		}
+		if domainCert, ok := account.DomainsCertificate.getCertificateForDomain(clientHello.ServerName); ok {
+			return domainCert.tlsCert, nil
+		}
+		if a.OnDemand {
+			if CheckOnDemandDomain != nil && !CheckOnDemandDomain(clientHello.ServerName) {
+				return nil, nil
+			}
+			return a.loadCertificateOnDemand(client, account, clientHello)
+		}
+		return nil, nil
+	}
+
+	ticker := time.NewTicker(24 * time.Hour)
+	safe.Go(func() {
+		for {
+			select {
+			case <-ticker.C:
+				if err := a.renewCertificates(client, account); err != nil {
+					log.Errorf("Error renewing ACME certificate %+v: %s", account, err.Error())
+				}
+			}
+		}
+
+	})
+	return nil
+}
+
+func (a *ACME) retrieveCertificates(client *acme.Client, account *Account) {
+	log.Infof("Retrieving ACME certificates...")
+	for _, domain := range a.Domains {
+		// check if cert isn't already loaded
+		if _, exists := account.DomainsCertificate.exists(domain); !exists {
+			domains := []string{}
+			domains = append(domains, domain.Main)
+			domains = append(domains, domain.SANs...)
+			certificateResource, err := a.getDomainsCertificates(client, domains)
+			if err != nil {
+				log.Errorf("Error getting ACME certificate for domain %s: %s", domains, err.Error())
+				continue
+			}
+			_, err = account.DomainsCertificate.addCertificateForDomains(certificateResource, domain)
+			if err != nil {
+				log.Errorf("Error adding ACME certificate for domain %s: %s", domains, err.Error())
+				continue
+			}
+			if err = a.saveAccount(account); err != nil {
+				log.Errorf("Error Saving ACME account %+v: %s", account, err.Error())
+				continue
+			}
+		}
+	}
+	log.Infof("Retrieved ACME certificates")
+}
+
+func (a *ACME) renewCertificates(client *acme.Client, account *Account) error {
+	log.Debugf("Testing certificate renew...")
+	for _, certificateResource := range account.DomainsCertificate.Certs {
+		if certificateResource.needRenew() {
+			log.Debugf("Renewing certificate %+v", certificateResource.Domains)
+			renewedCert, err := client.RenewCertificate(acme.CertificateResource{
+				Domain:        certificateResource.Certificate.Domain,
+				CertURL:       certificateResource.Certificate.CertURL,
+				CertStableURL: certificateResource.Certificate.CertStableURL,
+				PrivateKey:    certificateResource.Certificate.PrivateKey,
+				Certificate:   certificateResource.Certificate.Certificate,
+			}, true)
+			if err != nil {
+				log.Errorf("Error renewing certificate: %v", err)
+				continue
+			}
+			log.Debugf("Renewed certificate %+v", certificateResource.Domains)
+			renewedACMECert := &Certificate{
+				Domain:        renewedCert.Domain,
+				CertURL:       renewedCert.CertURL,
+				CertStableURL: renewedCert.CertStableURL,
+				PrivateKey:    renewedCert.PrivateKey,
+				Certificate:   renewedCert.Certificate,
+			}
+			err = account.DomainsCertificate.renewCertificates(renewedACMECert, certificateResource.Domains)
+			if err != nil {
+				log.Errorf("Error renewing certificate: %v", err)
+				continue
+			}
+			if err = a.saveAccount(account); err != nil {
+				log.Errorf("Error saving ACME account: %v", err)
+				continue
+			}
+		}
+	}
+	return nil
+}
+
+func (a *ACME) buildACMEClient(Account *Account) (*acme.Client, error) {
+	caServer := "https://acme-v01.api.letsencrypt.org/directory"
+	if len(a.CAServer) > 0 {
+		caServer = a.CAServer
+	}
+	client, err := acme.NewClient(caServer, Account, acme.RSA4096)
+	if err != nil {
+		return nil, err
+	}
+
+	return client, nil
+}
+
+func (a *ACME) loadCertificateOnDemand(client *acme.Client, Account *Account, clientHello *tls.ClientHelloInfo) (*tls.Certificate, error) {
+	if certificateResource, ok := Account.DomainsCertificate.getCertificateForDomain(clientHello.ServerName); ok {
+		return certificateResource.tlsCert, nil
+	}
+	Certificate, err := a.getDomainsCertificates(client, []string{clientHello.ServerName})
+	if err != nil {
+		return nil, err
+	}
+	log.Debugf("Got certificate on demand for domain %s", clientHello.ServerName)
+	cert, err := Account.DomainsCertificate.addCertificateForDomains(Certificate, Domain{Main: clientHello.ServerName})
+	if err != nil {
+		return nil, err
+	}
+	if err = a.saveAccount(Account); err != nil {
+		return nil, err
+	}
+	return cert.tlsCert, nil
+}
+
+func (a *ACME) loadAccount(acmeConfig *ACME) (*Account, error) {
+	a.storageLock.RLock()
+	defer a.storageLock.RUnlock()
+	Account := Account{
+		DomainsCertificate: DomainsCertificates{},
+	}
+	file, err := ioutil.ReadFile(acmeConfig.StorageFile)
+	if err != nil {
+		return nil, err
+	}
+	if err := json.Unmarshal(file, &Account); err != nil {
+		return nil, err
+	}
+	err = Account.DomainsCertificate.init()
+	if err != nil {
+		return nil, err
+	}
+	log.Infof("Loaded ACME config from storage %s", acmeConfig.StorageFile)
+	return &Account, nil
+}
+
+func (a *ACME) saveAccount(Account *Account) error {
+	a.storageLock.Lock()
+	defer a.storageLock.Unlock()
+	// write account to file
+	data, err := json.MarshalIndent(Account, "", "  ")
+	if err != nil {
+		return err
+	}
+	return ioutil.WriteFile(a.StorageFile, data, 0644)
+}
+
+func (a *ACME) getDomainsCertificates(client *acme.Client, domains []string) (*Certificate, error) {
+	log.Debugf("Loading ACME certificates %s...", domains)
+	bundle := true
+	certificate, failures := client.ObtainCertificate(domains, bundle, nil)
+	if len(failures) > 0 {
+		log.Error(failures)
+		return nil, fmt.Errorf("Cannot obtain certificates %s+v", failures)
+	}
+	log.Debugf("Loaded ACME certificates %s", domains)
+	return &Certificate{
+		Domain:        certificate.Domain,
+		CertURL:       certificate.CertURL,
+		CertStableURL: certificate.CertStableURL,
+		PrivateKey:    certificate.PrivateKey,
+		Certificate:   certificate.Certificate,
+	}, nil
+}

acme/acme_test.go

@@ -0,0 +1,258 @@
+package acme
+
+import (
+	"reflect"
+	"sync"
+	"testing"
+)
+
+func TestDomainsSet(t *testing.T) {
+	checkMap := map[string]Domains{
+		"":                                   {},
+		"foo.com":                            {Domain{Main: "foo.com", SANs: []string{}}},
+		"foo.com,bar.net":                    {Domain{Main: "foo.com", SANs: []string{"bar.net"}}},
+		"foo.com,bar1.net,bar2.net,bar3.net": {Domain{Main: "foo.com", SANs: []string{"bar1.net", "bar2.net", "bar3.net"}}},
+	}
+	for in, check := range checkMap {
+		ds := Domains{}
+		ds.Set(in)
+		if !reflect.DeepEqual(check, ds) {
+			t.Errorf("Expected %+v\nGot %+v", check, ds)
+		}
+	}
+}
+
+func TestDomainsSetAppend(t *testing.T) {
+	inSlice := []string{
+		"",
+		"foo1.com",
+		"foo2.com,bar.net",
+		"foo3.com,bar1.net,bar2.net,bar3.net",
+	}
+	checkSlice := []Domains{
+		{},
+		{
+			Domain{
+				Main: "foo1.com",
+				SANs: []string{}}},
+		{
+			Domain{
+				Main: "foo1.com",
+				SANs: []string{}},
+			Domain{
+				Main: "foo2.com",
+				SANs: []string{"bar.net"}}},
+		{
+			Domain{
+				Main: "foo1.com",
+				SANs: []string{}},
+			Domain{
+				Main: "foo2.com",
+				SANs: []string{"bar.net"}},
+			Domain{Main: "foo3.com",
+				SANs: []string{"bar1.net", "bar2.net", "bar3.net"}}},
+	}
+	ds := Domains{}
+	for i, in := range inSlice {
+		ds.Set(in)
+		if !reflect.DeepEqual(checkSlice[i], ds) {
+			t.Errorf("Expected  %s %+v\nGot %+v", in, checkSlice[i], ds)
+		}
+	}
+}
+
+func TestCertificatesRenew(t *testing.T) {
+	domainsCertificates := DomainsCertificates{
+		lock: &sync.RWMutex{},
+		Certs: []*DomainsCertificate{
+			{
+				Domains: Domain{
+					Main: "foo1.com",
+					SANs: []string{}},
+				Certificate: &Certificate{
+					Domain:        "foo1.com",
+					CertURL:       "url",
+					CertStableURL: "url",
+					PrivateKey: []byte(`
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEA6OqHGdwGy20+3Jcz9IgfN4IR322X2Hhwk6n8Hss/Ws7FeTZo
+PvXW8uHeI1bmQJsy9C6xo3odzO64o7prgMZl5eDw5fk1mmUij3J3nM3gwtc/Cc+8
+ADXGldauASdHBFTRvWQge0Pv/Q5U0fyL2VCHoR9mGv4CQ7nRNKPus0vYJMbXoTbO
+8z4sIbNz3Ov9o/HGMRb8D0rNPTMdC62tHSbiO1UoxLXr9dcBOGt786AsiRTJ8bq9
+GCVQgzd0Wftb8z6ddW2YuWrmExlkHdfC4oG0D5SU1QB4ldPyl7fhVWlfHwC1NX+c
+RnDSEeYkAcdvvIekdM/yH+z62XhwToM0E9TCzwIDAQABAoIBACq3EC3S50AZeeTU
+qgeXizoP1Z1HKQjfFa5PB1jSZ30M3LRdIQMi7NfASo/qmPGSROb5RUS42YxC34PP
+ZXXJbNiaxzM13/m/wHXURVFxhF3XQc1X1p+nPRMvutulS2Xk9E4qdbaFgBbFsRKN
+oUwqc6U97+jVWq72/gIManNhXnNn1n1SRLBEkn+WStMPn6ZvWRlpRMjhy0c1mpwg
+u6em92HvMvfKPQ60naUhdKp+q0rsLp2YKWjiytos9ENSYI5gAGLIDhKeqiD8f92E
+4FGPmNRipwxCE2SSvZFlM26tRloWVcBPktRN79hUejE8iopiqVS0+4h/phZ2wG0D
+18cqVpECgYEA+qmagnhm0LLvwVkUN0B2nRARQEFinZDM4Hgiv823bQvc9I8dVTqJ
+aIQm5y4Y5UA3xmyDsRoO7GUdd0oVeh9GwTONzMRCOny/mOuOC51wXPhKHhI0O22u
+sfbOHszl+bxl6ZQMUJa2/I8YIWBLU5P+fTgrfNwBEgZ3YPwUV5tyHNcCgYEA7eAv
+pjQkbJNRq/fv/67sojN7N9QoH84egN5cZFh5d8PJomnsvy5JDV4WaG1G6mJpqjdD
+YRVdFw5oZ4L8yCVdCeK9op896Uy51jqvfSe3+uKmNqE0qDHgaLubQNI8yYc5sacW
+fYJBmDR6rNIeE7Q2240w3CdKfREuXdDnhyTTEskCgYBFeAnFTP8Zqe2+hSSQJ4J4
+BwLw7u4Yww+0yja/N5E1XItRD/TOMRnx6GYrvd/ScVjD2kEpLRKju2ZOMC8BmHdw
+hgwvitjcAsTK6cWFPI3uhjVsXhkxuzUmR0Naz+iQrQEFmi1LjGmMV1AVt+1IbYSj
+SZTr1sFJMJeXPmWY3hDjIwKBgQC4H9fCJoorIL0PB5NVreishHzT8fw84ibqSTPq
+2DDtazcf6C3AresN1c4ydqN1uUdg4fXdp9OujRBzTwirQ4CIrmFrBye89g7CrBo6
+Hgxivh06G/3OUw0JBG5f9lvnAiy+Pj9CVxi+36A1NU7ioZP0zY0MW71koW/qXlFY
+YkCfQQKBgBqwND/c3mPg7iY4RMQ9XjrKfV9o6FMzA51lAinjujHlNgsBmqiR951P
+NA3kWZQ73D3IxeLEMaGHpvS7andPN3Z2qPhe+FbJKcF6ZZNTrFQkh/Fpz3wmYPo1
+GIL4+09kNgMRWapaROqI+/3+qJQ+GVJZIPfYC0poJOO6vYqifWe8
+-----END RSA PRIVATE KEY-----
+`),
+					Certificate: []byte(`
+-----BEGIN CERTIFICATE-----
+MIIC+TCCAeGgAwIBAgIJAK78ukR/Qu4rMA0GCSqGSIb3DQEBBQUAMBMxETAPBgNV
+BAMMCGZvbzEuY29tMB4XDTE2MDYxOTIyMDMyM1oXDTI2MDYxNzIyMDMyM1owEzER
+MA8GA1UEAwwIZm9vMS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQDo6ocZ3AbLbT7clzP0iB83ghHfbZfYeHCTqfweyz9azsV5Nmg+9dby4d4jVuZA
+mzL0LrGjeh3M7rijumuAxmXl4PDl+TWaZSKPcneczeDC1z8Jz7wANcaV1q4BJ0cE
+VNG9ZCB7Q+/9DlTR/IvZUIehH2Ya/gJDudE0o+6zS9gkxtehNs7zPiwhs3Pc6/2j
+8cYxFvwPSs09Mx0Lra0dJuI7VSjEtev11wE4a3vzoCyJFMnxur0YJVCDN3RZ+1vz
+Pp11bZi5auYTGWQd18LigbQPlJTVAHiV0/KXt+FVaV8fALU1f5xGcNIR5iQBx2+8
+h6R0z/If7PrZeHBOgzQT1MLPAgMBAAGjUDBOMB0GA1UdDgQWBBRFLH1wF6BT51uq
+yWNqBnCrPFIglzAfBgNVHSMEGDAWgBRFLH1wF6BT51uqyWNqBnCrPFIglzAMBgNV
+HRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQAr7aH3Db6TeAZkg4Zd7SoF2q11
+erzv552PgQUyezMZcRBo2q1ekmUYyy2600CBiYg51G+8oUqjJKiKnBuaqbMX7pFa
+FsL7uToZCGA57cBaVejeB+p24P5bxoJGKCMeZcEBe5N93Tqu5WBxNEX7lQUo6TSs
+gSN2Olf3/grNKt5V4BduSIQZ+YHlPUWLTaz5B1MXKSUqjmabARP9lhjO14u9USvi
+dMBDFskJySQ6SUfz3fyoXELoDOVbRZETuSodpw+aFCbEtbcQCLT3A0FG+BEPayZH
+tt19zKUlr6e+YFpyjQPGZ7ZkY7iMgHEkhKrXx2DiZ1+cif3X1xfXWQr0S5+E
+-----END CERTIFICATE-----
+`),
+				},
+			},
+			{
+				Domains: Domain{
+					Main: "foo2.com",
+					SANs: []string{}},
+				Certificate: &Certificate{
+					Domain:        "foo2.com",
+					CertURL:       "url",
+					CertStableURL: "url",
+					PrivateKey: []byte(`
+-----BEGIN RSA PRIVATE KEY-----
+MIIEogIBAAKCAQEA7rIVuSrZ3FfYXhR3qaWwfVcgiqKS//yXFzNqkJS6mz9nRCNT
+lPawvrCFIRKdR7UO7xD7A5VTcbrGOAaTvrEaH7mB/4FGL+gN4AiTbVFpKXngAYEW
+A3//zeBZ7XUSWaQ+CNC+l796JeoDvQD++KwCke4rVD1pGN1hpVEeGhwzyKOYPKLo
+4+AGVe1LFWw4U/v8Iil1/gBBehZBILuhASpXy4W132LJPl76/EbGqh0nVz2UlFqU
+HRxO+2U2ba4YIpI+0/VOQ9Cq/TzHSUdTTLfBHE/Qb+aDBfptMWTRvAngLqUglOcZ
+Fi6SAljxEkJO6z6btmoVUWsoKBpbIHDC5++dZwIDAQABAoIBAAD8rYhRfAskNdnV
+vdTuwXcTOCg6md8DHWDULpmgc9EWhwfKGZthFcQEGNjVKd9VCVXFvTP7lxe+TPmI
+VW4Rb2k4LChxUWf7TqthfbKTBptMTLfU39Ft4xHn3pdTx5qlSjhhHJimCwxDFnbe
+nS9MDsqpsHYtttSKfc/gMP6spS4sNPZ/r9zseT3eWkBEhn+FQABxJiuPcQ7q7S+Q
+uOghmr7f3FeYvizQOhBtULsLrK/hsmQIIB4amS1QlpNWKbIoiUPNPjCA5PVQyAER
+waYjuc7imBbeD98L/z8bRTlEskSKjtPSEXGVHa9OYdBU+02Ci6TjKztUp6Ho7JE9
+tcHj+eECgYEA+9Ntv6RqIdpT/4/52JYiR+pOem3U8tweCOmUqm/p/AWyfAJTykqt
+cJ8RcK1MfM+uoa5Sjm8hIcA2XPVEqH2J50PC4w04Q3xtfsz3xs7KJWXQCoha8D0D
+ZIFNroEPnld0qOuJzpIIteXTrCLhSu17ZhN+Wk+5gJ7Ewu/QMM5OPjECgYEA8qbw
+zfwSjE6jkrqO70jzqSxgi2yjo0vMqv+BNBuhxhDTBXnKQI1KsHoiS0FkSLSJ9+DS
+CT3WEescD2Lumdm2s9HXvaMmnDSKBY58NqCGsNzZifSgmj1H/yS9FX8RXfSjXcxq
+RDvTbD52/HeaCiOxHZx8JjmJEb+ZKJC4MDvjtxcCgYBM516GvgEjYXdxfliAiijh
+6W4Z+Vyk5g/ODPc3rYG5U0wUjuljx7Z7xDghPusy2oGsIn5XvRxTIE35yXU0N1Jb
+69eiWzEpeuA9bv7kGdal4RfNf6K15wwYL1y3w/YvFuorg/LLwNEkK5Ge6e//X9Ll
+c2KM1fgCjXntRitAHGDMoQKBgDnkgodioLpA+N3FDN0iNqAiKlaZcOFA8G/LzfO0
+tAAhe3dO+2YzT6KTQSNbUqXWDSTKytHRowVbZrJ1FCA4xVJZunNQPaH/Fv8EY7ZU
+zk3cIzq61qZ2AHtrNIGwc2BLQb7bSm9FJsgojxLlJidNJLC/6Q7lo0JMyCnZfVhk
+sYu5AoGAZt/MfyFTKm674UddSNgGEt86PyVYbLMnRoAXOaNB38AE12kaYHPil1tL
+FnL8OQLpbX5Qo2JGgeZRlpMJ4Jxw2zzvUKr/n+6khaLxHmtX48hMu2QM7ZvnkZCs
+Kkgz6v+Wcqm94ugtl3HSm+u9xZzVQxN6gu/jZQv3VpQiAZHjPYc=
+-----END RSA PRIVATE KEY-----
+`),
+					Certificate: []byte(`
+-----BEGIN CERTIFICATE-----
+MIIC+TCCAeGgAwIBAgIJAK25/Z9Jz6IBMA0GCSqGSIb3DQEBBQUAMBMxETAPBgNV
+BAMMCGZvbzIuY29tMB4XDTE2MDYyMDA5MzUyNloXDTI2MDYxODA5MzUyNlowEzER
+MA8GA1UEAwwIZm9vMi5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQDushW5KtncV9heFHeppbB9VyCKopL//JcXM2qQlLqbP2dEI1OU9rC+sIUhEp1H
+tQ7vEPsDlVNxusY4BpO+sRofuYH/gUYv6A3gCJNtUWkpeeABgRYDf//N4FntdRJZ
+pD4I0L6Xv3ol6gO9AP74rAKR7itUPWkY3WGlUR4aHDPIo5g8oujj4AZV7UsVbDhT
++/wiKXX+AEF6FkEgu6EBKlfLhbXfYsk+Xvr8RsaqHSdXPZSUWpQdHE77ZTZtrhgi
+kj7T9U5D0Kr9PMdJR1NMt8EcT9Bv5oMF+m0xZNG8CeAupSCU5xkWLpICWPESQk7r
+Ppu2ahVRaygoGlsgcMLn751nAgMBAAGjUDBOMB0GA1UdDgQWBBQ6FZWqB9qI4NN+
+2jFY6xH8uoUTnTAfBgNVHSMEGDAWgBQ6FZWqB9qI4NN+2jFY6xH8uoUTnTAMBgNV
+HRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQCRhuf2dQhIEOmSOGgtRELF2wB6
+NWXt0lCty9x4u+zCvITXV8Z0C34VQGencO3H2bgyC3ZxNpPuwZfEc2Pxe8W6bDc/
+OyLckk9WLo00Tnr2t7rDOeTjEGuhXFZkhIbJbKdAH8cEXrxKR8UXWtZgTv/b8Hv/
+g6tbeH6TzBsdMoFtUCsyWxygYwnLU+quuYvE2s9FiCegf2mdYTCh/R5J5n/51gfB
+uC+NakKMfaCvNg3mOAFSYC/0r0YcKM/5ldKGTKTCVJAMhnmBnyRc/70rKkVRFy2g
+iIjUFs+9aAgfCiL0WlyyXYAtIev2gw4FHUVlcT/xKks+x8Kgj6e5LTIrRRwW
+-----END CERTIFICATE-----
+`),
+				},
+			},
+		},
+	}
+
+	newCertificate := &Certificate{
+		Domain:        "foo1.com",
+		CertURL:       "url",
+		CertStableURL: "url",
+		PrivateKey: []byte(`
+-----BEGIN RSA PRIVATE KEY-----
+MIIEowIBAAKCAQEA1OdSuXK2zeSLf0UqgrI4pjkpaqhra++pnda4Li4jXo151svi
+Sn7DSynJOoq1jbfRJAoyDhxsBC4S4RuD54U5elJ4wLPZXmHRsvb+NwiHs9VmDqwu
+It21btuqeNMebkab5cnDnC6KKufMhXRcRAlluYXyCkQe/+N+LlUQd6Js34TixMpk
+eQOX4/OVrokSyVRnIq4u+o0Ufe7z5+41WVH63tcy7Hwi7244aLUzZCs+QQa2Dw6f
+qEwjbonr974fM68UxDjTZEQy9u24yDzajhDBp1OTAAklh7U+li3g9dSyNVBFXqEu
+nW2fyBvLqeJOSTihqfcrACB/YYhYOX94vMXELQIDAQABAoIBAFYK3t3fxI1VTiMz
+WsjTKh3TgC+AvVkz1ILbojfXoae22YS7hUrCDD82NgMYx+LsZPOBw1T8m5Lc4/hh
+3F8W8nHDHtYSWUjRk6QWOgsXwXAmUEahw0uH+qlA0ZZfDC9ZDexCLHHURTat03Qj
+4J4GhjwCLB2GBlk4IWisLCmNVR7HokrpfIw4oM1aB5E21Tl7zh/x7ikRijEkUsKw
+7YhaMeLJqBnMnAdV63hhF7FaDRjl8P2s/3octz/6pqDIABrDrUW3KAkNYCZIWdhF
+Kk0wRMbZ/WrYT9GIGoJe7coQC7ezTrlrEkAFEIPGHCLkgXB/0TyuSy0yY59e4zmi
+VvHoWUECgYEA/rOL2KJ/p+TZW7+YbsUzs0+F+M+G6UCr0nWfYN9MKmNtmns3eLDG
++pIpBMc5mjqeJR/sCCdkD8OqHC202Y8e4sr0pKSBeBofh2BmXtpyu3QQ50Pa63RS
+SK6mYUrFqPmFFDbNGpFI4sIeI+Vf6hm96FQPnyPtUTGqk39m0RbWM/UCgYEA1f04
+Nf3wbqwqIHZjYpPmymfjleyMn3hGUjpi7pmI6inXGMk3nkeG1cbOhnfPxL5BWD12
+3RqHI2B4Z4r0BMyjctDNb1TxhMIpm5+PKm5KeeKfoYA85IS0mEeq6VdMm3mL1x/O
+3LYvcUvAEVf6pWX/+ZFLMudqhF3jbTrdNOC6ZFkCgYBKpEeJdyW+CD0CvEVpwPUD
+yXxTjE3XMZKpHLtWYlop2fWW3iFFh1jouci3k8L3xdHuw0oioZibXhYOJ/7l+yFs
+CVpknakrj0xKGiAmEBKriLojbClN80rh7fzoakc+29D6OY0mCgm4GndGwcO4EU8s
+NOZXFupHbyy0CRQSloSzuQKBgQC1Z/MtIlefGuijmHlsakGuuR+gS2ZzEj1bHBAe
+gZ4mFM46PuqdjblqpR0TtaI3AarXqVOI4SJLBU9NR+jR4MF3Zjeh9/q/NvKa8Usn
+B1Svu0TkXphAiZenuKnVIqLY8tNvzZFKXlAd1b+/dDwR10SHR3rebnxINmfEg7Bf
+UVvyEQKBgAEjI5O6LSkLNpbVn1l2IO8u8D2RkFqs/Sbx78uFta3f9Gddzb4wMnt3
+jVzymghCLp4Qf1ump/zC5bcQ8L97qmnjJ+H8X9HwmkqetuI362JNnz+12YKVDIWi
+wI7SJ8BwDqYMrLw6/nE+degn39KedGDH8gz5cZcdlKTZLjbuBOfU
+-----END RSA PRIVATE KEY-----
+`),
+		Certificate: []byte(`
+-----BEGIN CERTIFICATE-----
+MIIC+TCCAeGgAwIBAgIJAPQiOiQcwYaRMA0GCSqGSIb3DQEBBQUAMBMxETAPBgNV
+BAMMCGZvbzEuY29tMB4XDTE2MDYxOTIyMTE1NFoXDTI2MDYxNzIyMTE1NFowEzER
+MA8GA1UEAwwIZm9vMS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
+AQDU51K5crbN5It/RSqCsjimOSlqqGtr76md1rguLiNejXnWy+JKfsNLKck6irWN
+t9EkCjIOHGwELhLhG4PnhTl6UnjAs9leYdGy9v43CIez1WYOrC4i3bVu26p40x5u
+RpvlycOcLooq58yFdFxECWW5hfIKRB7/434uVRB3omzfhOLEymR5A5fj85WuiRLJ
+VGciri76jRR97vPn7jVZUfre1zLsfCLvbjhotTNkKz5BBrYPDp+oTCNuiev3vh8z
+rxTEONNkRDL27bjIPNqOEMGnU5MACSWHtT6WLeD11LI1UEVeoS6dbZ/IG8up4k5J
+OKGp9ysAIH9hiFg5f3i8xcQtAgMBAAGjUDBOMB0GA1UdDgQWBBQPfkS5ehpstmSb
+8CGJE7GxSCxl2DAfBgNVHSMEGDAWgBQPfkS5ehpstmSb8CGJE7GxSCxl2DAMBgNV
+HRMEBTADAQH/MA0GCSqGSIb3DQEBBQUAA4IBAQA99A+itS9ImdGRGgHZ5fSusiEq
+wkK5XxGyagL1S0f3VM8e78VabSvC0o/xdD7DHVg6Az8FWxkkksH6Yd7IKfZZUzvs
+kXQhlOwWpxgmguSmAs4uZTymIoMFRVj3nG664BcXkKu4Yd9UXKNOWP59zgvrCJMM
+oIsmYiq5u0MFpM31BwfmmW3erqIcfBI9OJrmr1XDzlykPZNWtUSSfVuNQ8d4bim9
+XH8RfVLeFbqDydSTCHIFvYthH/ESbpRCiGJHoJ8QLfOkhD1k2fI0oJZn5RVtG2W8
+bZME3gHPYCk1QFZUptriMCJ5fMjCgxeOTR+FAkstb/lTRuCc4UyILJguIMar
+-----END CERTIFICATE-----
+`),
+	}
+
+	err := domainsCertificates.renewCertificates(
+		newCertificate,
+		Domain{
+			Main: "foo1.com",
+			SANs: []string{}})
+	if err != nil {
+		t.Errorf("Error in renewCertificates :%v", err)
+	}
+	if len(domainsCertificates.Certs) != 2 {
+		t.Errorf("Expected domainsCertificates length %d %+v\nGot %+v", 2, domainsCertificates.Certs, len(domainsCertificates.Certs))
+	}
+	if !reflect.DeepEqual(domainsCertificates.Certs[0].Certificate, newCertificate) {
+		t.Errorf("Expected new certificate %+v \nGot %+v", newCertificate, domainsCertificates.Certs[0].Certificate)
+	}
+}

acme/challengeProvider.go

@@ -0,0 +1,56 @@
+package acme
+
+import (
+	"crypto/tls"
+	"sync"
+
+	"crypto/x509"
+	"github.com/xenolf/lego/acme"
+)
+
+type wrapperChallengeProvider struct {
+	challengeCerts map[string]*tls.Certificate
+	lock           sync.RWMutex
+}
+
+func newWrapperChallengeProvider() *wrapperChallengeProvider {
+	return &wrapperChallengeProvider{
+		challengeCerts: map[string]*tls.Certificate{},
+	}
+}
+
+func (c *wrapperChallengeProvider) getCertificate(domain string) (cert *tls.Certificate, exists bool) {
+	c.lock.RLock()
+	defer c.lock.RUnlock()
+	if cert, ok := c.challengeCerts[domain]; ok {
+		return cert, true
+	}
+	return nil, false
+}
+
+func (c *wrapperChallengeProvider) Present(domain, token, keyAuth string) error {
+	cert, _, err := acme.TLSSNI01ChallengeCert(keyAuth)
+	if err != nil {
+		return err
+	}
+	cert.Leaf, err = x509.ParseCertificate(cert.Certificate[0])
+	if err != nil {
+		return err
+	}
+
+	c.lock.Lock()
+	defer c.lock.Unlock()
+	for i := range cert.Leaf.DNSNames {
+		c.challengeCerts[cert.Leaf.DNSNames[i]] = &cert
+	}
+
+	return nil
+
+}
+
+func (c *wrapperChallengeProvider) CleanUp(domain, token, keyAuth string) error {
+	c.lock.Lock()
+	defer c.lock.Unlock()
+	delete(c.challengeCerts, domain)
+	return nil
+}

acme/crypto.go

@@ -0,0 +1,78 @@
+package acme
+
+import (
+	"crypto/rand"
+	"crypto/rsa"
+	"crypto/sha256"
+	"crypto/tls"
+	"crypto/x509"
+	"crypto/x509/pkix"
+	"encoding/hex"
+	"encoding/pem"
+	"fmt"
+	"math/big"
+	"time"
+)
+
+func generateDefaultCertificate() (*tls.Certificate, error) {
+	rsaPrivKey, err := rsa.GenerateKey(rand.Reader, 2048)
+	if err != nil {
+		return nil, err
+	}
+	rsaPrivPEM := pem.EncodeToMemory(&pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(rsaPrivKey)})
+
+	randomBytes := make([]byte, 100)
+	_, err = rand.Read(randomBytes)
+	if err != nil {
+		return nil, err
+	}
+	zBytes := sha256.Sum256(randomBytes)
+	z := hex.EncodeToString(zBytes[:sha256.Size])
+	domain := fmt.Sprintf("%s.%s.traefik.default", z[:32], z[32:])
+	tempCertPEM, err := generatePemCert(rsaPrivKey, domain)
+	if err != nil {
+		return nil, err
+	}
+
+	certificate, err := tls.X509KeyPair(tempCertPEM, rsaPrivPEM)
+	if err != nil {
+		return nil, err
+	}
+
+	return &certificate, nil
+}
+func generatePemCert(privKey *rsa.PrivateKey, domain string) ([]byte, error) {
+	derBytes, err := generateDerCert(privKey, time.Time{}, domain)
+	if err != nil {
+		return nil, err
+	}
+
+	return pem.EncodeToMemory(&pem.Block{Type: "CERTIFICATE", Bytes: derBytes}), nil
+}
+
+func generateDerCert(privKey *rsa.PrivateKey, expiration time.Time, domain string) ([]byte, error) {
+	serialNumberLimit := new(big.Int).Lsh(big.NewInt(1), 128)
+	serialNumber, err := rand.Int(rand.Reader, serialNumberLimit)
+	if err != nil {
+		return nil, err
+	}
+
+	if expiration.IsZero() {
+		expiration = time.Now().Add(365)
+	}
+
+	template := x509.Certificate{
+		SerialNumber: serialNumber,
+		Subject: pkix.Name{
+			CommonName: "TRAEFIK DEFAULT CERT",
+		},
+		NotBefore: time.Now(),
+		NotAfter:  expiration,
+
+		KeyUsage:              x509.KeyUsageKeyEncipherment,
+		BasicConstraintsValid: true,
+		DNSNames:              []string{domain},
+	}
+
+	return x509.CreateCertificate(rand.Reader, &template, &template, &privKey.PublicKey, privKey)
+}

adapters.go

@@ -0,0 +1,34 @@
+/*
+Copyright
+*/
+package main
+
+import (
+	"net/http"
+
+	log "github.com/Sirupsen/logrus"
+)
+
+// OxyLogger implements oxy Logger interface with logrus.
+type OxyLogger struct {
+}
+
+// Infof logs specified string as Debug level in logrus.
+func (oxylogger *OxyLogger) Infof(format string, args ...interface{}) {
+	log.Debugf(format, args...)
+}
+
+// Warningf logs specified string as Warning level in logrus.
+func (oxylogger *OxyLogger) Warningf(format string, args ...interface{}) {
+	log.Warningf(format, args...)
+}
+
+// Errorf logs specified string as Warningf level in logrus.
+func (oxylogger *OxyLogger) Errorf(format string, args ...interface{}) {
+	log.Warningf(format, args...)
+}
+
+func notFoundHandler(w http.ResponseWriter, r *http.Request) {
+	http.NotFound(w, r)
+	//templatesRenderer.HTML(w, http.StatusNotFound, "notFound", nil)
+}

build.Dockerfile

@@ -0,0 +1,25 @@
+FROM golang:1.6.2
+
+RUN go get github.com/Masterminds/glide \
+&& go get github.com/jteeuwen/go-bindata/... \
+&& go get github.com/golang/lint/golint \
+&& go get github.com/kisielk/errcheck
+
+# Which docker version to test on
+ARG DOCKER_VERSION=1.10.1
+
+# Download docker
+RUN set -ex; \
+    curl https://get.docker.com/builds/Linux/x86_64/docker-${DOCKER_VERSION} -o /usr/local/bin/docker-${DOCKER_VERSION}; \
+    chmod +x /usr/local/bin/docker-${DOCKER_VERSION}
+
+# Set the default Docker to be run
+RUN ln -s /usr/local/bin/docker-${DOCKER_VERSION} /usr/local/bin/docker
+
+WORKDIR /go/src/github.com/containous/traefik
+
+COPY glide.yaml glide.yaml
+COPY glide.lock glide.lock
+RUN glide install
+
+COPY . /go/src/github.com/containous/traefik

circle.yml

@@ -0,0 +1,36 @@
+machine:
+  pre:
+    - sudo docker -d -e lxc -s btrfs -H tcp://0.0.0.0:2375:
+        background: true
+    - curl --retry 15 --retry-delay 3 -v http://172.17.42.1:2375/version
+  environment:
+    REPO: $CIRCLE_PROJECT_USERNAME/$CIRCLE_PROJECT_REPONAME
+    DOCKER_HOST: tcp://172.17.42.1:2375
+    MAKE_DOCKER_HOST: $DOCKER_HOST
+    VERSION: v1.0.alpha.$CIRCLE_BUILD_NUM
+
+dependencies:
+  pre:
+    - docker version
+    - go get github.com/tcnksm/ghr
+    - make validate
+  override:
+    - make binary
+
+test:
+  override:
+    - make test-unit
+    - make test-integration
+  post:
+    - make crossbinary
+    - make image
+
+deployment:
+  hub:
+    branch: master
+    commands:
+      - ghr -t $GITHUB_TOKEN -u $CIRCLE_PROJECT_USERNAME -r $CIRCLE_PROJECT_REPONAME --prerelease ${VERSION} dist/
+      - docker login -e $DOCKER_EMAIL -u $DOCKER_USER -p $DOCKER_PASS
+      - docker push ${REPO,,}:latest
+      - docker tag ${REPO,,}:latest ${REPO,,}:${VERSION}
+      - docker push ${REPO,,}:${VERSION}

cmd/configuration.go

@@ -1,38 +0,0 @@
-package cmd
-
-import (
-	"time"
-
-	ptypes "github.com/traefik/paerser/types"
-	"github.com/traefik/traefik/v3/pkg/config/static"
-)
-
-// TraefikCmdConfiguration wraps the static configuration and extra parameters.
-type TraefikCmdConfiguration struct {
-	static.Configuration `export:"true"`
-	// ConfigFile is the path to the configuration file.
-	ConfigFile string `description:"Configuration file to use. If specified all other flags are ignored." export:"true"`
-}
-
-// NewTraefikConfiguration creates a TraefikCmdConfiguration with default values.
-func NewTraefikConfiguration() *TraefikCmdConfiguration {
-	return &TraefikCmdConfiguration{
-		Configuration: static.Configuration{
-			Global: &static.Global{
-				CheckNewVersion: true,
-			},
-			EntryPoints: make(static.EntryPoints),
-			Providers: &static.Providers{
-				ProvidersThrottleDuration: ptypes.Duration(2 * time.Second),
-			},
-			ServersTransport: &static.ServersTransport{
-				MaxIdleConnsPerHost: 200,
-			},
-			TCPServersTransport: &static.TCPServersTransport{
-				DialTimeout:   ptypes.Duration(30 * time.Second),
-				DialKeepAlive: ptypes.Duration(15 * time.Second),
-			},
-		},
-		ConfigFile: "",
-	}
-}

cmd/healthcheck/healthcheck.go

@@ -1,79 +0,0 @@
-package healthcheck
-
-import (
-	"errors"
-	"fmt"
-	"net/http"
-	"os"
-	"time"
-
-	"github.com/traefik/paerser/cli"
-	"github.com/traefik/traefik/v3/pkg/config/static"
-)
-
-// NewCmd builds a new HealthCheck command.
-func NewCmd(traefikConfiguration *static.Configuration, loaders []cli.ResourceLoader) *cli.Command {
-	return &cli.Command{
-		Name:          "healthcheck",
-		Description:   `Calls Traefik /ping endpoint (disabled by default) to check the health of Traefik.`,
-		Configuration: traefikConfiguration,
-		Run:           runCmd(traefikConfiguration),
-		Resources:     loaders,
-	}
-}
-
-func runCmd(traefikConfiguration *static.Configuration) func(_ []string) error {
-	return func(_ []string) error {
-		traefikConfiguration.SetEffectiveConfiguration()
-
-		resp, errPing := Do(*traefikConfiguration)
-		if resp != nil {
-			resp.Body.Close()
-		}
-		if errPing != nil {
-			fmt.Printf("Error calling healthcheck: %s\n", errPing)
-			os.Exit(1)
-		}
-
-		if resp.StatusCode != http.StatusOK {
-			fmt.Printf("Bad healthcheck status: %s\n", resp.Status)
-			os.Exit(1)
-		}
-		fmt.Printf("OK: %s\n", resp.Request.URL)
-		os.Exit(0)
-		return nil
-	}
-}
-
-// Do try to do a healthcheck.
-func Do(staticConfiguration static.Configuration) (*http.Response, error) {
-	if staticConfiguration.Ping == nil {
-		return nil, errors.New("please enable `ping` to use health check")
-	}
-
-	ep := staticConfiguration.Ping.EntryPoint
-	if ep == "" {
-		ep = "traefik"
-	}
-
-	pingEntryPoint, ok := staticConfiguration.EntryPoints[ep]
-	if !ok {
-		return nil, fmt.Errorf("ping: missing %s entry point", ep)
-	}
-
-	client := &http.Client{Timeout: 5 * time.Second}
-	protocol := "http"
-
-	// TODO Handle TLS on ping etc...
-	// if pingEntryPoint.TLS != nil {
-	// 	protocol = "https"
-	// 	tr := &http.Transport{
-	// 		TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
-	// 	}
-	// 	client.Transport = tr
-	// }
-
-	path := "/"
-
-	return client.Head(protocol + "://" + pingEntryPoint.GetAddress() + path + "ping")
-}

cmd/internal/gen/centrifuge.go

@@ -1,332 +0,0 @@
-package main
-
-import (
-	"bytes"
-	"fmt"
-	"go/format"
-	"go/importer"
-	"go/token"
-	"go/types"
-	"io"
-	"log"
-	"os"
-	"path"
-	"path/filepath"
-	"reflect"
-	"slices"
-	"sort"
-	"strings"
-
-	"golang.org/x/tools/imports"
-)
-
-// File a kind of AST element that represents a file.
-type File struct {
-	Package  string
-	Imports  []string
-	Elements []Element
-}
-
-// Element is a simplified version of a symbol.
-type Element struct {
-	Name  string
-	Value string
-}
-
-// Centrifuge a centrifuge.
-// Generate Go Structures from Go structures.
-type Centrifuge struct {
-	IncludedImports []string
-	ExcludedTypes   []string
-	ExcludedFiles   []string
-
-	TypeCleaner    func(types.Type, string) string
-	PackageCleaner func(string) string
-
-	rootPkg string
-	fileSet *token.FileSet
-	pkg     *types.Package
-}
-
-// NewCentrifuge creates a new Centrifuge.
-func NewCentrifuge(rootPkg string) (*Centrifuge, error) {
-	fileSet := token.NewFileSet()
-
-	pkg, err := importer.ForCompiler(fileSet, "source", nil).Import(rootPkg)
-	if err != nil {
-		return nil, err
-	}
-
-	return &Centrifuge{
-		fileSet: fileSet,
-		pkg:     pkg,
-		rootPkg: rootPkg,
-
-		TypeCleaner: func(typ types.Type, _ string) string {
-			return typ.String()
-		},
-		PackageCleaner: func(s string) string {
-			return s
-		},
-	}, nil
-}
-
-// Run runs the code extraction and the code generation.
-func (c Centrifuge) Run(dest string, pkgName string) error {
-	files := c.run(c.pkg.Scope(), c.rootPkg, pkgName)
-
-	err := fileWriter{baseDir: dest}.Write(files)
-	if err != nil {
-		return err
-	}
-
-	for _, p := range c.pkg.Imports() {
-		if slices.Contains(c.IncludedImports, p.Path()) {
-			fls := c.run(p.Scope(), p.Path(), p.Name())
-
-			err = fileWriter{baseDir: filepath.Join(dest, p.Name())}.Write(fls)
-			if err != nil {
-				return err
-			}
-		}
-	}
-
-	return err
-}
-
-func (c Centrifuge) run(sc *types.Scope, rootPkg string, pkgName string) map[string]*File {
-	files := map[string]*File{}
-
-	for _, name := range sc.Names() {
-		if slices.Contains(c.ExcludedTypes, name) {
-			continue
-		}
-
-		o := sc.Lookup(name)
-		if !o.Exported() {
-			continue
-		}
-
-		filename := filepath.Base(c.fileSet.File(o.Pos()).Name())
-		if slices.Contains(c.ExcludedFiles, path.Join(rootPkg, filename)) {
-			continue
-		}
-
-		fl, ok := files[filename]
-		if !ok {
-			files[filename] = &File{Package: pkgName}
-			fl = files[filename]
-		}
-
-		elt := Element{
-			Name: name,
-		}
-
-		switch ob := o.(type) {
-		case *types.TypeName:
-
-			switch obj := ob.Type().(*types.Named).Underlying().(type) {
-			case *types.Struct:
-				elt.Value = c.writeStruct(name, obj, rootPkg, fl)
-
-			case *types.Map:
-				elt.Value = fmt.Sprintf("type %s map[%s]%s\n", name, obj.Key().String(), c.TypeCleaner(obj.Elem(), rootPkg))
-
-			case *types.Slice:
-				elt.Value = fmt.Sprintf("type %s []%v\n", name, c.TypeCleaner(obj.Elem(), rootPkg))
-
-			case *types.Basic:
-				elt.Value = fmt.Sprintf("type %s %v\n", name, obj.Name())
-
-			default:
-				log.Printf("OTHER TYPE::: %s %T\n", name, o.Type().(*types.Named).Underlying())
-				continue
-			}
-
-		default:
-			log.Printf("OTHER::: %s %T\n", name, o)
-			continue
-		}
-
-		if len(elt.Value) > 0 {
-			fl.Elements = append(fl.Elements, elt)
-		}
-	}
-
-	return files
-}
-
-func (c Centrifuge) writeStruct(name string, obj *types.Struct, rootPkg string, elt *File) string {
-	b := strings.Builder{}
-	b.WriteString(fmt.Sprintf("type %s struct {\n", name))
-
-	for i := range obj.NumFields() {
-		field := obj.Field(i)
-
-		if !field.Exported() {
-			continue
-		}
-
-		fPkg := c.PackageCleaner(extractPackage(field.Type()))
-		if fPkg != "" && fPkg != rootPkg {
-			elt.Imports = append(elt.Imports, fPkg)
-		}
-
-		fType := c.TypeCleaner(field.Type(), rootPkg)
-
-		if field.Embedded() {
-			b.WriteString(fmt.Sprintf("\t%s\n", fType))
-			continue
-		}
-
-		values, ok := lookupTagValue(obj.Tag(i), "json")
-		if len(values) > 0 && values[0] == "-" {
-			continue
-		}
-
-		b.WriteString(fmt.Sprintf("\t%s %s", field.Name(), fType))
-
-		if ok {
-			b.WriteString(fmt.Sprintf(" `json:\"%s\"`", strings.Join(values, ",")))
-		}
-
-		b.WriteString("\n")
-	}
-
-	b.WriteString("}\n")
-
-	return b.String()
-}
-
-func lookupTagValue(raw, key string) ([]string, bool) {
-	value, ok := reflect.StructTag(raw).Lookup(key)
-	if !ok {
-		return nil, ok
-	}
-
-	values := strings.Split(value, ",")
-
-	if len(values) < 1 {
-		return nil, true
-	}
-
-	return values, true
-}
-
-func extractPackage(t types.Type) string {
-	switch tu := t.(type) {
-	case *types.Named:
-		return tu.Obj().Pkg().Path()
-
-	case *types.Slice:
-		if v, ok := tu.Elem().(*types.Named); ok {
-			return v.Obj().Pkg().Path()
-		}
-		return ""
-
-	case *types.Map:
-		if v, ok := tu.Elem().(*types.Named); ok {
-			return v.Obj().Pkg().Path()
-		}
-		return ""
-
-	case *types.Pointer:
-		return extractPackage(tu.Elem())
-
-	default:
-		return ""
-	}
-}
-
-type fileWriter struct {
-	baseDir string
-}
-
-func (f fileWriter) Write(files map[string]*File) error {
-	err := os.MkdirAll(f.baseDir, 0o755)
-	if err != nil {
-		return err
-	}
-
-	for name, file := range files {
-		err = f.writeFile(name, file)
-		if err != nil {
-			return err
-		}
-	}
-
-	return nil
-}
-
-func (f fileWriter) writeFile(name string, desc *File) error {
-	if len(desc.Elements) == 0 {
-		return nil
-	}
-
-	filename := filepath.Join(f.baseDir, name)
-
-	file, err := os.Create(filename)
-	if err != nil {
-		return fmt.Errorf("failed to create file: %w", err)
-	}
-
-	defer func() { _ = file.Close() }()
-
-	b := bytes.NewBufferString("package ")
-	b.WriteString(desc.Package)
-	b.WriteString("\n")
-	b.WriteString("// Code generated by centrifuge. DO NOT EDIT.\n")
-
-	b.WriteString("\n")
-	f.writeImports(b, desc.Imports)
-	b.WriteString("\n")
-
-	for _, elt := range desc.Elements {
-		b.WriteString(elt.Value)
-		b.WriteString("\n")
-	}
-
-	// gofmt
-	source, err := format.Source(b.Bytes())
-	if err != nil {
-		log.Println(b.String())
-		return fmt.Errorf("failed to format sources: %w", err)
-	}
-
-	// goimports
-	process, err := imports.Process(filename, source, nil)
-	if err != nil {
-		log.Println(string(source))
-		return fmt.Errorf("failed to format imports: %w", err)
-	}
-
-	_, err = file.Write(process)
-	if err != nil {
-		return err
-	}
-
-	return nil
-}
-
-func (f fileWriter) writeImports(b io.StringWriter, imports []string) {
-	if len(imports) == 0 {
-		return
-	}
-
-	uniq := map[string]struct{}{}
-
-	sort.Strings(imports)
-
-	_, _ = b.WriteString("import (\n")
-	for _, s := range imports {
-		if _, exist := uniq[s]; exist {
-			continue
-		}
-
-		uniq[s] = struct{}{}
-
-		_, _ = b.WriteString(fmt.Sprintf(`	"%s"`+"\n", s))
-	}
-
-	_, _ = b.WriteString(")\n")
-}

cmd/internal/gen/main.go

@@ -1,124 +0,0 @@
-package main
-
-import (
-	"fmt"
-	"go/build"
-	"go/types"
-	"log"
-	"os"
-	"path"
-	"path/filepath"
-	"strings"
-)
-
-const rootPkg = "github.com/traefik/traefik/v3/pkg/config/dynamic"
-
-const (
-	destModuleName = "github.com/traefik/genconf"
-	destPkg        = "dynamic"
-)
-
-const marsh = `package %s
-
-import "encoding/json"
-
-type JSONPayload struct {
-	*Configuration
-}
-
-func (c JSONPayload) MarshalJSON() ([]byte, error) {
-	if c.Configuration == nil {
-		return nil, nil
-	}
-
-	return json.Marshal(c.Configuration)
-}
-`
-
-// main generate Go Structures from Go structures.
-// Allows to create an external module (destModuleName) used by the plugin's providers
-// that contains Go structs of the dynamic configuration and nothing else.
-// These Go structs do not have any non-exported fields and do not rely on any external dependencies.
-func main() {
-	dest := filepath.Join(path.Join(build.Default.GOPATH, "src"), destModuleName, destPkg)
-
-	log.Println("Output:", dest)
-
-	err := run(dest)
-	if err != nil {
-		log.Fatal(err)
-	}
-}
-
-func run(dest string) error {
-	centrifuge, err := NewCentrifuge(rootPkg)
-	if err != nil {
-		return err
-	}
-
-	centrifuge.IncludedImports = []string{
-		"github.com/traefik/traefik/v3/pkg/tls",
-		"github.com/traefik/traefik/v3/pkg/types",
-	}
-
-	centrifuge.ExcludedTypes = []string{
-		// tls
-		"CertificateStore", "Manager",
-		// dynamic
-		"Message", "Configurations",
-		// types
-		"HTTPCodeRanges", "HostResolverConfig",
-	}
-
-	centrifuge.ExcludedFiles = []string{
-		"github.com/traefik/traefik/v3/pkg/types/logs.go",
-		"github.com/traefik/traefik/v3/pkg/types/metrics.go",
-	}
-
-	centrifuge.TypeCleaner = cleanType
-	centrifuge.PackageCleaner = cleanPackage
-
-	err = centrifuge.Run(dest, destPkg)
-	if err != nil {
-		return err
-	}
-
-	return os.WriteFile(filepath.Join(dest, "marshaler.go"), []byte(fmt.Sprintf(marsh, destPkg)), 0o666)
-}
-
-func cleanType(typ types.Type, base string) string {
-	if typ.String() == "github.com/traefik/traefik/v3/pkg/types.FileOrContent" {
-		return "string"
-	}
-
-	if typ.String() == "[]github.com/traefik/traefik/v3/pkg/types.FileOrContent" {
-		return "[]string"
-	}
-
-	if typ.String() == "github.com/traefik/paerser/types.Duration" {
-		return "string"
-	}
-
-	if strings.Contains(typ.String(), base) {
-		return strings.ReplaceAll(typ.String(), base+".", "")
-	}
-
-	if strings.Contains(typ.String(), "github.com/traefik/traefik/v3/pkg/") {
-		return strings.ReplaceAll(typ.String(), "github.com/traefik/traefik/v3/pkg/", "")
-	}
-
-	return typ.String()
-}
-
-func cleanPackage(src string) string {
-	switch src {
-	case "github.com/traefik/paerser/types":
-		return ""
-	case "github.com/traefik/traefik/v3/pkg/tls":
-		return path.Join(destModuleName, destPkg, "tls")
-	case "github.com/traefik/traefik/v3/pkg/types":
-		return path.Join(destModuleName, destPkg, "types")
-	default:
-		return src
-	}
-}

cmd/traefik/logger.go

@@ -1,89 +0,0 @@
-package main
-
-import (
-	"io"
-	stdlog "log"
-	"os"
-	"strings"
-	"time"
-
-	"github.com/natefinch/lumberjack"
-	"github.com/rs/zerolog"
-	"github.com/rs/zerolog/log"
-	"github.com/sirupsen/logrus"
-	"github.com/traefik/traefik/v3/pkg/config/static"
-	"github.com/traefik/traefik/v3/pkg/logs"
-)
-
-func init() {
-	// hide the first logs before the setup of the logger.
-	zerolog.SetGlobalLevel(zerolog.ErrorLevel)
-}
-
-func setupLogger(staticConfiguration *static.Configuration) {
-	// configure log format
-	w := getLogWriter(staticConfiguration)
-
-	// configure log level
-	logLevel := getLogLevel(staticConfiguration)
-
-	// create logger
-	logCtx := zerolog.New(w).With().Timestamp()
-	if logLevel <= zerolog.DebugLevel {
-		logCtx = logCtx.Caller()
-	}
-
-	log.Logger = logCtx.Logger().Level(logLevel)
-	zerolog.DefaultContextLogger = &log.Logger
-	zerolog.SetGlobalLevel(logLevel)
-
-	// Global logrus replacement (related to lib like go-rancher-metadata, docker, etc.)
-	logrus.StandardLogger().Out = logs.NoLevel(log.Logger, zerolog.DebugLevel)
-
-	// configure default standard log.
-	stdlog.SetFlags(stdlog.Lshortfile | stdlog.LstdFlags)
-	stdlog.SetOutput(logs.NoLevel(log.Logger, zerolog.DebugLevel))
-}
-
-func getLogWriter(staticConfiguration *static.Configuration) io.Writer {
-	var w io.Writer = os.Stderr
-
-	if staticConfiguration.Log != nil && len(staticConfiguration.Log.FilePath) > 0 {
-		_, _ = os.OpenFile(staticConfiguration.Log.FilePath, os.O_RDWR|os.O_CREATE|os.O_APPEND, 0o666)
-		w = &lumberjack.Logger{
-			Filename:   staticConfiguration.Log.FilePath,
-			MaxSize:    staticConfiguration.Log.MaxSize,
-			MaxBackups: staticConfiguration.Log.MaxBackups,
-			MaxAge:     staticConfiguration.Log.MaxAge,
-			Compress:   true,
-		}
-	}
-
-	if staticConfiguration.Log == nil || staticConfiguration.Log.Format != "json" {
-		w = zerolog.ConsoleWriter{
-			Out:        w,
-			TimeFormat: time.RFC3339,
-			NoColor:    staticConfiguration.Log != nil && (staticConfiguration.Log.NoColor || len(staticConfiguration.Log.FilePath) > 0),
-		}
-	}
-
-	return w
-}
-
-func getLogLevel(staticConfiguration *static.Configuration) zerolog.Level {
-	levelStr := "error"
-	if staticConfiguration.Log != nil && staticConfiguration.Log.Level != "" {
-		levelStr = strings.ToLower(staticConfiguration.Log.Level)
-	}
-
-	logLevel, err := zerolog.ParseLevel(strings.ToLower(levelStr))
-	if err != nil {
-		log.Error().Err(err).
-			Str("logLevel", levelStr).
-			Msg("Unspecified or invalid log level, setting the level to default (ERROR)...")
-
-		logLevel = zerolog.ErrorLevel
-	}
-
-	return logLevel
-}

cmd/traefik/plugins.go

@@ -1,83 +0,0 @@
-package main
-
-import (
-	"fmt"
-
-	"github.com/traefik/traefik/v3/pkg/config/static"
-	"github.com/traefik/traefik/v3/pkg/plugins"
-)
-
-const outputDir = "./plugins-storage/"
-
-func createPluginBuilder(staticConfiguration *static.Configuration) (*plugins.Builder, error) {
-	client, plgs, localPlgs, err := initPlugins(staticConfiguration)
-	if err != nil {
-		return nil, err
-	}
-
-	return plugins.NewBuilder(client, plgs, localPlgs)
-}
-
-func initPlugins(staticCfg *static.Configuration) (*plugins.Client, map[string]plugins.Descriptor, map[string]plugins.LocalDescriptor, error) {
-	err := checkUniquePluginNames(staticCfg.Experimental)
-	if err != nil {
-		return nil, nil, nil, err
-	}
-
-	var client *plugins.Client
-	plgs := map[string]plugins.Descriptor{}
-
-	if hasPlugins(staticCfg) {
-		opts := plugins.ClientOptions{
-			Output: outputDir,
-		}
-
-		var err error
-		client, err = plugins.NewClient(opts)
-		if err != nil {
-			return nil, nil, nil, fmt.Errorf("unable to create plugins client: %w", err)
-		}
-
-		err = plugins.SetupRemotePlugins(client, staticCfg.Experimental.Plugins)
-		if err != nil {
-			return nil, nil, nil, fmt.Errorf("unable to set up plugins environment: %w", err)
-		}
-
-		plgs = staticCfg.Experimental.Plugins
-	}
-
-	localPlgs := map[string]plugins.LocalDescriptor{}
-
-	if hasLocalPlugins(staticCfg) {
-		err := plugins.SetupLocalPlugins(staticCfg.Experimental.LocalPlugins)
-		if err != nil {
-			return nil, nil, nil, err
-		}
-
-		localPlgs = staticCfg.Experimental.LocalPlugins
-	}
-
-	return client, plgs, localPlgs, nil
-}
-
-func checkUniquePluginNames(e *static.Experimental) error {
-	if e == nil {
-		return nil
-	}
-
-	for s := range e.LocalPlugins {
-		if _, ok := e.Plugins[s]; ok {
-			return fmt.Errorf("the plugin's name %q must be unique", s)
-		}
-	}
-
-	return nil
-}
-
-func hasPlugins(staticCfg *static.Configuration) bool {
-	return staticCfg.Experimental != nil && len(staticCfg.Experimental.Plugins) > 0
-}
-
-func hasLocalPlugins(staticCfg *static.Configuration) bool {
-	return staticCfg.Experimental != nil && len(staticCfg.Experimental.LocalPlugins) > 0
-}

cmd/traefik/traefik.go

@@ -1,622 +0,0 @@
-package main
-
-import (
-	"context"
-	"crypto/x509"
-	"encoding/json"
-	"fmt"
-	"io"
-	stdlog "log"
-	"net/http"
-	"os"
-	"os/signal"
-	"sort"
-	"strings"
-	"syscall"
-	"time"
-
-	"github.com/coreos/go-systemd/daemon"
-	"github.com/go-acme/lego/v4/challenge"
-	gokitmetrics "github.com/go-kit/kit/metrics"
-	"github.com/rs/zerolog/log"
-	"github.com/sirupsen/logrus"
-	"github.com/spiffe/go-spiffe/v2/workloadapi"
-	"github.com/traefik/paerser/cli"
-	"github.com/traefik/traefik/v3/cmd"
-	"github.com/traefik/traefik/v3/cmd/healthcheck"
-	cmdVersion "github.com/traefik/traefik/v3/cmd/version"
-	tcli "github.com/traefik/traefik/v3/pkg/cli"
-	"github.com/traefik/traefik/v3/pkg/collector"
-	"github.com/traefik/traefik/v3/pkg/config/dynamic"
-	"github.com/traefik/traefik/v3/pkg/config/runtime"
-	"github.com/traefik/traefik/v3/pkg/config/static"
-	"github.com/traefik/traefik/v3/pkg/logs"
-	"github.com/traefik/traefik/v3/pkg/metrics"
-	"github.com/traefik/traefik/v3/pkg/middlewares/accesslog"
-	"github.com/traefik/traefik/v3/pkg/provider/acme"
-	"github.com/traefik/traefik/v3/pkg/provider/aggregator"
-	"github.com/traefik/traefik/v3/pkg/provider/tailscale"
-	"github.com/traefik/traefik/v3/pkg/provider/traefik"
-	"github.com/traefik/traefik/v3/pkg/safe"
-	"github.com/traefik/traefik/v3/pkg/server"
-	"github.com/traefik/traefik/v3/pkg/server/middleware"
-	"github.com/traefik/traefik/v3/pkg/server/service"
-	"github.com/traefik/traefik/v3/pkg/tcp"
-	traefiktls "github.com/traefik/traefik/v3/pkg/tls"
-	"github.com/traefik/traefik/v3/pkg/tracing"
-	"github.com/traefik/traefik/v3/pkg/types"
-	"github.com/traefik/traefik/v3/pkg/version"
-)
-
-func main() {
-	// traefik config inits
-	tConfig := cmd.NewTraefikConfiguration()
-
-	loaders := []cli.ResourceLoader{&tcli.DeprecationLoader{}, &tcli.FileLoader{}, &tcli.FlagLoader{}, &tcli.EnvLoader{}}
-
-	cmdTraefik := &cli.Command{
-		Name: "traefik",
-		Description: `Traefik is a modern HTTP reverse proxy and load balancer made to deploy microservices with ease.
-Complete documentation is available at https://traefik.io`,
-		Configuration: tConfig,
-		Resources:     loaders,
-		Run: func(_ []string) error {
-			return runCmd(&tConfig.Configuration)
-		},
-	}
-
-	err := cmdTraefik.AddCommand(healthcheck.NewCmd(&tConfig.Configuration, loaders))
-	if err != nil {
-		stdlog.Println(err)
-		os.Exit(1)
-	}
-
-	err = cmdTraefik.AddCommand(cmdVersion.NewCmd())
-	if err != nil {
-		stdlog.Println(err)
-		os.Exit(1)
-	}
-
-	err = cli.Execute(cmdTraefik)
-	if err != nil {
-		log.Error().Err(err).Msg("Command error")
-		logrus.Exit(1)
-	}
-
-	logrus.Exit(0)
-}
-
-func runCmd(staticConfiguration *static.Configuration) error {
-	setupLogger(staticConfiguration)
-
-	http.DefaultTransport.(*http.Transport).Proxy = http.ProxyFromEnvironment
-
-	staticConfiguration.SetEffectiveConfiguration()
-	if err := staticConfiguration.ValidateConfiguration(); err != nil {
-		return err
-	}
-
-	log.Info().Str("version", version.Version).
-		Msgf("Traefik version %s built on %s", version.Version, version.BuildDate)
-
-	jsonConf, err := json.Marshal(staticConfiguration)
-	if err != nil {
-		log.Error().Err(err).Msg("Could not marshal static configuration")
-		log.Debug().Interface("staticConfiguration", staticConfiguration).Msg("Static configuration loaded [struct]")
-	} else {
-		log.Debug().RawJSON("staticConfiguration", jsonConf).Msg("Static configuration loaded [json]")
-	}
-
-	if staticConfiguration.Global.CheckNewVersion {
-		checkNewVersion()
-	}
-
-	stats(staticConfiguration)
-
-	svr, err := setupServer(staticConfiguration)
-	if err != nil {
-		return err
-	}
-
-	ctx, _ := signal.NotifyContext(context.Background(), syscall.SIGINT, syscall.SIGTERM)
-
-	if staticConfiguration.Ping != nil {
-		staticConfiguration.Ping.WithContext(ctx)
-	}
-
-	svr.Start(ctx)
-	defer svr.Close()
-
-	sent, err := daemon.SdNotify(false, "READY=1")
-	if !sent && err != nil {
-		log.Error().Err(err).Msg("Failed to notify")
-	}
-
-	t, err := daemon.SdWatchdogEnabled(false)
-	if err != nil {
-		log.Error().Err(err).Msg("Could not enable Watchdog")
-	} else if t != 0 {
-		// Send a ping each half time given
-		t /= 2
-		log.Info().Msgf("Watchdog activated with timer duration %s", t)
-		safe.Go(func() {
-			tick := time.Tick(t)
-			for range tick {
-				resp, errHealthCheck := healthcheck.Do(*staticConfiguration)
-				if resp != nil {
-					_ = resp.Body.Close()
-				}
-
-				if staticConfiguration.Ping == nil || errHealthCheck == nil {
-					if ok, _ := daemon.SdNotify(false, "WATCHDOG=1"); !ok {
-						log.Error().Msg("Fail to tick watchdog")
-					}
-				} else {
-					log.Error().Err(errHealthCheck).Send()
-				}
-			}
-		})
-	}
-
-	svr.Wait()
-	log.Info().Msg("Shutting down")
-	return nil
-}
-
-func setupServer(staticConfiguration *static.Configuration) (*server.Server, error) {
-	providerAggregator := aggregator.NewProviderAggregator(*staticConfiguration.Providers)
-
-	ctx := context.Background()
-	routinesPool := safe.NewPool(ctx)
-
-	// adds internal provider
-	err := providerAggregator.AddProvider(traefik.New(*staticConfiguration))
-	if err != nil {
-		return nil, err
-	}
-
-	// ACME
-
-	tlsManager := traefiktls.NewManager()
-	httpChallengeProvider := acme.NewChallengeHTTP()
-
-	tlsChallengeProvider := acme.NewChallengeTLSALPN()
-	err = providerAggregator.AddProvider(tlsChallengeProvider)
-	if err != nil {
-		return nil, err
-	}
-
-	acmeProviders := initACMEProvider(staticConfiguration, &providerAggregator, tlsManager, httpChallengeProvider, tlsChallengeProvider)
-
-	// Tailscale
-
-	tsProviders := initTailscaleProviders(staticConfiguration, &providerAggregator)
-
-	// Observability
-
-	metricRegistries := registerMetricClients(staticConfiguration.Metrics)
-	var semConvMetricRegistry *metrics.SemConvMetricsRegistry
-	if staticConfiguration.Metrics != nil && staticConfiguration.Metrics.OTLP != nil {
-		semConvMetricRegistry, err = metrics.NewSemConvMetricRegistry(ctx, staticConfiguration.Metrics.OTLP)
-		if err != nil {
-			return nil, fmt.Errorf("unable to create SemConv metric registry: %w", err)
-		}
-	}
-	metricsRegistry := metrics.NewMultiRegistry(metricRegistries)
-	accessLog := setupAccessLog(staticConfiguration.AccessLog)
-	tracer, tracerCloser := setupTracing(staticConfiguration.Tracing)
-	observabilityMgr := middleware.NewObservabilityMgr(*staticConfiguration, metricsRegistry, semConvMetricRegistry, accessLog, tracer, tracerCloser)
-
-	// Entrypoints
-
-	serverEntryPointsTCP, err := server.NewTCPEntryPoints(staticConfiguration.EntryPoints, staticConfiguration.HostResolver, metricsRegistry)
-	if err != nil {
-		return nil, err
-	}
-
-	serverEntryPointsUDP, err := server.NewUDPEntryPoints(staticConfiguration.EntryPoints)
-	if err != nil {
-		return nil, err
-	}
-
-	if staticConfiguration.API != nil {
-		version.DisableDashboardAd = staticConfiguration.API.DisableDashboardAd
-	}
-
-	// Plugins
-
-	pluginBuilder, err := createPluginBuilder(staticConfiguration)
-	if err != nil {
-		log.Error().Err(err).Msg("Plugins are disabled because an error has occurred.")
-	}
-
-	// Providers plugins
-
-	for name, conf := range staticConfiguration.Providers.Plugin {
-		if pluginBuilder == nil {
-			break
-		}
-
-		p, err := pluginBuilder.BuildProvider(name, conf)
-		if err != nil {
-			return nil, fmt.Errorf("plugin: failed to build provider: %w", err)
-		}
-
-		err = providerAggregator.AddProvider(p)
-		if err != nil {
-			return nil, fmt.Errorf("plugin: failed to add provider: %w", err)
-		}
-	}
-
-	// Service manager factory
-
-	var spiffeX509Source *workloadapi.X509Source
-	if staticConfiguration.Spiffe != nil && staticConfiguration.Spiffe.WorkloadAPIAddr != "" {
-		log.Info().Str("workloadAPIAddr", staticConfiguration.Spiffe.WorkloadAPIAddr).
-			Msg("Waiting on SPIFFE SVID delivery")
-
-		spiffeX509Source, err = workloadapi.NewX509Source(
-			ctx,
-			workloadapi.WithClientOptions(
-				workloadapi.WithAddr(
-					staticConfiguration.Spiffe.WorkloadAPIAddr,
-				),
-			),
-		)
-		if err != nil {
-			return nil, fmt.Errorf("unable to create SPIFFE x509 source: %w", err)
-		}
-		log.Info().Msg("Successfully obtained SPIFFE SVID.")
-	}
-
-	roundTripperManager := service.NewRoundTripperManager(spiffeX509Source)
-	dialerManager := tcp.NewDialerManager(spiffeX509Source)
-	acmeHTTPHandler := getHTTPChallengeHandler(acmeProviders, httpChallengeProvider)
-	managerFactory := service.NewManagerFactory(*staticConfiguration, routinesPool, observabilityMgr, roundTripperManager, acmeHTTPHandler)
-
-	// Router factory
-
-	routerFactory := server.NewRouterFactory(*staticConfiguration, managerFactory, tlsManager, observabilityMgr, pluginBuilder, dialerManager)
-
-	// Watcher
-
-	watcher := server.NewConfigurationWatcher(
-		routinesPool,
-		providerAggregator,
-		getDefaultsEntrypoints(staticConfiguration),
-		"internal",
-	)
-
-	// TLS
-	watcher.AddListener(func(conf dynamic.Configuration) {
-		ctx := context.Background()
-		tlsManager.UpdateConfigs(ctx, conf.TLS.Stores, conf.TLS.Options, conf.TLS.Certificates)
-
-		gauge := metricsRegistry.TLSCertsNotAfterTimestampGauge()
-		for _, certificate := range tlsManager.GetServerCertificates() {
-			appendCertMetric(gauge, certificate)
-		}
-	})
-
-	// Metrics
-	watcher.AddListener(func(_ dynamic.Configuration) {
-		metricsRegistry.ConfigReloadsCounter().Add(1)
-		metricsRegistry.LastConfigReloadSuccessGauge().Set(float64(time.Now().Unix()))
-	})
-
-	// Server Transports
-	watcher.AddListener(func(conf dynamic.Configuration) {
-		roundTripperManager.Update(conf.HTTP.ServersTransports)
-		dialerManager.Update(conf.TCP.ServersTransports)
-	})
-
-	// Switch router
-	watcher.AddListener(switchRouter(routerFactory, serverEntryPointsTCP, serverEntryPointsUDP))
-
-	// Metrics
-	if metricsRegistry.IsEpEnabled() || metricsRegistry.IsRouterEnabled() || metricsRegistry.IsSvcEnabled() {
-		var eps []string
-		for key := range serverEntryPointsTCP {
-			eps = append(eps, key)
-		}
-		watcher.AddListener(func(conf dynamic.Configuration) {
-			metrics.OnConfigurationUpdate(conf, eps)
-		})
-	}
-
-	// TLS challenge
-	watcher.AddListener(tlsChallengeProvider.ListenConfiguration)
-
-	// Certificate Resolvers
-
-	resolverNames := map[string]struct{}{}
-
-	// ACME
-	for _, p := range acmeProviders {
-		resolverNames[p.ResolverName] = struct{}{}
-		watcher.AddListener(p.ListenConfiguration)
-	}
-
-	// Tailscale
-	for _, p := range tsProviders {
-		resolverNames[p.ResolverName] = struct{}{}
-		watcher.AddListener(p.HandleConfigUpdate)
-	}
-
-	// Certificate resolver logs
-	watcher.AddListener(func(config dynamic.Configuration) {
-		for rtName, rt := range config.HTTP.Routers {
-			if rt.TLS == nil || rt.TLS.CertResolver == "" {
-				continue
-			}
-
-			if _, ok := resolverNames[rt.TLS.CertResolver]; !ok {
-				log.Error().Err(err).Str(logs.RouterName, rtName).Str("certificateResolver", rt.TLS.CertResolver).
-					Msg("Router uses a non-existent certificate resolver")
-			}
-		}
-	})
-
-	return server.NewServer(routinesPool, serverEntryPointsTCP, serverEntryPointsUDP, watcher, observabilityMgr), nil
-}
-
-func getHTTPChallengeHandler(acmeProviders []*acme.Provider, httpChallengeProvider http.Handler) http.Handler {
-	var acmeHTTPHandler http.Handler
-	for _, p := range acmeProviders {
-		if p != nil && p.HTTPChallenge != nil {
-			acmeHTTPHandler = httpChallengeProvider
-			break
-		}
-	}
-	return acmeHTTPHandler
-}
-
-func getDefaultsEntrypoints(staticConfiguration *static.Configuration) []string {
-	var defaultEntryPoints []string
-
-	// Determines if at least one EntryPoint is configured to be used by default.
-	var hasDefinedDefaults bool
-	for _, ep := range staticConfiguration.EntryPoints {
-		if ep.AsDefault {
-			hasDefinedDefaults = true
-			break
-		}
-	}
-
-	for name, cfg := range staticConfiguration.EntryPoints {
-		// By default all entrypoints are considered.
-		// If at least one is flagged, then only flagged entrypoints are included.
-		if hasDefinedDefaults && !cfg.AsDefault {
-			continue
-		}
-
-		protocol, err := cfg.GetProtocol()
-		if err != nil {
-			// Should never happen because Traefik should not start if protocol is invalid.
-			log.Error().Err(err).Msg("Invalid protocol")
-		}
-
-		if protocol != "udp" && name != static.DefaultInternalEntryPointName {
-			defaultEntryPoints = append(defaultEntryPoints, name)
-		}
-	}
-
-	sort.Strings(defaultEntryPoints)
-	return defaultEntryPoints
-}
-
-func switchRouter(routerFactory *server.RouterFactory, serverEntryPointsTCP server.TCPEntryPoints, serverEntryPointsUDP server.UDPEntryPoints) func(conf dynamic.Configuration) {
-	return func(conf dynamic.Configuration) {
-		rtConf := runtime.NewConfig(conf)
-
-		routers, udpRouters := routerFactory.CreateRouters(rtConf)
-
-		serverEntryPointsTCP.Switch(routers)
-		serverEntryPointsUDP.Switch(udpRouters)
-	}
-}
-
-// initACMEProvider creates and registers acme.Provider instances corresponding to the configured ACME certificate resolvers.
-func initACMEProvider(c *static.Configuration, providerAggregator *aggregator.ProviderAggregator, tlsManager *traefiktls.Manager, httpChallengeProvider, tlsChallengeProvider challenge.Provider) []*acme.Provider {
-	localStores := map[string]*acme.LocalStore{}
-
-	var resolvers []*acme.Provider
-	for name, resolver := range c.CertificatesResolvers {
-		if resolver.ACME == nil {
-			continue
-		}
-
-		if localStores[resolver.ACME.Storage] == nil {
-			localStores[resolver.ACME.Storage] = acme.NewLocalStore(resolver.ACME.Storage)
-		}
-
-		p := &acme.Provider{
-			Configuration:         resolver.ACME,
-			Store:                 localStores[resolver.ACME.Storage],
-			ResolverName:          name,
-			HTTPChallengeProvider: httpChallengeProvider,
-			TLSChallengeProvider:  tlsChallengeProvider,
-		}
-
-		if err := providerAggregator.AddProvider(p); err != nil {
-			log.Error().Err(err).Str("resolver", name).Msg("The ACME resolve is skipped from the resolvers list")
-			continue
-		}
-
-		p.SetTLSManager(tlsManager)
-
-		p.SetConfigListenerChan(make(chan dynamic.Configuration))
-
-		resolvers = append(resolvers, p)
-	}
-
-	return resolvers
-}
-
-// initTailscaleProviders creates and registers tailscale.Provider instances corresponding to the configured Tailscale certificate resolvers.
-func initTailscaleProviders(cfg *static.Configuration, providerAggregator *aggregator.ProviderAggregator) []*tailscale.Provider {
-	var providers []*tailscale.Provider
-	for name, resolver := range cfg.CertificatesResolvers {
-		if resolver.Tailscale == nil {
-			continue
-		}
-
-		tsProvider := &tailscale.Provider{ResolverName: name}
-
-		if err := providerAggregator.AddProvider(tsProvider); err != nil {
-			log.Error().Err(err).Str(logs.ProviderName, name).Msg("Unable to create Tailscale provider")
-			continue
-		}
-
-		providers = append(providers, tsProvider)
-	}
-
-	return providers
-}
-
-func registerMetricClients(metricsConfig *types.Metrics) []metrics.Registry {
-	if metricsConfig == nil {
-		return nil
-	}
-
-	var registries []metrics.Registry
-
-	if metricsConfig.Prometheus != nil {
-		logger := log.With().Str(logs.MetricsProviderName, "prometheus").Logger()
-
-		prometheusRegister := metrics.RegisterPrometheus(logger.WithContext(context.Background()), metricsConfig.Prometheus)
-		if prometheusRegister != nil {
-			registries = append(registries, prometheusRegister)
-			logger.Debug().Msg("Configured Prometheus metrics")
-		}
-	}
-
-	if metricsConfig.Datadog != nil {
-		logger := log.With().Str(logs.MetricsProviderName, "datadog").Logger()
-
-		registries = append(registries, metrics.RegisterDatadog(logger.WithContext(context.Background()), metricsConfig.Datadog))
-		logger.Debug().
-			Str("address", metricsConfig.Datadog.Address).
-			Str("pushInterval", metricsConfig.Datadog.PushInterval.String()).
-			Msgf("Configured Datadog metrics")
-	}
-
-	if metricsConfig.StatsD != nil {
-		logger := log.With().Str(logs.MetricsProviderName, "statsd").Logger()
-
-		registries = append(registries, metrics.RegisterStatsd(logger.WithContext(context.Background()), metricsConfig.StatsD))
-		logger.Debug().
-			Str("address", metricsConfig.StatsD.Address).
-			Str("pushInterval", metricsConfig.StatsD.PushInterval.String()).
-			Msg("Configured StatsD metrics")
-	}
-
-	if metricsConfig.InfluxDB2 != nil {
-		logger := log.With().Str(logs.MetricsProviderName, "influxdb2").Logger()
-
-		influxDB2Register := metrics.RegisterInfluxDB2(logger.WithContext(context.Background()), metricsConfig.InfluxDB2)
-		if influxDB2Register != nil {
-			registries = append(registries, influxDB2Register)
-			logger.Debug().
-				Str("address", metricsConfig.InfluxDB2.Address).
-				Str("bucket", metricsConfig.InfluxDB2.Bucket).
-				Str("organization", metricsConfig.InfluxDB2.Org).
-				Str("pushInterval", metricsConfig.InfluxDB2.PushInterval.String()).
-				Msg("Configured InfluxDB v2 metrics")
-		}
-	}
-
-	if metricsConfig.OTLP != nil {
-		logger := log.With().Str(logs.MetricsProviderName, "openTelemetry").Logger()
-
-		openTelemetryRegistry := metrics.RegisterOpenTelemetry(logger.WithContext(context.Background()), metricsConfig.OTLP)
-		if openTelemetryRegistry != nil {
-			registries = append(registries, openTelemetryRegistry)
-			logger.Debug().
-				Str("pushInterval", metricsConfig.OTLP.PushInterval.String()).
-				Msg("Configured OpenTelemetry metrics")
-		}
-	}
-
-	return registries
-}
-
-func appendCertMetric(gauge gokitmetrics.Gauge, certificate *x509.Certificate) {
-	sort.Strings(certificate.DNSNames)
-
-	labels := []string{
-		"cn", certificate.Subject.CommonName,
-		"serial", certificate.SerialNumber.String(),
-		"sans", strings.Join(certificate.DNSNames, ","),
-	}
-
-	notAfter := float64(certificate.NotAfter.Unix())
-
-	gauge.With(labels...).Set(notAfter)
-}
-
-func setupAccessLog(conf *types.AccessLog) *accesslog.Handler {
-	if conf == nil {
-		return nil
-	}
-
-	accessLoggerMiddleware, err := accesslog.NewHandler(conf)
-	if err != nil {
-		log.Warn().Err(err).Msg("Unable to create access logger")
-		return nil
-	}
-
-	return accessLoggerMiddleware
-}
-
-func setupTracing(conf *static.Tracing) (*tracing.Tracer, io.Closer) {
-	if conf == nil {
-		return nil, nil
-	}
-
-	tracer, closer, err := tracing.NewTracing(conf)
-	if err != nil {
-		log.Warn().Err(err).Msg("Unable to create tracer")
-		return nil, nil
-	}
-
-	return tracer, closer
-}
-
-func checkNewVersion() {
-	ticker := time.Tick(24 * time.Hour)
-	safe.Go(func() {
-		for time.Sleep(10 * time.Minute); ; <-ticker {
-			version.CheckNewVersion()
-		}
-	})
-}
-
-func stats(staticConfiguration *static.Configuration) {
-	logger := log.With().Logger()
-
-	if staticConfiguration.Global.SendAnonymousUsage {
-		logger.Info().Msg(`Stats collection is enabled.`)
-		logger.Info().Msg(`Many thanks for contributing to Traefik's improvement by allowing us to receive anonymous information from your configuration.`)
-		logger.Info().Msg(`Help us improve Traefik by leaving this feature on :)`)
-		logger.Info().Msg(`More details on: https://doc.traefik.io/traefik/contributing/data-collection/`)
-		collect(staticConfiguration)
-	} else {
-		logger.Info().Msg(`
-Stats collection is disabled.
-Help us improve Traefik by turning this feature on :)
-More details on: https://doc.traefik.io/traefik/contributing/data-collection/
-`)
-	}
-}
-
-func collect(staticConfiguration *static.Configuration) {
-	ticker := time.Tick(24 * time.Hour)
-	safe.Go(func() {
-		for time.Sleep(10 * time.Minute); ; <-ticker {
-			if err := collector.Collect(staticConfiguration); err != nil {
-				log.Debug().Err(err).Send()
-			}
-		}
-	})
-}

cmd/traefik/traefik_test.go

@@ -1,186 +0,0 @@
-package main
-
-import (
-	"crypto/x509"
-	"encoding/pem"
-	"strings"
-	"testing"
-
-	"github.com/go-kit/kit/metrics"
-	"github.com/stretchr/testify/assert"
-	"github.com/stretchr/testify/require"
-	"github.com/traefik/traefik/v3/pkg/config/static"
-)
-
-// FooCert is a PEM-encoded TLS cert.
-// generated from src/crypto/tls:
-// go run generate_cert.go  --rsa-bits 1024 --host foo.org,foo.com  --ca --start-date "Jan 1 00:00:00 1970" --duration=1000000h
-const fooCert = `-----BEGIN CERTIFICATE-----
-MIICHzCCAYigAwIBAgIQXQFLeYRwc5X21t457t2xADANBgkqhkiG9w0BAQsFADAS
-MRAwDgYDVQQKEwdBY21lIENvMCAXDTcwMDEwMTAwMDAwMFoYDzIwODQwMTI5MTYw
-MDAwWjASMRAwDgYDVQQKEwdBY21lIENvMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCB
-iQKBgQDCjn67GSs/khuGC4GNN+tVo1S+/eSHwr/hWzhfMqO7nYiXkFzmxi+u14CU
-Pda6WOeps7T2/oQEFMxKKg7zYOqkLSbjbE0ZfosopaTvEsZm/AZHAAvoOrAsIJOn
-SEiwy8h0tLA4z1SNR6rmIVQWyqBZEPAhBTQM1z7tFp48FakCFwIDAQABo3QwcjAO
-BgNVHQ8BAf8EBAMCAqQwEwYDVR0lBAwwCgYIKwYBBQUHAwEwDwYDVR0TAQH/BAUw
-AwEB/zAdBgNVHQ4EFgQUDHG3ASzeUezElup9zbPpBn/vjogwGwYDVR0RBBQwEoIH
-Zm9vLm9yZ4IHZm9vLmNvbTANBgkqhkiG9w0BAQsFAAOBgQBT+VLMbB9u27tBX8Aw
-ZrGY3rbNdBGhXVTksrjiF+6ZtDpD3iI56GH9zLxnqvXkgn3u0+Ard5TqF/xmdwVw
-NY0V/aWYfcL2G2auBCQrPvM03ozRnVUwVfP23eUzX2ORNHCYhd2ObQx4krrhs7cJ
-SWxtKwFlstoXY3K2g9oRD9UxdQ==
------END CERTIFICATE-----`
-
-// BarCert is a PEM-encoded TLS cert.
-// generated from src/crypto/tls:
-// go run generate_cert.go  --rsa-bits 1024 --host bar.org,bar.com  --ca --start-date "Jan 1 00:00:00 1970" --duration=10000h
-const barCert = `-----BEGIN CERTIFICATE-----
-MIICHTCCAYagAwIBAgIQcuIcNEXzBHPoxna5S6wG4jANBgkqhkiG9w0BAQsFADAS
-MRAwDgYDVQQKEwdBY21lIENvMB4XDTcwMDEwMTAwMDAwMFoXDTcxMDIyMTE2MDAw
-MFowEjEQMA4GA1UEChMHQWNtZSBDbzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkC
-gYEAqtcrP+KA7D6NjyztGNIPMup9KiBMJ8QL+preog/YHR7SQLO3kGFhpS3WKMab
-SzMypC3ZX1PZjBP5ZzwaV3PFbuwlCkPlyxR2lOWmullgI7mjY0TBeYLDIclIzGRp
-mpSDDSpkW1ay2iJDSpXjlhmwZr84hrCU7BRTQJo91fdsRTsCAwEAAaN0MHIwDgYD
-VR0PAQH/BAQDAgKkMBMGA1UdJQQMMAoGCCsGAQUFBwMBMA8GA1UdEwEB/wQFMAMB
-Af8wHQYDVR0OBBYEFK8jnzFQvBAgWtfzOyXY4VSkwrTXMBsGA1UdEQQUMBKCB2Jh
-ci5vcmeCB2Jhci5jb20wDQYJKoZIhvcNAQELBQADgYEAJz0ifAExisC/ZSRhWuHz
-7qs1i6Nd4+YgEVR8dR71MChP+AMxucY1/ajVjb9xlLys3GPE90TWSdVppabEVjZY
-Oq11nPKc50ItTt8dMku6t0JHBmzoGdkN0V4zJCBqdQJxhop8JpYJ0S9CW0eT93h3
-ipYQSsmIINGtMXJ8VkP/MlM=
------END CERTIFICATE-----`
-
-type gaugeMock struct {
-	metrics map[string]float64
-	labels  string
-}
-
-func (g gaugeMock) With(labelValues ...string) metrics.Gauge {
-	g.labels = strings.Join(labelValues, ",")
-	return g
-}
-
-func (g gaugeMock) Set(value float64) {
-	g.metrics[g.labels] = value
-}
-
-func (g gaugeMock) Add(delta float64) {
-	panic("implement me")
-}
-
-func TestAppendCertMetric(t *testing.T) {
-	testCases := []struct {
-		desc     string
-		certs    []string
-		expected map[string]float64
-	}{
-		{
-			desc:     "No certs",
-			certs:    []string{},
-			expected: map[string]float64{},
-		},
-		{
-			desc:  "One cert",
-			certs: []string{fooCert},
-			expected: map[string]float64{
-				"cn,,serial,123624926713171615935660664614975025408,sans,foo.com,foo.org": 3.6e+09,
-			},
-		},
-		{
-			desc:  "Two certs",
-			certs: []string{fooCert, barCert},
-			expected: map[string]float64{
-				"cn,,serial,123624926713171615935660664614975025408,sans,foo.com,foo.org": 3.6e+09,
-				"cn,,serial,152706022658490889223053211416725817058,sans,bar.com,bar.org": 3.6e+07,
-			},
-		},
-	}
-
-	for _, test := range testCases {
-		t.Run(test.desc, func(t *testing.T) {
-			t.Parallel()
-
-			gauge := &gaugeMock{
-				metrics: map[string]float64{},
-			}
-
-			for _, cert := range test.certs {
-				block, _ := pem.Decode([]byte(cert))
-				parsedCert, err := x509.ParseCertificate(block.Bytes)
-				require.NoError(t, err)
-
-				appendCertMetric(gauge, parsedCert)
-			}
-
-			assert.Equal(t, test.expected, gauge.metrics)
-		})
-	}
-}
-
-func TestGetDefaultsEntrypoints(t *testing.T) {
-	testCases := []struct {
-		desc        string
-		entrypoints static.EntryPoints
-		expected    []string
-	}{
-		{
-			desc: "Skips special names",
-			entrypoints: map[string]*static.EntryPoint{
-				"web": {
-					Address: ":80",
-				},
-				"traefik": {
-					Address: ":8080",
-				},
-			},
-			expected: []string{"web"},
-		},
-		{
-			desc: "Two EntryPoints not attachable",
-			entrypoints: map[string]*static.EntryPoint{
-				"web": {
-					Address: ":80",
-				},
-				"websecure": {
-					Address: ":443",
-				},
-			},
-			expected: []string{"web", "websecure"},
-		},
-		{
-			desc: "Two EntryPoints only one attachable",
-			entrypoints: map[string]*static.EntryPoint{
-				"web": {
-					Address: ":80",
-				},
-				"websecure": {
-					Address:   ":443",
-					AsDefault: true,
-				},
-			},
-			expected: []string{"websecure"},
-		},
-		{
-			desc: "Two attachable EntryPoints",
-			entrypoints: map[string]*static.EntryPoint{
-				"web": {
-					Address:   ":80",
-					AsDefault: true,
-				},
-				"websecure": {
-					Address:   ":443",
-					AsDefault: true,
-				},
-			},
-			expected: []string{"web", "websecure"},
-		},
-	}
-
-	for _, test := range testCases {
-		t.Run(test.desc, func(t *testing.T) {
-			actual := getDefaultsEntrypoints(&static.Configuration{
-				EntryPoints: test.entrypoints,
-			})
-
-			assert.ElementsMatch(t, test.expected, actual)
-		})
-	}
-}

cmd/version/version.go

@@ -1,60 +0,0 @@
-package version
-
-import (
-	"fmt"
-	"io"
-	"os"
-	"runtime"
-	"text/template"
-
-	"github.com/traefik/paerser/cli"
-	"github.com/traefik/traefik/v3/pkg/version"
-)
-
-var versionTemplate = `Version:      {{.Version}}
-Codename:     {{.Codename}}
-Go version:   {{.GoVersion}}
-Built:        {{.BuildTime}}
-OS/Arch:      {{.Os}}/{{.Arch}}`
-
-// NewCmd builds a new Version command.
-func NewCmd() *cli.Command {
-	return &cli.Command{
-		Name:          "version",
-		Description:   `Shows the current Traefik version.`,
-		Configuration: nil,
-		Run: func(_ []string) error {
-			if err := GetPrint(os.Stdout); err != nil {
-				return err
-			}
-			fmt.Print("\n")
-			return nil
-		},
-	}
-}
-
-// GetPrint write Printable version.
-func GetPrint(wr io.Writer) error {
-	tmpl, err := template.New("").Parse(versionTemplate)
-	if err != nil {
-		return err
-	}
-
-	v := struct {
-		Version   string
-		Codename  string
-		GoVersion string
-		BuildTime string
-		Os        string
-		Arch      string
-	}{
-		Version:   version.Version,
-		Codename:  version.Codename,
-		GoVersion: runtime.Version(),
-		BuildTime: version.BuildDate,
-		Os:        runtime.GOOS,
-		Arch:      runtime.GOARCH,
-	}
-
-	return tmpl.Execute(wr, v)
-}

configuration.go

@@ -0,0 +1,314 @@
+package main
+
+import (
+	"errors"
+	"fmt"
+	"github.com/containous/traefik/acme"
+	"github.com/containous/traefik/provider"
+	"github.com/containous/traefik/types"
+	"regexp"
+	"strings"
+	"time"
+)
+
+// TraefikConfiguration holds GlobalConfiguration and other stuff
+type TraefikConfiguration struct {
+	GlobalConfiguration
+	ConfigFile string `short:"c" description:"Configuration file to use (TOML)."`
+}
+
+// GlobalConfiguration holds global configuration (with providers, etc.).
+// It's populated from the traefik configuration file passed as an argument to the binary.
+type GlobalConfiguration struct {
+	GraceTimeOut              int64                   `short:"g" description:"Duration to give active requests a chance to finish during hot-reload"`
+	Debug                     bool                    `short:"d" description:"Enable debug mode"`
+	AccessLogsFile            string                  `description:"Access logs file"`
+	TraefikLogsFile           string                  `description:"Traefik logs file"`
+	LogLevel                  string                  `short:"l" description:"Log level"`
+	EntryPoints               EntryPoints             `description:"Entrypoints definition using format: --entryPoints='Name:http Address::8000 Redirect.EntryPoint:https' --entryPoints='Name:https Address::4442 TLS:tests/traefik.crt,tests/traefik.key'"`
+	Constraints               types.Constraints       `description:"Filter services by constraint, matching with service tags."`
+	ACME                      *acme.ACME              `description:"Enable ACME (Let's Encrypt): automatic SSL"`
+	DefaultEntryPoints        DefaultEntryPoints      `description:"Entrypoints to be used by frontends that do not specify any entrypoint"`
+	ProvidersThrottleDuration time.Duration           `description:"Backends throttle duration: minimum duration between 2 events from providers before applying a new configuration. It avoids unnecessary reloads if multiples events are sent in a short amount of time."`
+	MaxIdleConnsPerHost       int                     `description:"If non-zero, controls the maximum idle (keep-alive) to keep per-host.  If zero, DefaultMaxIdleConnsPerHost is used"`
+	Retry                     *Retry                  `description:"Enable retry sending request if network error"`
+	Docker                    *provider.Docker        `description:"Enable Docker backend"`
+	File                      *provider.File          `description:"Enable File backend"`
+	Web                       *WebProvider            `description:"Enable Web backend"`
+	Marathon                  *provider.Marathon      `description:"Enable Marathon backend"`
+	Consul                    *provider.Consul        `description:"Enable Consul backend"`
+	ConsulCatalog             *provider.ConsulCatalog `description:"Enable Consul catalog backend"`
+	Etcd                      *provider.Etcd          `description:"Enable Etcd backend"`
+	Zookeeper                 *provider.Zookepper     `description:"Enable Zookeeper backend"`
+	Boltdb                    *provider.BoltDb        `description:"Enable Boltdb backend"`
+	Kubernetes                *provider.Kubernetes    `description:"Enable Kubernetes backend"`
+}
+
+// DefaultEntryPoints holds default entry points
+type DefaultEntryPoints []string
+
+// String is the method to format the flag's value, part of the flag.Value interface.
+// The String method's output will be used in diagnostics.
+func (dep *DefaultEntryPoints) String() string {
+	return strings.Join(*dep, ",")
+}
+
+// Set is the method to set the flag value, part of the flag.Value interface.
+// Set's argument is a string to be parsed to set the flag.
+// It's a comma-separated list, so we split it.
+func (dep *DefaultEntryPoints) Set(value string) error {
+	entrypoints := strings.Split(value, ",")
+	if len(entrypoints) == 0 {
+		return errors.New("Bad DefaultEntryPoints format: " + value)
+	}
+	for _, entrypoint := range entrypoints {
+		*dep = append(*dep, entrypoint)
+	}
+	return nil
+}
+
+// Get return the EntryPoints map
+func (dep *DefaultEntryPoints) Get() interface{} { return DefaultEntryPoints(*dep) }
+
+// SetValue sets the EntryPoints map with val
+func (dep *DefaultEntryPoints) SetValue(val interface{}) {
+	*dep = DefaultEntryPoints(val.(DefaultEntryPoints))
+}
+
+// Type is type of the struct
+func (dep *DefaultEntryPoints) Type() string {
+	return fmt.Sprint("defaultentrypoints")
+}
+
+// EntryPoints holds entry points configuration of the reverse proxy (ip, port, TLS...)
+type EntryPoints map[string]*EntryPoint
+
+// String is the method to format the flag's value, part of the flag.Value interface.
+// The String method's output will be used in diagnostics.
+func (ep *EntryPoints) String() string {
+	return fmt.Sprintf("%+v", *ep)
+}
+
+// Set is the method to set the flag value, part of the flag.Value interface.
+// Set's argument is a string to be parsed to set the flag.
+// It's a comma-separated list, so we split it.
+func (ep *EntryPoints) Set(value string) error {
+	regex := regexp.MustCompile("(?:Name:(?P<Name>\\S*))\\s*(?:Address:(?P<Address>\\S*))?\\s*(?:TLS:(?P<TLS>\\S*))?\\s*((?P<TLSACME>TLS))?\\s*(?:Redirect.EntryPoint:(?P<RedirectEntryPoint>\\S*))?\\s*(?:Redirect.Regex:(?P<RedirectRegex>\\S*))?\\s*(?:Redirect.Replacement:(?P<RedirectReplacement>\\S*))?")
+	match := regex.FindAllStringSubmatch(value, -1)
+	if match == nil {
+		return errors.New("Bad EntryPoints format: " + value)
+	}
+	matchResult := match[0]
+	result := make(map[string]string)
+	for i, name := range regex.SubexpNames() {
+		if i != 0 {
+			result[name] = matchResult[i]
+		}
+	}
+	var tls *TLS
+	if len(result["TLS"]) > 0 {
+		certs := Certificates{}
+		if err := certs.Set(result["TLS"]); err != nil {
+			return err
+		}
+		tls = &TLS{
+			Certificates: certs,
+		}
+	} else if len(result["TLSACME"]) > 0 {
+		tls = &TLS{
+			Certificates: Certificates{},
+		}
+	}
+	var redirect *Redirect
+	if len(result["RedirectEntryPoint"]) > 0 || len(result["RedirectRegex"]) > 0 || len(result["RedirectReplacement"]) > 0 {
+		redirect = &Redirect{
+			EntryPoint:  result["RedirectEntryPoint"],
+			Regex:       result["RedirectRegex"],
+			Replacement: result["RedirectReplacement"],
+		}
+	}
+
+	(*ep)[result["Name"]] = &EntryPoint{
+		Address:  result["Address"],
+		TLS:      tls,
+		Redirect: redirect,
+	}
+
+	return nil
+}
+
+// Get return the EntryPoints map
+func (ep *EntryPoints) Get() interface{} { return EntryPoints(*ep) }
+
+// SetValue sets the EntryPoints map with val
+func (ep *EntryPoints) SetValue(val interface{}) {
+	*ep = EntryPoints(val.(EntryPoints))
+}
+
+// Type is type of the struct
+func (ep *EntryPoints) Type() string {
+	return fmt.Sprint("entrypoints")
+}
+
+// EntryPoint holds an entry point configuration of the reverse proxy (ip, port, TLS...)
+type EntryPoint struct {
+	Network  string
+	Address  string
+	TLS      *TLS
+	Redirect *Redirect
+}
+
+// Redirect configures a redirection of an entry point to another, or to an URL
+type Redirect struct {
+	EntryPoint  string
+	Regex       string
+	Replacement string
+}
+
+// TLS configures TLS for an entry point
+type TLS struct {
+	Certificates Certificates
+}
+
+// Certificates defines traefik certificates type
+type Certificates []Certificate
+
+// String is the method to format the flag's value, part of the flag.Value interface.
+// The String method's output will be used in diagnostics.
+func (certs *Certificates) String() string {
+	if len(*certs) == 0 {
+		return ""
+	}
+	return (*certs)[0].CertFile + "," + (*certs)[0].KeyFile
+}
+
+// Set is the method to set the flag value, part of the flag.Value interface.
+// Set's argument is a string to be parsed to set the flag.
+// It's a comma-separated list, so we split it.
+func (certs *Certificates) Set(value string) error {
+	files := strings.Split(value, ",")
+	if len(files) != 2 {
+		return errors.New("Bad certificates format: " + value)
+	}
+	*certs = append(*certs, Certificate{
+		CertFile: files[0],
+		KeyFile:  files[1],
+	})
+	return nil
+}
+
+// Type is type of the struct
+func (certs *Certificates) Type() string {
+	return fmt.Sprint("certificates")
+}
+
+// Certificate holds a SSL cert/key pair
+type Certificate struct {
+	CertFile string
+	KeyFile  string
+}
+
+// Retry contains request retry config
+type Retry struct {
+	Attempts int `description:"Number of attempts"`
+}
+
+// NewTraefikDefaultPointersConfiguration creates a TraefikConfiguration with pointers default values
+func NewTraefikDefaultPointersConfiguration() *TraefikConfiguration {
+	//default Docker
+	var defaultDocker provider.Docker
+	defaultDocker.Watch = true
+	defaultDocker.Endpoint = "unix:///var/run/docker.sock"
+
+	// default File
+	var defaultFile provider.File
+	defaultFile.Watch = true
+	defaultFile.Filename = "" //needs equivalent to  viper.ConfigFileUsed()
+
+	// default Web
+	var defaultWeb WebProvider
+	defaultWeb.Address = ":8080"
+
+	// default Marathon
+	var defaultMarathon provider.Marathon
+	defaultMarathon.Watch = true
+	defaultMarathon.Endpoint = "http://127.0.0.1:8080"
+	defaultMarathon.ExposedByDefault = true
+	defaultMarathon.Constraints = []types.Constraint{}
+
+	// default Consul
+	var defaultConsul provider.Consul
+	defaultConsul.Watch = true
+	defaultConsul.Endpoint = "127.0.0.1:8500"
+	defaultConsul.Prefix = "traefik"
+	defaultConsul.Constraints = []types.Constraint{}
+
+	// default ConsulCatalog
+	var defaultConsulCatalog provider.ConsulCatalog
+	defaultConsulCatalog.Endpoint = "127.0.0.1:8500"
+	defaultConsulCatalog.Constraints = []types.Constraint{}
+
+	// default Etcd
+	var defaultEtcd provider.Etcd
+	defaultEtcd.Watch = true
+	defaultEtcd.Endpoint = "127.0.0.1:2379"
+	defaultEtcd.Prefix = "/traefik"
+	defaultEtcd.Constraints = []types.Constraint{}
+
+	//default Zookeeper
+	var defaultZookeeper provider.Zookepper
+	defaultZookeeper.Watch = true
+	defaultZookeeper.Endpoint = "127.0.0.1:2181"
+	defaultZookeeper.Prefix = "/traefik"
+	defaultZookeeper.Constraints = []types.Constraint{}
+
+	//default Boltdb
+	var defaultBoltDb provider.BoltDb
+	defaultBoltDb.Watch = true
+	defaultBoltDb.Endpoint = "127.0.0.1:4001"
+	defaultBoltDb.Prefix = "/traefik"
+	defaultBoltDb.Constraints = []types.Constraint{}
+
+	//default Kubernetes
+	var defaultKubernetes provider.Kubernetes
+	defaultKubernetes.Watch = true
+	defaultKubernetes.Endpoint = "http://127.0.0.1:8080"
+	defaultKubernetes.Constraints = []types.Constraint{}
+
+	defaultConfiguration := GlobalConfiguration{
+		Docker:        &defaultDocker,
+		File:          &defaultFile,
+		Web:           &defaultWeb,
+		Marathon:      &defaultMarathon,
+		Consul:        &defaultConsul,
+		ConsulCatalog: &defaultConsulCatalog,
+		Etcd:          &defaultEtcd,
+		Zookeeper:     &defaultZookeeper,
+		Boltdb:        &defaultBoltDb,
+		Kubernetes:    &defaultKubernetes,
+		Retry:         &Retry{},
+	}
+	return &TraefikConfiguration{
+		GlobalConfiguration: defaultConfiguration,
+	}
+}
+
+// NewTraefikConfiguration creates a TraefikConfiguration with default values
+func NewTraefikConfiguration() *TraefikConfiguration {
+	return &TraefikConfiguration{
+		GlobalConfiguration: GlobalConfiguration{
+			GraceTimeOut:              10,
+			AccessLogsFile:            "",
+			TraefikLogsFile:           "",
+			LogLevel:                  "ERROR",
+			EntryPoints:               map[string]*EntryPoint{},
+			Constraints:               []types.Constraint{},
+			DefaultEntryPoints:        []string{},
+			ProvidersThrottleDuration: time.Duration(2 * time.Second),
+			MaxIdleConnsPerHost:       200,
+		},
+		ConfigFile: "",
+	}
+}
+
+type configs map[string]*types.Configuration

contrib/systemd/traefik.service

@@ -1,41 +1,6 @@
 [Unit]
 Description=Traefik
-Documentation=https://doc.traefik.io/traefik/
-#After=network-online.target
-#AssertFileIsExecutable=/usr/bin/traefik
-#AssertPathExists=/etc/traefik/traefik.toml
 
 [Service]
-# Run traefik as its own user (create new user with: useradd -r -s /bin/false -U -M traefik)
-#User=traefik
-#AmbientCapabilities=CAP_NET_BIND_SERVICE
-
-# configure service behavior
-Type=notify
-#ExecStart=/usr/bin/traefik --configFile=/etc/traefik/traefik.toml
-Restart=always
-WatchdogSec=1s
-
-# lock down system access
-# prohibit any operating system and configuration modification
-#ProtectSystem=strict
-# create separate, new (and empty) /tmp and /var/tmp filesystems
-#PrivateTmp=true
-# make /home directories inaccessible
-#ProtectHome=true
-# turns off access to physical devices (/dev/...)
-#PrivateDevices=true
-# make kernel settings (procfs and sysfs) read-only
-#ProtectKernelTunables=true
-# make cgroups /sys/fs/cgroup read-only
-#ProtectControlGroups=true
-
-# allow writing of acme.json
-#ReadWritePaths=/etc/traefik/acme.json
-# depending on log and entrypoint configuration, you may need to allow writing to other paths, too
-
-# limit number of processes in this unit
-#LimitNPROC=1
-
-[Install]
-WantedBy=multi-user.target
+ExecStart=/usr/bin/traefik --configFile=/etc/traefik.toml
+Restart=on-failure

docs/.dockerignore

@@ -1 +0,0 @@
-site/

docs/.markdownlint.json

@@ -1,13 +0,0 @@
-{
-    "no-hard-tabs": false,
-    "MD007": { "indent": 4 },
-    "MD009": false,
-    "MD013": false,
-    "MD024": false,
-    "MD025": false,
-    "MD026": false,
-    "MD033": false,
-    "MD034": false,
-    "MD036": false,
-    "MD046": false
-}

docs/CNAME

@@ -0,0 +1 @@
+docs.traefik.io

docs/Makefile

@@ -1,65 +0,0 @@
-#######
-# This Makefile contains all targets related to the documentation
-#######
-
-DOCS_VERIFY_SKIP ?= false
-DOCS_LINT_SKIP ?= false
-
-TRAEFIK_DOCS_BUILD_IMAGE ?= traefik-docs
-TRAEFIK_DOCS_CHECK_IMAGE ?= $(TRAEFIK_DOCS_BUILD_IMAGE)-check
-
-SITE_DIR := $(CURDIR)/site
-
-DOCKER_RUN_DOC_PORT := 8000
-DOCKER_RUN_DOC_MOUNTS := -v $(CURDIR):/mkdocs
-DOCKER_RUN_DOC_OPTS := --rm $(DOCKER_RUN_DOC_MOUNTS) -p $(DOCKER_RUN_DOC_PORT):8000
-
-# Default: generates the documentation into $(SITE_DIR)
-.PHONY: docs
-docs: docs-clean docs-image docs-lint docs-build docs-verify
-
-# Writer Mode: build and serve docs on http://localhost:8000 with livereload
-.PHONY: docs-serve
-docs-serve: docs-image
-	docker run  $(DOCKER_RUN_DOC_OPTS) $(TRAEFIK_DOCS_BUILD_IMAGE) mkdocs serve
-
-## Pull image for doc building
-.PHONY: docs-pull-images
-docs-pull-images:
-	grep --no-filename -E '^FROM' ./*.Dockerfile \
-		| awk '{print $$2}' \
-		| sort \
-		| uniq \
-		| xargs -P 6 -n 1 docker pull
-
-# Utilities Targets for each step
-.PHONY: docs-image
-docs-image:
-	docker build -t $(TRAEFIK_DOCS_BUILD_IMAGE) -f docs.Dockerfile ./
-
-.PHONY: docs-build
-docs-build: docs-image
-	docker run $(DOCKER_RUN_DOC_OPTS) $(TRAEFIK_DOCS_BUILD_IMAGE) sh -c "mkdocs build \
-		&& chown -R $(shell id -u):$(shell id -g) ./site"
-
-.PHONY: docs-verify
-docs-verify: docs-build
-ifneq ("$(DOCS_VERIFY_SKIP)", "true")
-	docker build -t $(TRAEFIK_DOCS_CHECK_IMAGE) -f check.Dockerfile ./
-	docker run --rm -v $(CURDIR):/app $(TRAEFIK_DOCS_CHECK_IMAGE) /verify.sh
-else
-	echo "DOCS_VERIFY_SKIP is true: no verification done."
-endif
-
-.PHONY: docs-lint
-docs-lint:
-ifneq ("$(DOCS_LINT_SKIP)", "true")
-	docker build -t $(TRAEFIK_DOCS_CHECK_IMAGE) -f check.Dockerfile ./
-	docker run --rm -v $(CURDIR):/app $(TRAEFIK_DOCS_CHECK_IMAGE) /lint.sh
-else
-	echo "DOCS_LINT_SKIP is true: no linting done."
-endif
-
-.PHONY: docs-clean
-docs-clean:
-	rm -rf $(SITE_DIR)

docs/basics.md

@@ -0,0 +1,267 @@
+
+# Concepts
+
+Let's take our example from the [overview](https://docs.traefik.io/#overview) again:
+
+
+> Imagine that you have deployed a bunch of microservices on your infrastructure. You probably used a service registry (like etcd or consul) and/or an orchestrator (swarm, Mesos/Marathon) to manage all these services.
+> If you want your users to access some of your microservices from the Internet, you will have to use a reverse proxy and configure it using virtual hosts or prefix paths:
+
+> - domain `api.domain.com` will point the microservice `api` in your private network
+> - path `domain.com/web` will point the microservice `web` in your private network
+> - domain `backoffice.domain.com` will point the microservices `backoffice` in your private network, load-balancing between your multiple instances
+
+> ![Architecture](img/architecture.png)
+
+Let's zoom on Træfɪk and have an overview of its internal architecture:
+
+
+![Architecture](img/internal.png)
+
+- Incoming requests end on [entrypoints](#entrypoints), as the name suggests, they are the network entry points into Træfɪk (listening port, SSL, traffic redirection...).
+- Traffic is then forwarded to a matching [frontend](#frontends). A frontend defines routes from [entrypoints](#entrypoints) to [backends](#backends).
+Routes are created using requests fields (`Host`, `Path`, `Headers`...) and can match or not a request.
+- The [frontend](#frontends) will then send the request to a [backend](#backends). A backend can be composed by one or more [servers](#servers), and by a load-balancing strategy.
+- Finally, the [server](#servers) will forward the request to the corresponding microservice in the private network.
+
+## Entrypoints
+
+Entrypoints are the network entry points into Træfɪk.
+They can be defined using:
+
+- a port (80, 443...)
+- SSL (Certificates. Keys...)
+- redirection to another entrypoint (redirect `HTTP` to `HTTPS`)
+
+Here is an example of entrypoints definition:
+
+```toml
+[entryPoints]
+  [entryPoints.http]
+  address = ":80"
+    [entryPoints.http.redirect]
+    entryPoint = "https"
+  [entryPoints.https]
+  address = ":443"
+    [entryPoints.https.tls]
+      [[entryPoints.https.tls.certificates]]
+      certFile = "tests/traefik.crt"
+      keyFile = "tests/traefik.key"
+```
+
+- Two entrypoints are defined `http` and `https`.
+- `http` listens on port `80` and `https` on port `443`.
+- We enable SSL on `https` by giving a certificate and a key.
+- We also redirect all the traffic from entrypoint `http` to `https`.
+
+## Frontends
+
+A frontend is a set of rules that forwards the incoming traffic from an entrypoint to a backend.
+Frontends can be defined using the following rules:
+
+- `Headers: Content-Type, application/json`: Headers adds a matcher for request header values. It accepts a sequence of key/value pairs to be matched.
+- `HeadersRegexp: Content-Type, application/(text|json)`: Regular expressions can be used with headers as well. It accepts a sequence of key/value pairs, where the value has regex support.
+- `Host: traefik.io, www.traefik.io`: Match request host with given host list.
+- `HostRegexp: traefik.io, {subdomain:[a-z]+}.traefik.io`: Adds a matcher for the URL hosts. It accepts templates with zero or more URL variables enclosed by `{}`. Variables can define an optional regexp pattern to be matched.
+- `Method: GET, POST, PUT`: Method adds a matcher for HTTP methods. It accepts a sequence of one or more methods to be matched.
+- `Path: /products/, /articles/{category}/{id:[0-9]+}`: Path adds a matcher for the URL paths. It accepts templates with zero or more URL variables enclosed by `{}`.
+- `PathStrip`: Same as `Path` but strip the given prefix from the request URL's Path.
+- `PathPrefix`: PathPrefix adds a matcher for the URL path prefixes. This matches if the given template is a prefix of the full URL path.
+- `PathPrefixStrip`: Same as `PathPrefix` but strip the given prefix from the request URL's Path.
+
+You can use multiple rules by separating them by `;`
+
+You can optionally enable `passHostHeader` to forward client `Host` header to the backend.
+
+Here is an example of frontends definition:
+
+```toml
+[frontends]
+  [frontends.frontend1]
+  backend = "backend2"
+    [frontends.frontend1.routes.test_1]
+    rule = "Host:test.localhost,test2.localhost"
+  [frontends.frontend2]
+  backend = "backend1"
+  passHostHeader = true
+  priority = 10
+  entrypoints = ["https"] # overrides defaultEntryPoints
+    [frontends.frontend2.routes.test_1]
+    rule = "Host:localhost,{subdomain:[a-z]+}.localhost"
+  [frontends.frontend3]
+  backend = "backend2"
+    [frontends.frontend3.routes.test_1]
+    rule = "Host:test3.localhost;Path:/test"
+```
+
+- Three frontends are defined: `frontend1`, `frontend2` and `frontend3`
+- `frontend1` will forward the traffic to the `backend2` if the rule `Host:test.localhost,test2.localhost` is matched
+- `frontend2` will forward the traffic to the `backend1` if the rule `Host:localhost,{subdomain:[a-z]+}.localhost` is matched (forwarding client `Host` header to the backend)
+- `frontend3` will forward the traffic to the `backend2` if the rules `Host:test3.localhost` **AND** `Path:/test` are matched
+
+### Combining multiple rules
+
+As seen in the previous example, you can combine multiple rules.
+In TOML file, you can use multiple routes:
+
+```toml
+  [frontends.frontend3]
+  backend = "backend2"
+    [frontends.frontend3.routes.test_1]
+    rule = "Host:test3.localhost"
+    [frontends.frontend3.routes.test_2]
+    rule = "Host:Path:/test"
+```
+
+Here `frontend3` will forward the traffic to the `backend2` if the rules `Host:test3.localhost` **AND** `Path:/test` are matched.
+You can also use the notation using a `;` separator, same result:
+
+```toml
+  [frontends.frontend3]
+  backend = "backend2"
+    [frontends.frontend3.routes.test_1]
+    rule = "Host:test3.localhost;Path:/test"
+```
+
+Finally, you can create a rule to bind multiple domains or Path to a frontend, using the `,` separator:
+
+```toml
+ [frontends.frontend2]
+    [frontends.frontend2.routes.test_1]
+    rule = "Host:test1.localhost,test2.localhost"
+  [frontends.frontend3]
+  backend = "backend2"
+    [frontends.frontend3.routes.test_1]
+    rule = "Path:/test1,/test2"
+```
+
+### Priorities
+
+By default, routes will be sorted (in descending order) using rules length (to avoid path overlap):
+`PathPrefix:/12345` will be matched before `PathPrefix:/1234` that will be matched before `PathPrefix:/1`.
+
+You can customize priority by frontend:
+
+```
+  [frontends]
+    [frontends.frontend1]
+    backend = "backend1"
+    priority = 10
+    passHostHeader = true
+      [frontends.frontend1.routes.test_1]
+      rule = "PathPrefix:/to"
+    [frontends.frontend2]
+    priority = 5
+    backend = "backend2"
+    passHostHeader = true
+      [frontends.frontend2.routes.test_1]
+      rule = "PathPrefix:/toto"
+```
+
+Here, `frontend1` will be matched before `frontend2` (`10 > 5`).
+
+## Backends
+
+A backend is responsible to load-balance the traffic coming from one or more frontends to a set of http servers.
+Various methods of load-balancing is supported:
+
+- `wrr`: Weighted Round Robin
+- `drr`: Dynamic Round Robin: increases weights on servers that perform better than others. It also rolls back to original weights if the servers have changed.
+
+A circuit breaker can also be applied to a backend, preventing high loads on failing servers.
+Initial state is Standby. CB observes the statistics and does not modify the request.
+In case if condition matches, CB enters Tripped state, where it responds with predefines code or redirects to another frontend.
+Once Tripped timer expires, CB enters Recovering state and resets all stats.
+In case if the condition does not match and recovery timer expires, CB enters Standby state.
+
+It can be configured using:
+
+- Methods: `LatencyAtQuantileMS`, `NetworkErrorRatio`, `ResponseCodeRatio`
+- Operators:  `AND`, `OR`, `EQ`, `NEQ`, `LT`, `LE`, `GT`, `GE`
+
+For example:
+
+- `NetworkErrorRatio() > 0.5`: watch error ratio over 10 second sliding window for a frontend
+- `LatencyAtQuantileMS(50.0) > 50`:  watch latency at quantile in milliseconds.
+- `ResponseCodeRatio(500, 600, 0, 600) > 0.5`: ratio of response codes in range [500-600) to  [0-600)
+
+To proactively prevent backends from being overwhelmed with high load, a maximum connection limit can
+also be applied to each backend.
+
+Maximum connections can be configured by specifying an integer value for `maxconn.amount` and
+`maxconn.extractorfunc` which is a strategy used to determine how to categorize requests in order to
+evaluate the maximum connections.
+
+For example:
+```toml
+[backends]
+  [backends.backend1]
+    [backends.backend1.maxconn]
+       amount = 10
+       extractorfunc = "request.host"
+```
+
+- `backend1` will return `HTTP code 429 Too Many Requests` if there are already 10 requests in progress for the same Host header.
+- Another possible value for `extractorfunc` is `client.ip` which will categorize requests based on client source ip.
+- Lastly `extractorfunc` can take the value of `request.header.ANY_HEADER` which will categorize requests based on `ANY_HEADER` that you provide.
+
+## Servers
+
+Servers are simply defined using a `URL`. You can also apply a custom `weight` to each server (this will be used by load-balancing).
+
+Here is an example of backends and servers definition:
+
+```toml
+[backends]
+  [backends.backend1]
+    [backends.backend1.circuitbreaker]
+      expression = "NetworkErrorRatio() > 0.5"
+    [backends.backend1.servers.server1]
+    url = "http://172.17.0.2:80"
+    weight = 10
+    [backends.backend1.servers.server2]
+    url = "http://172.17.0.3:80"
+    weight = 1
+  [backends.backend2]
+    [backends.backend2.LoadBalancer]
+      method = "drr"
+    [backends.backend2.servers.server1]
+    url = "http://172.17.0.4:80"
+    weight = 1
+    [backends.backend2.servers.server2]
+    url = "http://172.17.0.5:80"
+    weight = 2
+```
+
+- Two backends are defined: `backend1` and `backend2`
+- `backend1` will forward the traffic to two servers: `http://172.17.0.2:80"` with weight `10` and `http://172.17.0.3:80` with weight `1` using default `wrr` load-balancing strategy.
+- `backend2` will forward the traffic to two servers: `http://172.17.0.4:80"` with weight `1` and `http://172.17.0.5:80` with weight `2` using `drr` load-balancing strategy.
+- a circuit breaker is added on `backend1` using the expression `NetworkErrorRatio() > 0.5`: watch error ratio over 10 second sliding window
+
+# Launch
+
+Træfɪk can be configured using a TOML file configuration, arguments, or both.
+By default, Træfɪk will try to find a `traefik.toml` in the following places:
+
+- `/etc/traefik/`
+- `$HOME/.traefik/`
+- `.` *the working directory*
+
+You can override this by setting a `configFile` argument:
+
+```bash
+$ traefik --configFile=foo/bar/myconfigfile.toml
+```
+
+Træfɪk uses the following precedence order. Each item takes precedence over the item below it:
+
+- arguments
+- configuration file
+- default
+
+It means that arguments overrides configuration file.
+Each argument is described in the help section:
+
+```bash
+$ traefik --help
+```

docs/benchmarks.md

@@ -0,0 +1,213 @@
+# Benchmarks
+
+## Configuration
+
+I would like to thanks [vincentbernat](https://github.com/vincentbernat) from [exoscale.ch](https://www.exoscale.ch) who kindly provided the infrastructure needed for the benchmarks.
+
+I used 4 VMs for the tests with the following configuration:
+
+- 32 GB RAM
+- 8 CPU Cores
+- 10 GB SSD
+- Ubuntu 14.04 LTS 64-bit
+
+## Setup
+
+1. One VM used to launch the benchmarking tool [wrk](https://github.com/wg/wrk)
+2. One VM for traefik (v1.0.0-beta.416) / nginx (v1.4.6)
+3. Two VMs for 2 backend servers in go [whoami](https://github.com/emilevauge/whoamI/)
+
+Each VM has been tuned using the following limits:
+
+```bash
+sysctl -w fs.file-max="9999999"
+sysctl -w fs.nr_open="9999999"
+sysctl -w net.core.netdev_max_backlog="4096"
+sysctl -w net.core.rmem_max="16777216"
+sysctl -w net.core.somaxconn="65535"
+sysctl -w net.core.wmem_max="16777216"
+sysctl -w net.ipv4.ip_local_port_range="1025       65535"
+sysctl -w net.ipv4.tcp_fin_timeout="30"
+sysctl -w net.ipv4.tcp_keepalive_time="30"
+sysctl -w net.ipv4.tcp_max_syn_backlog="20480"
+sysctl -w net.ipv4.tcp_max_tw_buckets="400000"
+sysctl -w net.ipv4.tcp_no_metrics_save="1"
+sysctl -w net.ipv4.tcp_syn_retries="2"
+sysctl -w net.ipv4.tcp_synack_retries="2"
+sysctl -w net.ipv4.tcp_tw_recycle="1"
+sysctl -w net.ipv4.tcp_tw_reuse="1"
+sysctl -w vm.min_free_kbytes="65536"
+sysctl -w vm.overcommit_memory="1"
+ulimit -n 9999999
+```
+
+### Nginx
+
+Here is the config Nginx file use `/etc/nginx/nginx.conf`:
+
+```
+user www-data;
+worker_processes auto;
+worker_rlimit_nofile 200000;
+pid /var/run/nginx.pid;
+
+events {
+    worker_connections 10000;
+    use epoll;
+    multi_accept on;
+}
+
+http {
+    sendfile on;
+    tcp_nopush on;
+    tcp_nodelay on;
+    keepalive_timeout 300;
+    keepalive_requests 10000;
+    types_hash_max_size 2048;
+
+    open_file_cache max=200000 inactive=300s; 
+    open_file_cache_valid 300s; 
+    open_file_cache_min_uses 2;
+    open_file_cache_errors on;
+
+    server_tokens off;
+    dav_methods off;
+
+    include /etc/nginx/mime.types;
+    default_type application/octet-stream;
+
+    access_log /var/log/nginx/access.log combined;
+    error_log /var/log/nginx/error.log warn;
+
+    gzip off;
+    gzip_vary off;
+
+    include /etc/nginx/conf.d/*.conf;
+    include /etc/nginx/sites-enabled/*.conf;
+}
+```
+
+Here is the Nginx vhost file used:
+
+```
+upstream whoami {
+    server IP-whoami1:80;
+    server IP-whoami2:80;
+    keepalive 300;
+}
+
+server {
+    listen 8001;
+    server_name test.traefik;
+    access_log off;
+    error_log /dev/null crit;
+    if ($host != "test.traefik") {
+        return 404;
+    }
+    location / {
+        proxy_pass http://whoami;
+        proxy_http_version 1.1;
+        proxy_set_header Connection "";
+	proxy_set_header  X-Forwarded-Host $host;
+    }
+}
+```
+
+### Traefik
+
+Here is the `traefik.toml` file used:
+
+```
+MaxIdleConnsPerHost = 100000
+defaultEntryPoints = ["http"]
+
+[entryPoints]
+  [entryPoints.http]
+  address = ":8000"
+
+[file]
+[backends]
+  [backends.backend1]
+    [backends.backend1.servers.server1]
+    url = "http://IP-whoami1:80"
+    weight = 1
+    [backends.backend1.servers.server2]
+    url = "http://IP-whoami2:80"
+    weight = 1
+
+[frontends]
+  [frontends.frontend1]
+  backend = "backend1"
+    [frontends.frontend1.routes.test_1]
+    rule = "Host: test.traefik"
+```
+
+## Results
+
+### whoami:
+```
+wrk -t20 -c1000 -d60s -H "Host: test.traefik" --latency  http://IP-whoami:80/bench
+Running 1m test @ http://IP-whoami:80/bench
+  20 threads and 1000 connections
+  Thread Stats   Avg      Stdev     Max   +/- Stdev
+    Latency    70.28ms  134.72ms   1.91s    89.94%
+    Req/Sec     2.92k   742.42     8.78k    68.80%
+  Latency Distribution
+     50%   10.63ms
+     75%   75.64ms
+     90%  205.65ms
+     99%  668.28ms
+  3476705 requests in 1.00m, 384.61MB read
+  Socket errors: connect 0, read 0, write 0, timeout 103
+Requests/sec:  57894.35
+Transfer/sec:      6.40MB
+```
+
+### nginx:
+```
+wrk -t20 -c1000 -d60s -H "Host: test.traefik" --latency  http://IP-nginx:8001/bench
+Running 1m test @ http://IP-nginx:8001/bench
+  20 threads and 1000 connections
+  Thread Stats   Avg      Stdev     Max   +/- Stdev
+    Latency   101.25ms  180.09ms   1.99s    89.34%
+    Req/Sec     1.69k   567.69     9.39k    72.62%
+  Latency Distribution
+     50%   15.46ms
+     75%  129.11ms
+     90%  302.44ms
+     99%  846.59ms
+  2018427 requests in 1.00m, 298.36MB read
+  Socket errors: connect 0, read 0, write 0, timeout 90
+Requests/sec:  33591.67
+Transfer/sec:      4.97MB
+```
+
+### traefik:
+```
+wrk -t20 -c1000 -d60s -H "Host: test.traefik" --latency  http://IP-traefik:8000/bench
+Running 1m test @ http://IP-traefik:8000/bench
+  20 threads and 1000 connections
+  Thread Stats   Avg      Stdev     Max   +/- Stdev
+    Latency    91.72ms  150.43ms   2.00s    90.50%
+    Req/Sec     1.43k   266.37     2.97k    69.77%
+  Latency Distribution
+     50%   19.74ms
+     75%  121.98ms
+     90%  237.39ms
+     99%  687.49ms
+  1705073 requests in 1.00m, 188.63MB read
+  Socket errors: connect 0, read 0, write 0, timeout 7
+Requests/sec:  28392.44
+Transfer/sec:      3.14MB
+```
+
+## Conclusion
+
+Traefik is obviously slower than Nginx, but not so much: Traefik can serve 28392 requests/sec and Nginx 33591 requests/sec which gives a ratio of 85%.
+Not bad for young project :) !
+
+Some areas of possible improvements:
+
+- Use [GO_REUSEPORT](https://github.com/kavu/go_reuseport) listener
+- Run a separate server instance per CPU core with `GOMAXPROCS=1` (it appears during benchmarks that there is a lot more context switches with traefik than with nginx)
+

docs/check.Dockerfile

@@ -1,43 +0,0 @@
-FROM alpine:3.20
-
-RUN apk --no-cache --no-progress add \
-    build-base \
-    gcompat \
-    libcurl \
-    libxml2-dev \
-    libxslt-dev \
-    ruby \
-    ruby-bigdecimal \
-    ruby-dev \
-    ruby-etc \
-    ruby-ffi \
-    ruby-json \
-    zlib-dev
-
-RUN gem install nokogiri --version 1.15.3 --no-document -- --use-system-libraries
-RUN gem install html-proofer --version 5.0.7 --no-document -- --use-system-libraries
-
-# After Ruby, some NodeJS YAY!
-RUN apk --no-cache --no-progress add \
-    git \
-    nodejs \
-    npm
-
-RUN npm install --global \
-    markdownlint@0.29.0 \
-    markdownlint-cli@0.35.0
-
-# Finally the shell tools we need for later
-# tini helps to terminate properly all the parallelized tasks when sending CTRL-C
-RUN apk --no-cache --no-progress add \
-    ca-certificates \
-    curl \
-    tini
-
-COPY ./scripts/verify.sh /verify.sh
-COPY ./scripts/lint.sh /lint.sh
-
-WORKDIR /app
-VOLUME ["/tmp","/app"]
-
-ENTRYPOINT ["/sbin/tini","-g","sh"]

docs/content/assets/js/extra.js

@@ -1,4 +0,0 @@
-/* Highlight */
-(function(hljs) {
-    hljs.initHighlightingOnLoad();
-})(hljs);

docs/content/assets/js/hljs/LICENSE

@@ -1,24 +0,0 @@
-Copyright (c) 2006, Ivan Sagalaev
-All rights reserved.
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are met:
-
-    * Redistributions of source code must retain the above copyright
-      notice, this list of conditions and the following disclaimer.
-    * Redistributions in binary form must reproduce the above copyright
-      notice, this list of conditions and the following disclaimer in the
-      documentation and/or other materials provided with the distribution.
-    * Neither the name of highlight.js nor the names of its contributors 
-      may be used to endorse or promote products derived from this software 
-      without specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND ANY
-EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
-WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
-DISCLAIMED. IN NO EVENT SHALL THE REGENTS AND CONTRIBUTORS BE LIABLE FOR ANY
-DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
-(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
-ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
-(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
-SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

docs/content/contributing/advocating.md

@@ -1,31 +0,0 @@
----
-title: "Traefik Advocation Documentation"
-description: "There are many ways to contribute to Traefik Proxy. Let us know if you’re talking about Traefik, and we'll promote your enthusiasm!"
----
-
-# Advocating
-
-Spread the Love & Tell Us About It
-{: .subtitle }
-
-Traefik Proxy was started by the community and for the community.
-You can contribute to the Traefik community in three main ways:
-
-**Spread the word!** Guides, videos, blog posts, how-to articles, and showing off your network design all help spread the word about Traefik Proxy
-and teach others in the community how to best implement it.
-It always sparks joy when users share how Traefik Proxy helps them solve their problems.
-If you are talking about Traefik Proxy, [let us know](https://traefik.io/submit-my-contribution/) and we will promote your work and reward your enthusiasm!
-If you are giving a talk that includes or is about Traefik Proxy, [let us know](https://traefik.io/submit-my-contribution/) and we will send you swag and stickers for your time at the conference.
-If you have written about Traefik or shared useful information you would like to promote, feel free to add links to the [dedicated wiki page on GitHub](https://github.com/traefik/traefik/wiki/Awesome-Traefik).
-
-**Help community members!** Everyone needs a place to share their cool innovations or get help with that pesky bug that only a different pair of eyes seems to be able to see.
-Join our [Community Forum](https://community.traefik.io/) where you can ask questions, help out other users, and share your neat configuration examples or snippets.
-Top contributors will be asked to join the Ambassador program and get unique swag to celebrate!
-
-**Build cool solutions!** Traefik Proxy would be so much better if only it had…
-We love all the wonderful ideas that our users come up with, but we can only build so much.
-Luckily, as an open source community, our users can help by [building awesome features](https://github.com/orgs/traefik/projects/9/views/7), enhancements, or bug fixes.
-We are a big community, so we do need to prioritize a bit.
-That is why we use the tag `contributor/wanted` to let you know which pull requests will make it to the front of the queue for design support and review.
-Feel free to grab one of these and run with it.
-Top contributors get unique swag to celebrate.

docs/content/contributing/building-testing.md

@@ -1,117 +0,0 @@
----
-title: "Traefik Building & Testing Documentation"
-description: "Compile and test your own Traefik Proxy! Learn how to build your own Traefik binary from the sources, and read the technical documentation."
----
-
-# Building and Testing
-
-Compile and Test Your Own Traefik!
-{: .subtitle }
-
-You want to build your own Traefik binary from the sources?
-Let's see how.
-
-## Building
-
-You need:
-    - [Docker](https://github.com/docker/docker "Link to website of Docker") 
-    - `make`
-    - [Go](https://go.dev/ "Link to website of Go")
-    - [misspell](https://github.com/golangci/misspell)
-    - [shellcheck](https://github.com/koalaman/shellcheck)
-    - [Tailscale](https://tailscale.com/) if you are using Docker Desktop 
-
-!!! tip "Source Directory"
-
-    It is recommended that you clone Traefik into the `~/go/src/github.com/traefik/traefik` directory.
-    This is the official golang workspace hierarchy that will allow dependencies to be properly resolved.
-
-!!! note "Environment"
-
-    Set your `GOPATH` and `PATH` variable to be set to `~/go` via:
-
-    ```bash
-    export GOPATH=~/go
-    export PATH=$PATH:$GOPATH/bin
-    ```
-
-    For convenience, add `GOPATH` and `PATH` to your `.bashrc` or `.bash_profile`
-
-    Verify your environment is setup properly by running `$ go env`.
-    Depending on your OS and environment, you should see an output similar to:
-
-    ```bash
-    GOARCH="amd64"
-    GOBIN=""
-    GOEXE=""
-    GOHOSTARCH="amd64"
-    GOHOSTOS="linux"
-    GOOS="linux"
-    GOPATH="/home/<yourusername>/go"
-    GORACE=""
-    ## ... and the list goes on
-    ```
-
-### Build Traefik
-
-Once you've set up your go environment and cloned the source repository, you can build Traefik.
-
-```bash
-$ make binary
-SHA: 8fddfe118288bb5280eb5e77fa952f52def360b4 cheddar 2024-01-11_03:14:57PM
-CGO_ENABLED=0 GOGC=off GOOS=darwin GOARCH=arm64 go build  -ldflags "-s -w \
-    -X github.com/traefik/traefik/v2/pkg/version.Version=8fddfe118288bb5280eb5e77fa952f52def360b4 \
-    -X github.com/traefik/traefik/v2/pkg/version.Codename=cheddar \
-    -X github.com/traefik/traefik/v2/pkg/version.BuildDate=2024-01-11_03:14:57PM" \
-    -installsuffix nocgo -o "./dist/darwin/arm64/traefik" ./cmd/traefik
-
-$ ls dist/
-traefik*
-```
-
-You will find the Traefik executable (`traefik`) in the `./dist` directory.
-
-## Testing
-
-Run unit tests using the `test-unit` target.
-Run integration tests using the `test-integration` target.
-Run all tests (unit and integration) using the `test` target.
-
-```bash
-$ make test-unit
-GOOS=darwin GOARCH=arm64 go test -cover "-coverprofile=cover.out" -v ./pkg/... ./cmd/...
-+ go test -cover -coverprofile=cover.out .
-ok      github.com/traefik/traefik   0.005s  coverage: 4.1% of statements
-
-Test success
-```
-
-For development purposes, you can specify which tests to run by using (only works the `test-integration` target):
-
-??? note "Configuring Tailscale for Docker Desktop user"
-
-    Create `tailscale.secret` file in `integration` directory.
-    
-    This file need to contains a [Tailscale auth key](https://tailscale.com/kb/1085/auth-keys) 
-    (an ephemeral, but reusable, one is recommended).
-
-    Add this section to your tailscale ACLs to auto-approve the routes for the
-    containers in the docker subnet:
-
-    ```json 
-        "autoApprovers": {
-          // Allow myself to automatically
-          // advertize routes for docker networks
-          "routes": {
-            "172.31.42.0/24": ["your_tailscale_identity"],
-          },
-        },
-    ```
-    
-```bash
-# Run every tests in the MyTest suite
-TESTFLAGS="-test.run TestAccessLogSuite" make test-integration
-
-# Run the test "MyTest" in the MyTest suite
-TESTFLAGS="-test.run TestAccessLogSuite -testify.m ^TestAccessLog$" make test-integration
-```