Prepare release v3.5.6

Prepare release v3.5.5
Merge branch v2.11 into v3.5
2025-11-10 08:23:50 +03:00 · 2025-11-07 14:40:05 +01:00 · 2025-11-07 14:16:04 +01:00 · 2025-11-07 11:59:54 +01:00 · 2025-11-07 11:58:04 +01:00 · 2025-11-04 17:00:06 +01:00
322 changed files with 7319 additions and 6665 deletions
--- a/.golangci.yml
+++ b/.golangci.yml
@@ -263,7 +263,7 @@ linters:
      - path: pkg/provider/kubernetes/(crd|gateway)/client.go
        linters:
          - interfacebloat
-      - path: pkg/metrics/metrics.go
+      - path: pkg/observability/metrics/metrics.go
        linters:
          - interfacebloat
      - path: integration/healthcheck_test.go
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,95 @@
+## [v3.5.6](https://github.com/traefik/traefik/tree/v3.5.6) (2025-11-07)
+[All Commits](https://github.com/traefik/traefik/compare/v3.5.4...v3.5.6)
+
+**Bug fixes:**
+- **[acme]** Bump github.com/go-acme/lego/v4 to v4.28.0 ([#12218](https://github.com/traefik/traefik/pull/12218) by [ldez](https://github.com/ldez))
+- **[server]** Filter unknown nodes with file and env for the deprecation loader ([#12227](https://github.com/traefik/traefik/pull/12227) by [rtribotte](https://github.com/rtribotte))
+
+**Documentation:**
+- **[acme]** Add missing ACME options and clean up table for more visibility ([#12208](https://github.com/traefik/traefik/pull/12208) by [sheddy-traefik](https://github.com/sheddy-traefik))
+- **[middleware]** Fix default encodings in compress middleware ([#12216](https://github.com/traefik/traefik/pull/12216) by [Belphemur](https://github.com/Belphemur))
+- Update Configuration Overview Page ([#12202](https://github.com/traefik/traefik/pull/12202) by [sheddy-traefik](https://github.com/sheddy-traefik))
+
+## [v3.5.5](https://github.com/traefik/traefik/tree/v3.5.5) (2025-11-07)
+[All Commits](https://github.com/traefik/traefik/compare/v3.5.4...v3.5.5)
+
+Release canceled.
+
+## [v3.5.4](https://github.com/traefik/traefik/tree/v3.5.4) (2025-10-28)
+[All Commits](https://github.com/traefik/traefik/compare/v3.5.3...v3.5.4)
+
+**Bug fixes:**
+- **[acme]** Bump github.com/go-acme/lego/v4 to v4.27.0 ([#12166](https://github.com/traefik/traefik/pull/12166) by [ldez](https://github.com/ldez))
+- **[acme]** Bump github.com/go-acme/lego/v4 to v4.26.0 ([#12063](https://github.com/traefik/traefik/pull/12063) by [ldez](https://github.com/ldez))
+- **[http3]** Bump github.com/quic-go/quic-go to v0.55.0 ([#12121](https://github.com/traefik/traefik/pull/12121) by [GreyXor](https://github.com/GreyXor))
+- **[kv]** Bump github.com/kvtools/etcdv3 to v1.0.3 ([#12163](https://github.com/traefik/traefik/pull/12163) by [kevinpollet](https://github.com/kevinpollet))
+- **[logs,metrics,tracing,accesslogs,otel]** Fix otel not working without USER ([#12103](https://github.com/traefik/traefik/pull/12103) by [mmatur](https://github.com/mmatur))
+- **[logs,otel]** Enable stdout logging when OTLP is enabled ([#12124](https://github.com/traefik/traefik/pull/12124) by [lbenguigui](https://github.com/lbenguigui))
+- **[metrics,otel]** Rename traefik_tls_certs_not_after_milliseconds to traefik_tls_certs_not_after_seconds ([#12141](https://github.com/traefik/traefik/pull/12141) by [shreealt](https://github.com/shreealt))
+- **[otel]** Update OpenTelemetry to v1.38.0 and semantic conventions to v1.37.0 ([#12099](https://github.com/traefik/traefik/pull/12099) by [rtribotte](https://github.com/rtribotte))
+- **[otel]** Do not fail when pod is not found in K8sAttributesDetector ([#12096](https://github.com/traefik/traefik/pull/12096) by [xe-leon](https://github.com/xe-leon))
+- **[tls]** Make the staple updates continuous ([#12142](https://github.com/traefik/traefik/pull/12142) by [rtribotte](https://github.com/rtribotte))
+- **[webui]** Fix version display regression ([#12111](https://github.com/traefik/traefik/pull/12111) by [mdeliatf](https://github.com/mdeliatf))
+
+**Documentation:**
+- **[accesslogs]** Fix link for accesslog.fields.names in documentation ([#12094](https://github.com/traefik/traefik/pull/12094) by [rmbruntz](https://github.com/rmbruntz))
+- **[acme]** Fix Hetzner env var name inside documentation ([#12187](https://github.com/traefik/traefik/pull/12187) by [ldez](https://github.com/ldez))
+- **[acme]** Replace internal dead links ([#12152](https://github.com/traefik/traefik/pull/12152) by [rtribotte](https://github.com/rtribotte))
+- **[acme]** Clean and avoid collisions of anchors in option tables ([#12149](https://github.com/traefik/traefik/pull/12149) by [rtribotte](https://github.com/rtribotte))
+- **[docker/swarm]** Fix swarm code example ([#12115](https://github.com/traefik/traefik/pull/12115) by [Dr4K4n](https://github.com/Dr4K4n))
+- **[healthcheck]** Clarify health check requirement for server status metric ([#12201](https://github.com/traefik/traefik/pull/12201) by [asafm](https://github.com/asafm))
+- **[k8s/crd]** Fix typo in ingressroute.md from pirority to priority ([#12112](https://github.com/traefik/traefik/pull/12112) by [miromichalicka](https://github.com/miromichalicka))
+- **[k8s]** Fix incorrect option and lint page ([#12108](https://github.com/traefik/traefik/pull/12108) by [sheddy-traefik](https://github.com/sheddy-traefik))
+- **[k8s]** Add API basePath documentation and fix broken links ([#12177](https://github.com/traefik/traefik/pull/12177) by [mloiseleur](https://github.com/mloiseleur))
+- **[k8s]** Merge TLSOption/TLSStore CRD documentation page ([#12164](https://github.com/traefik/traefik/pull/12164) by [nmengin](https://github.com/nmengin))
+- **[logs]** Clarify log.filePath behavior in documentation ([#12153](https://github.com/traefik/traefik/pull/12153) by [Alanxtl](https://github.com/Alanxtl))
+- **[metrics]** Fix incorrect addInternals configuration option ([#12118](https://github.com/traefik/traefik/pull/12118) by [shreealt](https://github.com/shreealt))
+- **[middleware]** Fix anchors in basic auth configuration options ([#12168](https://github.com/traefik/traefik/pull/12168) by [homersimpsons](https://github.com/homersimpsons))
+- **[middleware]** Fix PreserveRequestMethod casing ([#12122](https://github.com/traefik/traefik/pull/12122) by [LeTamanoir](https://github.com/LeTamanoir))
+- **[middleware]** Add missing reference docs for statusRewrites in errors middleware ([#12198](https://github.com/traefik/traefik/pull/12198) by [sevensolutions](https://github.com/sevensolutions))
+- **[middleware]** Document rejectStatusCode ([#12062](https://github.com/traefik/traefik/pull/12062) by [czocher](https://github.com/czocher))
+- **[otel]** Align documentation on default otlp endpoint ([#12151](https://github.com/traefik/traefik/pull/12151) by [mloiseleur](https://github.com/mloiseleur))
+- **[otel]** Fix metric name to metrics.otlp.grpc.insecure ([#12200](https://github.com/traefik/traefik/pull/12200) by [germainlefebvre4](https://github.com/germainlefebvre4))
+- **[server,k8s/crd,k8s]** Add dedicated pages for routers and fix doc links in CRDs ([#12119](https://github.com/traefik/traefik/pull/12119) by [rtribotte](https://github.com/rtribotte))
+- **[tls]** Fix typo in TLS certificate generation description ([#12185](https://github.com/traefik/traefik/pull/12185) by [iraj-jelo](https://github.com/iraj-jelo))
+- Fix wrong references to router&#39;s pages ([#12131](https://github.com/traefik/traefik/pull/12131) by [rtribotte](https://github.com/rtribotte))
+- Fix markdown rendering for table anchors ([#12129](https://github.com/traefik/traefik/pull/12129) by [MaBauMeBad](https://github.com/MaBauMeBad))
+- Fix provider option descriptions ([#12135](https://github.com/traefik/traefik/pull/12135) by [kevinpollet](https://github.com/kevinpollet))
+- Format HTTP headers as code ([#12105](https://github.com/traefik/traefik/pull/12105) by [tyilo](https://github.com/tyilo))
+- Fix heading levels and add links ([#12084](https://github.com/traefik/traefik/pull/12084) by [Granjow](https://github.com/Granjow))
+
+**Misc:**
+- Merge branch v2.11 into v3.5 ([#12206](https://github.com/traefik/traefik/pull/12206) by [kevinpollet](https://github.com/kevinpollet))
+- Merge branch v2.11 into v3.5 ([#12158](https://github.com/traefik/traefik/pull/12158) by [rtribotte](https://github.com/rtribotte))
+
+## [v2.11.30](https://github.com/traefik/traefik/tree/v2.11.30) (2025-10-28)
+[All Commits](https://github.com/traefik/traefik/compare/v2.11.29...v2.11.30)
+
+**Bug fixes:**
+- **[http3]** Bump github.com/quic-go/quic-go to v0.55.0 ([#12156](https://github.com/traefik/traefik/pull/12156) by [kevinpollet](https://github.com/kevinpollet))
+- **[kv]** Fix KV key name used to check if connection is alive ([#12162](https://github.com/traefik/traefik/pull/12162) by [kevinpollet](https://github.com/kevinpollet))
+- **[server]** Bump golang.org/x/net to v0.46.0 ([#12143](https://github.com/traefik/traefik/pull/12143) by [kevinpollet](https://github.com/kevinpollet))
+- **[tracing]** Bump gopkg.in/DataDog/dd-trace-go.v1 to v1.74.6 ([#12083](https://github.com/traefik/traefik/pull/12083) by [hannahkm](https://github.com/hannahkm))
+
+## [v3.5.3](https://github.com/traefik/traefik/tree/v3.5.3) (2025-09-26)
+[All Commits](https://github.com/traefik/traefik/compare/v3.5.2...v3.5.3)
+
+**Bug fixes:**
+- **[k8s/crd]** ServersTransport: set minimum MaxIdleConnsPerHost=-1 ([#12077](https://github.com/traefik/traefik/pull/12077) by [xe-leon](https://github.com/xe-leon))
+- **[plugins]** Refactor plugins system ([#12035](https://github.com/traefik/traefik/pull/12035) by [jspdown](https://github.com/jspdown))
+- **[server]** Use client conn to build the proxy protocol header ([#12069](https://github.com/traefik/traefik/pull/12069) by [rtribotte](https://github.com/rtribotte))
+- **[webui]** Update hub-button-app to use a local script ([#12060](https://github.com/traefik/traefik/pull/12060) by [mdeliatf](https://github.com/mdeliatf))
+
+**Documentation:**
+- **[acme,middleware]** Fix broken links in documentation ([#12057](https://github.com/traefik/traefik/pull/12057) by [mloiseleur](https://github.com/mloiseleur))
+- **[k8s]** Create Traefik Service CRD sub-resource documentation page ([#12080](https://github.com/traefik/traefik/pull/12080) by [nmengin](https://github.com/nmengin))
+- **[k8s]** Fix conflict in IngressRouteTCP documentation ([#12064](https://github.com/traefik/traefik/pull/12064) by [MatBon01](https://github.com/MatBon01))
+- Fix typo in rules and priority documentation ([#12089](https://github.com/traefik/traefik/pull/12089) by [Darkangeel-hd](https://github.com/Darkangeel-hd))
+- Add govern section ([#12067](https://github.com/traefik/traefik/pull/12067) by [sheddy-traefik](https://github.com/sheddy-traefik))
+- Fix entrypoint config examples ([#12056](https://github.com/traefik/traefik/pull/12056) by [markormesher](https://github.com/markormesher))
+- Reorganize the menu entries ([#12044](https://github.com/traefik/traefik/pull/12044) by [nmengin](https://github.com/nmengin))
+- Add New Secure Section to the Documentation ([#11978](https://github.com/traefik/traefik/pull/11978) by [sheddy-traefik](https://github.com/sheddy-traefik))
+
 ## [v3.5.2](https://github.com/traefik/traefik/tree/v3.5.2) (2025-09-09)
 [All Commits](https://github.com/traefik/traefik/compare/v3.5.1...v3.5.2)

--- a/cmd/traefik/logger.go
+++ b/cmd/traefik/logger.go
@@ -14,7 +14,7 @@ import (
 	"github.com/rs/zerolog/log"
 	"github.com/sirupsen/logrus"
 	"github.com/traefik/traefik/v3/pkg/config/static"
-	"github.com/traefik/traefik/v3/pkg/logs"
+	"github.com/traefik/traefik/v3/pkg/observability/logs"
 	"gopkg.in/natefinch/lumberjack.v2"
 )

@@ -68,10 +68,6 @@ func setupLogger(ctx context.Context, staticConfiguration *static.Configuration)
 }

 func getLogWriter(staticConfiguration *static.Configuration) io.Writer {
-	if staticConfiguration.Log != nil && staticConfiguration.Log.OTLP != nil {
-		return io.Discard
-	}
-
 	var w io.Writer = os.Stdout
 	if staticConfiguration.Log != nil && len(staticConfiguration.Log.FilePath) > 0 {
 		_, _ = os.OpenFile(staticConfiguration.Log.FilePath, os.O_RDWR|os.O_CREATE|os.O_APPEND, 0o666)
--- a/cmd/traefik/plugins.go
+++ b/cmd/traefik/plugins.go
@@ -2,43 +2,62 @@ package main

 import (
 	"fmt"
+	"net/http"
+	"path/filepath"
+	"time"

+	"github.com/hashicorp/go-retryablehttp"
+	"github.com/rs/zerolog/log"
 	"github.com/traefik/traefik/v3/pkg/config/static"
+	"github.com/traefik/traefik/v3/pkg/observability/logs"
 	"github.com/traefik/traefik/v3/pkg/plugins"
 )

 const outputDir = "./plugins-storage/"

 func createPluginBuilder(staticConfiguration *static.Configuration) (*plugins.Builder, error) {
-	client, plgs, localPlgs, err := initPlugins(staticConfiguration)
+	manager, plgs, localPlgs, err := initPlugins(staticConfiguration)
 	if err != nil {
 		return nil, err
 	}

-	return plugins.NewBuilder(client, plgs, localPlgs)
+	return plugins.NewBuilder(manager, plgs, localPlgs)
 }

-func initPlugins(staticCfg *static.Configuration) (*plugins.Client, map[string]plugins.Descriptor, map[string]plugins.LocalDescriptor, error) {
+func initPlugins(staticCfg *static.Configuration) (*plugins.Manager, map[string]plugins.Descriptor, map[string]plugins.LocalDescriptor, error) {
 	err := checkUniquePluginNames(staticCfg.Experimental)
 	if err != nil {
 		return nil, nil, nil, err
 	}

-	var client *plugins.Client
+	var manager *plugins.Manager
 	plgs := map[string]plugins.Descriptor{}

 	if hasPlugins(staticCfg) {
-		opts := plugins.ClientOptions{
+		httpClient := retryablehttp.NewClient()
+		httpClient.Logger = logs.NewRetryableHTTPLogger(log.Logger)
+		httpClient.HTTPClient = &http.Client{Timeout: 10 * time.Second}
+		httpClient.RetryMax = 3
+
+		// Create separate downloader for HTTP operations
+		archivesPath := filepath.Join(outputDir, "archives")
+		downloader, err := plugins.NewRegistryDownloader(plugins.RegistryDownloaderOptions{
+			HTTPClient:   httpClient.HTTPClient,
+			ArchivesPath: archivesPath,
+		})
+		if err != nil {
+			return nil, nil, nil, fmt.Errorf("unable to create plugin downloader: %w", err)
+		}
+
+		opts := plugins.ManagerOptions{
 			Output: outputDir,
 		}
-
-		var err error
-		client, err = plugins.NewClient(opts)
+		manager, err = plugins.NewManager(downloader, opts)
 		if err != nil {
-			return nil, nil, nil, fmt.Errorf("unable to create plugins client: %w", err)
+			return nil, nil, nil, fmt.Errorf("unable to create plugins manager: %w", err)
 		}

-		err = plugins.SetupRemotePlugins(client, staticCfg.Experimental.Plugins)
+		err = plugins.SetupRemotePlugins(manager, staticCfg.Experimental.Plugins)
 		if err != nil {
 			return nil, nil, nil, fmt.Errorf("unable to set up plugins environment: %w", err)
 		}
@@ -57,7 +76,7 @@ func initPlugins(staticCfg *static.Configuration) (*plugins.Client, map[string]p
 		localPlgs = staticCfg.Experimental.LocalPlugins
 	}

-	return client, plgs, localPlgs, nil
+	return manager, plgs, localPlgs, nil
 }

 func checkUniquePluginNames(e *static.Experimental) error {
--- a/cmd/traefik/traefik.go
+++ b/cmd/traefik/traefik.go
@@ -30,9 +30,11 @@ import (
 	"github.com/traefik/traefik/v3/pkg/config/dynamic"
 	"github.com/traefik/traefik/v3/pkg/config/runtime"
 	"github.com/traefik/traefik/v3/pkg/config/static"
-	"github.com/traefik/traefik/v3/pkg/logs"
-	"github.com/traefik/traefik/v3/pkg/metrics"
 	"github.com/traefik/traefik/v3/pkg/middlewares/accesslog"
+	"github.com/traefik/traefik/v3/pkg/observability/logs"
+	"github.com/traefik/traefik/v3/pkg/observability/metrics"
+	"github.com/traefik/traefik/v3/pkg/observability/tracing"
+	otypes "github.com/traefik/traefik/v3/pkg/observability/types"
 	"github.com/traefik/traefik/v3/pkg/provider/acme"
 	"github.com/traefik/traefik/v3/pkg/provider/aggregator"
 	"github.com/traefik/traefik/v3/pkg/provider/tailscale"
@@ -46,8 +48,6 @@ import (
 	"github.com/traefik/traefik/v3/pkg/server/service"
 	"github.com/traefik/traefik/v3/pkg/tcp"
 	traefiktls "github.com/traefik/traefik/v3/pkg/tls"
-	"github.com/traefik/traefik/v3/pkg/tracing"
-	"github.com/traefik/traefik/v3/pkg/types"
 	"github.com/traefik/traefik/v3/pkg/version"
 )

@@ -505,7 +505,7 @@ func initTailscaleProviders(cfg *static.Configuration, providerAggregator *aggre
 	return providers
 }

-func registerMetricClients(metricsConfig *types.Metrics) []metrics.Registry {
+func registerMetricClients(metricsConfig *otypes.Metrics) []metrics.Registry {
 	if metricsConfig == nil {
 		return nil
 	}
@@ -586,7 +586,7 @@ func appendCertMetric(gauge gokitmetrics.Gauge, certificate *x509.Certificate) {
 	gauge.With(labels...).Set(notAfter)
 }

-func setupAccessLog(ctx context.Context, conf *types.AccessLog) *accesslog.Handler {
+func setupAccessLog(ctx context.Context, conf *otypes.AccessLog) *accesslog.Handler {
 	if conf == nil {
 		return nil
 	}
--- a/docs/content/assets/img/secure/oidc-auth-flow.png
+++ b/docs/content/assets/img/secure/oidc-auth-flow.png
--- a/docs/content/contributing/documentation.md
+++ b/docs/content/contributing/documentation.md
@@ -15,7 +15,7 @@ Let's see how.

 ### General

-This [documentation](../../ "Link to the official Traefik documentation") is built with [MkDocs](https://mkdocs.org/ "Link to the website of MkDocs").
+This [documentation](../index.md "Link to the official Traefik documentation") is built with [MkDocs](https://mkdocs.org/ "Link to the website of MkDocs").

 ### Method 1: `Docker` and `make`

--- a/docs/content/expose/docker.md
+++ b/docs/content/expose/docker.md
@@ -90,7 +90,7 @@ This confirms that Traefik is successfully routing requests to your whoami appli

 ## Add Routing Rules

-Now we'll enhance our routing by directing traffic to different services based on [URL paths](../reference/routing-configuration/http/router/rules-and-priority.md#path-pathprefix-and-pathregexp). This is useful for API versioning, frontend/backend separation, or organizing microservices.
+Now we'll enhance our routing by directing traffic to different services based on [URL paths](../reference/routing-configuration/http/routing/rules-and-priority.md#path-pathprefix-and-pathregexp). This is useful for API versioning, frontend/backend separation, or organizing microservices.

 Update your `docker-compose.yml` to add another service:

@@ -457,7 +457,7 @@ These fundamental capabilities provide a solid foundation for exposing any appli

 Now that you understand the basics of exposing services with Traefik Proxy, you might want to explore:

- [Advanced routing options](../reference/routing-configuration/http/router/rules-and-priority.md) like query parameter matching, header-based routing, and more
+- [Advanced routing options](../reference/routing-configuration/http/routing/rules-and-priority.md) like query parameter matching, header-based routing, and more
 - [Additional middlewares](../reference/routing-configuration/http/middlewares/overview.md) for authentication, rate limiting, and request modifications
 - [Observability features](../reference/install-configuration/observability/metrics.md) for monitoring and debugging your Traefik deployment
 - [TCP services](../reference/routing-configuration/tcp/service.md) for exposing TCP services
--- a/docs/content/expose/kubernetes.md
+++ b/docs/content/expose/kubernetes.md
@@ -1005,7 +1005,7 @@ These fundamental capabilities provide a solid foundation for exposing any appli

 Now that you understand the basics of exposing services with Traefik Proxy, you might want to explore:

- [Advanced routing options](../reference/routing-configuration/http/router/rules-and-priority.md) like query parameter matching, header-based routing, and more
+- [Advanced routing options](../reference/routing-configuration/http/routing/rules-and-priority.md) like query parameter matching, header-based routing, and more
 - [Additional middlewares](../reference/routing-configuration/http/middlewares/overview.md) for authentication, rate limiting, and request modifications
 - [Observability features](../reference/install-configuration/observability/metrics.md) for monitoring and debugging your Traefik deployment
 - [TCP services](../reference/routing-configuration/tcp/service.md) for exposing TCP services
--- a/docs/content/expose/swarm.md
+++ b/docs/content/expose/swarm.md
@@ -68,7 +68,7 @@ This confirms that Traefik is successfully routing requests to your whoami appli

 ## Add Routing Rules

-Now we'll enhance our routing by directing traffic to different services based on [URL paths](../reference/routing-configuration/http/router/rules-and-priority.md#path-pathprefix-and-pathregexp). This is useful for API versioning, frontend/backend separation, or organizing microservices.
+Now we'll enhance our routing by directing traffic to different services based on [URL paths](../reference/routing-configuration/http/routing/rules-and-priority.md#path-pathprefix-and-pathregexp). This is useful for API versioning, frontend/backend separation, or organizing microservices.

 Update your `docker-compose.yml` to add another service:

@@ -393,7 +393,7 @@ These fundamental capabilities provide a solid foundation for exposing any appli

 Now that you understand the basics of exposing services with Traefik Proxy, you might want to explore:

- [Advanced routing options](../reference/routing-configuration/http/router/rules-and-priority.md) like query parameter matching, header-based routing, and more
+- [Advanced routing options](../reference/routing-configuration/http/routing/rules-and-priority.md) like query parameter matching, header-based routing, and more
 - [Additional middlewares](../reference/routing-configuration/http/middlewares/overview.md) for authentication, rate limiting, and request modifications
 - [Observability features](../reference/install-configuration/observability/metrics.md) for monitoring and debugging your Traefik deployment
 - [TCP services](../reference/routing-configuration/tcp/service.md) for exposing TCP services
--- a/docs/content/getting-started/configuration-overview.md
+++ b/docs/content/getting-started/configuration-overview.md
@@ -1,6 +1,6 @@
 ---
 title: "Traefik Configuration Documentation"
-description: "Get started with Traefik Proxy. This page will introduce you to the dynamic routing and startup configurations. Read the technical documentation."
+description: "Get started with Traefik Proxy. This page will introduce you to the routing and install configurations. Read the technical documentation."
 ---

 # Configuration Introduction
@@ -8,39 +8,37 @@ description: "Get started with Traefik Proxy. This page will introduce you to th
 How the Magic Happens
 {: .subtitle }

-![Configuration](../assets/img/static-dynamic-configuration.png)
-
 Configuration in Traefik can refer to two different things:

- The fully dynamic routing configuration (referred to as the _routing configuration_, formerly known as the _dynamic configuration_)
- The startup configuration (referred to as the _install configuration_, formerly known as the _static configuration_)
+- The install (startup) configuration (formerly known as the _static configuration_)
+- The routing configuration (formerly known as the _dynamic configuration_)

-Elements in the install configuration_ set up connections to [providers](../providers/overview.md) and define the [entrypoints](../routing/entrypoints.md) Traefik will listen to (these elements don't change often).
+Elements in the _install configuration_ set up connections to [providers](../providers/overview.md) and define the [entrypoints](../routing/entrypoints.md) Traefik will listen to (these elements don't change often).

-The _dynamic configuration_ contains everything that defines how the requests are handled by your system.
+The _routing configuration_ contains everything that defines how the requests are handled by your system.
 This configuration can change and is seamlessly hot-reloaded, without any request interruption or connection loss.

 !!! warning "Incompatible Configuration"
    Please be aware that the old configurations for Traefik v1.x are NOT compatible with the v2.x config as of now.
    If you are running v2, please ensure you are using a v2 configuration.

-## The Dynamic Configuration
+## The Routing Configuration

-Traefik gets its _dynamic configuration_ from [providers](../providers/overview.md): whether an orchestrator, a service registry, or a plain old configuration file.
+Traefik gets its _routing configuration_ from [providers](../providers/overview.md): whether an orchestrator, a service registry, or a plain old configuration file.

 Since this configuration is specific to your infrastructure choices, we invite you to refer to the [dedicated section of this documentation](../routing/overview.md).

 !!! info ""

-    In the [Quick Start example](../getting-started/quick-start.md), the routing configuration comes from docker in the form of labels attached to your containers.
+    In the [Quick Start example](../getting-started/docker.md), the whoami application routing configuration comes from docker in the form of a label attached to the whoami container.

 !!! info "HTTPS Certificates also belong to the routing configuration."

    You can add / update / remove them without restarting your Traefik instance.

-## The Static Configuration
+## The Install Configuration

-There are three different, **mutually exclusive** (i.e. you can use only one at the same time), ways to define static configuration options in Traefik:
+There are three different, **mutually exclusive** (i.e. you can use only one at the same time), ways to define install configuration options in Traefik:

 1. In a configuration file
 1. In the command-line arguments
@@ -56,7 +54,7 @@ Once positioned, this option sets (and resets) all the default values of the sub

 ### Configuration File

-At startup, Traefik searches for static configuration in a file named `traefik.yml` (or `traefik.yaml` or `traefik.toml`) in:
+At startup, Traefik searches for install configuration in a file named `traefik.yml` (or `traefik.yaml` or `traefik.toml`) in:

 - `/etc/traefik/`
 - `$XDG_CONFIG_HOME/`
@@ -86,7 +84,7 @@ Check the [CLI reference](../reference/install-configuration/configuration-optio

 ### Environment Variables

-All available environment variables can be found in the [static configuration environment overview](../reference/install-configuration/configuration-options.md).
+All available environment variables can be found in the [install configuration environment overview](../reference/install-configuration/configuration-options.md).

 ## Available Configuration Options

--- a/docs/content/getting-started/faq.md
+++ b/docs/content/getting-started/faq.md
@@ -12,10 +12,10 @@ and while the documentation often demonstrates configuration options through fil
 the core feature of Traefik is its dynamic configurability,
 directly reacting to changes from providers over time.

-Notably, a part of the configuration is [static](../configuration-overview/#the-static-configuration),
+Notably, a part of the configuration is [static](./configuration-overview.md#the-static-configuration),
 and can be provided by a file on startup, whereas various providers,
 such as the file provider,
-contribute dynamically all along the traefik instance lifetime to its [dynamic configuration](../configuration-overview/#the-dynamic-configuration) changes.
+contribute dynamically all along the traefik instance lifetime to its [dynamic configuration](./configuration-overview.md#the-dynamic-configuration) changes.

 In addition, the configuration englobes concepts such as the EntryPoint which can be seen as a listener on the Transport Layer (TCP),
 as apposed to the Router which is more about the Presentation (TLS) and Application layers (HTTP).
@@ -147,13 +147,13 @@ for example, by using the `touch` command on the configuration file.

 By default, the following headers are automatically added when proxying requests:

-| Property                  | HTTP Header                |
-|---------------------------|----------------------------|
-| Client's IP               | X-Forwarded-For, X-Real-Ip |
-| Host                      | X-Forwarded-Host           |
-| Port                      | X-Forwarded-Port           |
-| Protocol                  | X-Forwarded-Proto          |
-| Proxy Server's Hostname   | X-Forwarded-Server         |
+| Property                  | HTTP Header                    |
+|---------------------------|--------------------------------|
+| Client's IP               | `X-Forwarded-For`, `X-Real-Ip` |
+| Host                      | `X-Forwarded-Host`             |
+| Port                      | `X-Forwarded-Port`             |
+| Protocol                  | `X-Forwarded-Proto`            |
+| Proxy Server's Hostname   | `X-Forwarded-Server`           |

 For more details,
 please check out the [forwarded header](../routing/entrypoints.md#forwarded-headers) documentation.
--- a/docs/content/govern/index.md
+++ b/docs/content/govern/index.md
@@ -0,0 +1,59 @@
+---
+title: "Govern Your APIs with Traefik Hub"
+description: "Learn how Traefik Hub provides comprehensive API Gateway and API Management capabilities to govern, secure, and manage your APIs at scale."
+---
+
+# Govern Your APIs with Traefik Hub
+
+Traefik Hub transforms your API infrastructure by providing enterprise-grade API Gateway and comprehensive API Management capabilities. Built on the foundation of Traefik Proxy, Hub enables organizations to govern, secure, and manage APIs at scale across cloud-native environments.
+
+## API Gateway and API Management Capabilities
+
+Traefik Hub offers two complementary approaches to API governance:
+
+- [Traefik Hub API Gateway](https://traefik.io/solutions/api-gateway/): Enterprise-grade security, distributed features, and advanced access control for cloud-native API gateway scenarios. It includes AI Gateway capabilities for modern machine learning workloads.
+
+- [Traefik Hub API Management](https://traefik.io/solutions/api-management/): Comprehensive API lifecycle management, developer portals, and organizational features for teams managing multiple APIs across environments.
+
+## API Management Features
+
+Traefik Hub API Management provides a complete suite of features designed to streamline API governance and accelerate developer productivity:
+
+### Comprehensive API Lifecycle Management
+
+- **Centralized API Catalog**: Comprehensive API inventory providing real-time visibility and control
+- **Advanced Versioning**: Utilize the most flexible API versioning and Kubernetes-native labels to logically organize APIs, track their evolution over time, and avoid breaking changes for client applications
+- **Quality Control**: Perform error checks and change impact analysis with Traefik Hub's static analyzer to ensure compliance and prevent misconfiguration by catching errors early
+- **Resource Management**: Centralize rate limits, quotas, and policy enforcement across groups of APIs through Plans & Bundles, ensuring consistent and efficient resource management
+- **Subscription Management**: Create managed and self-serve subscriptions for enhanced ease-of-use, security, and auditability
+- **Standards Compliance**: Import, validate, and manage APIs using industry-standard OpenAPI specifications
+
+### Developer Experience & Self-Service
+
+- **Customizable Portals**: Easily create one or more dedicated API Portals for developers to discover, understand, and interact with your APIs
+- **Interactive API Testing**: Allow developers to test APIs directly within the portal for immediate feedback
+- **Branded Experience**: Customize the API portal to house API documentation, clear integration instructions, and personalized content to foster adoption and streamline development
+- **Credential Management**: Generate API access credentials, such as API keys, directly from the portal for simplified access and secure integration
+- **Auto-generated Documentation**: Automatically generated, interactive API documentation from OpenAPI specifications in the portal
+
+### Enterprise-Grade Security
+
+- **Access Control**: Implement fine-grained permissions through detailed API policies and JWT inspection to secure access to API resources
+- **Identity Integration**: Leverage existing identity and access management (IAM) solutions, such as Keycloak, Okta, Auth0, etc. through industry-standard authentication protocols, including native OIDC support
+- **Data Protection**: Advanced TLS management, supporting Let's Encrypt (ACME) and SPIFFE for robust data protection
+- **Threat Prevention**: Native Web Application Firewall (WAF) powered by OWASP Coraza to defend against known vulnerabilities
+
+### Observability
+
+- **Open Standards Monitoring**: Gain deep insights into API health and performance with OpenTelemetry integration to provide metrics and tracing capabilities without vendor lock-in
+- **Third-party Integrations**: Turnkey integration with Treblle directly on the Traefik Hub Dashboard for real-time, out-of-the-box observability without maintaining a complex monitoring infrastructure
+- **Pre-built Grafana Dashboards**: Ready-to-use monitoring dashboards with key API metrics and performance indicators
+
+## Getting Started with API Governance
+
+Transform your API infrastructure with Traefik Hub's governance capabilities:
+
+1. **Start with API Gateway**: Implement enterprise security, authentication, distributed features, and AI Gateway capabilities
+2. **Scale with API Management**: Add comprehensive lifecycle management, developer portals, and governance features
+
+Ready to govern your APIs at scale? Explore [Traefik Hub API Management](https://traefik.io/solutions/api-management/) and discover how it can transform your API strategy.
--- a/docs/content/https/acme.md
+++ b/docs/content/https/acme.md
@@ -314,7 +314,7 @@ Use the `DNS-01` challenge to generate and renew ACME certificates by provisioni
 !!! warning "`CNAME` support"

    `CNAME` are supported (and sometimes even [encouraged](https://letsencrypt.org/2019/10/09/onboarding-your-customers-with-lets-encrypt-and-acme.html#the-advantages-of-a-cname)),
-    but there are a few cases where they can be [problematic](../../getting-started/faq/#why-does-lets-encrypt-wildcard-certificate-renewalgeneration-with-dns-challenge-fail).
+    but there are a few cases where they can be [problematic](../getting-started/faq.md#why-does-lets-encrypt-wildcard-certificate-renewalgeneration-with-dns-challenge-fail).

    If needed, `CNAME` support can be disabled with the following environment variable:

@@ -356,6 +356,8 @@ For complete details, refer to your provider's _Additional configuration_ link.
 | [Azure](https://azure.microsoft.com/services/dns/) (DEPRECATED)        | `azure`            | DEPRECATED use `azuredns` instead.                                                                                                                                               | [Additional configuration](https://go-acme.github.io/lego/dns/azure)            |
 | [AzureDNS](https://azure.microsoft.com/services/dns/)                  | `azuredns`         | `AZURE_CLIENT_ID`, `AZURE_CLIENT_SECRET`, `AZURE_TENANT_ID`, `AZURE_SUBSCRIPTION_ID`, `AZURE_RESOURCE_GROUP`, `[AZURE_ENVIRONMENT]`, `[AZURE_PRIVATE_ZONE]`, `[AZURE_ZONE_NAME]` | [Additional configuration](https://go-acme.github.io/lego/dns/azuredns)         |
 | [Baidu Cloud](https://cloud.baidu.com)                                 | `baiducloud`       | `BAIDUCLOUD_ACCESS_KEY_ID`, `BAIDUCLOUD_SECRET_ACCESS_KEY`                                                                                                                       | [Additional configuration](https://go-acme.github.io/lego/dns/baiducloud)       |
+| [Beget](https://beget.com/)                                            | `beget`            | `BEGET_USERNAME`, `BEGET_PASSWORD`                                                                                                                                               | [Additional configuration](https://go-acme.github.io/lego/dns/beget)            |
+| [Binary Lane](https://www.binarylane.com.au/)                          | `binarylane`       | `BINARYLANE_API_TOKEN`                                                                                                                                                           | [Additional configuration](https://go-acme.github.io/lego/dns/binarylane)       |
 | [Bindman](https://github.com/labbsr0x/bindman-dns-webhook)             | `bindman`          | `BINDMAN_MANAGER_ADDRESS`                                                                                                                                                        | [Additional configuration](https://go-acme.github.io/lego/dns/bindman)          |
 | [Blue Cat](https://www.bluecatnetworks.com/)                           | `bluecat`          | `BLUECAT_SERVER_URL`, `BLUECAT_USER_NAME`, `BLUECAT_PASSWORD`, `BLUECAT_CONFIG_NAME`, `BLUECAT_DNS_VIEW`                                                                         | [Additional configuration](https://go-acme.github.io/lego/dns/bluecat)          |
 | [BookMyName](https://www.bookmyname.com)                               | `bookmyname`       | `BOOKMYNAME_USERNAME`, `BOOKMYNAME_PASSWORD`                                                                                                                                     | [Additional configuration](https://go-acme.github.io/lego/dns/bookmyname)       |
@@ -403,8 +405,9 @@ For complete details, refer to your provider's _Additional configuration_ link.
 | [GoDaddy](https://www.godaddy.com)                                     | `godaddy`          | `GODADDY_API_KEY`, `GODADDY_API_SECRET`                                                                                                                                          | [Additional configuration](https://go-acme.github.io/lego/dns/godaddy)          |
 | [Google Cloud DNS](https://cloud.google.com/dns/docs/)                 | `gcloud`           | `GCE_PROJECT`, Application Default Credentials [^2] [^3], [`GCE_SERVICE_ACCOUNT_FILE`]                                                                                           | [Additional configuration](https://go-acme.github.io/lego/dns/gcloud)           |
 | [Google Domains](https://domains.google) (DEPRECATED)                  | `googledomains`    | DEPRECATED                                                                                                                                                                       | [Additional configuration](https://go-acme.github.io/lego/dns/googledomains)    |
-| [Hetzner](https://hetzner.com)                                         | `hetzner`          | `HETZNER_API_KEY`                                                                                                                                                                | [Additional configuration](https://go-acme.github.io/lego/dns/hetzner)          |
+| [Hetzner](https://hetzner.com)                                         | `hetzner`          | `HETZNER_API_TOKEN`                                                                                                                                                              | [Additional configuration](https://go-acme.github.io/lego/dns/hetzner)          |
 | [hosting.de](https://www.hosting.de)                                   | `hostingde`        | `HOSTINGDE_API_KEY`, `HOSTINGDE_ZONE_NAME`                                                                                                                                       | [Additional configuration](https://go-acme.github.io/lego/dns/hostingde)        |
+| [Hostinger](https://www.hostinger.com/)                                | `hostinger`        | `HOSTINGER_API_TOKEN`                                                                                                                                                            | [Additional configuration](https://go-acme.github.io/lego/dns/hostinger)        |
 | [Hosttech](https://www.hosttech.eu)                                    | `hosttech`         | `HOSTTECH_API_KEY`                                                                                                                                                               | [Additional configuration](https://go-acme.github.io/lego/dns/hosttech)         |
 | [http.net](https://www.http.net/)                                      | `httpnet`          | `HTTPNET_API_KEY`                                                                                                                                                                | [Additional configuration](https://go-acme.github.io/lego/dns/httpnet)          |
 | [Huawei Cloud](https://huaweicloud.com)                                | `huaweicloud`      | `HUAWEICLOUD_ACCESS_KEY_ID`, `HUAWEICLOUD_SECRET_ACCESS_KEY`, `HUAWEICLOUD_REGION`                                                                                               | [Additional configuration](https://go-acme.github.io/lego/dns/huaweicloud)      |
@@ -421,6 +424,7 @@ For complete details, refer to your provider's _Additional configuration_ link.
 | [IPv64](https://ipv64.net)                                             | `ipv64`            | `IPV64_API_KEY`                                                                                                                                                                  | [Additional configuration](https://go-acme.github.io/lego/dns/ipv64)            |
 | [iwantmyname](https://iwantmyname.com)                                 | `iwantmyname`      | `IWANTMYNAME_USERNAME` , `IWANTMYNAME_PASSWORD`                                                                                                                                  | [Additional configuration](https://go-acme.github.io/lego/dns/iwantmyname)      |
 | [Joker.com](https://joker.com)                                         | `joker`            | `JOKER_API_MODE` with `JOKER_API_KEY` or `JOKER_USERNAME`, `JOKER_PASSWORD`                                                                                                      | [Additional configuration](https://go-acme.github.io/lego/dns/joker)            |
+| [KeyHelp](https://www.keyweb.de/en/keyhelp/keyhelp/)                   | `keyhelp`          | `KEYHELP_API_KEY`, `KEYHELP_BASE_URL`                                                                                                                                            | [Additional configuration](https://go-acme.github.io/lego/dns/keyhelp)          |
 | [Liara](https://liara.ir)                                              | `liara`            | `LIARA_API_KEY`                                                                                                                                                                  | [Additional configuration](https://go-acme.github.io/lego/dns/liara)            |
 | [Lightsail](https://aws.amazon.com/lightsail/)                         | `lightsail`        | `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `DNS_ZONE`                                                                                                                         | [Additional configuration](https://go-acme.github.io/lego/dns/lightsail)        |
 | [Lima-City](https://www.lima-city.de)                                  | `limacity`         | `LIMACITY_API_KEY`                                                                                                                                                               | [Additional configuration](https://go-acme.github.io/lego/dns/limacity)         |
@@ -448,6 +452,7 @@ For complete details, refer to your provider's _Additional configuration_ link.
 | [Njalla](https://njal.la)                                              | `njalla`           | `NJALLA_TOKEN`                                                                                                                                                                   | [Additional configuration](https://go-acme.github.io/lego/dns/njalla)           |
 | [Nodion](https://www.nodion.com)                                       | `nodion`           | `NODION_API_TOKEN`                                                                                                                                                               | [Additional configuration](https://go-acme.github.io/lego/dns/nodion)           |
 | [NS1](https://ns1.com/)                                                | `ns1`              | `NS1_API_KEY`                                                                                                                                                                    | [Additional configuration](https://go-acme.github.io/lego/dns/ns1)              |
+| [Octenium](https://octenium.com/)                                      | `octenium`         | `OCTENIUM_API_KEY`                                                                                                                                                               | [Additional configuration](https://go-acme.github.io/lego/dns/octenium)         |
 | [Open Telekom Cloud](https://cloud.telekom.de)                         | `otc`              | `OTC_DOMAIN_NAME`, `OTC_USER_NAME`, `OTC_PASSWORD`, `OTC_PROJECT_NAME`, `OTC_IDENTITY_ENDPOINT`                                                                                  | [Additional configuration](https://go-acme.github.io/lego/dns/otc)              |
 | [Openstack Designate](https://docs.openstack.org/designate)            | `designate`        | `OS_AUTH_URL`, `OS_USERNAME`, `OS_PASSWORD`, `OS_TENANT_NAME`, `OS_REGION_NAME`                                                                                                  | [Additional configuration](https://go-acme.github.io/lego/dns/designate)        |
 | [Oracle Cloud](https://cloud.oracle.com/home)                          | `oraclecloud`      | `OCI_COMPARTMENT_OCID`, `OCI_PRIVKEY_FILE`, `OCI_PRIVKEY_PASS`, `OCI_PUBKEY_FINGERPRINT`, `OCI_REGION`, `OCI_TENANCY_OCID`, `OCI_USER_OCID`                                      | [Additional configuration](https://go-acme.github.io/lego/dns/oraclecloud)      |
@@ -477,6 +482,7 @@ For complete details, refer to your provider's _Additional configuration_ link.
 | [Stackpath](https://www.stackpath.com/)                                | `stackpath`        | `STACKPATH_CLIENT_ID`, `STACKPATH_CLIENT_SECRET`, `STACKPATH_STACK_ID`                                                                                                           | [Additional configuration](https://go-acme.github.io/lego/dns/stackpath)        |
 | [Technitium](https://technitium.com)                                   | `technitium`       | `TECHNITIUM_SERVER_BASE_URL`, `TECHNITIUM_API_TOKEN`                                                                                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/technitium)       |
 | [Tencent Cloud DNS](https://cloud.tencent.com/product/cns)             | `tencentcloud`     | `TENCENTCLOUD_SECRET_ID`, `TENCENTCLOUD_SECRET_KEY`                                                                                                                              | [Additional configuration](https://go-acme.github.io/lego/dns/tencentcloud)     |
+| [Tencent EdgeOne](https://edgeone.ai/)                                 | `edgeone`          | `EDGEONE_SECRET_ID`, `EDGEONE_SECRET_KEY`                                                                                                                                        | [Additional configuration](https://go-acme.github.io/lego/dns/edgeone)          |
 | [Timeweb Cloud](https://timeweb.cloud)                                 | `timewebcloud`     | `TIMEWEBCLOUD_AUTH_TOKEN`                                                                                                                                                        | [Additional configuration](https://go-acme.github.io/lego/dns/timewebcloud)     |
 | [TransIP](https://www.transip.nl/)                                     | `transip`          | `TRANSIP_ACCOUNT_NAME`, `TRANSIP_PRIVATE_KEY_PATH`                                                                                                                               | [Additional configuration](https://go-acme.github.io/lego/dns/transip)          |
 | [UKFast SafeDNS](https://docs.ukfast.co.uk/domains/safedns/index.html) | `safedns`          | `SAFEDNS_AUTH_TOKEN`                                                                                                                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/safedns)          |
--- a/docs/content/https/tls.md
+++ b/docs/content/https/tls.md
@@ -234,7 +234,7 @@ The TLS options allow one to configure some parameters of the TLS connection.

 !!! important "TLSOption in Kubernetes"

-    When using the [TLSOption resource](../../routing/providers/kubernetes-crd/#kind-tlsoption) in Kubernetes, one might setup a default set of options that,
+    When using the [TLSOption resource](../routing/providers/kubernetes-crd.md#kind-tlsoption) in Kubernetes, one might setup a default set of options that,
    if not explicitly overwritten, should apply to all ingresses.  
    To achieve that, you'll have to create a TLSOption resource with the name `default`.
    There may exist only one TLSOption with the name `default` (across all namespaces) - otherwise they will be dropped.  
@@ -503,7 +503,7 @@ Traefik supports mutual authentication, through the `clientAuth` section.

 For authentication policies that require verification of the client certificate, the certificate authority for the certificates should be set in `clientAuth.caFiles`.

-In Kubernetes environment, CA certificate can be set in `clientAuth.secretNames`. See [TLSOption resource](../../routing/providers/kubernetes-crd/#kind-tlsoption) for more details.
+In Kubernetes environment, CA certificate can be set in `clientAuth.secretNames`. See [TLSOption resource](../routing/providers/kubernetes-crd.md#kind-tlsoption) for more details.

 The `clientAuth.clientAuthType` option governs the behaviour as follows:

--- a/docs/content/index.md
+++ b/docs/content/index.md
@@ -33,7 +33,7 @@ Traefik supports different needs depending on your background. We keep three use
 Traefik’s main concepts help you understand how requests flow to your services:

 - [Entrypoints](./reference/install-configuration/entrypoints.md) are the network entry points into Traefik. They define the port that will receive the packets and whether to listen for TCP or UDP.
- [Routers](./reference/routing-configuration/http/router/rules-and-priority.md) are in charge of connecting incoming requests to the services that can handle them. In the process, routers may use pieces of [middleware](./reference/routing-configuration/http/middlewares/overview.md) to update the request or act before forwarding the request to the service.
+- [Routers](./reference/routing-configuration/http/routing/rules-and-priority.md) are in charge of connecting incoming requests to the services that can handle them. In the process, routers may use pieces of [middleware](./reference/routing-configuration/http/middlewares/overview.md) to update the request or act before forwarding the request to the service.
 - [Services](./reference/routing-configuration/http/load-balancing/service.md) are responsible for configuring how to reach the actual services that will eventually handle the incoming requests.
 - [Providers](./reference/install-configuration/providers/overview.md) are infrastructure components, whether orchestrators, container engines, cloud providers, or key-value stores. The idea is that Traefik queries the provider APIs in order to find relevant information about routing, and when Traefik detects a change, it dynamically updates the routes.

--- a/docs/content/middlewares/http/forwardauth.md
+++ b/docs/content/middlewares/http/forwardauth.md
@@ -58,11 +58,11 @@ The following request properties are provided to the forward-auth target endpoin

 | Property          | Forward-Request Header |
 |-------------------|------------------------|
-| HTTP Method       | X-Forwarded-Method     |
-| Protocol          | X-Forwarded-Proto      |
-| Host              | X-Forwarded-Host       |
-| Request URI       | X-Forwarded-Uri        |
-| Source IP-Address | X-Forwarded-For        |
+| HTTP Method       | `X-Forwarded-Method`   |
+| Protocol          | `X-Forwarded-Proto`    |
+| Host              | `X-Forwarded-Host`     |
+| Request URI       | `X-Forwarded-Uri`      |
+| Source IP-Address | `X-Forwarded-For`      |

 ## Configuration Options

--- a/docs/content/middlewares/http/inflightreq.md
+++ b/docs/content/middlewares/http/inflightreq.md
@@ -113,7 +113,7 @@ The `depth` option tells Traefik to use the `X-Forwarded-For` header and select
 If `ipStrategy.ipv6Subnet` is provided and the selected IP is IPv6, the IP is transformed into the first IP of the subnet it belongs to.  
 See [ipStrategy.ipv6Subnet](#ipstrategyipv6subnet) for more details.

-!!! example "Example of Depth & X-Forwarded-For"
+!!! example "Example of Depth & `X-Forwarded-For`"

    If `depth` is set to 2, and the request `X-Forwarded-For` header is `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` then the "real" client IP is `"10.0.0.1"` (at depth 4) but the IP used as the criterion is `"12.0.0.1"` (`depth=2`).

@@ -167,7 +167,7 @@ http:

 !!! important "If `depth` is specified, `excludedIPs` is ignored."

-!!! example "Example of ExcludedIPs & X-Forwarded-For"
+!!! example "Example of ExcludedIPs & `X-Forwarded-For`"

    | `X-Forwarded-For`                       | `excludedIPs`         | clientIP     |
    |-----------------------------------------|-----------------------|--------------|
--- a/docs/content/middlewares/http/ipallowlist.md
+++ b/docs/content/middlewares/http/ipallowlist.md
@@ -78,7 +78,7 @@ The `depth` option tells Traefik to use the `X-Forwarded-For` header and take th
 If `ipStrategy.ipv6Subnet` is provided and the selected IP is IPv6, the IP is transformed into the first IP of the subnet it belongs to.  
 See [ipStrategy.ipv6Subnet](#ipstrategyipv6subnet) for more details.

-!!! example "Examples of Depth & X-Forwarded-For"
+!!! example "Examples of Depth & `X-Forwarded-For`"

    If `depth` is set to 2, and the request `X-Forwarded-For` header is `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` then the "real" client IP is `"10.0.0.1"` (at depth 4) but the IP used is `"12.0.0.1"` (`depth=2`).

@@ -144,7 +144,7 @@ http:

 !!! important "If `depth` is specified, `excludedIPs` is ignored."

-!!! example "Example of ExcludedIPs & X-Forwarded-For"
+!!! example "Example of ExcludedIPs & `X-Forwarded-For`"

    | `X-Forwarded-For`                       | `excludedIPs`         | clientIP     |
    |-----------------------------------------|-----------------------|--------------|
@@ -264,3 +264,45 @@ http:
    [http.middlewares.test-ipallowlist.ipallowlist.sourceCriterion.ipStrategy]
      ipv6Subnet = 64
 ```
+
+### `rejectStatusCode`
+
+The `rejectStatusCode` option sets HTTP status code for refused requests. If not set, the default is 403 (Forbidden).
+
+```yaml tab="Docker & Swarm"
+# Reject requests with a 404 rather than a 403
+labels:
+    - "traefik.http.middlewares.test-ipallowlist.ipallowlist.rejectstatuscode=404"
+```
+
+```yaml tab="Kubernetes"
+# Reject requests with a 404 rather than a 403
+apiVersion: traefik.io/v1alpha1
+kind: Middleware
+metadata:
+  name: test-ipallowlist
+spec:
+  ipAllowList:
+    rejectStatusCode: 404
+```
+
+```yaml tab="Consul Catalog"
+# Reject requests with a 404 rather than a 403
+- "traefik.http.middlewares.test-ipallowlist.ipallowlist.rejectstatuscode=404"
+```
+
+```yaml tab="File (YAML)"
+# Reject requests with a 404 rather than a 403
+http:
+  middlewares:
+    test-ipallowlist:
+      ipAllowList:
+        rejectStatusCode: 404
+```
+
+```toml tab="File (TOML)"
+# Reject requests with a 404 rather than a 403
+[http.middlewares]
+  [http.middlewares.test-ipallowlist.ipAllowList]
+    rejectStatusCode = 404
+```
--- a/docs/content/middlewares/http/ipwhitelist.md
+++ b/docs/content/middlewares/http/ipwhitelist.md
@@ -82,7 +82,7 @@ The `depth` option tells Traefik to use the `X-Forwarded-For` header and take th
 If `ipStrategy.ipv6Subnet` is provided and the selected IP is IPv6, the IP is transformed into the first IP of the subnet it belongs to.  
 See [ipStrategy.ipv6Subnet](#ipstrategyipv6subnet) for more details.

-!!! example "Examples of Depth & X-Forwarded-For"
+!!! example "Examples of Depth & `X-Forwarded-For`"

    If `depth` is set to 2, and the request `X-Forwarded-For` header is `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` then the "real" client IP is `"10.0.0.1"` (at depth 4) but the IP used for the whitelisting is `"12.0.0.1"` (`depth=2`).

@@ -148,7 +148,7 @@ http:

 !!! important "If `depth` is specified, `excludedIPs` is ignored."

-!!! example "Example of ExcludedIPs & X-Forwarded-For"
+!!! example "Example of ExcludedIPs & `X-Forwarded-For`"

    | `X-Forwarded-For`                       | `excludedIPs`         | clientIP     |
    |-----------------------------------------|-----------------------|--------------|
--- a/docs/content/middlewares/http/ratelimit.md
+++ b/docs/content/middlewares/http/ratelimit.md
@@ -225,7 +225,7 @@ The `depth` option tells Traefik to use the `X-Forwarded-For` header and select
 If `ipStrategy.ipv6Subnet` is provided and the selected IP is IPv6, the IP is transformed into the first IP of the subnet it belongs to.  
 See [ipStrategy.ipv6Subnet](#ipstrategyipv6subnet) for more details.

-!!! example "Example of Depth & X-Forwarded-For"
+!!! example "Example of Depth & `X-Forwarded-For`"

    If `depth` is set to 2, and the request `X-Forwarded-For` header is `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` then the "real" client IP is `"10.0.0.1"` (at depth 4) but the IP used as the criterion is `"12.0.0.1"` (`depth=2`).

@@ -288,7 +288,7 @@ http:

    !!! example "Each IP as a distinct source"

-        | X-Forwarded-For                | excludedIPs           | clientIP     |
+        | `X-Forwarded-For`              | excludedIPs           | clientIP     |
        |--------------------------------|-----------------------|--------------|
        | `"10.0.0.1,11.0.0.1,12.0.0.1"` | `"11.0.0.1,12.0.0.1"` | `"10.0.0.1"` |
        | `"10.0.0.2,11.0.0.1,12.0.0.1"` | `"11.0.0.1,12.0.0.1"` | `"10.0.0.2"` |
@@ -298,7 +298,7 @@ http:

    !!! example "Group IPs together as same source"

-        |  X-Forwarded-For               |  excludedIPs | clientIP     |
+        | `X-Forwarded-For`              | excludedIPs  | clientIP     |
        |--------------------------------|--------------|--------------|
        | `"10.0.0.1,11.0.0.1,12.0.0.1"` | `"12.0.0.1"` | `"11.0.0.1"` |
        | `"10.0.0.2,11.0.0.1,12.0.0.1"` | `"12.0.0.1"` | `"11.0.0.1"` |
@@ -310,7 +310,7 @@ and the first IP that is _not_ in the pool (if any) is returned.

 !!! example "Matching for clientIP"

-    |  X-Forwarded-For               |  excludedIPs          | clientIP     |
+    | `X-Forwarded-For`              | excludedIPs           | clientIP     |
    |--------------------------------|-----------------------|--------------|
    | `"10.0.0.1,11.0.0.1,13.0.0.1"` | `"11.0.0.1"`          | `"13.0.0.1"` |
    | `"10.0.0.1,11.0.0.1,13.0.0.1"` | `"15.0.0.1,16.0.0.1"` | `"13.0.0.1"` |
--- a/docs/content/middlewares/http/redirectscheme.md
+++ b/docs/content/middlewares/http/redirectscheme.md
@@ -19,7 +19,7 @@ The RedirectScheme middleware redirects the request if the request scheme is dif
    When there is at least one other reverse-proxy between the client and Traefik, 
    the other reverse-proxy (i.e. the last hop) needs to be a [trusted](../../routing/entrypoints.md#forwarded-headers) one. 
    
-    Otherwise, Traefik would clean up the X-Forwarded headers coming from this last hop, 
+    Otherwise, Traefik would clean up the `X-Forwarded` headers coming from this last hop,
    and as the RedirectScheme middleware relies on them to determine the scheme used,
    it would not function as intended.

--- a/docs/content/migrate/v1-to-v2.md
+++ b/docs/content/migrate/v1-to-v2.md
--- a/docs/content/migrate/v2-to-v3-details.md
+++ b/docs/content/migrate/v2-to-v3-details.md
@@ -135,7 +135,7 @@ It is now unsupported and would prevent Traefik to start.
 ##### Remediation

 The `http3` option should be removed from the static configuration experimental section.
-To configure `http3`, please checkout the [entrypoint configuration documentation](../routing/entrypoints.md#http3_1).
+To configure `http3`, please checkout the [entrypoint configuration documentation](../reference/install-configuration/entrypoints.md#http3).

 ### Consul provider

--- a/docs/content/migrate/v2-to-v3.md
+++ b/docs/content/migrate/v2-to-v3.md
@@ -11,7 +11,7 @@ How to Migrate from Traefik v2 to Traefik v3.
 !!! success "Streamlined Migration Process"
    Traefik v3 introduces minimal breaking changes and maintains backward compatibility with v2 syntax in dynamic configuration, offering a gradual migration path.

-With Traefik v3, we are introducing a streamlined transition process from v2. Minimal breaking changes have been made to specific options in the [static configuration](./v2-to-v3-details.md#static-configuration-changes "Link to static configuration changes"), and we are ensuring backward compatibility with v2 syntax in the [dynamic configuration](./v2-to-v3-details.md#dynamic-configuration-changes "Link to dynamic configuration changes"). This will offer a gradual path for adopting the v3 syntax, allowing users to progressively migrate their Kubernetes ingress resources, Docker labels, etc., to the new format.
+With Traefik v3, we are introducing a streamlined transition process from v2. Minimal breaking changes have been made to specific options in the [static configuration](./v2-to-v3-details.md#install-configuration-changes "Link to install configuration changes"), and we are ensuring backward compatibility with v2 syntax in the [dynamic configuration](./v2-to-v3-details.md#routing-configuration-changes "Link to routing configuration changes"). This will offer a gradual path for adopting the v3 syntax, allowing users to progressively migrate their Kubernetes ingress resources, Docker labels, etc., to the new format.

 ## Migration Overview

@@ -33,7 +33,7 @@ The migration process consists of three progressive steps designed to minimize r

 **Review and Update Static Configuration**

-Check the changes in [static configurations](./v2-to-v3-details.md#static-configuration-changes "Link to static configuration changes") and [operations](./v2-to-v3-details.md#operations-changes "Link to operations changes") brought by Traefik v3. Modify your configurations accordingly.
+Check the changes in [static configurations](./v2-to-v3-details.md#install-configuration-changes "Link to install configuration changes") and [operations](./v2-to-v3-details.md#operations-changes "Link to operations changes") brought by Traefik v3. Modify your configurations accordingly.

 **Enable v2 Compatibility Mode**

@@ -110,13 +110,13 @@ We strongly advise you to follow a progressive migration strategy ([Kubernetes r
 ## Step 3: Progressively Migrate Dynamic Configuration

 !!! info "Optional Immediate Step"
-    This step can be done later in the process, as Traefik v3 is compatible with the v2 format for [dynamic configuration](./v2-to-v3-details.md#dynamic-configuration-changes "Link to dynamic configuration changes"). Enable Traefik logs to get some help if any deprecated option is in use.
+    This step can be done later in the process, as Traefik v3 is compatible with the v2 format for [dynamic configuration](./v2-to-v3-details.md#routing-configuration-changes "Link to routing configuration changes"). Enable Traefik logs to get some help if any deprecated option is in use.

 ### Migration Process

 **Review Dynamic Configuration Changes**

-Check the changes in [dynamic configuration](./v2-to-v3-details.md#dynamic-configuration-changes "Link to dynamic configuration changes") to understand what updates are needed.
+Check the changes in [dynamic configuration](./v2-to-v3-details.md#routing-configuration-changes "Link to routing configuration changes") to understand what updates are needed.

 **Progressive Router Migration**

--- a/docs/content/migrate/v2.md
+++ b/docs/content/migrate/v2.md
@@ -1,719 +1,11 @@
 ---
-title: "Traefik Migration Documentation"
+title: "Traefik V2 Migration Documentation"
 description: "Learn the steps needed to migrate to new Traefik Proxy v2 versions, i.e. v2.0 to v2.1 or v2.1 to v2.2. Read the technical documentation."
 ---

-# Migration: Steps needed between the versions
+# Migration: Steps needed between the v2 versions

-## v2.0 to v2.1
+The multiple minor versions of Traefik v2 introduced a number of changes,
+which may require one to update their configuration when they migrate.

-### Kubernetes CRD
-
-In v2.1, a new Kubernetes CRD called `TraefikService` was added.
-While updating an installation to v2.1,
-one should apply that CRD, and update the existing `ClusterRole` definition to allow Traefik to use that CRD.
-
-To add that CRD and enhance the permissions, the following definitions need to be applied to the cluster.
-
-```yaml tab="TraefikService"
-apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
-metadata:
-  name: traefikservices.traefik.containo.us
-
-spec:
-  group: traefik.containo.us
-  version: v1alpha1
-  names:
-    kind: TraefikService
-    plural: traefikservices
-    singular: traefikservice
-  scope: Namespaced
-```
-
-```yaml tab="ClusterRole"
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1beta1
-metadata:
-  name: traefik-ingress-controller
-
-rules:
-  - apiGroups:
-      - ""
-    resources:
-      - services
-      - endpoints
-      - secrets
-    verbs:
-      - get
-      - list
-      - watch
-  - apiGroups:
-      - extensions
-      - networking.k8s.io
-    resources:
-      - ingresses
-    verbs:
-      - get
-      - list
-      - watch
-  - apiGroups:
-      - extensions
-      - networking.k8s.io
-    resources:
-      - ingresses/status
-    verbs:
-      - update
-  - apiGroups:
-      - traefik.io
-      - traefik.containo.us
-    resources:
-      - middlewares
-      - middlewaretcps
-      - ingressroutes
-      - traefikservices
-      - ingressroutetcps
-      - ingressrouteudps
-      - tlsoptions
-      - tlsstores
-      - serverstransports
-      - serverstransporttcps
-    verbs:
-      - get
-      - list
-      - watch
-```
-
-After having both resources applied, Traefik will work properly.
-
-## v2.1 to v2.2
-
-### Headers middleware: accessControlAllowOrigin
-
-`accessControlAllowOrigin` is deprecated.
-This field will be removed in future 2.x releases.
-Please configure your allowed origins in `accessControlAllowOriginList` instead.
-
-### Kubernetes CRD
-
-In v2.2, new Kubernetes CRDs called `TLSStore` and `IngressRouteUDP` were added.
-While updating an installation to v2.2,
-one should apply that CRDs, and update the existing `ClusterRole` definition to allow Traefik to use that CRDs.
-
-To add that CRDs and enhance the permissions, the following definitions need to be applied to the cluster.
-
-```yaml tab="TLSStore"
-apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
-metadata:
-  name: tlsstores.traefik.containo.us
-
-spec:
-  group: traefik.containo.us
-  version: v1alpha1
-  names:
-    kind: TLSStore
-    plural: tlsstores
-    singular: tlsstore
-  scope: Namespaced
-
-```
-
-```yaml tab="IngressRouteUDP"
-apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
-metadata:
-  name: ingressrouteudps.traefik.containo.us
-
-spec:
-  group: traefik.containo.us
-  version: v1alpha1
-  names:
-    kind: IngressRouteUDP
-    plural: ingressrouteudps
-    singular: ingressrouteudp
-  scope: Namespaced
-
-```
-
-```yaml tab="ClusterRole"
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1beta1
-metadata:
-  name: traefik-ingress-controller
-
-rules:
-  - apiGroups:
-      - ""
-    resources:
-      - services
-      - endpoints
-      - secrets
-    verbs:
-      - get
-      - list
-      - watch
-  - apiGroups:
-      - extensions
-      - networking.k8s.io
-    resources:
-      - ingresses
-    verbs:
-      - get
-      - list
-      - watch
-  - apiGroups:
-      - extensions
-      - networking.k8s.io
-    resources:
-      - ingresses/status
-    verbs:
-      - update
-  - apiGroups:
-      - traefik.io
-      - traefik.containo.us
-    resources:
-      - middlewares
-      - middlewaretcps
-      - ingressroutes
-      - traefikservices
-      - ingressroutetcps
-      - ingressrouteudps
-      - tlsoptions
-      - tlsstores
-      - serverstransports
-      - serverstransporttcps
-    verbs:
-      - get
-      - list
-      - watch
-```
-
-After having both resources applied, Traefik will work properly.
-
-### Kubernetes Ingress
-
-To enable HTTPS, it is not sufficient anymore to only rely on a TLS section in the Ingress.
-
-#### Expose an Ingress on 80 and 443
-
-Define the default TLS configuration on the HTTPS entry point.
-
-```yaml tab="Ingress"
-kind: Ingress
-apiVersion: networking.k8s.io/v1beta1
-metadata:
-  name: example
-
-spec:
-  tls:
-  - secretName: my-tls-secret
-
-  rules:
-  - host: example.com
-    http:
-      paths:
-      - path: "/foo"
-        backend:
-          serviceName: example-com
-          servicePort: 80
-```
-
-Entry points definition and enable Ingress provider:
-
-```yaml tab="File (YAML)"
-# Static configuration
-
-entryPoints:
-  web:
-    address: :80
-  websecure:
-    address: :443
-    http:
-      tls: {}
-
-providers:
-  kubernetesIngress: {}
-```
-
-```toml tab="File (TOML)"
-# Static configuration
-
-[entryPoints.web]
-  address = ":80"
-
-[entryPoints.websecure]
-  address = ":443"
-  [entryPoints.websecure.http]
-    [entryPoints.websecure.http.tls]
-
-[providers.kubernetesIngress]
-```
-
-```bash tab="CLI"
-# Static configuration
-
--entryPoints.web.address=:80
--entryPoints.websecure.address=:443
--entryPoints.websecure.http.tls=true
--providers.kubernetesIngress=true
-```
-
-#### Use TLS only on one Ingress
-
-Define the TLS restriction with annotations.
-
-```yaml tab="Ingress"
-kind: Ingress
-apiVersion: networking.k8s.io/v1beta1
-metadata:
-  name: example-tls
-  annotations:
-    traefik.ingress.kubernetes.io/router.entrypoints: websecure
-    traefik.ingress.kubernetes.io/router.tls: "true"
-
-spec:
-  tls:
-  - secretName: my-tls-secret
-
-  rules:
-  - host: example.com
-    http:
-      paths:
-      - path: ""
-        backend:
-          serviceName: example-com
-          servicePort: 80
-```
-
-Entry points definition and enable Ingress provider:
-
-```yaml tab="File (YAML)"
-# Static configuration
-
-entryPoints:
-  web:
-    address: :80
-  websecure:
-    address: :443
-
-providers:
-  kubernetesIngress: {}
-```
-
-```toml tab="File (TOML)"
-# Static configuration
-
-[entryPoints.web]
-  address = ":80"
-
-[entryPoints.websecure]
-  address = ":443"
-
-[providers.kubernetesIngress]
-```
-
-```bash tab="CLI"
-# Static configuration
-
--entryPoints.web.address=:80
--entryPoints.websecure.address=:443
--providers.kubernetesIngress=true
-```
-
-## v2.2.2 to v2.2.5
-
-### InsecureSNI removal
-
-In `v2.2.2` we introduced a new flag (`insecureSNI`) which was available as a global option to disable domain fronting.
-Since `v2.2.5` this global option has been removed, and you should not use it anymore.
-
-### HostSNI rule matcher removal
-
-In `v2.2.2` we introduced a new rule matcher (`HostSNI`) for HTTP routers which was allowing to match the Server Name Indication at the router level.
-Since `v2.2.5` this rule has been removed for HTTP routers, and you should not use it anymore.
-
-## v2.2 to v2.3
-
-### X.509 CommonName Deprecation
-
-The deprecated, legacy behavior of treating the CommonName field on X.509 certificates as a host name when no Subject Alternative Names are present, is now disabled by default.
-
-It means that if one is using https with your backend servers, and a certificate with only a CommonName,
-Traefik will not try to match the server name indication with the CommonName anymore.
-
-It can be temporarily re-enabled by adding the value `x509ignoreCN=0` to the `GODEBUG` environment variable.
-
-More information: https://golang.org/doc/go1.15#commonname
-
-### File Provider
-
-The file parser has been changed, since v2.3 the unknown options/fields in a dynamic configuration file are treated as errors.
-
-### IngressClass
-
-In `v2.3`, the support of `IngressClass`, which is available since Kubernetes version `1.18`, has been introduced.
-In order to be able to use this new resource the [Kubernetes RBAC](../reference/dynamic-configuration/kubernetes-crd.md#rbac) must be updated.
-
-## v2.3 to v2.4
-
-### ServersTransport
-
-In `v2.4.0`, the support of `ServersTransport` has been introduced.
-It is therefore necessary to update [RBAC](../reference/dynamic-configuration/kubernetes-crd.md#rbac) and [CRD](../reference/dynamic-configuration/kubernetes-crd.md) definitions.
-
-## v2.4.7 to v2.4.8
-
-### Non-ASCII Domain Names
-
-In `v2.4.8`, we introduced a new check on domain names used in HTTP router rule `Host` and `HostRegexp` expressions,
-and in TCP router rule `HostSNI` expression.
-This check ensures that provided domain names don't contain non-ASCII characters.
-If not, an error is raised, and the associated router will be shown as invalid in the dashboard.
-
-This new behavior is intended to show what was failing silently previously and to help troubleshooting configuration issues.
-It doesn't change the support for non-ASCII domain names in routers rules, which is not part of the Traefik feature set so far.
-
-In order to use non-ASCII domain names in a router's rule, one should use the Punycode form of the domain name.
-For more information, please read the [HTTP routers rule](../routing/routers/index.md#rule) part or [TCP router rules](../routing/routers/index.md#rule_1) part of the documentation.
-
-## v2.4.8 to v2.4.9
-
-### Tracing Span
-
-In `v2.4.9`, we changed span error to log only server errors (>= 500).
-
-## v2.4.9 to v2.4.10
-
-### K8S CrossNamespace
-
-In `v2.4.10`, the default value for `allowCrossNamespace` has been changed to `false`.
-
-### K8S ExternalName Service
-
-In `v2.4.10`, by default, it is no longer authorized to reference Kubernetes ExternalName services.
-To allow it, the `allowExternalNameServices` option should be set to `true`.
-
-## v2.4 to v2.5
-
-### Kubernetes CRD
-
-In `v2.5`, the [Traefik CRDs](../reference/dynamic-configuration/kubernetes-crd.md#definitions) have been updated to support the new API version `apiextensions.k8s.io/v1`.
-As required by `apiextensions.k8s.io/v1`, we have included the OpenAPI validation schema.
-
-After deploying the new [Traefik CRDs](../reference/dynamic-configuration/kubernetes-crd.md#definitions), the resources will be validated only on creation or update.
-
-Please note that the unknown fields will not be pruned when migrating from `apiextensions.k8s.io/v1beta1` to `apiextensions.k8s.io/v1` CRDs.
-For more details check out the official [documentation](https://kubernetes.io/docs/tasks/extend-kubernetes/custom-resources/custom-resource-definitions/#specifying-a-structural-schema).
-
-### Kubernetes Ingress
-
-Traefik v2.5 moves forward for the Ingress provider to support Kubernetes v1.22.
-
-Traefik now supports only v1.14+ Kubernetes clusters, which means the support of `extensions/v1beta1` API Version ingresses has been dropped.
-
-The `extensions/v1beta1` API Version should now be replaced either by `networking.k8s.io/v1beta1` or by `networking.k8s.io/v1` (as of Kubernetes v1.19+).
-
-The support of the `networking.k8s.io/v1beta1` API Version will stop in Kubernetes v1.22.
-
-### Headers middleware: ssl redirect options
-
-`sslRedirect`, `sslTemporaryRedirect`, `sslHost` and `sslForceHost` are deprecated in Traefik v2.5.
-
-For simple HTTP to HTTPS redirection, you may use [EntryPoints redirections](../routing/entrypoints.md#redirection).
-
-For more advanced use cases, you can use either the [RedirectScheme middleware](../middlewares/http/redirectscheme.md) or the [RedirectRegex middleware](../middlewares/http/redirectregex.md).
-
-### Headers middleware: accessControlAllowOrigin
-
-`accessControlAllowOrigin` is no longer supported in Traefik v2.5.
-
-### X.509 CommonName Deprecation Bis
-
-Following up on the deprecation started [previously](#x509-commonname-deprecation),
-as the `x509ignoreCN=0` value for the `GODEBUG` is [deprecated in Go 1.17](https://tip.golang.org/doc/go1.17#crypto/x509),
-the legacy behavior related to the CommonName field cannot be enabled at all anymore.
-
-## v2.5.3 to v2.5.4
-
-### Errors middleware
-
-In `v2.5.4`, when the errors service is configured with the [`PassHostHeader`](../routing/services/index.md#pass-host-header) option to `true` (default),
-the forwarded Host header value is now set to the client request Host value and not `0.0.0.0`.
-Check out the [Errors middleware](../middlewares/http/errorpages.md#service) documentation for more details.
-
-## v2.5 to v2.6
-
-### HTTP/3
-
-Traefik v2.6 introduces the `AdvertisedPort` option,
-which allows advertising, in the `Alt-Svc` header, a UDP port different from the one on which Traefik is actually listening (the EntryPoint's port).
-By doing so, it introduces a new configuration structure `http3`, which replaces the `enableHTTP3` option (which therefore doesn't exist anymore).
-To enable HTTP/3 on an EntryPoint, please check out the [HTTP/3 configuration](../routing/entrypoints.md#http3) documentation.
-
-### Kubernetes Gateway API Provider
-
-In `v2.6`, the [Kubernetes Gateway API provider](../providers/kubernetes-gateway.md) now only supports the version [v1alpha2](https://gateway-api.sigs.k8s.io/v1alpha2/guides/) of the specification and 
-[route namespaces](https://gateway-api.sigs.k8s.io/v1alpha2/references/spec/#gateway.networking.k8s.io/v1beta1.RouteNamespaces) selectors, which requires Traefik to fetch and watch the cluster namespaces.
-Therefore, the RBAC and CRD definitions must be updated.
-
-## v2.6.0 to v2.6.1
-
-### Metrics
-
-In `v2.6.1`, the metrics system does not support any more custom HTTP method verbs to prevent potential metrics cardinality overhead.
-In consequence, for metrics having the method label,
-if the HTTP method verb of a request is not one defined in the set of common methods for [`HTTP/1.1`](https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods)
-or the [`PRI`](https://datatracker.ietf.org/doc/html/rfc7540#section-11.6) verb (for `HTTP/2`),
-the value for the method label becomes `EXTENSION_METHOD`, instead of the request's one.
-
-### Tracing
-
-In `v2.6.1`, the Datadog tags added to a span changed from `service.name` to `traefik.service.name` and from `router.name` to `traefik.router.name`.
-
-## v2.8
-
-### TLS client authentication
-
-In `v2.8`, the `caOptional` option is deprecated as TLS client authentication is a server side option.
-This option available in the ForwardAuth middleware, as well as in the HTTP, Consul, Etcd, Redis, ZooKeeper, Marathon, Consul Catalog, and Docker providers has no effect and must not be used anymore.
-
-### Consul Enterprise Namespaces
-
-In `v2.8`, the `namespace` option of Consul and Consul Catalog providers is deprecated, please use the `namespaces` options instead.
-
-### Traefik Pilot
-
-In `v2.8`, the `pilot.token` and `pilot.dashboard` options are deprecated.
-Please check our Blog for migration instructions later this year.
-
-## v2.8.2
-
-Since `v2.5.0`, the `PreferServerCipherSuites` is [deprecated and ignored](https://tip.golang.org/doc/go1.17#crypto/tls) by Go,
-in `v2.8.2` the `preferServerCipherSuites` option is also deprecated and ignored in Traefik.
-
-In `v2.8.2`, Traefik now reject certificates signed with the SHA-1 hash function. ([details](https://tip.golang.org/doc/go1.18#sha1))
-
-## v2.9
-
-### Traefik Pilot
-
-In `v2.9`, Traefik Pilot support has been removed.
-
-## v2.10
-
-### Nomad Namespace
-
-In `v2.10`, the `namespace` option of the Nomad provider is deprecated, please use the `namespaces` options instead.
-
-### Kubernetes CRDs
-
-In `v2.10`, the Kubernetes CRDs API Group `traefik.containo.us` is deprecated, and its support will end starting with Traefik v3. Please use the API Group `traefik.io` instead.
-
-As the Kubernetes CRD provider still works with both API Versions (`traefik.io/v1alpha1` and `traefik.containo.us/v1alpha1`),
-it means that for the same kind, namespace and name, the provider will only keep the `traefik.io/v1alpha1` resource.
-
-In addition, the Kubernetes CRDs API Version `traefik.containo.us/v1alpha1` will not be supported in Traefik v3 itself.
-
-Please note that it is a requirement to update the CRDs and the RBAC in the cluster before upgrading Traefik.
-To do so, please apply the required [CRDs](https://raw.githubusercontent.com/traefik/traefik/v2.10/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml) and [RBAC](https://raw.githubusercontent.com/traefik/traefik/v2.10/docs/content/reference/dynamic-configuration/kubernetes-crd-rbac.yml) manifests for v2.10:
-
-```bash
-kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.10/docs/content/reference/dynamic-configuration/kubernetes-crd-rbac.yml
-kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v2.10/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
-```
-
-### Traefik Hub
-
-In `v2.10`, Traefik Hub configuration has been removed because Traefik Hub v2 doesn't require this configuration.
-
-## v2.11
-
-### IPWhiteList (HTTP)
-
-In `v2.11`, the `IPWhiteList` middleware is deprecated, please use the [IPAllowList](../middlewares/http/ipallowlist.md) middleware instead.
-
-### IPWhiteList (TCP)
-
-In `v2.11`, the `IPWhiteList` middleware is deprecated, please use the [IPAllowList](../middlewares/tcp/ipallowlist.md) middleware instead.
-
-### TLS CipherSuites
-
-> By default, cipher suites without ECDHE support are no longer offered by either clients or servers during pre-TLS 1.3 handshakes.
-> This change can be reverted with the `tlsrsakex=1 GODEBUG` setting.
-> (https://go.dev/doc/go1.22#crypto/tls)
-
-The _RSA key exchange_ cipher suites are way less secure than the modern ECDHE cipher suites and exposes to potential vulnerabilities like [the Marvin Attack](https://people.redhat.com/~hkario/marvin).
-Decision has been made to support ECDHE cipher suites only by default.
-
-The following ciphers have been removed from the default list:
-
- `TLS_RSA_WITH_AES_128_CBC_SHA`
- `TLS_RSA_WITH_AES_256_CBC_SHA`
- `TLS_RSA_WITH_AES_128_GCM_SHA256`
- `TLS_RSA_WITH_AES_256_GCM_SHA384`
-
-To enable these ciphers, please set the option `CipherSuites` in your [TLS configuration](../https/tls.md#cipher-suites) or set the environment variable `GODEBUG=tlsrsakex=1`.
-
-### Minimum TLS Version
-
-> By default, the minimum version offered by `crypto/tls` servers is now TLS 1.2 if not specified with config.MinimumVersion,
-> matching the behavior of crypto/tls clients.
-> This change can be reverted with the `tls10server=1 GODEBUG` setting.
-> (https://go.dev/doc/go1.22#crypto/tls)
-
-To enable TLS 1.0, please set the option `MinVersion` to `VersionTLS10` in your [TLS configuration](../https/tls.md#cipher-suites) or set the environment variable `GODEBUG=tls10server=1`.
-
-## v2.11.1
-
-### Maximum Router Priority Value
-
-Before v2.11.1, the maximum user-defined router priority value is:
-
- `MaxInt32` for 32-bit platforms,
- `MaxInt64` for 64-bit platforms.
-
-Please check out the [go documentation](https://pkg.go.dev/math#pkg-constants) for more information.
-
-In v2.11.1, Traefik reserves a range of priorities for its internal routers and now, 
-the maximum user-defined router priority value is:
-
- `(MaxInt32 - 1000)` for 32-bit platforms,
- `(MaxInt64 - 1000)` for 64-bit platforms.
-
-### EntryPoint.Transport.RespondingTimeouts.<Timeout>
-
-Starting with `v2.11.1` the following timeout options are deprecated:
-
- `<entryPoint>.transport.respondingTimeouts.readTimeout`
- `<entryPoint>.transport.respondingTimeouts.writeTimeout`
- `<entryPoint>.transport.respondingTimeouts.idleTimeout`
-
-They have been replaced by:
-
- `<entryPoint>.transport.respondingTimeouts.http.readTimeout`
- `<entryPoint>.transport.respondingTimeouts.http.writeTimeout`
- `<entryPoint>.transport.respondingTimeouts.http.idleTimeout`
-
-### EntryPoint.Transport.RespondingTimeouts.TCP.LingeringTimeout
-
-Starting with `v2.11.1` a new `lingeringTimeout` entryPoints option has been introduced, with a default value of 2s.
-
-The lingering timeout defines the maximum duration between each TCP read operation on the connection.
-As a layer 4 timeout, it applies during HTTP handling but respects the configured HTTP server `readTimeout`.
-
-This change avoids Traefik instances with the default configuration hanging while waiting for bytes to be read on the connection.
-
-We suggest to adapt this value accordingly to your situation.
-The new default value is purposely narrowed and can close the connection too early.
-
-Increasing the `lingeringTimeout` value could be the solution notably if you are dealing with the following errors:
-
- TCP: `Error while handling TCP connection: readfrom tcp X.X.X.X:X->X.X.X.X:X: read tcp X.X.X.X:X->X.X.X.X:X: i/o timeout`
- HTTP: `'499 Client Closed Request' caused by: context canceled`
- HTTP: `ReverseProxy read error during body copy: read tcp X.X.X.X:X->X.X.X.X:X: use of closed network connection`
-
-## v2.11.2
-
-### LingeringTimeout
-
-Starting with `v2.11.2` the `<entrypoint>.transport.respondingTimeouts.tcp.lingeringTimeout` introduced in `v2.11.1` has been removed.
-
-### RespondingTimeouts.TCP and RespondingTimeouts.HTTP
-
-Starting with `v2.11.2` the `respondingTimeouts.tcp` and `respondingTimeouts.http` sections introduced in `v2.11.1` have been removed.
-To configure the responding timeouts, please use the [`respondingTimeouts`](../routing/entrypoints.md#respondingtimeouts) section.  
-
-### EntryPoint.Transport.RespondingTimeouts.ReadTimeout
-
-Starting with `v2.11.2` the entryPoints [`readTimeout`](../routing/entrypoints.md#respondingtimeouts) option default value changed to 60 seconds.
-
-For HTTP, this option defines the maximum duration for reading the entire request, including the body.
-For TCP, this option defines the maximum duration for the first bytes to be read on the connection.
-
-The default value was previously set to zero, which means no timeout.
-
-This change has been done to avoid Traefik instances with the default configuration to be hanging forever while waiting for bytes to be read on the connection.
-
-Increasing the `readTimeout` value could be the solution notably if you are dealing with the following errors:
-
- TCP: `Error while handling TCP connection: readfrom tcp X.X.X.X:X->X.X.X.X:X: read tcp X.X.X.X:X->X.X.X.X:X: i/o timeout`
- HTTP: `'499 Client Closed Request' caused by: context canceled`
- HTTP: `ReverseProxy read error during body copy: read tcp X.X.X.X:X->X.X.X.X:X: use of closed network connection`
-
-## v2.11.3
-
-### Connection headers
-
-In `v2.11.3`, the handling of the request Connection headers directives has changed to prevent any abuse.
-Before, Traefik removed any header listed in the Connection header just before forwarding the request to the backends.
-Now, Traefik removes the headers listed in the Connection header as soon as the request is handled.
-As a consequence, middlewares do not have access to those Connection headers,
-and a new option has been introduced to specify which ones could go through the middleware chain before being removed: `<entrypoint>.forwardedHeaders.connection`.
-
-Please check out the [entrypoint forwarded headers connection option configuration](../routing/entrypoints.md#forwarded-headers) documentation.
-
-## v2.11.14
-
-### X-Forwarded-Prefix
-
-In `v2.11.14`, the `X-Forwarded-Prefix` header is now handled like the other `X-Forwarded-*` headers: Traefik removes it when it's sent from an untrusted source.
-Please refer to the Forwarded headers [documentation](../routing/entrypoints.md#forwarded-headers) for more details.
-
-## v2.11.24
-
-### Request Path Sanitization
-
-Since `v2.11.24`, the incoming request path is now cleaned before being used to match the router rules and sent to the backends.
-Any `/../`, `/./` or duplicate slash segments in the request path is interpreted and/or collapsed.
-
-If you want to disable this behavior, you can set the [`sanitizePath` option](../routing/entrypoints.md#sanitizepath) to `false` in the entryPoint HTTP configuration.
-This can be useful when dealing with legacy clients that are not url-encoding data in the request path.
-For example, as base64 uses the “/” character internally,
-if it's not url encoded,
-it can lead to unsafe routing when the `sanitizePath` option is set to `false`.
-
-!!! warning "Security"
-
-    Setting the `sanitizePath` option to `false` is not safe.
-    Ensure every request is properly url encoded instead.
-
-## v2.11.25
-
-### Request Path Normalization
-
-Since `v2.11.25`, the request path is now normalized by decoding unreserved characters in the request path,
-and also uppercasing the percent-encoded characters.
-This follows [RFC 3986 percent-encoding normalization](https://datatracker.ietf.org/doc/html/rfc3986#section-6.2.2.2),
-and [RFC 3986 case normalization](https://datatracker.ietf.org/doc/html/rfc3986#section-6.2.2.1).
-
-The normalization happens before the request path is sanitized,
-and cannot be disabled.
-This notably helps with encoded dots characters (which are unreserved characters) to be sanitized properly.
-
-### Routing Path
-
-Since `v2.11.25`, the reserved characters [(as per RFC 3986)](https://datatracker.ietf.org/doc/html/rfc3986#section-2.2) are kept encoded in the request path when matching the router rules.
-Those characters, when decoded, change the meaning of the request path for routing purposes,
-and Traefik now keeps them encoded to avoid any ambiguity.
-
-### Request Path Matching Examples
-
-| Request Path      | Router Rule            | Traefik v2.11.24 | Traefik v2.11.25 |
-|-------------------|------------------------|------------------|------------------|
-| `/foo%2Fbar`      | PathPrefix(`/foo/bar`) | Match            | No match         |
-| `/foo/../bar`     | PathPrefix(`/foo`)     | No match         | No match         |
-| `/foo/../bar`     | PathPrefix(`/bar`)     | Match            | Match            |
-| `/foo/%2E%2E/bar` | PathPrefix(`/foo`)     | Match            | No match         |
-| `/foo/%2E%2E/bar` | PathPrefix(`/bar`)     | No match         | Match            |
-
-## v2.11.28
-
-### MultiPath TCP
-
-Since `v2.11.28`, the MultiPath TCP support introduced with `v2.11.26` has been removed.
-It appears that enabling MPTCP on some platforms can cause Traefik to stop with the following error logs message:
-
- `set tcp X.X.X.X:X->X.X.X.X:X: setsockopt: operation not supported`
-
-However, it can be re-enabled by setting the `multipathtcp` variable in the GODEBUG environment variable, see the related [go documentation](https://go.dev/doc/godebug#go-124).
+For more information about the changes between Traefik v2 minor versions, please refer to the [v2 documentation](https://doc.traefik.io/traefik/v2.11/migration/v2/).
--- a/docs/content/migrate/v3.md
+++ b/docs/content/migrate/v3.md
@@ -113,9 +113,9 @@ kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.3/docs/con

 **Updated Resources:**

- [TraefikService](../../routing/services/#mirroring-service) ([PR #11032](https://github.com/traefik/traefik/pull/11032))
- [RateLimit](../../middlewares/http/ratelimit/) & [InFlightReq](../../middlewares/http/inflightreq/) middlewares ([PR #9747](https://github.com/traefik/traefik/pull/9747))
- [Compress](../../middlewares/http/compress/) middleware ([PR #10943](https://github.com/traefik/traefik/pull/10943))
+- [TraefikService](../routing/services/index.md#mirroring-service) ([PR #11032](https://github.com/traefik/traefik/pull/11032))
+- [RateLimit](../middlewares/http/ratelimit.md) & [InFlightReq](../middlewares/http/inflightreq.md) middlewares ([PR #9747](https://github.com/traefik/traefik/pull/9747))
+- [Compress](../middlewares/http/compress.md) middleware ([PR #10943](https://github.com/traefik/traefik/pull/10943))

 ### Kubernetes Gateway Provider Standard Channel

@@ -189,7 +189,7 @@ the `backendtlspolicies` and `backendtlspolicies/status` rights have to be added

 ## v3.2.1

-### X-Forwarded-Prefix Header Changes
+### `X-Forwarded-Prefix` Header Changes

 In v3.2.1, the `X-Forwarded-Prefix` header is now handled like other `X-Forwarded-*` headers - Traefik removes it when sent from untrusted sources.

@@ -326,7 +326,7 @@ kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.4/docs/con
 !!! warning "Deprecation"
    The `RoundRobin` strategy is deprecated but still supported (equivalent to `wrr`). It will be removed in the next major release.

-Refer to the [HTTP Services Load Balancing documentation](../../routing/services/#load-balancing-strategy) for detailed information.
+Refer to the [HTTP Services Load Balancing documentation](../routing/services/index.md#load-balancing-strategy) for detailed information.

 #### ServersTransport CA Certificate Configuration

@@ -452,7 +452,7 @@ Possible values are:
 - `minimal`: produces a single server span and one client span for each request processed by a router.
 - `detailed`: enables the creation of additional spans for each middleware executed for each request processed by a router.

-See the updated documentation for [entrypoints](../reference/install-configuration/entrypoints.md) and [dynamic routers](../reference/routing-configuration/http/router/observability.md#traceverbosity).
+See the updated documentation for [entrypoints](../reference/install-configuration/entrypoints.md) and [dynamic routers](../reference/routing-configuration/http/routing/observability.md#traceverbosity).

 #### K8s Resource Attributes

@@ -489,3 +489,10 @@ To use the new `proxyprotocol` option in the Kubernetes CRD provider, you need t
 ```shell
 kubectl apply -f https://raw.githubusercontent.com/traefik/traefik/v3.5/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
 ```
+
+## v3.5.4
+
+### Certificate Metric Renamed with OpenTelemetry 
+
+Starting with `v3.5.4`, and when using OpenTelemetry, the `traefik_tls_certs_not_after_milliseconds` metric is renamed to `traefik_tls_certs_not_after_seconds`.
+This change aligns the metric name with its real unit precision, which is in seconds. 
--- a/docs/content/observability/logs.md
+++ b/docs/content/observability/logs.md
@@ -20,6 +20,7 @@ Traefik logs concern everything that happens to Traefik itself (startup, configu

 By default, the logs are written to the standard output.
 You can configure a file path instead using the `filePath` option.
+When `filePath` is specified, Traefik will write logs only to that file (not to standard output).

 ```yaml tab="File (YAML)"
 # Writing Logs to a File
--- a/docs/content/observability/tracing/opentelemetry.md
+++ b/docs/content/observability/tracing/opentelemetry.md
@@ -5,7 +5,7 @@ description: "Traefik supports several tracing backends, including OpenTelemetry

 # OpenTelemetry

-Traefik Proxy follows [official OpenTelemetry semantic conventions v1.26.0](https://github.com/open-telemetry/semantic-conventions/blob/v1.26.0/docs/http/http-spans.md).
+Traefik Proxy follows [official OpenTelemetry semantic conventions v1.37.0](https://github.com/open-telemetry/semantic-conventions/blob/v1.37.0/docs/http/http-spans.md).

 To enable the OpenTelemetry tracer:

--- a/docs/content/observe/logs-and-access-logs.md
+++ b/docs/content/observe/logs-and-access-logs.md
@@ -173,7 +173,7 @@ The available filters are:

 When using the `json` format, you can customize which fields are included in your access logs.

- **Request Fields:** You can choose to `keep`, `drop`, or `redact` any of the standard request fields. A complete list of available fields like `ClientHost`, `RequestMethod`, and `Duration` can be found in the [reference documentation](../reference/install-configuration/observability/logs-and-accesslogs.md#available-fields).
+- **Request Fields:** You can choose to `keep`, `drop`, or `redact` any of the standard request fields. A complete list of available fields like `ClientHost`, `RequestMethod`, and `Duration` can be found in the [reference documentation](../reference/install-configuration/observability/logs-and-accesslogs.md#json-format-fields).
 - **Request Headers:** You can also specify which request headers should be included in the logs, and whether their values should be `kept`, `dropped`, or `redacted`.

 !!! info
--- a/docs/content/operations/api.md
+++ b/docs/content/operations/api.md
@@ -46,7 +46,7 @@ And then define a routing configuration on Traefik itself with the

 --8<-- "content/operations/include-api-examples.md"

-??? warning "The router's [rule](../../routing/routers/#rule) must catch requests for the URI path `/api`"
+??? warning "The router's [rule](../routing/routers/index.md#rule) must catch requests for the URI path `/api`"
    Using an "Host" rule is recommended, by catching all the incoming traffic on this host domain to the API.
    However, you can also use "path prefix" rule or any combination or rules.

@@ -109,7 +109,7 @@ api:
 --api.dashboard=true
 ```

-!!! warning "With Dashboard enabled, the router [rule](../../routing/routers/#rule) must catch requests for both `/api` and `/dashboard`"
+!!! warning "With Dashboard enabled, the router [rule](../routing/routers/index.md#rule) must catch requests for both `/api` and `/dashboard`"
    Please check the [Dashboard documentation](./dashboard.md#dashboard-router-rule) to learn more about this and to get examples.

 ### `debug`
--- a/docs/content/operations/dashboard.md
+++ b/docs/content/operations/dashboard.md
@@ -11,7 +11,7 @@ See What's Going On
 The dashboard is the central place that shows you the current active routes handled by Traefik.

 <figure>
-    <img src="../../assets/img/webui-dashboard.png" alt="Dashboard - Providers" />
+    <img src="../assets/img/webui-dashboard.png" alt="Dashboard - Providers" />
    <figcaption>The dashboard in action</figcaption>
 </figure>

--- a/docs/content/providers/consul-catalog.md
+++ b/docs/content/providers/consul-catalog.md
@@ -477,7 +477,7 @@ _Optional, Default=true_
 Expose Consul Catalog services by default in Traefik.
 If set to `false`, services that don't have a `traefik.enable=true` tag will be ignored from the resulting routing configuration.

-For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#restrict-the-scope-of-service-discovery).
+For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#exposedbydefault-and-traefikenable).

 ```yaml tab="File (YAML)"
 providers:
@@ -672,7 +672,7 @@ providers:
 # ...
 ```

-For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#restrict-the-scope-of-service-discovery).
+For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#exposedbydefault-and-traefikenable).

 ### `namespaces`

--- a/docs/content/providers/docker.md
+++ b/docs/content/providers/docker.md
@@ -380,7 +380,7 @@ _Optional, Default=true_
 Expose containers by default through Traefik.
 If set to `false`, containers that do not have a `traefik.enable=true` label are ignored from the resulting routing configuration.

-For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#restrict-the-scope-of-service-discovery).
+For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#exposedbydefault-and-traefikenable).

 ```yaml tab="File (YAML)"
 providers:
@@ -554,7 +554,7 @@ as well as the usual boolean logic, as shown in examples below.
    constraints = "LabelRegex(`a.label.name`, `a.+`)"
    ```

-For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#restrict-the-scope-of-service-discovery).
+For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#exposedbydefault-and-traefikenable).

 ```yaml tab="File (YAML)"
 providers:
--- a/docs/content/providers/ecs.md
+++ b/docs/content/providers/ecs.md
@@ -214,7 +214,7 @@ as well as the usual boolean logic, as shown in examples below.
    constraints = "LabelRegex(`a.label.name`, `a.+`)"
    ```

-For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#restrict-the-scope-of-service-discovery).
+For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#exposedbydefault-and-traefikenable).

 ```yaml tab="File (YAML)"
 providers:
--- a/docs/content/providers/nomad.md
+++ b/docs/content/providers/nomad.md
@@ -384,7 +384,7 @@ _Optional, Default=true_
 Expose Nomad services by default in Traefik.
 If set to `false`, services that do not have a `traefik.enable=true` tag will be ignored from the resulting routing configuration.

-For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#restrict-the-scope-of-service-discovery).
+For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#exposedbydefault-and-traefikenable).

 ```yaml tab="File (YAML)"
 providers:
@@ -504,7 +504,7 @@ providers:
 # ...
 ```

-For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#restrict-the-scope-of-service-discovery).
+For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#exposedbydefault-and-traefikenable).

 ### `namespaces`

--- a/docs/content/providers/swarm.md
+++ b/docs/content/providers/swarm.md
@@ -424,7 +424,7 @@ _Optional, Default=true_
 Expose containers by default through Traefik.
 If set to `false`, containers that do not have a `traefik.enable=true` label are ignored from the resulting routing configuration.

-For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#restrict-the-scope-of-service-discovery).
+For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#exposedbydefault-and-traefikenable).

 ```yaml tab="File (YAML)"
 providers:
@@ -621,7 +621,7 @@ as well as the usual boolean logic, as shown in examples below.
    constraints = "LabelRegex(`a.label.name`, `a.+`)"
    ```

-For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#restrict-the-scope-of-service-discovery).
+For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#exposedbydefault-and-traefikenable).

 ```yaml tab="File (YAML)"
 providers:
--- a/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
+++ b/docs/content/reference/dynamic-configuration/kubernetes-crd-definition-v1.yml
@@ -43,7 +43,7 @@ spec:
                description: |-
                  EntryPoints defines the list of entry point names to bind to.
                  Entry points have to be configured in the static configuration.
-                  More info: https://doc.traefik.io/traefik/v3.5/routing/entrypoints/
+                  More info: https://doc.traefik.io/traefik/v3.5/reference/install-configuration/entrypoints/
                  Default: all.
                items:
                  type: string
@@ -64,12 +64,12 @@ spec:
                    match:
                      description: |-
                        Match defines the router's rule.
-                        More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#rule
+                        More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/routing/rules-and-priority/
                      type: string
                    middlewares:
                      description: |-
                        Middlewares defines the list of references to Middleware resources.
-                        More info: https://doc.traefik.io/traefik/v3.5/routing/providers/kubernetes-crd/#kind-middleware
+                        More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/kubernetes/crd/http/middleware/
                      items:
                        description: MiddlewareRef is a reference to a Middleware
                          resource.
@@ -89,7 +89,7 @@ spec:
                    observability:
                      description: |-
                        Observability defines the observability configuration for a router.
-                        More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#observability
+                        More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/routing/observability/
                      properties:
                        accessLogs:
                          description: AccessLogs enables access logs for this router.
@@ -112,7 +112,7 @@ spec:
                    priority:
                      description: |-
                        Priority defines the router's priority.
-                        More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#priority
+                        More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/routing/rules-and-priority/#priority
                      maximum: 9223372036854775000
                      type: integer
                    services:
@@ -263,7 +263,7 @@ spec:
                          sticky:
                            description: |-
                              Sticky defines the sticky sessions configuration.
-                              More info: https://doc.traefik.io/traefik/v3.5/routing/services/#sticky-sessions
+                              More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/load-balancing/service/#sticky-sessions
                            properties:
                              cookie:
                                description: Cookie defines the sticky cookie configuration.
@@ -332,7 +332,7 @@ spec:
                    syntax:
                      description: |-
                        Syntax defines the router's rule syntax.
-                        More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#rulesyntax
+                        More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/routing/rules-and-priority/#rulesyntax
                        Deprecated: Please do not use this field and rewrite the router rules to use the v3 syntax.
                      type: string
                  required:
@@ -342,18 +342,18 @@ spec:
              tls:
                description: |-
                  TLS defines the TLS configuration.
-                  More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#tls
+                  More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/routing/router/#tls
                properties:
                  certResolver:
                    description: |-
                      CertResolver defines the name of the certificate resolver to use.
                      Cert resolvers have to be configured in the static configuration.
-                      More info: https://doc.traefik.io/traefik/v3.5/https/acme/#certificate-resolvers
+                      More info: https://doc.traefik.io/traefik/v3.5/reference/install-configuration/tls/certificate-resolvers/acme/
                    type: string
                  domains:
                    description: |-
                      Domains defines the list of domains that will be used to issue certificates.
-                      More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#domains
+                      More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/tls/tls-certificates/#domains
                    items:
                      description: Domain holds a domain name with SANs.
                      properties:
@@ -372,17 +372,17 @@ spec:
                    description: |-
                      Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.
                      If not defined, the `default` TLSOption is used.
-                      More info: https://doc.traefik.io/traefik/v3.5/https/tls/#tls-options
+                      More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/tls/tls-options/
                    properties:
                      name:
                        description: |-
                          Name defines the name of the referenced TLSOption.
-                          More info: https://doc.traefik.io/traefik/v3.5/routing/providers/kubernetes-crd/#kind-tlsoption
+                          More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/kubernetes/crd/http/tlsoption/
                        type: string
                      namespace:
                        description: |-
                          Namespace defines the namespace of the referenced TLSOption.
-                          More info: https://doc.traefik.io/traefik/v3.5/routing/providers/kubernetes-crd/#kind-tlsoption
+                          More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/kubernetes/crd/http/tlsoption/
                        type: string
                    required:
                    - name
@@ -399,12 +399,12 @@ spec:
                      name:
                        description: |-
                          Name defines the name of the referenced TLSStore.
-                          More info: https://doc.traefik.io/traefik/v3.5/routing/providers/kubernetes-crd/#kind-tlsstore
+                          More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/kubernetes/crd/http/tlsstore/
                        type: string
                      namespace:
                        description: |-
                          Namespace defines the namespace of the referenced TLSStore.
-                          More info: https://doc.traefik.io/traefik/v3.5/routing/providers/kubernetes-crd/#kind-tlsstore
+                          More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/kubernetes/crd/http/tlsstore/
                        type: string
                    required:
                    - name
@@ -464,7 +464,7 @@ spec:
                description: |-
                  EntryPoints defines the list of entry point names to bind to.
                  Entry points have to be configured in the static configuration.
-                  More info: https://doc.traefik.io/traefik/v3.5/routing/entrypoints/
+                  More info: https://doc.traefik.io/traefik/v3.5/reference/install-configuration/entrypoints/
                  Default: all.
                items:
                  type: string
@@ -477,7 +477,7 @@ spec:
                    match:
                      description: |-
                        Match defines the router's rule.
-                        More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#rule_1
+                        More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/tcp/routing/rules-and-priority/
                      type: string
                    middlewares:
                      description: Middlewares defines the list of references to MiddlewareTCP
@@ -501,7 +501,7 @@ spec:
                    priority:
                      description: |-
                        Priority defines the router's priority.
-                        More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#priority_1
+                        More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/tcp/routing/rules-and-priority/#priority
                      maximum: 9223372036854775000
                      type: integer
                    services:
@@ -543,7 +543,7 @@ spec:
                          proxyProtocol:
                            description: |-
                              ProxyProtocol defines the PROXY protocol configuration.
-                              More info: https://doc.traefik.io/traefik/v3.5/routing/services/#proxy-protocol
+                              More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/tcp/service/#proxy-protocol
                              Deprecated: ProxyProtocol will not be supported in future APIVersions, please use ServersTransport to configure ProxyProtocol instead.
                            properties:
                              version:
@@ -585,7 +585,7 @@ spec:
                    syntax:
                      description: |-
                        Syntax defines the router's rule syntax.
-                        More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#rulesyntax_1
+                        More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/tcp/routing/rules-and-priority/#rulesyntax
                        Deprecated: Please do not use this field and rewrite the router rules to use the v3 syntax.
                      enum:
                      - v3
@@ -598,18 +598,18 @@ spec:
              tls:
                description: |-
                  TLS defines the TLS configuration on a layer 4 / TCP Route.
-                  More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#tls_1
+                  More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/tcp/routing/router/#tls
                properties:
                  certResolver:
                    description: |-
                      CertResolver defines the name of the certificate resolver to use.
                      Cert resolvers have to be configured in the static configuration.
-                      More info: https://doc.traefik.io/traefik/v3.5/https/acme/#certificate-resolvers
+                      More info: https://doc.traefik.io/traefik/v3.5/reference/install-configuration/tls/certificate-resolvers/acme/
                    type: string
                  domains:
                    description: |-
                      Domains defines the list of domains that will be used to issue certificates.
-                      More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#domains
+                      More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/tcp/tls/#domains
                    items:
                      description: Domain holds a domain name with SANs.
                      properties:
@@ -628,7 +628,7 @@ spec:
                    description: |-
                      Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.
                      If not defined, the `default` TLSOption is used.
-                      More info: https://doc.traefik.io/traefik/v3.5/https/tls/#tls-options
+                      More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/tcp/tls/#tls-options
                    properties:
                      name:
                        description: Name defines the name of the referenced Traefik
@@ -720,7 +720,7 @@ spec:
                description: |-
                  EntryPoints defines the list of entry point names to bind to.
                  Entry points have to be configured in the static configuration.
-                  More info: https://doc.traefik.io/traefik/v3.5/routing/entrypoints/
+                  More info: https://doc.traefik.io/traefik/v3.5/reference/install-configuration/entrypoints/
                  Default: all.
                items:
                  type: string
@@ -808,7 +808,7 @@ spec:
      openAPIV3Schema:
        description: |-
          Middleware is the CRD implementation of a Traefik Middleware.
-          More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/overview/
+          More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/overview/
        properties:
          apiVersion:
            description: |-
@@ -849,12 +849,12 @@ spec:
                description: |-
                  BasicAuth holds the basic auth middleware configuration.
                  This middleware restricts access to your services to known users.
-                  More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/basicauth/
+                  More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/basicauth/
                properties:
                  headerField:
                    description: |-
                      HeaderField defines a header field to store the authenticated user.
-                      More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/basicauth/#headerfield
+                      More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/basicauth/#headerfield
                    type: string
                  realm:
                    description: |-
@@ -914,7 +914,7 @@ spec:
                description: |-
                  Chain holds the configuration of the chain middleware.
                  This middleware enables to define reusable combinations of other pieces of middleware.
-                  More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/chain/
+                  More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/chain/
                properties:
                  middlewares:
                    description: Middlewares is the list of MiddlewareRef which composes
@@ -977,7 +977,7 @@ spec:
                description: |-
                  Compress holds the compress middleware configuration.
                  This middleware compresses responses before sending them to the client, using gzip, brotli, or zstd compression.
-                  More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/compress/
+                  More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/compress/
                properties:
                  defaultEncoding:
                    description: DefaultEncoding specifies the default encoding if
@@ -1027,12 +1027,12 @@ spec:
                description: |-
                  DigestAuth holds the digest auth middleware configuration.
                  This middleware restricts access to your services to known users.
-                  More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/digestauth/
+                  More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/digestauth/
                properties:
                  headerField:
                    description: |-
                      HeaderField defines a header field to store the authenticated user.
-                      More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/basicauth/#headerfield
+                      More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/digestauth/#headerfield
                    type: string
                  realm:
                    description: |-
@@ -1052,7 +1052,7 @@ spec:
                description: |-
                  ErrorPage holds the custom error middleware configuration.
                  This middleware returns a custom page in lieu of the default, according to configured ranges of HTTP Status codes.
-                  More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/errorpages/
+                  More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/errorpages/
                properties:
                  query:
                    description: |-
@@ -1064,7 +1064,7 @@ spec:
                  service:
                    description: |-
                      Service defines the reference to a Kubernetes Service that will serve the error page.
-                      More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/errorpages/#service
+                      More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/errorpages/#service
                    properties:
                      healthCheck:
                        description: Healthcheck defines health checks for ExternalName
@@ -1206,7 +1206,7 @@ spec:
                      sticky:
                        description: |-
                          Sticky defines the sticky sessions configuration.
-                          More info: https://doc.traefik.io/traefik/v3.5/routing/services/#sticky-sessions
+                          More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/load-balancing/service/#sticky-sessions
                        properties:
                          cookie:
                            description: Cookie defines the sticky cookie configuration.
@@ -1293,7 +1293,7 @@ spec:
                description: |-
                  ForwardAuth holds the forward auth middleware configuration.
                  This middleware delegates the request authentication to a Service.
-                  More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/forwardauth/
+                  More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/forwardauth/
                properties:
                  addAuthCookiesToResponse:
                    description: AddAuthCookiesToResponse defines the list of cookies
@@ -1321,7 +1321,7 @@ spec:
                  authResponseHeadersRegex:
                    description: |-
                      AuthResponseHeadersRegex defines the regex to match headers to copy from the authentication server response and set on forwarded request, after stripping all headers that match the regex.
-                      More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/forwardauth/#authresponseheadersregex
+                      More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/forwardauth/#authresponseheadersregex
                    type: string
                  forwardBody:
                    description: ForwardBody defines whether to send the request body
@@ -1330,7 +1330,7 @@ spec:
                  headerField:
                    description: |-
                      HeaderField defines a header field to store the authenticated user.
-                      More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/forwardauth/#headerfield
+                      More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/forwardauth/#headerfield
                    type: string
                  maxBodySize:
                    description: MaxBodySize defines the maximum body size in bytes
@@ -1796,13 +1796,13 @@ spec:
                  x-kubernetes-preserve-unknown-fields: true
                description: |-
                  Plugin defines the middleware plugin configuration.
-                  More info: https://doc.traefik.io/traefik/plugins/
+                  More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/overview/#community-middlewares
                type: object
              rateLimit:
                description: |-
                  RateLimit holds the rate limit configuration.
                  This middleware ensures that services will receive a fair amount of requests, and allows one to define what fair is.
-                  More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/ratelimit/
+                  More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/ratelimit/
                properties:
                  average:
                    description: |-
@@ -2020,7 +2020,7 @@ spec:
                  Retry holds the retry middleware configuration.
                  This middleware reissues requests a given number of times to a backend server if that server does not reply.
                  As soon as the server answers, the middleware stops retrying, regardless of the response status.
-                  More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/retry/
+                  More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/retry/
                properties:
                  attempts:
                    description: Attempts defines how many times the request should
@@ -2100,7 +2100,7 @@ spec:
      openAPIV3Schema:
        description: |-
          MiddlewareTCP is the CRD implementation of a Traefik TCP middleware.
-          More info: https://doc.traefik.io/traefik/v3.5/middlewares/overview/
+          More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/tcp/middlewares/overview/
        properties:
          apiVersion:
            description: |-
@@ -2137,7 +2137,7 @@ spec:
                description: |-
                  IPAllowList defines the IPAllowList middleware configuration.
                  This middleware accepts/refuses connections based on the client IP.
-                  More info: https://doc.traefik.io/traefik/v3.5/middlewares/tcp/ipallowlist/
+                  More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/tcp/middlewares/ipallowlist/
                properties:
                  sourceRange:
                    description: SourceRange defines the allowed IPs (or ranges of
@@ -2151,7 +2151,7 @@ spec:
                  IPWhiteList defines the IPWhiteList middleware configuration.
                  This middleware accepts/refuses connections based on the client IP.
                  Deprecated: please use IPAllowList instead.
-                  More info: https://doc.traefik.io/traefik/v3.5/middlewares/tcp/ipwhitelist/
+                  More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/tcp/middlewares/ipwhitelist/
                properties:
                  sourceRange:
                    description: SourceRange defines the allowed IPs (or ranges of
@@ -2190,7 +2190,7 @@ spec:
          ServersTransport is the CRD implementation of a ServersTransport.
          If no serversTransport is specified, the default@internal will be used.
          The default@internal serversTransport is created from the static configuration.
-          More info: https://doc.traefik.io/traefik/v3.5/routing/services/#serverstransport_1
+          More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/load-balancing/serverstransport/
        properties:
          apiVersion:
            description: |-
@@ -2276,7 +2276,7 @@ spec:
              maxIdleConnsPerHost:
                description: MaxIdleConnsPerHost controls the maximum idle (keep-alive)
                  to keep per-host.
-                minimum: 0
+                minimum: -1
                type: integer
              peerCertURI:
                description: PeerCertURI defines the peer cert URI used to match against
@@ -2359,7 +2359,7 @@ spec:
          ServersTransportTCP is the CRD implementation of a TCPServersTransport.
          If no tcpServersTransport is specified, a default one named default@internal will be used.
          The default@internal tcpServersTransport can be configured in the static configuration.
-          More info: https://doc.traefik.io/traefik/v3.5/routing/services/#serverstransport_3
+          More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/tcp/serverstransport/
        properties:
          apiVersion:
            description: |-
@@ -2513,7 +2513,7 @@ spec:
      openAPIV3Schema:
        description: |-
          TLSOption is the CRD implementation of a Traefik TLS Option, allowing to configure some parameters of the TLS connection.
-          More info: https://doc.traefik.io/traefik/v3.5/https/tls/#tls-options
+          More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/tls/tls-certificates/#certificates-stores#tls-options
        properties:
          apiVersion:
            description: |-
@@ -2538,14 +2538,14 @@ spec:
              alpnProtocols:
                description: |-
                  ALPNProtocols defines the list of supported application level protocols for the TLS handshake, in order of preference.
-                  More info: https://doc.traefik.io/traefik/v3.5/https/tls/#alpn-protocols
+                  More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/tls/tls-certificates/#certificates-stores#alpn-protocols
                items:
                  type: string
                type: array
              cipherSuites:
                description: |-
                  CipherSuites defines the list of supported cipher suites for TLS versions up to TLS 1.2.
-                  More info: https://doc.traefik.io/traefik/v3.5/https/tls/#cipher-suites
+                  More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/tls/tls-certificates/#certificates-stores#cipher-suites
                items:
                  type: string
                type: array
@@ -2573,7 +2573,7 @@ spec:
              curvePreferences:
                description: |-
                  CurvePreferences defines the preferred elliptic curves.
-                  More info: https://doc.traefik.io/traefik/v3.5/https/tls/#curve-preferences
+                  More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/tls/tls-certificates/#certificates-stores#curve-preferences
                items:
                  type: string
                type: array
@@ -2633,7 +2633,7 @@ spec:
          TLSStore is the CRD implementation of a Traefik TLS Store.
          For the time being, only the TLSStore named default is supported.
          This means that you cannot have two stores that are named default in different Kubernetes namespaces.
-          More info: https://doc.traefik.io/traefik/v3.5/https/tls/#certificates-stores
+          More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/tls/tls-certificates/#certificates-stores#certificates-stores
        properties:
          apiVersion:
            description: |-
@@ -2731,7 +2731,7 @@ spec:
          TraefikService object allows to:
          - Apply weight to Services on load-balancing
          - Mirror traffic on services
-          More info: https://doc.traefik.io/traefik/v3.5/routing/providers/kubernetes-crd/#kind-traefikservice
+          More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/kubernetes/crd/http/traefikservice/
        properties:
          apiVersion:
            description: |-
@@ -2995,7 +2995,7 @@ spec:
                        sticky:
                          description: |-
                            Sticky defines the sticky sessions configuration.
-                            More info: https://doc.traefik.io/traefik/v3.5/routing/services/#sticky-sessions
+                            More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/load-balancing/service/#sticky-sessions
                          properties:
                            cookie:
                              description: Cookie defines the sticky cookie configuration.
@@ -3123,7 +3123,7 @@ spec:
                  sticky:
                    description: |-
                      Sticky defines the sticky sessions configuration.
-                      More info: https://doc.traefik.io/traefik/v3.5/routing/services/#sticky-sessions
+                      More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/load-balancing/service/#sticky-sessions
                    properties:
                      cookie:
                        description: Cookie defines the sticky cookie configuration.
@@ -3336,7 +3336,7 @@ spec:
                        sticky:
                          description: |-
                            Sticky defines the sticky sessions configuration.
-                            More info: https://doc.traefik.io/traefik/v3.5/routing/services/#sticky-sessions
+                            More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/load-balancing/service/#sticky-sessions
                          properties:
                            cookie:
                              description: Cookie defines the sticky cookie configuration.
@@ -3404,7 +3404,7 @@ spec:
                  sticky:
                    description: |-
                      Sticky defines whether sticky sessions are enabled.
-                      More info: https://doc.traefik.io/traefik/v3.5/routing/providers/kubernetes-crd/#stickiness-and-load-balancing
+                      More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/kubernetes/crd/http/traefikservice/#stickiness-and-load-balancing
                    properties:
                      cookie:
                        description: Cookie defines the sticky cookie configuration.
--- a/docs/content/reference/dynamic-configuration/kv-ref.md
+++ b/docs/content/reference/dynamic-configuration/kv-ref.md
@@ -5,464 +5,464 @@ THIS FILE MUST NOT BE EDITED BY HAND

 | Key (Path) | Value |
 |------------|-------|
-| `traefik/http/middlewares/Middleware01/addPrefix/prefix` | `foobar` |
-| `traefik/http/middlewares/Middleware02/basicAuth/headerField` | `foobar` |
-| `traefik/http/middlewares/Middleware02/basicAuth/realm` | `foobar` |
-| `traefik/http/middlewares/Middleware02/basicAuth/removeHeader` | `true` |
-| `traefik/http/middlewares/Middleware02/basicAuth/users/0` | `foobar` |
-| `traefik/http/middlewares/Middleware02/basicAuth/users/1` | `foobar` |
-| `traefik/http/middlewares/Middleware02/basicAuth/usersFile` | `foobar` |
-| `traefik/http/middlewares/Middleware03/buffering/maxRequestBodyBytes` | `42` |
-| `traefik/http/middlewares/Middleware03/buffering/maxResponseBodyBytes` | `42` |
-| `traefik/http/middlewares/Middleware03/buffering/memRequestBodyBytes` | `42` |
-| `traefik/http/middlewares/Middleware03/buffering/memResponseBodyBytes` | `42` |
-| `traefik/http/middlewares/Middleware03/buffering/retryExpression` | `foobar` |
-| `traefik/http/middlewares/Middleware04/chain/middlewares/0` | `foobar` |
-| `traefik/http/middlewares/Middleware04/chain/middlewares/1` | `foobar` |
-| `traefik/http/middlewares/Middleware05/circuitBreaker/checkPeriod` | `42s` |
-| `traefik/http/middlewares/Middleware05/circuitBreaker/expression` | `foobar` |
-| `traefik/http/middlewares/Middleware05/circuitBreaker/fallbackDuration` | `42s` |
-| `traefik/http/middlewares/Middleware05/circuitBreaker/recoveryDuration` | `42s` |
-| `traefik/http/middlewares/Middleware05/circuitBreaker/responseCode` | `42` |
-| `traefik/http/middlewares/Middleware06/compress/defaultEncoding` | `foobar` |
-| `traefik/http/middlewares/Middleware06/compress/encodings/0` | `foobar` |
-| `traefik/http/middlewares/Middleware06/compress/encodings/1` | `foobar` |
-| `traefik/http/middlewares/Middleware06/compress/excludedContentTypes/0` | `foobar` |
-| `traefik/http/middlewares/Middleware06/compress/excludedContentTypes/1` | `foobar` |
-| `traefik/http/middlewares/Middleware06/compress/includedContentTypes/0` | `foobar` |
-| `traefik/http/middlewares/Middleware06/compress/includedContentTypes/1` | `foobar` |
-| `traefik/http/middlewares/Middleware06/compress/minResponseBodyBytes` | `42` |
-| `traefik/http/middlewares/Middleware07/contentType/autoDetect` | `true` |
-| `traefik/http/middlewares/Middleware08/digestAuth/headerField` | `foobar` |
-| `traefik/http/middlewares/Middleware08/digestAuth/realm` | `foobar` |
-| `traefik/http/middlewares/Middleware08/digestAuth/removeHeader` | `true` |
-| `traefik/http/middlewares/Middleware08/digestAuth/users/0` | `foobar` |
-| `traefik/http/middlewares/Middleware08/digestAuth/users/1` | `foobar` |
-| `traefik/http/middlewares/Middleware08/digestAuth/usersFile` | `foobar` |
-| `traefik/http/middlewares/Middleware09/errors/query` | `foobar` |
-| `traefik/http/middlewares/Middleware09/errors/service` | `foobar` |
-| `traefik/http/middlewares/Middleware09/errors/status/0` | `foobar` |
-| `traefik/http/middlewares/Middleware09/errors/status/1` | `foobar` |
-| `traefik/http/middlewares/Middleware09/errors/statusRewrites/name0` | `42` |
-| `traefik/http/middlewares/Middleware09/errors/statusRewrites/name1` | `42` |
-| `traefik/http/middlewares/Middleware10/forwardAuth/addAuthCookiesToResponse/0` | `foobar` |
-| `traefik/http/middlewares/Middleware10/forwardAuth/addAuthCookiesToResponse/1` | `foobar` |
-| `traefik/http/middlewares/Middleware10/forwardAuth/address` | `foobar` |
-| `traefik/http/middlewares/Middleware10/forwardAuth/authRequestHeaders/0` | `foobar` |
-| `traefik/http/middlewares/Middleware10/forwardAuth/authRequestHeaders/1` | `foobar` |
-| `traefik/http/middlewares/Middleware10/forwardAuth/authResponseHeaders/0` | `foobar` |
-| `traefik/http/middlewares/Middleware10/forwardAuth/authResponseHeaders/1` | `foobar` |
-| `traefik/http/middlewares/Middleware10/forwardAuth/authResponseHeadersRegex` | `foobar` |
-| `traefik/http/middlewares/Middleware10/forwardAuth/forwardBody` | `true` |
-| `traefik/http/middlewares/Middleware10/forwardAuth/headerField` | `foobar` |
-| `traefik/http/middlewares/Middleware10/forwardAuth/maxBodySize` | `42` |
-| `traefik/http/middlewares/Middleware10/forwardAuth/preserveLocationHeader` | `true` |
-| `traefik/http/middlewares/Middleware10/forwardAuth/preserveRequestMethod` | `true` |
-| `traefik/http/middlewares/Middleware10/forwardAuth/tls/ca` | `foobar` |
-| `traefik/http/middlewares/Middleware10/forwardAuth/tls/caOptional` | `true` |
-| `traefik/http/middlewares/Middleware10/forwardAuth/tls/cert` | `foobar` |
-| `traefik/http/middlewares/Middleware10/forwardAuth/tls/insecureSkipVerify` | `true` |
-| `traefik/http/middlewares/Middleware10/forwardAuth/tls/key` | `foobar` |
-| `traefik/http/middlewares/Middleware10/forwardAuth/trustForwardHeader` | `true` |
-| `traefik/http/middlewares/Middleware11/grpcWeb/allowOrigins/0` | `foobar` |
-| `traefik/http/middlewares/Middleware11/grpcWeb/allowOrigins/1` | `foobar` |
-| `traefik/http/middlewares/Middleware12/headers/accessControlAllowCredentials` | `true` |
-| `traefik/http/middlewares/Middleware12/headers/accessControlAllowHeaders/0` | `foobar` |
-| `traefik/http/middlewares/Middleware12/headers/accessControlAllowHeaders/1` | `foobar` |
-| `traefik/http/middlewares/Middleware12/headers/accessControlAllowMethods/0` | `foobar` |
-| `traefik/http/middlewares/Middleware12/headers/accessControlAllowMethods/1` | `foobar` |
-| `traefik/http/middlewares/Middleware12/headers/accessControlAllowOriginList/0` | `foobar` |
-| `traefik/http/middlewares/Middleware12/headers/accessControlAllowOriginList/1` | `foobar` |
-| `traefik/http/middlewares/Middleware12/headers/accessControlAllowOriginListRegex/0` | `foobar` |
-| `traefik/http/middlewares/Middleware12/headers/accessControlAllowOriginListRegex/1` | `foobar` |
-| `traefik/http/middlewares/Middleware12/headers/accessControlExposeHeaders/0` | `foobar` |
-| `traefik/http/middlewares/Middleware12/headers/accessControlExposeHeaders/1` | `foobar` |
-| `traefik/http/middlewares/Middleware12/headers/accessControlMaxAge` | `42` |
-| `traefik/http/middlewares/Middleware12/headers/addVaryHeader` | `true` |
-| `traefik/http/middlewares/Middleware12/headers/allowedHosts/0` | `foobar` |
-| `traefik/http/middlewares/Middleware12/headers/allowedHosts/1` | `foobar` |
-| `traefik/http/middlewares/Middleware12/headers/browserXssFilter` | `true` |
-| `traefik/http/middlewares/Middleware12/headers/contentSecurityPolicy` | `foobar` |
-| `traefik/http/middlewares/Middleware12/headers/contentSecurityPolicyReportOnly` | `foobar` |
-| `traefik/http/middlewares/Middleware12/headers/contentTypeNosniff` | `true` |
-| `traefik/http/middlewares/Middleware12/headers/customBrowserXSSValue` | `foobar` |
-| `traefik/http/middlewares/Middleware12/headers/customFrameOptionsValue` | `foobar` |
-| `traefik/http/middlewares/Middleware12/headers/customRequestHeaders/name0` | `foobar` |
-| `traefik/http/middlewares/Middleware12/headers/customRequestHeaders/name1` | `foobar` |
-| `traefik/http/middlewares/Middleware12/headers/customResponseHeaders/name0` | `foobar` |
-| `traefik/http/middlewares/Middleware12/headers/customResponseHeaders/name1` | `foobar` |
-| `traefik/http/middlewares/Middleware12/headers/featurePolicy` | `foobar` |
-| `traefik/http/middlewares/Middleware12/headers/forceSTSHeader` | `true` |
-| `traefik/http/middlewares/Middleware12/headers/frameDeny` | `true` |
-| `traefik/http/middlewares/Middleware12/headers/hostsProxyHeaders/0` | `foobar` |
-| `traefik/http/middlewares/Middleware12/headers/hostsProxyHeaders/1` | `foobar` |
-| `traefik/http/middlewares/Middleware12/headers/isDevelopment` | `true` |
-| `traefik/http/middlewares/Middleware12/headers/permissionsPolicy` | `foobar` |
-| `traefik/http/middlewares/Middleware12/headers/publicKey` | `foobar` |
-| `traefik/http/middlewares/Middleware12/headers/referrerPolicy` | `foobar` |
-| `traefik/http/middlewares/Middleware12/headers/sslForceHost` | `true` |
-| `traefik/http/middlewares/Middleware12/headers/sslHost` | `foobar` |
-| `traefik/http/middlewares/Middleware12/headers/sslProxyHeaders/name0` | `foobar` |
-| `traefik/http/middlewares/Middleware12/headers/sslProxyHeaders/name1` | `foobar` |
-| `traefik/http/middlewares/Middleware12/headers/sslRedirect` | `true` |
-| `traefik/http/middlewares/Middleware12/headers/sslTemporaryRedirect` | `true` |
-| `traefik/http/middlewares/Middleware12/headers/stsIncludeSubdomains` | `true` |
-| `traefik/http/middlewares/Middleware12/headers/stsPreload` | `true` |
-| `traefik/http/middlewares/Middleware12/headers/stsSeconds` | `42` |
-| `traefik/http/middlewares/Middleware13/ipAllowList/ipStrategy/depth` | `42` |
-| `traefik/http/middlewares/Middleware13/ipAllowList/ipStrategy/excludedIPs/0` | `foobar` |
-| `traefik/http/middlewares/Middleware13/ipAllowList/ipStrategy/excludedIPs/1` | `foobar` |
-| `traefik/http/middlewares/Middleware13/ipAllowList/ipStrategy/ipv6Subnet` | `42` |
-| `traefik/http/middlewares/Middleware13/ipAllowList/rejectStatusCode` | `42` |
-| `traefik/http/middlewares/Middleware13/ipAllowList/sourceRange/0` | `foobar` |
-| `traefik/http/middlewares/Middleware13/ipAllowList/sourceRange/1` | `foobar` |
-| `traefik/http/middlewares/Middleware14/ipWhiteList/ipStrategy/depth` | `42` |
-| `traefik/http/middlewares/Middleware14/ipWhiteList/ipStrategy/excludedIPs/0` | `foobar` |
-| `traefik/http/middlewares/Middleware14/ipWhiteList/ipStrategy/excludedIPs/1` | `foobar` |
-| `traefik/http/middlewares/Middleware14/ipWhiteList/ipStrategy/ipv6Subnet` | `42` |
-| `traefik/http/middlewares/Middleware14/ipWhiteList/sourceRange/0` | `foobar` |
-| `traefik/http/middlewares/Middleware14/ipWhiteList/sourceRange/1` | `foobar` |
-| `traefik/http/middlewares/Middleware15/inFlightReq/amount` | `42` |
-| `traefik/http/middlewares/Middleware15/inFlightReq/sourceCriterion/ipStrategy/depth` | `42` |
-| `traefik/http/middlewares/Middleware15/inFlightReq/sourceCriterion/ipStrategy/excludedIPs/0` | `foobar` |
-| `traefik/http/middlewares/Middleware15/inFlightReq/sourceCriterion/ipStrategy/excludedIPs/1` | `foobar` |
-| `traefik/http/middlewares/Middleware15/inFlightReq/sourceCriterion/ipStrategy/ipv6Subnet` | `42` |
-| `traefik/http/middlewares/Middleware15/inFlightReq/sourceCriterion/requestHeaderName` | `foobar` |
-| `traefik/http/middlewares/Middleware15/inFlightReq/sourceCriterion/requestHost` | `true` |
-| `traefik/http/middlewares/Middleware16/passTLSClientCert/info/issuer/commonName` | `true` |
-| `traefik/http/middlewares/Middleware16/passTLSClientCert/info/issuer/country` | `true` |
-| `traefik/http/middlewares/Middleware16/passTLSClientCert/info/issuer/domainComponent` | `true` |
-| `traefik/http/middlewares/Middleware16/passTLSClientCert/info/issuer/locality` | `true` |
-| `traefik/http/middlewares/Middleware16/passTLSClientCert/info/issuer/organization` | `true` |
-| `traefik/http/middlewares/Middleware16/passTLSClientCert/info/issuer/province` | `true` |
-| `traefik/http/middlewares/Middleware16/passTLSClientCert/info/issuer/serialNumber` | `true` |
-| `traefik/http/middlewares/Middleware16/passTLSClientCert/info/notAfter` | `true` |
-| `traefik/http/middlewares/Middleware16/passTLSClientCert/info/notBefore` | `true` |
-| `traefik/http/middlewares/Middleware16/passTLSClientCert/info/sans` | `true` |
-| `traefik/http/middlewares/Middleware16/passTLSClientCert/info/serialNumber` | `true` |
-| `traefik/http/middlewares/Middleware16/passTLSClientCert/info/subject/commonName` | `true` |
-| `traefik/http/middlewares/Middleware16/passTLSClientCert/info/subject/country` | `true` |
-| `traefik/http/middlewares/Middleware16/passTLSClientCert/info/subject/domainComponent` | `true` |
-| `traefik/http/middlewares/Middleware16/passTLSClientCert/info/subject/locality` | `true` |
-| `traefik/http/middlewares/Middleware16/passTLSClientCert/info/subject/organization` | `true` |
-| `traefik/http/middlewares/Middleware16/passTLSClientCert/info/subject/organizationalUnit` | `true` |
-| `traefik/http/middlewares/Middleware16/passTLSClientCert/info/subject/province` | `true` |
-| `traefik/http/middlewares/Middleware16/passTLSClientCert/info/subject/serialNumber` | `true` |
-| `traefik/http/middlewares/Middleware16/passTLSClientCert/pem` | `true` |
-| `traefik/http/middlewares/Middleware17/plugin/PluginConf0/name0` | `foobar` |
-| `traefik/http/middlewares/Middleware17/plugin/PluginConf0/name1` | `foobar` |
-| `traefik/http/middlewares/Middleware17/plugin/PluginConf1/name0` | `foobar` |
-| `traefik/http/middlewares/Middleware17/plugin/PluginConf1/name1` | `foobar` |
-| `traefik/http/middlewares/Middleware18/rateLimit/average` | `42` |
-| `traefik/http/middlewares/Middleware18/rateLimit/burst` | `42` |
-| `traefik/http/middlewares/Middleware18/rateLimit/period` | `42s` |
-| `traefik/http/middlewares/Middleware18/rateLimit/redis/db` | `42` |
-| `traefik/http/middlewares/Middleware18/rateLimit/redis/dialTimeout` | `42s` |
-| `traefik/http/middlewares/Middleware18/rateLimit/redis/endpoints/0` | `foobar` |
-| `traefik/http/middlewares/Middleware18/rateLimit/redis/endpoints/1` | `foobar` |
-| `traefik/http/middlewares/Middleware18/rateLimit/redis/maxActiveConns` | `42` |
-| `traefik/http/middlewares/Middleware18/rateLimit/redis/minIdleConns` | `42` |
-| `traefik/http/middlewares/Middleware18/rateLimit/redis/password` | `foobar` |
-| `traefik/http/middlewares/Middleware18/rateLimit/redis/poolSize` | `42` |
-| `traefik/http/middlewares/Middleware18/rateLimit/redis/readTimeout` | `42s` |
-| `traefik/http/middlewares/Middleware18/rateLimit/redis/tls/ca` | `foobar` |
-| `traefik/http/middlewares/Middleware18/rateLimit/redis/tls/cert` | `foobar` |
-| `traefik/http/middlewares/Middleware18/rateLimit/redis/tls/insecureSkipVerify` | `true` |
-| `traefik/http/middlewares/Middleware18/rateLimit/redis/tls/key` | `foobar` |
-| `traefik/http/middlewares/Middleware18/rateLimit/redis/username` | `foobar` |
-| `traefik/http/middlewares/Middleware18/rateLimit/redis/writeTimeout` | `42s` |
-| `traefik/http/middlewares/Middleware18/rateLimit/sourceCriterion/ipStrategy/depth` | `42` |
-| `traefik/http/middlewares/Middleware18/rateLimit/sourceCriterion/ipStrategy/excludedIPs/0` | `foobar` |
-| `traefik/http/middlewares/Middleware18/rateLimit/sourceCriterion/ipStrategy/excludedIPs/1` | `foobar` |
-| `traefik/http/middlewares/Middleware18/rateLimit/sourceCriterion/ipStrategy/ipv6Subnet` | `42` |
-| `traefik/http/middlewares/Middleware18/rateLimit/sourceCriterion/requestHeaderName` | `foobar` |
-| `traefik/http/middlewares/Middleware18/rateLimit/sourceCriterion/requestHost` | `true` |
-| `traefik/http/middlewares/Middleware19/redirectRegex/permanent` | `true` |
-| `traefik/http/middlewares/Middleware19/redirectRegex/regex` | `foobar` |
-| `traefik/http/middlewares/Middleware19/redirectRegex/replacement` | `foobar` |
-| `traefik/http/middlewares/Middleware20/redirectScheme/permanent` | `true` |
-| `traefik/http/middlewares/Middleware20/redirectScheme/port` | `foobar` |
-| `traefik/http/middlewares/Middleware20/redirectScheme/scheme` | `foobar` |
-| `traefik/http/middlewares/Middleware21/replacePath/path` | `foobar` |
-| `traefik/http/middlewares/Middleware22/replacePathRegex/regex` | `foobar` |
-| `traefik/http/middlewares/Middleware22/replacePathRegex/replacement` | `foobar` |
-| `traefik/http/middlewares/Middleware23/retry/attempts` | `42` |
-| `traefik/http/middlewares/Middleware23/retry/initialInterval` | `42s` |
-| `traefik/http/middlewares/Middleware24/stripPrefix/forceSlash` | `true` |
-| `traefik/http/middlewares/Middleware24/stripPrefix/prefixes/0` | `foobar` |
-| `traefik/http/middlewares/Middleware24/stripPrefix/prefixes/1` | `foobar` |
-| `traefik/http/middlewares/Middleware25/stripPrefixRegex/regex/0` | `foobar` |
-| `traefik/http/middlewares/Middleware25/stripPrefixRegex/regex/1` | `foobar` |
-| `traefik/http/routers/Router0/entryPoints/0` | `foobar` |
-| `traefik/http/routers/Router0/entryPoints/1` | `foobar` |
-| `traefik/http/routers/Router0/middlewares/0` | `foobar` |
-| `traefik/http/routers/Router0/middlewares/1` | `foobar` |
-| `traefik/http/routers/Router0/observability/accessLogs` | `true` |
-| `traefik/http/routers/Router0/observability/metrics` | `true` |
-| `traefik/http/routers/Router0/observability/traceVerbosity` | `foobar` |
-| `traefik/http/routers/Router0/observability/tracing` | `true` |
-| `traefik/http/routers/Router0/priority` | `42` |
-| `traefik/http/routers/Router0/rule` | `foobar` |
-| `traefik/http/routers/Router0/ruleSyntax` | `foobar` |
-| `traefik/http/routers/Router0/service` | `foobar` |
-| `traefik/http/routers/Router0/tls/certResolver` | `foobar` |
-| `traefik/http/routers/Router0/tls/domains/0/main` | `foobar` |
-| `traefik/http/routers/Router0/tls/domains/0/sans/0` | `foobar` |
-| `traefik/http/routers/Router0/tls/domains/0/sans/1` | `foobar` |
-| `traefik/http/routers/Router0/tls/domains/1/main` | `foobar` |
-| `traefik/http/routers/Router0/tls/domains/1/sans/0` | `foobar` |
-| `traefik/http/routers/Router0/tls/domains/1/sans/1` | `foobar` |
-| `traefik/http/routers/Router0/tls/options` | `foobar` |
-| `traefik/http/routers/Router1/entryPoints/0` | `foobar` |
-| `traefik/http/routers/Router1/entryPoints/1` | `foobar` |
-| `traefik/http/routers/Router1/middlewares/0` | `foobar` |
-| `traefik/http/routers/Router1/middlewares/1` | `foobar` |
-| `traefik/http/routers/Router1/observability/accessLogs` | `true` |
-| `traefik/http/routers/Router1/observability/metrics` | `true` |
-| `traefik/http/routers/Router1/observability/traceVerbosity` | `foobar` |
-| `traefik/http/routers/Router1/observability/tracing` | `true` |
-| `traefik/http/routers/Router1/priority` | `42` |
-| `traefik/http/routers/Router1/rule` | `foobar` |
-| `traefik/http/routers/Router1/ruleSyntax` | `foobar` |
-| `traefik/http/routers/Router1/service` | `foobar` |
-| `traefik/http/routers/Router1/tls/certResolver` | `foobar` |
-| `traefik/http/routers/Router1/tls/domains/0/main` | `foobar` |
-| `traefik/http/routers/Router1/tls/domains/0/sans/0` | `foobar` |
-| `traefik/http/routers/Router1/tls/domains/0/sans/1` | `foobar` |
-| `traefik/http/routers/Router1/tls/domains/1/main` | `foobar` |
-| `traefik/http/routers/Router1/tls/domains/1/sans/0` | `foobar` |
-| `traefik/http/routers/Router1/tls/domains/1/sans/1` | `foobar` |
-| `traefik/http/routers/Router1/tls/options` | `foobar` |
-| `traefik/http/serversTransports/ServersTransport0/certificates/0/certFile` | `foobar` |
-| `traefik/http/serversTransports/ServersTransport0/certificates/0/keyFile` | `foobar` |
-| `traefik/http/serversTransports/ServersTransport0/certificates/1/certFile` | `foobar` |
-| `traefik/http/serversTransports/ServersTransport0/certificates/1/keyFile` | `foobar` |
-| `traefik/http/serversTransports/ServersTransport0/disableHTTP2` | `true` |
-| `traefik/http/serversTransports/ServersTransport0/forwardingTimeouts/dialTimeout` | `42s` |
-| `traefik/http/serversTransports/ServersTransport0/forwardingTimeouts/idleConnTimeout` | `42s` |
-| `traefik/http/serversTransports/ServersTransport0/forwardingTimeouts/pingTimeout` | `42s` |
-| `traefik/http/serversTransports/ServersTransport0/forwardingTimeouts/readIdleTimeout` | `42s` |
-| `traefik/http/serversTransports/ServersTransport0/forwardingTimeouts/responseHeaderTimeout` | `42s` |
-| `traefik/http/serversTransports/ServersTransport0/insecureSkipVerify` | `true` |
-| `traefik/http/serversTransports/ServersTransport0/maxIdleConnsPerHost` | `42` |
-| `traefik/http/serversTransports/ServersTransport0/peerCertURI` | `foobar` |
-| `traefik/http/serversTransports/ServersTransport0/rootCAs/0` | `foobar` |
-| `traefik/http/serversTransports/ServersTransport0/rootCAs/1` | `foobar` |
-| `traefik/http/serversTransports/ServersTransport0/serverName` | `foobar` |
-| `traefik/http/serversTransports/ServersTransport0/spiffe/ids/0` | `foobar` |
-| `traefik/http/serversTransports/ServersTransport0/spiffe/ids/1` | `foobar` |
-| `traefik/http/serversTransports/ServersTransport0/spiffe/trustDomain` | `foobar` |
-| `traefik/http/serversTransports/ServersTransport1/certificates/0/certFile` | `foobar` |
-| `traefik/http/serversTransports/ServersTransport1/certificates/0/keyFile` | `foobar` |
-| `traefik/http/serversTransports/ServersTransport1/certificates/1/certFile` | `foobar` |
-| `traefik/http/serversTransports/ServersTransport1/certificates/1/keyFile` | `foobar` |
-| `traefik/http/serversTransports/ServersTransport1/disableHTTP2` | `true` |
-| `traefik/http/serversTransports/ServersTransport1/forwardingTimeouts/dialTimeout` | `42s` |
-| `traefik/http/serversTransports/ServersTransport1/forwardingTimeouts/idleConnTimeout` | `42s` |
-| `traefik/http/serversTransports/ServersTransport1/forwardingTimeouts/pingTimeout` | `42s` |
-| `traefik/http/serversTransports/ServersTransport1/forwardingTimeouts/readIdleTimeout` | `42s` |
-| `traefik/http/serversTransports/ServersTransport1/forwardingTimeouts/responseHeaderTimeout` | `42s` |
-| `traefik/http/serversTransports/ServersTransport1/insecureSkipVerify` | `true` |
-| `traefik/http/serversTransports/ServersTransport1/maxIdleConnsPerHost` | `42` |
-| `traefik/http/serversTransports/ServersTransport1/peerCertURI` | `foobar` |
-| `traefik/http/serversTransports/ServersTransport1/rootCAs/0` | `foobar` |
-| `traefik/http/serversTransports/ServersTransport1/rootCAs/1` | `foobar` |
-| `traefik/http/serversTransports/ServersTransport1/serverName` | `foobar` |
-| `traefik/http/serversTransports/ServersTransport1/spiffe/ids/0` | `foobar` |
-| `traefik/http/serversTransports/ServersTransport1/spiffe/ids/1` | `foobar` |
-| `traefik/http/serversTransports/ServersTransport1/spiffe/trustDomain` | `foobar` |
-| `traefik/http/services/Service01/failover/fallback` | `foobar` |
-| `traefik/http/services/Service01/failover/healthCheck` | `` |
-| `traefik/http/services/Service01/failover/service` | `foobar` |
-| `traefik/http/services/Service02/loadBalancer/healthCheck/followRedirects` | `true` |
-| `traefik/http/services/Service02/loadBalancer/healthCheck/headers/name0` | `foobar` |
-| `traefik/http/services/Service02/loadBalancer/healthCheck/headers/name1` | `foobar` |
-| `traefik/http/services/Service02/loadBalancer/healthCheck/hostname` | `foobar` |
-| `traefik/http/services/Service02/loadBalancer/healthCheck/interval` | `42s` |
-| `traefik/http/services/Service02/loadBalancer/healthCheck/method` | `foobar` |
-| `traefik/http/services/Service02/loadBalancer/healthCheck/mode` | `foobar` |
-| `traefik/http/services/Service02/loadBalancer/healthCheck/path` | `foobar` |
-| `traefik/http/services/Service02/loadBalancer/healthCheck/port` | `42` |
-| `traefik/http/services/Service02/loadBalancer/healthCheck/scheme` | `foobar` |
-| `traefik/http/services/Service02/loadBalancer/healthCheck/status` | `42` |
-| `traefik/http/services/Service02/loadBalancer/healthCheck/timeout` | `42s` |
-| `traefik/http/services/Service02/loadBalancer/healthCheck/unhealthyInterval` | `42s` |
-| `traefik/http/services/Service02/loadBalancer/passHostHeader` | `true` |
-| `traefik/http/services/Service02/loadBalancer/responseForwarding/flushInterval` | `42s` |
-| `traefik/http/services/Service02/loadBalancer/servers/0/preservePath` | `true` |
-| `traefik/http/services/Service02/loadBalancer/servers/0/url` | `foobar` |
-| `traefik/http/services/Service02/loadBalancer/servers/0/weight` | `42` |
-| `traefik/http/services/Service02/loadBalancer/servers/1/preservePath` | `true` |
-| `traefik/http/services/Service02/loadBalancer/servers/1/url` | `foobar` |
-| `traefik/http/services/Service02/loadBalancer/servers/1/weight` | `42` |
-| `traefik/http/services/Service02/loadBalancer/serversTransport` | `foobar` |
-| `traefik/http/services/Service02/loadBalancer/sticky/cookie/domain` | `foobar` |
-| `traefik/http/services/Service02/loadBalancer/sticky/cookie/httpOnly` | `true` |
-| `traefik/http/services/Service02/loadBalancer/sticky/cookie/maxAge` | `42` |
-| `traefik/http/services/Service02/loadBalancer/sticky/cookie/name` | `foobar` |
-| `traefik/http/services/Service02/loadBalancer/sticky/cookie/path` | `foobar` |
-| `traefik/http/services/Service02/loadBalancer/sticky/cookie/sameSite` | `foobar` |
-| `traefik/http/services/Service02/loadBalancer/sticky/cookie/secure` | `true` |
-| `traefik/http/services/Service02/loadBalancer/strategy` | `foobar` |
-| `traefik/http/services/Service03/mirroring/healthCheck` | `` |
-| `traefik/http/services/Service03/mirroring/maxBodySize` | `42` |
-| `traefik/http/services/Service03/mirroring/mirrorBody` | `true` |
-| `traefik/http/services/Service03/mirroring/mirrors/0/name` | `foobar` |
-| `traefik/http/services/Service03/mirroring/mirrors/0/percent` | `42` |
-| `traefik/http/services/Service03/mirroring/mirrors/1/name` | `foobar` |
-| `traefik/http/services/Service03/mirroring/mirrors/1/percent` | `42` |
-| `traefik/http/services/Service03/mirroring/service` | `foobar` |
-| `traefik/http/services/Service04/weighted/healthCheck` | `` |
-| `traefik/http/services/Service04/weighted/services/0/name` | `foobar` |
-| `traefik/http/services/Service04/weighted/services/0/weight` | `42` |
-| `traefik/http/services/Service04/weighted/services/1/name` | `foobar` |
-| `traefik/http/services/Service04/weighted/services/1/weight` | `42` |
-| `traefik/http/services/Service04/weighted/sticky/cookie/domain` | `foobar` |
-| `traefik/http/services/Service04/weighted/sticky/cookie/httpOnly` | `true` |
-| `traefik/http/services/Service04/weighted/sticky/cookie/maxAge` | `42` |
-| `traefik/http/services/Service04/weighted/sticky/cookie/name` | `foobar` |
-| `traefik/http/services/Service04/weighted/sticky/cookie/path` | `foobar` |
-| `traefik/http/services/Service04/weighted/sticky/cookie/sameSite` | `foobar` |
-| `traefik/http/services/Service04/weighted/sticky/cookie/secure` | `true` |
-| `traefik/tcp/middlewares/TCPMiddleware01/ipAllowList/sourceRange/0` | `foobar` |
-| `traefik/tcp/middlewares/TCPMiddleware01/ipAllowList/sourceRange/1` | `foobar` |
-| `traefik/tcp/middlewares/TCPMiddleware02/ipWhiteList/sourceRange/0` | `foobar` |
-| `traefik/tcp/middlewares/TCPMiddleware02/ipWhiteList/sourceRange/1` | `foobar` |
-| `traefik/tcp/middlewares/TCPMiddleware03/inFlightConn/amount` | `42` |
-| `traefik/tcp/routers/TCPRouter0/entryPoints/0` | `foobar` |
-| `traefik/tcp/routers/TCPRouter0/entryPoints/1` | `foobar` |
-| `traefik/tcp/routers/TCPRouter0/middlewares/0` | `foobar` |
-| `traefik/tcp/routers/TCPRouter0/middlewares/1` | `foobar` |
-| `traefik/tcp/routers/TCPRouter0/priority` | `42` |
-| `traefik/tcp/routers/TCPRouter0/rule` | `foobar` |
-| `traefik/tcp/routers/TCPRouter0/ruleSyntax` | `foobar` |
-| `traefik/tcp/routers/TCPRouter0/service` | `foobar` |
-| `traefik/tcp/routers/TCPRouter0/tls/certResolver` | `foobar` |
-| `traefik/tcp/routers/TCPRouter0/tls/domains/0/main` | `foobar` |
-| `traefik/tcp/routers/TCPRouter0/tls/domains/0/sans/0` | `foobar` |
-| `traefik/tcp/routers/TCPRouter0/tls/domains/0/sans/1` | `foobar` |
-| `traefik/tcp/routers/TCPRouter0/tls/domains/1/main` | `foobar` |
-| `traefik/tcp/routers/TCPRouter0/tls/domains/1/sans/0` | `foobar` |
-| `traefik/tcp/routers/TCPRouter0/tls/domains/1/sans/1` | `foobar` |
-| `traefik/tcp/routers/TCPRouter0/tls/options` | `foobar` |
-| `traefik/tcp/routers/TCPRouter0/tls/passthrough` | `true` |
-| `traefik/tcp/routers/TCPRouter1/entryPoints/0` | `foobar` |
-| `traefik/tcp/routers/TCPRouter1/entryPoints/1` | `foobar` |
-| `traefik/tcp/routers/TCPRouter1/middlewares/0` | `foobar` |
-| `traefik/tcp/routers/TCPRouter1/middlewares/1` | `foobar` |
-| `traefik/tcp/routers/TCPRouter1/priority` | `42` |
-| `traefik/tcp/routers/TCPRouter1/rule` | `foobar` |
-| `traefik/tcp/routers/TCPRouter1/ruleSyntax` | `foobar` |
-| `traefik/tcp/routers/TCPRouter1/service` | `foobar` |
-| `traefik/tcp/routers/TCPRouter1/tls/certResolver` | `foobar` |
-| `traefik/tcp/routers/TCPRouter1/tls/domains/0/main` | `foobar` |
-| `traefik/tcp/routers/TCPRouter1/tls/domains/0/sans/0` | `foobar` |
-| `traefik/tcp/routers/TCPRouter1/tls/domains/0/sans/1` | `foobar` |
-| `traefik/tcp/routers/TCPRouter1/tls/domains/1/main` | `foobar` |
-| `traefik/tcp/routers/TCPRouter1/tls/domains/1/sans/0` | `foobar` |
-| `traefik/tcp/routers/TCPRouter1/tls/domains/1/sans/1` | `foobar` |
-| `traefik/tcp/routers/TCPRouter1/tls/options` | `foobar` |
-| `traefik/tcp/routers/TCPRouter1/tls/passthrough` | `true` |
-| `traefik/tcp/serversTransports/TCPServersTransport0/dialKeepAlive` | `42s` |
-| `traefik/tcp/serversTransports/TCPServersTransport0/dialTimeout` | `42s` |
-| `traefik/tcp/serversTransports/TCPServersTransport0/proxyProtocol/version` | `42` |
-| `traefik/tcp/serversTransports/TCPServersTransport0/terminationDelay` | `42s` |
-| `traefik/tcp/serversTransports/TCPServersTransport0/tls/certificates/0/certFile` | `foobar` |
-| `traefik/tcp/serversTransports/TCPServersTransport0/tls/certificates/0/keyFile` | `foobar` |
-| `traefik/tcp/serversTransports/TCPServersTransport0/tls/certificates/1/certFile` | `foobar` |
-| `traefik/tcp/serversTransports/TCPServersTransport0/tls/certificates/1/keyFile` | `foobar` |
-| `traefik/tcp/serversTransports/TCPServersTransport0/tls/insecureSkipVerify` | `true` |
-| `traefik/tcp/serversTransports/TCPServersTransport0/tls/peerCertURI` | `foobar` |
-| `traefik/tcp/serversTransports/TCPServersTransport0/tls/rootCAs/0` | `foobar` |
-| `traefik/tcp/serversTransports/TCPServersTransport0/tls/rootCAs/1` | `foobar` |
-| `traefik/tcp/serversTransports/TCPServersTransport0/tls/serverName` | `foobar` |
-| `traefik/tcp/serversTransports/TCPServersTransport0/tls/spiffe/ids/0` | `foobar` |
-| `traefik/tcp/serversTransports/TCPServersTransport0/tls/spiffe/ids/1` | `foobar` |
-| `traefik/tcp/serversTransports/TCPServersTransport0/tls/spiffe/trustDomain` | `foobar` |
-| `traefik/tcp/serversTransports/TCPServersTransport1/dialKeepAlive` | `42s` |
-| `traefik/tcp/serversTransports/TCPServersTransport1/dialTimeout` | `42s` |
-| `traefik/tcp/serversTransports/TCPServersTransport1/proxyProtocol/version` | `42` |
-| `traefik/tcp/serversTransports/TCPServersTransport1/terminationDelay` | `42s` |
-| `traefik/tcp/serversTransports/TCPServersTransport1/tls/certificates/0/certFile` | `foobar` |
-| `traefik/tcp/serversTransports/TCPServersTransport1/tls/certificates/0/keyFile` | `foobar` |
-| `traefik/tcp/serversTransports/TCPServersTransport1/tls/certificates/1/certFile` | `foobar` |
-| `traefik/tcp/serversTransports/TCPServersTransport1/tls/certificates/1/keyFile` | `foobar` |
-| `traefik/tcp/serversTransports/TCPServersTransport1/tls/insecureSkipVerify` | `true` |
-| `traefik/tcp/serversTransports/TCPServersTransport1/tls/peerCertURI` | `foobar` |
-| `traefik/tcp/serversTransports/TCPServersTransport1/tls/rootCAs/0` | `foobar` |
-| `traefik/tcp/serversTransports/TCPServersTransport1/tls/rootCAs/1` | `foobar` |
-| `traefik/tcp/serversTransports/TCPServersTransport1/tls/serverName` | `foobar` |
-| `traefik/tcp/serversTransports/TCPServersTransport1/tls/spiffe/ids/0` | `foobar` |
-| `traefik/tcp/serversTransports/TCPServersTransport1/tls/spiffe/ids/1` | `foobar` |
-| `traefik/tcp/serversTransports/TCPServersTransport1/tls/spiffe/trustDomain` | `foobar` |
-| `traefik/tcp/services/TCPService01/loadBalancer/proxyProtocol/version` | `42` |
-| `traefik/tcp/services/TCPService01/loadBalancer/servers/0/address` | `foobar` |
-| `traefik/tcp/services/TCPService01/loadBalancer/servers/0/tls` | `true` |
-| `traefik/tcp/services/TCPService01/loadBalancer/servers/1/address` | `foobar` |
-| `traefik/tcp/services/TCPService01/loadBalancer/servers/1/tls` | `true` |
-| `traefik/tcp/services/TCPService01/loadBalancer/serversTransport` | `foobar` |
-| `traefik/tcp/services/TCPService01/loadBalancer/terminationDelay` | `42` |
-| `traefik/tcp/services/TCPService02/weighted/services/0/name` | `foobar` |
-| `traefik/tcp/services/TCPService02/weighted/services/0/weight` | `42` |
-| `traefik/tcp/services/TCPService02/weighted/services/1/name` | `foobar` |
-| `traefik/tcp/services/TCPService02/weighted/services/1/weight` | `42` |
-| `traefik/tls/certificates/0/certFile` | `foobar` |
-| `traefik/tls/certificates/0/keyFile` | `foobar` |
-| `traefik/tls/certificates/0/stores/0` | `foobar` |
-| `traefik/tls/certificates/0/stores/1` | `foobar` |
-| `traefik/tls/certificates/1/certFile` | `foobar` |
-| `traefik/tls/certificates/1/keyFile` | `foobar` |
-| `traefik/tls/certificates/1/stores/0` | `foobar` |
-| `traefik/tls/certificates/1/stores/1` | `foobar` |
-| `traefik/tls/options/Options0/alpnProtocols/0` | `foobar` |
-| `traefik/tls/options/Options0/alpnProtocols/1` | `foobar` |
-| `traefik/tls/options/Options0/cipherSuites/0` | `foobar` |
-| `traefik/tls/options/Options0/cipherSuites/1` | `foobar` |
-| `traefik/tls/options/Options0/clientAuth/caFiles/0` | `foobar` |
-| `traefik/tls/options/Options0/clientAuth/caFiles/1` | `foobar` |
-| `traefik/tls/options/Options0/clientAuth/clientAuthType` | `foobar` |
-| `traefik/tls/options/Options0/curvePreferences/0` | `foobar` |
-| `traefik/tls/options/Options0/curvePreferences/1` | `foobar` |
-| `traefik/tls/options/Options0/disableSessionTickets` | `true` |
-| `traefik/tls/options/Options0/maxVersion` | `foobar` |
-| `traefik/tls/options/Options0/minVersion` | `foobar` |
-| `traefik/tls/options/Options0/preferServerCipherSuites` | `true` |
-| `traefik/tls/options/Options0/sniStrict` | `true` |
-| `traefik/tls/options/Options1/alpnProtocols/0` | `foobar` |
-| `traefik/tls/options/Options1/alpnProtocols/1` | `foobar` |
-| `traefik/tls/options/Options1/cipherSuites/0` | `foobar` |
-| `traefik/tls/options/Options1/cipherSuites/1` | `foobar` |
-| `traefik/tls/options/Options1/clientAuth/caFiles/0` | `foobar` |
-| `traefik/tls/options/Options1/clientAuth/caFiles/1` | `foobar` |
-| `traefik/tls/options/Options1/clientAuth/clientAuthType` | `foobar` |
-| `traefik/tls/options/Options1/curvePreferences/0` | `foobar` |
-| `traefik/tls/options/Options1/curvePreferences/1` | `foobar` |
-| `traefik/tls/options/Options1/disableSessionTickets` | `true` |
-| `traefik/tls/options/Options1/maxVersion` | `foobar` |
-| `traefik/tls/options/Options1/minVersion` | `foobar` |
-| `traefik/tls/options/Options1/preferServerCipherSuites` | `true` |
-| `traefik/tls/options/Options1/sniStrict` | `true` |
-| `traefik/tls/stores/Store0/defaultCertificate/certFile` | `foobar` |
-| `traefik/tls/stores/Store0/defaultCertificate/keyFile` | `foobar` |
-| `traefik/tls/stores/Store0/defaultGeneratedCert/domain/main` | `foobar` |
-| `traefik/tls/stores/Store0/defaultGeneratedCert/domain/sans/0` | `foobar` |
-| `traefik/tls/stores/Store0/defaultGeneratedCert/domain/sans/1` | `foobar` |
-| `traefik/tls/stores/Store0/defaultGeneratedCert/resolver` | `foobar` |
-| `traefik/tls/stores/Store1/defaultCertificate/certFile` | `foobar` |
-| `traefik/tls/stores/Store1/defaultCertificate/keyFile` | `foobar` |
-| `traefik/tls/stores/Store1/defaultGeneratedCert/domain/main` | `foobar` |
-| `traefik/tls/stores/Store1/defaultGeneratedCert/domain/sans/0` | `foobar` |
-| `traefik/tls/stores/Store1/defaultGeneratedCert/domain/sans/1` | `foobar` |
-| `traefik/tls/stores/Store1/defaultGeneratedCert/resolver` | `foobar` |
-| `traefik/udp/routers/UDPRouter0/entryPoints/0` | `foobar` |
-| `traefik/udp/routers/UDPRouter0/entryPoints/1` | `foobar` |
-| `traefik/udp/routers/UDPRouter0/service` | `foobar` |
-| `traefik/udp/routers/UDPRouter1/entryPoints/0` | `foobar` |
-| `traefik/udp/routers/UDPRouter1/entryPoints/1` | `foobar` |
-| `traefik/udp/routers/UDPRouter1/service` | `foobar` |
-| `traefik/udp/services/UDPService01/loadBalancer/servers/0/address` | `foobar` |
-| `traefik/udp/services/UDPService01/loadBalancer/servers/1/address` | `foobar` |
-| `traefik/udp/services/UDPService02/weighted/services/0/name` | `foobar` |
-| `traefik/udp/services/UDPService02/weighted/services/0/weight` | `42` |
-| `traefik/udp/services/UDPService02/weighted/services/1/name` | `foobar` |
-| `traefik/udp/services/UDPService02/weighted/services/1/weight` | `42` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware01addPrefixprefix" href="#opt-traefikhttpmiddlewaresMiddleware01addPrefixprefix" title="#opt-traefikhttpmiddlewaresMiddleware01addPrefixprefix">`traefik/http/middlewares/Middleware01/addPrefix/prefix`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware02basicAuthheaderField" href="#opt-traefikhttpmiddlewaresMiddleware02basicAuthheaderField" title="#opt-traefikhttpmiddlewaresMiddleware02basicAuthheaderField">`traefik/http/middlewares/Middleware02/basicAuth/headerField`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware02basicAuthrealm" href="#opt-traefikhttpmiddlewaresMiddleware02basicAuthrealm" title="#opt-traefikhttpmiddlewaresMiddleware02basicAuthrealm">`traefik/http/middlewares/Middleware02/basicAuth/realm`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware02basicAuthremoveHeader" href="#opt-traefikhttpmiddlewaresMiddleware02basicAuthremoveHeader" title="#opt-traefikhttpmiddlewaresMiddleware02basicAuthremoveHeader">`traefik/http/middlewares/Middleware02/basicAuth/removeHeader`</a> | `true` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware02basicAuthusers0" href="#opt-traefikhttpmiddlewaresMiddleware02basicAuthusers0" title="#opt-traefikhttpmiddlewaresMiddleware02basicAuthusers0">`traefik/http/middlewares/Middleware02/basicAuth/users/0`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware02basicAuthusers1" href="#opt-traefikhttpmiddlewaresMiddleware02basicAuthusers1" title="#opt-traefikhttpmiddlewaresMiddleware02basicAuthusers1">`traefik/http/middlewares/Middleware02/basicAuth/users/1`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware02basicAuthusersFile" href="#opt-traefikhttpmiddlewaresMiddleware02basicAuthusersFile" title="#opt-traefikhttpmiddlewaresMiddleware02basicAuthusersFile">`traefik/http/middlewares/Middleware02/basicAuth/usersFile`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware03bufferingmaxRequestBodyBytes" href="#opt-traefikhttpmiddlewaresMiddleware03bufferingmaxRequestBodyBytes" title="#opt-traefikhttpmiddlewaresMiddleware03bufferingmaxRequestBodyBytes">`traefik/http/middlewares/Middleware03/buffering/maxRequestBodyBytes`</a> | `42` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware03bufferingmaxResponseBodyBytes" href="#opt-traefikhttpmiddlewaresMiddleware03bufferingmaxResponseBodyBytes" title="#opt-traefikhttpmiddlewaresMiddleware03bufferingmaxResponseBodyBytes">`traefik/http/middlewares/Middleware03/buffering/maxResponseBodyBytes`</a> | `42` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware03bufferingmemRequestBodyBytes" href="#opt-traefikhttpmiddlewaresMiddleware03bufferingmemRequestBodyBytes" title="#opt-traefikhttpmiddlewaresMiddleware03bufferingmemRequestBodyBytes">`traefik/http/middlewares/Middleware03/buffering/memRequestBodyBytes`</a> | `42` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware03bufferingmemResponseBodyBytes" href="#opt-traefikhttpmiddlewaresMiddleware03bufferingmemResponseBodyBytes" title="#opt-traefikhttpmiddlewaresMiddleware03bufferingmemResponseBodyBytes">`traefik/http/middlewares/Middleware03/buffering/memResponseBodyBytes`</a> | `42` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware03bufferingretryExpression" href="#opt-traefikhttpmiddlewaresMiddleware03bufferingretryExpression" title="#opt-traefikhttpmiddlewaresMiddleware03bufferingretryExpression">`traefik/http/middlewares/Middleware03/buffering/retryExpression`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware04chainmiddlewares0" href="#opt-traefikhttpmiddlewaresMiddleware04chainmiddlewares0" title="#opt-traefikhttpmiddlewaresMiddleware04chainmiddlewares0">`traefik/http/middlewares/Middleware04/chain/middlewares/0`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware04chainmiddlewares1" href="#opt-traefikhttpmiddlewaresMiddleware04chainmiddlewares1" title="#opt-traefikhttpmiddlewaresMiddleware04chainmiddlewares1">`traefik/http/middlewares/Middleware04/chain/middlewares/1`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware05circuitBreakercheckPeriod" href="#opt-traefikhttpmiddlewaresMiddleware05circuitBreakercheckPeriod" title="#opt-traefikhttpmiddlewaresMiddleware05circuitBreakercheckPeriod">`traefik/http/middlewares/Middleware05/circuitBreaker/checkPeriod`</a> | `42s` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware05circuitBreakerexpression" href="#opt-traefikhttpmiddlewaresMiddleware05circuitBreakerexpression" title="#opt-traefikhttpmiddlewaresMiddleware05circuitBreakerexpression">`traefik/http/middlewares/Middleware05/circuitBreaker/expression`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware05circuitBreakerfallbackDuration" href="#opt-traefikhttpmiddlewaresMiddleware05circuitBreakerfallbackDuration" title="#opt-traefikhttpmiddlewaresMiddleware05circuitBreakerfallbackDuration">`traefik/http/middlewares/Middleware05/circuitBreaker/fallbackDuration`</a> | `42s` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware05circuitBreakerrecoveryDuration" href="#opt-traefikhttpmiddlewaresMiddleware05circuitBreakerrecoveryDuration" title="#opt-traefikhttpmiddlewaresMiddleware05circuitBreakerrecoveryDuration">`traefik/http/middlewares/Middleware05/circuitBreaker/recoveryDuration`</a> | `42s` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware05circuitBreakerresponseCode" href="#opt-traefikhttpmiddlewaresMiddleware05circuitBreakerresponseCode" title="#opt-traefikhttpmiddlewaresMiddleware05circuitBreakerresponseCode">`traefik/http/middlewares/Middleware05/circuitBreaker/responseCode`</a> | `42` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware06compressdefaultEncoding" href="#opt-traefikhttpmiddlewaresMiddleware06compressdefaultEncoding" title="#opt-traefikhttpmiddlewaresMiddleware06compressdefaultEncoding">`traefik/http/middlewares/Middleware06/compress/defaultEncoding`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware06compressencodings0" href="#opt-traefikhttpmiddlewaresMiddleware06compressencodings0" title="#opt-traefikhttpmiddlewaresMiddleware06compressencodings0">`traefik/http/middlewares/Middleware06/compress/encodings/0`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware06compressencodings1" href="#opt-traefikhttpmiddlewaresMiddleware06compressencodings1" title="#opt-traefikhttpmiddlewaresMiddleware06compressencodings1">`traefik/http/middlewares/Middleware06/compress/encodings/1`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware06compressexcludedContentTypes0" href="#opt-traefikhttpmiddlewaresMiddleware06compressexcludedContentTypes0" title="#opt-traefikhttpmiddlewaresMiddleware06compressexcludedContentTypes0">`traefik/http/middlewares/Middleware06/compress/excludedContentTypes/0`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware06compressexcludedContentTypes1" href="#opt-traefikhttpmiddlewaresMiddleware06compressexcludedContentTypes1" title="#opt-traefikhttpmiddlewaresMiddleware06compressexcludedContentTypes1">`traefik/http/middlewares/Middleware06/compress/excludedContentTypes/1`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware06compressincludedContentTypes0" href="#opt-traefikhttpmiddlewaresMiddleware06compressincludedContentTypes0" title="#opt-traefikhttpmiddlewaresMiddleware06compressincludedContentTypes0">`traefik/http/middlewares/Middleware06/compress/includedContentTypes/0`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware06compressincludedContentTypes1" href="#opt-traefikhttpmiddlewaresMiddleware06compressincludedContentTypes1" title="#opt-traefikhttpmiddlewaresMiddleware06compressincludedContentTypes1">`traefik/http/middlewares/Middleware06/compress/includedContentTypes/1`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware06compressminResponseBodyBytes" href="#opt-traefikhttpmiddlewaresMiddleware06compressminResponseBodyBytes" title="#opt-traefikhttpmiddlewaresMiddleware06compressminResponseBodyBytes">`traefik/http/middlewares/Middleware06/compress/minResponseBodyBytes`</a> | `42` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware07contentTypeautoDetect" href="#opt-traefikhttpmiddlewaresMiddleware07contentTypeautoDetect" title="#opt-traefikhttpmiddlewaresMiddleware07contentTypeautoDetect">`traefik/http/middlewares/Middleware07/contentType/autoDetect`</a> | `true` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware08digestAuthheaderField" href="#opt-traefikhttpmiddlewaresMiddleware08digestAuthheaderField" title="#opt-traefikhttpmiddlewaresMiddleware08digestAuthheaderField">`traefik/http/middlewares/Middleware08/digestAuth/headerField`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware08digestAuthrealm" href="#opt-traefikhttpmiddlewaresMiddleware08digestAuthrealm" title="#opt-traefikhttpmiddlewaresMiddleware08digestAuthrealm">`traefik/http/middlewares/Middleware08/digestAuth/realm`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware08digestAuthremoveHeader" href="#opt-traefikhttpmiddlewaresMiddleware08digestAuthremoveHeader" title="#opt-traefikhttpmiddlewaresMiddleware08digestAuthremoveHeader">`traefik/http/middlewares/Middleware08/digestAuth/removeHeader`</a> | `true` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware08digestAuthusers0" href="#opt-traefikhttpmiddlewaresMiddleware08digestAuthusers0" title="#opt-traefikhttpmiddlewaresMiddleware08digestAuthusers0">`traefik/http/middlewares/Middleware08/digestAuth/users/0`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware08digestAuthusers1" href="#opt-traefikhttpmiddlewaresMiddleware08digestAuthusers1" title="#opt-traefikhttpmiddlewaresMiddleware08digestAuthusers1">`traefik/http/middlewares/Middleware08/digestAuth/users/1`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware08digestAuthusersFile" href="#opt-traefikhttpmiddlewaresMiddleware08digestAuthusersFile" title="#opt-traefikhttpmiddlewaresMiddleware08digestAuthusersFile">`traefik/http/middlewares/Middleware08/digestAuth/usersFile`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware09errorsquery" href="#opt-traefikhttpmiddlewaresMiddleware09errorsquery" title="#opt-traefikhttpmiddlewaresMiddleware09errorsquery">`traefik/http/middlewares/Middleware09/errors/query`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware09errorsservice" href="#opt-traefikhttpmiddlewaresMiddleware09errorsservice" title="#opt-traefikhttpmiddlewaresMiddleware09errorsservice">`traefik/http/middlewares/Middleware09/errors/service`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware09errorsstatus0" href="#opt-traefikhttpmiddlewaresMiddleware09errorsstatus0" title="#opt-traefikhttpmiddlewaresMiddleware09errorsstatus0">`traefik/http/middlewares/Middleware09/errors/status/0`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware09errorsstatus1" href="#opt-traefikhttpmiddlewaresMiddleware09errorsstatus1" title="#opt-traefikhttpmiddlewaresMiddleware09errorsstatus1">`traefik/http/middlewares/Middleware09/errors/status/1`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware09errorsstatusRewritesname0" href="#opt-traefikhttpmiddlewaresMiddleware09errorsstatusRewritesname0" title="#opt-traefikhttpmiddlewaresMiddleware09errorsstatusRewritesname0">`traefik/http/middlewares/Middleware09/errors/statusRewrites/name0`</a> | `42` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware09errorsstatusRewritesname1" href="#opt-traefikhttpmiddlewaresMiddleware09errorsstatusRewritesname1" title="#opt-traefikhttpmiddlewaresMiddleware09errorsstatusRewritesname1">`traefik/http/middlewares/Middleware09/errors/statusRewrites/name1`</a> | `42` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware10forwardAuthaddAuthCookiesToResponse0" href="#opt-traefikhttpmiddlewaresMiddleware10forwardAuthaddAuthCookiesToResponse0" title="#opt-traefikhttpmiddlewaresMiddleware10forwardAuthaddAuthCookiesToResponse0">`traefik/http/middlewares/Middleware10/forwardAuth/addAuthCookiesToResponse/0`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware10forwardAuthaddAuthCookiesToResponse1" href="#opt-traefikhttpmiddlewaresMiddleware10forwardAuthaddAuthCookiesToResponse1" title="#opt-traefikhttpmiddlewaresMiddleware10forwardAuthaddAuthCookiesToResponse1">`traefik/http/middlewares/Middleware10/forwardAuth/addAuthCookiesToResponse/1`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware10forwardAuthaddress" href="#opt-traefikhttpmiddlewaresMiddleware10forwardAuthaddress" title="#opt-traefikhttpmiddlewaresMiddleware10forwardAuthaddress">`traefik/http/middlewares/Middleware10/forwardAuth/address`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware10forwardAuthauthRequestHeaders0" href="#opt-traefikhttpmiddlewaresMiddleware10forwardAuthauthRequestHeaders0" title="#opt-traefikhttpmiddlewaresMiddleware10forwardAuthauthRequestHeaders0">`traefik/http/middlewares/Middleware10/forwardAuth/authRequestHeaders/0`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware10forwardAuthauthRequestHeaders1" href="#opt-traefikhttpmiddlewaresMiddleware10forwardAuthauthRequestHeaders1" title="#opt-traefikhttpmiddlewaresMiddleware10forwardAuthauthRequestHeaders1">`traefik/http/middlewares/Middleware10/forwardAuth/authRequestHeaders/1`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware10forwardAuthauthResponseHeaders0" href="#opt-traefikhttpmiddlewaresMiddleware10forwardAuthauthResponseHeaders0" title="#opt-traefikhttpmiddlewaresMiddleware10forwardAuthauthResponseHeaders0">`traefik/http/middlewares/Middleware10/forwardAuth/authResponseHeaders/0`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware10forwardAuthauthResponseHeaders1" href="#opt-traefikhttpmiddlewaresMiddleware10forwardAuthauthResponseHeaders1" title="#opt-traefikhttpmiddlewaresMiddleware10forwardAuthauthResponseHeaders1">`traefik/http/middlewares/Middleware10/forwardAuth/authResponseHeaders/1`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware10forwardAuthauthResponseHeadersRegex" href="#opt-traefikhttpmiddlewaresMiddleware10forwardAuthauthResponseHeadersRegex" title="#opt-traefikhttpmiddlewaresMiddleware10forwardAuthauthResponseHeadersRegex">`traefik/http/middlewares/Middleware10/forwardAuth/authResponseHeadersRegex`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware10forwardAuthforwardBody" href="#opt-traefikhttpmiddlewaresMiddleware10forwardAuthforwardBody" title="#opt-traefikhttpmiddlewaresMiddleware10forwardAuthforwardBody">`traefik/http/middlewares/Middleware10/forwardAuth/forwardBody`</a> | `true` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware10forwardAuthheaderField" href="#opt-traefikhttpmiddlewaresMiddleware10forwardAuthheaderField" title="#opt-traefikhttpmiddlewaresMiddleware10forwardAuthheaderField">`traefik/http/middlewares/Middleware10/forwardAuth/headerField`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware10forwardAuthmaxBodySize" href="#opt-traefikhttpmiddlewaresMiddleware10forwardAuthmaxBodySize" title="#opt-traefikhttpmiddlewaresMiddleware10forwardAuthmaxBodySize">`traefik/http/middlewares/Middleware10/forwardAuth/maxBodySize`</a> | `42` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware10forwardAuthpreserveLocationHeader" href="#opt-traefikhttpmiddlewaresMiddleware10forwardAuthpreserveLocationHeader" title="#opt-traefikhttpmiddlewaresMiddleware10forwardAuthpreserveLocationHeader">`traefik/http/middlewares/Middleware10/forwardAuth/preserveLocationHeader`</a> | `true` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware10forwardAuthpreserveRequestMethod" href="#opt-traefikhttpmiddlewaresMiddleware10forwardAuthpreserveRequestMethod" title="#opt-traefikhttpmiddlewaresMiddleware10forwardAuthpreserveRequestMethod">`traefik/http/middlewares/Middleware10/forwardAuth/preserveRequestMethod`</a> | `true` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware10forwardAuthtlsca" href="#opt-traefikhttpmiddlewaresMiddleware10forwardAuthtlsca" title="#opt-traefikhttpmiddlewaresMiddleware10forwardAuthtlsca">`traefik/http/middlewares/Middleware10/forwardAuth/tls/ca`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware10forwardAuthtlscaOptional" href="#opt-traefikhttpmiddlewaresMiddleware10forwardAuthtlscaOptional" title="#opt-traefikhttpmiddlewaresMiddleware10forwardAuthtlscaOptional">`traefik/http/middlewares/Middleware10/forwardAuth/tls/caOptional`</a> | `true` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware10forwardAuthtlscert" href="#opt-traefikhttpmiddlewaresMiddleware10forwardAuthtlscert" title="#opt-traefikhttpmiddlewaresMiddleware10forwardAuthtlscert">`traefik/http/middlewares/Middleware10/forwardAuth/tls/cert`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware10forwardAuthtlsinsecureSkipVerify" href="#opt-traefikhttpmiddlewaresMiddleware10forwardAuthtlsinsecureSkipVerify" title="#opt-traefikhttpmiddlewaresMiddleware10forwardAuthtlsinsecureSkipVerify">`traefik/http/middlewares/Middleware10/forwardAuth/tls/insecureSkipVerify`</a> | `true` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware10forwardAuthtlskey" href="#opt-traefikhttpmiddlewaresMiddleware10forwardAuthtlskey" title="#opt-traefikhttpmiddlewaresMiddleware10forwardAuthtlskey">`traefik/http/middlewares/Middleware10/forwardAuth/tls/key`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware10forwardAuthtrustForwardHeader" href="#opt-traefikhttpmiddlewaresMiddleware10forwardAuthtrustForwardHeader" title="#opt-traefikhttpmiddlewaresMiddleware10forwardAuthtrustForwardHeader">`traefik/http/middlewares/Middleware10/forwardAuth/trustForwardHeader`</a> | `true` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware11grpcWeballowOrigins0" href="#opt-traefikhttpmiddlewaresMiddleware11grpcWeballowOrigins0" title="#opt-traefikhttpmiddlewaresMiddleware11grpcWeballowOrigins0">`traefik/http/middlewares/Middleware11/grpcWeb/allowOrigins/0`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware11grpcWeballowOrigins1" href="#opt-traefikhttpmiddlewaresMiddleware11grpcWeballowOrigins1" title="#opt-traefikhttpmiddlewaresMiddleware11grpcWeballowOrigins1">`traefik/http/middlewares/Middleware11/grpcWeb/allowOrigins/1`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware12headersaccessControlAllowCredentials" href="#opt-traefikhttpmiddlewaresMiddleware12headersaccessControlAllowCredentials" title="#opt-traefikhttpmiddlewaresMiddleware12headersaccessControlAllowCredentials">`traefik/http/middlewares/Middleware12/headers/accessControlAllowCredentials`</a> | `true` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware12headersaccessControlAllowHeaders0" href="#opt-traefikhttpmiddlewaresMiddleware12headersaccessControlAllowHeaders0" title="#opt-traefikhttpmiddlewaresMiddleware12headersaccessControlAllowHeaders0">`traefik/http/middlewares/Middleware12/headers/accessControlAllowHeaders/0`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware12headersaccessControlAllowHeaders1" href="#opt-traefikhttpmiddlewaresMiddleware12headersaccessControlAllowHeaders1" title="#opt-traefikhttpmiddlewaresMiddleware12headersaccessControlAllowHeaders1">`traefik/http/middlewares/Middleware12/headers/accessControlAllowHeaders/1`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware12headersaccessControlAllowMethods0" href="#opt-traefikhttpmiddlewaresMiddleware12headersaccessControlAllowMethods0" title="#opt-traefikhttpmiddlewaresMiddleware12headersaccessControlAllowMethods0">`traefik/http/middlewares/Middleware12/headers/accessControlAllowMethods/0`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware12headersaccessControlAllowMethods1" href="#opt-traefikhttpmiddlewaresMiddleware12headersaccessControlAllowMethods1" title="#opt-traefikhttpmiddlewaresMiddleware12headersaccessControlAllowMethods1">`traefik/http/middlewares/Middleware12/headers/accessControlAllowMethods/1`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware12headersaccessControlAllowOriginList0" href="#opt-traefikhttpmiddlewaresMiddleware12headersaccessControlAllowOriginList0" title="#opt-traefikhttpmiddlewaresMiddleware12headersaccessControlAllowOriginList0">`traefik/http/middlewares/Middleware12/headers/accessControlAllowOriginList/0`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware12headersaccessControlAllowOriginList1" href="#opt-traefikhttpmiddlewaresMiddleware12headersaccessControlAllowOriginList1" title="#opt-traefikhttpmiddlewaresMiddleware12headersaccessControlAllowOriginList1">`traefik/http/middlewares/Middleware12/headers/accessControlAllowOriginList/1`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware12headersaccessControlAllowOriginListRegex0" href="#opt-traefikhttpmiddlewaresMiddleware12headersaccessControlAllowOriginListRegex0" title="#opt-traefikhttpmiddlewaresMiddleware12headersaccessControlAllowOriginListRegex0">`traefik/http/middlewares/Middleware12/headers/accessControlAllowOriginListRegex/0`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware12headersaccessControlAllowOriginListRegex1" href="#opt-traefikhttpmiddlewaresMiddleware12headersaccessControlAllowOriginListRegex1" title="#opt-traefikhttpmiddlewaresMiddleware12headersaccessControlAllowOriginListRegex1">`traefik/http/middlewares/Middleware12/headers/accessControlAllowOriginListRegex/1`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware12headersaccessControlExposeHeaders0" href="#opt-traefikhttpmiddlewaresMiddleware12headersaccessControlExposeHeaders0" title="#opt-traefikhttpmiddlewaresMiddleware12headersaccessControlExposeHeaders0">`traefik/http/middlewares/Middleware12/headers/accessControlExposeHeaders/0`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware12headersaccessControlExposeHeaders1" href="#opt-traefikhttpmiddlewaresMiddleware12headersaccessControlExposeHeaders1" title="#opt-traefikhttpmiddlewaresMiddleware12headersaccessControlExposeHeaders1">`traefik/http/middlewares/Middleware12/headers/accessControlExposeHeaders/1`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware12headersaccessControlMaxAge" href="#opt-traefikhttpmiddlewaresMiddleware12headersaccessControlMaxAge" title="#opt-traefikhttpmiddlewaresMiddleware12headersaccessControlMaxAge">`traefik/http/middlewares/Middleware12/headers/accessControlMaxAge`</a> | `42` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware12headersaddVaryHeader" href="#opt-traefikhttpmiddlewaresMiddleware12headersaddVaryHeader" title="#opt-traefikhttpmiddlewaresMiddleware12headersaddVaryHeader">`traefik/http/middlewares/Middleware12/headers/addVaryHeader`</a> | `true` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware12headersallowedHosts0" href="#opt-traefikhttpmiddlewaresMiddleware12headersallowedHosts0" title="#opt-traefikhttpmiddlewaresMiddleware12headersallowedHosts0">`traefik/http/middlewares/Middleware12/headers/allowedHosts/0`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware12headersallowedHosts1" href="#opt-traefikhttpmiddlewaresMiddleware12headersallowedHosts1" title="#opt-traefikhttpmiddlewaresMiddleware12headersallowedHosts1">`traefik/http/middlewares/Middleware12/headers/allowedHosts/1`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware12headersbrowserXssFilter" href="#opt-traefikhttpmiddlewaresMiddleware12headersbrowserXssFilter" title="#opt-traefikhttpmiddlewaresMiddleware12headersbrowserXssFilter">`traefik/http/middlewares/Middleware12/headers/browserXssFilter`</a> | `true` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware12headerscontentSecurityPolicy" href="#opt-traefikhttpmiddlewaresMiddleware12headerscontentSecurityPolicy" title="#opt-traefikhttpmiddlewaresMiddleware12headerscontentSecurityPolicy">`traefik/http/middlewares/Middleware12/headers/contentSecurityPolicy`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware12headerscontentSecurityPolicyReportOnly" href="#opt-traefikhttpmiddlewaresMiddleware12headerscontentSecurityPolicyReportOnly" title="#opt-traefikhttpmiddlewaresMiddleware12headerscontentSecurityPolicyReportOnly">`traefik/http/middlewares/Middleware12/headers/contentSecurityPolicyReportOnly`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware12headerscontentTypeNosniff" href="#opt-traefikhttpmiddlewaresMiddleware12headerscontentTypeNosniff" title="#opt-traefikhttpmiddlewaresMiddleware12headerscontentTypeNosniff">`traefik/http/middlewares/Middleware12/headers/contentTypeNosniff`</a> | `true` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware12headerscustomBrowserXSSValue" href="#opt-traefikhttpmiddlewaresMiddleware12headerscustomBrowserXSSValue" title="#opt-traefikhttpmiddlewaresMiddleware12headerscustomBrowserXSSValue">`traefik/http/middlewares/Middleware12/headers/customBrowserXSSValue`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware12headerscustomFrameOptionsValue" href="#opt-traefikhttpmiddlewaresMiddleware12headerscustomFrameOptionsValue" title="#opt-traefikhttpmiddlewaresMiddleware12headerscustomFrameOptionsValue">`traefik/http/middlewares/Middleware12/headers/customFrameOptionsValue`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware12headerscustomRequestHeadersname0" href="#opt-traefikhttpmiddlewaresMiddleware12headerscustomRequestHeadersname0" title="#opt-traefikhttpmiddlewaresMiddleware12headerscustomRequestHeadersname0">`traefik/http/middlewares/Middleware12/headers/customRequestHeaders/name0`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware12headerscustomRequestHeadersname1" href="#opt-traefikhttpmiddlewaresMiddleware12headerscustomRequestHeadersname1" title="#opt-traefikhttpmiddlewaresMiddleware12headerscustomRequestHeadersname1">`traefik/http/middlewares/Middleware12/headers/customRequestHeaders/name1`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware12headerscustomResponseHeadersname0" href="#opt-traefikhttpmiddlewaresMiddleware12headerscustomResponseHeadersname0" title="#opt-traefikhttpmiddlewaresMiddleware12headerscustomResponseHeadersname0">`traefik/http/middlewares/Middleware12/headers/customResponseHeaders/name0`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware12headerscustomResponseHeadersname1" href="#opt-traefikhttpmiddlewaresMiddleware12headerscustomResponseHeadersname1" title="#opt-traefikhttpmiddlewaresMiddleware12headerscustomResponseHeadersname1">`traefik/http/middlewares/Middleware12/headers/customResponseHeaders/name1`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware12headersfeaturePolicy" href="#opt-traefikhttpmiddlewaresMiddleware12headersfeaturePolicy" title="#opt-traefikhttpmiddlewaresMiddleware12headersfeaturePolicy">`traefik/http/middlewares/Middleware12/headers/featurePolicy`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware12headersforceSTSHeader" href="#opt-traefikhttpmiddlewaresMiddleware12headersforceSTSHeader" title="#opt-traefikhttpmiddlewaresMiddleware12headersforceSTSHeader">`traefik/http/middlewares/Middleware12/headers/forceSTSHeader`</a> | `true` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware12headersframeDeny" href="#opt-traefikhttpmiddlewaresMiddleware12headersframeDeny" title="#opt-traefikhttpmiddlewaresMiddleware12headersframeDeny">`traefik/http/middlewares/Middleware12/headers/frameDeny`</a> | `true` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware12headershostsProxyHeaders0" href="#opt-traefikhttpmiddlewaresMiddleware12headershostsProxyHeaders0" title="#opt-traefikhttpmiddlewaresMiddleware12headershostsProxyHeaders0">`traefik/http/middlewares/Middleware12/headers/hostsProxyHeaders/0`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware12headershostsProxyHeaders1" href="#opt-traefikhttpmiddlewaresMiddleware12headershostsProxyHeaders1" title="#opt-traefikhttpmiddlewaresMiddleware12headershostsProxyHeaders1">`traefik/http/middlewares/Middleware12/headers/hostsProxyHeaders/1`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware12headersisDevelopment" href="#opt-traefikhttpmiddlewaresMiddleware12headersisDevelopment" title="#opt-traefikhttpmiddlewaresMiddleware12headersisDevelopment">`traefik/http/middlewares/Middleware12/headers/isDevelopment`</a> | `true` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware12headerspermissionsPolicy" href="#opt-traefikhttpmiddlewaresMiddleware12headerspermissionsPolicy" title="#opt-traefikhttpmiddlewaresMiddleware12headerspermissionsPolicy">`traefik/http/middlewares/Middleware12/headers/permissionsPolicy`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware12headerspublicKey" href="#opt-traefikhttpmiddlewaresMiddleware12headerspublicKey" title="#opt-traefikhttpmiddlewaresMiddleware12headerspublicKey">`traefik/http/middlewares/Middleware12/headers/publicKey`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware12headersreferrerPolicy" href="#opt-traefikhttpmiddlewaresMiddleware12headersreferrerPolicy" title="#opt-traefikhttpmiddlewaresMiddleware12headersreferrerPolicy">`traefik/http/middlewares/Middleware12/headers/referrerPolicy`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware12headerssslForceHost" href="#opt-traefikhttpmiddlewaresMiddleware12headerssslForceHost" title="#opt-traefikhttpmiddlewaresMiddleware12headerssslForceHost">`traefik/http/middlewares/Middleware12/headers/sslForceHost`</a> | `true` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware12headerssslHost" href="#opt-traefikhttpmiddlewaresMiddleware12headerssslHost" title="#opt-traefikhttpmiddlewaresMiddleware12headerssslHost">`traefik/http/middlewares/Middleware12/headers/sslHost`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware12headerssslProxyHeadersname0" href="#opt-traefikhttpmiddlewaresMiddleware12headerssslProxyHeadersname0" title="#opt-traefikhttpmiddlewaresMiddleware12headerssslProxyHeadersname0">`traefik/http/middlewares/Middleware12/headers/sslProxyHeaders/name0`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware12headerssslProxyHeadersname1" href="#opt-traefikhttpmiddlewaresMiddleware12headerssslProxyHeadersname1" title="#opt-traefikhttpmiddlewaresMiddleware12headerssslProxyHeadersname1">`traefik/http/middlewares/Middleware12/headers/sslProxyHeaders/name1`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware12headerssslRedirect" href="#opt-traefikhttpmiddlewaresMiddleware12headerssslRedirect" title="#opt-traefikhttpmiddlewaresMiddleware12headerssslRedirect">`traefik/http/middlewares/Middleware12/headers/sslRedirect`</a> | `true` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware12headerssslTemporaryRedirect" href="#opt-traefikhttpmiddlewaresMiddleware12headerssslTemporaryRedirect" title="#opt-traefikhttpmiddlewaresMiddleware12headerssslTemporaryRedirect">`traefik/http/middlewares/Middleware12/headers/sslTemporaryRedirect`</a> | `true` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware12headersstsIncludeSubdomains" href="#opt-traefikhttpmiddlewaresMiddleware12headersstsIncludeSubdomains" title="#opt-traefikhttpmiddlewaresMiddleware12headersstsIncludeSubdomains">`traefik/http/middlewares/Middleware12/headers/stsIncludeSubdomains`</a> | `true` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware12headersstsPreload" href="#opt-traefikhttpmiddlewaresMiddleware12headersstsPreload" title="#opt-traefikhttpmiddlewaresMiddleware12headersstsPreload">`traefik/http/middlewares/Middleware12/headers/stsPreload`</a> | `true` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware12headersstsSeconds" href="#opt-traefikhttpmiddlewaresMiddleware12headersstsSeconds" title="#opt-traefikhttpmiddlewaresMiddleware12headersstsSeconds">`traefik/http/middlewares/Middleware12/headers/stsSeconds`</a> | `42` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware13ipAllowListipStrategydepth" href="#opt-traefikhttpmiddlewaresMiddleware13ipAllowListipStrategydepth" title="#opt-traefikhttpmiddlewaresMiddleware13ipAllowListipStrategydepth">`traefik/http/middlewares/Middleware13/ipAllowList/ipStrategy/depth`</a> | `42` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware13ipAllowListipStrategyexcludedIPs0" href="#opt-traefikhttpmiddlewaresMiddleware13ipAllowListipStrategyexcludedIPs0" title="#opt-traefikhttpmiddlewaresMiddleware13ipAllowListipStrategyexcludedIPs0">`traefik/http/middlewares/Middleware13/ipAllowList/ipStrategy/excludedIPs/0`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware13ipAllowListipStrategyexcludedIPs1" href="#opt-traefikhttpmiddlewaresMiddleware13ipAllowListipStrategyexcludedIPs1" title="#opt-traefikhttpmiddlewaresMiddleware13ipAllowListipStrategyexcludedIPs1">`traefik/http/middlewares/Middleware13/ipAllowList/ipStrategy/excludedIPs/1`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware13ipAllowListipStrategyipv6Subnet" href="#opt-traefikhttpmiddlewaresMiddleware13ipAllowListipStrategyipv6Subnet" title="#opt-traefikhttpmiddlewaresMiddleware13ipAllowListipStrategyipv6Subnet">`traefik/http/middlewares/Middleware13/ipAllowList/ipStrategy/ipv6Subnet`</a> | `42` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware13ipAllowListrejectStatusCode" href="#opt-traefikhttpmiddlewaresMiddleware13ipAllowListrejectStatusCode" title="#opt-traefikhttpmiddlewaresMiddleware13ipAllowListrejectStatusCode">`traefik/http/middlewares/Middleware13/ipAllowList/rejectStatusCode`</a> | `42` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware13ipAllowListsourceRange0" href="#opt-traefikhttpmiddlewaresMiddleware13ipAllowListsourceRange0" title="#opt-traefikhttpmiddlewaresMiddleware13ipAllowListsourceRange0">`traefik/http/middlewares/Middleware13/ipAllowList/sourceRange/0`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware13ipAllowListsourceRange1" href="#opt-traefikhttpmiddlewaresMiddleware13ipAllowListsourceRange1" title="#opt-traefikhttpmiddlewaresMiddleware13ipAllowListsourceRange1">`traefik/http/middlewares/Middleware13/ipAllowList/sourceRange/1`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware14ipWhiteListipStrategydepth" href="#opt-traefikhttpmiddlewaresMiddleware14ipWhiteListipStrategydepth" title="#opt-traefikhttpmiddlewaresMiddleware14ipWhiteListipStrategydepth">`traefik/http/middlewares/Middleware14/ipWhiteList/ipStrategy/depth`</a> | `42` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware14ipWhiteListipStrategyexcludedIPs0" href="#opt-traefikhttpmiddlewaresMiddleware14ipWhiteListipStrategyexcludedIPs0" title="#opt-traefikhttpmiddlewaresMiddleware14ipWhiteListipStrategyexcludedIPs0">`traefik/http/middlewares/Middleware14/ipWhiteList/ipStrategy/excludedIPs/0`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware14ipWhiteListipStrategyexcludedIPs1" href="#opt-traefikhttpmiddlewaresMiddleware14ipWhiteListipStrategyexcludedIPs1" title="#opt-traefikhttpmiddlewaresMiddleware14ipWhiteListipStrategyexcludedIPs1">`traefik/http/middlewares/Middleware14/ipWhiteList/ipStrategy/excludedIPs/1`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware14ipWhiteListipStrategyipv6Subnet" href="#opt-traefikhttpmiddlewaresMiddleware14ipWhiteListipStrategyipv6Subnet" title="#opt-traefikhttpmiddlewaresMiddleware14ipWhiteListipStrategyipv6Subnet">`traefik/http/middlewares/Middleware14/ipWhiteList/ipStrategy/ipv6Subnet`</a> | `42` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware14ipWhiteListsourceRange0" href="#opt-traefikhttpmiddlewaresMiddleware14ipWhiteListsourceRange0" title="#opt-traefikhttpmiddlewaresMiddleware14ipWhiteListsourceRange0">`traefik/http/middlewares/Middleware14/ipWhiteList/sourceRange/0`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware14ipWhiteListsourceRange1" href="#opt-traefikhttpmiddlewaresMiddleware14ipWhiteListsourceRange1" title="#opt-traefikhttpmiddlewaresMiddleware14ipWhiteListsourceRange1">`traefik/http/middlewares/Middleware14/ipWhiteList/sourceRange/1`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware15inFlightReqamount" href="#opt-traefikhttpmiddlewaresMiddleware15inFlightReqamount" title="#opt-traefikhttpmiddlewaresMiddleware15inFlightReqamount">`traefik/http/middlewares/Middleware15/inFlightReq/amount`</a> | `42` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware15inFlightReqsourceCriterionipStrategydepth" href="#opt-traefikhttpmiddlewaresMiddleware15inFlightReqsourceCriterionipStrategydepth" title="#opt-traefikhttpmiddlewaresMiddleware15inFlightReqsourceCriterionipStrategydepth">`traefik/http/middlewares/Middleware15/inFlightReq/sourceCriterion/ipStrategy/depth`</a> | `42` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware15inFlightReqsourceCriterionipStrategyexcludedIPs0" href="#opt-traefikhttpmiddlewaresMiddleware15inFlightReqsourceCriterionipStrategyexcludedIPs0" title="#opt-traefikhttpmiddlewaresMiddleware15inFlightReqsourceCriterionipStrategyexcludedIPs0">`traefik/http/middlewares/Middleware15/inFlightReq/sourceCriterion/ipStrategy/excludedIPs/0`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware15inFlightReqsourceCriterionipStrategyexcludedIPs1" href="#opt-traefikhttpmiddlewaresMiddleware15inFlightReqsourceCriterionipStrategyexcludedIPs1" title="#opt-traefikhttpmiddlewaresMiddleware15inFlightReqsourceCriterionipStrategyexcludedIPs1">`traefik/http/middlewares/Middleware15/inFlightReq/sourceCriterion/ipStrategy/excludedIPs/1`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware15inFlightReqsourceCriterionipStrategyipv6Subnet" href="#opt-traefikhttpmiddlewaresMiddleware15inFlightReqsourceCriterionipStrategyipv6Subnet" title="#opt-traefikhttpmiddlewaresMiddleware15inFlightReqsourceCriterionipStrategyipv6Subnet">`traefik/http/middlewares/Middleware15/inFlightReq/sourceCriterion/ipStrategy/ipv6Subnet`</a> | `42` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware15inFlightReqsourceCriterionrequestHeaderName" href="#opt-traefikhttpmiddlewaresMiddleware15inFlightReqsourceCriterionrequestHeaderName" title="#opt-traefikhttpmiddlewaresMiddleware15inFlightReqsourceCriterionrequestHeaderName">`traefik/http/middlewares/Middleware15/inFlightReq/sourceCriterion/requestHeaderName`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware15inFlightReqsourceCriterionrequestHost" href="#opt-traefikhttpmiddlewaresMiddleware15inFlightReqsourceCriterionrequestHost" title="#opt-traefikhttpmiddlewaresMiddleware15inFlightReqsourceCriterionrequestHost">`traefik/http/middlewares/Middleware15/inFlightReq/sourceCriterion/requestHost`</a> | `true` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfoissuercommonName" href="#opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfoissuercommonName" title="#opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfoissuercommonName">`traefik/http/middlewares/Middleware16/passTLSClientCert/info/issuer/commonName`</a> | `true` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfoissuercountry" href="#opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfoissuercountry" title="#opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfoissuercountry">`traefik/http/middlewares/Middleware16/passTLSClientCert/info/issuer/country`</a> | `true` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfoissuerdomainComponent" href="#opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfoissuerdomainComponent" title="#opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfoissuerdomainComponent">`traefik/http/middlewares/Middleware16/passTLSClientCert/info/issuer/domainComponent`</a> | `true` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfoissuerlocality" href="#opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfoissuerlocality" title="#opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfoissuerlocality">`traefik/http/middlewares/Middleware16/passTLSClientCert/info/issuer/locality`</a> | `true` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfoissuerorganization" href="#opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfoissuerorganization" title="#opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfoissuerorganization">`traefik/http/middlewares/Middleware16/passTLSClientCert/info/issuer/organization`</a> | `true` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfoissuerprovince" href="#opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfoissuerprovince" title="#opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfoissuerprovince">`traefik/http/middlewares/Middleware16/passTLSClientCert/info/issuer/province`</a> | `true` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfoissuerserialNumber" href="#opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfoissuerserialNumber" title="#opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfoissuerserialNumber">`traefik/http/middlewares/Middleware16/passTLSClientCert/info/issuer/serialNumber`</a> | `true` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfonotAfter" href="#opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfonotAfter" title="#opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfonotAfter">`traefik/http/middlewares/Middleware16/passTLSClientCert/info/notAfter`</a> | `true` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfonotBefore" href="#opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfonotBefore" title="#opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfonotBefore">`traefik/http/middlewares/Middleware16/passTLSClientCert/info/notBefore`</a> | `true` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfosans" href="#opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfosans" title="#opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfosans">`traefik/http/middlewares/Middleware16/passTLSClientCert/info/sans`</a> | `true` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfoserialNumber" href="#opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfoserialNumber" title="#opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfoserialNumber">`traefik/http/middlewares/Middleware16/passTLSClientCert/info/serialNumber`</a> | `true` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfosubjectcommonName" href="#opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfosubjectcommonName" title="#opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfosubjectcommonName">`traefik/http/middlewares/Middleware16/passTLSClientCert/info/subject/commonName`</a> | `true` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfosubjectcountry" href="#opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfosubjectcountry" title="#opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfosubjectcountry">`traefik/http/middlewares/Middleware16/passTLSClientCert/info/subject/country`</a> | `true` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfosubjectdomainComponent" href="#opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfosubjectdomainComponent" title="#opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfosubjectdomainComponent">`traefik/http/middlewares/Middleware16/passTLSClientCert/info/subject/domainComponent`</a> | `true` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfosubjectlocality" href="#opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfosubjectlocality" title="#opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfosubjectlocality">`traefik/http/middlewares/Middleware16/passTLSClientCert/info/subject/locality`</a> | `true` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfosubjectorganization" href="#opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfosubjectorganization" title="#opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfosubjectorganization">`traefik/http/middlewares/Middleware16/passTLSClientCert/info/subject/organization`</a> | `true` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfosubjectorganizationalUnit" href="#opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfosubjectorganizationalUnit" title="#opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfosubjectorganizationalUnit">`traefik/http/middlewares/Middleware16/passTLSClientCert/info/subject/organizationalUnit`</a> | `true` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfosubjectprovince" href="#opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfosubjectprovince" title="#opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfosubjectprovince">`traefik/http/middlewares/Middleware16/passTLSClientCert/info/subject/province`</a> | `true` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfosubjectserialNumber" href="#opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfosubjectserialNumber" title="#opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertinfosubjectserialNumber">`traefik/http/middlewares/Middleware16/passTLSClientCert/info/subject/serialNumber`</a> | `true` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertpem" href="#opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertpem" title="#opt-traefikhttpmiddlewaresMiddleware16passTLSClientCertpem">`traefik/http/middlewares/Middleware16/passTLSClientCert/pem`</a> | `true` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware17pluginPluginConf0name0" href="#opt-traefikhttpmiddlewaresMiddleware17pluginPluginConf0name0" title="#opt-traefikhttpmiddlewaresMiddleware17pluginPluginConf0name0">`traefik/http/middlewares/Middleware17/plugin/PluginConf0/name0`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware17pluginPluginConf0name1" href="#opt-traefikhttpmiddlewaresMiddleware17pluginPluginConf0name1" title="#opt-traefikhttpmiddlewaresMiddleware17pluginPluginConf0name1">`traefik/http/middlewares/Middleware17/plugin/PluginConf0/name1`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware17pluginPluginConf1name0" href="#opt-traefikhttpmiddlewaresMiddleware17pluginPluginConf1name0" title="#opt-traefikhttpmiddlewaresMiddleware17pluginPluginConf1name0">`traefik/http/middlewares/Middleware17/plugin/PluginConf1/name0`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware17pluginPluginConf1name1" href="#opt-traefikhttpmiddlewaresMiddleware17pluginPluginConf1name1" title="#opt-traefikhttpmiddlewaresMiddleware17pluginPluginConf1name1">`traefik/http/middlewares/Middleware17/plugin/PluginConf1/name1`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware18rateLimitaverage" href="#opt-traefikhttpmiddlewaresMiddleware18rateLimitaverage" title="#opt-traefikhttpmiddlewaresMiddleware18rateLimitaverage">`traefik/http/middlewares/Middleware18/rateLimit/average`</a> | `42` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware18rateLimitburst" href="#opt-traefikhttpmiddlewaresMiddleware18rateLimitburst" title="#opt-traefikhttpmiddlewaresMiddleware18rateLimitburst">`traefik/http/middlewares/Middleware18/rateLimit/burst`</a> | `42` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware18rateLimitperiod" href="#opt-traefikhttpmiddlewaresMiddleware18rateLimitperiod" title="#opt-traefikhttpmiddlewaresMiddleware18rateLimitperiod">`traefik/http/middlewares/Middleware18/rateLimit/period`</a> | `42s` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware18rateLimitredisdb" href="#opt-traefikhttpmiddlewaresMiddleware18rateLimitredisdb" title="#opt-traefikhttpmiddlewaresMiddleware18rateLimitredisdb">`traefik/http/middlewares/Middleware18/rateLimit/redis/db`</a> | `42` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware18rateLimitredisdialTimeout" href="#opt-traefikhttpmiddlewaresMiddleware18rateLimitredisdialTimeout" title="#opt-traefikhttpmiddlewaresMiddleware18rateLimitredisdialTimeout">`traefik/http/middlewares/Middleware18/rateLimit/redis/dialTimeout`</a> | `42s` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware18rateLimitredisendpoints0" href="#opt-traefikhttpmiddlewaresMiddleware18rateLimitredisendpoints0" title="#opt-traefikhttpmiddlewaresMiddleware18rateLimitredisendpoints0">`traefik/http/middlewares/Middleware18/rateLimit/redis/endpoints/0`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware18rateLimitredisendpoints1" href="#opt-traefikhttpmiddlewaresMiddleware18rateLimitredisendpoints1" title="#opt-traefikhttpmiddlewaresMiddleware18rateLimitredisendpoints1">`traefik/http/middlewares/Middleware18/rateLimit/redis/endpoints/1`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware18rateLimitredismaxActiveConns" href="#opt-traefikhttpmiddlewaresMiddleware18rateLimitredismaxActiveConns" title="#opt-traefikhttpmiddlewaresMiddleware18rateLimitredismaxActiveConns">`traefik/http/middlewares/Middleware18/rateLimit/redis/maxActiveConns`</a> | `42` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware18rateLimitredisminIdleConns" href="#opt-traefikhttpmiddlewaresMiddleware18rateLimitredisminIdleConns" title="#opt-traefikhttpmiddlewaresMiddleware18rateLimitredisminIdleConns">`traefik/http/middlewares/Middleware18/rateLimit/redis/minIdleConns`</a> | `42` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware18rateLimitredispassword" href="#opt-traefikhttpmiddlewaresMiddleware18rateLimitredispassword" title="#opt-traefikhttpmiddlewaresMiddleware18rateLimitredispassword">`traefik/http/middlewares/Middleware18/rateLimit/redis/password`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware18rateLimitredispoolSize" href="#opt-traefikhttpmiddlewaresMiddleware18rateLimitredispoolSize" title="#opt-traefikhttpmiddlewaresMiddleware18rateLimitredispoolSize">`traefik/http/middlewares/Middleware18/rateLimit/redis/poolSize`</a> | `42` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware18rateLimitredisreadTimeout" href="#opt-traefikhttpmiddlewaresMiddleware18rateLimitredisreadTimeout" title="#opt-traefikhttpmiddlewaresMiddleware18rateLimitredisreadTimeout">`traefik/http/middlewares/Middleware18/rateLimit/redis/readTimeout`</a> | `42s` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware18rateLimitredistlsca" href="#opt-traefikhttpmiddlewaresMiddleware18rateLimitredistlsca" title="#opt-traefikhttpmiddlewaresMiddleware18rateLimitredistlsca">`traefik/http/middlewares/Middleware18/rateLimit/redis/tls/ca`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware18rateLimitredistlscert" href="#opt-traefikhttpmiddlewaresMiddleware18rateLimitredistlscert" title="#opt-traefikhttpmiddlewaresMiddleware18rateLimitredistlscert">`traefik/http/middlewares/Middleware18/rateLimit/redis/tls/cert`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware18rateLimitredistlsinsecureSkipVerify" href="#opt-traefikhttpmiddlewaresMiddleware18rateLimitredistlsinsecureSkipVerify" title="#opt-traefikhttpmiddlewaresMiddleware18rateLimitredistlsinsecureSkipVerify">`traefik/http/middlewares/Middleware18/rateLimit/redis/tls/insecureSkipVerify`</a> | `true` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware18rateLimitredistlskey" href="#opt-traefikhttpmiddlewaresMiddleware18rateLimitredistlskey" title="#opt-traefikhttpmiddlewaresMiddleware18rateLimitredistlskey">`traefik/http/middlewares/Middleware18/rateLimit/redis/tls/key`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware18rateLimitredisusername" href="#opt-traefikhttpmiddlewaresMiddleware18rateLimitredisusername" title="#opt-traefikhttpmiddlewaresMiddleware18rateLimitredisusername">`traefik/http/middlewares/Middleware18/rateLimit/redis/username`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware18rateLimitrediswriteTimeout" href="#opt-traefikhttpmiddlewaresMiddleware18rateLimitrediswriteTimeout" title="#opt-traefikhttpmiddlewaresMiddleware18rateLimitrediswriteTimeout">`traefik/http/middlewares/Middleware18/rateLimit/redis/writeTimeout`</a> | `42s` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware18rateLimitsourceCriterionipStrategydepth" href="#opt-traefikhttpmiddlewaresMiddleware18rateLimitsourceCriterionipStrategydepth" title="#opt-traefikhttpmiddlewaresMiddleware18rateLimitsourceCriterionipStrategydepth">`traefik/http/middlewares/Middleware18/rateLimit/sourceCriterion/ipStrategy/depth`</a> | `42` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware18rateLimitsourceCriterionipStrategyexcludedIPs0" href="#opt-traefikhttpmiddlewaresMiddleware18rateLimitsourceCriterionipStrategyexcludedIPs0" title="#opt-traefikhttpmiddlewaresMiddleware18rateLimitsourceCriterionipStrategyexcludedIPs0">`traefik/http/middlewares/Middleware18/rateLimit/sourceCriterion/ipStrategy/excludedIPs/0`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware18rateLimitsourceCriterionipStrategyexcludedIPs1" href="#opt-traefikhttpmiddlewaresMiddleware18rateLimitsourceCriterionipStrategyexcludedIPs1" title="#opt-traefikhttpmiddlewaresMiddleware18rateLimitsourceCriterionipStrategyexcludedIPs1">`traefik/http/middlewares/Middleware18/rateLimit/sourceCriterion/ipStrategy/excludedIPs/1`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware18rateLimitsourceCriterionipStrategyipv6Subnet" href="#opt-traefikhttpmiddlewaresMiddleware18rateLimitsourceCriterionipStrategyipv6Subnet" title="#opt-traefikhttpmiddlewaresMiddleware18rateLimitsourceCriterionipStrategyipv6Subnet">`traefik/http/middlewares/Middleware18/rateLimit/sourceCriterion/ipStrategy/ipv6Subnet`</a> | `42` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware18rateLimitsourceCriterionrequestHeaderName" href="#opt-traefikhttpmiddlewaresMiddleware18rateLimitsourceCriterionrequestHeaderName" title="#opt-traefikhttpmiddlewaresMiddleware18rateLimitsourceCriterionrequestHeaderName">`traefik/http/middlewares/Middleware18/rateLimit/sourceCriterion/requestHeaderName`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware18rateLimitsourceCriterionrequestHost" href="#opt-traefikhttpmiddlewaresMiddleware18rateLimitsourceCriterionrequestHost" title="#opt-traefikhttpmiddlewaresMiddleware18rateLimitsourceCriterionrequestHost">`traefik/http/middlewares/Middleware18/rateLimit/sourceCriterion/requestHost`</a> | `true` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware19redirectRegexpermanent" href="#opt-traefikhttpmiddlewaresMiddleware19redirectRegexpermanent" title="#opt-traefikhttpmiddlewaresMiddleware19redirectRegexpermanent">`traefik/http/middlewares/Middleware19/redirectRegex/permanent`</a> | `true` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware19redirectRegexregex" href="#opt-traefikhttpmiddlewaresMiddleware19redirectRegexregex" title="#opt-traefikhttpmiddlewaresMiddleware19redirectRegexregex">`traefik/http/middlewares/Middleware19/redirectRegex/regex`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware19redirectRegexreplacement" href="#opt-traefikhttpmiddlewaresMiddleware19redirectRegexreplacement" title="#opt-traefikhttpmiddlewaresMiddleware19redirectRegexreplacement">`traefik/http/middlewares/Middleware19/redirectRegex/replacement`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware20redirectSchemepermanent" href="#opt-traefikhttpmiddlewaresMiddleware20redirectSchemepermanent" title="#opt-traefikhttpmiddlewaresMiddleware20redirectSchemepermanent">`traefik/http/middlewares/Middleware20/redirectScheme/permanent`</a> | `true` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware20redirectSchemeport" href="#opt-traefikhttpmiddlewaresMiddleware20redirectSchemeport" title="#opt-traefikhttpmiddlewaresMiddleware20redirectSchemeport">`traefik/http/middlewares/Middleware20/redirectScheme/port`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware20redirectSchemescheme" href="#opt-traefikhttpmiddlewaresMiddleware20redirectSchemescheme" title="#opt-traefikhttpmiddlewaresMiddleware20redirectSchemescheme">`traefik/http/middlewares/Middleware20/redirectScheme/scheme`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware21replacePathpath" href="#opt-traefikhttpmiddlewaresMiddleware21replacePathpath" title="#opt-traefikhttpmiddlewaresMiddleware21replacePathpath">`traefik/http/middlewares/Middleware21/replacePath/path`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware22replacePathRegexregex" href="#opt-traefikhttpmiddlewaresMiddleware22replacePathRegexregex" title="#opt-traefikhttpmiddlewaresMiddleware22replacePathRegexregex">`traefik/http/middlewares/Middleware22/replacePathRegex/regex`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware22replacePathRegexreplacement" href="#opt-traefikhttpmiddlewaresMiddleware22replacePathRegexreplacement" title="#opt-traefikhttpmiddlewaresMiddleware22replacePathRegexreplacement">`traefik/http/middlewares/Middleware22/replacePathRegex/replacement`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware23retryattempts" href="#opt-traefikhttpmiddlewaresMiddleware23retryattempts" title="#opt-traefikhttpmiddlewaresMiddleware23retryattempts">`traefik/http/middlewares/Middleware23/retry/attempts`</a> | `42` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware23retryinitialInterval" href="#opt-traefikhttpmiddlewaresMiddleware23retryinitialInterval" title="#opt-traefikhttpmiddlewaresMiddleware23retryinitialInterval">`traefik/http/middlewares/Middleware23/retry/initialInterval`</a> | `42s` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware24stripPrefixforceSlash" href="#opt-traefikhttpmiddlewaresMiddleware24stripPrefixforceSlash" title="#opt-traefikhttpmiddlewaresMiddleware24stripPrefixforceSlash">`traefik/http/middlewares/Middleware24/stripPrefix/forceSlash`</a> | `true` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware24stripPrefixprefixes0" href="#opt-traefikhttpmiddlewaresMiddleware24stripPrefixprefixes0" title="#opt-traefikhttpmiddlewaresMiddleware24stripPrefixprefixes0">`traefik/http/middlewares/Middleware24/stripPrefix/prefixes/0`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware24stripPrefixprefixes1" href="#opt-traefikhttpmiddlewaresMiddleware24stripPrefixprefixes1" title="#opt-traefikhttpmiddlewaresMiddleware24stripPrefixprefixes1">`traefik/http/middlewares/Middleware24/stripPrefix/prefixes/1`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware25stripPrefixRegexregex0" href="#opt-traefikhttpmiddlewaresMiddleware25stripPrefixRegexregex0" title="#opt-traefikhttpmiddlewaresMiddleware25stripPrefixRegexregex0">`traefik/http/middlewares/Middleware25/stripPrefixRegex/regex/0`</a> | `foobar` |
+| <a id="opt-traefikhttpmiddlewaresMiddleware25stripPrefixRegexregex1" href="#opt-traefikhttpmiddlewaresMiddleware25stripPrefixRegexregex1" title="#opt-traefikhttpmiddlewaresMiddleware25stripPrefixRegexregex1">`traefik/http/middlewares/Middleware25/stripPrefixRegex/regex/1`</a> | `foobar` |
+| <a id="opt-traefikhttproutersRouter0entryPoints0" href="#opt-traefikhttproutersRouter0entryPoints0" title="#opt-traefikhttproutersRouter0entryPoints0">`traefik/http/routers/Router0/entryPoints/0`</a> | `foobar` |
+| <a id="opt-traefikhttproutersRouter0entryPoints1" href="#opt-traefikhttproutersRouter0entryPoints1" title="#opt-traefikhttproutersRouter0entryPoints1">`traefik/http/routers/Router0/entryPoints/1`</a> | `foobar` |
+| <a id="opt-traefikhttproutersRouter0middlewares0" href="#opt-traefikhttproutersRouter0middlewares0" title="#opt-traefikhttproutersRouter0middlewares0">`traefik/http/routers/Router0/middlewares/0`</a> | `foobar` |
+| <a id="opt-traefikhttproutersRouter0middlewares1" href="#opt-traefikhttproutersRouter0middlewares1" title="#opt-traefikhttproutersRouter0middlewares1">`traefik/http/routers/Router0/middlewares/1`</a> | `foobar` |
+| <a id="opt-traefikhttproutersRouter0observabilityaccessLogs" href="#opt-traefikhttproutersRouter0observabilityaccessLogs" title="#opt-traefikhttproutersRouter0observabilityaccessLogs">`traefik/http/routers/Router0/observability/accessLogs`</a> | `true` |
+| <a id="opt-traefikhttproutersRouter0observabilitymetrics" href="#opt-traefikhttproutersRouter0observabilitymetrics" title="#opt-traefikhttproutersRouter0observabilitymetrics">`traefik/http/routers/Router0/observability/metrics`</a> | `true` |
+| <a id="opt-traefikhttproutersRouter0observabilitytraceVerbosity" href="#opt-traefikhttproutersRouter0observabilitytraceVerbosity" title="#opt-traefikhttproutersRouter0observabilitytraceVerbosity">`traefik/http/routers/Router0/observability/traceVerbosity`</a> | `foobar` |
+| <a id="opt-traefikhttproutersRouter0observabilitytracing" href="#opt-traefikhttproutersRouter0observabilitytracing" title="#opt-traefikhttproutersRouter0observabilitytracing">`traefik/http/routers/Router0/observability/tracing`</a> | `true` |
+| <a id="opt-traefikhttproutersRouter0priority" href="#opt-traefikhttproutersRouter0priority" title="#opt-traefikhttproutersRouter0priority">`traefik/http/routers/Router0/priority`</a> | `42` |
+| <a id="opt-traefikhttproutersRouter0rule" href="#opt-traefikhttproutersRouter0rule" title="#opt-traefikhttproutersRouter0rule">`traefik/http/routers/Router0/rule`</a> | `foobar` |
+| <a id="opt-traefikhttproutersRouter0ruleSyntax" href="#opt-traefikhttproutersRouter0ruleSyntax" title="#opt-traefikhttproutersRouter0ruleSyntax">`traefik/http/routers/Router0/ruleSyntax`</a> | `foobar` |
+| <a id="opt-traefikhttproutersRouter0service" href="#opt-traefikhttproutersRouter0service" title="#opt-traefikhttproutersRouter0service">`traefik/http/routers/Router0/service`</a> | `foobar` |
+| <a id="opt-traefikhttproutersRouter0tlscertResolver" href="#opt-traefikhttproutersRouter0tlscertResolver" title="#opt-traefikhttproutersRouter0tlscertResolver">`traefik/http/routers/Router0/tls/certResolver`</a> | `foobar` |
+| <a id="opt-traefikhttproutersRouter0tlsdomains0main" href="#opt-traefikhttproutersRouter0tlsdomains0main" title="#opt-traefikhttproutersRouter0tlsdomains0main">`traefik/http/routers/Router0/tls/domains/0/main`</a> | `foobar` |
+| <a id="opt-traefikhttproutersRouter0tlsdomains0sans0" href="#opt-traefikhttproutersRouter0tlsdomains0sans0" title="#opt-traefikhttproutersRouter0tlsdomains0sans0">`traefik/http/routers/Router0/tls/domains/0/sans/0`</a> | `foobar` |
+| <a id="opt-traefikhttproutersRouter0tlsdomains0sans1" href="#opt-traefikhttproutersRouter0tlsdomains0sans1" title="#opt-traefikhttproutersRouter0tlsdomains0sans1">`traefik/http/routers/Router0/tls/domains/0/sans/1`</a> | `foobar` |
+| <a id="opt-traefikhttproutersRouter0tlsdomains1main" href="#opt-traefikhttproutersRouter0tlsdomains1main" title="#opt-traefikhttproutersRouter0tlsdomains1main">`traefik/http/routers/Router0/tls/domains/1/main`</a> | `foobar` |
+| <a id="opt-traefikhttproutersRouter0tlsdomains1sans0" href="#opt-traefikhttproutersRouter0tlsdomains1sans0" title="#opt-traefikhttproutersRouter0tlsdomains1sans0">`traefik/http/routers/Router0/tls/domains/1/sans/0`</a> | `foobar` |
+| <a id="opt-traefikhttproutersRouter0tlsdomains1sans1" href="#opt-traefikhttproutersRouter0tlsdomains1sans1" title="#opt-traefikhttproutersRouter0tlsdomains1sans1">`traefik/http/routers/Router0/tls/domains/1/sans/1`</a> | `foobar` |
+| <a id="opt-traefikhttproutersRouter0tlsoptions" href="#opt-traefikhttproutersRouter0tlsoptions" title="#opt-traefikhttproutersRouter0tlsoptions">`traefik/http/routers/Router0/tls/options`</a> | `foobar` |
+| <a id="opt-traefikhttproutersRouter1entryPoints0" href="#opt-traefikhttproutersRouter1entryPoints0" title="#opt-traefikhttproutersRouter1entryPoints0">`traefik/http/routers/Router1/entryPoints/0`</a> | `foobar` |
+| <a id="opt-traefikhttproutersRouter1entryPoints1" href="#opt-traefikhttproutersRouter1entryPoints1" title="#opt-traefikhttproutersRouter1entryPoints1">`traefik/http/routers/Router1/entryPoints/1`</a> | `foobar` |
+| <a id="opt-traefikhttproutersRouter1middlewares0" href="#opt-traefikhttproutersRouter1middlewares0" title="#opt-traefikhttproutersRouter1middlewares0">`traefik/http/routers/Router1/middlewares/0`</a> | `foobar` |
+| <a id="opt-traefikhttproutersRouter1middlewares1" href="#opt-traefikhttproutersRouter1middlewares1" title="#opt-traefikhttproutersRouter1middlewares1">`traefik/http/routers/Router1/middlewares/1`</a> | `foobar` |
+| <a id="opt-traefikhttproutersRouter1observabilityaccessLogs" href="#opt-traefikhttproutersRouter1observabilityaccessLogs" title="#opt-traefikhttproutersRouter1observabilityaccessLogs">`traefik/http/routers/Router1/observability/accessLogs`</a> | `true` |
+| <a id="opt-traefikhttproutersRouter1observabilitymetrics" href="#opt-traefikhttproutersRouter1observabilitymetrics" title="#opt-traefikhttproutersRouter1observabilitymetrics">`traefik/http/routers/Router1/observability/metrics`</a> | `true` |
+| <a id="opt-traefikhttproutersRouter1observabilitytraceVerbosity" href="#opt-traefikhttproutersRouter1observabilitytraceVerbosity" title="#opt-traefikhttproutersRouter1observabilitytraceVerbosity">`traefik/http/routers/Router1/observability/traceVerbosity`</a> | `foobar` |
+| <a id="opt-traefikhttproutersRouter1observabilitytracing" href="#opt-traefikhttproutersRouter1observabilitytracing" title="#opt-traefikhttproutersRouter1observabilitytracing">`traefik/http/routers/Router1/observability/tracing`</a> | `true` |
+| <a id="opt-traefikhttproutersRouter1priority" href="#opt-traefikhttproutersRouter1priority" title="#opt-traefikhttproutersRouter1priority">`traefik/http/routers/Router1/priority`</a> | `42` |
+| <a id="opt-traefikhttproutersRouter1rule" href="#opt-traefikhttproutersRouter1rule" title="#opt-traefikhttproutersRouter1rule">`traefik/http/routers/Router1/rule`</a> | `foobar` |
+| <a id="opt-traefikhttproutersRouter1ruleSyntax" href="#opt-traefikhttproutersRouter1ruleSyntax" title="#opt-traefikhttproutersRouter1ruleSyntax">`traefik/http/routers/Router1/ruleSyntax`</a> | `foobar` |
+| <a id="opt-traefikhttproutersRouter1service" href="#opt-traefikhttproutersRouter1service" title="#opt-traefikhttproutersRouter1service">`traefik/http/routers/Router1/service`</a> | `foobar` |
+| <a id="opt-traefikhttproutersRouter1tlscertResolver" href="#opt-traefikhttproutersRouter1tlscertResolver" title="#opt-traefikhttproutersRouter1tlscertResolver">`traefik/http/routers/Router1/tls/certResolver`</a> | `foobar` |
+| <a id="opt-traefikhttproutersRouter1tlsdomains0main" href="#opt-traefikhttproutersRouter1tlsdomains0main" title="#opt-traefikhttproutersRouter1tlsdomains0main">`traefik/http/routers/Router1/tls/domains/0/main`</a> | `foobar` |
+| <a id="opt-traefikhttproutersRouter1tlsdomains0sans0" href="#opt-traefikhttproutersRouter1tlsdomains0sans0" title="#opt-traefikhttproutersRouter1tlsdomains0sans0">`traefik/http/routers/Router1/tls/domains/0/sans/0`</a> | `foobar` |
+| <a id="opt-traefikhttproutersRouter1tlsdomains0sans1" href="#opt-traefikhttproutersRouter1tlsdomains0sans1" title="#opt-traefikhttproutersRouter1tlsdomains0sans1">`traefik/http/routers/Router1/tls/domains/0/sans/1`</a> | `foobar` |
+| <a id="opt-traefikhttproutersRouter1tlsdomains1main" href="#opt-traefikhttproutersRouter1tlsdomains1main" title="#opt-traefikhttproutersRouter1tlsdomains1main">`traefik/http/routers/Router1/tls/domains/1/main`</a> | `foobar` |
+| <a id="opt-traefikhttproutersRouter1tlsdomains1sans0" href="#opt-traefikhttproutersRouter1tlsdomains1sans0" title="#opt-traefikhttproutersRouter1tlsdomains1sans0">`traefik/http/routers/Router1/tls/domains/1/sans/0`</a> | `foobar` |
+| <a id="opt-traefikhttproutersRouter1tlsdomains1sans1" href="#opt-traefikhttproutersRouter1tlsdomains1sans1" title="#opt-traefikhttproutersRouter1tlsdomains1sans1">`traefik/http/routers/Router1/tls/domains/1/sans/1`</a> | `foobar` |
+| <a id="opt-traefikhttproutersRouter1tlsoptions" href="#opt-traefikhttproutersRouter1tlsoptions" title="#opt-traefikhttproutersRouter1tlsoptions">`traefik/http/routers/Router1/tls/options`</a> | `foobar` |
+| <a id="opt-traefikhttpserversTransportsServersTransport0certificates0certFile" href="#opt-traefikhttpserversTransportsServersTransport0certificates0certFile" title="#opt-traefikhttpserversTransportsServersTransport0certificates0certFile">`traefik/http/serversTransports/ServersTransport0/certificates/0/certFile`</a> | `foobar` |
+| <a id="opt-traefikhttpserversTransportsServersTransport0certificates0keyFile" href="#opt-traefikhttpserversTransportsServersTransport0certificates0keyFile" title="#opt-traefikhttpserversTransportsServersTransport0certificates0keyFile">`traefik/http/serversTransports/ServersTransport0/certificates/0/keyFile`</a> | `foobar` |
+| <a id="opt-traefikhttpserversTransportsServersTransport0certificates1certFile" href="#opt-traefikhttpserversTransportsServersTransport0certificates1certFile" title="#opt-traefikhttpserversTransportsServersTransport0certificates1certFile">`traefik/http/serversTransports/ServersTransport0/certificates/1/certFile`</a> | `foobar` |
+| <a id="opt-traefikhttpserversTransportsServersTransport0certificates1keyFile" href="#opt-traefikhttpserversTransportsServersTransport0certificates1keyFile" title="#opt-traefikhttpserversTransportsServersTransport0certificates1keyFile">`traefik/http/serversTransports/ServersTransport0/certificates/1/keyFile`</a> | `foobar` |
+| <a id="opt-traefikhttpserversTransportsServersTransport0disableHTTP2" href="#opt-traefikhttpserversTransportsServersTransport0disableHTTP2" title="#opt-traefikhttpserversTransportsServersTransport0disableHTTP2">`traefik/http/serversTransports/ServersTransport0/disableHTTP2`</a> | `true` |
+| <a id="opt-traefikhttpserversTransportsServersTransport0forwardingTimeoutsdialTimeout" href="#opt-traefikhttpserversTransportsServersTransport0forwardingTimeoutsdialTimeout" title="#opt-traefikhttpserversTransportsServersTransport0forwardingTimeoutsdialTimeout">`traefik/http/serversTransports/ServersTransport0/forwardingTimeouts/dialTimeout`</a> | `42s` |
+| <a id="opt-traefikhttpserversTransportsServersTransport0forwardingTimeoutsidleConnTimeout" href="#opt-traefikhttpserversTransportsServersTransport0forwardingTimeoutsidleConnTimeout" title="#opt-traefikhttpserversTransportsServersTransport0forwardingTimeoutsidleConnTimeout">`traefik/http/serversTransports/ServersTransport0/forwardingTimeouts/idleConnTimeout`</a> | `42s` |
+| <a id="opt-traefikhttpserversTransportsServersTransport0forwardingTimeoutspingTimeout" href="#opt-traefikhttpserversTransportsServersTransport0forwardingTimeoutspingTimeout" title="#opt-traefikhttpserversTransportsServersTransport0forwardingTimeoutspingTimeout">`traefik/http/serversTransports/ServersTransport0/forwardingTimeouts/pingTimeout`</a> | `42s` |
+| <a id="opt-traefikhttpserversTransportsServersTransport0forwardingTimeoutsreadIdleTimeout" href="#opt-traefikhttpserversTransportsServersTransport0forwardingTimeoutsreadIdleTimeout" title="#opt-traefikhttpserversTransportsServersTransport0forwardingTimeoutsreadIdleTimeout">`traefik/http/serversTransports/ServersTransport0/forwardingTimeouts/readIdleTimeout`</a> | `42s` |
+| <a id="opt-traefikhttpserversTransportsServersTransport0forwardingTimeoutsresponseHeaderTimeout" href="#opt-traefikhttpserversTransportsServersTransport0forwardingTimeoutsresponseHeaderTimeout" title="#opt-traefikhttpserversTransportsServersTransport0forwardingTimeoutsresponseHeaderTimeout">`traefik/http/serversTransports/ServersTransport0/forwardingTimeouts/responseHeaderTimeout`</a> | `42s` |
+| <a id="opt-traefikhttpserversTransportsServersTransport0insecureSkipVerify" href="#opt-traefikhttpserversTransportsServersTransport0insecureSkipVerify" title="#opt-traefikhttpserversTransportsServersTransport0insecureSkipVerify">`traefik/http/serversTransports/ServersTransport0/insecureSkipVerify`</a> | `true` |
+| <a id="opt-traefikhttpserversTransportsServersTransport0maxIdleConnsPerHost" href="#opt-traefikhttpserversTransportsServersTransport0maxIdleConnsPerHost" title="#opt-traefikhttpserversTransportsServersTransport0maxIdleConnsPerHost">`traefik/http/serversTransports/ServersTransport0/maxIdleConnsPerHost`</a> | `42` |
+| <a id="opt-traefikhttpserversTransportsServersTransport0peerCertURI" href="#opt-traefikhttpserversTransportsServersTransport0peerCertURI" title="#opt-traefikhttpserversTransportsServersTransport0peerCertURI">`traefik/http/serversTransports/ServersTransport0/peerCertURI`</a> | `foobar` |
+| <a id="opt-traefikhttpserversTransportsServersTransport0rootCAs0" href="#opt-traefikhttpserversTransportsServersTransport0rootCAs0" title="#opt-traefikhttpserversTransportsServersTransport0rootCAs0">`traefik/http/serversTransports/ServersTransport0/rootCAs/0`</a> | `foobar` |
+| <a id="opt-traefikhttpserversTransportsServersTransport0rootCAs1" href="#opt-traefikhttpserversTransportsServersTransport0rootCAs1" title="#opt-traefikhttpserversTransportsServersTransport0rootCAs1">`traefik/http/serversTransports/ServersTransport0/rootCAs/1`</a> | `foobar` |
+| <a id="opt-traefikhttpserversTransportsServersTransport0serverName" href="#opt-traefikhttpserversTransportsServersTransport0serverName" title="#opt-traefikhttpserversTransportsServersTransport0serverName">`traefik/http/serversTransports/ServersTransport0/serverName`</a> | `foobar` |
+| <a id="opt-traefikhttpserversTransportsServersTransport0spiffeids0" href="#opt-traefikhttpserversTransportsServersTransport0spiffeids0" title="#opt-traefikhttpserversTransportsServersTransport0spiffeids0">`traefik/http/serversTransports/ServersTransport0/spiffe/ids/0`</a> | `foobar` |
+| <a id="opt-traefikhttpserversTransportsServersTransport0spiffeids1" href="#opt-traefikhttpserversTransportsServersTransport0spiffeids1" title="#opt-traefikhttpserversTransportsServersTransport0spiffeids1">`traefik/http/serversTransports/ServersTransport0/spiffe/ids/1`</a> | `foobar` |
+| <a id="opt-traefikhttpserversTransportsServersTransport0spiffetrustDomain" href="#opt-traefikhttpserversTransportsServersTransport0spiffetrustDomain" title="#opt-traefikhttpserversTransportsServersTransport0spiffetrustDomain">`traefik/http/serversTransports/ServersTransport0/spiffe/trustDomain`</a> | `foobar` |
+| <a id="opt-traefikhttpserversTransportsServersTransport1certificates0certFile" href="#opt-traefikhttpserversTransportsServersTransport1certificates0certFile" title="#opt-traefikhttpserversTransportsServersTransport1certificates0certFile">`traefik/http/serversTransports/ServersTransport1/certificates/0/certFile`</a> | `foobar` |
+| <a id="opt-traefikhttpserversTransportsServersTransport1certificates0keyFile" href="#opt-traefikhttpserversTransportsServersTransport1certificates0keyFile" title="#opt-traefikhttpserversTransportsServersTransport1certificates0keyFile">`traefik/http/serversTransports/ServersTransport1/certificates/0/keyFile`</a> | `foobar` |
+| <a id="opt-traefikhttpserversTransportsServersTransport1certificates1certFile" href="#opt-traefikhttpserversTransportsServersTransport1certificates1certFile" title="#opt-traefikhttpserversTransportsServersTransport1certificates1certFile">`traefik/http/serversTransports/ServersTransport1/certificates/1/certFile`</a> | `foobar` |
+| <a id="opt-traefikhttpserversTransportsServersTransport1certificates1keyFile" href="#opt-traefikhttpserversTransportsServersTransport1certificates1keyFile" title="#opt-traefikhttpserversTransportsServersTransport1certificates1keyFile">`traefik/http/serversTransports/ServersTransport1/certificates/1/keyFile`</a> | `foobar` |
+| <a id="opt-traefikhttpserversTransportsServersTransport1disableHTTP2" href="#opt-traefikhttpserversTransportsServersTransport1disableHTTP2" title="#opt-traefikhttpserversTransportsServersTransport1disableHTTP2">`traefik/http/serversTransports/ServersTransport1/disableHTTP2`</a> | `true` |
+| <a id="opt-traefikhttpserversTransportsServersTransport1forwardingTimeoutsdialTimeout" href="#opt-traefikhttpserversTransportsServersTransport1forwardingTimeoutsdialTimeout" title="#opt-traefikhttpserversTransportsServersTransport1forwardingTimeoutsdialTimeout">`traefik/http/serversTransports/ServersTransport1/forwardingTimeouts/dialTimeout`</a> | `42s` |
+| <a id="opt-traefikhttpserversTransportsServersTransport1forwardingTimeoutsidleConnTimeout" href="#opt-traefikhttpserversTransportsServersTransport1forwardingTimeoutsidleConnTimeout" title="#opt-traefikhttpserversTransportsServersTransport1forwardingTimeoutsidleConnTimeout">`traefik/http/serversTransports/ServersTransport1/forwardingTimeouts/idleConnTimeout`</a> | `42s` |
+| <a id="opt-traefikhttpserversTransportsServersTransport1forwardingTimeoutspingTimeout" href="#opt-traefikhttpserversTransportsServersTransport1forwardingTimeoutspingTimeout" title="#opt-traefikhttpserversTransportsServersTransport1forwardingTimeoutspingTimeout">`traefik/http/serversTransports/ServersTransport1/forwardingTimeouts/pingTimeout`</a> | `42s` |
+| <a id="opt-traefikhttpserversTransportsServersTransport1forwardingTimeoutsreadIdleTimeout" href="#opt-traefikhttpserversTransportsServersTransport1forwardingTimeoutsreadIdleTimeout" title="#opt-traefikhttpserversTransportsServersTransport1forwardingTimeoutsreadIdleTimeout">`traefik/http/serversTransports/ServersTransport1/forwardingTimeouts/readIdleTimeout`</a> | `42s` |
+| <a id="opt-traefikhttpserversTransportsServersTransport1forwardingTimeoutsresponseHeaderTimeout" href="#opt-traefikhttpserversTransportsServersTransport1forwardingTimeoutsresponseHeaderTimeout" title="#opt-traefikhttpserversTransportsServersTransport1forwardingTimeoutsresponseHeaderTimeout">`traefik/http/serversTransports/ServersTransport1/forwardingTimeouts/responseHeaderTimeout`</a> | `42s` |
+| <a id="opt-traefikhttpserversTransportsServersTransport1insecureSkipVerify" href="#opt-traefikhttpserversTransportsServersTransport1insecureSkipVerify" title="#opt-traefikhttpserversTransportsServersTransport1insecureSkipVerify">`traefik/http/serversTransports/ServersTransport1/insecureSkipVerify`</a> | `true` |
+| <a id="opt-traefikhttpserversTransportsServersTransport1maxIdleConnsPerHost" href="#opt-traefikhttpserversTransportsServersTransport1maxIdleConnsPerHost" title="#opt-traefikhttpserversTransportsServersTransport1maxIdleConnsPerHost">`traefik/http/serversTransports/ServersTransport1/maxIdleConnsPerHost`</a> | `42` |
+| <a id="opt-traefikhttpserversTransportsServersTransport1peerCertURI" href="#opt-traefikhttpserversTransportsServersTransport1peerCertURI" title="#opt-traefikhttpserversTransportsServersTransport1peerCertURI">`traefik/http/serversTransports/ServersTransport1/peerCertURI`</a> | `foobar` |
+| <a id="opt-traefikhttpserversTransportsServersTransport1rootCAs0" href="#opt-traefikhttpserversTransportsServersTransport1rootCAs0" title="#opt-traefikhttpserversTransportsServersTransport1rootCAs0">`traefik/http/serversTransports/ServersTransport1/rootCAs/0`</a> | `foobar` |
+| <a id="opt-traefikhttpserversTransportsServersTransport1rootCAs1" href="#opt-traefikhttpserversTransportsServersTransport1rootCAs1" title="#opt-traefikhttpserversTransportsServersTransport1rootCAs1">`traefik/http/serversTransports/ServersTransport1/rootCAs/1`</a> | `foobar` |
+| <a id="opt-traefikhttpserversTransportsServersTransport1serverName" href="#opt-traefikhttpserversTransportsServersTransport1serverName" title="#opt-traefikhttpserversTransportsServersTransport1serverName">`traefik/http/serversTransports/ServersTransport1/serverName`</a> | `foobar` |
+| <a id="opt-traefikhttpserversTransportsServersTransport1spiffeids0" href="#opt-traefikhttpserversTransportsServersTransport1spiffeids0" title="#opt-traefikhttpserversTransportsServersTransport1spiffeids0">`traefik/http/serversTransports/ServersTransport1/spiffe/ids/0`</a> | `foobar` |
+| <a id="opt-traefikhttpserversTransportsServersTransport1spiffeids1" href="#opt-traefikhttpserversTransportsServersTransport1spiffeids1" title="#opt-traefikhttpserversTransportsServersTransport1spiffeids1">`traefik/http/serversTransports/ServersTransport1/spiffe/ids/1`</a> | `foobar` |
+| <a id="opt-traefikhttpserversTransportsServersTransport1spiffetrustDomain" href="#opt-traefikhttpserversTransportsServersTransport1spiffetrustDomain" title="#opt-traefikhttpserversTransportsServersTransport1spiffetrustDomain">`traefik/http/serversTransports/ServersTransport1/spiffe/trustDomain`</a> | `foobar` |
+| <a id="opt-traefikhttpservicesService01failoverfallback" href="#opt-traefikhttpservicesService01failoverfallback" title="#opt-traefikhttpservicesService01failoverfallback">`traefik/http/services/Service01/failover/fallback`</a> | `foobar` |
+| <a id="opt-traefikhttpservicesService01failoverhealthCheck" href="#opt-traefikhttpservicesService01failoverhealthCheck" title="#opt-traefikhttpservicesService01failoverhealthCheck">`traefik/http/services/Service01/failover/healthCheck`</a> | `` |
+| <a id="opt-traefikhttpservicesService01failoverservice" href="#opt-traefikhttpservicesService01failoverservice" title="#opt-traefikhttpservicesService01failoverservice">`traefik/http/services/Service01/failover/service`</a> | `foobar` |
+| <a id="opt-traefikhttpservicesService02loadBalancerhealthCheckfollowRedirects" href="#opt-traefikhttpservicesService02loadBalancerhealthCheckfollowRedirects" title="#opt-traefikhttpservicesService02loadBalancerhealthCheckfollowRedirects">`traefik/http/services/Service02/loadBalancer/healthCheck/followRedirects`</a> | `true` |
+| <a id="opt-traefikhttpservicesService02loadBalancerhealthCheckheadersname0" href="#opt-traefikhttpservicesService02loadBalancerhealthCheckheadersname0" title="#opt-traefikhttpservicesService02loadBalancerhealthCheckheadersname0">`traefik/http/services/Service02/loadBalancer/healthCheck/headers/name0`</a> | `foobar` |
+| <a id="opt-traefikhttpservicesService02loadBalancerhealthCheckheadersname1" href="#opt-traefikhttpservicesService02loadBalancerhealthCheckheadersname1" title="#opt-traefikhttpservicesService02loadBalancerhealthCheckheadersname1">`traefik/http/services/Service02/loadBalancer/healthCheck/headers/name1`</a> | `foobar` |
+| <a id="opt-traefikhttpservicesService02loadBalancerhealthCheckhostname" href="#opt-traefikhttpservicesService02loadBalancerhealthCheckhostname" title="#opt-traefikhttpservicesService02loadBalancerhealthCheckhostname">`traefik/http/services/Service02/loadBalancer/healthCheck/hostname`</a> | `foobar` |
+| <a id="opt-traefikhttpservicesService02loadBalancerhealthCheckinterval" href="#opt-traefikhttpservicesService02loadBalancerhealthCheckinterval" title="#opt-traefikhttpservicesService02loadBalancerhealthCheckinterval">`traefik/http/services/Service02/loadBalancer/healthCheck/interval`</a> | `42s` |
+| <a id="opt-traefikhttpservicesService02loadBalancerhealthCheckmethod" href="#opt-traefikhttpservicesService02loadBalancerhealthCheckmethod" title="#opt-traefikhttpservicesService02loadBalancerhealthCheckmethod">`traefik/http/services/Service02/loadBalancer/healthCheck/method`</a> | `foobar` |
+| <a id="opt-traefikhttpservicesService02loadBalancerhealthCheckmode" href="#opt-traefikhttpservicesService02loadBalancerhealthCheckmode" title="#opt-traefikhttpservicesService02loadBalancerhealthCheckmode">`traefik/http/services/Service02/loadBalancer/healthCheck/mode`</a> | `foobar` |
+| <a id="opt-traefikhttpservicesService02loadBalancerhealthCheckpath" href="#opt-traefikhttpservicesService02loadBalancerhealthCheckpath" title="#opt-traefikhttpservicesService02loadBalancerhealthCheckpath">`traefik/http/services/Service02/loadBalancer/healthCheck/path`</a> | `foobar` |
+| <a id="opt-traefikhttpservicesService02loadBalancerhealthCheckport" href="#opt-traefikhttpservicesService02loadBalancerhealthCheckport" title="#opt-traefikhttpservicesService02loadBalancerhealthCheckport">`traefik/http/services/Service02/loadBalancer/healthCheck/port`</a> | `42` |
+| <a id="opt-traefikhttpservicesService02loadBalancerhealthCheckscheme" href="#opt-traefikhttpservicesService02loadBalancerhealthCheckscheme" title="#opt-traefikhttpservicesService02loadBalancerhealthCheckscheme">`traefik/http/services/Service02/loadBalancer/healthCheck/scheme`</a> | `foobar` |
+| <a id="opt-traefikhttpservicesService02loadBalancerhealthCheckstatus" href="#opt-traefikhttpservicesService02loadBalancerhealthCheckstatus" title="#opt-traefikhttpservicesService02loadBalancerhealthCheckstatus">`traefik/http/services/Service02/loadBalancer/healthCheck/status`</a> | `42` |
+| <a id="opt-traefikhttpservicesService02loadBalancerhealthChecktimeout" href="#opt-traefikhttpservicesService02loadBalancerhealthChecktimeout" title="#opt-traefikhttpservicesService02loadBalancerhealthChecktimeout">`traefik/http/services/Service02/loadBalancer/healthCheck/timeout`</a> | `42s` |
+| <a id="opt-traefikhttpservicesService02loadBalancerhealthCheckunhealthyInterval" href="#opt-traefikhttpservicesService02loadBalancerhealthCheckunhealthyInterval" title="#opt-traefikhttpservicesService02loadBalancerhealthCheckunhealthyInterval">`traefik/http/services/Service02/loadBalancer/healthCheck/unhealthyInterval`</a> | `42s` |
+| <a id="opt-traefikhttpservicesService02loadBalancerpassHostHeader" href="#opt-traefikhttpservicesService02loadBalancerpassHostHeader" title="#opt-traefikhttpservicesService02loadBalancerpassHostHeader">`traefik/http/services/Service02/loadBalancer/passHostHeader`</a> | `true` |
+| <a id="opt-traefikhttpservicesService02loadBalancerresponseForwardingflushInterval" href="#opt-traefikhttpservicesService02loadBalancerresponseForwardingflushInterval" title="#opt-traefikhttpservicesService02loadBalancerresponseForwardingflushInterval">`traefik/http/services/Service02/loadBalancer/responseForwarding/flushInterval`</a> | `42s` |
+| <a id="opt-traefikhttpservicesService02loadBalancerservers0preservePath" href="#opt-traefikhttpservicesService02loadBalancerservers0preservePath" title="#opt-traefikhttpservicesService02loadBalancerservers0preservePath">`traefik/http/services/Service02/loadBalancer/servers/0/preservePath`</a> | `true` |
+| <a id="opt-traefikhttpservicesService02loadBalancerservers0url" href="#opt-traefikhttpservicesService02loadBalancerservers0url" title="#opt-traefikhttpservicesService02loadBalancerservers0url">`traefik/http/services/Service02/loadBalancer/servers/0/url`</a> | `foobar` |
+| <a id="opt-traefikhttpservicesService02loadBalancerservers0weight" href="#opt-traefikhttpservicesService02loadBalancerservers0weight" title="#opt-traefikhttpservicesService02loadBalancerservers0weight">`traefik/http/services/Service02/loadBalancer/servers/0/weight`</a> | `42` |
+| <a id="opt-traefikhttpservicesService02loadBalancerservers1preservePath" href="#opt-traefikhttpservicesService02loadBalancerservers1preservePath" title="#opt-traefikhttpservicesService02loadBalancerservers1preservePath">`traefik/http/services/Service02/loadBalancer/servers/1/preservePath`</a> | `true` |
+| <a id="opt-traefikhttpservicesService02loadBalancerservers1url" href="#opt-traefikhttpservicesService02loadBalancerservers1url" title="#opt-traefikhttpservicesService02loadBalancerservers1url">`traefik/http/services/Service02/loadBalancer/servers/1/url`</a> | `foobar` |
+| <a id="opt-traefikhttpservicesService02loadBalancerservers1weight" href="#opt-traefikhttpservicesService02loadBalancerservers1weight" title="#opt-traefikhttpservicesService02loadBalancerservers1weight">`traefik/http/services/Service02/loadBalancer/servers/1/weight`</a> | `42` |
+| <a id="opt-traefikhttpservicesService02loadBalancerserversTransport" href="#opt-traefikhttpservicesService02loadBalancerserversTransport" title="#opt-traefikhttpservicesService02loadBalancerserversTransport">`traefik/http/services/Service02/loadBalancer/serversTransport`</a> | `foobar` |
+| <a id="opt-traefikhttpservicesService02loadBalancerstickycookiedomain" href="#opt-traefikhttpservicesService02loadBalancerstickycookiedomain" title="#opt-traefikhttpservicesService02loadBalancerstickycookiedomain">`traefik/http/services/Service02/loadBalancer/sticky/cookie/domain`</a> | `foobar` |
+| <a id="opt-traefikhttpservicesService02loadBalancerstickycookiehttpOnly" href="#opt-traefikhttpservicesService02loadBalancerstickycookiehttpOnly" title="#opt-traefikhttpservicesService02loadBalancerstickycookiehttpOnly">`traefik/http/services/Service02/loadBalancer/sticky/cookie/httpOnly`</a> | `true` |
+| <a id="opt-traefikhttpservicesService02loadBalancerstickycookiemaxAge" href="#opt-traefikhttpservicesService02loadBalancerstickycookiemaxAge" title="#opt-traefikhttpservicesService02loadBalancerstickycookiemaxAge">`traefik/http/services/Service02/loadBalancer/sticky/cookie/maxAge`</a> | `42` |
+| <a id="opt-traefikhttpservicesService02loadBalancerstickycookiename" href="#opt-traefikhttpservicesService02loadBalancerstickycookiename" title="#opt-traefikhttpservicesService02loadBalancerstickycookiename">`traefik/http/services/Service02/loadBalancer/sticky/cookie/name`</a> | `foobar` |
+| <a id="opt-traefikhttpservicesService02loadBalancerstickycookiepath" href="#opt-traefikhttpservicesService02loadBalancerstickycookiepath" title="#opt-traefikhttpservicesService02loadBalancerstickycookiepath">`traefik/http/services/Service02/loadBalancer/sticky/cookie/path`</a> | `foobar` |
+| <a id="opt-traefikhttpservicesService02loadBalancerstickycookiesameSite" href="#opt-traefikhttpservicesService02loadBalancerstickycookiesameSite" title="#opt-traefikhttpservicesService02loadBalancerstickycookiesameSite">`traefik/http/services/Service02/loadBalancer/sticky/cookie/sameSite`</a> | `foobar` |
+| <a id="opt-traefikhttpservicesService02loadBalancerstickycookiesecure" href="#opt-traefikhttpservicesService02loadBalancerstickycookiesecure" title="#opt-traefikhttpservicesService02loadBalancerstickycookiesecure">`traefik/http/services/Service02/loadBalancer/sticky/cookie/secure`</a> | `true` |
+| <a id="opt-traefikhttpservicesService02loadBalancerstrategy" href="#opt-traefikhttpservicesService02loadBalancerstrategy" title="#opt-traefikhttpservicesService02loadBalancerstrategy">`traefik/http/services/Service02/loadBalancer/strategy`</a> | `foobar` |
+| <a id="opt-traefikhttpservicesService03mirroringhealthCheck" href="#opt-traefikhttpservicesService03mirroringhealthCheck" title="#opt-traefikhttpservicesService03mirroringhealthCheck">`traefik/http/services/Service03/mirroring/healthCheck`</a> | `` |
+| <a id="opt-traefikhttpservicesService03mirroringmaxBodySize" href="#opt-traefikhttpservicesService03mirroringmaxBodySize" title="#opt-traefikhttpservicesService03mirroringmaxBodySize">`traefik/http/services/Service03/mirroring/maxBodySize`</a> | `42` |
+| <a id="opt-traefikhttpservicesService03mirroringmirrorBody" href="#opt-traefikhttpservicesService03mirroringmirrorBody" title="#opt-traefikhttpservicesService03mirroringmirrorBody">`traefik/http/services/Service03/mirroring/mirrorBody`</a> | `true` |
+| <a id="opt-traefikhttpservicesService03mirroringmirrors0name" href="#opt-traefikhttpservicesService03mirroringmirrors0name" title="#opt-traefikhttpservicesService03mirroringmirrors0name">`traefik/http/services/Service03/mirroring/mirrors/0/name`</a> | `foobar` |
+| <a id="opt-traefikhttpservicesService03mirroringmirrors0percent" href="#opt-traefikhttpservicesService03mirroringmirrors0percent" title="#opt-traefikhttpservicesService03mirroringmirrors0percent">`traefik/http/services/Service03/mirroring/mirrors/0/percent`</a> | `42` |
+| <a id="opt-traefikhttpservicesService03mirroringmirrors1name" href="#opt-traefikhttpservicesService03mirroringmirrors1name" title="#opt-traefikhttpservicesService03mirroringmirrors1name">`traefik/http/services/Service03/mirroring/mirrors/1/name`</a> | `foobar` |
+| <a id="opt-traefikhttpservicesService03mirroringmirrors1percent" href="#opt-traefikhttpservicesService03mirroringmirrors1percent" title="#opt-traefikhttpservicesService03mirroringmirrors1percent">`traefik/http/services/Service03/mirroring/mirrors/1/percent`</a> | `42` |
+| <a id="opt-traefikhttpservicesService03mirroringservice" href="#opt-traefikhttpservicesService03mirroringservice" title="#opt-traefikhttpservicesService03mirroringservice">`traefik/http/services/Service03/mirroring/service`</a> | `foobar` |
+| <a id="opt-traefikhttpservicesService04weightedhealthCheck" href="#opt-traefikhttpservicesService04weightedhealthCheck" title="#opt-traefikhttpservicesService04weightedhealthCheck">`traefik/http/services/Service04/weighted/healthCheck`</a> | `` |
+| <a id="opt-traefikhttpservicesService04weightedservices0name" href="#opt-traefikhttpservicesService04weightedservices0name" title="#opt-traefikhttpservicesService04weightedservices0name">`traefik/http/services/Service04/weighted/services/0/name`</a> | `foobar` |
+| <a id="opt-traefikhttpservicesService04weightedservices0weight" href="#opt-traefikhttpservicesService04weightedservices0weight" title="#opt-traefikhttpservicesService04weightedservices0weight">`traefik/http/services/Service04/weighted/services/0/weight`</a> | `42` |
+| <a id="opt-traefikhttpservicesService04weightedservices1name" href="#opt-traefikhttpservicesService04weightedservices1name" title="#opt-traefikhttpservicesService04weightedservices1name">`traefik/http/services/Service04/weighted/services/1/name`</a> | `foobar` |
+| <a id="opt-traefikhttpservicesService04weightedservices1weight" href="#opt-traefikhttpservicesService04weightedservices1weight" title="#opt-traefikhttpservicesService04weightedservices1weight">`traefik/http/services/Service04/weighted/services/1/weight`</a> | `42` |
+| <a id="opt-traefikhttpservicesService04weightedstickycookiedomain" href="#opt-traefikhttpservicesService04weightedstickycookiedomain" title="#opt-traefikhttpservicesService04weightedstickycookiedomain">`traefik/http/services/Service04/weighted/sticky/cookie/domain`</a> | `foobar` |
+| <a id="opt-traefikhttpservicesService04weightedstickycookiehttpOnly" href="#opt-traefikhttpservicesService04weightedstickycookiehttpOnly" title="#opt-traefikhttpservicesService04weightedstickycookiehttpOnly">`traefik/http/services/Service04/weighted/sticky/cookie/httpOnly`</a> | `true` |
+| <a id="opt-traefikhttpservicesService04weightedstickycookiemaxAge" href="#opt-traefikhttpservicesService04weightedstickycookiemaxAge" title="#opt-traefikhttpservicesService04weightedstickycookiemaxAge">`traefik/http/services/Service04/weighted/sticky/cookie/maxAge`</a> | `42` |
+| <a id="opt-traefikhttpservicesService04weightedstickycookiename" href="#opt-traefikhttpservicesService04weightedstickycookiename" title="#opt-traefikhttpservicesService04weightedstickycookiename">`traefik/http/services/Service04/weighted/sticky/cookie/name`</a> | `foobar` |
+| <a id="opt-traefikhttpservicesService04weightedstickycookiepath" href="#opt-traefikhttpservicesService04weightedstickycookiepath" title="#opt-traefikhttpservicesService04weightedstickycookiepath">`traefik/http/services/Service04/weighted/sticky/cookie/path`</a> | `foobar` |
+| <a id="opt-traefikhttpservicesService04weightedstickycookiesameSite" href="#opt-traefikhttpservicesService04weightedstickycookiesameSite" title="#opt-traefikhttpservicesService04weightedstickycookiesameSite">`traefik/http/services/Service04/weighted/sticky/cookie/sameSite`</a> | `foobar` |
+| <a id="opt-traefikhttpservicesService04weightedstickycookiesecure" href="#opt-traefikhttpservicesService04weightedstickycookiesecure" title="#opt-traefikhttpservicesService04weightedstickycookiesecure">`traefik/http/services/Service04/weighted/sticky/cookie/secure`</a> | `true` |
+| <a id="opt-traefiktcpmiddlewaresTCPMiddleware01ipAllowListsourceRange0" href="#opt-traefiktcpmiddlewaresTCPMiddleware01ipAllowListsourceRange0" title="#opt-traefiktcpmiddlewaresTCPMiddleware01ipAllowListsourceRange0">`traefik/tcp/middlewares/TCPMiddleware01/ipAllowList/sourceRange/0`</a> | `foobar` |
+| <a id="opt-traefiktcpmiddlewaresTCPMiddleware01ipAllowListsourceRange1" href="#opt-traefiktcpmiddlewaresTCPMiddleware01ipAllowListsourceRange1" title="#opt-traefiktcpmiddlewaresTCPMiddleware01ipAllowListsourceRange1">`traefik/tcp/middlewares/TCPMiddleware01/ipAllowList/sourceRange/1`</a> | `foobar` |
+| <a id="opt-traefiktcpmiddlewaresTCPMiddleware02ipWhiteListsourceRange0" href="#opt-traefiktcpmiddlewaresTCPMiddleware02ipWhiteListsourceRange0" title="#opt-traefiktcpmiddlewaresTCPMiddleware02ipWhiteListsourceRange0">`traefik/tcp/middlewares/TCPMiddleware02/ipWhiteList/sourceRange/0`</a> | `foobar` |
+| <a id="opt-traefiktcpmiddlewaresTCPMiddleware02ipWhiteListsourceRange1" href="#opt-traefiktcpmiddlewaresTCPMiddleware02ipWhiteListsourceRange1" title="#opt-traefiktcpmiddlewaresTCPMiddleware02ipWhiteListsourceRange1">`traefik/tcp/middlewares/TCPMiddleware02/ipWhiteList/sourceRange/1`</a> | `foobar` |
+| <a id="opt-traefiktcpmiddlewaresTCPMiddleware03inFlightConnamount" href="#opt-traefiktcpmiddlewaresTCPMiddleware03inFlightConnamount" title="#opt-traefiktcpmiddlewaresTCPMiddleware03inFlightConnamount">`traefik/tcp/middlewares/TCPMiddleware03/inFlightConn/amount`</a> | `42` |
+| <a id="opt-traefiktcproutersTCPRouter0entryPoints0" href="#opt-traefiktcproutersTCPRouter0entryPoints0" title="#opt-traefiktcproutersTCPRouter0entryPoints0">`traefik/tcp/routers/TCPRouter0/entryPoints/0`</a> | `foobar` |
+| <a id="opt-traefiktcproutersTCPRouter0entryPoints1" href="#opt-traefiktcproutersTCPRouter0entryPoints1" title="#opt-traefiktcproutersTCPRouter0entryPoints1">`traefik/tcp/routers/TCPRouter0/entryPoints/1`</a> | `foobar` |
+| <a id="opt-traefiktcproutersTCPRouter0middlewares0" href="#opt-traefiktcproutersTCPRouter0middlewares0" title="#opt-traefiktcproutersTCPRouter0middlewares0">`traefik/tcp/routers/TCPRouter0/middlewares/0`</a> | `foobar` |
+| <a id="opt-traefiktcproutersTCPRouter0middlewares1" href="#opt-traefiktcproutersTCPRouter0middlewares1" title="#opt-traefiktcproutersTCPRouter0middlewares1">`traefik/tcp/routers/TCPRouter0/middlewares/1`</a> | `foobar` |
+| <a id="opt-traefiktcproutersTCPRouter0priority" href="#opt-traefiktcproutersTCPRouter0priority" title="#opt-traefiktcproutersTCPRouter0priority">`traefik/tcp/routers/TCPRouter0/priority`</a> | `42` |
+| <a id="opt-traefiktcproutersTCPRouter0rule" href="#opt-traefiktcproutersTCPRouter0rule" title="#opt-traefiktcproutersTCPRouter0rule">`traefik/tcp/routers/TCPRouter0/rule`</a> | `foobar` |
+| <a id="opt-traefiktcproutersTCPRouter0ruleSyntax" href="#opt-traefiktcproutersTCPRouter0ruleSyntax" title="#opt-traefiktcproutersTCPRouter0ruleSyntax">`traefik/tcp/routers/TCPRouter0/ruleSyntax`</a> | `foobar` |
+| <a id="opt-traefiktcproutersTCPRouter0service" href="#opt-traefiktcproutersTCPRouter0service" title="#opt-traefiktcproutersTCPRouter0service">`traefik/tcp/routers/TCPRouter0/service`</a> | `foobar` |
+| <a id="opt-traefiktcproutersTCPRouter0tlscertResolver" href="#opt-traefiktcproutersTCPRouter0tlscertResolver" title="#opt-traefiktcproutersTCPRouter0tlscertResolver">`traefik/tcp/routers/TCPRouter0/tls/certResolver`</a> | `foobar` |
+| <a id="opt-traefiktcproutersTCPRouter0tlsdomains0main" href="#opt-traefiktcproutersTCPRouter0tlsdomains0main" title="#opt-traefiktcproutersTCPRouter0tlsdomains0main">`traefik/tcp/routers/TCPRouter0/tls/domains/0/main`</a> | `foobar` |
+| <a id="opt-traefiktcproutersTCPRouter0tlsdomains0sans0" href="#opt-traefiktcproutersTCPRouter0tlsdomains0sans0" title="#opt-traefiktcproutersTCPRouter0tlsdomains0sans0">`traefik/tcp/routers/TCPRouter0/tls/domains/0/sans/0`</a> | `foobar` |
+| <a id="opt-traefiktcproutersTCPRouter0tlsdomains0sans1" href="#opt-traefiktcproutersTCPRouter0tlsdomains0sans1" title="#opt-traefiktcproutersTCPRouter0tlsdomains0sans1">`traefik/tcp/routers/TCPRouter0/tls/domains/0/sans/1`</a> | `foobar` |
+| <a id="opt-traefiktcproutersTCPRouter0tlsdomains1main" href="#opt-traefiktcproutersTCPRouter0tlsdomains1main" title="#opt-traefiktcproutersTCPRouter0tlsdomains1main">`traefik/tcp/routers/TCPRouter0/tls/domains/1/main`</a> | `foobar` |
+| <a id="opt-traefiktcproutersTCPRouter0tlsdomains1sans0" href="#opt-traefiktcproutersTCPRouter0tlsdomains1sans0" title="#opt-traefiktcproutersTCPRouter0tlsdomains1sans0">`traefik/tcp/routers/TCPRouter0/tls/domains/1/sans/0`</a> | `foobar` |
+| <a id="opt-traefiktcproutersTCPRouter0tlsdomains1sans1" href="#opt-traefiktcproutersTCPRouter0tlsdomains1sans1" title="#opt-traefiktcproutersTCPRouter0tlsdomains1sans1">`traefik/tcp/routers/TCPRouter0/tls/domains/1/sans/1`</a> | `foobar` |
+| <a id="opt-traefiktcproutersTCPRouter0tlsoptions" href="#opt-traefiktcproutersTCPRouter0tlsoptions" title="#opt-traefiktcproutersTCPRouter0tlsoptions">`traefik/tcp/routers/TCPRouter0/tls/options`</a> | `foobar` |
+| <a id="opt-traefiktcproutersTCPRouter0tlspassthrough" href="#opt-traefiktcproutersTCPRouter0tlspassthrough" title="#opt-traefiktcproutersTCPRouter0tlspassthrough">`traefik/tcp/routers/TCPRouter0/tls/passthrough`</a> | `true` |
+| <a id="opt-traefiktcproutersTCPRouter1entryPoints0" href="#opt-traefiktcproutersTCPRouter1entryPoints0" title="#opt-traefiktcproutersTCPRouter1entryPoints0">`traefik/tcp/routers/TCPRouter1/entryPoints/0`</a> | `foobar` |
+| <a id="opt-traefiktcproutersTCPRouter1entryPoints1" href="#opt-traefiktcproutersTCPRouter1entryPoints1" title="#opt-traefiktcproutersTCPRouter1entryPoints1">`traefik/tcp/routers/TCPRouter1/entryPoints/1`</a> | `foobar` |
+| <a id="opt-traefiktcproutersTCPRouter1middlewares0" href="#opt-traefiktcproutersTCPRouter1middlewares0" title="#opt-traefiktcproutersTCPRouter1middlewares0">`traefik/tcp/routers/TCPRouter1/middlewares/0`</a> | `foobar` |
+| <a id="opt-traefiktcproutersTCPRouter1middlewares1" href="#opt-traefiktcproutersTCPRouter1middlewares1" title="#opt-traefiktcproutersTCPRouter1middlewares1">`traefik/tcp/routers/TCPRouter1/middlewares/1`</a> | `foobar` |
+| <a id="opt-traefiktcproutersTCPRouter1priority" href="#opt-traefiktcproutersTCPRouter1priority" title="#opt-traefiktcproutersTCPRouter1priority">`traefik/tcp/routers/TCPRouter1/priority`</a> | `42` |
+| <a id="opt-traefiktcproutersTCPRouter1rule" href="#opt-traefiktcproutersTCPRouter1rule" title="#opt-traefiktcproutersTCPRouter1rule">`traefik/tcp/routers/TCPRouter1/rule`</a> | `foobar` |
+| <a id="opt-traefiktcproutersTCPRouter1ruleSyntax" href="#opt-traefiktcproutersTCPRouter1ruleSyntax" title="#opt-traefiktcproutersTCPRouter1ruleSyntax">`traefik/tcp/routers/TCPRouter1/ruleSyntax`</a> | `foobar` |
+| <a id="opt-traefiktcproutersTCPRouter1service" href="#opt-traefiktcproutersTCPRouter1service" title="#opt-traefiktcproutersTCPRouter1service">`traefik/tcp/routers/TCPRouter1/service`</a> | `foobar` |
+| <a id="opt-traefiktcproutersTCPRouter1tlscertResolver" href="#opt-traefiktcproutersTCPRouter1tlscertResolver" title="#opt-traefiktcproutersTCPRouter1tlscertResolver">`traefik/tcp/routers/TCPRouter1/tls/certResolver`</a> | `foobar` |
+| <a id="opt-traefiktcproutersTCPRouter1tlsdomains0main" href="#opt-traefiktcproutersTCPRouter1tlsdomains0main" title="#opt-traefiktcproutersTCPRouter1tlsdomains0main">`traefik/tcp/routers/TCPRouter1/tls/domains/0/main`</a> | `foobar` |
+| <a id="opt-traefiktcproutersTCPRouter1tlsdomains0sans0" href="#opt-traefiktcproutersTCPRouter1tlsdomains0sans0" title="#opt-traefiktcproutersTCPRouter1tlsdomains0sans0">`traefik/tcp/routers/TCPRouter1/tls/domains/0/sans/0`</a> | `foobar` |
+| <a id="opt-traefiktcproutersTCPRouter1tlsdomains0sans1" href="#opt-traefiktcproutersTCPRouter1tlsdomains0sans1" title="#opt-traefiktcproutersTCPRouter1tlsdomains0sans1">`traefik/tcp/routers/TCPRouter1/tls/domains/0/sans/1`</a> | `foobar` |
+| <a id="opt-traefiktcproutersTCPRouter1tlsdomains1main" href="#opt-traefiktcproutersTCPRouter1tlsdomains1main" title="#opt-traefiktcproutersTCPRouter1tlsdomains1main">`traefik/tcp/routers/TCPRouter1/tls/domains/1/main`</a> | `foobar` |
+| <a id="opt-traefiktcproutersTCPRouter1tlsdomains1sans0" href="#opt-traefiktcproutersTCPRouter1tlsdomains1sans0" title="#opt-traefiktcproutersTCPRouter1tlsdomains1sans0">`traefik/tcp/routers/TCPRouter1/tls/domains/1/sans/0`</a> | `foobar` |
+| <a id="opt-traefiktcproutersTCPRouter1tlsdomains1sans1" href="#opt-traefiktcproutersTCPRouter1tlsdomains1sans1" title="#opt-traefiktcproutersTCPRouter1tlsdomains1sans1">`traefik/tcp/routers/TCPRouter1/tls/domains/1/sans/1`</a> | `foobar` |
+| <a id="opt-traefiktcproutersTCPRouter1tlsoptions" href="#opt-traefiktcproutersTCPRouter1tlsoptions" title="#opt-traefiktcproutersTCPRouter1tlsoptions">`traefik/tcp/routers/TCPRouter1/tls/options`</a> | `foobar` |
+| <a id="opt-traefiktcproutersTCPRouter1tlspassthrough" href="#opt-traefiktcproutersTCPRouter1tlspassthrough" title="#opt-traefiktcproutersTCPRouter1tlspassthrough">`traefik/tcp/routers/TCPRouter1/tls/passthrough`</a> | `true` |
+| <a id="opt-traefiktcpserversTransportsTCPServersTransport0dialKeepAlive" href="#opt-traefiktcpserversTransportsTCPServersTransport0dialKeepAlive" title="#opt-traefiktcpserversTransportsTCPServersTransport0dialKeepAlive">`traefik/tcp/serversTransports/TCPServersTransport0/dialKeepAlive`</a> | `42s` |
+| <a id="opt-traefiktcpserversTransportsTCPServersTransport0dialTimeout" href="#opt-traefiktcpserversTransportsTCPServersTransport0dialTimeout" title="#opt-traefiktcpserversTransportsTCPServersTransport0dialTimeout">`traefik/tcp/serversTransports/TCPServersTransport0/dialTimeout`</a> | `42s` |
+| <a id="opt-traefiktcpserversTransportsTCPServersTransport0proxyProtocolversion" href="#opt-traefiktcpserversTransportsTCPServersTransport0proxyProtocolversion" title="#opt-traefiktcpserversTransportsTCPServersTransport0proxyProtocolversion">`traefik/tcp/serversTransports/TCPServersTransport0/proxyProtocol/version`</a> | `42` |
+| <a id="opt-traefiktcpserversTransportsTCPServersTransport0terminationDelay" href="#opt-traefiktcpserversTransportsTCPServersTransport0terminationDelay" title="#opt-traefiktcpserversTransportsTCPServersTransport0terminationDelay">`traefik/tcp/serversTransports/TCPServersTransport0/terminationDelay`</a> | `42s` |
+| <a id="opt-traefiktcpserversTransportsTCPServersTransport0tlscertificates0certFile" href="#opt-traefiktcpserversTransportsTCPServersTransport0tlscertificates0certFile" title="#opt-traefiktcpserversTransportsTCPServersTransport0tlscertificates0certFile">`traefik/tcp/serversTransports/TCPServersTransport0/tls/certificates/0/certFile`</a> | `foobar` |
+| <a id="opt-traefiktcpserversTransportsTCPServersTransport0tlscertificates0keyFile" href="#opt-traefiktcpserversTransportsTCPServersTransport0tlscertificates0keyFile" title="#opt-traefiktcpserversTransportsTCPServersTransport0tlscertificates0keyFile">`traefik/tcp/serversTransports/TCPServersTransport0/tls/certificates/0/keyFile`</a> | `foobar` |
+| <a id="opt-traefiktcpserversTransportsTCPServersTransport0tlscertificates1certFile" href="#opt-traefiktcpserversTransportsTCPServersTransport0tlscertificates1certFile" title="#opt-traefiktcpserversTransportsTCPServersTransport0tlscertificates1certFile">`traefik/tcp/serversTransports/TCPServersTransport0/tls/certificates/1/certFile`</a> | `foobar` |
+| <a id="opt-traefiktcpserversTransportsTCPServersTransport0tlscertificates1keyFile" href="#opt-traefiktcpserversTransportsTCPServersTransport0tlscertificates1keyFile" title="#opt-traefiktcpserversTransportsTCPServersTransport0tlscertificates1keyFile">`traefik/tcp/serversTransports/TCPServersTransport0/tls/certificates/1/keyFile`</a> | `foobar` |
+| <a id="opt-traefiktcpserversTransportsTCPServersTransport0tlsinsecureSkipVerify" href="#opt-traefiktcpserversTransportsTCPServersTransport0tlsinsecureSkipVerify" title="#opt-traefiktcpserversTransportsTCPServersTransport0tlsinsecureSkipVerify">`traefik/tcp/serversTransports/TCPServersTransport0/tls/insecureSkipVerify`</a> | `true` |
+| <a id="opt-traefiktcpserversTransportsTCPServersTransport0tlspeerCertURI" href="#opt-traefiktcpserversTransportsTCPServersTransport0tlspeerCertURI" title="#opt-traefiktcpserversTransportsTCPServersTransport0tlspeerCertURI">`traefik/tcp/serversTransports/TCPServersTransport0/tls/peerCertURI`</a> | `foobar` |
+| <a id="opt-traefiktcpserversTransportsTCPServersTransport0tlsrootCAs0" href="#opt-traefiktcpserversTransportsTCPServersTransport0tlsrootCAs0" title="#opt-traefiktcpserversTransportsTCPServersTransport0tlsrootCAs0">`traefik/tcp/serversTransports/TCPServersTransport0/tls/rootCAs/0`</a> | `foobar` |
+| <a id="opt-traefiktcpserversTransportsTCPServersTransport0tlsrootCAs1" href="#opt-traefiktcpserversTransportsTCPServersTransport0tlsrootCAs1" title="#opt-traefiktcpserversTransportsTCPServersTransport0tlsrootCAs1">`traefik/tcp/serversTransports/TCPServersTransport0/tls/rootCAs/1`</a> | `foobar` |
+| <a id="opt-traefiktcpserversTransportsTCPServersTransport0tlsserverName" href="#opt-traefiktcpserversTransportsTCPServersTransport0tlsserverName" title="#opt-traefiktcpserversTransportsTCPServersTransport0tlsserverName">`traefik/tcp/serversTransports/TCPServersTransport0/tls/serverName`</a> | `foobar` |
+| <a id="opt-traefiktcpserversTransportsTCPServersTransport0tlsspiffeids0" href="#opt-traefiktcpserversTransportsTCPServersTransport0tlsspiffeids0" title="#opt-traefiktcpserversTransportsTCPServersTransport0tlsspiffeids0">`traefik/tcp/serversTransports/TCPServersTransport0/tls/spiffe/ids/0`</a> | `foobar` |
+| <a id="opt-traefiktcpserversTransportsTCPServersTransport0tlsspiffeids1" href="#opt-traefiktcpserversTransportsTCPServersTransport0tlsspiffeids1" title="#opt-traefiktcpserversTransportsTCPServersTransport0tlsspiffeids1">`traefik/tcp/serversTransports/TCPServersTransport0/tls/spiffe/ids/1`</a> | `foobar` |
+| <a id="opt-traefiktcpserversTransportsTCPServersTransport0tlsspiffetrustDomain" href="#opt-traefiktcpserversTransportsTCPServersTransport0tlsspiffetrustDomain" title="#opt-traefiktcpserversTransportsTCPServersTransport0tlsspiffetrustDomain">`traefik/tcp/serversTransports/TCPServersTransport0/tls/spiffe/trustDomain`</a> | `foobar` |
+| <a id="opt-traefiktcpserversTransportsTCPServersTransport1dialKeepAlive" href="#opt-traefiktcpserversTransportsTCPServersTransport1dialKeepAlive" title="#opt-traefiktcpserversTransportsTCPServersTransport1dialKeepAlive">`traefik/tcp/serversTransports/TCPServersTransport1/dialKeepAlive`</a> | `42s` |
+| <a id="opt-traefiktcpserversTransportsTCPServersTransport1dialTimeout" href="#opt-traefiktcpserversTransportsTCPServersTransport1dialTimeout" title="#opt-traefiktcpserversTransportsTCPServersTransport1dialTimeout">`traefik/tcp/serversTransports/TCPServersTransport1/dialTimeout`</a> | `42s` |
+| <a id="opt-traefiktcpserversTransportsTCPServersTransport1proxyProtocolversion" href="#opt-traefiktcpserversTransportsTCPServersTransport1proxyProtocolversion" title="#opt-traefiktcpserversTransportsTCPServersTransport1proxyProtocolversion">`traefik/tcp/serversTransports/TCPServersTransport1/proxyProtocol/version`</a> | `42` |
+| <a id="opt-traefiktcpserversTransportsTCPServersTransport1terminationDelay" href="#opt-traefiktcpserversTransportsTCPServersTransport1terminationDelay" title="#opt-traefiktcpserversTransportsTCPServersTransport1terminationDelay">`traefik/tcp/serversTransports/TCPServersTransport1/terminationDelay`</a> | `42s` |
+| <a id="opt-traefiktcpserversTransportsTCPServersTransport1tlscertificates0certFile" href="#opt-traefiktcpserversTransportsTCPServersTransport1tlscertificates0certFile" title="#opt-traefiktcpserversTransportsTCPServersTransport1tlscertificates0certFile">`traefik/tcp/serversTransports/TCPServersTransport1/tls/certificates/0/certFile`</a> | `foobar` |
+| <a id="opt-traefiktcpserversTransportsTCPServersTransport1tlscertificates0keyFile" href="#opt-traefiktcpserversTransportsTCPServersTransport1tlscertificates0keyFile" title="#opt-traefiktcpserversTransportsTCPServersTransport1tlscertificates0keyFile">`traefik/tcp/serversTransports/TCPServersTransport1/tls/certificates/0/keyFile`</a> | `foobar` |
+| <a id="opt-traefiktcpserversTransportsTCPServersTransport1tlscertificates1certFile" href="#opt-traefiktcpserversTransportsTCPServersTransport1tlscertificates1certFile" title="#opt-traefiktcpserversTransportsTCPServersTransport1tlscertificates1certFile">`traefik/tcp/serversTransports/TCPServersTransport1/tls/certificates/1/certFile`</a> | `foobar` |
+| <a id="opt-traefiktcpserversTransportsTCPServersTransport1tlscertificates1keyFile" href="#opt-traefiktcpserversTransportsTCPServersTransport1tlscertificates1keyFile" title="#opt-traefiktcpserversTransportsTCPServersTransport1tlscertificates1keyFile">`traefik/tcp/serversTransports/TCPServersTransport1/tls/certificates/1/keyFile`</a> | `foobar` |
+| <a id="opt-traefiktcpserversTransportsTCPServersTransport1tlsinsecureSkipVerify" href="#opt-traefiktcpserversTransportsTCPServersTransport1tlsinsecureSkipVerify" title="#opt-traefiktcpserversTransportsTCPServersTransport1tlsinsecureSkipVerify">`traefik/tcp/serversTransports/TCPServersTransport1/tls/insecureSkipVerify`</a> | `true` |
+| <a id="opt-traefiktcpserversTransportsTCPServersTransport1tlspeerCertURI" href="#opt-traefiktcpserversTransportsTCPServersTransport1tlspeerCertURI" title="#opt-traefiktcpserversTransportsTCPServersTransport1tlspeerCertURI">`traefik/tcp/serversTransports/TCPServersTransport1/tls/peerCertURI`</a> | `foobar` |
+| <a id="opt-traefiktcpserversTransportsTCPServersTransport1tlsrootCAs0" href="#opt-traefiktcpserversTransportsTCPServersTransport1tlsrootCAs0" title="#opt-traefiktcpserversTransportsTCPServersTransport1tlsrootCAs0">`traefik/tcp/serversTransports/TCPServersTransport1/tls/rootCAs/0`</a> | `foobar` |
+| <a id="opt-traefiktcpserversTransportsTCPServersTransport1tlsrootCAs1" href="#opt-traefiktcpserversTransportsTCPServersTransport1tlsrootCAs1" title="#opt-traefiktcpserversTransportsTCPServersTransport1tlsrootCAs1">`traefik/tcp/serversTransports/TCPServersTransport1/tls/rootCAs/1`</a> | `foobar` |
+| <a id="opt-traefiktcpserversTransportsTCPServersTransport1tlsserverName" href="#opt-traefiktcpserversTransportsTCPServersTransport1tlsserverName" title="#opt-traefiktcpserversTransportsTCPServersTransport1tlsserverName">`traefik/tcp/serversTransports/TCPServersTransport1/tls/serverName`</a> | `foobar` |
+| <a id="opt-traefiktcpserversTransportsTCPServersTransport1tlsspiffeids0" href="#opt-traefiktcpserversTransportsTCPServersTransport1tlsspiffeids0" title="#opt-traefiktcpserversTransportsTCPServersTransport1tlsspiffeids0">`traefik/tcp/serversTransports/TCPServersTransport1/tls/spiffe/ids/0`</a> | `foobar` |
+| <a id="opt-traefiktcpserversTransportsTCPServersTransport1tlsspiffeids1" href="#opt-traefiktcpserversTransportsTCPServersTransport1tlsspiffeids1" title="#opt-traefiktcpserversTransportsTCPServersTransport1tlsspiffeids1">`traefik/tcp/serversTransports/TCPServersTransport1/tls/spiffe/ids/1`</a> | `foobar` |
+| <a id="opt-traefiktcpserversTransportsTCPServersTransport1tlsspiffetrustDomain" href="#opt-traefiktcpserversTransportsTCPServersTransport1tlsspiffetrustDomain" title="#opt-traefiktcpserversTransportsTCPServersTransport1tlsspiffetrustDomain">`traefik/tcp/serversTransports/TCPServersTransport1/tls/spiffe/trustDomain`</a> | `foobar` |
+| <a id="opt-traefiktcpservicesTCPService01loadBalancerproxyProtocolversion" href="#opt-traefiktcpservicesTCPService01loadBalancerproxyProtocolversion" title="#opt-traefiktcpservicesTCPService01loadBalancerproxyProtocolversion">`traefik/tcp/services/TCPService01/loadBalancer/proxyProtocol/version`</a> | `42` |
+| <a id="opt-traefiktcpservicesTCPService01loadBalancerservers0address" href="#opt-traefiktcpservicesTCPService01loadBalancerservers0address" title="#opt-traefiktcpservicesTCPService01loadBalancerservers0address">`traefik/tcp/services/TCPService01/loadBalancer/servers/0/address`</a> | `foobar` |
+| <a id="opt-traefiktcpservicesTCPService01loadBalancerservers0tls" href="#opt-traefiktcpservicesTCPService01loadBalancerservers0tls" title="#opt-traefiktcpservicesTCPService01loadBalancerservers0tls">`traefik/tcp/services/TCPService01/loadBalancer/servers/0/tls`</a> | `true` |
+| <a id="opt-traefiktcpservicesTCPService01loadBalancerservers1address" href="#opt-traefiktcpservicesTCPService01loadBalancerservers1address" title="#opt-traefiktcpservicesTCPService01loadBalancerservers1address">`traefik/tcp/services/TCPService01/loadBalancer/servers/1/address`</a> | `foobar` |
+| <a id="opt-traefiktcpservicesTCPService01loadBalancerservers1tls" href="#opt-traefiktcpservicesTCPService01loadBalancerservers1tls" title="#opt-traefiktcpservicesTCPService01loadBalancerservers1tls">`traefik/tcp/services/TCPService01/loadBalancer/servers/1/tls`</a> | `true` |
+| <a id="opt-traefiktcpservicesTCPService01loadBalancerserversTransport" href="#opt-traefiktcpservicesTCPService01loadBalancerserversTransport" title="#opt-traefiktcpservicesTCPService01loadBalancerserversTransport">`traefik/tcp/services/TCPService01/loadBalancer/serversTransport`</a> | `foobar` |
+| <a id="opt-traefiktcpservicesTCPService01loadBalancerterminationDelay" href="#opt-traefiktcpservicesTCPService01loadBalancerterminationDelay" title="#opt-traefiktcpservicesTCPService01loadBalancerterminationDelay">`traefik/tcp/services/TCPService01/loadBalancer/terminationDelay`</a> | `42` |
+| <a id="opt-traefiktcpservicesTCPService02weightedservices0name" href="#opt-traefiktcpservicesTCPService02weightedservices0name" title="#opt-traefiktcpservicesTCPService02weightedservices0name">`traefik/tcp/services/TCPService02/weighted/services/0/name`</a> | `foobar` |
+| <a id="opt-traefiktcpservicesTCPService02weightedservices0weight" href="#opt-traefiktcpservicesTCPService02weightedservices0weight" title="#opt-traefiktcpservicesTCPService02weightedservices0weight">`traefik/tcp/services/TCPService02/weighted/services/0/weight`</a> | `42` |
+| <a id="opt-traefiktcpservicesTCPService02weightedservices1name" href="#opt-traefiktcpservicesTCPService02weightedservices1name" title="#opt-traefiktcpservicesTCPService02weightedservices1name">`traefik/tcp/services/TCPService02/weighted/services/1/name`</a> | `foobar` |
+| <a id="opt-traefiktcpservicesTCPService02weightedservices1weight" href="#opt-traefiktcpservicesTCPService02weightedservices1weight" title="#opt-traefiktcpservicesTCPService02weightedservices1weight">`traefik/tcp/services/TCPService02/weighted/services/1/weight`</a> | `42` |
+| <a id="opt-traefiktlscertificates0certFile" href="#opt-traefiktlscertificates0certFile" title="#opt-traefiktlscertificates0certFile">`traefik/tls/certificates/0/certFile`</a> | `foobar` |
+| <a id="opt-traefiktlscertificates0keyFile" href="#opt-traefiktlscertificates0keyFile" title="#opt-traefiktlscertificates0keyFile">`traefik/tls/certificates/0/keyFile`</a> | `foobar` |
+| <a id="opt-traefiktlscertificates0stores0" href="#opt-traefiktlscertificates0stores0" title="#opt-traefiktlscertificates0stores0">`traefik/tls/certificates/0/stores/0`</a> | `foobar` |
+| <a id="opt-traefiktlscertificates0stores1" href="#opt-traefiktlscertificates0stores1" title="#opt-traefiktlscertificates0stores1">`traefik/tls/certificates/0/stores/1`</a> | `foobar` |
+| <a id="opt-traefiktlscertificates1certFile" href="#opt-traefiktlscertificates1certFile" title="#opt-traefiktlscertificates1certFile">`traefik/tls/certificates/1/certFile`</a> | `foobar` |
+| <a id="opt-traefiktlscertificates1keyFile" href="#opt-traefiktlscertificates1keyFile" title="#opt-traefiktlscertificates1keyFile">`traefik/tls/certificates/1/keyFile`</a> | `foobar` |
+| <a id="opt-traefiktlscertificates1stores0" href="#opt-traefiktlscertificates1stores0" title="#opt-traefiktlscertificates1stores0">`traefik/tls/certificates/1/stores/0`</a> | `foobar` |
+| <a id="opt-traefiktlscertificates1stores1" href="#opt-traefiktlscertificates1stores1" title="#opt-traefiktlscertificates1stores1">`traefik/tls/certificates/1/stores/1`</a> | `foobar` |
+| <a id="opt-traefiktlsoptionsOptions0alpnProtocols0" href="#opt-traefiktlsoptionsOptions0alpnProtocols0" title="#opt-traefiktlsoptionsOptions0alpnProtocols0">`traefik/tls/options/Options0/alpnProtocols/0`</a> | `foobar` |
+| <a id="opt-traefiktlsoptionsOptions0alpnProtocols1" href="#opt-traefiktlsoptionsOptions0alpnProtocols1" title="#opt-traefiktlsoptionsOptions0alpnProtocols1">`traefik/tls/options/Options0/alpnProtocols/1`</a> | `foobar` |
+| <a id="opt-traefiktlsoptionsOptions0cipherSuites0" href="#opt-traefiktlsoptionsOptions0cipherSuites0" title="#opt-traefiktlsoptionsOptions0cipherSuites0">`traefik/tls/options/Options0/cipherSuites/0`</a> | `foobar` |
+| <a id="opt-traefiktlsoptionsOptions0cipherSuites1" href="#opt-traefiktlsoptionsOptions0cipherSuites1" title="#opt-traefiktlsoptionsOptions0cipherSuites1">`traefik/tls/options/Options0/cipherSuites/1`</a> | `foobar` |
+| <a id="opt-traefiktlsoptionsOptions0clientAuthcaFiles0" href="#opt-traefiktlsoptionsOptions0clientAuthcaFiles0" title="#opt-traefiktlsoptionsOptions0clientAuthcaFiles0">`traefik/tls/options/Options0/clientAuth/caFiles/0`</a> | `foobar` |
+| <a id="opt-traefiktlsoptionsOptions0clientAuthcaFiles1" href="#opt-traefiktlsoptionsOptions0clientAuthcaFiles1" title="#opt-traefiktlsoptionsOptions0clientAuthcaFiles1">`traefik/tls/options/Options0/clientAuth/caFiles/1`</a> | `foobar` |
+| <a id="opt-traefiktlsoptionsOptions0clientAuthclientAuthType" href="#opt-traefiktlsoptionsOptions0clientAuthclientAuthType" title="#opt-traefiktlsoptionsOptions0clientAuthclientAuthType">`traefik/tls/options/Options0/clientAuth/clientAuthType`</a> | `foobar` |
+| <a id="opt-traefiktlsoptionsOptions0curvePreferences0" href="#opt-traefiktlsoptionsOptions0curvePreferences0" title="#opt-traefiktlsoptionsOptions0curvePreferences0">`traefik/tls/options/Options0/curvePreferences/0`</a> | `foobar` |
+| <a id="opt-traefiktlsoptionsOptions0curvePreferences1" href="#opt-traefiktlsoptionsOptions0curvePreferences1" title="#opt-traefiktlsoptionsOptions0curvePreferences1">`traefik/tls/options/Options0/curvePreferences/1`</a> | `foobar` |
+| <a id="opt-traefiktlsoptionsOptions0disableSessionTickets" href="#opt-traefiktlsoptionsOptions0disableSessionTickets" title="#opt-traefiktlsoptionsOptions0disableSessionTickets">`traefik/tls/options/Options0/disableSessionTickets`</a> | `true` |
+| <a id="opt-traefiktlsoptionsOptions0maxVersion" href="#opt-traefiktlsoptionsOptions0maxVersion" title="#opt-traefiktlsoptionsOptions0maxVersion">`traefik/tls/options/Options0/maxVersion`</a> | `foobar` |
+| <a id="opt-traefiktlsoptionsOptions0minVersion" href="#opt-traefiktlsoptionsOptions0minVersion" title="#opt-traefiktlsoptionsOptions0minVersion">`traefik/tls/options/Options0/minVersion`</a> | `foobar` |
+| <a id="opt-traefiktlsoptionsOptions0preferServerCipherSuites" href="#opt-traefiktlsoptionsOptions0preferServerCipherSuites" title="#opt-traefiktlsoptionsOptions0preferServerCipherSuites">`traefik/tls/options/Options0/preferServerCipherSuites`</a> | `true` |
+| <a id="opt-traefiktlsoptionsOptions0sniStrict" href="#opt-traefiktlsoptionsOptions0sniStrict" title="#opt-traefiktlsoptionsOptions0sniStrict">`traefik/tls/options/Options0/sniStrict`</a> | `true` |
+| <a id="opt-traefiktlsoptionsOptions1alpnProtocols0" href="#opt-traefiktlsoptionsOptions1alpnProtocols0" title="#opt-traefiktlsoptionsOptions1alpnProtocols0">`traefik/tls/options/Options1/alpnProtocols/0`</a> | `foobar` |
+| <a id="opt-traefiktlsoptionsOptions1alpnProtocols1" href="#opt-traefiktlsoptionsOptions1alpnProtocols1" title="#opt-traefiktlsoptionsOptions1alpnProtocols1">`traefik/tls/options/Options1/alpnProtocols/1`</a> | `foobar` |
+| <a id="opt-traefiktlsoptionsOptions1cipherSuites0" href="#opt-traefiktlsoptionsOptions1cipherSuites0" title="#opt-traefiktlsoptionsOptions1cipherSuites0">`traefik/tls/options/Options1/cipherSuites/0`</a> | `foobar` |
+| <a id="opt-traefiktlsoptionsOptions1cipherSuites1" href="#opt-traefiktlsoptionsOptions1cipherSuites1" title="#opt-traefiktlsoptionsOptions1cipherSuites1">`traefik/tls/options/Options1/cipherSuites/1`</a> | `foobar` |
+| <a id="opt-traefiktlsoptionsOptions1clientAuthcaFiles0" href="#opt-traefiktlsoptionsOptions1clientAuthcaFiles0" title="#opt-traefiktlsoptionsOptions1clientAuthcaFiles0">`traefik/tls/options/Options1/clientAuth/caFiles/0`</a> | `foobar` |
+| <a id="opt-traefiktlsoptionsOptions1clientAuthcaFiles1" href="#opt-traefiktlsoptionsOptions1clientAuthcaFiles1" title="#opt-traefiktlsoptionsOptions1clientAuthcaFiles1">`traefik/tls/options/Options1/clientAuth/caFiles/1`</a> | `foobar` |
+| <a id="opt-traefiktlsoptionsOptions1clientAuthclientAuthType" href="#opt-traefiktlsoptionsOptions1clientAuthclientAuthType" title="#opt-traefiktlsoptionsOptions1clientAuthclientAuthType">`traefik/tls/options/Options1/clientAuth/clientAuthType`</a> | `foobar` |
+| <a id="opt-traefiktlsoptionsOptions1curvePreferences0" href="#opt-traefiktlsoptionsOptions1curvePreferences0" title="#opt-traefiktlsoptionsOptions1curvePreferences0">`traefik/tls/options/Options1/curvePreferences/0`</a> | `foobar` |
+| <a id="opt-traefiktlsoptionsOptions1curvePreferences1" href="#opt-traefiktlsoptionsOptions1curvePreferences1" title="#opt-traefiktlsoptionsOptions1curvePreferences1">`traefik/tls/options/Options1/curvePreferences/1`</a> | `foobar` |
+| <a id="opt-traefiktlsoptionsOptions1disableSessionTickets" href="#opt-traefiktlsoptionsOptions1disableSessionTickets" title="#opt-traefiktlsoptionsOptions1disableSessionTickets">`traefik/tls/options/Options1/disableSessionTickets`</a> | `true` |
+| <a id="opt-traefiktlsoptionsOptions1maxVersion" href="#opt-traefiktlsoptionsOptions1maxVersion" title="#opt-traefiktlsoptionsOptions1maxVersion">`traefik/tls/options/Options1/maxVersion`</a> | `foobar` |
+| <a id="opt-traefiktlsoptionsOptions1minVersion" href="#opt-traefiktlsoptionsOptions1minVersion" title="#opt-traefiktlsoptionsOptions1minVersion">`traefik/tls/options/Options1/minVersion`</a> | `foobar` |
+| <a id="opt-traefiktlsoptionsOptions1preferServerCipherSuites" href="#opt-traefiktlsoptionsOptions1preferServerCipherSuites" title="#opt-traefiktlsoptionsOptions1preferServerCipherSuites">`traefik/tls/options/Options1/preferServerCipherSuites`</a> | `true` |
+| <a id="opt-traefiktlsoptionsOptions1sniStrict" href="#opt-traefiktlsoptionsOptions1sniStrict" title="#opt-traefiktlsoptionsOptions1sniStrict">`traefik/tls/options/Options1/sniStrict`</a> | `true` |
+| <a id="opt-traefiktlsstoresStore0defaultCertificatecertFile" href="#opt-traefiktlsstoresStore0defaultCertificatecertFile" title="#opt-traefiktlsstoresStore0defaultCertificatecertFile">`traefik/tls/stores/Store0/defaultCertificate/certFile`</a> | `foobar` |
+| <a id="opt-traefiktlsstoresStore0defaultCertificatekeyFile" href="#opt-traefiktlsstoresStore0defaultCertificatekeyFile" title="#opt-traefiktlsstoresStore0defaultCertificatekeyFile">`traefik/tls/stores/Store0/defaultCertificate/keyFile`</a> | `foobar` |
+| <a id="opt-traefiktlsstoresStore0defaultGeneratedCertdomainmain" href="#opt-traefiktlsstoresStore0defaultGeneratedCertdomainmain" title="#opt-traefiktlsstoresStore0defaultGeneratedCertdomainmain">`traefik/tls/stores/Store0/defaultGeneratedCert/domain/main`</a> | `foobar` |
+| <a id="opt-traefiktlsstoresStore0defaultGeneratedCertdomainsans0" href="#opt-traefiktlsstoresStore0defaultGeneratedCertdomainsans0" title="#opt-traefiktlsstoresStore0defaultGeneratedCertdomainsans0">`traefik/tls/stores/Store0/defaultGeneratedCert/domain/sans/0`</a> | `foobar` |
+| <a id="opt-traefiktlsstoresStore0defaultGeneratedCertdomainsans1" href="#opt-traefiktlsstoresStore0defaultGeneratedCertdomainsans1" title="#opt-traefiktlsstoresStore0defaultGeneratedCertdomainsans1">`traefik/tls/stores/Store0/defaultGeneratedCert/domain/sans/1`</a> | `foobar` |
+| <a id="opt-traefiktlsstoresStore0defaultGeneratedCertresolver" href="#opt-traefiktlsstoresStore0defaultGeneratedCertresolver" title="#opt-traefiktlsstoresStore0defaultGeneratedCertresolver">`traefik/tls/stores/Store0/defaultGeneratedCert/resolver`</a> | `foobar` |
+| <a id="opt-traefiktlsstoresStore1defaultCertificatecertFile" href="#opt-traefiktlsstoresStore1defaultCertificatecertFile" title="#opt-traefiktlsstoresStore1defaultCertificatecertFile">`traefik/tls/stores/Store1/defaultCertificate/certFile`</a> | `foobar` |
+| <a id="opt-traefiktlsstoresStore1defaultCertificatekeyFile" href="#opt-traefiktlsstoresStore1defaultCertificatekeyFile" title="#opt-traefiktlsstoresStore1defaultCertificatekeyFile">`traefik/tls/stores/Store1/defaultCertificate/keyFile`</a> | `foobar` |
+| <a id="opt-traefiktlsstoresStore1defaultGeneratedCertdomainmain" href="#opt-traefiktlsstoresStore1defaultGeneratedCertdomainmain" title="#opt-traefiktlsstoresStore1defaultGeneratedCertdomainmain">`traefik/tls/stores/Store1/defaultGeneratedCert/domain/main`</a> | `foobar` |
+| <a id="opt-traefiktlsstoresStore1defaultGeneratedCertdomainsans0" href="#opt-traefiktlsstoresStore1defaultGeneratedCertdomainsans0" title="#opt-traefiktlsstoresStore1defaultGeneratedCertdomainsans0">`traefik/tls/stores/Store1/defaultGeneratedCert/domain/sans/0`</a> | `foobar` |
+| <a id="opt-traefiktlsstoresStore1defaultGeneratedCertdomainsans1" href="#opt-traefiktlsstoresStore1defaultGeneratedCertdomainsans1" title="#opt-traefiktlsstoresStore1defaultGeneratedCertdomainsans1">`traefik/tls/stores/Store1/defaultGeneratedCert/domain/sans/1`</a> | `foobar` |
+| <a id="opt-traefiktlsstoresStore1defaultGeneratedCertresolver" href="#opt-traefiktlsstoresStore1defaultGeneratedCertresolver" title="#opt-traefiktlsstoresStore1defaultGeneratedCertresolver">`traefik/tls/stores/Store1/defaultGeneratedCert/resolver`</a> | `foobar` |
+| <a id="opt-traefikudproutersUDPRouter0entryPoints0" href="#opt-traefikudproutersUDPRouter0entryPoints0" title="#opt-traefikudproutersUDPRouter0entryPoints0">`traefik/udp/routers/UDPRouter0/entryPoints/0`</a> | `foobar` |
+| <a id="opt-traefikudproutersUDPRouter0entryPoints1" href="#opt-traefikudproutersUDPRouter0entryPoints1" title="#opt-traefikudproutersUDPRouter0entryPoints1">`traefik/udp/routers/UDPRouter0/entryPoints/1`</a> | `foobar` |
+| <a id="opt-traefikudproutersUDPRouter0service" href="#opt-traefikudproutersUDPRouter0service" title="#opt-traefikudproutersUDPRouter0service">`traefik/udp/routers/UDPRouter0/service`</a> | `foobar` |
+| <a id="opt-traefikudproutersUDPRouter1entryPoints0" href="#opt-traefikudproutersUDPRouter1entryPoints0" title="#opt-traefikudproutersUDPRouter1entryPoints0">`traefik/udp/routers/UDPRouter1/entryPoints/0`</a> | `foobar` |
+| <a id="opt-traefikudproutersUDPRouter1entryPoints1" href="#opt-traefikudproutersUDPRouter1entryPoints1" title="#opt-traefikudproutersUDPRouter1entryPoints1">`traefik/udp/routers/UDPRouter1/entryPoints/1`</a> | `foobar` |
+| <a id="opt-traefikudproutersUDPRouter1service" href="#opt-traefikudproutersUDPRouter1service" title="#opt-traefikudproutersUDPRouter1service">`traefik/udp/routers/UDPRouter1/service`</a> | `foobar` |
+| <a id="opt-traefikudpservicesUDPService01loadBalancerservers0address" href="#opt-traefikudpservicesUDPService01loadBalancerservers0address" title="#opt-traefikudpservicesUDPService01loadBalancerservers0address">`traefik/udp/services/UDPService01/loadBalancer/servers/0/address`</a> | `foobar` |
+| <a id="opt-traefikudpservicesUDPService01loadBalancerservers1address" href="#opt-traefikudpservicesUDPService01loadBalancerservers1address" title="#opt-traefikudpservicesUDPService01loadBalancerservers1address">`traefik/udp/services/UDPService01/loadBalancer/servers/1/address`</a> | `foobar` |
+| <a id="opt-traefikudpservicesUDPService02weightedservices0name" href="#opt-traefikudpservicesUDPService02weightedservices0name" title="#opt-traefikudpservicesUDPService02weightedservices0name">`traefik/udp/services/UDPService02/weighted/services/0/name`</a> | `foobar` |
+| <a id="opt-traefikudpservicesUDPService02weightedservices0weight" href="#opt-traefikudpservicesUDPService02weightedservices0weight" title="#opt-traefikudpservicesUDPService02weightedservices0weight">`traefik/udp/services/UDPService02/weighted/services/0/weight`</a> | `42` |
+| <a id="opt-traefikudpservicesUDPService02weightedservices1name" href="#opt-traefikudpservicesUDPService02weightedservices1name" title="#opt-traefikudpservicesUDPService02weightedservices1name">`traefik/udp/services/UDPService02/weighted/services/1/name`</a> | `foobar` |
+| <a id="opt-traefikudpservicesUDPService02weightedservices1weight" href="#opt-traefikudpservicesUDPService02weightedservices1weight" title="#opt-traefikudpservicesUDPService02weightedservices1weight">`traefik/udp/services/UDPService02/weighted/services/1/weight`</a> | `42` |
--- a/docs/content/reference/dynamic-configuration/traefik.io_ingressroutes.yaml
+++ b/docs/content/reference/dynamic-configuration/traefik.io_ingressroutes.yaml
@@ -43,7 +43,7 @@ spec:
                description: |-
                  EntryPoints defines the list of entry point names to bind to.
                  Entry points have to be configured in the static configuration.
-                  More info: https://doc.traefik.io/traefik/v3.5/routing/entrypoints/
+                  More info: https://doc.traefik.io/traefik/v3.5/reference/install-configuration/entrypoints/
                  Default: all.
                items:
                  type: string
@@ -64,12 +64,12 @@ spec:
                    match:
                      description: |-
                        Match defines the router's rule.
-                        More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#rule
+                        More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/routing/rules-and-priority/
                      type: string
                    middlewares:
                      description: |-
                        Middlewares defines the list of references to Middleware resources.
-                        More info: https://doc.traefik.io/traefik/v3.5/routing/providers/kubernetes-crd/#kind-middleware
+                        More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/kubernetes/crd/http/middleware/
                      items:
                        description: MiddlewareRef is a reference to a Middleware
                          resource.
@@ -89,7 +89,7 @@ spec:
                    observability:
                      description: |-
                        Observability defines the observability configuration for a router.
-                        More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#observability
+                        More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/routing/observability/
                      properties:
                        accessLogs:
                          description: AccessLogs enables access logs for this router.
@@ -112,7 +112,7 @@ spec:
                    priority:
                      description: |-
                        Priority defines the router's priority.
-                        More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#priority
+                        More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/routing/rules-and-priority/#priority
                      maximum: 9223372036854775000
                      type: integer
                    services:
@@ -263,7 +263,7 @@ spec:
                          sticky:
                            description: |-
                              Sticky defines the sticky sessions configuration.
-                              More info: https://doc.traefik.io/traefik/v3.5/routing/services/#sticky-sessions
+                              More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/load-balancing/service/#sticky-sessions
                            properties:
                              cookie:
                                description: Cookie defines the sticky cookie configuration.
@@ -332,7 +332,7 @@ spec:
                    syntax:
                      description: |-
                        Syntax defines the router's rule syntax.
-                        More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#rulesyntax
+                        More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/routing/rules-and-priority/#rulesyntax
                        Deprecated: Please do not use this field and rewrite the router rules to use the v3 syntax.
                      type: string
                  required:
@@ -342,18 +342,18 @@ spec:
              tls:
                description: |-
                  TLS defines the TLS configuration.
-                  More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#tls
+                  More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/routing/router/#tls
                properties:
                  certResolver:
                    description: |-
                      CertResolver defines the name of the certificate resolver to use.
                      Cert resolvers have to be configured in the static configuration.
-                      More info: https://doc.traefik.io/traefik/v3.5/https/acme/#certificate-resolvers
+                      More info: https://doc.traefik.io/traefik/v3.5/reference/install-configuration/tls/certificate-resolvers/acme/
                    type: string
                  domains:
                    description: |-
                      Domains defines the list of domains that will be used to issue certificates.
-                      More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#domains
+                      More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/tls/tls-certificates/#domains
                    items:
                      description: Domain holds a domain name with SANs.
                      properties:
@@ -372,17 +372,17 @@ spec:
                    description: |-
                      Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.
                      If not defined, the `default` TLSOption is used.
-                      More info: https://doc.traefik.io/traefik/v3.5/https/tls/#tls-options
+                      More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/tls/tls-options/
                    properties:
                      name:
                        description: |-
                          Name defines the name of the referenced TLSOption.
-                          More info: https://doc.traefik.io/traefik/v3.5/routing/providers/kubernetes-crd/#kind-tlsoption
+                          More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/kubernetes/crd/http/tlsoption/
                        type: string
                      namespace:
                        description: |-
                          Namespace defines the namespace of the referenced TLSOption.
-                          More info: https://doc.traefik.io/traefik/v3.5/routing/providers/kubernetes-crd/#kind-tlsoption
+                          More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/kubernetes/crd/http/tlsoption/
                        type: string
                    required:
                    - name
@@ -399,12 +399,12 @@ spec:
                      name:
                        description: |-
                          Name defines the name of the referenced TLSStore.
-                          More info: https://doc.traefik.io/traefik/v3.5/routing/providers/kubernetes-crd/#kind-tlsstore
+                          More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/kubernetes/crd/http/tlsstore/
                        type: string
                      namespace:
                        description: |-
                          Namespace defines the namespace of the referenced TLSStore.
-                          More info: https://doc.traefik.io/traefik/v3.5/routing/providers/kubernetes-crd/#kind-tlsstore
+                          More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/kubernetes/crd/http/tlsstore/
                        type: string
                    required:
                    - name
--- a/docs/content/reference/dynamic-configuration/traefik.io_ingressroutetcps.yaml
+++ b/docs/content/reference/dynamic-configuration/traefik.io_ingressroutetcps.yaml
@@ -43,7 +43,7 @@ spec:
                description: |-
                  EntryPoints defines the list of entry point names to bind to.
                  Entry points have to be configured in the static configuration.
-                  More info: https://doc.traefik.io/traefik/v3.5/routing/entrypoints/
+                  More info: https://doc.traefik.io/traefik/v3.5/reference/install-configuration/entrypoints/
                  Default: all.
                items:
                  type: string
@@ -56,7 +56,7 @@ spec:
                    match:
                      description: |-
                        Match defines the router's rule.
-                        More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#rule_1
+                        More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/tcp/routing/rules-and-priority/
                      type: string
                    middlewares:
                      description: Middlewares defines the list of references to MiddlewareTCP
@@ -80,7 +80,7 @@ spec:
                    priority:
                      description: |-
                        Priority defines the router's priority.
-                        More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#priority_1
+                        More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/tcp/routing/rules-and-priority/#priority
                      maximum: 9223372036854775000
                      type: integer
                    services:
@@ -122,7 +122,7 @@ spec:
                          proxyProtocol:
                            description: |-
                              ProxyProtocol defines the PROXY protocol configuration.
-                              More info: https://doc.traefik.io/traefik/v3.5/routing/services/#proxy-protocol
+                              More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/tcp/service/#proxy-protocol
                              Deprecated: ProxyProtocol will not be supported in future APIVersions, please use ServersTransport to configure ProxyProtocol instead.
                            properties:
                              version:
@@ -164,7 +164,7 @@ spec:
                    syntax:
                      description: |-
                        Syntax defines the router's rule syntax.
-                        More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#rulesyntax_1
+                        More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/tcp/routing/rules-and-priority/#rulesyntax
                        Deprecated: Please do not use this field and rewrite the router rules to use the v3 syntax.
                      enum:
                      - v3
@@ -177,18 +177,18 @@ spec:
              tls:
                description: |-
                  TLS defines the TLS configuration on a layer 4 / TCP Route.
-                  More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#tls_1
+                  More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/tcp/routing/router/#tls
                properties:
                  certResolver:
                    description: |-
                      CertResolver defines the name of the certificate resolver to use.
                      Cert resolvers have to be configured in the static configuration.
-                      More info: https://doc.traefik.io/traefik/v3.5/https/acme/#certificate-resolvers
+                      More info: https://doc.traefik.io/traefik/v3.5/reference/install-configuration/tls/certificate-resolvers/acme/
                    type: string
                  domains:
                    description: |-
                      Domains defines the list of domains that will be used to issue certificates.
-                      More info: https://doc.traefik.io/traefik/v3.5/routing/routers/#domains
+                      More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/tcp/tls/#domains
                    items:
                      description: Domain holds a domain name with SANs.
                      properties:
@@ -207,7 +207,7 @@ spec:
                    description: |-
                      Options defines the reference to a TLSOption, that specifies the parameters of the TLS connection.
                      If not defined, the `default` TLSOption is used.
-                      More info: https://doc.traefik.io/traefik/v3.5/https/tls/#tls-options
+                      More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/tcp/tls/#tls-options
                    properties:
                      name:
                        description: Name defines the name of the referenced Traefik
--- a/docs/content/reference/dynamic-configuration/traefik.io_ingressrouteudps.yaml
+++ b/docs/content/reference/dynamic-configuration/traefik.io_ingressrouteudps.yaml
@@ -43,7 +43,7 @@ spec:
                description: |-
                  EntryPoints defines the list of entry point names to bind to.
                  Entry points have to be configured in the static configuration.
-                  More info: https://doc.traefik.io/traefik/v3.5/routing/entrypoints/
+                  More info: https://doc.traefik.io/traefik/v3.5/reference/install-configuration/entrypoints/
                  Default: all.
                items:
                  type: string
--- a/docs/content/reference/dynamic-configuration/traefik.io_middlewares.yaml
+++ b/docs/content/reference/dynamic-configuration/traefik.io_middlewares.yaml
@@ -19,7 +19,7 @@ spec:
      openAPIV3Schema:
        description: |-
          Middleware is the CRD implementation of a Traefik Middleware.
-          More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/overview/
+          More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/overview/
        properties:
          apiVersion:
            description: |-
@@ -60,12 +60,12 @@ spec:
                description: |-
                  BasicAuth holds the basic auth middleware configuration.
                  This middleware restricts access to your services to known users.
-                  More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/basicauth/
+                  More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/basicauth/
                properties:
                  headerField:
                    description: |-
                      HeaderField defines a header field to store the authenticated user.
-                      More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/basicauth/#headerfield
+                      More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/basicauth/#headerfield
                    type: string
                  realm:
                    description: |-
@@ -125,7 +125,7 @@ spec:
                description: |-
                  Chain holds the configuration of the chain middleware.
                  This middleware enables to define reusable combinations of other pieces of middleware.
-                  More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/chain/
+                  More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/chain/
                properties:
                  middlewares:
                    description: Middlewares is the list of MiddlewareRef which composes
@@ -188,7 +188,7 @@ spec:
                description: |-
                  Compress holds the compress middleware configuration.
                  This middleware compresses responses before sending them to the client, using gzip, brotli, or zstd compression.
-                  More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/compress/
+                  More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/compress/
                properties:
                  defaultEncoding:
                    description: DefaultEncoding specifies the default encoding if
@@ -238,12 +238,12 @@ spec:
                description: |-
                  DigestAuth holds the digest auth middleware configuration.
                  This middleware restricts access to your services to known users.
-                  More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/digestauth/
+                  More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/digestauth/
                properties:
                  headerField:
                    description: |-
                      HeaderField defines a header field to store the authenticated user.
-                      More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/basicauth/#headerfield
+                      More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/digestauth/#headerfield
                    type: string
                  realm:
                    description: |-
@@ -263,7 +263,7 @@ spec:
                description: |-
                  ErrorPage holds the custom error middleware configuration.
                  This middleware returns a custom page in lieu of the default, according to configured ranges of HTTP Status codes.
-                  More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/errorpages/
+                  More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/errorpages/
                properties:
                  query:
                    description: |-
@@ -275,7 +275,7 @@ spec:
                  service:
                    description: |-
                      Service defines the reference to a Kubernetes Service that will serve the error page.
-                      More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/errorpages/#service
+                      More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/errorpages/#service
                    properties:
                      healthCheck:
                        description: Healthcheck defines health checks for ExternalName
@@ -417,7 +417,7 @@ spec:
                      sticky:
                        description: |-
                          Sticky defines the sticky sessions configuration.
-                          More info: https://doc.traefik.io/traefik/v3.5/routing/services/#sticky-sessions
+                          More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/load-balancing/service/#sticky-sessions
                        properties:
                          cookie:
                            description: Cookie defines the sticky cookie configuration.
@@ -504,7 +504,7 @@ spec:
                description: |-
                  ForwardAuth holds the forward auth middleware configuration.
                  This middleware delegates the request authentication to a Service.
-                  More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/forwardauth/
+                  More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/forwardauth/
                properties:
                  addAuthCookiesToResponse:
                    description: AddAuthCookiesToResponse defines the list of cookies
@@ -532,7 +532,7 @@ spec:
                  authResponseHeadersRegex:
                    description: |-
                      AuthResponseHeadersRegex defines the regex to match headers to copy from the authentication server response and set on forwarded request, after stripping all headers that match the regex.
-                      More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/forwardauth/#authresponseheadersregex
+                      More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/forwardauth/#authresponseheadersregex
                    type: string
                  forwardBody:
                    description: ForwardBody defines whether to send the request body
@@ -541,7 +541,7 @@ spec:
                  headerField:
                    description: |-
                      HeaderField defines a header field to store the authenticated user.
-                      More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/forwardauth/#headerfield
+                      More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/forwardauth/#headerfield
                    type: string
                  maxBodySize:
                    description: MaxBodySize defines the maximum body size in bytes
@@ -1007,13 +1007,13 @@ spec:
                  x-kubernetes-preserve-unknown-fields: true
                description: |-
                  Plugin defines the middleware plugin configuration.
-                  More info: https://doc.traefik.io/traefik/plugins/
+                  More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/overview/#community-middlewares
                type: object
              rateLimit:
                description: |-
                  RateLimit holds the rate limit configuration.
                  This middleware ensures that services will receive a fair amount of requests, and allows one to define what fair is.
-                  More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/ratelimit/
+                  More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/ratelimit/
                properties:
                  average:
                    description: |-
@@ -1231,7 +1231,7 @@ spec:
                  Retry holds the retry middleware configuration.
                  This middleware reissues requests a given number of times to a backend server if that server does not reply.
                  As soon as the server answers, the middleware stops retrying, regardless of the response status.
-                  More info: https://doc.traefik.io/traefik/v3.5/middlewares/http/retry/
+                  More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/middlewares/retry/
                properties:
                  attempts:
                    description: Attempts defines how many times the request should
--- a/docs/content/reference/dynamic-configuration/traefik.io_middlewaretcps.yaml
+++ b/docs/content/reference/dynamic-configuration/traefik.io_middlewaretcps.yaml
@@ -19,7 +19,7 @@ spec:
      openAPIV3Schema:
        description: |-
          MiddlewareTCP is the CRD implementation of a Traefik TCP middleware.
-          More info: https://doc.traefik.io/traefik/v3.5/middlewares/overview/
+          More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/tcp/middlewares/overview/
        properties:
          apiVersion:
            description: |-
@@ -56,7 +56,7 @@ spec:
                description: |-
                  IPAllowList defines the IPAllowList middleware configuration.
                  This middleware accepts/refuses connections based on the client IP.
-                  More info: https://doc.traefik.io/traefik/v3.5/middlewares/tcp/ipallowlist/
+                  More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/tcp/middlewares/ipallowlist/
                properties:
                  sourceRange:
                    description: SourceRange defines the allowed IPs (or ranges of
@@ -70,7 +70,7 @@ spec:
                  IPWhiteList defines the IPWhiteList middleware configuration.
                  This middleware accepts/refuses connections based on the client IP.
                  Deprecated: please use IPAllowList instead.
-                  More info: https://doc.traefik.io/traefik/v3.5/middlewares/tcp/ipwhitelist/
+                  More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/tcp/middlewares/ipwhitelist/
                properties:
                  sourceRange:
                    description: SourceRange defines the allowed IPs (or ranges of
--- a/docs/content/reference/dynamic-configuration/traefik.io_serverstransports.yaml
+++ b/docs/content/reference/dynamic-configuration/traefik.io_serverstransports.yaml
@@ -21,7 +21,7 @@ spec:
          ServersTransport is the CRD implementation of a ServersTransport.
          If no serversTransport is specified, the default@internal will be used.
          The default@internal serversTransport is created from the static configuration.
-          More info: https://doc.traefik.io/traefik/v3.5/routing/services/#serverstransport_1
+          More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/load-balancing/serverstransport/
        properties:
          apiVersion:
            description: |-
@@ -107,7 +107,7 @@ spec:
              maxIdleConnsPerHost:
                description: MaxIdleConnsPerHost controls the maximum idle (keep-alive)
                  to keep per-host.
-                minimum: 0
+                minimum: -1
                type: integer
              peerCertURI:
                description: PeerCertURI defines the peer cert URI used to match against
--- a/docs/content/reference/dynamic-configuration/traefik.io_serverstransporttcps.yaml
+++ b/docs/content/reference/dynamic-configuration/traefik.io_serverstransporttcps.yaml
@@ -21,7 +21,7 @@ spec:
          ServersTransportTCP is the CRD implementation of a TCPServersTransport.
          If no tcpServersTransport is specified, a default one named default@internal will be used.
          The default@internal tcpServersTransport can be configured in the static configuration.
-          More info: https://doc.traefik.io/traefik/v3.5/routing/services/#serverstransport_3
+          More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/tcp/serverstransport/
        properties:
          apiVersion:
            description: |-
--- a/docs/content/reference/dynamic-configuration/traefik.io_tlsoptions.yaml
+++ b/docs/content/reference/dynamic-configuration/traefik.io_tlsoptions.yaml
@@ -19,7 +19,7 @@ spec:
      openAPIV3Schema:
        description: |-
          TLSOption is the CRD implementation of a Traefik TLS Option, allowing to configure some parameters of the TLS connection.
-          More info: https://doc.traefik.io/traefik/v3.5/https/tls/#tls-options
+          More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/tls/tls-certificates/#certificates-stores#tls-options
        properties:
          apiVersion:
            description: |-
@@ -44,14 +44,14 @@ spec:
              alpnProtocols:
                description: |-
                  ALPNProtocols defines the list of supported application level protocols for the TLS handshake, in order of preference.
-                  More info: https://doc.traefik.io/traefik/v3.5/https/tls/#alpn-protocols
+                  More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/tls/tls-certificates/#certificates-stores#alpn-protocols
                items:
                  type: string
                type: array
              cipherSuites:
                description: |-
                  CipherSuites defines the list of supported cipher suites for TLS versions up to TLS 1.2.
-                  More info: https://doc.traefik.io/traefik/v3.5/https/tls/#cipher-suites
+                  More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/tls/tls-certificates/#certificates-stores#cipher-suites
                items:
                  type: string
                type: array
@@ -79,7 +79,7 @@ spec:
              curvePreferences:
                description: |-
                  CurvePreferences defines the preferred elliptic curves.
-                  More info: https://doc.traefik.io/traefik/v3.5/https/tls/#curve-preferences
+                  More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/tls/tls-certificates/#certificates-stores#curve-preferences
                items:
                  type: string
                type: array
--- a/docs/content/reference/dynamic-configuration/traefik.io_tlsstores.yaml
+++ b/docs/content/reference/dynamic-configuration/traefik.io_tlsstores.yaml
@@ -21,7 +21,7 @@ spec:
          TLSStore is the CRD implementation of a Traefik TLS Store.
          For the time being, only the TLSStore named default is supported.
          This means that you cannot have two stores that are named default in different Kubernetes namespaces.
-          More info: https://doc.traefik.io/traefik/v3.5/https/tls/#certificates-stores
+          More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/tls/tls-certificates/#certificates-stores#certificates-stores
        properties:
          apiVersion:
            description: |-
--- a/docs/content/reference/dynamic-configuration/traefik.io_traefikservices.yaml
+++ b/docs/content/reference/dynamic-configuration/traefik.io_traefikservices.yaml
@@ -22,7 +22,7 @@ spec:
          TraefikService object allows to:
          - Apply weight to Services on load-balancing
          - Mirror traffic on services
-          More info: https://doc.traefik.io/traefik/v3.5/routing/providers/kubernetes-crd/#kind-traefikservice
+          More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/kubernetes/crd/http/traefikservice/
        properties:
          apiVersion:
            description: |-
@@ -286,7 +286,7 @@ spec:
                        sticky:
                          description: |-
                            Sticky defines the sticky sessions configuration.
-                            More info: https://doc.traefik.io/traefik/v3.5/routing/services/#sticky-sessions
+                            More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/load-balancing/service/#sticky-sessions
                          properties:
                            cookie:
                              description: Cookie defines the sticky cookie configuration.
@@ -414,7 +414,7 @@ spec:
                  sticky:
                    description: |-
                      Sticky defines the sticky sessions configuration.
-                      More info: https://doc.traefik.io/traefik/v3.5/routing/services/#sticky-sessions
+                      More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/load-balancing/service/#sticky-sessions
                    properties:
                      cookie:
                        description: Cookie defines the sticky cookie configuration.
@@ -627,7 +627,7 @@ spec:
                        sticky:
                          description: |-
                            Sticky defines the sticky sessions configuration.
-                            More info: https://doc.traefik.io/traefik/v3.5/routing/services/#sticky-sessions
+                            More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/http/load-balancing/service/#sticky-sessions
                          properties:
                            cookie:
                              description: Cookie defines the sticky cookie configuration.
@@ -695,7 +695,7 @@ spec:
                  sticky:
                    description: |-
                      Sticky defines whether sticky sessions are enabled.
-                      More info: https://doc.traefik.io/traefik/v3.5/routing/providers/kubernetes-crd/#stickiness-and-load-balancing
+                      More info: https://doc.traefik.io/traefik/v3.5/reference/routing-configuration/kubernetes/crd/http/traefikservice/#stickiness-and-load-balancing
                    properties:
                      cookie:
                        description: Cookie defines the sticky cookie configuration.
--- a/docs/content/reference/install-configuration/api-dashboard.md
+++ b/docs/content/reference/install-configuration/api-dashboard.md
@@ -155,11 +155,12 @@ enabing the dashboard [here](https://github.com/traefik/traefik-helm-chart/blob/

 | Field      | Description  | Default | Required |
 |:-----------|:---------------------------------|:--------|:---------|
-| `api` | Enable api/dashboard. When set to `true`, its sub option `api.dashboard` is also set to true.| false     | No      |
-| `api.dashboard` | Enable dashboard. | false      | No      |
-| `api.debug` | Enable additional endpoints for debugging and profiling. | false      | No      |
-| `api.disabledashboardad` | Disable the advertisement from the dashboard. | false      | No      |
-| `api.insecure` | Enable the API and the dashboard on the entryPoint named traefik.| false      | No      |
+| <a id="opt-api" href="#opt-api" title="#opt-api">`api`</a> | Enable api/dashboard. When set to `true`, its sub option `api.dashboard` is also set to true.| false     | No      |
+| <a id="opt-api-basepath" href="#opt-api-basepath" title="#opt-api-basepath">api.basepath</a> | Defines the base path where the API and Dashboard will be exposed. | / | No |
+| <a id="opt-api-dashboard" href="#opt-api-dashboard" title="#opt-api-dashboard">`api.dashboard`</a> | Enable dashboard. | false      | No      |
+| <a id="opt-api-debug" href="#opt-api-debug" title="#opt-api-debug">`api.debug`</a> | Enable additional endpoints for debugging and profiling. | false      | No      |
+| <a id="opt-api-disabledashboardad" href="#opt-api-disabledashboardad" title="#opt-api-disabledashboardad">`api.disabledashboardad`</a> | Disable the advertisement from the dashboard. | false      | No      |
+| <a id="opt-api-insecure" href="#opt-api-insecure" title="#opt-api-insecure">`api.insecure`</a> | Enable the API and the dashboard on the entryPoint named traefik.| false      | No      |

 ## Endpoints

@@ -167,37 +168,42 @@ All the following endpoints must be accessed with a `GET` HTTP request.

 | Path                           | Description                                                                                 |
 |--------------------------------|---------------------------------------------------------------------------------------------|
-| `/api/http/routers`            | Lists all the HTTP routers information.                                                     |
-| `/api/http/routers/{name}`     | Returns the information of the HTTP router specified by `name`.                             |
-| `/api/http/services`           | Lists all the HTTP services information.                                                    |
-| `/api/http/services/{name}`    | Returns the information of the HTTP service specified by `name`.                            |
-| `/api/http/middlewares`        | Lists all the HTTP middlewares information.                                                 |
-| `/api/http/middlewares/{name}` | Returns the information of the HTTP middleware specified by `name`.                         |
-| `/api/tcp/routers`             | Lists all the TCP routers information.                                                      |
-| `/api/tcp/routers/{name}`      | Returns the information of the TCP router specified by `name`.                              |
-| `/api/tcp/services`            | Lists all the TCP services information.                                                     |
-| `/api/tcp/services/{name}`     | Returns the information of the TCP service specified by `name`.                             |
-| `/api/tcp/middlewares`         | Lists all the TCP middlewares information.                                                  |
-| `/api/tcp/middlewares/{name}`  | Returns the information of the TCP middleware specified by `name`.                          |
-| `/api/udp/routers`             | Lists all the UDP routers information.                                                      |
-| `/api/udp/routers/{name}`      | Returns the information of the UDP router specified by `name`.                              |
-| `/api/udp/services`            | Lists all the UDP services information.                                                     |
-| `/api/udp/services/{name}`     | Returns the information of the UDP service specified by `name`.                             |
-| `/api/entrypoints`             | Lists all the entry points information.                                                     |
-| `/api/entrypoints/{name}`      | Returns the information of the entry point specified by `name`.                             |
-| `/api/overview`                | Returns statistic information about HTTP, TCP and about enabled features and providers. |
-| `/api/rawdata`                 | Returns information about dynamic configurations, errors, status and dependency relations.  |
-| `/api/version`                 | Returns information about Traefik version.                                                  |
-| `/debug/vars`                  | See the [expvar](https://golang.org/pkg/expvar/) Go documentation.                          |
-| `/debug/pprof/`                | See the [pprof Index](https://golang.org/pkg/net/http/pprof/#Index) Go documentation.       |
-| `/debug/pprof/cmdline`         | See the [pprof Cmdline](https://golang.org/pkg/net/http/pprof/#Cmdline) Go documentation.   |
-| `/debug/pprof/profile`         | See the [pprof Profile](https://golang.org/pkg/net/http/pprof/#Profile) Go documentation.   |
-| `/debug/pprof/symbol`          | See the [pprof Symbol](https://golang.org/pkg/net/http/pprof/#Symbol) Go documentation.     |
-| `/debug/pprof/trace`           | See the [pprof Trace](https://golang.org/pkg/net/http/pprof/#Trace) Go documentation.       |
+| <a id="opt-apihttprouters" href="#opt-apihttprouters" title="#opt-apihttprouters">`/api/http/routers`</a> | Lists all the HTTP routers information.                                                     |
+| <a id="opt-apihttproutersname" href="#opt-apihttproutersname" title="#opt-apihttproutersname">`/api/http/routers/{name}`</a> | Returns the information of the HTTP router specified by `name`.                             |
+| <a id="opt-apihttpservices" href="#opt-apihttpservices" title="#opt-apihttpservices">`/api/http/services`</a> | Lists all the HTTP services information.                                                    |
+| <a id="opt-apihttpservicesname" href="#opt-apihttpservicesname" title="#opt-apihttpservicesname">`/api/http/services/{name}`</a> | Returns the information of the HTTP service specified by `name`.                            |
+| <a id="opt-apihttpmiddlewares" href="#opt-apihttpmiddlewares" title="#opt-apihttpmiddlewares">`/api/http/middlewares`</a> | Lists all the HTTP middlewares information.                                                 |
+| <a id="opt-apihttpmiddlewaresname" href="#opt-apihttpmiddlewaresname" title="#opt-apihttpmiddlewaresname">`/api/http/middlewares/{name}`</a> | Returns the information of the HTTP middleware specified by `name`.                         |
+| <a id="opt-apitcprouters" href="#opt-apitcprouters" title="#opt-apitcprouters">`/api/tcp/routers`</a> | Lists all the TCP routers information.                                                      |
+| <a id="opt-apitcproutersname" href="#opt-apitcproutersname" title="#opt-apitcproutersname">`/api/tcp/routers/{name}`</a> | Returns the information of the TCP router specified by `name`.                              |
+| <a id="opt-apitcpservices" href="#opt-apitcpservices" title="#opt-apitcpservices">`/api/tcp/services`</a> | Lists all the TCP services information.                                                     |
+| <a id="opt-apitcpservicesname" href="#opt-apitcpservicesname" title="#opt-apitcpservicesname">`/api/tcp/services/{name}`</a> | Returns the information of the TCP service specified by `name`.                             |
+| <a id="opt-apitcpmiddlewares" href="#opt-apitcpmiddlewares" title="#opt-apitcpmiddlewares">`/api/tcp/middlewares`</a> | Lists all the TCP middlewares information.                                                  |
+| <a id="opt-apitcpmiddlewaresname" href="#opt-apitcpmiddlewaresname" title="#opt-apitcpmiddlewaresname">`/api/tcp/middlewares/{name}`</a> | Returns the information of the TCP middleware specified by `name`.                          |
+| <a id="opt-apiudprouters" href="#opt-apiudprouters" title="#opt-apiudprouters">`/api/udp/routers`</a> | Lists all the UDP routers information.                                                      |
+| <a id="opt-apiudproutersname" href="#opt-apiudproutersname" title="#opt-apiudproutersname">`/api/udp/routers/{name}`</a> | Returns the information of the UDP router specified by `name`.                              |
+| <a id="opt-apiudpservices" href="#opt-apiudpservices" title="#opt-apiudpservices">`/api/udp/services`</a> | Lists all the UDP services information.                                                     |
+| <a id="opt-apiudpservicesname" href="#opt-apiudpservicesname" title="#opt-apiudpservicesname">`/api/udp/services/{name}`</a> | Returns the information of the UDP service specified by `name`.                             |
+| <a id="opt-apientrypoints" href="#opt-apientrypoints" title="#opt-apientrypoints">`/api/entrypoints`</a> | Lists all the entry points information.                                                     |
+| <a id="opt-apientrypointsname" href="#opt-apientrypointsname" title="#opt-apientrypointsname">`/api/entrypoints/{name}`</a> | Returns the information of the entry point specified by `name`.                             |
+| <a id="opt-apioverview" href="#opt-apioverview" title="#opt-apioverview">`/api/overview`</a> | Returns statistic information about HTTP, TCP and about enabled features and providers. |
+| <a id="opt-apirawdata" href="#opt-apirawdata" title="#opt-apirawdata">`/api/rawdata`</a> | Returns information about dynamic configurations, errors, status and dependency relations.  |
+| <a id="opt-apiversion" href="#opt-apiversion" title="#opt-apiversion">`/api/version`</a> | Returns information about Traefik version.                                                  |
+| <a id="opt-debugvars" href="#opt-debugvars" title="#opt-debugvars">`/debug/vars`</a> | See the [expvar](https://golang.org/pkg/expvar/) Go documentation.                          |
+| <a id="opt-debugpprof" href="#opt-debugpprof" title="#opt-debugpprof">`/debug/pprof/`</a> | See the [pprof Index](https://golang.org/pkg/net/http/pprof/#Index) Go documentation.       |
+| <a id="opt-debugpprofcmdline" href="#opt-debugpprofcmdline" title="#opt-debugpprofcmdline">`/debug/pprof/cmdline`</a> | See the [pprof Cmdline](https://golang.org/pkg/net/http/pprof/#Cmdline) Go documentation.   |
+| <a id="opt-debugpprofprofile" href="#opt-debugpprofprofile" title="#opt-debugpprofprofile">`/debug/pprof/profile`</a> | See the [pprof Profile](https://golang.org/pkg/net/http/pprof/#Profile) Go documentation.   |
+| <a id="opt-debugpprofsymbol" href="#opt-debugpprofsymbol" title="#opt-debugpprofsymbol">`/debug/pprof/symbol`</a> | See the [pprof Symbol](https://golang.org/pkg/net/http/pprof/#Symbol) Go documentation.     |
+| <a id="opt-debugpproftrace" href="#opt-debugpproftrace" title="#opt-debugpproftrace">`/debug/pprof/trace`</a> | See the [pprof Trace](https://golang.org/pkg/net/http/pprof/#Trace) Go documentation.       |
+
+
+!!! note "Base Path Configuration"
+
+    By default, Traefik exposes its API and Dashboard under the `/` base path. It's possible to configure it with `api.basepath`. When configured, all endpoints (api, dashboard, debug) are using it.

 ## Dashboard

-The dashboard is available at the same location as the [API](../../operations/api.md), but by default on the path  `/dashboard/`.
+The dashboard is available at the same location as the API, but by default on the path  `/dashboard/`.

 !!! note

--- a/docs/content/reference/install-configuration/configuration-options.md
+++ b/docs/content/reference/install-configuration/configuration-options.md
@@ -7,475 +7,476 @@ THIS FILE MUST NOT BE EDITED BY HAND

 | Field | Description | Default | 
 |:-------|:------------|:-------|
-| accesslog | Access log settings. | false |
-| accesslog.addinternals | Enables access log for internal services (ping, dashboard, etc...). | false |
-| accesslog.bufferingsize | Number of access log lines to process in a buffered way. | 0 |
-| accesslog.fields.defaultmode | Default mode for fields: keep | drop | keep |
-| accesslog.fields.headers.defaultmode | Default mode for fields: keep | drop | redact | drop |
-| accesslog.fields.headers.names._name_ | Override mode for headers | |
-| accesslog.fields.names._name_ | Override mode for fields | |
-| accesslog.filepath | Access log file path. Stdout is used when omitted or empty. | |
-| accesslog.filters.minduration | Keep access logs when request took longer than the specified duration. | 0 |
-| accesslog.filters.retryattempts | Keep access logs when at least one retry happened. | false |
-| accesslog.filters.statuscodes | Keep access logs with status codes in the specified range. | |
-| accesslog.format | Access log format: json, common, or genericCLF | common |
-| accesslog.otlp | Settings for OpenTelemetry. | false |
-| accesslog.otlp.grpc | gRPC configuration for the OpenTelemetry collector. | false |
-| accesslog.otlp.grpc.endpoint | Sets the gRPC endpoint (host:port) of the collector. | localhost:4317 |
-| accesslog.otlp.grpc.headers._name_ | Headers sent with payload. | |
-| accesslog.otlp.grpc.insecure | Disables client transport security for the exporter. | false |
-| accesslog.otlp.grpc.tls.ca | TLS CA | |
-| accesslog.otlp.grpc.tls.cert | TLS cert | |
-| accesslog.otlp.grpc.tls.insecureskipverify | TLS insecure skip verify | false |
-| accesslog.otlp.grpc.tls.key | TLS key | |
-| accesslog.otlp.http | HTTP configuration for the OpenTelemetry collector. | false |
-| accesslog.otlp.http.endpoint | Sets the HTTP endpoint (scheme://host:port/path) of the collector. | https://localhost:4318 |
-| accesslog.otlp.http.headers._name_ | Headers sent with payload. | |
-| accesslog.otlp.http.tls.ca | TLS CA | |
-| accesslog.otlp.http.tls.cert | TLS cert | |
-| accesslog.otlp.http.tls.insecureskipverify | TLS insecure skip verify | false |
-| accesslog.otlp.http.tls.key | TLS key | |
-| accesslog.otlp.resourceattributes._name_ | Defines additional resource attributes (key:value). | |
-| accesslog.otlp.servicename | Defines the service name resource attribute. | traefik |
-| api | Enable api/dashboard. | false |
-| api.basepath | Defines the base path where the API and Dashboard will be exposed. | / |
-| api.dashboard | Activate dashboard. | true |
-| api.debug | Enable additional endpoints for debugging and profiling. | false |
-| api.disabledashboardad | Disable ad in the dashboard. | false |
-| api.insecure | Activate API directly on the entryPoint named traefik. | false |
-| certificatesresolvers._name_ | Certificates resolvers configuration. | false |
-| certificatesresolvers._name_.acme.cacertificates | Specify the paths to PEM encoded CA Certificates that can be used to authenticate an ACME server with an HTTPS certificate not issued by a CA in the system-wide trusted root list. | |
-| certificatesresolvers._name_.acme.caserver | CA server to use. | https://acme-v02.api.letsencrypt.org/directory |
-| certificatesresolvers._name_.acme.caservername | Specify the CA server name that can be used to authenticate an ACME server with an HTTPS certificate not issued by a CA in the system-wide trusted root list. | |
-| certificatesresolvers._name_.acme.casystemcertpool | Define if the certificates pool must use a copy of the system cert pool. | false |
-| certificatesresolvers._name_.acme.certificatesduration | Certificates' duration in hours. | 2160 |
-| certificatesresolvers._name_.acme.clientresponseheadertimeout | Timeout for receiving the response headers when communicating with the ACME server. | 30 |
-| certificatesresolvers._name_.acme.clienttimeout | Timeout for a complete HTTP transaction with the ACME server. | 120 |
-| certificatesresolvers._name_.acme.dnschallenge | Activate DNS-01 Challenge. | false |
-| certificatesresolvers._name_.acme.dnschallenge.delaybeforecheck | (Deprecated) Assume DNS propagates after a delay in seconds rather than finding and querying nameservers. | 0 |
-| certificatesresolvers._name_.acme.dnschallenge.disablepropagationcheck | (Deprecated) Disable the DNS propagation checks before notifying ACME that the DNS challenge is ready. [not recommended] | false |
-| certificatesresolvers._name_.acme.dnschallenge.propagation | DNS propagation checks configuration | false |
-| certificatesresolvers._name_.acme.dnschallenge.propagation.delaybeforechecks | Defines the delay before checking the challenge TXT record propagation. | 0 |
-| certificatesresolvers._name_.acme.dnschallenge.propagation.disableanschecks | Disables the challenge TXT record propagation checks against authoritative nameservers. | false |
-| certificatesresolvers._name_.acme.dnschallenge.propagation.disablechecks | Disables the challenge TXT record propagation checks (not recommended). | false |
-| certificatesresolvers._name_.acme.dnschallenge.propagation.requireallrns | Requires the challenge TXT record to be propagated to all recursive nameservers. | false |
-| certificatesresolvers._name_.acme.dnschallenge.provider | Use a DNS-01 based challenge provider rather than HTTPS. | |
-| certificatesresolvers._name_.acme.dnschallenge.resolvers | Use following DNS servers to resolve the FQDN authority. | |
-| certificatesresolvers._name_.acme.eab.hmacencoded | Base64 encoded HMAC key from External CA. | |
-| certificatesresolvers._name_.acme.eab.kid | Key identifier from External CA. | |
-| certificatesresolvers._name_.acme.email | Email address used for registration. | |
-| certificatesresolvers._name_.acme.emailaddresses | CSR email addresses to use. | |
-| certificatesresolvers._name_.acme.httpchallenge | Activate HTTP-01 Challenge. | false |
-| certificatesresolvers._name_.acme.httpchallenge.delay | Delay between the creation of the challenge and the validation. | 0 |
-| certificatesresolvers._name_.acme.httpchallenge.entrypoint | HTTP challenge EntryPoint | |
-| certificatesresolvers._name_.acme.keytype | KeyType used for generating certificate private key. Allow value 'EC256', 'EC384', 'RSA2048', 'RSA4096', 'RSA8192'. | RSA4096 |
-| certificatesresolvers._name_.acme.preferredchain | Preferred chain to use. | |
-| certificatesresolvers._name_.acme.profile | Certificate profile to use. | |
-| certificatesresolvers._name_.acme.storage | Storage to use. | acme.json |
-| certificatesresolvers._name_.acme.tlschallenge | Activate TLS-ALPN-01 Challenge. | true |
-| certificatesresolvers._name_.tailscale | Enables Tailscale certificate resolution. | true |
-| core.defaultrulesyntax | Defines the rule parser default syntax (v2 or v3) | v3 |
-| entrypoints._name_ | Entry points definition. | false |
-| entrypoints._name_.address | Entry point address. | |
-| entrypoints._name_.allowacmebypass | Enables handling of ACME TLS and HTTP challenges with custom routers. | false |
-| entrypoints._name_.asdefault | Adds this EntryPoint to the list of default EntryPoints to be used on routers that don't have any Entrypoint defined. | false |
-| entrypoints._name_.forwardedheaders.connection | List of Connection headers that are allowed to pass through the middleware chain before being removed. | |
-| entrypoints._name_.forwardedheaders.insecure | Trust all forwarded headers. | false |
-| entrypoints._name_.forwardedheaders.trustedips | Trust only forwarded headers from selected IPs. | |
-| entrypoints._name_.http | HTTP configuration. | |
-| entrypoints._name_.http.encodequerysemicolons | Defines whether request query semicolons should be URLEncoded. | false |
-| entrypoints._name_.http.maxheaderbytes | Maximum size of request headers in bytes. | 1048576 |
-| entrypoints._name_.http.middlewares | Default middlewares for the routers linked to the entry point. | |
-| entrypoints._name_.http.redirections.entrypoint.permanent | Applies a permanent redirection. | true |
-| entrypoints._name_.http.redirections.entrypoint.priority | Priority of the generated router. | 9223372036854775806 |
-| entrypoints._name_.http.redirections.entrypoint.scheme | Scheme used for the redirection. | https |
-| entrypoints._name_.http.redirections.entrypoint.to | Targeted entry point of the redirection. | |
-| entrypoints._name_.http.sanitizepath | Defines whether to enable request path sanitization (removal of /./, /../ and multiple slash sequences). | true |
-| entrypoints._name_.http.tls | Default TLS configuration for the routers linked to the entry point. | false |
-| entrypoints._name_.http.tls.certresolver | Default certificate resolver for the routers linked to the entry point. | |
-| entrypoints._name_.http.tls.domains | Default TLS domains for the routers linked to the entry point. | |
-| entrypoints._name_.http.tls.domains[0].main | Default subject name. | |
-| entrypoints._name_.http.tls.domains[0].sans | Subject alternative names. | |
-| entrypoints._name_.http.tls.options | Default TLS options for the routers linked to the entry point. | |
-| entrypoints._name_.http2.maxconcurrentstreams | Specifies the number of concurrent streams per connection that each client is allowed to initiate. | 250 |
-| entrypoints._name_.http3 | HTTP/3 configuration. | false |
-| entrypoints._name_.http3.advertisedport | UDP port to advertise, on which HTTP/3 is available. | 0 |
-| entrypoints._name_.observability.accesslogs | Enables access-logs for this entryPoint. | true |
-| entrypoints._name_.observability.metrics | Enables metrics for this entryPoint. | true |
-| entrypoints._name_.observability.traceverbosity | Defines the tracing verbosity level for this entryPoint. | minimal |
-| entrypoints._name_.observability.tracing | Enables tracing for this entryPoint. | true |
-| entrypoints._name_.proxyprotocol | Proxy-Protocol configuration. | false |
-| entrypoints._name_.proxyprotocol.insecure | Trust all. | false |
-| entrypoints._name_.proxyprotocol.trustedips | Trust only selected IPs. | |
-| entrypoints._name_.reuseport | Enables EntryPoints from the same or different processes listening on the same TCP/UDP port. | false |
-| entrypoints._name_.transport.keepalivemaxrequests | Maximum number of requests before closing a keep-alive connection. | 0 |
-| entrypoints._name_.transport.keepalivemaxtime | Maximum duration before closing a keep-alive connection. | 0 |
-| entrypoints._name_.transport.lifecycle.gracetimeout | Duration to give active requests a chance to finish before Traefik stops. | 10 |
-| entrypoints._name_.transport.lifecycle.requestacceptgracetimeout | Duration to keep accepting requests before Traefik initiates the graceful shutdown procedure. | 0 |
-| entrypoints._name_.transport.respondingtimeouts.idletimeout | IdleTimeout is the maximum amount duration an idle (keep-alive) connection will remain idle before closing itself. If zero, no timeout is set. | 180 |
-| entrypoints._name_.transport.respondingtimeouts.readtimeout | ReadTimeout is the maximum duration for reading the entire request, including the body. If zero, no timeout is set. | 60 |
-| entrypoints._name_.transport.respondingtimeouts.writetimeout | WriteTimeout is the maximum duration before timing out writes of the response. If zero, no timeout is set. | 0 |
-| entrypoints._name_.udp.timeout | Timeout defines how long to wait on an idle session before releasing the related resources. | 3 |
-| experimental.abortonpluginfailure | Defines whether all plugins must be loaded successfully for Traefik to start. | false |
-| experimental.fastproxy | Enables the FastProxy implementation. | false |
-| experimental.fastproxy.debug | Enable debug mode for the FastProxy implementation. | false |
-| experimental.kubernetesgateway | (Deprecated) Allow the Kubernetes gateway api provider usage. | false |
-| experimental.kubernetesingressnginx | Allow the Kubernetes Ingress NGINX provider usage. | false |
-| experimental.localplugins._name_ | Local plugins configuration. | false |
-| experimental.localplugins._name_.modulename | Plugin's module name. | |
-| experimental.localplugins._name_.settings | Plugin's settings (works only for wasm plugins). | |
-| experimental.localplugins._name_.settings.envs | Environment variables to forward to the wasm guest. | |
-| experimental.localplugins._name_.settings.mounts | Directory to mount to the wasm guest. | |
-| experimental.localplugins._name_.settings.useunsafe | Allow the plugin to use unsafe package. | false |
-| experimental.otlplogs | Enables the OpenTelemetry logs integration. | false |
-| experimental.plugins._name_.modulename | plugin's module name. | |
-| experimental.plugins._name_.settings | Plugin's settings (works only for wasm plugins). | |
-| experimental.plugins._name_.settings.envs | Environment variables to forward to the wasm guest. | |
-| experimental.plugins._name_.settings.mounts | Directory to mount to the wasm guest. | |
-| experimental.plugins._name_.settings.useunsafe | Allow the plugin to use unsafe package. | false |
-| experimental.plugins._name_.version | plugin's version. | |
-| global.checknewversion | Periodically check if a new version has been released. | true |
-| global.sendanonymoususage | Periodically send anonymous usage statistics. If the option is not specified, it will be disabled by default. | false |
-| hostresolver | Enable CNAME Flattening. | false |
-| hostresolver.cnameflattening | A flag to enable/disable CNAME flattening | false |
-| hostresolver.resolvconfig | resolv.conf used for DNS resolving | /etc/resolv.conf |
-| hostresolver.resolvdepth | The maximal depth of DNS recursive resolving | 5 |
-| log | Traefik log settings. | false |
-| log.compress | Determines if the rotated log files should be compressed using gzip. | false |
-| log.filepath | Traefik log file path. Stdout is used when omitted or empty. | |
-| log.format | Traefik log format: json | common | common |
-| log.level | Log level set to traefik logs. | ERROR |
-| log.maxage | Maximum number of days to retain old log files based on the timestamp encoded in their filename. | 0 |
-| log.maxbackups | Maximum number of old log files to retain. | 0 |
-| log.maxsize | Maximum size in megabytes of the log file before it gets rotated. | 0 |
-| log.nocolor | When using the 'common' format, disables the colorized output. | false |
-| log.otlp | Settings for OpenTelemetry. | false |
-| log.otlp.grpc | gRPC configuration for the OpenTelemetry collector. | false |
-| log.otlp.grpc.endpoint | Sets the gRPC endpoint (host:port) of the collector. | localhost:4317 |
-| log.otlp.grpc.headers._name_ | Headers sent with payload. | |
-| log.otlp.grpc.insecure | Disables client transport security for the exporter. | false |
-| log.otlp.grpc.tls.ca | TLS CA | |
-| log.otlp.grpc.tls.cert | TLS cert | |
-| log.otlp.grpc.tls.insecureskipverify | TLS insecure skip verify | false |
-| log.otlp.grpc.tls.key | TLS key | |
-| log.otlp.http | HTTP configuration for the OpenTelemetry collector. | false |
-| log.otlp.http.endpoint | Sets the HTTP endpoint (scheme://host:port/path) of the collector. | https://localhost:4318 |
-| log.otlp.http.headers._name_ | Headers sent with payload. | |
-| log.otlp.http.tls.ca | TLS CA | |
-| log.otlp.http.tls.cert | TLS cert | |
-| log.otlp.http.tls.insecureskipverify | TLS insecure skip verify | false |
-| log.otlp.http.tls.key | TLS key | |
-| log.otlp.resourceattributes._name_ | Defines additional resource attributes (key:value). | |
-| log.otlp.servicename | Defines the service name resource attribute. | traefik |
-| metrics.addinternals | Enables metrics for internal services (ping, dashboard, etc...). | false |
-| metrics.datadog | Datadog metrics exporter type. | false |
-| metrics.datadog.addentrypointslabels | Enable metrics on entry points. | true |
-| metrics.datadog.address | Datadog's address. | localhost:8125 |
-| metrics.datadog.addrouterslabels | Enable metrics on routers. | false |
-| metrics.datadog.addserviceslabels | Enable metrics on services. | true |
-| metrics.datadog.prefix | Prefix to use for metrics collection. | traefik |
-| metrics.datadog.pushinterval | Datadog push interval. | 10 |
-| metrics.influxdb2 | InfluxDB v2 metrics exporter type. | false |
-| metrics.influxdb2.addentrypointslabels | Enable metrics on entry points. | true |
-| metrics.influxdb2.additionallabels._name_ | Additional labels (influxdb tags) on all metrics | |
-| metrics.influxdb2.address | InfluxDB v2 address. | http://localhost:8086 |
-| metrics.influxdb2.addrouterslabels | Enable metrics on routers. | false |
-| metrics.influxdb2.addserviceslabels | Enable metrics on services. | true |
-| metrics.influxdb2.bucket | InfluxDB v2 bucket ID. | |
-| metrics.influxdb2.org | InfluxDB v2 org ID. | |
-| metrics.influxdb2.pushinterval | InfluxDB v2 push interval. | 10 |
-| metrics.influxdb2.token | InfluxDB v2 access token. | |
-| metrics.otlp | OpenTelemetry metrics exporter type. | false |
-| metrics.otlp.addentrypointslabels | Enable metrics on entry points. | true |
-| metrics.otlp.addrouterslabels | Enable metrics on routers. | false |
-| metrics.otlp.addserviceslabels | Enable metrics on services. | true |
-| metrics.otlp.explicitboundaries | Boundaries for latency metrics. | 0.005000, 0.010000, 0.025000, 0.050000, 0.075000, 0.100000, 0.250000, 0.500000, 0.750000, 1.000000, 2.500000, 5.000000, 7.500000, 10.000000 |
-| metrics.otlp.grpc | gRPC configuration for the OpenTelemetry collector. | false |
-| metrics.otlp.grpc.endpoint | Sets the gRPC endpoint (host:port) of the collector. | localhost:4317 |
-| metrics.otlp.grpc.headers._name_ | Headers sent with payload. | |
-| metrics.otlp.grpc.insecure | Disables client transport security for the exporter. | false |
-| metrics.otlp.grpc.tls.ca | TLS CA | |
-| metrics.otlp.grpc.tls.cert | TLS cert | |
-| metrics.otlp.grpc.tls.insecureskipverify | TLS insecure skip verify | false |
-| metrics.otlp.grpc.tls.key | TLS key | |
-| metrics.otlp.http | HTTP configuration for the OpenTelemetry collector. | false |
-| metrics.otlp.http.endpoint | Sets the HTTP endpoint (scheme://host:port/path) of the collector. | https://localhost:4318 |
-| metrics.otlp.http.headers._name_ | Headers sent with payload. | |
-| metrics.otlp.http.tls.ca | TLS CA | |
-| metrics.otlp.http.tls.cert | TLS cert | |
-| metrics.otlp.http.tls.insecureskipverify | TLS insecure skip verify | false |
-| metrics.otlp.http.tls.key | TLS key | |
-| metrics.otlp.pushinterval | Period between calls to collect a checkpoint. | 10 |
-| metrics.otlp.resourceattributes._name_ | Defines additional resource attributes (key:value). | |
-| metrics.otlp.servicename | Defines the service name resource attribute. | traefik |
-| metrics.prometheus | Prometheus metrics exporter type. | false |
-| metrics.prometheus.addentrypointslabels | Enable metrics on entry points. | true |
-| metrics.prometheus.addrouterslabels | Enable metrics on routers. | false |
-| metrics.prometheus.addserviceslabels | Enable metrics on services. | true |
-| metrics.prometheus.buckets | Buckets for latency metrics. | 0.100000, 0.300000, 1.200000, 5.000000 |
-| metrics.prometheus.entrypoint | EntryPoint | traefik |
-| metrics.prometheus.headerlabels._name_ | Defines the extra labels for the requests_total metrics, and for each of them, the request header containing the value for this label. | |
-| metrics.prometheus.manualrouting | Manual routing | false |
-| metrics.statsd | StatsD metrics exporter type. | false |
-| metrics.statsd.addentrypointslabels | Enable metrics on entry points. | true |
-| metrics.statsd.address | StatsD address. | localhost:8125 |
-| metrics.statsd.addrouterslabels | Enable metrics on routers. | false |
-| metrics.statsd.addserviceslabels | Enable metrics on services. | true |
-| metrics.statsd.prefix | Prefix to use for metrics collection. | traefik |
-| metrics.statsd.pushinterval | StatsD push interval. | 10 |
-| ocsp | OCSP configuration. | false |
-| ocsp.responderoverrides._name_ | Defines a map of OCSP responders to replace for querying OCSP servers. | |
-| ping | Enable ping. | false |
-| ping.entrypoint | EntryPoint | traefik |
-| ping.manualrouting | Manual routing | false |
-| ping.terminatingstatuscode | Terminating status code | 503 |
-| providers.consul | Enable Consul backend with default settings. | false |
-| providers.consul.endpoints | KV store endpoints. | 127.0.0.1:8500 |
-| providers.consul.namespaces | Sets the namespaces used to discover the configuration (Consul Enterprise only). | |
-| providers.consul.rootkey | Root key used for KV store. | traefik |
-| providers.consul.tls.ca | TLS CA | |
-| providers.consul.tls.cert | TLS cert | |
-| providers.consul.tls.insecureskipverify | TLS insecure skip verify | false |
-| providers.consul.tls.key | TLS key | |
-| providers.consul.token | Per-request ACL token. | |
-| providers.consulcatalog | Enable ConsulCatalog backend with default settings. | false |
-| providers.consulcatalog.cache | Use local agent caching for catalog reads. | false |
-| providers.consulcatalog.connectaware | Enable Consul Connect support. | false |
-| providers.consulcatalog.connectbydefault | Consider every service as Connect capable by default. | false |
-| providers.consulcatalog.constraints | Constraints is an expression that Traefik matches against the container's labels to determine whether to create any route for that container. | |
-| providers.consulcatalog.defaultrule | Default rule. | Host(`{{ normalize .Name }}`) |
-| providers.consulcatalog.endpoint.address | The address of the Consul server | |
-| providers.consulcatalog.endpoint.datacenter | Data center to use. If not provided, the default agent data center is used | |
-| providers.consulcatalog.endpoint.endpointwaittime | WaitTime limits how long a Watch will block. If not provided, the agent default values will be used | 0 |
-| providers.consulcatalog.endpoint.httpauth.password | Basic Auth password | |
-| providers.consulcatalog.endpoint.httpauth.username | Basic Auth username | |
-| providers.consulcatalog.endpoint.scheme | The URI scheme for the Consul server | |
-| providers.consulcatalog.endpoint.tls.ca | TLS CA | |
-| providers.consulcatalog.endpoint.tls.cert | TLS cert | |
-| providers.consulcatalog.endpoint.tls.insecureskipverify | TLS insecure skip verify | false |
-| providers.consulcatalog.endpoint.tls.key | TLS key | |
-| providers.consulcatalog.endpoint.token | Token is used to provide a per-request ACL token which overrides the agent's default token | |
-| providers.consulcatalog.exposedbydefault | Expose containers by default. | true |
-| providers.consulcatalog.namespaces | Sets the namespaces used to discover services (Consul Enterprise only). | |
-| providers.consulcatalog.prefix | Prefix for consul service tags. | traefik |
-| providers.consulcatalog.refreshinterval | Interval for check Consul API. | 15 |
-| providers.consulcatalog.requireconsistent | Forces the read to be fully consistent. | false |
-| providers.consulcatalog.servicename | Name of the Traefik service in Consul Catalog (needs to be registered via the orchestrator or manually). | traefik |
-| providers.consulcatalog.stale | Use stale consistency for catalog reads. | false |
-| providers.consulcatalog.strictchecks | A list of service health statuses to allow taking traffic. | passing, warning |
-| providers.consulcatalog.watch | Watch Consul API events. | false |
-| providers.docker | Enable Docker backend with default settings. | false |
-| providers.docker.allowemptyservices | Disregards the Docker containers health checks with respect to the creation or removal of the corresponding services. | false |
-| providers.docker.constraints | Constraints is an expression that Traefik matches against the container's labels to determine whether to create any route for that container. | |
-| providers.docker.defaultrule | Default rule. | Host(`{{ normalize .Name }}`) |
-| providers.docker.endpoint | Docker server endpoint. Can be a TCP or a Unix socket endpoint. | unix:///var/run/docker.sock |
-| providers.docker.exposedbydefault | Expose containers by default. | true |
-| providers.docker.httpclienttimeout | Client timeout for HTTP connections. | 0 |
-| providers.docker.network | Default Docker network used. | |
-| providers.docker.password | Password for Basic HTTP authentication. | |
-| providers.docker.tls.ca | TLS CA | |
-| providers.docker.tls.cert | TLS cert | |
-| providers.docker.tls.insecureskipverify | TLS insecure skip verify | false |
-| providers.docker.tls.key | TLS key | |
-| providers.docker.usebindportip | Use the ip address from the bound port, rather than from the inner network. | false |
-| providers.docker.username | Username for Basic HTTP authentication. | |
-| providers.docker.watch | Watch Docker events. | true |
-| providers.ecs | Enable AWS ECS backend with default settings. | false |
-| providers.ecs.accesskeyid | AWS credentials access key ID to use for making requests. | |
-| providers.ecs.autodiscoverclusters | Auto discover cluster. | false |
-| providers.ecs.clusters | ECS Cluster names. | default |
-| providers.ecs.constraints | Constraints is an expression that Traefik matches against the container's labels to determine whether to create any route for that container. | |
-| providers.ecs.defaultrule | Default rule. | Host(`{{ normalize .Name }}`) |
-| providers.ecs.ecsanywhere | Enable ECS Anywhere support. | false |
-| providers.ecs.exposedbydefault | Expose services by default. | true |
-| providers.ecs.healthytasksonly | Determines whether to discover only healthy tasks. | false |
-| providers.ecs.refreshseconds | Polling interval (in seconds). | 15 |
-| providers.ecs.region | AWS region to use for requests. | |
-| providers.ecs.secretaccesskey | AWS credentials access key to use for making requests. | |
-| providers.etcd | Enable Etcd backend with default settings. | false |
-| providers.etcd.endpoints | KV store endpoints. | 127.0.0.1:2379 |
-| providers.etcd.password | Password for authentication. | |
-| providers.etcd.rootkey | Root key used for KV store. | traefik |
-| providers.etcd.tls.ca | TLS CA | |
-| providers.etcd.tls.cert | TLS cert | |
-| providers.etcd.tls.insecureskipverify | TLS insecure skip verify | false |
-| providers.etcd.tls.key | TLS key | |
-| providers.etcd.username | Username for authentication. | |
-| providers.file.debugloggeneratedtemplate | Enable debug logging of generated configuration template. | false |
-| providers.file.directory | Load dynamic configuration from one or more .yml or .toml files in a directory. | |
-| providers.file.filename | Load dynamic configuration from a file. | |
-| providers.file.watch | Watch provider. | true |
-| providers.http | Enable HTTP backend with default settings. | false |
-| providers.http.endpoint | Load configuration from this endpoint. | |
-| providers.http.headers._name_ | Define custom headers to be sent to the endpoint. | |
-| providers.http.pollinterval | Polling interval for endpoint. | 5 |
-| providers.http.polltimeout | Polling timeout for endpoint. | 5 |
-| providers.http.tls.ca | TLS CA | |
-| providers.http.tls.cert | TLS cert | |
-| providers.http.tls.insecureskipverify | TLS insecure skip verify | false |
-| providers.http.tls.key | TLS key | |
-| providers.kubernetescrd | Enable Kubernetes backend with default settings. | false |
-| providers.kubernetescrd.allowcrossnamespace | Allow cross namespace resource reference. | false |
-| providers.kubernetescrd.allowemptyservices | Allow the creation of services without endpoints. | false |
-| providers.kubernetescrd.allowexternalnameservices | Allow ExternalName services. | false |
-| providers.kubernetescrd.certauthfilepath | Kubernetes certificate authority file path (not needed for in-cluster client). | |
-| providers.kubernetescrd.disableclusterscoperesources | Disables the lookup of cluster scope resources (incompatible with IngressClasses and NodePortLB enabled services). | false |
-| providers.kubernetescrd.endpoint | Kubernetes server endpoint (required for external cluster client). | |
-| providers.kubernetescrd.ingressclass | Value of kubernetes.io/ingress.class annotation to watch for. | |
-| providers.kubernetescrd.labelselector | Kubernetes label selector to use. | |
-| providers.kubernetescrd.namespaces | Kubernetes namespaces. | |
-| providers.kubernetescrd.nativelbbydefault | Defines whether to use Native Kubernetes load-balancing mode by default. | false |
-| providers.kubernetescrd.throttleduration | Ingress refresh throttle duration | 0 |
-| providers.kubernetescrd.token | Kubernetes bearer token (not needed for in-cluster client). It accepts either a token value or a file path to the token. | |
-| providers.kubernetesgateway | Enable Kubernetes gateway api provider with default settings. | false |
-| providers.kubernetesgateway.certauthfilepath | Kubernetes certificate authority file path (not needed for in-cluster client). | |
-| providers.kubernetesgateway.endpoint | Kubernetes server endpoint (required for external cluster client). | |
-| providers.kubernetesgateway.experimentalchannel | Toggles Experimental Channel resources support (TCPRoute, TLSRoute...). | false |
-| providers.kubernetesgateway.labelselector | Kubernetes label selector to select specific GatewayClasses. | |
-| providers.kubernetesgateway.namespaces | Kubernetes namespaces. | |
-| providers.kubernetesgateway.nativelbbydefault | Defines whether to use Native Kubernetes load-balancing by default. | false |
-| providers.kubernetesgateway.statusaddress.hostname | Hostname used for Kubernetes Gateway status address. | |
-| providers.kubernetesgateway.statusaddress.ip | IP used to set Kubernetes Gateway status address. | |
-| providers.kubernetesgateway.statusaddress.service | Published Kubernetes Service to copy status addresses from. | |
-| providers.kubernetesgateway.statusaddress.service.name | Name of the Kubernetes service. | |
-| providers.kubernetesgateway.statusaddress.service.namespace | Namespace of the Kubernetes service. | |
-| providers.kubernetesgateway.throttleduration | Kubernetes refresh throttle duration | 0 |
-| providers.kubernetesgateway.token | Kubernetes bearer token (not needed for in-cluster client). It accepts either a token value or a file path to the token. | |
-| providers.kubernetesingress | Enable Kubernetes backend with default settings. | false |
-| providers.kubernetesingress.allowemptyservices | Allow creation of services without endpoints. | false |
-| providers.kubernetesingress.allowexternalnameservices | Allow ExternalName services. | false |
-| providers.kubernetesingress.certauthfilepath | Kubernetes certificate authority file path (not needed for in-cluster client). | |
-| providers.kubernetesingress.disableclusterscoperesources | Disables the lookup of cluster scope resources (incompatible with IngressClasses and NodePortLB enabled services). | false |
-| providers.kubernetesingress.disableingressclasslookup | Disables the lookup of IngressClasses (Deprecated, please use DisableClusterScopeResources). | false |
-| providers.kubernetesingress.endpoint | Kubernetes server endpoint (required for external cluster client). | |
-| providers.kubernetesingress.ingressclass | Value of kubernetes.io/ingress.class annotation or IngressClass name to watch for. | |
-| providers.kubernetesingress.ingressendpoint.hostname | Hostname used for Kubernetes Ingress endpoints. | |
-| providers.kubernetesingress.ingressendpoint.ip | IP used for Kubernetes Ingress endpoints. | |
-| providers.kubernetesingress.ingressendpoint.publishedservice | Published Kubernetes Service to copy status from. | |
-| providers.kubernetesingress.labelselector | Kubernetes Ingress label selector to use. | |
-| providers.kubernetesingress.namespaces | Kubernetes namespaces. | |
-| providers.kubernetesingress.nativelbbydefault | Defines whether to use Native Kubernetes load-balancing mode by default. | false |
-| providers.kubernetesingress.strictprefixmatching | Make prefix matching strictly comply with the Kubernetes Ingress specification (path-element-wise matching instead of character-by-character string matching). | false |
-| providers.kubernetesingress.throttleduration | Ingress refresh throttle duration | 0 |
-| providers.kubernetesingress.token | Kubernetes bearer token (not needed for in-cluster client). It accepts either a token value or a file path to the token. | |
-| providers.kubernetesingressnginx | Enable Kubernetes Ingress NGINX provider. | false |
-| providers.kubernetesingressnginx.certauthfilepath | Kubernetes certificate authority file path (not needed for in-cluster client). | |
-| providers.kubernetesingressnginx.controllerclass | Ingress Class Controller value this controller satisfies. | k8s.io/ingress-nginx |
-| providers.kubernetesingressnginx.defaultbackendservice | Service used to serve HTTP requests not matching any known server name (catch-all). Takes the form 'namespace/name'. | |
-| providers.kubernetesingressnginx.disablesvcexternalname | Disable support for Services of type ExternalName. | false |
-| providers.kubernetesingressnginx.endpoint | Kubernetes server endpoint (required for external cluster client). | |
-| providers.kubernetesingressnginx.ingressclass | Name of the ingress class this controller satisfies. | nginx |
-| providers.kubernetesingressnginx.ingressclassbyname | Define if Ingress Controller should watch for Ingress Class by Name together with Controller Class. | false |
-| providers.kubernetesingressnginx.publishservice | Service fronting the Ingress controller. Takes the form 'namespace/name'. | |
-| providers.kubernetesingressnginx.publishstatusaddress | Customized address (or addresses, separated by comma) to set as the load-balancer status of Ingress objects this controller satisfies. | |
-| providers.kubernetesingressnginx.throttleduration | Ingress refresh throttle duration. | 0 |
-| providers.kubernetesingressnginx.token | Kubernetes bearer token (not needed for in-cluster client). It accepts either a token value or a file path to the token. | |
-| providers.kubernetesingressnginx.watchingresswithoutclass | Define if Ingress Controller should also watch for Ingresses without an IngressClass or the annotation specified. | false |
-| providers.kubernetesingressnginx.watchnamespace | Namespace the controller watches for updates to Kubernetes objects. All namespaces are watched if this parameter is left empty. | |
-| providers.kubernetesingressnginx.watchnamespaceselector | Selector selects namespaces the controller watches for updates to Kubernetes objects. | |
-| providers.nomad | Enable Nomad backend with default settings. | false |
-| providers.nomad.allowemptyservices | Allow the creation of services without endpoints. | false |
-| providers.nomad.constraints | Constraints is an expression that Traefik matches against the Nomad service's tags to determine whether to create route(s) for that service. | |
-| providers.nomad.defaultrule | Default rule. | Host(`{{ normalize .Name }}`) |
-| providers.nomad.endpoint.address | The address of the Nomad server, including scheme and port. | http://127.0.0.1:4646 |
-| providers.nomad.endpoint.endpointwaittime | WaitTime limits how long a Watch will block. If not provided, the agent default values will be used | 0 |
-| providers.nomad.endpoint.region | Nomad region to use. If not provided, the local agent region is used. | |
-| providers.nomad.endpoint.tls.ca | TLS CA | |
-| providers.nomad.endpoint.tls.cert | TLS cert | |
-| providers.nomad.endpoint.tls.insecureskipverify | TLS insecure skip verify | false |
-| providers.nomad.endpoint.tls.key | TLS key | |
-| providers.nomad.endpoint.token | Token is used to provide a per-request ACL token. | |
-| providers.nomad.exposedbydefault | Expose Nomad services by default. | true |
-| providers.nomad.namespaces | Sets the Nomad namespaces used to discover services. | |
-| providers.nomad.prefix | Prefix for nomad service tags. | traefik |
-| providers.nomad.refreshinterval | Interval for polling Nomad API. | 15 |
-| providers.nomad.stale | Use stale consistency for catalog reads. | false |
-| providers.nomad.throttleduration | Watch throttle duration. | 0 |
-| providers.nomad.watch | Watch Nomad Service events. | false |
-| providers.plugin._name_ | Plugins configuration. | |
-| providers.providersthrottleduration | Backends throttle duration: minimum duration between 2 events from providers before applying a new configuration. It avoids unnecessary reloads if multiples events are sent in a short amount of time. | 2 |
-| providers.redis | Enable Redis backend with default settings. | false |
-| providers.redis.db | Database to be selected after connecting to the server. | 0 |
-| providers.redis.endpoints | KV store endpoints. | 127.0.0.1:6379 |
-| providers.redis.password | Password for authentication. | |
-| providers.redis.rootkey | Root key used for KV store. | traefik |
-| providers.redis.sentinel.latencystrategy | Defines whether to route commands to the closest master or replica nodes (mutually exclusive with RandomStrategy and ReplicaStrategy). | false |
-| providers.redis.sentinel.mastername | Name of the master. | |
-| providers.redis.sentinel.password | Password for Sentinel authentication. | |
-| providers.redis.sentinel.randomstrategy | Defines whether to route commands randomly to master or replica nodes (mutually exclusive with LatencyStrategy and ReplicaStrategy). | false |
-| providers.redis.sentinel.replicastrategy | Defines whether to route all commands to replica nodes (mutually exclusive with LatencyStrategy and RandomStrategy). | false |
-| providers.redis.sentinel.usedisconnectedreplicas | Use replicas disconnected with master when cannot get connected replicas. | false |
-| providers.redis.sentinel.username | Username for Sentinel authentication. | |
-| providers.redis.tls.ca | TLS CA | |
-| providers.redis.tls.cert | TLS cert | |
-| providers.redis.tls.insecureskipverify | TLS insecure skip verify | false |
-| providers.redis.tls.key | TLS key | |
-| providers.redis.username | Username for authentication. | |
-| providers.rest | Enable Rest backend with default settings. | false |
-| providers.rest.insecure | Activate REST Provider directly on the entryPoint named traefik. | false |
-| providers.swarm | Enable Docker Swarm backend with default settings. | false |
-| providers.swarm.allowemptyservices | Disregards the Docker containers health checks with respect to the creation or removal of the corresponding services. | false |
-| providers.swarm.constraints | Constraints is an expression that Traefik matches against the container's labels to determine whether to create any route for that container. | |
-| providers.swarm.defaultrule | Default rule. | Host(`{{ normalize .Name }}`) |
-| providers.swarm.endpoint | Docker server endpoint. Can be a TCP or a Unix socket endpoint. | unix:///var/run/docker.sock |
-| providers.swarm.exposedbydefault | Expose containers by default. | true |
-| providers.swarm.httpclienttimeout | Client timeout for HTTP connections. | 0 |
-| providers.swarm.network | Default Docker network used. | |
-| providers.swarm.password | Password for Basic HTTP authentication. | |
-| providers.swarm.refreshseconds | Polling interval for swarm mode. | 15 |
-| providers.swarm.tls.ca | TLS CA | |
-| providers.swarm.tls.cert | TLS cert | |
-| providers.swarm.tls.insecureskipverify | TLS insecure skip verify | false |
-| providers.swarm.tls.key | TLS key | |
-| providers.swarm.usebindportip | Use the ip address from the bound port, rather than from the inner network. | false |
-| providers.swarm.username | Username for Basic HTTP authentication. | |
-| providers.swarm.watch | Watch Docker events. | true |
-| providers.zookeeper | Enable ZooKeeper backend with default settings. | false |
-| providers.zookeeper.endpoints | KV store endpoints. | 127.0.0.1:2181 |
-| providers.zookeeper.password | Password for authentication. | |
-| providers.zookeeper.rootkey | Root key used for KV store. | traefik |
-| providers.zookeeper.username | Username for authentication. | |
-| serverstransport.forwardingtimeouts.dialtimeout | The amount of time to wait until a connection to a backend server can be established. If zero, no timeout exists. | 30 |
-| serverstransport.forwardingtimeouts.idleconntimeout | The maximum period for which an idle HTTP keep-alive connection will remain open before closing itself | 90 |
-| serverstransport.forwardingtimeouts.responseheadertimeout | The amount of time to wait for a server's response headers after fully writing the request (including its body, if any). If zero, no timeout exists. | 0 |
-| serverstransport.insecureskipverify | Disable SSL certificate verification. | false |
-| serverstransport.maxidleconnsperhost | If non-zero, controls the maximum idle (keep-alive) to keep per-host. If zero, DefaultMaxIdleConnsPerHost is used | 200 |
-| serverstransport.rootcas | Add cert file for self-signed certificate. | |
-| serverstransport.spiffe | Defines the SPIFFE configuration. | false |
-| serverstransport.spiffe.ids | Defines the allowed SPIFFE IDs (takes precedence over the SPIFFE TrustDomain). | |
-| serverstransport.spiffe.trustdomain | Defines the allowed SPIFFE trust domain. | |
-| spiffe.workloadapiaddr | Defines the workload API address. | |
-| tcpserverstransport.dialkeepalive | Defines the interval between keep-alive probes for an active network connection. If zero, keep-alive probes are sent with a default value (currently 15 seconds), if supported by the protocol and operating system. Network protocols or operating systems that do not support keep-alives ignore this field. If negative, keep-alive probes are disabled | 15 |
-| tcpserverstransport.dialtimeout | Defines the amount of time to wait until a connection to a backend server can be established. If zero, no timeout exists. | 30 |
-| tcpserverstransport.terminationdelay | Defines the delay to wait before fully terminating the connection, after one connected peer has closed its writing capability. | 0 |
-| tcpserverstransport.tls | Defines the TLS configuration. | false |
-| tcpserverstransport.tls.insecureskipverify | Disables SSL certificate verification. | false |
-| tcpserverstransport.tls.rootcas | Defines a list of CA secret used to validate self-signed certificate | |
-| tcpserverstransport.tls.spiffe | Defines the SPIFFE TLS configuration. | false |
-| tcpserverstransport.tls.spiffe.ids | Defines the allowed SPIFFE IDs (takes precedence over the SPIFFE TrustDomain). | |
-| tcpserverstransport.tls.spiffe.trustdomain | Defines the allowed SPIFFE trust domain. | |
-| tracing | Tracing configuration. | false |
-| tracing.addinternals | Enables tracing for internal services (ping, dashboard, etc...). | false |
-| tracing.capturedrequestheaders | Request headers to add as attributes for server and client spans. | |
-| tracing.capturedresponseheaders | Response headers to add as attributes for server and client spans. | |
-| tracing.globalattributes._name_ | (Deprecated) Defines additional resource attributes (key:value). | |
-| tracing.otlp | Settings for OpenTelemetry. | false |
-| tracing.otlp.grpc | gRPC configuration for the OpenTelemetry collector. | false |
-| tracing.otlp.grpc.endpoint | Sets the gRPC endpoint (host:port) of the collector. | localhost:4317 |
-| tracing.otlp.grpc.headers._name_ | Headers sent with payload. | |
-| tracing.otlp.grpc.insecure | Disables client transport security for the exporter. | false |
-| tracing.otlp.grpc.tls.ca | TLS CA | |
-| tracing.otlp.grpc.tls.cert | TLS cert | |
-| tracing.otlp.grpc.tls.insecureskipverify | TLS insecure skip verify | false |
-| tracing.otlp.grpc.tls.key | TLS key | |
-| tracing.otlp.http | HTTP configuration for the OpenTelemetry collector. | false |
-| tracing.otlp.http.endpoint | Sets the HTTP endpoint (scheme://host:port/path) of the collector. | https://localhost:4318 |
-| tracing.otlp.http.headers._name_ | Headers sent with payload. | |
-| tracing.otlp.http.tls.ca | TLS CA | |
-| tracing.otlp.http.tls.cert | TLS cert | |
-| tracing.otlp.http.tls.insecureskipverify | TLS insecure skip verify | false |
-| tracing.otlp.http.tls.key | TLS key | |
-| tracing.resourceattributes._name_ | Defines additional resource attributes (key:value). | |
-| tracing.safequeryparams | Query params to not redact. | |
-| tracing.samplerate | Sets the rate between 0.0 and 1.0 of requests to trace. | 1.000000 |
-| tracing.servicename | Defines the service name resource attribute. | traefik |
+| <a id="opt-accesslog" href="#opt-accesslog" title="#opt-accesslog">accesslog</a> | Access log settings. | false |
+| <a id="opt-accesslog-addinternals" href="#opt-accesslog-addinternals" title="#opt-accesslog-addinternals">accesslog.addinternals</a> | Enables access log for internal services (ping, dashboard, etc...). | false |
+| <a id="opt-accesslog-bufferingsize" href="#opt-accesslog-bufferingsize" title="#opt-accesslog-bufferingsize">accesslog.bufferingsize</a> | Number of access log lines to process in a buffered way. | 0 |
+| <a id="opt-accesslog-fields-defaultmode" href="#opt-accesslog-fields-defaultmode" title="#opt-accesslog-fields-defaultmode">accesslog.fields.defaultmode</a> | Default mode for fields: keep | drop | keep |
+| <a id="opt-accesslog-fields-headers-defaultmode" href="#opt-accesslog-fields-headers-defaultmode" title="#opt-accesslog-fields-headers-defaultmode">accesslog.fields.headers.defaultmode</a> | Default mode for fields: keep | drop | redact | drop |
+| <a id="opt-accesslog-fields-headers-names-name" href="#opt-accesslog-fields-headers-names-name" title="#opt-accesslog-fields-headers-names-name">accesslog.fields.headers.names._name_</a> | Override mode for headers | |
+| <a id="opt-accesslog-fields-names-name" href="#opt-accesslog-fields-names-name" title="#opt-accesslog-fields-names-name">accesslog.fields.names._name_</a> | Override mode for fields | |
+| <a id="opt-accesslog-filepath" href="#opt-accesslog-filepath" title="#opt-accesslog-filepath">accesslog.filepath</a> | Access log file path. Stdout is used when omitted or empty. | |
+| <a id="opt-accesslog-filters-minduration" href="#opt-accesslog-filters-minduration" title="#opt-accesslog-filters-minduration">accesslog.filters.minduration</a> | Keep access logs when request took longer than the specified duration. | 0 |
+| <a id="opt-accesslog-filters-retryattempts" href="#opt-accesslog-filters-retryattempts" title="#opt-accesslog-filters-retryattempts">accesslog.filters.retryattempts</a> | Keep access logs when at least one retry happened. | false |
+| <a id="opt-accesslog-filters-statuscodes" href="#opt-accesslog-filters-statuscodes" title="#opt-accesslog-filters-statuscodes">accesslog.filters.statuscodes</a> | Keep access logs with status codes in the specified range. | |
+| <a id="opt-accesslog-format" href="#opt-accesslog-format" title="#opt-accesslog-format">accesslog.format</a> | Access log format: json, common, or genericCLF | common |
+| <a id="opt-accesslog-otlp" href="#opt-accesslog-otlp" title="#opt-accesslog-otlp">accesslog.otlp</a> | Settings for OpenTelemetry. | false |
+| <a id="opt-accesslog-otlp-grpc" href="#opt-accesslog-otlp-grpc" title="#opt-accesslog-otlp-grpc">accesslog.otlp.grpc</a> | gRPC configuration for the OpenTelemetry collector. | false |
+| <a id="opt-accesslog-otlp-grpc-endpoint" href="#opt-accesslog-otlp-grpc-endpoint" title="#opt-accesslog-otlp-grpc-endpoint">accesslog.otlp.grpc.endpoint</a> | Sets the gRPC endpoint (host:port) of the collector. | localhost:4317 |
+| <a id="opt-accesslog-otlp-grpc-headers-name" href="#opt-accesslog-otlp-grpc-headers-name" title="#opt-accesslog-otlp-grpc-headers-name">accesslog.otlp.grpc.headers._name_</a> | Headers sent with payload. | |
+| <a id="opt-accesslog-otlp-grpc-insecure" href="#opt-accesslog-otlp-grpc-insecure" title="#opt-accesslog-otlp-grpc-insecure">accesslog.otlp.grpc.insecure</a> | Disables client transport security for the exporter. | false |
+| <a id="opt-accesslog-otlp-grpc-tls-ca" href="#opt-accesslog-otlp-grpc-tls-ca" title="#opt-accesslog-otlp-grpc-tls-ca">accesslog.otlp.grpc.tls.ca</a> | TLS CA | |
+| <a id="opt-accesslog-otlp-grpc-tls-cert" href="#opt-accesslog-otlp-grpc-tls-cert" title="#opt-accesslog-otlp-grpc-tls-cert">accesslog.otlp.grpc.tls.cert</a> | TLS cert | |
+| <a id="opt-accesslog-otlp-grpc-tls-insecureskipverify" href="#opt-accesslog-otlp-grpc-tls-insecureskipverify" title="#opt-accesslog-otlp-grpc-tls-insecureskipverify">accesslog.otlp.grpc.tls.insecureskipverify</a> | TLS insecure skip verify | false |
+| <a id="opt-accesslog-otlp-grpc-tls-key" href="#opt-accesslog-otlp-grpc-tls-key" title="#opt-accesslog-otlp-grpc-tls-key">accesslog.otlp.grpc.tls.key</a> | TLS key | |
+| <a id="opt-accesslog-otlp-http" href="#opt-accesslog-otlp-http" title="#opt-accesslog-otlp-http">accesslog.otlp.http</a> | HTTP configuration for the OpenTelemetry collector. | false |
+| <a id="opt-accesslog-otlp-http-endpoint" href="#opt-accesslog-otlp-http-endpoint" title="#opt-accesslog-otlp-http-endpoint">accesslog.otlp.http.endpoint</a> | Sets the HTTP endpoint (scheme://host:port/path) of the collector. | https://localhost:4318 |
+| <a id="opt-accesslog-otlp-http-headers-name" href="#opt-accesslog-otlp-http-headers-name" title="#opt-accesslog-otlp-http-headers-name">accesslog.otlp.http.headers._name_</a> | Headers sent with payload. | |
+| <a id="opt-accesslog-otlp-http-tls-ca" href="#opt-accesslog-otlp-http-tls-ca" title="#opt-accesslog-otlp-http-tls-ca">accesslog.otlp.http.tls.ca</a> | TLS CA | |
+| <a id="opt-accesslog-otlp-http-tls-cert" href="#opt-accesslog-otlp-http-tls-cert" title="#opt-accesslog-otlp-http-tls-cert">accesslog.otlp.http.tls.cert</a> | TLS cert | |
+| <a id="opt-accesslog-otlp-http-tls-insecureskipverify" href="#opt-accesslog-otlp-http-tls-insecureskipverify" title="#opt-accesslog-otlp-http-tls-insecureskipverify">accesslog.otlp.http.tls.insecureskipverify</a> | TLS insecure skip verify | false |
+| <a id="opt-accesslog-otlp-http-tls-key" href="#opt-accesslog-otlp-http-tls-key" title="#opt-accesslog-otlp-http-tls-key">accesslog.otlp.http.tls.key</a> | TLS key | |
+| <a id="opt-accesslog-otlp-resourceattributes-name" href="#opt-accesslog-otlp-resourceattributes-name" title="#opt-accesslog-otlp-resourceattributes-name">accesslog.otlp.resourceattributes._name_</a> | Defines additional resource attributes (key:value). | |
+| <a id="opt-accesslog-otlp-servicename" href="#opt-accesslog-otlp-servicename" title="#opt-accesslog-otlp-servicename">accesslog.otlp.servicename</a> | Defines the service name resource attribute. | traefik |
+| <a id="opt-api" href="#opt-api" title="#opt-api">api</a> | Enable api/dashboard. | false |
+| <a id="opt-api-basepath" href="#opt-api-basepath" title="#opt-api-basepath">api.basepath</a> | Defines the base path where the API and Dashboard will be exposed. | / |
+| <a id="opt-api-dashboard" href="#opt-api-dashboard" title="#opt-api-dashboard">api.dashboard</a> | Activate dashboard. | true |
+| <a id="opt-api-debug" href="#opt-api-debug" title="#opt-api-debug">api.debug</a> | Enable additional endpoints for debugging and profiling. | false |
+| <a id="opt-api-disabledashboardad" href="#opt-api-disabledashboardad" title="#opt-api-disabledashboardad">api.disabledashboardad</a> | Disable ad in the dashboard. | false |
+| <a id="opt-api-insecure" href="#opt-api-insecure" title="#opt-api-insecure">api.insecure</a> | Activate API directly on the entryPoint named traefik. | false |
+| <a id="opt-certificatesresolvers-name" href="#opt-certificatesresolvers-name" title="#opt-certificatesresolvers-name">certificatesresolvers._name_</a> | Certificates resolvers configuration. | false |
+| <a id="opt-certificatesresolvers-name-acme-cacertificates" href="#opt-certificatesresolvers-name-acme-cacertificates" title="#opt-certificatesresolvers-name-acme-cacertificates">certificatesresolvers._name_.acme.cacertificates</a> | Specify the paths to PEM encoded CA Certificates that can be used to authenticate an ACME server with an HTTPS certificate not issued by a CA in the system-wide trusted root list. | |
+| <a id="opt-certificatesresolvers-name-acme-caserver" href="#opt-certificatesresolvers-name-acme-caserver" title="#opt-certificatesresolvers-name-acme-caserver">certificatesresolvers._name_.acme.caserver</a> | CA server to use. | https://acme-v02.api.letsencrypt.org/directory |
+| <a id="opt-certificatesresolvers-name-acme-caservername" href="#opt-certificatesresolvers-name-acme-caservername" title="#opt-certificatesresolvers-name-acme-caservername">certificatesresolvers._name_.acme.caservername</a> | Specify the CA server name that can be used to authenticate an ACME server with an HTTPS certificate not issued by a CA in the system-wide trusted root list. | |
+| <a id="opt-certificatesresolvers-name-acme-casystemcertpool" href="#opt-certificatesresolvers-name-acme-casystemcertpool" title="#opt-certificatesresolvers-name-acme-casystemcertpool">certificatesresolvers._name_.acme.casystemcertpool</a> | Define if the certificates pool must use a copy of the system cert pool. | false |
+| <a id="opt-certificatesresolvers-name-acme-certificatesduration" href="#opt-certificatesresolvers-name-acme-certificatesduration" title="#opt-certificatesresolvers-name-acme-certificatesduration">certificatesresolvers._name_.acme.certificatesduration</a> | Certificates' duration in hours. | 2160 |
+| <a id="opt-certificatesresolvers-name-acme-clientresponseheadertimeout" href="#opt-certificatesresolvers-name-acme-clientresponseheadertimeout" title="#opt-certificatesresolvers-name-acme-clientresponseheadertimeout">certificatesresolvers._name_.acme.clientresponseheadertimeout</a> | Timeout for receiving the response headers when communicating with the ACME server. | 30 |
+| <a id="opt-certificatesresolvers-name-acme-clienttimeout" href="#opt-certificatesresolvers-name-acme-clienttimeout" title="#opt-certificatesresolvers-name-acme-clienttimeout">certificatesresolvers._name_.acme.clienttimeout</a> | Timeout for a complete HTTP transaction with the ACME server. | 120 |
+| <a id="opt-certificatesresolvers-name-acme-dnschallenge" href="#opt-certificatesresolvers-name-acme-dnschallenge" title="#opt-certificatesresolvers-name-acme-dnschallenge">certificatesresolvers._name_.acme.dnschallenge</a> | Activate DNS-01 Challenge. | false |
+| <a id="opt-certificatesresolvers-name-acme-dnschallenge-delaybeforecheck" href="#opt-certificatesresolvers-name-acme-dnschallenge-delaybeforecheck" title="#opt-certificatesresolvers-name-acme-dnschallenge-delaybeforecheck">certificatesresolvers._name_.acme.dnschallenge.delaybeforecheck</a> | (Deprecated) Assume DNS propagates after a delay in seconds rather than finding and querying nameservers. | 0 |
+| <a id="opt-certificatesresolvers-name-acme-dnschallenge-disablepropagationcheck" href="#opt-certificatesresolvers-name-acme-dnschallenge-disablepropagationcheck" title="#opt-certificatesresolvers-name-acme-dnschallenge-disablepropagationcheck">certificatesresolvers._name_.acme.dnschallenge.disablepropagationcheck</a> | (Deprecated) Disable the DNS propagation checks before notifying ACME that the DNS challenge is ready. [not recommended] | false |
+| <a id="opt-certificatesresolvers-name-acme-dnschallenge-propagation" href="#opt-certificatesresolvers-name-acme-dnschallenge-propagation" title="#opt-certificatesresolvers-name-acme-dnschallenge-propagation">certificatesresolvers._name_.acme.dnschallenge.propagation</a> | DNS propagation checks configuration | false |
+| <a id="opt-certificatesresolvers-name-acme-dnschallenge-propagation-delaybeforechecks" href="#opt-certificatesresolvers-name-acme-dnschallenge-propagation-delaybeforechecks" title="#opt-certificatesresolvers-name-acme-dnschallenge-propagation-delaybeforechecks">certificatesresolvers._name_.acme.dnschallenge.propagation.delaybeforechecks</a> | Defines the delay before checking the challenge TXT record propagation. | 0 |
+| <a id="opt-certificatesresolvers-name-acme-dnschallenge-propagation-disableanschecks" href="#opt-certificatesresolvers-name-acme-dnschallenge-propagation-disableanschecks" title="#opt-certificatesresolvers-name-acme-dnschallenge-propagation-disableanschecks">certificatesresolvers._name_.acme.dnschallenge.propagation.disableanschecks</a> | Disables the challenge TXT record propagation checks against authoritative nameservers. | false |
+| <a id="opt-certificatesresolvers-name-acme-dnschallenge-propagation-disablechecks" href="#opt-certificatesresolvers-name-acme-dnschallenge-propagation-disablechecks" title="#opt-certificatesresolvers-name-acme-dnschallenge-propagation-disablechecks">certificatesresolvers._name_.acme.dnschallenge.propagation.disablechecks</a> | Disables the challenge TXT record propagation checks (not recommended). | false |
+| <a id="opt-certificatesresolvers-name-acme-dnschallenge-propagation-requireallrns" href="#opt-certificatesresolvers-name-acme-dnschallenge-propagation-requireallrns" title="#opt-certificatesresolvers-name-acme-dnschallenge-propagation-requireallrns">certificatesresolvers._name_.acme.dnschallenge.propagation.requireallrns</a> | Requires the challenge TXT record to be propagated to all recursive nameservers. | false |
+| <a id="opt-certificatesresolvers-name-acme-dnschallenge-provider" href="#opt-certificatesresolvers-name-acme-dnschallenge-provider" title="#opt-certificatesresolvers-name-acme-dnschallenge-provider">certificatesresolvers._name_.acme.dnschallenge.provider</a> | Use a DNS-01 based challenge provider rather than HTTPS. | |
+| <a id="opt-certificatesresolvers-name-acme-dnschallenge-resolvers" href="#opt-certificatesresolvers-name-acme-dnschallenge-resolvers" title="#opt-certificatesresolvers-name-acme-dnschallenge-resolvers">certificatesresolvers._name_.acme.dnschallenge.resolvers</a> | Use following DNS servers to resolve the FQDN authority. | |
+| <a id="opt-certificatesresolvers-name-acme-eab-hmacencoded" href="#opt-certificatesresolvers-name-acme-eab-hmacencoded" title="#opt-certificatesresolvers-name-acme-eab-hmacencoded">certificatesresolvers._name_.acme.eab.hmacencoded</a> | Base64 encoded HMAC key from External CA. | |
+| <a id="opt-certificatesresolvers-name-acme-eab-kid" href="#opt-certificatesresolvers-name-acme-eab-kid" title="#opt-certificatesresolvers-name-acme-eab-kid">certificatesresolvers._name_.acme.eab.kid</a> | Key identifier from External CA. | |
+| <a id="opt-certificatesresolvers-name-acme-email" href="#opt-certificatesresolvers-name-acme-email" title="#opt-certificatesresolvers-name-acme-email">certificatesresolvers._name_.acme.email</a> | Email address used for registration. | |
+| <a id="opt-certificatesresolvers-name-acme-emailaddresses" href="#opt-certificatesresolvers-name-acme-emailaddresses" title="#opt-certificatesresolvers-name-acme-emailaddresses">certificatesresolvers._name_.acme.emailaddresses</a> | CSR email addresses to use. | |
+| <a id="opt-certificatesresolvers-name-acme-httpchallenge" href="#opt-certificatesresolvers-name-acme-httpchallenge" title="#opt-certificatesresolvers-name-acme-httpchallenge">certificatesresolvers._name_.acme.httpchallenge</a> | Activate HTTP-01 Challenge. | false |
+| <a id="opt-certificatesresolvers-name-acme-httpchallenge-delay" href="#opt-certificatesresolvers-name-acme-httpchallenge-delay" title="#opt-certificatesresolvers-name-acme-httpchallenge-delay">certificatesresolvers._name_.acme.httpchallenge.delay</a> | Delay between the creation of the challenge and the validation. | 0 |
+| <a id="opt-certificatesresolvers-name-acme-httpchallenge-entrypoint" href="#opt-certificatesresolvers-name-acme-httpchallenge-entrypoint" title="#opt-certificatesresolvers-name-acme-httpchallenge-entrypoint">certificatesresolvers._name_.acme.httpchallenge.entrypoint</a> | HTTP challenge EntryPoint | |
+| <a id="opt-certificatesresolvers-name-acme-keytype" href="#opt-certificatesresolvers-name-acme-keytype" title="#opt-certificatesresolvers-name-acme-keytype">certificatesresolvers._name_.acme.keytype</a> | KeyType used for generating certificate private key. Allow value 'EC256', 'EC384', 'RSA2048', 'RSA4096', 'RSA8192'. | RSA4096 |
+| <a id="opt-certificatesresolvers-name-acme-preferredchain" href="#opt-certificatesresolvers-name-acme-preferredchain" title="#opt-certificatesresolvers-name-acme-preferredchain">certificatesresolvers._name_.acme.preferredchain</a> | Preferred chain to use. | |
+| <a id="opt-certificatesresolvers-name-acme-profile" href="#opt-certificatesresolvers-name-acme-profile" title="#opt-certificatesresolvers-name-acme-profile">certificatesresolvers._name_.acme.profile</a> | Certificate profile to use. | |
+| <a id="opt-certificatesresolvers-name-acme-storage" href="#opt-certificatesresolvers-name-acme-storage" title="#opt-certificatesresolvers-name-acme-storage">certificatesresolvers._name_.acme.storage</a> | Storage to use. | acme.json |
+| <a id="opt-certificatesresolvers-name-acme-tlschallenge" href="#opt-certificatesresolvers-name-acme-tlschallenge" title="#opt-certificatesresolvers-name-acme-tlschallenge">certificatesresolvers._name_.acme.tlschallenge</a> | Activate TLS-ALPN-01 Challenge. | true |
+| <a id="opt-certificatesresolvers-name-tailscale" href="#opt-certificatesresolvers-name-tailscale" title="#opt-certificatesresolvers-name-tailscale">certificatesresolvers._name_.tailscale</a> | Enables Tailscale certificate resolution. | true |
+| <a id="opt-core-defaultrulesyntax" href="#opt-core-defaultrulesyntax" title="#opt-core-defaultrulesyntax">core.defaultrulesyntax</a> | Defines the rule parser default syntax (v2 or v3) | v3 |
+| <a id="opt-entrypoints-name" href="#opt-entrypoints-name" title="#opt-entrypoints-name">entrypoints._name_</a> | Entry points definition. | false |
+| <a id="opt-entrypoints-name-address" href="#opt-entrypoints-name-address" title="#opt-entrypoints-name-address">entrypoints._name_.address</a> | Entry point address. | |
+| <a id="opt-entrypoints-name-allowacmebypass" href="#opt-entrypoints-name-allowacmebypass" title="#opt-entrypoints-name-allowacmebypass">entrypoints._name_.allowacmebypass</a> | Enables handling of ACME TLS and HTTP challenges with custom routers. | false |
+| <a id="opt-entrypoints-name-asdefault" href="#opt-entrypoints-name-asdefault" title="#opt-entrypoints-name-asdefault">entrypoints._name_.asdefault</a> | Adds this EntryPoint to the list of default EntryPoints to be used on routers that don't have any Entrypoint defined. | false |
+| <a id="opt-entrypoints-name-forwardedheaders-connection" href="#opt-entrypoints-name-forwardedheaders-connection" title="#opt-entrypoints-name-forwardedheaders-connection">entrypoints._name_.forwardedheaders.connection</a> | List of Connection headers that are allowed to pass through the middleware chain before being removed. | |
+| <a id="opt-entrypoints-name-forwardedheaders-insecure" href="#opt-entrypoints-name-forwardedheaders-insecure" title="#opt-entrypoints-name-forwardedheaders-insecure">entrypoints._name_.forwardedheaders.insecure</a> | Trust all forwarded headers. | false |
+| <a id="opt-entrypoints-name-forwardedheaders-trustedips" href="#opt-entrypoints-name-forwardedheaders-trustedips" title="#opt-entrypoints-name-forwardedheaders-trustedips">entrypoints._name_.forwardedheaders.trustedips</a> | Trust only forwarded headers from selected IPs. | |
+| <a id="opt-entrypoints-name-http" href="#opt-entrypoints-name-http" title="#opt-entrypoints-name-http">entrypoints._name_.http</a> | HTTP configuration. | |
+| <a id="opt-entrypoints-name-http-encodequerysemicolons" href="#opt-entrypoints-name-http-encodequerysemicolons" title="#opt-entrypoints-name-http-encodequerysemicolons">entrypoints._name_.http.encodequerysemicolons</a> | Defines whether request query semicolons should be URLEncoded. | false |
+| <a id="opt-entrypoints-name-http-maxheaderbytes" href="#opt-entrypoints-name-http-maxheaderbytes" title="#opt-entrypoints-name-http-maxheaderbytes">entrypoints._name_.http.maxheaderbytes</a> | Maximum size of request headers in bytes. | 1048576 |
+| <a id="opt-entrypoints-name-http-middlewares" href="#opt-entrypoints-name-http-middlewares" title="#opt-entrypoints-name-http-middlewares">entrypoints._name_.http.middlewares</a> | Default middlewares for the routers linked to the entry point. | |
+| <a id="opt-entrypoints-name-http-redirections-entrypoint-permanent" href="#opt-entrypoints-name-http-redirections-entrypoint-permanent" title="#opt-entrypoints-name-http-redirections-entrypoint-permanent">entrypoints._name_.http.redirections.entrypoint.permanent</a> | Applies a permanent redirection. | true |
+| <a id="opt-entrypoints-name-http-redirections-entrypoint-priority" href="#opt-entrypoints-name-http-redirections-entrypoint-priority" title="#opt-entrypoints-name-http-redirections-entrypoint-priority">entrypoints._name_.http.redirections.entrypoint.priority</a> | Priority of the generated router. | 9223372036854775806 |
+| <a id="opt-entrypoints-name-http-redirections-entrypoint-scheme" href="#opt-entrypoints-name-http-redirections-entrypoint-scheme" title="#opt-entrypoints-name-http-redirections-entrypoint-scheme">entrypoints._name_.http.redirections.entrypoint.scheme</a> | Scheme used for the redirection. | https |
+| <a id="opt-entrypoints-name-http-redirections-entrypoint-to" href="#opt-entrypoints-name-http-redirections-entrypoint-to" title="#opt-entrypoints-name-http-redirections-entrypoint-to">entrypoints._name_.http.redirections.entrypoint.to</a> | Targeted entry point of the redirection. | |
+| <a id="opt-entrypoints-name-http-sanitizepath" href="#opt-entrypoints-name-http-sanitizepath" title="#opt-entrypoints-name-http-sanitizepath">entrypoints._name_.http.sanitizepath</a> | Defines whether to enable request path sanitization (removal of /./, /../ and multiple slash sequences). | true |
+| <a id="opt-entrypoints-name-http-tls" href="#opt-entrypoints-name-http-tls" title="#opt-entrypoints-name-http-tls">entrypoints._name_.http.tls</a> | Default TLS configuration for the routers linked to the entry point. | false |
+| <a id="opt-entrypoints-name-http-tls-certresolver" href="#opt-entrypoints-name-http-tls-certresolver" title="#opt-entrypoints-name-http-tls-certresolver">entrypoints._name_.http.tls.certresolver</a> | Default certificate resolver for the routers linked to the entry point. | |
+| <a id="opt-entrypoints-name-http-tls-domains" href="#opt-entrypoints-name-http-tls-domains" title="#opt-entrypoints-name-http-tls-domains">entrypoints._name_.http.tls.domains</a> | Default TLS domains for the routers linked to the entry point. | |
+| <a id="opt-entrypoints-name-http-tls-domains0-main" href="#opt-entrypoints-name-http-tls-domains0-main" title="#opt-entrypoints-name-http-tls-domains0-main">entrypoints._name_.http.tls.domains[0].main</a> | Default subject name. | |
+| <a id="opt-entrypoints-name-http-tls-domains0-sans" href="#opt-entrypoints-name-http-tls-domains0-sans" title="#opt-entrypoints-name-http-tls-domains0-sans">entrypoints._name_.http.tls.domains[0].sans</a> | Subject alternative names. | |
+| <a id="opt-entrypoints-name-http-tls-options" href="#opt-entrypoints-name-http-tls-options" title="#opt-entrypoints-name-http-tls-options">entrypoints._name_.http.tls.options</a> | Default TLS options for the routers linked to the entry point. | |
+| <a id="opt-entrypoints-name-http2-maxconcurrentstreams" href="#opt-entrypoints-name-http2-maxconcurrentstreams" title="#opt-entrypoints-name-http2-maxconcurrentstreams">entrypoints._name_.http2.maxconcurrentstreams</a> | Specifies the number of concurrent streams per connection that each client is allowed to initiate. | 250 |
+| <a id="opt-entrypoints-name-http3" href="#opt-entrypoints-name-http3" title="#opt-entrypoints-name-http3">entrypoints._name_.http3</a> | HTTP/3 configuration. | false |
+| <a id="opt-entrypoints-name-http3-advertisedport" href="#opt-entrypoints-name-http3-advertisedport" title="#opt-entrypoints-name-http3-advertisedport">entrypoints._name_.http3.advertisedport</a> | UDP port to advertise, on which HTTP/3 is available. | 0 |
+| <a id="opt-entrypoints-name-observability-accesslogs" href="#opt-entrypoints-name-observability-accesslogs" title="#opt-entrypoints-name-observability-accesslogs">entrypoints._name_.observability.accesslogs</a> | Enables access-logs for this entryPoint. | true |
+| <a id="opt-entrypoints-name-observability-metrics" href="#opt-entrypoints-name-observability-metrics" title="#opt-entrypoints-name-observability-metrics">entrypoints._name_.observability.metrics</a> | Enables metrics for this entryPoint. | true |
+| <a id="opt-entrypoints-name-observability-traceverbosity" href="#opt-entrypoints-name-observability-traceverbosity" title="#opt-entrypoints-name-observability-traceverbosity">entrypoints._name_.observability.traceverbosity</a> | Defines the tracing verbosity level for this entryPoint. | minimal |
+| <a id="opt-entrypoints-name-observability-tracing" href="#opt-entrypoints-name-observability-tracing" title="#opt-entrypoints-name-observability-tracing">entrypoints._name_.observability.tracing</a> | Enables tracing for this entryPoint. | true |
+| <a id="opt-entrypoints-name-proxyprotocol" href="#opt-entrypoints-name-proxyprotocol" title="#opt-entrypoints-name-proxyprotocol">entrypoints._name_.proxyprotocol</a> | Proxy-Protocol configuration. | false |
+| <a id="opt-entrypoints-name-proxyprotocol-insecure" href="#opt-entrypoints-name-proxyprotocol-insecure" title="#opt-entrypoints-name-proxyprotocol-insecure">entrypoints._name_.proxyprotocol.insecure</a> | Trust all. | false |
+| <a id="opt-entrypoints-name-proxyprotocol-trustedips" href="#opt-entrypoints-name-proxyprotocol-trustedips" title="#opt-entrypoints-name-proxyprotocol-trustedips">entrypoints._name_.proxyprotocol.trustedips</a> | Trust only selected IPs. | |
+| <a id="opt-entrypoints-name-reuseport" href="#opt-entrypoints-name-reuseport" title="#opt-entrypoints-name-reuseport">entrypoints._name_.reuseport</a> | Enables EntryPoints from the same or different processes listening on the same TCP/UDP port. | false |
+| <a id="opt-entrypoints-name-transport-keepalivemaxrequests" href="#opt-entrypoints-name-transport-keepalivemaxrequests" title="#opt-entrypoints-name-transport-keepalivemaxrequests">entrypoints._name_.transport.keepalivemaxrequests</a> | Maximum number of requests before closing a keep-alive connection. | 0 |
+| <a id="opt-entrypoints-name-transport-keepalivemaxtime" href="#opt-entrypoints-name-transport-keepalivemaxtime" title="#opt-entrypoints-name-transport-keepalivemaxtime">entrypoints._name_.transport.keepalivemaxtime</a> | Maximum duration before closing a keep-alive connection. | 0 |
+| <a id="opt-entrypoints-name-transport-lifecycle-gracetimeout" href="#opt-entrypoints-name-transport-lifecycle-gracetimeout" title="#opt-entrypoints-name-transport-lifecycle-gracetimeout">entrypoints._name_.transport.lifecycle.gracetimeout</a> | Duration to give active requests a chance to finish before Traefik stops. | 10 |
+| <a id="opt-entrypoints-name-transport-lifecycle-requestacceptgracetimeout" href="#opt-entrypoints-name-transport-lifecycle-requestacceptgracetimeout" title="#opt-entrypoints-name-transport-lifecycle-requestacceptgracetimeout">entrypoints._name_.transport.lifecycle.requestacceptgracetimeout</a> | Duration to keep accepting requests before Traefik initiates the graceful shutdown procedure. | 0 |
+| <a id="opt-entrypoints-name-transport-respondingtimeouts-idletimeout" href="#opt-entrypoints-name-transport-respondingtimeouts-idletimeout" title="#opt-entrypoints-name-transport-respondingtimeouts-idletimeout">entrypoints._name_.transport.respondingtimeouts.idletimeout</a> | IdleTimeout is the maximum amount duration an idle (keep-alive) connection will remain idle before closing itself. If zero, no timeout is set. | 180 |
+| <a id="opt-entrypoints-name-transport-respondingtimeouts-readtimeout" href="#opt-entrypoints-name-transport-respondingtimeouts-readtimeout" title="#opt-entrypoints-name-transport-respondingtimeouts-readtimeout">entrypoints._name_.transport.respondingtimeouts.readtimeout</a> | ReadTimeout is the maximum duration for reading the entire request, including the body. If zero, no timeout is set. | 60 |
+| <a id="opt-entrypoints-name-transport-respondingtimeouts-writetimeout" href="#opt-entrypoints-name-transport-respondingtimeouts-writetimeout" title="#opt-entrypoints-name-transport-respondingtimeouts-writetimeout">entrypoints._name_.transport.respondingtimeouts.writetimeout</a> | WriteTimeout is the maximum duration before timing out writes of the response. If zero, no timeout is set. | 0 |
+| <a id="opt-entrypoints-name-udp-timeout" href="#opt-entrypoints-name-udp-timeout" title="#opt-entrypoints-name-udp-timeout">entrypoints._name_.udp.timeout</a> | Timeout defines how long to wait on an idle session before releasing the related resources. | 3 |
+| <a id="opt-experimental-abortonpluginfailure" href="#opt-experimental-abortonpluginfailure" title="#opt-experimental-abortonpluginfailure">experimental.abortonpluginfailure</a> | Defines whether all plugins must be loaded successfully for Traefik to start. | false |
+| <a id="opt-experimental-fastproxy" href="#opt-experimental-fastproxy" title="#opt-experimental-fastproxy">experimental.fastproxy</a> | Enables the FastProxy implementation. | false |
+| <a id="opt-experimental-fastproxy-debug" href="#opt-experimental-fastproxy-debug" title="#opt-experimental-fastproxy-debug">experimental.fastproxy.debug</a> | Enable debug mode for the FastProxy implementation. | false |
+| <a id="opt-experimental-kubernetesgateway" href="#opt-experimental-kubernetesgateway" title="#opt-experimental-kubernetesgateway">experimental.kubernetesgateway</a> | (Deprecated) Allow the Kubernetes gateway api provider usage. | false |
+| <a id="opt-experimental-kubernetesingressnginx" href="#opt-experimental-kubernetesingressnginx" title="#opt-experimental-kubernetesingressnginx">experimental.kubernetesingressnginx</a> | Allow the Kubernetes Ingress NGINX provider usage. | false |
+| <a id="opt-experimental-localplugins-name" href="#opt-experimental-localplugins-name" title="#opt-experimental-localplugins-name">experimental.localplugins._name_</a> | Local plugins configuration. | false |
+| <a id="opt-experimental-localplugins-name-modulename" href="#opt-experimental-localplugins-name-modulename" title="#opt-experimental-localplugins-name-modulename">experimental.localplugins._name_.modulename</a> | Plugin's module name. | |
+| <a id="opt-experimental-localplugins-name-settings" href="#opt-experimental-localplugins-name-settings" title="#opt-experimental-localplugins-name-settings">experimental.localplugins._name_.settings</a> | Plugin's settings (works only for wasm plugins). | |
+| <a id="opt-experimental-localplugins-name-settings-envs" href="#opt-experimental-localplugins-name-settings-envs" title="#opt-experimental-localplugins-name-settings-envs">experimental.localplugins._name_.settings.envs</a> | Environment variables to forward to the wasm guest. | |
+| <a id="opt-experimental-localplugins-name-settings-mounts" href="#opt-experimental-localplugins-name-settings-mounts" title="#opt-experimental-localplugins-name-settings-mounts">experimental.localplugins._name_.settings.mounts</a> | Directory to mount to the wasm guest. | |
+| <a id="opt-experimental-localplugins-name-settings-useunsafe" href="#opt-experimental-localplugins-name-settings-useunsafe" title="#opt-experimental-localplugins-name-settings-useunsafe">experimental.localplugins._name_.settings.useunsafe</a> | Allow the plugin to use unsafe package. | false |
+| <a id="opt-experimental-otlplogs" href="#opt-experimental-otlplogs" title="#opt-experimental-otlplogs">experimental.otlplogs</a> | Enables the OpenTelemetry logs integration. | false |
+| <a id="opt-experimental-plugins-name-hash" href="#opt-experimental-plugins-name-hash" title="#opt-experimental-plugins-name-hash">experimental.plugins._name_.hash</a> | plugin's hash to validate' | |
+| <a id="opt-experimental-plugins-name-modulename" href="#opt-experimental-plugins-name-modulename" title="#opt-experimental-plugins-name-modulename">experimental.plugins._name_.modulename</a> | plugin's module name. | |
+| <a id="opt-experimental-plugins-name-settings" href="#opt-experimental-plugins-name-settings" title="#opt-experimental-plugins-name-settings">experimental.plugins._name_.settings</a> | Plugin's settings (works only for wasm plugins). | |
+| <a id="opt-experimental-plugins-name-settings-envs" href="#opt-experimental-plugins-name-settings-envs" title="#opt-experimental-plugins-name-settings-envs">experimental.plugins._name_.settings.envs</a> | Environment variables to forward to the wasm guest. | |
+| <a id="opt-experimental-plugins-name-settings-mounts" href="#opt-experimental-plugins-name-settings-mounts" title="#opt-experimental-plugins-name-settings-mounts">experimental.plugins._name_.settings.mounts</a> | Directory to mount to the wasm guest. | |
+| <a id="opt-experimental-plugins-name-settings-useunsafe" href="#opt-experimental-plugins-name-settings-useunsafe" title="#opt-experimental-plugins-name-settings-useunsafe">experimental.plugins._name_.settings.useunsafe</a> | Allow the plugin to use unsafe package. | false |
+| <a id="opt-experimental-plugins-name-version" href="#opt-experimental-plugins-name-version" title="#opt-experimental-plugins-name-version">experimental.plugins._name_.version</a> | plugin's version. | |
+| <a id="opt-global-checknewversion" href="#opt-global-checknewversion" title="#opt-global-checknewversion">global.checknewversion</a> | Periodically check if a new version has been released. | true |
+| <a id="opt-global-sendanonymoususage" href="#opt-global-sendanonymoususage" title="#opt-global-sendanonymoususage">global.sendanonymoususage</a> | Periodically send anonymous usage statistics. If the option is not specified, it will be disabled by default. | false |
+| <a id="opt-hostresolver" href="#opt-hostresolver" title="#opt-hostresolver">hostresolver</a> | Enable CNAME Flattening. | false |
+| <a id="opt-hostresolver-cnameflattening" href="#opt-hostresolver-cnameflattening" title="#opt-hostresolver-cnameflattening">hostresolver.cnameflattening</a> | A flag to enable/disable CNAME flattening | false |
+| <a id="opt-hostresolver-resolvconfig" href="#opt-hostresolver-resolvconfig" title="#opt-hostresolver-resolvconfig">hostresolver.resolvconfig</a> | resolv.conf used for DNS resolving | /etc/resolv.conf |
+| <a id="opt-hostresolver-resolvdepth" href="#opt-hostresolver-resolvdepth" title="#opt-hostresolver-resolvdepth">hostresolver.resolvdepth</a> | The maximal depth of DNS recursive resolving | 5 |
+| <a id="opt-log" href="#opt-log" title="#opt-log">log</a> | Traefik log settings. | false |
+| <a id="opt-log-compress" href="#opt-log-compress" title="#opt-log-compress">log.compress</a> | Determines if the rotated log files should be compressed using gzip. | false |
+| <a id="opt-log-filepath" href="#opt-log-filepath" title="#opt-log-filepath">log.filepath</a> | Traefik log file path. Stdout is used when omitted or empty. | |
+| <a id="opt-log-format" href="#opt-log-format" title="#opt-log-format">log.format</a> | Traefik log format: json | common | common |
+| <a id="opt-log-level" href="#opt-log-level" title="#opt-log-level">log.level</a> | Log level set to traefik logs. | ERROR |
+| <a id="opt-log-maxage" href="#opt-log-maxage" title="#opt-log-maxage">log.maxage</a> | Maximum number of days to retain old log files based on the timestamp encoded in their filename. | 0 |
+| <a id="opt-log-maxbackups" href="#opt-log-maxbackups" title="#opt-log-maxbackups">log.maxbackups</a> | Maximum number of old log files to retain. | 0 |
+| <a id="opt-log-maxsize" href="#opt-log-maxsize" title="#opt-log-maxsize">log.maxsize</a> | Maximum size in megabytes of the log file before it gets rotated. | 0 |
+| <a id="opt-log-nocolor" href="#opt-log-nocolor" title="#opt-log-nocolor">log.nocolor</a> | When using the 'common' format, disables the colorized output. | false |
+| <a id="opt-log-otlp" href="#opt-log-otlp" title="#opt-log-otlp">log.otlp</a> | Settings for OpenTelemetry. | false |
+| <a id="opt-log-otlp-grpc" href="#opt-log-otlp-grpc" title="#opt-log-otlp-grpc">log.otlp.grpc</a> | gRPC configuration for the OpenTelemetry collector. | false |
+| <a id="opt-log-otlp-grpc-endpoint" href="#opt-log-otlp-grpc-endpoint" title="#opt-log-otlp-grpc-endpoint">log.otlp.grpc.endpoint</a> | Sets the gRPC endpoint (host:port) of the collector. | localhost:4317 |
+| <a id="opt-log-otlp-grpc-headers-name" href="#opt-log-otlp-grpc-headers-name" title="#opt-log-otlp-grpc-headers-name">log.otlp.grpc.headers._name_</a> | Headers sent with payload. | |
+| <a id="opt-log-otlp-grpc-insecure" href="#opt-log-otlp-grpc-insecure" title="#opt-log-otlp-grpc-insecure">log.otlp.grpc.insecure</a> | Disables client transport security for the exporter. | false |
+| <a id="opt-log-otlp-grpc-tls-ca" href="#opt-log-otlp-grpc-tls-ca" title="#opt-log-otlp-grpc-tls-ca">log.otlp.grpc.tls.ca</a> | TLS CA | |
+| <a id="opt-log-otlp-grpc-tls-cert" href="#opt-log-otlp-grpc-tls-cert" title="#opt-log-otlp-grpc-tls-cert">log.otlp.grpc.tls.cert</a> | TLS cert | |
+| <a id="opt-log-otlp-grpc-tls-insecureskipverify" href="#opt-log-otlp-grpc-tls-insecureskipverify" title="#opt-log-otlp-grpc-tls-insecureskipverify">log.otlp.grpc.tls.insecureskipverify</a> | TLS insecure skip verify | false |
+| <a id="opt-log-otlp-grpc-tls-key" href="#opt-log-otlp-grpc-tls-key" title="#opt-log-otlp-grpc-tls-key">log.otlp.grpc.tls.key</a> | TLS key | |
+| <a id="opt-log-otlp-http" href="#opt-log-otlp-http" title="#opt-log-otlp-http">log.otlp.http</a> | HTTP configuration for the OpenTelemetry collector. | false |
+| <a id="opt-log-otlp-http-endpoint" href="#opt-log-otlp-http-endpoint" title="#opt-log-otlp-http-endpoint">log.otlp.http.endpoint</a> | Sets the HTTP endpoint (scheme://host:port/path) of the collector. | https://localhost:4318 |
+| <a id="opt-log-otlp-http-headers-name" href="#opt-log-otlp-http-headers-name" title="#opt-log-otlp-http-headers-name">log.otlp.http.headers._name_</a> | Headers sent with payload. | |
+| <a id="opt-log-otlp-http-tls-ca" href="#opt-log-otlp-http-tls-ca" title="#opt-log-otlp-http-tls-ca">log.otlp.http.tls.ca</a> | TLS CA | |
+| <a id="opt-log-otlp-http-tls-cert" href="#opt-log-otlp-http-tls-cert" title="#opt-log-otlp-http-tls-cert">log.otlp.http.tls.cert</a> | TLS cert | |
+| <a id="opt-log-otlp-http-tls-insecureskipverify" href="#opt-log-otlp-http-tls-insecureskipverify" title="#opt-log-otlp-http-tls-insecureskipverify">log.otlp.http.tls.insecureskipverify</a> | TLS insecure skip verify | false |
+| <a id="opt-log-otlp-http-tls-key" href="#opt-log-otlp-http-tls-key" title="#opt-log-otlp-http-tls-key">log.otlp.http.tls.key</a> | TLS key | |
+| <a id="opt-log-otlp-resourceattributes-name" href="#opt-log-otlp-resourceattributes-name" title="#opt-log-otlp-resourceattributes-name">log.otlp.resourceattributes._name_</a> | Defines additional resource attributes (key:value). | |
+| <a id="opt-log-otlp-servicename" href="#opt-log-otlp-servicename" title="#opt-log-otlp-servicename">log.otlp.servicename</a> | Defines the service name resource attribute. | traefik |
+| <a id="opt-metrics-addinternals" href="#opt-metrics-addinternals" title="#opt-metrics-addinternals">metrics.addinternals</a> | Enables metrics for internal services (ping, dashboard, etc...). | false |
+| <a id="opt-metrics-datadog" href="#opt-metrics-datadog" title="#opt-metrics-datadog">metrics.datadog</a> | Datadog metrics exporter type. | false |
+| <a id="opt-metrics-datadog-addentrypointslabels" href="#opt-metrics-datadog-addentrypointslabels" title="#opt-metrics-datadog-addentrypointslabels">metrics.datadog.addentrypointslabels</a> | Enable metrics on entry points. | true |
+| <a id="opt-metrics-datadog-address" href="#opt-metrics-datadog-address" title="#opt-metrics-datadog-address">metrics.datadog.address</a> | Datadog's address. | localhost:8125 |
+| <a id="opt-metrics-datadog-addrouterslabels" href="#opt-metrics-datadog-addrouterslabels" title="#opt-metrics-datadog-addrouterslabels">metrics.datadog.addrouterslabels</a> | Enable metrics on routers. | false |
+| <a id="opt-metrics-datadog-addserviceslabels" href="#opt-metrics-datadog-addserviceslabels" title="#opt-metrics-datadog-addserviceslabels">metrics.datadog.addserviceslabels</a> | Enable metrics on services. | true |
+| <a id="opt-metrics-datadog-prefix" href="#opt-metrics-datadog-prefix" title="#opt-metrics-datadog-prefix">metrics.datadog.prefix</a> | Prefix to use for metrics collection. | traefik |
+| <a id="opt-metrics-datadog-pushinterval" href="#opt-metrics-datadog-pushinterval" title="#opt-metrics-datadog-pushinterval">metrics.datadog.pushinterval</a> | Datadog push interval. | 10 |
+| <a id="opt-metrics-influxdb2" href="#opt-metrics-influxdb2" title="#opt-metrics-influxdb2">metrics.influxdb2</a> | InfluxDB v2 metrics exporter type. | false |
+| <a id="opt-metrics-influxdb2-addentrypointslabels" href="#opt-metrics-influxdb2-addentrypointslabels" title="#opt-metrics-influxdb2-addentrypointslabels">metrics.influxdb2.addentrypointslabels</a> | Enable metrics on entry points. | true |
+| <a id="opt-metrics-influxdb2-additionallabels-name" href="#opt-metrics-influxdb2-additionallabels-name" title="#opt-metrics-influxdb2-additionallabels-name">metrics.influxdb2.additionallabels._name_</a> | Additional labels (influxdb tags) on all metrics | |
+| <a id="opt-metrics-influxdb2-address" href="#opt-metrics-influxdb2-address" title="#opt-metrics-influxdb2-address">metrics.influxdb2.address</a> | InfluxDB v2 address. | http://localhost:8086 |
+| <a id="opt-metrics-influxdb2-addrouterslabels" href="#opt-metrics-influxdb2-addrouterslabels" title="#opt-metrics-influxdb2-addrouterslabels">metrics.influxdb2.addrouterslabels</a> | Enable metrics on routers. | false |
+| <a id="opt-metrics-influxdb2-addserviceslabels" href="#opt-metrics-influxdb2-addserviceslabels" title="#opt-metrics-influxdb2-addserviceslabels">metrics.influxdb2.addserviceslabels</a> | Enable metrics on services. | true |
+| <a id="opt-metrics-influxdb2-bucket" href="#opt-metrics-influxdb2-bucket" title="#opt-metrics-influxdb2-bucket">metrics.influxdb2.bucket</a> | InfluxDB v2 bucket ID. | |
+| <a id="opt-metrics-influxdb2-org" href="#opt-metrics-influxdb2-org" title="#opt-metrics-influxdb2-org">metrics.influxdb2.org</a> | InfluxDB v2 org ID. | |
+| <a id="opt-metrics-influxdb2-pushinterval" href="#opt-metrics-influxdb2-pushinterval" title="#opt-metrics-influxdb2-pushinterval">metrics.influxdb2.pushinterval</a> | InfluxDB v2 push interval. | 10 |
+| <a id="opt-metrics-influxdb2-token" href="#opt-metrics-influxdb2-token" title="#opt-metrics-influxdb2-token">metrics.influxdb2.token</a> | InfluxDB v2 access token. | |
+| <a id="opt-metrics-otlp" href="#opt-metrics-otlp" title="#opt-metrics-otlp">metrics.otlp</a> | OpenTelemetry metrics exporter type. | false |
+| <a id="opt-metrics-otlp-addentrypointslabels" href="#opt-metrics-otlp-addentrypointslabels" title="#opt-metrics-otlp-addentrypointslabels">metrics.otlp.addentrypointslabels</a> | Enable metrics on entry points. | true |
+| <a id="opt-metrics-otlp-addrouterslabels" href="#opt-metrics-otlp-addrouterslabels" title="#opt-metrics-otlp-addrouterslabels">metrics.otlp.addrouterslabels</a> | Enable metrics on routers. | false |
+| <a id="opt-metrics-otlp-addserviceslabels" href="#opt-metrics-otlp-addserviceslabels" title="#opt-metrics-otlp-addserviceslabels">metrics.otlp.addserviceslabels</a> | Enable metrics on services. | true |
+| <a id="opt-metrics-otlp-explicitboundaries" href="#opt-metrics-otlp-explicitboundaries" title="#opt-metrics-otlp-explicitboundaries">metrics.otlp.explicitboundaries</a> | Boundaries for latency metrics. | 0.005000, 0.010000, 0.025000, 0.050000, 0.075000, 0.100000, 0.250000, 0.500000, 0.750000, 1.000000, 2.500000, 5.000000, 7.500000, 10.000000 |
+| <a id="opt-metrics-otlp-grpc" href="#opt-metrics-otlp-grpc" title="#opt-metrics-otlp-grpc">metrics.otlp.grpc</a> | gRPC configuration for the OpenTelemetry collector. | false |
+| <a id="opt-metrics-otlp-grpc-endpoint" href="#opt-metrics-otlp-grpc-endpoint" title="#opt-metrics-otlp-grpc-endpoint">metrics.otlp.grpc.endpoint</a> | Sets the gRPC endpoint (host:port) of the collector. | localhost:4317 |
+| <a id="opt-metrics-otlp-grpc-headers-name" href="#opt-metrics-otlp-grpc-headers-name" title="#opt-metrics-otlp-grpc-headers-name">metrics.otlp.grpc.headers._name_</a> | Headers sent with payload. | |
+| <a id="opt-metrics-otlp-grpc-insecure" href="#opt-metrics-otlp-grpc-insecure" title="#opt-metrics-otlp-grpc-insecure">metrics.otlp.grpc.insecure</a> | Disables client transport security for the exporter. | false |
+| <a id="opt-metrics-otlp-grpc-tls-ca" href="#opt-metrics-otlp-grpc-tls-ca" title="#opt-metrics-otlp-grpc-tls-ca">metrics.otlp.grpc.tls.ca</a> | TLS CA | |
+| <a id="opt-metrics-otlp-grpc-tls-cert" href="#opt-metrics-otlp-grpc-tls-cert" title="#opt-metrics-otlp-grpc-tls-cert">metrics.otlp.grpc.tls.cert</a> | TLS cert | |
+| <a id="opt-metrics-otlp-grpc-tls-insecureskipverify" href="#opt-metrics-otlp-grpc-tls-insecureskipverify" title="#opt-metrics-otlp-grpc-tls-insecureskipverify">metrics.otlp.grpc.tls.insecureskipverify</a> | TLS insecure skip verify | false |
+| <a id="opt-metrics-otlp-grpc-tls-key" href="#opt-metrics-otlp-grpc-tls-key" title="#opt-metrics-otlp-grpc-tls-key">metrics.otlp.grpc.tls.key</a> | TLS key | |
+| <a id="opt-metrics-otlp-http" href="#opt-metrics-otlp-http" title="#opt-metrics-otlp-http">metrics.otlp.http</a> | HTTP configuration for the OpenTelemetry collector. | false |
+| <a id="opt-metrics-otlp-http-endpoint" href="#opt-metrics-otlp-http-endpoint" title="#opt-metrics-otlp-http-endpoint">metrics.otlp.http.endpoint</a> | Sets the HTTP endpoint (scheme://host:port/path) of the collector. | https://localhost:4318 |
+| <a id="opt-metrics-otlp-http-headers-name" href="#opt-metrics-otlp-http-headers-name" title="#opt-metrics-otlp-http-headers-name">metrics.otlp.http.headers._name_</a> | Headers sent with payload. | |
+| <a id="opt-metrics-otlp-http-tls-ca" href="#opt-metrics-otlp-http-tls-ca" title="#opt-metrics-otlp-http-tls-ca">metrics.otlp.http.tls.ca</a> | TLS CA | |
+| <a id="opt-metrics-otlp-http-tls-cert" href="#opt-metrics-otlp-http-tls-cert" title="#opt-metrics-otlp-http-tls-cert">metrics.otlp.http.tls.cert</a> | TLS cert | |
+| <a id="opt-metrics-otlp-http-tls-insecureskipverify" href="#opt-metrics-otlp-http-tls-insecureskipverify" title="#opt-metrics-otlp-http-tls-insecureskipverify">metrics.otlp.http.tls.insecureskipverify</a> | TLS insecure skip verify | false |
+| <a id="opt-metrics-otlp-http-tls-key" href="#opt-metrics-otlp-http-tls-key" title="#opt-metrics-otlp-http-tls-key">metrics.otlp.http.tls.key</a> | TLS key | |
+| <a id="opt-metrics-otlp-pushinterval" href="#opt-metrics-otlp-pushinterval" title="#opt-metrics-otlp-pushinterval">metrics.otlp.pushinterval</a> | Period between calls to collect a checkpoint. | 10 |
+| <a id="opt-metrics-otlp-resourceattributes-name" href="#opt-metrics-otlp-resourceattributes-name" title="#opt-metrics-otlp-resourceattributes-name">metrics.otlp.resourceattributes._name_</a> | Defines additional resource attributes (key:value). | |
+| <a id="opt-metrics-otlp-servicename" href="#opt-metrics-otlp-servicename" title="#opt-metrics-otlp-servicename">metrics.otlp.servicename</a> | Defines the service name resource attribute. | traefik |
+| <a id="opt-metrics-prometheus" href="#opt-metrics-prometheus" title="#opt-metrics-prometheus">metrics.prometheus</a> | Prometheus metrics exporter type. | false |
+| <a id="opt-metrics-prometheus-addentrypointslabels" href="#opt-metrics-prometheus-addentrypointslabels" title="#opt-metrics-prometheus-addentrypointslabels">metrics.prometheus.addentrypointslabels</a> | Enable metrics on entry points. | true |
+| <a id="opt-metrics-prometheus-addrouterslabels" href="#opt-metrics-prometheus-addrouterslabels" title="#opt-metrics-prometheus-addrouterslabels">metrics.prometheus.addrouterslabels</a> | Enable metrics on routers. | false |
+| <a id="opt-metrics-prometheus-addserviceslabels" href="#opt-metrics-prometheus-addserviceslabels" title="#opt-metrics-prometheus-addserviceslabels">metrics.prometheus.addserviceslabels</a> | Enable metrics on services. | true |
+| <a id="opt-metrics-prometheus-buckets" href="#opt-metrics-prometheus-buckets" title="#opt-metrics-prometheus-buckets">metrics.prometheus.buckets</a> | Buckets for latency metrics. | 0.100000, 0.300000, 1.200000, 5.000000 |
+| <a id="opt-metrics-prometheus-entrypoint" href="#opt-metrics-prometheus-entrypoint" title="#opt-metrics-prometheus-entrypoint">metrics.prometheus.entrypoint</a> | EntryPoint | traefik |
+| <a id="opt-metrics-prometheus-headerlabels-name" href="#opt-metrics-prometheus-headerlabels-name" title="#opt-metrics-prometheus-headerlabels-name">metrics.prometheus.headerlabels._name_</a> | Defines the extra labels for the requests_total metrics, and for each of them, the request header containing the value for this label. | |
+| <a id="opt-metrics-prometheus-manualrouting" href="#opt-metrics-prometheus-manualrouting" title="#opt-metrics-prometheus-manualrouting">metrics.prometheus.manualrouting</a> | Manual routing | false |
+| <a id="opt-metrics-statsd" href="#opt-metrics-statsd" title="#opt-metrics-statsd">metrics.statsd</a> | StatsD metrics exporter type. | false |
+| <a id="opt-metrics-statsd-addentrypointslabels" href="#opt-metrics-statsd-addentrypointslabels" title="#opt-metrics-statsd-addentrypointslabels">metrics.statsd.addentrypointslabels</a> | Enable metrics on entry points. | true |
+| <a id="opt-metrics-statsd-address" href="#opt-metrics-statsd-address" title="#opt-metrics-statsd-address">metrics.statsd.address</a> | StatsD address. | localhost:8125 |
+| <a id="opt-metrics-statsd-addrouterslabels" href="#opt-metrics-statsd-addrouterslabels" title="#opt-metrics-statsd-addrouterslabels">metrics.statsd.addrouterslabels</a> | Enable metrics on routers. | false |
+| <a id="opt-metrics-statsd-addserviceslabels" href="#opt-metrics-statsd-addserviceslabels" title="#opt-metrics-statsd-addserviceslabels">metrics.statsd.addserviceslabels</a> | Enable metrics on services. | true |
+| <a id="opt-metrics-statsd-prefix" href="#opt-metrics-statsd-prefix" title="#opt-metrics-statsd-prefix">metrics.statsd.prefix</a> | Prefix to use for metrics collection. | traefik |
+| <a id="opt-metrics-statsd-pushinterval" href="#opt-metrics-statsd-pushinterval" title="#opt-metrics-statsd-pushinterval">metrics.statsd.pushinterval</a> | StatsD push interval. | 10 |
+| <a id="opt-ocsp" href="#opt-ocsp" title="#opt-ocsp">ocsp</a> | OCSP configuration. | false |
+| <a id="opt-ocsp-responderoverrides-name" href="#opt-ocsp-responderoverrides-name" title="#opt-ocsp-responderoverrides-name">ocsp.responderoverrides._name_</a> | Defines a map of OCSP responders to replace for querying OCSP servers. | |
+| <a id="opt-ping" href="#opt-ping" title="#opt-ping">ping</a> | Enable ping. | false |
+| <a id="opt-ping-entrypoint" href="#opt-ping-entrypoint" title="#opt-ping-entrypoint">ping.entrypoint</a> | EntryPoint | traefik |
+| <a id="opt-ping-manualrouting" href="#opt-ping-manualrouting" title="#opt-ping-manualrouting">ping.manualrouting</a> | Manual routing | false |
+| <a id="opt-ping-terminatingstatuscode" href="#opt-ping-terminatingstatuscode" title="#opt-ping-terminatingstatuscode">ping.terminatingstatuscode</a> | Terminating status code | 503 |
+| <a id="opt-providers-consul" href="#opt-providers-consul" title="#opt-providers-consul">providers.consul</a> | Enables Consul provider. | false |
+| <a id="opt-providers-consul-endpoints" href="#opt-providers-consul-endpoints" title="#opt-providers-consul-endpoints">providers.consul.endpoints</a> | KV store endpoints. | 127.0.0.1:8500 |
+| <a id="opt-providers-consul-namespaces" href="#opt-providers-consul-namespaces" title="#opt-providers-consul-namespaces">providers.consul.namespaces</a> | Sets the namespaces used to discover the configuration (Consul Enterprise only). | |
+| <a id="opt-providers-consul-rootkey" href="#opt-providers-consul-rootkey" title="#opt-providers-consul-rootkey">providers.consul.rootkey</a> | Root key used for KV store. | traefik |
+| <a id="opt-providers-consul-tls-ca" href="#opt-providers-consul-tls-ca" title="#opt-providers-consul-tls-ca">providers.consul.tls.ca</a> | TLS CA | |
+| <a id="opt-providers-consul-tls-cert" href="#opt-providers-consul-tls-cert" title="#opt-providers-consul-tls-cert">providers.consul.tls.cert</a> | TLS cert | |
+| <a id="opt-providers-consul-tls-insecureskipverify" href="#opt-providers-consul-tls-insecureskipverify" title="#opt-providers-consul-tls-insecureskipverify">providers.consul.tls.insecureskipverify</a> | TLS insecure skip verify | false |
+| <a id="opt-providers-consul-tls-key" href="#opt-providers-consul-tls-key" title="#opt-providers-consul-tls-key">providers.consul.tls.key</a> | TLS key | |
+| <a id="opt-providers-consul-token" href="#opt-providers-consul-token" title="#opt-providers-consul-token">providers.consul.token</a> | Per-request ACL token. | |
+| <a id="opt-providers-consulcatalog" href="#opt-providers-consulcatalog" title="#opt-providers-consulcatalog">providers.consulcatalog</a> | Enables Consul Catalog provider. | false |
+| <a id="opt-providers-consulcatalog-cache" href="#opt-providers-consulcatalog-cache" title="#opt-providers-consulcatalog-cache">providers.consulcatalog.cache</a> | Use local agent caching for catalog reads. | false |
+| <a id="opt-providers-consulcatalog-connectaware" href="#opt-providers-consulcatalog-connectaware" title="#opt-providers-consulcatalog-connectaware">providers.consulcatalog.connectaware</a> | Enable Consul Connect support. | false |
+| <a id="opt-providers-consulcatalog-connectbydefault" href="#opt-providers-consulcatalog-connectbydefault" title="#opt-providers-consulcatalog-connectbydefault">providers.consulcatalog.connectbydefault</a> | Consider every service as Connect capable by default. | false |
+| <a id="opt-providers-consulcatalog-constraints" href="#opt-providers-consulcatalog-constraints" title="#opt-providers-consulcatalog-constraints">providers.consulcatalog.constraints</a> | Constraints is an expression that Traefik matches against the container's labels to determine whether to create any route for that container. | |
+| <a id="opt-providers-consulcatalog-defaultrule" href="#opt-providers-consulcatalog-defaultrule" title="#opt-providers-consulcatalog-defaultrule">providers.consulcatalog.defaultrule</a> | Default rule. | Host(`{{ normalize .Name }}`) |
+| <a id="opt-providers-consulcatalog-endpoint-address" href="#opt-providers-consulcatalog-endpoint-address" title="#opt-providers-consulcatalog-endpoint-address">providers.consulcatalog.endpoint.address</a> | The address of the Consul server | |
+| <a id="opt-providers-consulcatalog-endpoint-datacenter" href="#opt-providers-consulcatalog-endpoint-datacenter" title="#opt-providers-consulcatalog-endpoint-datacenter">providers.consulcatalog.endpoint.datacenter</a> | Data center to use. If not provided, the default agent data center is used | |
+| <a id="opt-providers-consulcatalog-endpoint-endpointwaittime" href="#opt-providers-consulcatalog-endpoint-endpointwaittime" title="#opt-providers-consulcatalog-endpoint-endpointwaittime">providers.consulcatalog.endpoint.endpointwaittime</a> | WaitTime limits how long a Watch will block. If not provided, the agent default values will be used | 0 |
+| <a id="opt-providers-consulcatalog-endpoint-httpauth-password" href="#opt-providers-consulcatalog-endpoint-httpauth-password" title="#opt-providers-consulcatalog-endpoint-httpauth-password">providers.consulcatalog.endpoint.httpauth.password</a> | Basic Auth password | |
+| <a id="opt-providers-consulcatalog-endpoint-httpauth-username" href="#opt-providers-consulcatalog-endpoint-httpauth-username" title="#opt-providers-consulcatalog-endpoint-httpauth-username">providers.consulcatalog.endpoint.httpauth.username</a> | Basic Auth username | |
+| <a id="opt-providers-consulcatalog-endpoint-scheme" href="#opt-providers-consulcatalog-endpoint-scheme" title="#opt-providers-consulcatalog-endpoint-scheme">providers.consulcatalog.endpoint.scheme</a> | The URI scheme for the Consul server | |
+| <a id="opt-providers-consulcatalog-endpoint-tls-ca" href="#opt-providers-consulcatalog-endpoint-tls-ca" title="#opt-providers-consulcatalog-endpoint-tls-ca">providers.consulcatalog.endpoint.tls.ca</a> | TLS CA | |
+| <a id="opt-providers-consulcatalog-endpoint-tls-cert" href="#opt-providers-consulcatalog-endpoint-tls-cert" title="#opt-providers-consulcatalog-endpoint-tls-cert">providers.consulcatalog.endpoint.tls.cert</a> | TLS cert | |
+| <a id="opt-providers-consulcatalog-endpoint-tls-insecureskipverify" href="#opt-providers-consulcatalog-endpoint-tls-insecureskipverify" title="#opt-providers-consulcatalog-endpoint-tls-insecureskipverify">providers.consulcatalog.endpoint.tls.insecureskipverify</a> | TLS insecure skip verify | false |
+| <a id="opt-providers-consulcatalog-endpoint-tls-key" href="#opt-providers-consulcatalog-endpoint-tls-key" title="#opt-providers-consulcatalog-endpoint-tls-key">providers.consulcatalog.endpoint.tls.key</a> | TLS key | |
+| <a id="opt-providers-consulcatalog-endpoint-token" href="#opt-providers-consulcatalog-endpoint-token" title="#opt-providers-consulcatalog-endpoint-token">providers.consulcatalog.endpoint.token</a> | Token is used to provide a per-request ACL token which overrides the agent's default token | |
+| <a id="opt-providers-consulcatalog-exposedbydefault" href="#opt-providers-consulcatalog-exposedbydefault" title="#opt-providers-consulcatalog-exposedbydefault">providers.consulcatalog.exposedbydefault</a> | Expose containers by default. | true |
+| <a id="opt-providers-consulcatalog-namespaces" href="#opt-providers-consulcatalog-namespaces" title="#opt-providers-consulcatalog-namespaces">providers.consulcatalog.namespaces</a> | Sets the namespaces used to discover services (Consul Enterprise only). | |
+| <a id="opt-providers-consulcatalog-prefix" href="#opt-providers-consulcatalog-prefix" title="#opt-providers-consulcatalog-prefix">providers.consulcatalog.prefix</a> | Prefix for consul service tags. | traefik |
+| <a id="opt-providers-consulcatalog-refreshinterval" href="#opt-providers-consulcatalog-refreshinterval" title="#opt-providers-consulcatalog-refreshinterval">providers.consulcatalog.refreshinterval</a> | Interval for check Consul API. | 15 |
+| <a id="opt-providers-consulcatalog-requireconsistent" href="#opt-providers-consulcatalog-requireconsistent" title="#opt-providers-consulcatalog-requireconsistent">providers.consulcatalog.requireconsistent</a> | Forces the read to be fully consistent. | false |
+| <a id="opt-providers-consulcatalog-servicename" href="#opt-providers-consulcatalog-servicename" title="#opt-providers-consulcatalog-servicename">providers.consulcatalog.servicename</a> | Name of the Traefik service in Consul Catalog (needs to be registered via the orchestrator or manually). | traefik |
+| <a id="opt-providers-consulcatalog-stale" href="#opt-providers-consulcatalog-stale" title="#opt-providers-consulcatalog-stale">providers.consulcatalog.stale</a> | Use stale consistency for catalog reads. | false |
+| <a id="opt-providers-consulcatalog-strictchecks" href="#opt-providers-consulcatalog-strictchecks" title="#opt-providers-consulcatalog-strictchecks">providers.consulcatalog.strictchecks</a> | A list of service health statuses to allow taking traffic. | passing, warning |
+| <a id="opt-providers-consulcatalog-watch" href="#opt-providers-consulcatalog-watch" title="#opt-providers-consulcatalog-watch">providers.consulcatalog.watch</a> | Watch Consul API events. | false |
+| <a id="opt-providers-docker" href="#opt-providers-docker" title="#opt-providers-docker">providers.docker</a> | Enables Docker provider. | false |
+| <a id="opt-providers-docker-allowemptyservices" href="#opt-providers-docker-allowemptyservices" title="#opt-providers-docker-allowemptyservices">providers.docker.allowemptyservices</a> | Disregards the Docker containers health checks with respect to the creation or removal of the corresponding services. | false |
+| <a id="opt-providers-docker-constraints" href="#opt-providers-docker-constraints" title="#opt-providers-docker-constraints">providers.docker.constraints</a> | Constraints is an expression that Traefik matches against the container's labels to determine whether to create any route for that container. | |
+| <a id="opt-providers-docker-defaultrule" href="#opt-providers-docker-defaultrule" title="#opt-providers-docker-defaultrule">providers.docker.defaultrule</a> | Default rule. | Host(`{{ normalize .Name }}`) |
+| <a id="opt-providers-docker-endpoint" href="#opt-providers-docker-endpoint" title="#opt-providers-docker-endpoint">providers.docker.endpoint</a> | Docker server endpoint. Can be a TCP or a Unix socket endpoint. | unix:///var/run/docker.sock |
+| <a id="opt-providers-docker-exposedbydefault" href="#opt-providers-docker-exposedbydefault" title="#opt-providers-docker-exposedbydefault">providers.docker.exposedbydefault</a> | Expose containers by default. | true |
+| <a id="opt-providers-docker-httpclienttimeout" href="#opt-providers-docker-httpclienttimeout" title="#opt-providers-docker-httpclienttimeout">providers.docker.httpclienttimeout</a> | Client timeout for HTTP connections. | 0 |
+| <a id="opt-providers-docker-network" href="#opt-providers-docker-network" title="#opt-providers-docker-network">providers.docker.network</a> | Default Docker network used. | |
+| <a id="opt-providers-docker-password" href="#opt-providers-docker-password" title="#opt-providers-docker-password">providers.docker.password</a> | Password for Basic HTTP authentication. | |
+| <a id="opt-providers-docker-tls-ca" href="#opt-providers-docker-tls-ca" title="#opt-providers-docker-tls-ca">providers.docker.tls.ca</a> | TLS CA | |
+| <a id="opt-providers-docker-tls-cert" href="#opt-providers-docker-tls-cert" title="#opt-providers-docker-tls-cert">providers.docker.tls.cert</a> | TLS cert | |
+| <a id="opt-providers-docker-tls-insecureskipverify" href="#opt-providers-docker-tls-insecureskipverify" title="#opt-providers-docker-tls-insecureskipverify">providers.docker.tls.insecureskipverify</a> | TLS insecure skip verify | false |
+| <a id="opt-providers-docker-tls-key" href="#opt-providers-docker-tls-key" title="#opt-providers-docker-tls-key">providers.docker.tls.key</a> | TLS key | |
+| <a id="opt-providers-docker-usebindportip" href="#opt-providers-docker-usebindportip" title="#opt-providers-docker-usebindportip">providers.docker.usebindportip</a> | Use the ip address from the bound port, rather than from the inner network. | false |
+| <a id="opt-providers-docker-username" href="#opt-providers-docker-username" title="#opt-providers-docker-username">providers.docker.username</a> | Username for Basic HTTP authentication. | |
+| <a id="opt-providers-docker-watch" href="#opt-providers-docker-watch" title="#opt-providers-docker-watch">providers.docker.watch</a> | Watch Docker events. | true |
+| <a id="opt-providers-ecs" href="#opt-providers-ecs" title="#opt-providers-ecs">providers.ecs</a> | Enables AWS ECS provider. | false |
+| <a id="opt-providers-ecs-accesskeyid" href="#opt-providers-ecs-accesskeyid" title="#opt-providers-ecs-accesskeyid">providers.ecs.accesskeyid</a> | AWS credentials access key ID to use for making requests. | |
+| <a id="opt-providers-ecs-autodiscoverclusters" href="#opt-providers-ecs-autodiscoverclusters" title="#opt-providers-ecs-autodiscoverclusters">providers.ecs.autodiscoverclusters</a> | Auto discover cluster. | false |
+| <a id="opt-providers-ecs-clusters" href="#opt-providers-ecs-clusters" title="#opt-providers-ecs-clusters">providers.ecs.clusters</a> | ECS Cluster names. | default |
+| <a id="opt-providers-ecs-constraints" href="#opt-providers-ecs-constraints" title="#opt-providers-ecs-constraints">providers.ecs.constraints</a> | Constraints is an expression that Traefik matches against the container's labels to determine whether to create any route for that container. | |
+| <a id="opt-providers-ecs-defaultrule" href="#opt-providers-ecs-defaultrule" title="#opt-providers-ecs-defaultrule">providers.ecs.defaultrule</a> | Default rule. | Host(`{{ normalize .Name }}`) |
+| <a id="opt-providers-ecs-ecsanywhere" href="#opt-providers-ecs-ecsanywhere" title="#opt-providers-ecs-ecsanywhere">providers.ecs.ecsanywhere</a> | Enable ECS Anywhere support. | false |
+| <a id="opt-providers-ecs-exposedbydefault" href="#opt-providers-ecs-exposedbydefault" title="#opt-providers-ecs-exposedbydefault">providers.ecs.exposedbydefault</a> | Expose services by default. | true |
+| <a id="opt-providers-ecs-healthytasksonly" href="#opt-providers-ecs-healthytasksonly" title="#opt-providers-ecs-healthytasksonly">providers.ecs.healthytasksonly</a> | Determines whether to discover only healthy tasks. | false |
+| <a id="opt-providers-ecs-refreshseconds" href="#opt-providers-ecs-refreshseconds" title="#opt-providers-ecs-refreshseconds">providers.ecs.refreshseconds</a> | Polling interval (in seconds). | 15 |
+| <a id="opt-providers-ecs-region" href="#opt-providers-ecs-region" title="#opt-providers-ecs-region">providers.ecs.region</a> | AWS region to use for requests. | |
+| <a id="opt-providers-ecs-secretaccesskey" href="#opt-providers-ecs-secretaccesskey" title="#opt-providers-ecs-secretaccesskey">providers.ecs.secretaccesskey</a> | AWS credentials access key to use for making requests. | |
+| <a id="opt-providers-etcd" href="#opt-providers-etcd" title="#opt-providers-etcd">providers.etcd</a> | Enables Etcd provider. | false |
+| <a id="opt-providers-etcd-endpoints" href="#opt-providers-etcd-endpoints" title="#opt-providers-etcd-endpoints">providers.etcd.endpoints</a> | KV store endpoints. | 127.0.0.1:2379 |
+| <a id="opt-providers-etcd-password" href="#opt-providers-etcd-password" title="#opt-providers-etcd-password">providers.etcd.password</a> | Password for authentication. | |
+| <a id="opt-providers-etcd-rootkey" href="#opt-providers-etcd-rootkey" title="#opt-providers-etcd-rootkey">providers.etcd.rootkey</a> | Root key used for KV store. | traefik |
+| <a id="opt-providers-etcd-tls-ca" href="#opt-providers-etcd-tls-ca" title="#opt-providers-etcd-tls-ca">providers.etcd.tls.ca</a> | TLS CA | |
+| <a id="opt-providers-etcd-tls-cert" href="#opt-providers-etcd-tls-cert" title="#opt-providers-etcd-tls-cert">providers.etcd.tls.cert</a> | TLS cert | |
+| <a id="opt-providers-etcd-tls-insecureskipverify" href="#opt-providers-etcd-tls-insecureskipverify" title="#opt-providers-etcd-tls-insecureskipverify">providers.etcd.tls.insecureskipverify</a> | TLS insecure skip verify | false |
+| <a id="opt-providers-etcd-tls-key" href="#opt-providers-etcd-tls-key" title="#opt-providers-etcd-tls-key">providers.etcd.tls.key</a> | TLS key | |
+| <a id="opt-providers-etcd-username" href="#opt-providers-etcd-username" title="#opt-providers-etcd-username">providers.etcd.username</a> | Username for authentication. | |
+| <a id="opt-providers-file-debugloggeneratedtemplate" href="#opt-providers-file-debugloggeneratedtemplate" title="#opt-providers-file-debugloggeneratedtemplate">providers.file.debugloggeneratedtemplate</a> | Enable debug logging of generated configuration template. | false |
+| <a id="opt-providers-file-directory" href="#opt-providers-file-directory" title="#opt-providers-file-directory">providers.file.directory</a> | Load dynamic configuration from one or more .yml or .toml files in a directory. | |
+| <a id="opt-providers-file-filename" href="#opt-providers-file-filename" title="#opt-providers-file-filename">providers.file.filename</a> | Load dynamic configuration from a file. | |
+| <a id="opt-providers-file-watch" href="#opt-providers-file-watch" title="#opt-providers-file-watch">providers.file.watch</a> | Watch provider. | true |
+| <a id="opt-providers-http" href="#opt-providers-http" title="#opt-providers-http">providers.http</a> | Enables HTTP provider. | false |
+| <a id="opt-providers-http-endpoint" href="#opt-providers-http-endpoint" title="#opt-providers-http-endpoint">providers.http.endpoint</a> | Load configuration from this endpoint. | |
+| <a id="opt-providers-http-headers-name" href="#opt-providers-http-headers-name" title="#opt-providers-http-headers-name">providers.http.headers._name_</a> | Define custom headers to be sent to the endpoint. | |
+| <a id="opt-providers-http-pollinterval" href="#opt-providers-http-pollinterval" title="#opt-providers-http-pollinterval">providers.http.pollinterval</a> | Polling interval for endpoint. | 5 |
+| <a id="opt-providers-http-polltimeout" href="#opt-providers-http-polltimeout" title="#opt-providers-http-polltimeout">providers.http.polltimeout</a> | Polling timeout for endpoint. | 5 |
+| <a id="opt-providers-http-tls-ca" href="#opt-providers-http-tls-ca" title="#opt-providers-http-tls-ca">providers.http.tls.ca</a> | TLS CA | |
+| <a id="opt-providers-http-tls-cert" href="#opt-providers-http-tls-cert" title="#opt-providers-http-tls-cert">providers.http.tls.cert</a> | TLS cert | |
+| <a id="opt-providers-http-tls-insecureskipverify" href="#opt-providers-http-tls-insecureskipverify" title="#opt-providers-http-tls-insecureskipverify">providers.http.tls.insecureskipverify</a> | TLS insecure skip verify | false |
+| <a id="opt-providers-http-tls-key" href="#opt-providers-http-tls-key" title="#opt-providers-http-tls-key">providers.http.tls.key</a> | TLS key | |
+| <a id="opt-providers-kubernetescrd" href="#opt-providers-kubernetescrd" title="#opt-providers-kubernetescrd">providers.kubernetescrd</a> | Enables Kubernetes CRD provider. | false |
+| <a id="opt-providers-kubernetescrd-allowcrossnamespace" href="#opt-providers-kubernetescrd-allowcrossnamespace" title="#opt-providers-kubernetescrd-allowcrossnamespace">providers.kubernetescrd.allowcrossnamespace</a> | Allow cross namespace resource reference. | false |
+| <a id="opt-providers-kubernetescrd-allowemptyservices" href="#opt-providers-kubernetescrd-allowemptyservices" title="#opt-providers-kubernetescrd-allowemptyservices">providers.kubernetescrd.allowemptyservices</a> | Allow the creation of services without endpoints. | false |
+| <a id="opt-providers-kubernetescrd-allowexternalnameservices" href="#opt-providers-kubernetescrd-allowexternalnameservices" title="#opt-providers-kubernetescrd-allowexternalnameservices">providers.kubernetescrd.allowexternalnameservices</a> | Allow ExternalName services. | false |
+| <a id="opt-providers-kubernetescrd-certauthfilepath" href="#opt-providers-kubernetescrd-certauthfilepath" title="#opt-providers-kubernetescrd-certauthfilepath">providers.kubernetescrd.certauthfilepath</a> | Kubernetes certificate authority file path (not needed for in-cluster client). | |
+| <a id="opt-providers-kubernetescrd-disableclusterscoperesources" href="#opt-providers-kubernetescrd-disableclusterscoperesources" title="#opt-providers-kubernetescrd-disableclusterscoperesources">providers.kubernetescrd.disableclusterscoperesources</a> | Disables the lookup of cluster scope resources (incompatible with IngressClasses and NodePortLB enabled services). | false |
+| <a id="opt-providers-kubernetescrd-endpoint" href="#opt-providers-kubernetescrd-endpoint" title="#opt-providers-kubernetescrd-endpoint">providers.kubernetescrd.endpoint</a> | Kubernetes server endpoint (required for external cluster client). | |
+| <a id="opt-providers-kubernetescrd-ingressclass" href="#opt-providers-kubernetescrd-ingressclass" title="#opt-providers-kubernetescrd-ingressclass">providers.kubernetescrd.ingressclass</a> | Value of kubernetes.io/ingress.class annotation to watch for. | |
+| <a id="opt-providers-kubernetescrd-labelselector" href="#opt-providers-kubernetescrd-labelselector" title="#opt-providers-kubernetescrd-labelselector">providers.kubernetescrd.labelselector</a> | Kubernetes label selector to use. | |
+| <a id="opt-providers-kubernetescrd-namespaces" href="#opt-providers-kubernetescrd-namespaces" title="#opt-providers-kubernetescrd-namespaces">providers.kubernetescrd.namespaces</a> | Kubernetes namespaces. | |
+| <a id="opt-providers-kubernetescrd-nativelbbydefault" href="#opt-providers-kubernetescrd-nativelbbydefault" title="#opt-providers-kubernetescrd-nativelbbydefault">providers.kubernetescrd.nativelbbydefault</a> | Defines whether to use Native Kubernetes load-balancing mode by default. | false |
+| <a id="opt-providers-kubernetescrd-throttleduration" href="#opt-providers-kubernetescrd-throttleduration" title="#opt-providers-kubernetescrd-throttleduration">providers.kubernetescrd.throttleduration</a> | Ingress refresh throttle duration | 0 |
+| <a id="opt-providers-kubernetescrd-token" href="#opt-providers-kubernetescrd-token" title="#opt-providers-kubernetescrd-token">providers.kubernetescrd.token</a> | Kubernetes bearer token (not needed for in-cluster client). It accepts either a token value or a file path to the token. | |
+| <a id="opt-providers-kubernetesgateway" href="#opt-providers-kubernetesgateway" title="#opt-providers-kubernetesgateway">providers.kubernetesgateway</a> | Enables Kubernetes Gateway API provider. | false |
+| <a id="opt-providers-kubernetesgateway-certauthfilepath" href="#opt-providers-kubernetesgateway-certauthfilepath" title="#opt-providers-kubernetesgateway-certauthfilepath">providers.kubernetesgateway.certauthfilepath</a> | Kubernetes certificate authority file path (not needed for in-cluster client). | |
+| <a id="opt-providers-kubernetesgateway-endpoint" href="#opt-providers-kubernetesgateway-endpoint" title="#opt-providers-kubernetesgateway-endpoint">providers.kubernetesgateway.endpoint</a> | Kubernetes server endpoint (required for external cluster client). | |
+| <a id="opt-providers-kubernetesgateway-experimentalchannel" href="#opt-providers-kubernetesgateway-experimentalchannel" title="#opt-providers-kubernetesgateway-experimentalchannel">providers.kubernetesgateway.experimentalchannel</a> | Toggles Experimental Channel resources support (TCPRoute, TLSRoute...). | false |
+| <a id="opt-providers-kubernetesgateway-labelselector" href="#opt-providers-kubernetesgateway-labelselector" title="#opt-providers-kubernetesgateway-labelselector">providers.kubernetesgateway.labelselector</a> | Kubernetes label selector to select specific GatewayClasses. | |
+| <a id="opt-providers-kubernetesgateway-namespaces" href="#opt-providers-kubernetesgateway-namespaces" title="#opt-providers-kubernetesgateway-namespaces">providers.kubernetesgateway.namespaces</a> | Kubernetes namespaces. | |
+| <a id="opt-providers-kubernetesgateway-nativelbbydefault" href="#opt-providers-kubernetesgateway-nativelbbydefault" title="#opt-providers-kubernetesgateway-nativelbbydefault">providers.kubernetesgateway.nativelbbydefault</a> | Defines whether to use Native Kubernetes load-balancing by default. | false |
+| <a id="opt-providers-kubernetesgateway-statusaddress-hostname" href="#opt-providers-kubernetesgateway-statusaddress-hostname" title="#opt-providers-kubernetesgateway-statusaddress-hostname">providers.kubernetesgateway.statusaddress.hostname</a> | Hostname used for Kubernetes Gateway status address. | |
+| <a id="opt-providers-kubernetesgateway-statusaddress-ip" href="#opt-providers-kubernetesgateway-statusaddress-ip" title="#opt-providers-kubernetesgateway-statusaddress-ip">providers.kubernetesgateway.statusaddress.ip</a> | IP used to set Kubernetes Gateway status address. | |
+| <a id="opt-providers-kubernetesgateway-statusaddress-service" href="#opt-providers-kubernetesgateway-statusaddress-service" title="#opt-providers-kubernetesgateway-statusaddress-service">providers.kubernetesgateway.statusaddress.service</a> | Published Kubernetes Service to copy status addresses from. | |
+| <a id="opt-providers-kubernetesgateway-statusaddress-service-name" href="#opt-providers-kubernetesgateway-statusaddress-service-name" title="#opt-providers-kubernetesgateway-statusaddress-service-name">providers.kubernetesgateway.statusaddress.service.name</a> | Name of the Kubernetes service. | |
+| <a id="opt-providers-kubernetesgateway-statusaddress-service-namespace" href="#opt-providers-kubernetesgateway-statusaddress-service-namespace" title="#opt-providers-kubernetesgateway-statusaddress-service-namespace">providers.kubernetesgateway.statusaddress.service.namespace</a> | Namespace of the Kubernetes service. | |
+| <a id="opt-providers-kubernetesgateway-throttleduration" href="#opt-providers-kubernetesgateway-throttleduration" title="#opt-providers-kubernetesgateway-throttleduration">providers.kubernetesgateway.throttleduration</a> | Kubernetes refresh throttle duration | 0 |
+| <a id="opt-providers-kubernetesgateway-token" href="#opt-providers-kubernetesgateway-token" title="#opt-providers-kubernetesgateway-token">providers.kubernetesgateway.token</a> | Kubernetes bearer token (not needed for in-cluster client). It accepts either a token value or a file path to the token. | |
+| <a id="opt-providers-kubernetesingress" href="#opt-providers-kubernetesingress" title="#opt-providers-kubernetesingress">providers.kubernetesingress</a> | Enables Kubernetes Ingress provider. | false |
+| <a id="opt-providers-kubernetesingress-allowemptyservices" href="#opt-providers-kubernetesingress-allowemptyservices" title="#opt-providers-kubernetesingress-allowemptyservices">providers.kubernetesingress.allowemptyservices</a> | Allow creation of services without endpoints. | false |
+| <a id="opt-providers-kubernetesingress-allowexternalnameservices" href="#opt-providers-kubernetesingress-allowexternalnameservices" title="#opt-providers-kubernetesingress-allowexternalnameservices">providers.kubernetesingress.allowexternalnameservices</a> | Allow ExternalName services. | false |
+| <a id="opt-providers-kubernetesingress-certauthfilepath" href="#opt-providers-kubernetesingress-certauthfilepath" title="#opt-providers-kubernetesingress-certauthfilepath">providers.kubernetesingress.certauthfilepath</a> | Kubernetes certificate authority file path (not needed for in-cluster client). | |
+| <a id="opt-providers-kubernetesingress-disableclusterscoperesources" href="#opt-providers-kubernetesingress-disableclusterscoperesources" title="#opt-providers-kubernetesingress-disableclusterscoperesources">providers.kubernetesingress.disableclusterscoperesources</a> | Disables the lookup of cluster scope resources (incompatible with IngressClasses and NodePortLB enabled services). | false |
+| <a id="opt-providers-kubernetesingress-disableingressclasslookup" href="#opt-providers-kubernetesingress-disableingressclasslookup" title="#opt-providers-kubernetesingress-disableingressclasslookup">providers.kubernetesingress.disableingressclasslookup</a> | Disables the lookup of IngressClasses (Deprecated, please use DisableClusterScopeResources). | false |
+| <a id="opt-providers-kubernetesingress-endpoint" href="#opt-providers-kubernetesingress-endpoint" title="#opt-providers-kubernetesingress-endpoint">providers.kubernetesingress.endpoint</a> | Kubernetes server endpoint (required for external cluster client). | |
+| <a id="opt-providers-kubernetesingress-ingressclass" href="#opt-providers-kubernetesingress-ingressclass" title="#opt-providers-kubernetesingress-ingressclass">providers.kubernetesingress.ingressclass</a> | Value of kubernetes.io/ingress.class annotation or IngressClass name to watch for. | |
+| <a id="opt-providers-kubernetesingress-ingressendpoint-hostname" href="#opt-providers-kubernetesingress-ingressendpoint-hostname" title="#opt-providers-kubernetesingress-ingressendpoint-hostname">providers.kubernetesingress.ingressendpoint.hostname</a> | Hostname used for Kubernetes Ingress endpoints. | |
+| <a id="opt-providers-kubernetesingress-ingressendpoint-ip" href="#opt-providers-kubernetesingress-ingressendpoint-ip" title="#opt-providers-kubernetesingress-ingressendpoint-ip">providers.kubernetesingress.ingressendpoint.ip</a> | IP used for Kubernetes Ingress endpoints. | |
+| <a id="opt-providers-kubernetesingress-ingressendpoint-publishedservice" href="#opt-providers-kubernetesingress-ingressendpoint-publishedservice" title="#opt-providers-kubernetesingress-ingressendpoint-publishedservice">providers.kubernetesingress.ingressendpoint.publishedservice</a> | Published Kubernetes Service to copy status from. | |
+| <a id="opt-providers-kubernetesingress-labelselector" href="#opt-providers-kubernetesingress-labelselector" title="#opt-providers-kubernetesingress-labelselector">providers.kubernetesingress.labelselector</a> | Kubernetes Ingress label selector to use. | |
+| <a id="opt-providers-kubernetesingress-namespaces" href="#opt-providers-kubernetesingress-namespaces" title="#opt-providers-kubernetesingress-namespaces">providers.kubernetesingress.namespaces</a> | Kubernetes namespaces. | |
+| <a id="opt-providers-kubernetesingress-nativelbbydefault" href="#opt-providers-kubernetesingress-nativelbbydefault" title="#opt-providers-kubernetesingress-nativelbbydefault">providers.kubernetesingress.nativelbbydefault</a> | Defines whether to use Native Kubernetes load-balancing mode by default. | false |
+| <a id="opt-providers-kubernetesingress-strictprefixmatching" href="#opt-providers-kubernetesingress-strictprefixmatching" title="#opt-providers-kubernetesingress-strictprefixmatching">providers.kubernetesingress.strictprefixmatching</a> | Make prefix matching strictly comply with the Kubernetes Ingress specification (path-element-wise matching instead of character-by-character string matching). | false |
+| <a id="opt-providers-kubernetesingress-throttleduration" href="#opt-providers-kubernetesingress-throttleduration" title="#opt-providers-kubernetesingress-throttleduration">providers.kubernetesingress.throttleduration</a> | Ingress refresh throttle duration | 0 |
+| <a id="opt-providers-kubernetesingress-token" href="#opt-providers-kubernetesingress-token" title="#opt-providers-kubernetesingress-token">providers.kubernetesingress.token</a> | Kubernetes bearer token (not needed for in-cluster client). It accepts either a token value or a file path to the token. | |
+| <a id="opt-providers-kubernetesingressnginx" href="#opt-providers-kubernetesingressnginx" title="#opt-providers-kubernetesingressnginx">providers.kubernetesingressnginx</a> | Enables Kubernetes Ingress NGINX provider. | false |
+| <a id="opt-providers-kubernetesingressnginx-certauthfilepath" href="#opt-providers-kubernetesingressnginx-certauthfilepath" title="#opt-providers-kubernetesingressnginx-certauthfilepath">providers.kubernetesingressnginx.certauthfilepath</a> | Kubernetes certificate authority file path (not needed for in-cluster client). | |
+| <a id="opt-providers-kubernetesingressnginx-controllerclass" href="#opt-providers-kubernetesingressnginx-controllerclass" title="#opt-providers-kubernetesingressnginx-controllerclass">providers.kubernetesingressnginx.controllerclass</a> | Ingress Class Controller value this controller satisfies. | k8s.io/ingress-nginx |
+| <a id="opt-providers-kubernetesingressnginx-defaultbackendservice" href="#opt-providers-kubernetesingressnginx-defaultbackendservice" title="#opt-providers-kubernetesingressnginx-defaultbackendservice">providers.kubernetesingressnginx.defaultbackendservice</a> | Service used to serve HTTP requests not matching any known server name (catch-all). Takes the form 'namespace/name'. | |
+| <a id="opt-providers-kubernetesingressnginx-disablesvcexternalname" href="#opt-providers-kubernetesingressnginx-disablesvcexternalname" title="#opt-providers-kubernetesingressnginx-disablesvcexternalname">providers.kubernetesingressnginx.disablesvcexternalname</a> | Disable support for Services of type ExternalName. | false |
+| <a id="opt-providers-kubernetesingressnginx-endpoint" href="#opt-providers-kubernetesingressnginx-endpoint" title="#opt-providers-kubernetesingressnginx-endpoint">providers.kubernetesingressnginx.endpoint</a> | Kubernetes server endpoint (required for external cluster client). | |
+| <a id="opt-providers-kubernetesingressnginx-ingressclass" href="#opt-providers-kubernetesingressnginx-ingressclass" title="#opt-providers-kubernetesingressnginx-ingressclass">providers.kubernetesingressnginx.ingressclass</a> | Name of the ingress class this controller satisfies. | nginx |
+| <a id="opt-providers-kubernetesingressnginx-ingressclassbyname" href="#opt-providers-kubernetesingressnginx-ingressclassbyname" title="#opt-providers-kubernetesingressnginx-ingressclassbyname">providers.kubernetesingressnginx.ingressclassbyname</a> | Define if Ingress Controller should watch for Ingress Class by Name together with Controller Class. | false |
+| <a id="opt-providers-kubernetesingressnginx-publishservice" href="#opt-providers-kubernetesingressnginx-publishservice" title="#opt-providers-kubernetesingressnginx-publishservice">providers.kubernetesingressnginx.publishservice</a> | Service fronting the Ingress controller. Takes the form 'namespace/name'. | |
+| <a id="opt-providers-kubernetesingressnginx-publishstatusaddress" href="#opt-providers-kubernetesingressnginx-publishstatusaddress" title="#opt-providers-kubernetesingressnginx-publishstatusaddress">providers.kubernetesingressnginx.publishstatusaddress</a> | Customized address (or addresses, separated by comma) to set as the load-balancer status of Ingress objects this controller satisfies. | |
+| <a id="opt-providers-kubernetesingressnginx-throttleduration" href="#opt-providers-kubernetesingressnginx-throttleduration" title="#opt-providers-kubernetesingressnginx-throttleduration">providers.kubernetesingressnginx.throttleduration</a> | Ingress refresh throttle duration. | 0 |
+| <a id="opt-providers-kubernetesingressnginx-token" href="#opt-providers-kubernetesingressnginx-token" title="#opt-providers-kubernetesingressnginx-token">providers.kubernetesingressnginx.token</a> | Kubernetes bearer token (not needed for in-cluster client). It accepts either a token value or a file path to the token. | |
+| <a id="opt-providers-kubernetesingressnginx-watchingresswithoutclass" href="#opt-providers-kubernetesingressnginx-watchingresswithoutclass" title="#opt-providers-kubernetesingressnginx-watchingresswithoutclass">providers.kubernetesingressnginx.watchingresswithoutclass</a> | Define if Ingress Controller should also watch for Ingresses without an IngressClass or the annotation specified. | false |
+| <a id="opt-providers-kubernetesingressnginx-watchnamespace" href="#opt-providers-kubernetesingressnginx-watchnamespace" title="#opt-providers-kubernetesingressnginx-watchnamespace">providers.kubernetesingressnginx.watchnamespace</a> | Namespace the controller watches for updates to Kubernetes objects. All namespaces are watched if this parameter is left empty. | |
+| <a id="opt-providers-kubernetesingressnginx-watchnamespaceselector" href="#opt-providers-kubernetesingressnginx-watchnamespaceselector" title="#opt-providers-kubernetesingressnginx-watchnamespaceselector">providers.kubernetesingressnginx.watchnamespaceselector</a> | Selector selects namespaces the controller watches for updates to Kubernetes objects. | |
+| <a id="opt-providers-nomad" href="#opt-providers-nomad" title="#opt-providers-nomad">providers.nomad</a> | Enables Nomad provider. | false |
+| <a id="opt-providers-nomad-allowemptyservices" href="#opt-providers-nomad-allowemptyservices" title="#opt-providers-nomad-allowemptyservices">providers.nomad.allowemptyservices</a> | Allow the creation of services without endpoints. | false |
+| <a id="opt-providers-nomad-constraints" href="#opt-providers-nomad-constraints" title="#opt-providers-nomad-constraints">providers.nomad.constraints</a> | Constraints is an expression that Traefik matches against the Nomad service's tags to determine whether to create route(s) for that service. | |
+| <a id="opt-providers-nomad-defaultrule" href="#opt-providers-nomad-defaultrule" title="#opt-providers-nomad-defaultrule">providers.nomad.defaultrule</a> | Default rule. | Host(`{{ normalize .Name }}`) |
+| <a id="opt-providers-nomad-endpoint-address" href="#opt-providers-nomad-endpoint-address" title="#opt-providers-nomad-endpoint-address">providers.nomad.endpoint.address</a> | The address of the Nomad server, including scheme and port. | http://127.0.0.1:4646 |
+| <a id="opt-providers-nomad-endpoint-endpointwaittime" href="#opt-providers-nomad-endpoint-endpointwaittime" title="#opt-providers-nomad-endpoint-endpointwaittime">providers.nomad.endpoint.endpointwaittime</a> | WaitTime limits how long a Watch will block. If not provided, the agent default values will be used | 0 |
+| <a id="opt-providers-nomad-endpoint-region" href="#opt-providers-nomad-endpoint-region" title="#opt-providers-nomad-endpoint-region">providers.nomad.endpoint.region</a> | Nomad region to use. If not provided, the local agent region is used. | |
+| <a id="opt-providers-nomad-endpoint-tls-ca" href="#opt-providers-nomad-endpoint-tls-ca" title="#opt-providers-nomad-endpoint-tls-ca">providers.nomad.endpoint.tls.ca</a> | TLS CA | |
+| <a id="opt-providers-nomad-endpoint-tls-cert" href="#opt-providers-nomad-endpoint-tls-cert" title="#opt-providers-nomad-endpoint-tls-cert">providers.nomad.endpoint.tls.cert</a> | TLS cert | |
+| <a id="opt-providers-nomad-endpoint-tls-insecureskipverify" href="#opt-providers-nomad-endpoint-tls-insecureskipverify" title="#opt-providers-nomad-endpoint-tls-insecureskipverify">providers.nomad.endpoint.tls.insecureskipverify</a> | TLS insecure skip verify | false |
+| <a id="opt-providers-nomad-endpoint-tls-key" href="#opt-providers-nomad-endpoint-tls-key" title="#opt-providers-nomad-endpoint-tls-key">providers.nomad.endpoint.tls.key</a> | TLS key | |
+| <a id="opt-providers-nomad-endpoint-token" href="#opt-providers-nomad-endpoint-token" title="#opt-providers-nomad-endpoint-token">providers.nomad.endpoint.token</a> | Token is used to provide a per-request ACL token. | |
+| <a id="opt-providers-nomad-exposedbydefault" href="#opt-providers-nomad-exposedbydefault" title="#opt-providers-nomad-exposedbydefault">providers.nomad.exposedbydefault</a> | Expose Nomad services by default. | true |
+| <a id="opt-providers-nomad-namespaces" href="#opt-providers-nomad-namespaces" title="#opt-providers-nomad-namespaces">providers.nomad.namespaces</a> | Sets the Nomad namespaces used to discover services. | |
+| <a id="opt-providers-nomad-prefix" href="#opt-providers-nomad-prefix" title="#opt-providers-nomad-prefix">providers.nomad.prefix</a> | Prefix for nomad service tags. | traefik |
+| <a id="opt-providers-nomad-refreshinterval" href="#opt-providers-nomad-refreshinterval" title="#opt-providers-nomad-refreshinterval">providers.nomad.refreshinterval</a> | Interval for polling Nomad API. | 15 |
+| <a id="opt-providers-nomad-stale" href="#opt-providers-nomad-stale" title="#opt-providers-nomad-stale">providers.nomad.stale</a> | Use stale consistency for catalog reads. | false |
+| <a id="opt-providers-nomad-throttleduration" href="#opt-providers-nomad-throttleduration" title="#opt-providers-nomad-throttleduration">providers.nomad.throttleduration</a> | Watch throttle duration. | 0 |
+| <a id="opt-providers-nomad-watch" href="#opt-providers-nomad-watch" title="#opt-providers-nomad-watch">providers.nomad.watch</a> | Watch Nomad Service events. | false |
+| <a id="opt-providers-plugin-name" href="#opt-providers-plugin-name" title="#opt-providers-plugin-name">providers.plugin._name_</a> | Plugins configuration. | |
+| <a id="opt-providers-providersthrottleduration" href="#opt-providers-providersthrottleduration" title="#opt-providers-providersthrottleduration">providers.providersthrottleduration</a> | Backends throttle duration: minimum duration between 2 events from providers before applying a new configuration. It avoids unnecessary reloads if multiples events are sent in a short amount of time. | 2 |
+| <a id="opt-providers-redis" href="#opt-providers-redis" title="#opt-providers-redis">providers.redis</a> | Enables Redis provider. | false |
+| <a id="opt-providers-redis-db" href="#opt-providers-redis-db" title="#opt-providers-redis-db">providers.redis.db</a> | Database to be selected after connecting to the server. | 0 |
+| <a id="opt-providers-redis-endpoints" href="#opt-providers-redis-endpoints" title="#opt-providers-redis-endpoints">providers.redis.endpoints</a> | KV store endpoints. | 127.0.0.1:6379 |
+| <a id="opt-providers-redis-password" href="#opt-providers-redis-password" title="#opt-providers-redis-password">providers.redis.password</a> | Password for authentication. | |
+| <a id="opt-providers-redis-rootkey" href="#opt-providers-redis-rootkey" title="#opt-providers-redis-rootkey">providers.redis.rootkey</a> | Root key used for KV store. | traefik |
+| <a id="opt-providers-redis-sentinel-latencystrategy" href="#opt-providers-redis-sentinel-latencystrategy" title="#opt-providers-redis-sentinel-latencystrategy">providers.redis.sentinel.latencystrategy</a> | Defines whether to route commands to the closest master or replica nodes (mutually exclusive with RandomStrategy and ReplicaStrategy). | false |
+| <a id="opt-providers-redis-sentinel-mastername" href="#opt-providers-redis-sentinel-mastername" title="#opt-providers-redis-sentinel-mastername">providers.redis.sentinel.mastername</a> | Name of the master. | |
+| <a id="opt-providers-redis-sentinel-password" href="#opt-providers-redis-sentinel-password" title="#opt-providers-redis-sentinel-password">providers.redis.sentinel.password</a> | Password for Sentinel authentication. | |
+| <a id="opt-providers-redis-sentinel-randomstrategy" href="#opt-providers-redis-sentinel-randomstrategy" title="#opt-providers-redis-sentinel-randomstrategy">providers.redis.sentinel.randomstrategy</a> | Defines whether to route commands randomly to master or replica nodes (mutually exclusive with LatencyStrategy and ReplicaStrategy). | false |
+| <a id="opt-providers-redis-sentinel-replicastrategy" href="#opt-providers-redis-sentinel-replicastrategy" title="#opt-providers-redis-sentinel-replicastrategy">providers.redis.sentinel.replicastrategy</a> | Defines whether to route all commands to replica nodes (mutually exclusive with LatencyStrategy and RandomStrategy). | false |
+| <a id="opt-providers-redis-sentinel-usedisconnectedreplicas" href="#opt-providers-redis-sentinel-usedisconnectedreplicas" title="#opt-providers-redis-sentinel-usedisconnectedreplicas">providers.redis.sentinel.usedisconnectedreplicas</a> | Use replicas disconnected with master when cannot get connected replicas. | false |
+| <a id="opt-providers-redis-sentinel-username" href="#opt-providers-redis-sentinel-username" title="#opt-providers-redis-sentinel-username">providers.redis.sentinel.username</a> | Username for Sentinel authentication. | |
+| <a id="opt-providers-redis-tls-ca" href="#opt-providers-redis-tls-ca" title="#opt-providers-redis-tls-ca">providers.redis.tls.ca</a> | TLS CA | |
+| <a id="opt-providers-redis-tls-cert" href="#opt-providers-redis-tls-cert" title="#opt-providers-redis-tls-cert">providers.redis.tls.cert</a> | TLS cert | |
+| <a id="opt-providers-redis-tls-insecureskipverify" href="#opt-providers-redis-tls-insecureskipverify" title="#opt-providers-redis-tls-insecureskipverify">providers.redis.tls.insecureskipverify</a> | TLS insecure skip verify | false |
+| <a id="opt-providers-redis-tls-key" href="#opt-providers-redis-tls-key" title="#opt-providers-redis-tls-key">providers.redis.tls.key</a> | TLS key | |
+| <a id="opt-providers-redis-username" href="#opt-providers-redis-username" title="#opt-providers-redis-username">providers.redis.username</a> | Username for authentication. | |
+| <a id="opt-providers-rest" href="#opt-providers-rest" title="#opt-providers-rest">providers.rest</a> | Enables Rest provider. | false |
+| <a id="opt-providers-rest-insecure" href="#opt-providers-rest-insecure" title="#opt-providers-rest-insecure">providers.rest.insecure</a> | Activate REST Provider directly on the entryPoint named traefik. | false |
+| <a id="opt-providers-swarm" href="#opt-providers-swarm" title="#opt-providers-swarm">providers.swarm</a> | Enables Docker Swarm provider. | false |
+| <a id="opt-providers-swarm-allowemptyservices" href="#opt-providers-swarm-allowemptyservices" title="#opt-providers-swarm-allowemptyservices">providers.swarm.allowemptyservices</a> | Disregards the Docker containers health checks with respect to the creation or removal of the corresponding services. | false |
+| <a id="opt-providers-swarm-constraints" href="#opt-providers-swarm-constraints" title="#opt-providers-swarm-constraints">providers.swarm.constraints</a> | Constraints is an expression that Traefik matches against the container's labels to determine whether to create any route for that container. | |
+| <a id="opt-providers-swarm-defaultrule" href="#opt-providers-swarm-defaultrule" title="#opt-providers-swarm-defaultrule">providers.swarm.defaultrule</a> | Default rule. | Host(`{{ normalize .Name }}`) |
+| <a id="opt-providers-swarm-endpoint" href="#opt-providers-swarm-endpoint" title="#opt-providers-swarm-endpoint">providers.swarm.endpoint</a> | Docker server endpoint. Can be a TCP or a Unix socket endpoint. | unix:///var/run/docker.sock |
+| <a id="opt-providers-swarm-exposedbydefault" href="#opt-providers-swarm-exposedbydefault" title="#opt-providers-swarm-exposedbydefault">providers.swarm.exposedbydefault</a> | Expose containers by default. | true |
+| <a id="opt-providers-swarm-httpclienttimeout" href="#opt-providers-swarm-httpclienttimeout" title="#opt-providers-swarm-httpclienttimeout">providers.swarm.httpclienttimeout</a> | Client timeout for HTTP connections. | 0 |
+| <a id="opt-providers-swarm-network" href="#opt-providers-swarm-network" title="#opt-providers-swarm-network">providers.swarm.network</a> | Default Docker network used. | |
+| <a id="opt-providers-swarm-password" href="#opt-providers-swarm-password" title="#opt-providers-swarm-password">providers.swarm.password</a> | Password for Basic HTTP authentication. | |
+| <a id="opt-providers-swarm-refreshseconds" href="#opt-providers-swarm-refreshseconds" title="#opt-providers-swarm-refreshseconds">providers.swarm.refreshseconds</a> | Polling interval for swarm mode. | 15 |
+| <a id="opt-providers-swarm-tls-ca" href="#opt-providers-swarm-tls-ca" title="#opt-providers-swarm-tls-ca">providers.swarm.tls.ca</a> | TLS CA | |
+| <a id="opt-providers-swarm-tls-cert" href="#opt-providers-swarm-tls-cert" title="#opt-providers-swarm-tls-cert">providers.swarm.tls.cert</a> | TLS cert | |
+| <a id="opt-providers-swarm-tls-insecureskipverify" href="#opt-providers-swarm-tls-insecureskipverify" title="#opt-providers-swarm-tls-insecureskipverify">providers.swarm.tls.insecureskipverify</a> | TLS insecure skip verify | false |
+| <a id="opt-providers-swarm-tls-key" href="#opt-providers-swarm-tls-key" title="#opt-providers-swarm-tls-key">providers.swarm.tls.key</a> | TLS key | |
+| <a id="opt-providers-swarm-usebindportip" href="#opt-providers-swarm-usebindportip" title="#opt-providers-swarm-usebindportip">providers.swarm.usebindportip</a> | Use the ip address from the bound port, rather than from the inner network. | false |
+| <a id="opt-providers-swarm-username" href="#opt-providers-swarm-username" title="#opt-providers-swarm-username">providers.swarm.username</a> | Username for Basic HTTP authentication. | |
+| <a id="opt-providers-swarm-watch" href="#opt-providers-swarm-watch" title="#opt-providers-swarm-watch">providers.swarm.watch</a> | Watch Docker events. | true |
+| <a id="opt-providers-zookeeper" href="#opt-providers-zookeeper" title="#opt-providers-zookeeper">providers.zookeeper</a> | Enables ZooKeeper provider. | false |
+| <a id="opt-providers-zookeeper-endpoints" href="#opt-providers-zookeeper-endpoints" title="#opt-providers-zookeeper-endpoints">providers.zookeeper.endpoints</a> | KV store endpoints. | 127.0.0.1:2181 |
+| <a id="opt-providers-zookeeper-password" href="#opt-providers-zookeeper-password" title="#opt-providers-zookeeper-password">providers.zookeeper.password</a> | Password for authentication. | |
+| <a id="opt-providers-zookeeper-rootkey" href="#opt-providers-zookeeper-rootkey" title="#opt-providers-zookeeper-rootkey">providers.zookeeper.rootkey</a> | Root key used for KV store. | traefik |
+| <a id="opt-providers-zookeeper-username" href="#opt-providers-zookeeper-username" title="#opt-providers-zookeeper-username">providers.zookeeper.username</a> | Username for authentication. | |
+| <a id="opt-serverstransport-forwardingtimeouts-dialtimeout" href="#opt-serverstransport-forwardingtimeouts-dialtimeout" title="#opt-serverstransport-forwardingtimeouts-dialtimeout">serverstransport.forwardingtimeouts.dialtimeout</a> | The amount of time to wait until a connection to a backend server can be established. If zero, no timeout exists. | 30 |
+| <a id="opt-serverstransport-forwardingtimeouts-idleconntimeout" href="#opt-serverstransport-forwardingtimeouts-idleconntimeout" title="#opt-serverstransport-forwardingtimeouts-idleconntimeout">serverstransport.forwardingtimeouts.idleconntimeout</a> | The maximum period for which an idle HTTP keep-alive connection will remain open before closing itself | 90 |
+| <a id="opt-serverstransport-forwardingtimeouts-responseheadertimeout" href="#opt-serverstransport-forwardingtimeouts-responseheadertimeout" title="#opt-serverstransport-forwardingtimeouts-responseheadertimeout">serverstransport.forwardingtimeouts.responseheadertimeout</a> | The amount of time to wait for a server's response headers after fully writing the request (including its body, if any). If zero, no timeout exists. | 0 |
+| <a id="opt-serverstransport-insecureskipverify" href="#opt-serverstransport-insecureskipverify" title="#opt-serverstransport-insecureskipverify">serverstransport.insecureskipverify</a> | Disable SSL certificate verification. | false |
+| <a id="opt-serverstransport-maxidleconnsperhost" href="#opt-serverstransport-maxidleconnsperhost" title="#opt-serverstransport-maxidleconnsperhost">serverstransport.maxidleconnsperhost</a> | If non-zero, controls the maximum idle (keep-alive) to keep per-host. If zero, DefaultMaxIdleConnsPerHost is used. If negative, disables connection reuse. | 200 |
+| <a id="opt-serverstransport-rootcas" href="#opt-serverstransport-rootcas" title="#opt-serverstransport-rootcas">serverstransport.rootcas</a> | Add cert file for self-signed certificate. | |
+| <a id="opt-serverstransport-spiffe" href="#opt-serverstransport-spiffe" title="#opt-serverstransport-spiffe">serverstransport.spiffe</a> | Defines the SPIFFE configuration. | false |
+| <a id="opt-serverstransport-spiffe-ids" href="#opt-serverstransport-spiffe-ids" title="#opt-serverstransport-spiffe-ids">serverstransport.spiffe.ids</a> | Defines the allowed SPIFFE IDs (takes precedence over the SPIFFE TrustDomain). | |
+| <a id="opt-serverstransport-spiffe-trustdomain" href="#opt-serverstransport-spiffe-trustdomain" title="#opt-serverstransport-spiffe-trustdomain">serverstransport.spiffe.trustdomain</a> | Defines the allowed SPIFFE trust domain. | |
+| <a id="opt-spiffe-workloadapiaddr" href="#opt-spiffe-workloadapiaddr" title="#opt-spiffe-workloadapiaddr">spiffe.workloadapiaddr</a> | Defines the workload API address. | |
+| <a id="opt-tcpserverstransport-dialkeepalive" href="#opt-tcpserverstransport-dialkeepalive" title="#opt-tcpserverstransport-dialkeepalive">tcpserverstransport.dialkeepalive</a> | Defines the interval between keep-alive probes for an active network connection. If zero, keep-alive probes are sent with a default value (currently 15 seconds), if supported by the protocol and operating system. Network protocols or operating systems that do not support keep-alives ignore this field. If negative, keep-alive probes are disabled | 15 |
+| <a id="opt-tcpserverstransport-dialtimeout" href="#opt-tcpserverstransport-dialtimeout" title="#opt-tcpserverstransport-dialtimeout">tcpserverstransport.dialtimeout</a> | Defines the amount of time to wait until a connection to a backend server can be established. If zero, no timeout exists. | 30 |
+| <a id="opt-tcpserverstransport-terminationdelay" href="#opt-tcpserverstransport-terminationdelay" title="#opt-tcpserverstransport-terminationdelay">tcpserverstransport.terminationdelay</a> | Defines the delay to wait before fully terminating the connection, after one connected peer has closed its writing capability. | 0 |
+| <a id="opt-tcpserverstransport-tls" href="#opt-tcpserverstransport-tls" title="#opt-tcpserverstransport-tls">tcpserverstransport.tls</a> | Defines the TLS configuration. | false |
+| <a id="opt-tcpserverstransport-tls-insecureskipverify" href="#opt-tcpserverstransport-tls-insecureskipverify" title="#opt-tcpserverstransport-tls-insecureskipverify">tcpserverstransport.tls.insecureskipverify</a> | Disables SSL certificate verification. | false |
+| <a id="opt-tcpserverstransport-tls-rootcas" href="#opt-tcpserverstransport-tls-rootcas" title="#opt-tcpserverstransport-tls-rootcas">tcpserverstransport.tls.rootcas</a> | Defines a list of CA secret used to validate self-signed certificate | |
+| <a id="opt-tcpserverstransport-tls-spiffe" href="#opt-tcpserverstransport-tls-spiffe" title="#opt-tcpserverstransport-tls-spiffe">tcpserverstransport.tls.spiffe</a> | Defines the SPIFFE TLS configuration. | false |
+| <a id="opt-tcpserverstransport-tls-spiffe-ids" href="#opt-tcpserverstransport-tls-spiffe-ids" title="#opt-tcpserverstransport-tls-spiffe-ids">tcpserverstransport.tls.spiffe.ids</a> | Defines the allowed SPIFFE IDs (takes precedence over the SPIFFE TrustDomain). | |
+| <a id="opt-tcpserverstransport-tls-spiffe-trustdomain" href="#opt-tcpserverstransport-tls-spiffe-trustdomain" title="#opt-tcpserverstransport-tls-spiffe-trustdomain">tcpserverstransport.tls.spiffe.trustdomain</a> | Defines the allowed SPIFFE trust domain. | |
+| <a id="opt-tracing" href="#opt-tracing" title="#opt-tracing">tracing</a> | Tracing configuration. | false |
+| <a id="opt-tracing-addinternals" href="#opt-tracing-addinternals" title="#opt-tracing-addinternals">tracing.addinternals</a> | Enables tracing for internal services (ping, dashboard, etc...). | false |
+| <a id="opt-tracing-capturedrequestheaders" href="#opt-tracing-capturedrequestheaders" title="#opt-tracing-capturedrequestheaders">tracing.capturedrequestheaders</a> | Request headers to add as attributes for server and client spans. | |
+| <a id="opt-tracing-capturedresponseheaders" href="#opt-tracing-capturedresponseheaders" title="#opt-tracing-capturedresponseheaders">tracing.capturedresponseheaders</a> | Response headers to add as attributes for server and client spans. | |
+| <a id="opt-tracing-globalattributes-name" href="#opt-tracing-globalattributes-name" title="#opt-tracing-globalattributes-name">tracing.globalattributes._name_</a> | (Deprecated) Defines additional resource attributes (key:value). | |
+| <a id="opt-tracing-otlp" href="#opt-tracing-otlp" title="#opt-tracing-otlp">tracing.otlp</a> | Settings for OpenTelemetry. | false |
+| <a id="opt-tracing-otlp-grpc" href="#opt-tracing-otlp-grpc" title="#opt-tracing-otlp-grpc">tracing.otlp.grpc</a> | gRPC configuration for the OpenTelemetry collector. | false |
+| <a id="opt-tracing-otlp-grpc-endpoint" href="#opt-tracing-otlp-grpc-endpoint" title="#opt-tracing-otlp-grpc-endpoint">tracing.otlp.grpc.endpoint</a> | Sets the gRPC endpoint (host:port) of the collector. | localhost:4317 |
+| <a id="opt-tracing-otlp-grpc-headers-name" href="#opt-tracing-otlp-grpc-headers-name" title="#opt-tracing-otlp-grpc-headers-name">tracing.otlp.grpc.headers._name_</a> | Headers sent with payload. | |
+| <a id="opt-tracing-otlp-grpc-insecure" href="#opt-tracing-otlp-grpc-insecure" title="#opt-tracing-otlp-grpc-insecure">tracing.otlp.grpc.insecure</a> | Disables client transport security for the exporter. | false |
+| <a id="opt-tracing-otlp-grpc-tls-ca" href="#opt-tracing-otlp-grpc-tls-ca" title="#opt-tracing-otlp-grpc-tls-ca">tracing.otlp.grpc.tls.ca</a> | TLS CA | |
+| <a id="opt-tracing-otlp-grpc-tls-cert" href="#opt-tracing-otlp-grpc-tls-cert" title="#opt-tracing-otlp-grpc-tls-cert">tracing.otlp.grpc.tls.cert</a> | TLS cert | |
+| <a id="opt-tracing-otlp-grpc-tls-insecureskipverify" href="#opt-tracing-otlp-grpc-tls-insecureskipverify" title="#opt-tracing-otlp-grpc-tls-insecureskipverify">tracing.otlp.grpc.tls.insecureskipverify</a> | TLS insecure skip verify | false |
+| <a id="opt-tracing-otlp-grpc-tls-key" href="#opt-tracing-otlp-grpc-tls-key" title="#opt-tracing-otlp-grpc-tls-key">tracing.otlp.grpc.tls.key</a> | TLS key | |
+| <a id="opt-tracing-otlp-http" href="#opt-tracing-otlp-http" title="#opt-tracing-otlp-http">tracing.otlp.http</a> | HTTP configuration for the OpenTelemetry collector. | false |
+| <a id="opt-tracing-otlp-http-endpoint" href="#opt-tracing-otlp-http-endpoint" title="#opt-tracing-otlp-http-endpoint">tracing.otlp.http.endpoint</a> | Sets the HTTP endpoint (scheme://host:port/path) of the collector. | https://localhost:4318 |
+| <a id="opt-tracing-otlp-http-headers-name" href="#opt-tracing-otlp-http-headers-name" title="#opt-tracing-otlp-http-headers-name">tracing.otlp.http.headers._name_</a> | Headers sent with payload. | |
+| <a id="opt-tracing-otlp-http-tls-ca" href="#opt-tracing-otlp-http-tls-ca" title="#opt-tracing-otlp-http-tls-ca">tracing.otlp.http.tls.ca</a> | TLS CA | |
+| <a id="opt-tracing-otlp-http-tls-cert" href="#opt-tracing-otlp-http-tls-cert" title="#opt-tracing-otlp-http-tls-cert">tracing.otlp.http.tls.cert</a> | TLS cert | |
+| <a id="opt-tracing-otlp-http-tls-insecureskipverify" href="#opt-tracing-otlp-http-tls-insecureskipverify" title="#opt-tracing-otlp-http-tls-insecureskipverify">tracing.otlp.http.tls.insecureskipverify</a> | TLS insecure skip verify | false |
+| <a id="opt-tracing-otlp-http-tls-key" href="#opt-tracing-otlp-http-tls-key" title="#opt-tracing-otlp-http-tls-key">tracing.otlp.http.tls.key</a> | TLS key | |
+| <a id="opt-tracing-resourceattributes-name" href="#opt-tracing-resourceattributes-name" title="#opt-tracing-resourceattributes-name">tracing.resourceattributes._name_</a> | Defines additional resource attributes (key:value). | |
+| <a id="opt-tracing-safequeryparams" href="#opt-tracing-safequeryparams" title="#opt-tracing-safequeryparams">tracing.safequeryparams</a> | Query params to not redact. | |
+| <a id="opt-tracing-samplerate" href="#opt-tracing-samplerate" title="#opt-tracing-samplerate">tracing.samplerate</a> | Sets the rate between 0.0 and 1.0 of requests to trace. | 1.000000 |
+| <a id="opt-tracing-servicename" href="#opt-tracing-servicename" title="#opt-tracing-servicename">tracing.servicename</a> | Defines the service name resource attribute. | traefik |
--- a/docs/content/reference/install-configuration/entrypoints.md
+++ b/docs/content/reference/install-configuration/entrypoints.md
@@ -25,10 +25,11 @@ entryPoints:

  websecure:
    address: :443
-    tls: {}
-    middlewares:
-      - auth@kubernetescrd
-      - strip@kubernetescrd
+    http:
+      tls: {}
+      middlewares:
+        - auth@kubernetescrd
+        - strip@kubernetescrd
 ```

 ```toml tab="File (TOML)"
@@ -85,38 +86,38 @@ additionalArguments:

 | Field                                                           | Description                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         | Default                 | Required |
 |:----------------------------------------------------------------|:------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:------------------------|:---------|
-| `address`                                                       | Define the port, and optionally the hostname, on which to listen for incoming connections and packets.<br /> It also defines the protocol to use (TCP or UDP).<br /> If no protocol is specified, the default is TCP. The format is:`[host]:port[/tcp\|/udp]                                                                                                                                                                                                                                                                                                                                                                                                                        | -                       | Yes      |
-| `asDefault`                                                     | Mark the `entryPoint` to be in the list of default `entryPoints`.<br /> `entryPoints`in this list are used (by default) on HTTP and TCP routers that do not define their own `entryPoints` option.<br /> More information [here](#asdefault).                                                                                                                                                                                                                                                                                                                                                                                                                                       | false                   | No       |
-| `forwardedHeaders.trustedIPs`                                   | Set the IPs or CIDR from where Traefik trusts the forwarded headers information (`X-Forwarded-*`).                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  | -                       | No       |
-| `forwardedHeaders.insecure`                                     | Set the insecure mode to always trust the forwarded headers information (`X-Forwarded-*`).<br />We recommend to use this option only for tests purposes, not in production.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         | false                   | No       |
-| `http.redirections.`<br />`entryPoint.to`                       | The target element to enable (permanent) redirecting of all incoming requests on an entry point to another one. <br /> The target element can be an entry point name (ex: `websecure`), or a port (`:443`).                                                                                                                                                                                                                                                                                                                                                                                                                                                                         | -                       | Yes      |
-| `http.redirections.`<br />`entryPoint.scheme`                   | The target scheme to use for (permanent) redirection of all incoming requests.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      | https                   | No       |
-| `http.redirections.`<br />`entryPoint.permanent`                | Enable permanent redirecting of all incoming requests on an entry point to another one changing the scheme. <br /> The target element, it can be an entry point name (ex: `websecure`), or a port (`:443`).                                                                                                                                                                                                                                                                                                                                                                                                                                                                         | false                   | No       |
-| `http.redirections.`<br />`entryPoint.priority`                 | Default priority applied to the routers attached to the `entryPoint`.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               | MaxInt32-1 (2147483646) | No       |
-| `http.encodeQuerySemicolons`                                    | Enable query semicolons encoding. <br /> Use this option to avoid non-encoded semicolons to be interpreted as query parameter separators by Traefik. <br /> When using this option, the non-encoded semicolons characters in query will be transmitted encoded to the backend.<br /> More information [here](#encodequerysemicolons).                                                                                                                                                                                                                                                                                                                                               | false                   | No       |
-| `http.sanitizePath`                                             | Defines whether to enable the request path sanitization.<br /> More information [here](#sanitizepath).                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              | false                   | No       |
-| `http.middlewares`                                              | Set the list of middlewares that are prepended by default to the list of middlewares of each router associated to the named entry point. <br />More information [here](#httpmiddlewares).                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           | -                       | No       |
-| `http.tls`                                                      | Enable TLS on every router attached to the `entryPoint`. <br /> If no certificate are set, a default self-signed certificate is generates by Traefik. <br /> We recommend to not use self signed certificates in production.                                                                                                                                                                                                                                                                                                                                                                                                                                                        | -                       | No       |
-| `http.tls.options`                                              | Apply TLS options on every router attached to the `entryPoint`. <br /> The TLS options can be overidden per router. <br /> More information in the [dedicated section](../../routing/providers/kubernetes-crd.md#kind-tlsoption).                                                                                                                                                                                                                                                                                                                                                                                                                                                   | -                       | No       |
-| `http.tls.certResolver`                                         | Apply a certificate resolver on every router attached to the `entryPoint`. <br /> The TLS options can be overidden per router. <br /> More information in the [dedicated section](../install-configuration/tls/certificate-resolvers/overview.md).                                                                                                                                                                                                                                                                                                                                                                                                                                  | -                       | No       |
-| `http2.maxConcurrentStreams`                                    | Set the number of concurrent streams per connection that each client is allowed to initiate. <br /> The value must be greater than zero.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            | 250                     | No       |
-| `http3`                                                         | Enable HTTP/3 protocol on the `entryPoint`. <br /> HTTP/3 requires a TCP `entryPoint`. as HTTP/3 always starts as a TCP connection that then gets upgraded to UDP. In most scenarios, this `entryPoint` is the same as the one used for TLS traffic.<br /> More information [here](#http3).                                                                                                                                                                                                                                                                                                                                                                                          | -                       | No       |
-| `http3.advertisedPort`                                          | Set the UDP port to advertise as the HTTP/3 authority. <br /> It defaults to the entryPoint's address port. <br /> It can be used to override the authority in the `alt-svc` header, for example if the public facing port is different from where Traefik is listening.                                                                                                                                                                                                                                                                                                                                                                                                            | -                       | No       |
-| `observability.accessLogs`                                      | Defines whether a router attached to this EntryPoint produces access-logs by default. Nonetheless, a router defining its own observability configuration will opt-out from this default.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            | true                    | No       |
-| `observability.metrics`                                         | Defines whether a router attached to this EntryPoint produces metrics by default. Nonetheless, a router defining its own observability configuration will opt-out from this default.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                | true                    | No       |
-| `observability.tracing`                                         | Defines whether a router attached to this EntryPoint produces traces by default. Nonetheless, a router defining its own observability configuration will opt-out from this default.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 | true                    | No       |
-| `observability.traceVerbosity`                                  | Defines the tracing verbosity level for routers attached to this EntryPoint. Possible values: `minimal` (default), `detailed`. Routers can override this value in their own observability configuration. <br /> More information [here](#traceverbosity).                                                                                                                                                                                                                                                                                                                                                                                                                           | minimal                 | No       |
-| `proxyProtocol.trustedIPs`                                      | Enable PROXY protocol with Trusted IPs. <br /> Traefik supports [PROXY protocol](https://www.haproxy.org/download/2.0/doc/proxy-protocol.txt) version 1 and 2. <br /> If PROXY protocol header parsing is enabled for the entry point, this entry point can accept connections with or without PROXY protocol headers. <br /> If the PROXY protocol header is passed, then the version is determined automatically.<br /> More information [here](#proxyprotocol-and-load-balancers).                                                                                                                                                                                               | -                       | No       |
-| `proxyProtocol.insecure`                                        | Enable PROXY protocol trusting every incoming connection. <br /> Every remote client address will be replaced (`trustedIPs`) won't have any effect). <br /> Traefik supports [PROXY protocol](https://www.haproxy.org/download/2.0/doc/proxy-protocol.txt) version 1 and 2. <br /> If PROXY protocol header parsing is enabled for the entry point, this entry point can accept connections with or without PROXY protocol headers. <br /> If the PROXY protocol header is passed, then the version is determined automatically.<br />We recommend to use this option only for tests purposes, not in production.<br /> More information [here](#proxyprotocol-and-load-balancers). | -                       | No       |
-| `reusePort`                                                     | Enable `entryPoints` from the same or different processes listening on the same TCP/UDP port by utilizing the `SO_REUSEPORT` socket option. <br /> It also allows the kernel to act like a load balancer to distribute incoming connections between entry points.<br /> More information [here](#reuseport).                                                                                                                                                                                                                                                                                                                                                                        | false                   | No       |
-| `transport.`<br />`respondingTimeouts.`<br />`readTimeout`      | Set the timeouts for incoming requests to the Traefik instance. This is the maximum duration for reading the entire request, including the body. Setting them has no effect for UDP `entryPoints`.<br /> If zero, no timeout exists. <br />Can be provided in a format supported by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration) or as raw values (digits).<br />If no units are provided, the value is parsed assuming seconds.                                                                                                                                                                                                                                | 60s (seconds)           | No       |
-| `transport.`<br />`respondingTimeouts.`<br />`writeTimeout`     | Maximum duration before timing out writes of the response. <br /> It covers the time from the end of the request header read to the end of the response write. <br /> If zero, no timeout exists. <br />Can be provided in a format supported by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration) or as raw values (digits).<br />If no units are provided, the value is parsed assuming seconds.                                                                                                                                                                                                                                                                   | 0s (seconds)            | No       |
-| `transport.`<br />`respondingTimeouts.`<br />`idleTimeout`      | Maximum duration an idle (keep-alive) connection will remain idle before closing itself. <br /> If zero, no timeout exists <br />Can be provided in a format supported by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration) or as raw values (digits).<br />If no units are provided, the value is parsed assuming seconds                                                                                                                                                                                                                                                                                                                                           | 180s (seconds)          | No       |
-| `transport.`<br />`lifeCycle.`<br />`graceTimeOut`              | Set the duration to give active requests a chance to finish before Traefik stops. <br />Can be provided in a format supported by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration) or as raw values (digits).<br />If no units are provided, the value is parsed assuming seconds <br /> In this time frame no new requests are accepted.                                                                                                                                                                                                                                                                                                                            | 10s (seconds)           | No       |
-| `transport.`<br />`lifeCycle.`<br />`requestAcceptGraceTimeout` | Set the duration to keep accepting requests prior to initiating the graceful termination period (as defined by the `transportlifeCycle.graceTimeOut` option). <br /> This option is meant to give downstream load-balancers sufficient time to take Traefik out of rotation. <br />Can be provided in a format supported by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration) or as raw values (digits).<br />If no units are provided, the value is parsed assuming seconds                                                                                                                                                                                         | 0s (seconds)            | No       |
-| `transport.`<br />`keepAliveMaxRequests`                        | Set the maximum number of requests Traefik can handle before sending a `Connection: Close` header to the client (for HTTP2, Traefik sends a GOAWAY). <br /> Zero means no limit.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    | 0                       | No       |
-| `transport.`<br />`keepAliveMaxTime`                            | Set the maximum duration Traefik can handle requests before sending a `Connection: Close` header to the client (for HTTP2, Traefik sends a GOAWAY). Zero means no limit.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            | 0s (seconds)            | No       |
-| `udp.timeout`                                                   | Define how long to wait on an idle session before releasing the related resources. <br />The Timeout value must be greater than zero.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               | 3s (seconds)            | No       |
+| <a id="opt-address" href="#opt-address" title="#opt-address">`address`</a> | Define the port, and optionally the hostname, on which to listen for incoming connections and packets.<br /> It also defines the protocol to use (TCP or UDP).<br /> If no protocol is specified, the default is TCP. The format is:`[host]:port[/tcp\|/udp]                                                                                                                                                                                                                                                                                                                                                                                                                        | -                       | Yes      |
+| <a id="opt-asDefault" href="#opt-asDefault" title="#opt-asDefault">`asDefault`</a> | Mark the `entryPoint` to be in the list of default `entryPoints`.<br /> `entryPoints`in this list are used (by default) on HTTP and TCP routers that do not define their own `entryPoints` option.<br /> More information [here](#asdefault).                                                                                                                                                                                                                                                                                                                                                                                                                                       | false                   | No       |
+| <a id="opt-forwardedHeaders-trustedIPs" href="#opt-forwardedHeaders-trustedIPs" title="#opt-forwardedHeaders-trustedIPs">`forwardedHeaders.trustedIPs`</a> | Set the IPs or CIDR from where Traefik trusts the forwarded headers information (`X-Forwarded-*`).                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  | -                       | No       |
+| <a id="opt-forwardedHeaders-insecure" href="#opt-forwardedHeaders-insecure" title="#opt-forwardedHeaders-insecure">`forwardedHeaders.insecure`</a> | Set the insecure mode to always trust the forwarded headers information (`X-Forwarded-*`).<br />We recommend to use this option only for tests purposes, not in production.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         | false                   | No       |
+| <a id="opt-http-redirections-entryPoint-to" href="#opt-http-redirections-entryPoint-to" title="#opt-http-redirections-entryPoint-to">`http.redirections.`<br />`entryPoint.to`</a> | The target element to enable (permanent) redirecting of all incoming requests on an entry point to another one. <br /> The target element can be an entry point name (ex: `websecure`), or a port (`:443`).                                                                                                                                                                                                                                                                                                                                                                                                                                                                         | -                       | Yes      |
+| <a id="opt-http-redirections-entryPoint-scheme" href="#opt-http-redirections-entryPoint-scheme" title="#opt-http-redirections-entryPoint-scheme">`http.redirections.`<br />`entryPoint.scheme`</a> | The target scheme to use for (permanent) redirection of all incoming requests.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      | https                   | No       |
+| <a id="opt-http-redirections-entryPoint-permanent" href="#opt-http-redirections-entryPoint-permanent" title="#opt-http-redirections-entryPoint-permanent">`http.redirections.`<br />`entryPoint.permanent`</a> | Enable permanent redirecting of all incoming requests on an entry point to another one changing the scheme. <br /> The target element, it can be an entry point name (ex: `websecure`), or a port (`:443`).                                                                                                                                                                                                                                                                                                                                                                                                                                                                         | false                   | No       |
+| <a id="opt-http-redirections-entryPoint-priority" href="#opt-http-redirections-entryPoint-priority" title="#opt-http-redirections-entryPoint-priority">`http.redirections.`<br />`entryPoint.priority`</a> | Default priority applied to the routers attached to the `entryPoint`.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               | MaxInt32-1 (2147483646) | No       |
+| <a id="opt-http-encodeQuerySemicolons" href="#opt-http-encodeQuerySemicolons" title="#opt-http-encodeQuerySemicolons">`http.encodeQuerySemicolons`</a> | Enable query semicolons encoding. <br /> Use this option to avoid non-encoded semicolons to be interpreted as query parameter separators by Traefik. <br /> When using this option, the non-encoded semicolons characters in query will be transmitted encoded to the backend.<br /> More information [here](#encodequerysemicolons).                                                                                                                                                                                                                                                                                                                                               | false                   | No       |
+| <a id="opt-http-sanitizePath" href="#opt-http-sanitizePath" title="#opt-http-sanitizePath">`http.sanitizePath`</a> | Defines whether to enable the request path sanitization.<br /> More information [here](#sanitizepath).                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              | false                   | No       |
+| <a id="opt-http-middlewares" href="#opt-http-middlewares" title="#opt-http-middlewares">`http.middlewares`</a> | Set the list of middlewares that are prepended by default to the list of middlewares of each router associated to the named entry point. <br />More information [here](#httpmiddlewares).                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           | -                       | No       |
+| <a id="opt-http-tls" href="#opt-http-tls" title="#opt-http-tls">`http.tls`</a> | Enable TLS on every router attached to the `entryPoint`. <br /> If no certificate are set, a default self-signed certificate is generated by Traefik. <br /> We recommend to not use self signed certificates in production.                                                                                                                                                                                                                                                                                                                                                                                                                                                        | -                       | No       |
+| <a id="opt-http-tls-options" href="#opt-http-tls-options" title="#opt-http-tls-options">`http.tls.options`</a> | Apply TLS options on every router attached to the `entryPoint`. <br /> The TLS options can be overidden per router. <br /> More information in the [dedicated section](../../routing/providers/kubernetes-crd.md#kind-tlsoption).                                                                                                                                                                                                                                                                                                                                                                                                                                                   | -                       | No       |
+| <a id="opt-http-tls-certResolver" href="#opt-http-tls-certResolver" title="#opt-http-tls-certResolver">`http.tls.certResolver`</a> | Apply a certificate resolver on every router attached to the `entryPoint`. <br /> The TLS options can be overidden per router. <br /> More information in the [dedicated section](../install-configuration/tls/certificate-resolvers/overview.md).                                                                                                                                                                                                                                                                                                                                                                                                                                  | -                       | No       |
+| <a id="opt-http2-maxConcurrentStreams" href="#opt-http2-maxConcurrentStreams" title="#opt-http2-maxConcurrentStreams">`http2.maxConcurrentStreams`</a> | Set the number of concurrent streams per connection that each client is allowed to initiate. <br /> The value must be greater than zero.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            | 250                     | No       |
+| <a id="opt-http3" href="#opt-http3" title="#opt-http3">`http3`</a> | Enable HTTP/3 protocol on the `entryPoint`. <br /> HTTP/3 requires a TCP `entryPoint`. as HTTP/3 always starts as a TCP connection that then gets upgraded to UDP. In most scenarios, this `entryPoint` is the same as the one used for TLS traffic.<br /> More information [here](#http3).                                                                                                                                                                                                                                                                                                                                                                                          | -                       | No       |
+| <a id="opt-http3-advertisedPort" href="#opt-http3-advertisedPort" title="#opt-http3-advertisedPort">`http3.advertisedPort`</a> | Set the UDP port to advertise as the HTTP/3 authority. <br /> It defaults to the entryPoint's address port. <br /> It can be used to override the authority in the `alt-svc` header, for example if the public facing port is different from where Traefik is listening.                                                                                                                                                                                                                                                                                                                                                                                                            | -                       | No       |
+| <a id="opt-observability-accessLogs" href="#opt-observability-accessLogs" title="#opt-observability-accessLogs">`observability.accessLogs`</a> | Defines whether a router attached to this EntryPoint produces access-logs by default. Nonetheless, a router defining its own observability configuration will opt-out from this default.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            | true                    | No       |
+| <a id="opt-observability-metrics" href="#opt-observability-metrics" title="#opt-observability-metrics">`observability.metrics`</a> | Defines whether a router attached to this EntryPoint produces metrics by default. Nonetheless, a router defining its own observability configuration will opt-out from this default.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                | true                    | No       |
+| <a id="opt-observability-tracing" href="#opt-observability-tracing" title="#opt-observability-tracing">`observability.tracing`</a> | Defines whether a router attached to this EntryPoint produces traces by default. Nonetheless, a router defining its own observability configuration will opt-out from this default.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 | true                    | No       |
+| <a id="opt-observability-traceVerbosity" href="#opt-observability-traceVerbosity" title="#opt-observability-traceVerbosity">`observability.traceVerbosity`</a> | Defines the tracing verbosity level for routers attached to this EntryPoint. Possible values: `minimal` (default), `detailed`. Routers can override this value in their own observability configuration. <br /> More information [here](#traceverbosity).                                                                                                                                                                                                                                                                                                                                                                                                                           | minimal                 | No       |
+| <a id="opt-proxyProtocol-trustedIPs" href="#opt-proxyProtocol-trustedIPs" title="#opt-proxyProtocol-trustedIPs">`proxyProtocol.trustedIPs`</a> | Enable PROXY protocol with Trusted IPs. <br /> Traefik supports [PROXY protocol](https://www.haproxy.org/download/2.0/doc/proxy-protocol.txt) version 1 and 2. <br /> If PROXY protocol header parsing is enabled for the entry point, this entry point can accept connections with or without PROXY protocol headers. <br /> If the PROXY protocol header is passed, then the version is determined automatically.<br /> More information [here](#proxyprotocol-and-load-balancers).                                                                                                                                                                                               | -                       | No       |
+| <a id="opt-proxyProtocol-insecure" href="#opt-proxyProtocol-insecure" title="#opt-proxyProtocol-insecure">`proxyProtocol.insecure`</a> | Enable PROXY protocol trusting every incoming connection. <br /> Every remote client address will be replaced (`trustedIPs`) won't have any effect). <br /> Traefik supports [PROXY protocol](https://www.haproxy.org/download/2.0/doc/proxy-protocol.txt) version 1 and 2. <br /> If PROXY protocol header parsing is enabled for the entry point, this entry point can accept connections with or without PROXY protocol headers. <br /> If the PROXY protocol header is passed, then the version is determined automatically.<br />We recommend to use this option only for tests purposes, not in production.<br /> More information [here](#proxyprotocol-and-load-balancers). | -                       | No       |
+| <a id="opt-reusePort" href="#opt-reusePort" title="#opt-reusePort">`reusePort`</a> | Enable `entryPoints` from the same or different processes listening on the same TCP/UDP port by utilizing the `SO_REUSEPORT` socket option. <br /> It also allows the kernel to act like a load balancer to distribute incoming connections between entry points.<br /> More information [here](#reuseport).                                                                                                                                                                                                                                                                                                                                                                        | false                   | No       |
+| <a id="opt-transport-respondingTimeouts-readTimeout" href="#opt-transport-respondingTimeouts-readTimeout" title="#opt-transport-respondingTimeouts-readTimeout">`transport.`<br />`respondingTimeouts.`<br />`readTimeout`</a> | Set the timeouts for incoming requests to the Traefik instance. This is the maximum duration for reading the entire request, including the body. Setting them has no effect for UDP `entryPoints`.<br /> If zero, no timeout exists. <br />Can be provided in a format supported by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration) or as raw values (digits).<br />If no units are provided, the value is parsed assuming seconds.                                                                                                                                                                                                                                | 60s (seconds)           | No       |
+| <a id="opt-transport-respondingTimeouts-writeTimeout" href="#opt-transport-respondingTimeouts-writeTimeout" title="#opt-transport-respondingTimeouts-writeTimeout">`transport.`<br />`respondingTimeouts.`<br />`writeTimeout`</a> | Maximum duration before timing out writes of the response. <br /> It covers the time from the end of the request header read to the end of the response write. <br /> If zero, no timeout exists. <br />Can be provided in a format supported by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration) or as raw values (digits).<br />If no units are provided, the value is parsed assuming seconds.                                                                                                                                                                                                                                                                   | 0s (seconds)            | No       |
+| <a id="opt-transport-respondingTimeouts-idleTimeout" href="#opt-transport-respondingTimeouts-idleTimeout" title="#opt-transport-respondingTimeouts-idleTimeout">`transport.`<br />`respondingTimeouts.`<br />`idleTimeout`</a> | Maximum duration an idle (keep-alive) connection will remain idle before closing itself. <br /> If zero, no timeout exists <br />Can be provided in a format supported by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration) or as raw values (digits).<br />If no units are provided, the value is parsed assuming seconds                                                                                                                                                                                                                                                                                                                                           | 180s (seconds)          | No       |
+| <a id="opt-transport-lifeCycle-graceTimeOut" href="#opt-transport-lifeCycle-graceTimeOut" title="#opt-transport-lifeCycle-graceTimeOut">`transport.`<br />`lifeCycle.`<br />`graceTimeOut`</a> | Set the duration to give active requests a chance to finish before Traefik stops. <br />Can be provided in a format supported by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration) or as raw values (digits).<br />If no units are provided, the value is parsed assuming seconds <br /> In this time frame no new requests are accepted.                                                                                                                                                                                                                                                                                                                            | 10s (seconds)           | No       |
+| <a id="opt-transport-lifeCycle-requestAcceptGraceTimeout" href="#opt-transport-lifeCycle-requestAcceptGraceTimeout" title="#opt-transport-lifeCycle-requestAcceptGraceTimeout">`transport.`<br />`lifeCycle.`<br />`requestAcceptGraceTimeout`</a> | Set the duration to keep accepting requests prior to initiating the graceful termination period (as defined by the `transportlifeCycle.graceTimeOut` option). <br /> This option is meant to give downstream load-balancers sufficient time to take Traefik out of rotation. <br />Can be provided in a format supported by [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration) or as raw values (digits).<br />If no units are provided, the value is parsed assuming seconds                                                                                                                                                                                         | 0s (seconds)            | No       |
+| <a id="opt-transport-keepAliveMaxRequests" href="#opt-transport-keepAliveMaxRequests" title="#opt-transport-keepAliveMaxRequests">`transport.`<br />`keepAliveMaxRequests`</a> | Set the maximum number of requests Traefik can handle before sending a `Connection: Close` header to the client (for HTTP2, Traefik sends a GOAWAY). <br /> Zero means no limit.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    | 0                       | No       |
+| <a id="opt-transport-keepAliveMaxTime" href="#opt-transport-keepAliveMaxTime" title="#opt-transport-keepAliveMaxTime">`transport.`<br />`keepAliveMaxTime`</a> | Set the maximum duration Traefik can handle requests before sending a `Connection: Close` header to the client (for HTTP2, Traefik sends a GOAWAY). Zero means no limit.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            | 0s (seconds)            | No       |
+| <a id="opt-udp-timeout" href="#opt-udp-timeout" title="#opt-udp-timeout">`udp.timeout`</a> | Define how long to wait on an idle session before releasing the related resources. <br />The Timeout value must be greater than zero.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               | 3s (seconds)            | No       |

 ### asDefault

@@ -151,18 +152,20 @@ are applied after the ones declared on the Entrypoint)
 entryPoints:
  web:
    address: :80
-    middlewares:
-      - auth@kubernetescrd
-      - strip@file
+    http:
+      middlewares:
+        - auth@kubernetescrd
+        - strip@file
 ```

 ```yaml tab="Helm Chart Values"
 ports:
  web:
    port: :80
-    middlewares:
-      - auth@kubernetescrd
-      - strip@file
+    http:
+      middlewares:
+        - auth@kubernetescrd
+        - strip@file
 ```

 ### encodeQuerySemicolons
@@ -171,10 +174,10 @@ Behavior examples:

 | EncodeQuerySemicolons | Request Query       | Resulting Request Query |
 |-----------------------|---------------------|-------------------------|
-| false                 | foo=bar;baz=bar     | foo=bar&baz=bar         |
-| true                  | foo=bar;baz=bar     | foo=bar%3Bbaz=bar       |
-| false                 | foo=bar&baz=bar;foo | foo=bar&baz=bar&foo     |
-| true                  | foo=bar&baz=bar;foo | foo=bar&baz=bar%3Bfoo   |
+| <a id="opt-false" href="#opt-false" title="#opt-false">false</a> | foo=bar;baz=bar     | foo=bar&baz=bar         |
+| <a id="opt-true" href="#opt-true" title="#opt-true">true</a> | foo=bar;baz=bar     | foo=bar%3Bbaz=bar       |
+| <a id="opt-false-2" href="#opt-false-2" title="#opt-false-2">false</a> | foo=bar&baz=bar;foo | foo=bar&baz=bar&foo     |
+| <a id="opt-true-2" href="#opt-true-2" title="#opt-true-2">true</a> | foo=bar&baz=bar;foo | foo=bar&baz=bar%3Bfoo   |

 ### SanitizePath

@@ -194,14 +197,14 @@ it can lead to unsafe routing when the `sanitizePath` option is set to `false`.

 | SanitizePath | Request Path    | Resulting Request Path |
 |--------------|-----------------|------------------------|
-| false        | /./foo/bar      | /./foo/bar             |
-| true         | /./foo/bar      | /foo/bar               |
-| false        | /foo/../bar     | /foo/../bar            |
-| true         | /foo/../bar     | /bar                   |
-| false        | /foo/bar//      | /foo/bar//             |
-| true         | /foo/bar//      | /foo/bar/              |
-| false        | /./foo/../bar// | /./foo/../bar//        |
-| true         | /./foo/../bar// | /bar/                  |
+| <a id="opt-false-3" href="#opt-false-3" title="#opt-false-3">false</a> | /./foo/bar      | /./foo/bar             |
+| <a id="opt-true-3" href="#opt-true-3" title="#opt-true-3">true</a> | /./foo/bar      | /foo/bar               |
+| <a id="opt-false-4" href="#opt-false-4" title="#opt-false-4">false</a> | /foo/../bar     | /foo/../bar            |
+| <a id="opt-true-4" href="#opt-true-4" title="#opt-true-4">true</a> | /foo/../bar     | /bar                   |
+| <a id="opt-false-5" href="#opt-false-5" title="#opt-false-5">false</a> | /foo/bar//      | /foo/bar//             |
+| <a id="opt-true-5" href="#opt-true-5" title="#opt-true-5">true</a> | /foo/bar//      | /foo/bar/              |
+| <a id="opt-false-6" href="#opt-false-6" title="#opt-false-6">false</a> | /./foo/../bar// | /./foo/../bar//        |
+| <a id="opt-true-6" href="#opt-true-6" title="#opt-true-6">true</a> | /./foo/../bar// | /bar/                  |

 ### HTTP3

--- a/docs/content/reference/install-configuration/observability/healthcheck.md
+++ b/docs/content/reference/install-configuration/observability/healthcheck.md
@@ -36,7 +36,7 @@ whose default value is `traefik` (port `8080`).

 | Path    | Method        | Description                                                                                         |
 |---------|---------------|-----------------------------------------------------------------------------------------------------|
-| `/ping` | `GET`, `HEAD` | An endpoint to check for Traefik process liveness. Return a code `200` with the content: `OK` |
+| <a id="opt-ping" href="#opt-ping" title="#opt-ping">`/ping`</a> | `GET`, `HEAD` | An endpoint to check for Traefik process liveness. Return a code `200` with the content: `OK` |

 ### Configuration Example

@@ -58,9 +58,9 @@ ping: {}

 | Field | Description                                               | Default              | Required |
 |:------|:----------------------------------------------------------|:---------------------|:---------|
-| `ping.entryPoint` | Enables `/ping` on a dedicated EntryPoint. | traefik  | No   |
-| `ping.manualRouting` | Disables the default internal router in order to allow one to create a custom router for the `ping@internal` service when set to `true`. | false | No   |
-| `ping.terminatingStatusCode` | Defines the status code for the ping handler during a graceful shut down. See more information [here](#terminatingstatuscode) | 503 | No   |
+| <a id="opt-ping-entryPoint" href="#opt-ping-entryPoint" title="#opt-ping-entryPoint">`ping.entryPoint`</a> | Enables `/ping` on a dedicated EntryPoint. | traefik  | No   |
+| <a id="opt-ping-manualRouting" href="#opt-ping-manualRouting" title="#opt-ping-manualRouting">`ping.manualRouting`</a> | Disables the default internal router in order to allow one to create a custom router for the `ping@internal` service when set to `true`. | false | No   |
+| <a id="opt-ping-terminatingStatusCode" href="#opt-ping-terminatingStatusCode" title="#opt-ping-terminatingStatusCode">`ping.terminatingStatusCode`</a> | Defines the status code for the ping handler during a graceful shut down. See more information [here](#terminatingstatuscode) | 503 | No   |

 #### `terminatingStatusCode`

--- a/docs/content/reference/install-configuration/observability/healthcheck/ping.md
+++ b/docs/content/reference/install-configuration/observability/healthcheck/ping.md
@@ -37,9 +37,9 @@ You can define it using the same [configuration methods](../../boot-environment.

 | Field | Description                                               | Default              | Required |
 |:------|:----------------------------------------------------------|:---------------------|:---------|
-| `ping.entryPoint` | Enables `/ping` on a dedicated EntryPoint. | traefik  | No   |
-| `ping.manualRouting` | Disables the default internal router in order to allow one to create a custom router for the `ping@internal` service when set to `true`. | false | No   |
-| `ping.terminatingStatusCode` | Defines the status code for the ping handler during a graceful shut down. See more information [here](#terminatingstatuscode) | 503 | No   |
+| <a id="opt-ping-entryPoint" href="#opt-ping-entryPoint" title="#opt-ping-entryPoint">`ping.entryPoint`</a> | Enables `/ping` on a dedicated EntryPoint. | traefik  | No   |
+| <a id="opt-ping-manualRouting" href="#opt-ping-manualRouting" title="#opt-ping-manualRouting">`ping.manualRouting`</a> | Disables the default internal router in order to allow one to create a custom router for the `ping@internal` service when set to `true`. | false | No   |
+| <a id="opt-ping-terminatingStatusCode" href="#opt-ping-terminatingStatusCode" title="#opt-ping-terminatingStatusCode">`ping.terminatingStatusCode`</a> | Defines the status code for the ping handler during a graceful shut down. See more information [here](#terminatingstatuscode) | 503 | No   |

 ### `terminatingStatusCode`

--- a/docs/content/reference/install-configuration/observability/logs-and-accesslogs.md
+++ b/docs/content/reference/install-configuration/observability/logs-and-accesslogs.md
@@ -35,14 +35,14 @@ The section below describe how to configure Traefik logs using the static config

 | Field      | Description  | Default | Required |
 |:-----------|:----------------------------|:--------|:---------|
-| `log.filePath` | By default, the logs are written to the standard output.<br />You can configure a file path instead using the `filePath` option.| - | No      |
-| `log.format` | Log format (`common`or `json`).<br /> The fields displayed with the format `common` cannot be customized. | "common" | No      |
-| `log.level` | Log level (`TRACE`, `DEBUG`, `INFO`, `WARN`, `ERROR`, `FATAL`, and `PANIC`)| ERROR | No      |
-| `log.noColor` | When using the format `common`, disables the colorized output. | false      | No      |
-| `log.maxSize` | Maximum size in megabytes of the log file before it gets rotated. | 100MB      | No      |
-| `log.maxAge` | Maximum number of days to retain old log files based on the timestamp encoded in their filename.<br /> A day is defined as 24 hours and may not exactly correspond to calendar days due to daylight savings, leap seconds, etc.<br />By default files are not removed based on their age.  |   0   | No      |
-| `log.maxBackups` | Maximum number of old log files to retain.<br />The default is to retain all old log files. |  0  | No      |
-| `log.compress` | Compress log files in gzip after rotation. | false | No      |
+| <a id="opt-log-filePath" href="#opt-log-filePath" title="#opt-log-filePath">`log.filePath`</a> | By default, the logs are written to the standard output.<br />You can configure a file path instead using the `filePath` option. When `filePath` is specified, Traefik will write logs only to that file (not to standard output).| - | No      |
+| <a id="opt-log-format" href="#opt-log-format" title="#opt-log-format">`log.format`</a> | Log format (`common`or `json`).<br /> The fields displayed with the format `common` cannot be customized. | "common" | No      |
+| <a id="opt-log-level" href="#opt-log-level" title="#opt-log-level">`log.level`</a> | Log level (`TRACE`, `DEBUG`, `INFO`, `WARN`, `ERROR`, `FATAL`, and `PANIC`)| ERROR | No      |
+| <a id="opt-log-noColor" href="#opt-log-noColor" title="#opt-log-noColor">`log.noColor`</a> | When using the format `common`, disables the colorized output. | false      | No      |
+| <a id="opt-log-maxSize" href="#opt-log-maxSize" title="#opt-log-maxSize">`log.maxSize`</a> | Maximum size in megabytes of the log file before it gets rotated. | 100MB      | No      |
+| <a id="opt-log-maxAge" href="#opt-log-maxAge" title="#opt-log-maxAge">`log.maxAge`</a> | Maximum number of days to retain old log files based on the timestamp encoded in their filename.<br /> A day is defined as 24 hours and may not exactly correspond to calendar days due to daylight savings, leap seconds, etc.<br />By default files are not removed based on their age.  |   0   | No      |
+| <a id="opt-log-maxBackups" href="#opt-log-maxBackups" title="#opt-log-maxBackups">`log.maxBackups`</a> | Maximum number of old log files to retain.<br />The default is to retain all old log files. |  0  | No      |
+| <a id="opt-log-compress" href="#opt-log-compress" title="#opt-log-compress">`log.compress`</a> | Compress log files in gzip after rotation. | false | No      |

 ### OpenTelemetry

@@ -65,6 +65,9 @@ experimental:
 !!! warning
    This is an experimental feature.

+!!! note "Stdio logs remain available"
+    When OTLP logging is enabled, standard output (stdio) logs are still available and will continue to be written alongside OTLP exports.
+
 #### Configuration Example

 ```yaml tab="File (YAML)"
@@ -98,25 +101,41 @@ log:

 | Field                                  | Description                                                                                                                            | Default                          | Required |
 |:---------------------------------------|:---------------------------------------------------------------------------------------------------------------------------------------|:---------------------------------|:---------|
-| `log.otlp.serviceName`                 | Service name used in selected backend.                                                                                                 | "traefik"                        | No       |
-| `log.otlp.resourceAttributes`          | Defines additional resource attributes to be sent to the collector.                                                                    | []                               | No       |
-| `log.otlp.http`                        | This instructs the exporter to send logs to the OpenTelemetry Collector using HTTP.                                                    |                                  | No       |
-| `log.otlp.http.endpoint`               | The endpoint of the OpenTelemetry Collector. (format=`<scheme>://<host>:<port><path>`)                                                 | `https://localhost:4318/v1/logs` | No       |
-| `log.otlp.http.headers`                | Additional headers sent with logs by the exporter to the OpenTelemetry Collector.                                                      | [ ]                              | No       |
-| `log.otlp.http.tls`                    | Defines the Client TLS configuration used by the exporter to send logs to the OpenTelemetry Collector.                                 |                                  | No       |
-| `log.otlp.http.tls.ca`                 | The path to the certificate authority used for the secure connection to the OpenTelemetry Collector, it defaults to the system bundle. |                                  | No       |
-| `log.otlp.http.tls.cert`               | The path to the certificate to use for the OpenTelemetry Collector.                                                                    |                                  | No       |
-| `log.otlp.http.tls.key`                | The path to the key to use for the OpenTelemetry Collector.                                                                            |                                  | No       |
-| `log.otlp.http.tls.insecureSkipVerify` | Instructs the OpenTelemetry Collector to accept any certificate presented by the server regardless of the hostname in the certificate. | false                            | No       |
-| `log.otlp.grpc`                        | This instructs the exporter to send logs to the OpenTelemetry Collector using gRPC.                                                    |                                  | No       |
-| `log.otlp.grpc.endpoint`               | The endpoint of the OpenTelemetry Collector. (format=`<host>:<port>`)                                                                  | `localhost:4317`                 | No       |
-| `log.otlp.grpc.headers`                | Additional headers sent with logs by the exporter to the OpenTelemetry Collector.                                                      | [ ]                              | No       |
-| `log.otlp.grpc.insecure`               | Instructs the exporter to send logs to the OpenTelemetry Collector using an insecure protocol.                                         | false                            | No       |
-| `log.otlp.grpc.tls`                    | Defines the Client TLS configuration used by the exporter to send logs to the OpenTelemetry Collector.                                 |                                  | No       |
-| `log.otlp.grpc.tls.ca`                 | The path to the certificate authority used for the secure connection to the OpenTelemetry Collector, it defaults to the system bundle. |                                  | No       |
-| `log.otlp.grpc.tls.cert`               | The path to the certificate to use for the OpenTelemetry Collector.                                                                    |                                  | No       |
-| `log.otlp.grpc.tls.key`                | The path to the key to use for the OpenTelemetry Collector.                                                                            |                                  | No       |
-| `log.otlp.grpc.tls.insecureSkipVerify` | Instructs the OpenTelemetry Collector to accept any certificate presented by the server regardless of the hostname in the certificate. | false                            | No       |
+| <a id="opt-log-otlp-serviceName" href="#opt-log-otlp-serviceName" title="#opt-log-otlp-serviceName">`log.otlp.serviceName`</a> | Service name used in selected backend.                                                                                                 | "traefik"                        | No       |
+| <a id="opt-log-otlp-resourceAttributes" href="#opt-log-otlp-resourceAttributes" title="#opt-log-otlp-resourceAttributes">`log.otlp.resourceAttributes`</a> | Defines additional resource attributes to be sent to the collector.  See [resourceAttributes](#resourceattributes) for details.                                                                    | []                               | No       |
+| <a id="opt-log-otlp-http" href="#opt-log-otlp-http" title="#opt-log-otlp-http">`log.otlp.http`</a> | This instructs the exporter to send logs to the OpenTelemetry Collector using HTTP.                                                    |                                  | No       |
+| <a id="opt-log-otlp-http-endpoint" href="#opt-log-otlp-http-endpoint" title="#opt-log-otlp-http-endpoint">`log.otlp.http.endpoint`</a> | The endpoint of the OpenTelemetry Collector. (format=`<scheme>://<host>:<port><path>`)                                                 | `https://localhost:4318/v1/logs` | No       |
+| <a id="opt-log-otlp-http-headers" href="#opt-log-otlp-http-headers" title="#opt-log-otlp-http-headers">`log.otlp.http.headers`</a> | Additional headers sent with logs by the exporter to the OpenTelemetry Collector.                                                      | [ ]                              | No       |
+| <a id="opt-log-otlp-http-tls" href="#opt-log-otlp-http-tls" title="#opt-log-otlp-http-tls">`log.otlp.http.tls`</a> | Defines the Client TLS configuration used by the exporter to send logs to the OpenTelemetry Collector.                                 |                                  | No       |
+| <a id="opt-log-otlp-http-tls-ca" href="#opt-log-otlp-http-tls-ca" title="#opt-log-otlp-http-tls-ca">`log.otlp.http.tls.ca`</a> | The path to the certificate authority used for the secure connection to the OpenTelemetry Collector, it defaults to the system bundle. |                                  | No       |
+| <a id="opt-log-otlp-http-tls-cert" href="#opt-log-otlp-http-tls-cert" title="#opt-log-otlp-http-tls-cert">`log.otlp.http.tls.cert`</a> | The path to the certificate to use for the OpenTelemetry Collector.                                                                    |                                  | No       |
+| <a id="opt-log-otlp-http-tls-key" href="#opt-log-otlp-http-tls-key" title="#opt-log-otlp-http-tls-key">`log.otlp.http.tls.key`</a> | The path to the key to use for the OpenTelemetry Collector.                                                                            |                                  | No       |
+| <a id="opt-log-otlp-http-tls-insecureSkipVerify" href="#opt-log-otlp-http-tls-insecureSkipVerify" title="#opt-log-otlp-http-tls-insecureSkipVerify">`log.otlp.http.tls.insecureSkipVerify`</a> | Instructs the OpenTelemetry Collector to accept any certificate presented by the server regardless of the hostname in the certificate. | false                            | No       |
+| <a id="opt-log-otlp-grpc" href="#opt-log-otlp-grpc" title="#opt-log-otlp-grpc">`log.otlp.grpc`</a> | This instructs the exporter to send logs to the OpenTelemetry Collector using gRPC.                                                    |                                  | No       |
+| <a id="opt-log-otlp-grpc-endpoint" href="#opt-log-otlp-grpc-endpoint" title="#opt-log-otlp-grpc-endpoint">`log.otlp.grpc.endpoint`</a> | The endpoint of the OpenTelemetry Collector. (format=`<host>:<port>`)                                                                  | `localhost:4317`                 | No       |
+| <a id="opt-log-otlp-grpc-headers" href="#opt-log-otlp-grpc-headers" title="#opt-log-otlp-grpc-headers">`log.otlp.grpc.headers`</a> | Additional headers sent with logs by the exporter to the OpenTelemetry Collector.                                                      | [ ]                              | No       |
+| <a id="opt-log-otlp-grpc-insecure" href="#opt-log-otlp-grpc-insecure" title="#opt-log-otlp-grpc-insecure">`log.otlp.grpc.insecure`</a> | Instructs the exporter to send logs to the OpenTelemetry Collector using an insecure protocol.                                         | false                            | No       |
+| <a id="opt-log-otlp-grpc-tls" href="#opt-log-otlp-grpc-tls" title="#opt-log-otlp-grpc-tls">`log.otlp.grpc.tls`</a> | Defines the Client TLS configuration used by the exporter to send logs to the OpenTelemetry Collector.                                 |                                  | No       |
+| <a id="opt-log-otlp-grpc-tls-ca" href="#opt-log-otlp-grpc-tls-ca" title="#opt-log-otlp-grpc-tls-ca">`log.otlp.grpc.tls.ca`</a> | The path to the certificate authority used for the secure connection to the OpenTelemetry Collector, it defaults to the system bundle. |                                  | No       |
+| <a id="opt-log-otlp-grpc-tls-cert" href="#opt-log-otlp-grpc-tls-cert" title="#opt-log-otlp-grpc-tls-cert">`log.otlp.grpc.tls.cert`</a> | The path to the certificate to use for the OpenTelemetry Collector.                                                                    |                                  | No       |
+| <a id="opt-log-otlp-grpc-tls-key" href="#opt-log-otlp-grpc-tls-key" title="#opt-log-otlp-grpc-tls-key">`log.otlp.grpc.tls.key`</a> | The path to the key to use for the OpenTelemetry Collector.                                                                            |                                  | No       |
+| <a id="opt-log-otlp-grpc-tls-insecureSkipVerify" href="#opt-log-otlp-grpc-tls-insecureSkipVerify" title="#opt-log-otlp-grpc-tls-insecureSkipVerify">`log.otlp.grpc.tls.insecureSkipVerify`</a> | Instructs the OpenTelemetry Collector to accept any certificate presented by the server regardless of the hostname in the certificate. | false                            | No       |
+
+#### resourceAttributes
+
+The `resourceAttributes` option allows setting the resource attributes sent along the traces.
+Traefik also supports the `OTEL_RESOURCE_ATTRIBUTES` env variable to set up the resource attributes.
+
+!!! info "Kubernetes Resource Attributes Detection"
+
+    Additionally, Traefik automatically discovers the following [Kubernetes resource attributes](https://opentelemetry.io/docs/specs/semconv/non-normative/k8s-attributes/) when running in a Kubernetes cluster:
+    
+    - `k8s.namespace.name`
+    - `k8s.pod.uid`
+    - `k8s.pod.name`
+    
+    Note that this automatic detection can fail, like if the Traefik pod is running in host network mode.
+    In this case, you should provide the attributes with the option or the env variable.

 ## AccessLogs

@@ -187,24 +206,23 @@ accessLog:
 --accesslog.fields.headers.names.Authorization=drop
 ```

-
 ### Configuration Options

 The section below describes how to configure Traefik access logs using the static configuration.

 | Field      | Description    | Default | Required |
 |:-----------|:--------------------------|:--------|:---------|
-| `accesslog.filePath` | By default, the access logs are written to the standard output.<br />You can configure a file path instead using the `filePath` option.|  | No      |
-| `accesslog.format` | By default, logs are written using the Traefik Common Log Format (CLF).<br />Available formats: `common` (Traefik's extended CLF), `genericCLF` (standard CLF compatible with analyzers), or `json`.<br />If the given format is unsupported, the default (`common`) is used instead.<br />More information about CLF fields [here](#clf-format-fields). | "common" | No      |
-| `accesslog.bufferingSize` | To write the logs in an asynchronous fashion, specify a  `bufferingSize` option.<br />This option represents the number of log lines Traefik will keep in memory before writing them to the selected output.<br />In some cases, this option can greatly help performances.| 0 | No      |
-| `accesslog.addInternals` | Enables access logs for internal resources (e.g.: `ping@internal`). | false  | No      |
-| `accesslog.filters.statusCodes` | Limit the access logs to requests with a status codes in the specified range. | [ ]      | No      |
-| `accesslog.filters.retryAttempts` | Keep the access logs when at least one retry has happened. | false      | No      |
-| `accesslog.filters.minDuration` | Keep access logs when requests take longer than the specified duration (provided in seconds or as a valid duration format, see [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration)).  |  0   | No      |
-| `accesslog.fields.defaultMode` | Mode to apply by default to the access logs fields (`keep`, `redact` or `drop`). | keep | No      |
-| `accesslog.fields.names` | Set the fields list to display in the access logs (format `name:mode`).<br /> Available fields list [here](#available-fields). |  [ ]    | No      |
-| `accesslog.fields.headers.defaultMode` | Mode to apply by default to the access logs headers (`keep`, `redact` or `drop`).  | drop | No      |
-| `accesslog.fields.headers.names` | Set the headers list to display in the access logs (format `name:mode`). |   [ ]   | No      |
+| <a id="opt-accesslog-filePath" href="#opt-accesslog-filePath" title="#opt-accesslog-filePath">`accesslog.filePath`</a> | By default, the access logs are written to the standard output.<br />You can configure a file path instead using the `filePath` option.|  | No      |
+| <a id="opt-accesslog-format" href="#opt-accesslog-format" title="#opt-accesslog-format">`accesslog.format`</a> | By default, logs are written using the Traefik Common Log Format (CLF).<br />Available formats: [`common`](#traefik-clf-format-fields) (Traefik extended CLF), [`genericCLF`](#generic-clf-format-fields) (standard CLF compatible with analyzers), or [`json`](#json-format-fields).<br />If the given format is unsupported, the default (`common`) is used instead. | "common" | No      |
+| <a id="opt-accesslog-bufferingSize" href="#opt-accesslog-bufferingSize" title="#opt-accesslog-bufferingSize">`accesslog.bufferingSize`</a> | To write the logs in an asynchronous fashion, specify a  `bufferingSize` option.<br />This option represents the number of log lines Traefik will keep in memory before writing them to the selected output.<br />In some cases, this option can greatly help performances.| 0 | No      |
+| <a id="opt-accesslog-addInternals" href="#opt-accesslog-addInternals" title="#opt-accesslog-addInternals">`accesslog.addInternals`</a> | Enables access logs for internal resources (e.g.: `ping@internal`). | false  | No      |
+| <a id="opt-accesslog-filters-statusCodes" href="#opt-accesslog-filters-statusCodes" title="#opt-accesslog-filters-statusCodes">`accesslog.filters.statusCodes`</a> | Limit the access logs to requests with a status codes in the specified range. | [ ]      | No      |
+| <a id="opt-accesslog-filters-retryAttempts" href="#opt-accesslog-filters-retryAttempts" title="#opt-accesslog-filters-retryAttempts">`accesslog.filters.retryAttempts`</a> | Keep the access logs when at least one retry has happened. | false      | No      |
+| <a id="opt-accesslog-filters-minDuration" href="#opt-accesslog-filters-minDuration" title="#opt-accesslog-filters-minDuration">`accesslog.filters.minDuration`</a> | Keep access logs when requests take longer than the specified duration (provided in seconds or as a valid duration format, see [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration)).  |  0   | No      |
+| <a id="opt-accesslog-fields-defaultMode" href="#opt-accesslog-fields-defaultMode" title="#opt-accesslog-fields-defaultMode">`accesslog.fields.defaultMode`</a> | Mode to apply by default to the access logs fields (`keep`, `redact` or `drop`). | keep | No      |
+| <a id="opt-accesslog-fields-names" href="#opt-accesslog-fields-names" title="#opt-accesslog-fields-names">`accesslog.fields.names`</a> | Set the fields list to display in the access logs (format `name:mode`).<br /> Available fields list [here](#json-format-fields). |  [ ]    | No      |
+| <a id="opt-accesslog-fields-headers-defaultMode" href="#opt-accesslog-fields-headers-defaultMode" title="#opt-accesslog-fields-headers-defaultMode">`accesslog.fields.headers.defaultMode`</a> | Mode to apply by default to the access logs headers (`keep`, `redact` or `drop`).  | drop | No      |
+| <a id="opt-accesslog-fields-headers-names" href="#opt-accesslog-fields-headers-names" title="#opt-accesslog-fields-headers-names">`accesslog.fields.headers.names`</a> | Set the headers list to display in the access logs (format `name:mode`). |   [ ]   | No      |

 ### OpenTelemetry

@@ -260,29 +278,46 @@ accesslog:

 | Field                                        | Description                                                                                                                            | Default                          | Required |
 |:---------------------------------------------|:---------------------------------------------------------------------------------------------------------------------------------------|:---------------------------------|:---------|
-| `accesslog.otlp.serviceName`                 | Defines the service name resource attribute.                                                                                           | "traefik"                        | No       |
-| `accesslog.otlp.resourceAttributes`          | Defines additional resource attributes to be sent to the collector.                                                                    | []                               | No       |
-| `accesslog.otlp.http`                        | This instructs the exporter to send access logs to the OpenTelemetry Collector using HTTP.                                             |                                  | No       |
-| `accesslog.otlp.http.endpoint`               | The endpoint of the OpenTelemetry Collector. (format=`<scheme>://<host>:<port><path>`)                                                 | `https://localhost:4318/v1/logs` | No       |
-| `accesslog.otlp.http.headers`                | Additional headers sent with access logs by the exporter to the OpenTelemetry Collector.                                               | [ ]                              | No       |
-| `accesslog.otlp.http.tls`                    | Defines the Client TLS configuration used by the exporter to send access logs to the OpenTelemetry Collector.                          |                                  | No       |
-| `accesslog.otlp.http.tls.ca`                 | The path to the certificate authority used for the secure connection to the OpenTelemetry Collector, it defaults to the system bundle. |                                  | No       |
-| `accesslog.otlp.http.tls.cert`               | The path to the certificate to use for the OpenTelemetry Collector.                                                                    |                                  | No       |
-| `accesslog.otlp.http.tls.key`                | The path to the key to use for the OpenTelemetry Collector.                                                                            |                                  | No       |
-| `accesslog.otlp.http.tls.insecureSkipVerify` | Instructs the OpenTelemetry Collector to accept any certificate presented by the server regardless of the hostname in the certificate. | false                            | No       |
-| `accesslog.otlp.grpc`                        | This instructs the exporter to send access logs to the OpenTelemetry Collector using gRPC.                                             |                                  | No       |
-| `accesslog.otlp.grpc.endpoint`               | The endpoint of the OpenTelemetry Collector. (format=`<host>:<port>`)                                                                  | `localhost:4317`                 | No       |
-| `accesslog.otlp.grpc.headers`                | Additional headers sent with access logs by the exporter to the OpenTelemetry Collector.                                               | [ ]                              | No       |
-| `accesslog.otlp.grpc.insecure`               | Instructs the exporter to send access logs to the OpenTelemetry Collector using an insecure protocol.                                  | false                            | No       |
-| `accesslog.otlp.grpc.tls`                    | Defines the Client TLS configuration used by the exporter to send access logs to the OpenTelemetry Collector.                          |                                  | No       |
-| `accesslog.otlp.grpc.tls.ca`                 | The path to the certificate authority used for the secure connection to the OpenTelemetry Collector, it defaults to the system bundle. |                                  | No       |
-| `accesslog.otlp.grpc.tls.cert`               | The path to the certificate to use for the OpenTelemetry Collector.                                                                    |                                  | No       |
-| `accesslog.otlp.grpc.tls.key`                | The path to the key to use for the OpenTelemetry Collector.                                                                            |                                  | No       |
-| `accesslog.otlp.grpc.tls.insecureSkipVerify` | Instructs the OpenTelemetry Collector to accept any certificate presented by the server regardless of the hostname in the certificate. | false                            | No       |
+| <a id="opt-accesslog-otlp-serviceName" href="#opt-accesslog-otlp-serviceName" title="#opt-accesslog-otlp-serviceName">`accesslog.otlp.serviceName`</a> | Defines the service name resource attribute.                                                                                           | "traefik"                        | No       |
+| <a id="opt-accesslog-otlp-resourceAttributes" href="#opt-accesslog-otlp-resourceAttributes" title="#opt-accesslog-otlp-resourceAttributes">`accesslog.otlp.resourceAttributes`</a> | Defines additional resource attributes to be sent to the collector. See [resourceAttributes](#resourceattributes_1) for details.       | []                               | No       |
+| <a id="opt-accesslog-otlp-http" href="#opt-accesslog-otlp-http" title="#opt-accesslog-otlp-http">`accesslog.otlp.http`</a> | This instructs the exporter to send access logs to the OpenTelemetry Collector using HTTP.                                             |                                  | No       |
+| <a id="opt-accesslog-otlp-http-endpoint" href="#opt-accesslog-otlp-http-endpoint" title="#opt-accesslog-otlp-http-endpoint">`accesslog.otlp.http.endpoint`</a> | The endpoint of the OpenTelemetry Collector. (format=`<scheme>://<host>:<port><path>`)                                                 | `https://localhost:4318/v1/logs` | No       |
+| <a id="opt-accesslog-otlp-http-headers" href="#opt-accesslog-otlp-http-headers" title="#opt-accesslog-otlp-http-headers">`accesslog.otlp.http.headers`</a> | Additional headers sent with access logs by the exporter to the OpenTelemetry Collector.                                               | [ ]                              | No       |
+| <a id="opt-accesslog-otlp-http-tls" href="#opt-accesslog-otlp-http-tls" title="#opt-accesslog-otlp-http-tls">`accesslog.otlp.http.tls`</a> | Defines the Client TLS configuration used by the exporter to send access logs to the OpenTelemetry Collector.                          |                                  | No       |
+| <a id="opt-accesslog-otlp-http-tls-ca" href="#opt-accesslog-otlp-http-tls-ca" title="#opt-accesslog-otlp-http-tls-ca">`accesslog.otlp.http.tls.ca`</a> | The path to the certificate authority used for the secure connection to the OpenTelemetry Collector, it defaults to the system bundle. |                                  | No       |
+| <a id="opt-accesslog-otlp-http-tls-cert" href="#opt-accesslog-otlp-http-tls-cert" title="#opt-accesslog-otlp-http-tls-cert">`accesslog.otlp.http.tls.cert`</a> | The path to the certificate to use for the OpenTelemetry Collector.                                                                    |                                  | No       |
+| <a id="opt-accesslog-otlp-http-tls-key" href="#opt-accesslog-otlp-http-tls-key" title="#opt-accesslog-otlp-http-tls-key">`accesslog.otlp.http.tls.key`</a> | The path to the key to use for the OpenTelemetry Collector.                                                                            |                                  | No       |
+| <a id="opt-accesslog-otlp-http-tls-insecureSkipVerify" href="#opt-accesslog-otlp-http-tls-insecureSkipVerify" title="#opt-accesslog-otlp-http-tls-insecureSkipVerify">`accesslog.otlp.http.tls.insecureSkipVerify`</a> | Instructs the OpenTelemetry Collector to accept any certificate presented by the server regardless of the hostname in the certificate. | false                            | No       |
+| <a id="opt-accesslog-otlp-grpc" href="#opt-accesslog-otlp-grpc" title="#opt-accesslog-otlp-grpc">`accesslog.otlp.grpc`</a> | This instructs the exporter to send access logs to the OpenTelemetry Collector using gRPC.                                             |                                  | No       |
+| <a id="opt-accesslog-otlp-grpc-endpoint" href="#opt-accesslog-otlp-grpc-endpoint" title="#opt-accesslog-otlp-grpc-endpoint">`accesslog.otlp.grpc.endpoint`</a> | The endpoint of the OpenTelemetry Collector. (format=`<host>:<port>`)                                                                  | `localhost:4317`                 | No       |
+| <a id="opt-accesslog-otlp-grpc-headers" href="#opt-accesslog-otlp-grpc-headers" title="#opt-accesslog-otlp-grpc-headers">`accesslog.otlp.grpc.headers`</a> | Additional headers sent with access logs by the exporter to the OpenTelemetry Collector.                                               | [ ]                              | No       |
+| <a id="opt-accesslog-otlp-grpc-insecure" href="#opt-accesslog-otlp-grpc-insecure" title="#opt-accesslog-otlp-grpc-insecure">`accesslog.otlp.grpc.insecure`</a> | Instructs the exporter to send access logs to the OpenTelemetry Collector using an insecure protocol.                                  | false                            | No       |
+| <a id="opt-accesslog-otlp-grpc-tls" href="#opt-accesslog-otlp-grpc-tls" title="#opt-accesslog-otlp-grpc-tls">`accesslog.otlp.grpc.tls`</a> | Defines the Client TLS configuration used by the exporter to send access logs to the OpenTelemetry Collector.                          |                                  | No       |
+| <a id="opt-accesslog-otlp-grpc-tls-ca" href="#opt-accesslog-otlp-grpc-tls-ca" title="#opt-accesslog-otlp-grpc-tls-ca">`accesslog.otlp.grpc.tls.ca`</a> | The path to the certificate authority used for the secure connection to the OpenTelemetry Collector, it defaults to the system bundle. |                                  | No       |
+| <a id="opt-accesslog-otlp-grpc-tls-cert" href="#opt-accesslog-otlp-grpc-tls-cert" title="#opt-accesslog-otlp-grpc-tls-cert">`accesslog.otlp.grpc.tls.cert`</a> | The path to the certificate to use for the OpenTelemetry Collector.                                                                    |                                  | No       |
+| <a id="opt-accesslog-otlp-grpc-tls-key" href="#opt-accesslog-otlp-grpc-tls-key" title="#opt-accesslog-otlp-grpc-tls-key">`accesslog.otlp.grpc.tls.key`</a> | The path to the key to use for the OpenTelemetry Collector.                                                                            |                                  | No       |
+| <a id="opt-accesslog-otlp-grpc-tls-insecureSkipVerify" href="#opt-accesslog-otlp-grpc-tls-insecureSkipVerify" title="#opt-accesslog-otlp-grpc-tls-insecureSkipVerify">`accesslog.otlp.grpc.tls.insecureSkipVerify`</a> | Instructs the OpenTelemetry Collector to accept any certificate presented by the server regardless of the hostname in the certificate. | false                            | No       |

-### CLF format fields
+#### resourceAttributes

-Below the fields displayed with the CLF format:
+The `resourceAttributes` option allows setting the resource attributes sent along the traces.
+Traefik also supports the `OTEL_RESOURCE_ATTRIBUTES` env variable to set up the resource attributes.
+
+!!! info "Kubernetes Resource Attributes Detection"
+
+    Additionally, Traefik automatically discovers the following [Kubernetes resource attributes](https://opentelemetry.io/docs/specs/semconv/non-normative/k8s-attributes/) when running in a Kubernetes cluster:
+    
+    - `k8s.namespace.name`
+    - `k8s.pod.uid`
+    - `k8s.pod.name`
+    
+    Note that this automatic detection can fail, like if the Traefik pod is running in host network mode.
+    In this case, you should provide the attributes with the option or the env variable.
+
+### Traefik CLF format fields
+
+It's the default format provided by Traefik.
+Below the fields displayed with the Traefik CLF format:

 ```html
 <remote_IP_address> - <client_user_name_if_available> [<timestamp>] 
@@ -291,44 +326,54 @@ Below the fields displayed with the CLF format:
 "<Traefik_router_name>" "<Traefik_server_URL>" <request_duration_in_ms>ms
 ```

-### Available Fields
+### Generic CLF format fields
+
+Below the fields displayed with the generic CLF format:
+
+```html
+<remote_IP_address> - <client_user_name_if_available> [<timestamp>] 
+"<request_method> <request_path> <request_protocol>" <HTTP_status> <content-length> 
+"<request_referrer>" "<request_user_agent>"
+```
+
+### JSON format fields

 | Field                   | Description   |
 |-------------------------|------------------|
-| `StartUTC`    | The time at which request processing started.                                                                                                                       |
-| `StartLocal`  | The local time at which request processing started.                                                                                                                 |
-| `Duration`    | The total time taken (in nanoseconds) by processing the response, including the origin server's time but not the log writing time.                                  |
-| `RouterName`  | The name of the Traefik  router.                                                                                                                                    |
-| `ServiceName`    | The name of the Traefik backend.          |
-| `ServiceURL`   | The URL of the Traefik backend.       |
-| `ServiceAddr`    | The IP:port of the Traefik backend (extracted from `ServiceURL`). |
-| `ClientAddr`    | The remote address in its original form (usually IP:port).     |
-| `ClientHost`   | The remote IP address from which the client request was received.     |
-| `ClientPort`            | The remote TCP port from which the client request was received.   |
-| `ClientUsername`        | The username provided in the URL, if present.   |
-| `RequestAddr`           | The HTTP Host header (usually IP:port). This is treated as not a header by the Go API.   |
-| `RequestHost`           | The HTTP Host server name (not including port).     |
-| `RequestPort`           | The TCP port from the HTTP Host.    |
-| `RequestMethod`         | The HTTP method. |
-| `RequestPath`           | The HTTP request URI, not including the scheme, host or port.   |
-| `RequestProtocol`       | The version of HTTP requested.       |
-| `RequestScheme`         | The HTTP scheme requested `http` or `https`.   |
-| `RequestLine`     | The `RequestMethod`, + `RequestPath` and `RequestProtocol`.   |
-| `RequestContentSize`    | The number of bytes in the request entity (a.k.a. body) sent by the client.   |
-| `OriginDuration`        | The time taken (in nanoseconds) by the origin server ('upstream') to return its response. |
-| `OriginContentSize`     | The content length specified by the origin server, or 0 if unspecified.    |
-| `OriginStatus`          | The HTTP status code returned by the origin server. If the request was handled by this Traefik instance (e.g. with a redirect), then this value will be absent (0). |
-| `OriginStatusLine`      | `OriginStatus` + Status code explanation   |
-| `DownstreamStatus`      | The HTTP status code returned to the client.    |
-| `DownstreamStatusLine`  | The `DownstreamStatus` and status code explanation.     |
-| `DownstreamContentSize` | The number of bytes in the response entity returned to the client. This is in addition to the "Content-Length" header, which may be present in the origin response. |
-| `RequestCount`          | The number of requests received since the Traefik instance started.    |
-| `GzipRatio`             | The response body compression ratio achieved.   |
-| `Overhead`              | The processing time overhead (in nanoseconds) caused by Traefik.    |
-| `RetryAttempts`         | The amount of attempts the request was retried.   |
-| `TLSVersion`            | The TLS version used by the connection (e.g. `1.2`) (if connection is TLS).   |
-| `TLSCipher`             | The TLS cipher used by the connection (e.g. `TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA`) (if connection is TLS).      |
-| `TLSClientSubject`      | The string representation of the TLS client certificate's Subject (e.g. `CN=username,O=organization`).  |
+| <a id="opt-StartUTC" href="#opt-StartUTC" title="#opt-StartUTC">`StartUTC`</a> | The time at which request processing started.                                                                                                                       |
+| <a id="opt-StartLocal" href="#opt-StartLocal" title="#opt-StartLocal">`StartLocal`</a> | The local time at which request processing started.                                                                                                                 |
+| <a id="opt-Duration" href="#opt-Duration" title="#opt-Duration">`Duration`</a> | The total time taken (in nanoseconds) by processing the response, including the origin server's time but not the log writing time.                                  |
+| <a id="opt-RouterName" href="#opt-RouterName" title="#opt-RouterName">`RouterName`</a> | The name of the Traefik  router.                                                                                                                                    |
+| <a id="opt-ServiceName" href="#opt-ServiceName" title="#opt-ServiceName">`ServiceName`</a> | The name of the Traefik backend.          |
+| <a id="opt-ServiceURL" href="#opt-ServiceURL" title="#opt-ServiceURL">`ServiceURL`</a> | The URL of the Traefik backend.       |
+| <a id="opt-ServiceAddr" href="#opt-ServiceAddr" title="#opt-ServiceAddr">`ServiceAddr`</a> | The IP:port of the Traefik backend (extracted from `ServiceURL`). |
+| <a id="opt-ClientAddr" href="#opt-ClientAddr" title="#opt-ClientAddr">`ClientAddr`</a> | The remote address in its original form (usually IP:port).     |
+| <a id="opt-ClientHost" href="#opt-ClientHost" title="#opt-ClientHost">`ClientHost`</a> | The remote IP address from which the client request was received.     |
+| <a id="opt-ClientPort" href="#opt-ClientPort" title="#opt-ClientPort">`ClientPort`</a> | The remote TCP port from which the client request was received.   |
+| <a id="opt-ClientUsername" href="#opt-ClientUsername" title="#opt-ClientUsername">`ClientUsername`</a> | The username provided in the URL, if present.   |
+| <a id="opt-RequestAddr" href="#opt-RequestAddr" title="#opt-RequestAddr">`RequestAddr`</a> | The HTTP Host header (usually IP:port). This is treated as not a header by the Go API.   |
+| <a id="opt-RequestHost" href="#opt-RequestHost" title="#opt-RequestHost">`RequestHost`</a> | The HTTP Host server name (not including port).     |
+| <a id="opt-RequestPort" href="#opt-RequestPort" title="#opt-RequestPort">`RequestPort`</a> | The TCP port from the HTTP Host.    |
+| <a id="opt-RequestMethod" href="#opt-RequestMethod" title="#opt-RequestMethod">`RequestMethod`</a> | The HTTP method. |
+| <a id="opt-RequestPath" href="#opt-RequestPath" title="#opt-RequestPath">`RequestPath`</a> | The HTTP request URI, not including the scheme, host or port.   |
+| <a id="opt-RequestProtocol" href="#opt-RequestProtocol" title="#opt-RequestProtocol">`RequestProtocol`</a> | The version of HTTP requested.       |
+| <a id="opt-RequestScheme" href="#opt-RequestScheme" title="#opt-RequestScheme">`RequestScheme`</a> | The HTTP scheme requested `http` or `https`.   |
+| <a id="opt-RequestLine" href="#opt-RequestLine" title="#opt-RequestLine">`RequestLine`</a> | The `RequestMethod`, + `RequestPath` and `RequestProtocol`.   |
+| <a id="opt-RequestContentSize" href="#opt-RequestContentSize" title="#opt-RequestContentSize">`RequestContentSize`</a> | The number of bytes in the request entity (a.k.a. body) sent by the client.   |
+| <a id="opt-OriginDuration" href="#opt-OriginDuration" title="#opt-OriginDuration">`OriginDuration`</a> | The time taken (in nanoseconds) by the origin server ('upstream') to return its response. |
+| <a id="opt-OriginContentSize" href="#opt-OriginContentSize" title="#opt-OriginContentSize">`OriginContentSize`</a> | The content length specified by the origin server, or 0 if unspecified.    |
+| <a id="opt-OriginStatus" href="#opt-OriginStatus" title="#opt-OriginStatus">`OriginStatus`</a> | The HTTP status code returned by the origin server. If the request was handled by this Traefik instance (e.g. with a redirect), then this value will be absent (0). |
+| <a id="opt-OriginStatusLine" href="#opt-OriginStatusLine" title="#opt-OriginStatusLine">`OriginStatusLine`</a> | `OriginStatus` + Status code explanation   |
+| <a id="opt-DownstreamStatus" href="#opt-DownstreamStatus" title="#opt-DownstreamStatus">`DownstreamStatus`</a> | The HTTP status code returned to the client.    |
+| <a id="opt-DownstreamStatusLine" href="#opt-DownstreamStatusLine" title="#opt-DownstreamStatusLine">`DownstreamStatusLine`</a> | The `DownstreamStatus` and status code explanation.     |
+| <a id="opt-DownstreamContentSize" href="#opt-DownstreamContentSize" title="#opt-DownstreamContentSize">`DownstreamContentSize`</a> | The number of bytes in the response entity returned to the client. This is in addition to the "Content-Length" header, which may be present in the origin response. |
+| <a id="opt-RequestCount" href="#opt-RequestCount" title="#opt-RequestCount">`RequestCount`</a> | The number of requests received since the Traefik instance started.    |
+| <a id="opt-GzipRatio" href="#opt-GzipRatio" title="#opt-GzipRatio">`GzipRatio`</a> | The response body compression ratio achieved.   |
+| <a id="opt-Overhead" href="#opt-Overhead" title="#opt-Overhead">`Overhead`</a> | The processing time overhead (in nanoseconds) caused by Traefik.    |
+| <a id="opt-RetryAttempts" href="#opt-RetryAttempts" title="#opt-RetryAttempts">`RetryAttempts`</a> | The amount of attempts the request was retried.   |
+| <a id="opt-TLSVersion" href="#opt-TLSVersion" title="#opt-TLSVersion">`TLSVersion`</a> | The TLS version used by the connection (e.g. `1.2`) (if connection is TLS).   |
+| <a id="opt-TLSCipher" href="#opt-TLSCipher" title="#opt-TLSCipher">`TLSCipher`</a> | The TLS cipher used by the connection (e.g. `TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA`) (if connection is TLS).      |
+| <a id="opt-TLSClientSubject" href="#opt-TLSClientSubject" title="#opt-TLSClientSubject">`TLSClientSubject`</a> | The string representation of the TLS client certificate's Subject (e.g. `CN=username,O=organization`).  |

 ### Log Rotation

--- a/docs/content/reference/install-configuration/observability/metrics.md
+++ b/docs/content/reference/install-configuration/observability/metrics.md
@@ -62,29 +62,45 @@ metrics:

 | Field                                      | Description                                                                                                                                                      | Default                                            | Required |
 |:-------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------|:---------------------------------------------------|:---------|
-| `metrics.addInternals`                     | Enables metrics for internal resources (e.g.: `ping@internal`).                                                                                                  | false                                              | No       |
-| `metrics.otlp.serviceName`                 | Defines the service name resource attribute.                                                                                                                     | "traefik"                                          | No       |
-| `metrics.otlp.resourceAttributes`          | Defines additional resource attributes to be sent to the collector.                                                                                              | []                                                 | No       |
-| `metrics.otlp.addEntryPointsLabels`        | Enable metrics on entry points.                                                                                                                                  | true                                               | No       |
-| `metrics.otlp.addRoutersLabels`            | Enable metrics on routers.                                                                                                                                       | false                                              | No       |
-| `metrics.otlp.addServicesLabels`           | Enable metrics on services.                                                                                                                                      | true                                               | No       |
-| `metrics.otlp.explicitBoundaries`          | Explicit boundaries for Histogram data points.                                                                                                                   | ".005, .01, .025, .05, .1, .25, .5, 1, 2.5, 5, 10" | No       |
-| `metrics.otlp.pushInterval`                | Interval at which metrics are sent to the OpenTelemetry Collector.                                                                                               | 10s                                                | No       |
-| `metrics.otlp.http`                        | This instructs the exporter to send the metrics to the OpenTelemetry Collector using HTTP.<br /> Setting the sub-options with their default values.              | null/false                                         | No       |
-| `metrics.otlp.http.endpoint`               | URL of the OpenTelemetry Collector to send metrics to.<br /> Format="`<scheme>://<host>:<port><path>`"                                                           | "http://localhost:4318/v1/metrics"                 | Yes      |
-| `metrics.otlp.http.headers`                | Additional headers sent with metrics by the exporter to the OpenTelemetry Collector.                                                                             | -                                                  | No       |
-| `metrics.otlp.http.tls.ca`                 | Path to the certificate authority used for the secure connection to the OpenTelemetry Collector,<br />it defaults to the system bundle.                          | ""                                                 | No       |
-| `metrics.otlp.http.tls.cert`               | Path to the public certificate used for the secure connection to the OpenTelemetry Collector.<br />When using this option, setting the `key` option is required. | ""                                                 | No       |
-| `metrics.otlp.http.tls.key`                | This instructs the exporter to send the metrics to the OpenTelemetry Collector using HTTP.<br /> Setting the sub-options with their default values.              | null/false                                         | No       |
-| `metrics.otlp.http.tls.insecureskipverify` | Allow the TLS connection to the OpenTelemetry Collector accepts any certificate presented by the server regardless of the hostnames it covers.                   | false                                              | Yes      |
-| `metrics.otlp.grpc`                        | This instructs the exporter to send metrics to the OpenTelemetry Collector using gRPC.                                                                           | null/false                                         | No       |
-| `metrics.otlp.grpc.endpoint`               | Address of the OpenTelemetry Collector to send metrics to.<br /> Format="`<host>:<port>`"                                                                        | "localhost:4317"                                   | Yes      |
-| `metrics.otlp.grpc.headers`                | Additional headers sent with metrics by the exporter to the OpenTelemetry Collector.                                                                             | -                                                  | No       |
-| `metrics.otlp.http.grpc.insecure`          | Allows exporter to send metrics to the OpenTelemetry Collector without using a secured protocol.                                                                 | false                                              | Yes      |
-| `metrics.otlp.grpc.tls.ca`                 | Path to the certificate authority used for the secure connection to the OpenTelemetry Collector,<br />it defaults to the system bundle.                          | -                                                  | No       |
-| `metrics.otlp.grpc.tls.cert`               | Path to the public certificate used for the secure connection to the OpenTelemetry Collector.<br />When using this option, setting the `key` option is required. | -                                                  | No       |
-| `metrics.otlp.grpc.tls.key`                | This instructs the exporter to send the metrics to the OpenTelemetry Collector using HTTP.<br /> Setting the sub-options with their default values.              | null/false                                         | No       |
-| `metrics.otlp.grpc.tls.insecureskipverify` | Allow the TLS connection to the OpenTelemetry Collector accepts any certificate presented by the server regardless of the hostnames it covers.                   | false                                              | Yes      |
+| <a id="opt-metrics-addInternals" href="#opt-metrics-addInternals" title="#opt-metrics-addInternals">`metrics.addInternals`</a> | Enables metrics for internal resources (e.g.: `ping@internal`).                                                                                                  | false                                              | No       |
+| <a id="opt-metrics-otlp-serviceName" href="#opt-metrics-otlp-serviceName" title="#opt-metrics-otlp-serviceName">`metrics.otlp.serviceName`</a> | Defines the service name resource attribute.                                                                                                                     | "traefik"                                          | No       |
+| <a id="opt-metrics-otlp-resourceAttributes" href="#opt-metrics-otlp-resourceAttributes" title="#opt-metrics-otlp-resourceAttributes">`metrics.otlp.resourceAttributes`</a> | Defines additional resource attributes to be sent to the collector. See [resourceAttributes](#resourceattributes) for details.                                                                                                   | []                                                 | No       |
+| <a id="opt-metrics-otlp-addEntryPointsLabels" href="#opt-metrics-otlp-addEntryPointsLabels" title="#opt-metrics-otlp-addEntryPointsLabels">`metrics.otlp.addEntryPointsLabels`</a> | Enable metrics on entry points.                                                                                                                                  | true                                               | No       |
+| <a id="opt-metrics-otlp-addRoutersLabels" href="#opt-metrics-otlp-addRoutersLabels" title="#opt-metrics-otlp-addRoutersLabels">`metrics.otlp.addRoutersLabels`</a> | Enable metrics on routers.                                                                                                                                       | false                                              | No       |
+| <a id="opt-metrics-otlp-addServicesLabels" href="#opt-metrics-otlp-addServicesLabels" title="#opt-metrics-otlp-addServicesLabels">`metrics.otlp.addServicesLabels`</a> | Enable metrics on services.                                                                                                                                      | true                                               | No       |
+| <a id="opt-metrics-otlp-explicitBoundaries" href="#opt-metrics-otlp-explicitBoundaries" title="#opt-metrics-otlp-explicitBoundaries">`metrics.otlp.explicitBoundaries`</a> | Explicit boundaries for Histogram data points.                                                                                                                   | ".005, .01, .025, .05, .1, .25, .5, 1, 2.5, 5, 10" | No       |
+| <a id="opt-metrics-otlp-pushInterval" href="#opt-metrics-otlp-pushInterval" title="#opt-metrics-otlp-pushInterval">`metrics.otlp.pushInterval`</a> | Interval at which metrics are sent to the OpenTelemetry Collector.                                                                                               | 10s                                                | No       |
+| <a id="opt-metrics-otlp-http" href="#opt-metrics-otlp-http" title="#opt-metrics-otlp-http">`metrics.otlp.http`</a> | This instructs the exporter to send the metrics to the OpenTelemetry Collector using HTTP.<br /> Setting the sub-options with their default values.              | null/false                                         | No       |
+| <a id="opt-metrics-otlp-http-endpoint" href="#opt-metrics-otlp-http-endpoint" title="#opt-metrics-otlp-http-endpoint">`metrics.otlp.http.endpoint`</a> | URL of the OpenTelemetry Collector to send metrics to.<br /> Format="`<scheme>://<host>:<port><path>`"                                                           | "https://localhost:4318/v1/metrics"                 | Yes      |
+| <a id="opt-metrics-otlp-http-headers" href="#opt-metrics-otlp-http-headers" title="#opt-metrics-otlp-http-headers">`metrics.otlp.http.headers`</a> | Additional headers sent with metrics by the exporter to the OpenTelemetry Collector.                                                                             | -                                                  | No       |
+| <a id="opt-metrics-otlp-http-tls-ca" href="#opt-metrics-otlp-http-tls-ca" title="#opt-metrics-otlp-http-tls-ca">`metrics.otlp.http.tls.ca`</a> | Path to the certificate authority used for the secure connection to the OpenTelemetry Collector,<br />it defaults to the system bundle.                          | ""                                                 | No       |
+| <a id="opt-metrics-otlp-http-tls-cert" href="#opt-metrics-otlp-http-tls-cert" title="#opt-metrics-otlp-http-tls-cert">`metrics.otlp.http.tls.cert`</a> | Path to the public certificate used for the secure connection to the OpenTelemetry Collector.<br />When using this option, setting the `key` option is required. | ""                                                 | No       |
+| <a id="opt-metrics-otlp-http-tls-key" href="#opt-metrics-otlp-http-tls-key" title="#opt-metrics-otlp-http-tls-key">`metrics.otlp.http.tls.key`</a> | This instructs the exporter to send the metrics to the OpenTelemetry Collector using HTTP.<br /> Setting the sub-options with their default values.              | null/false                                         | No       |
+| <a id="opt-metrics-otlp-http-tls-insecureskipverify" href="#opt-metrics-otlp-http-tls-insecureskipverify" title="#opt-metrics-otlp-http-tls-insecureskipverify">`metrics.otlp.http.tls.insecureskipverify`</a> | Allow the TLS connection to the OpenTelemetry Collector accepts any certificate presented by the server regardless of the hostnames it covers.                   | false                                              | Yes      |
+| <a id="opt-metrics-otlp-grpc" href="#opt-metrics-otlp-grpc" title="#opt-metrics-otlp-grpc">`metrics.otlp.grpc`</a> | This instructs the exporter to send metrics to the OpenTelemetry Collector using gRPC.                                                                           | null/false                                         | No       |
+| <a id="opt-metrics-otlp-grpc-endpoint" href="#opt-metrics-otlp-grpc-endpoint" title="#opt-metrics-otlp-grpc-endpoint">`metrics.otlp.grpc.endpoint`</a> | Address of the OpenTelemetry Collector to send metrics to.<br /> Format="`<host>:<port>`"                                                                        | "localhost:4317"                                   | Yes      |
+| <a id="opt-metrics-otlp-grpc-headers" href="#opt-metrics-otlp-grpc-headers" title="#opt-metrics-otlp-grpc-headers">`metrics.otlp.grpc.headers`</a> | Additional headers sent with metrics by the exporter to the OpenTelemetry Collector.                                                                             | -                                                  | No       |
+| <a id="opt-metrics-otlp-grpc-insecure" href="#opt-metrics-otlp-grpc-insecure" title="#opt-metrics-otlp-grpc-insecure">`metrics.otlp.grpc.insecure`</a> | Allows exporter to send metrics to the OpenTelemetry Collector without using a secured protocol.                                                                 | false                                              | Yes      |
+| <a id="opt-metrics-otlp-grpc-tls-ca" href="#opt-metrics-otlp-grpc-tls-ca" title="#opt-metrics-otlp-grpc-tls-ca">`metrics.otlp.grpc.tls.ca`</a> | Path to the certificate authority used for the secure connection to the OpenTelemetry Collector,<br />it defaults to the system bundle.                          | -                                                  | No       |
+| <a id="opt-metrics-otlp-grpc-tls-cert" href="#opt-metrics-otlp-grpc-tls-cert" title="#opt-metrics-otlp-grpc-tls-cert">`metrics.otlp.grpc.tls.cert`</a> | Path to the public certificate used for the secure connection to the OpenTelemetry Collector.<br />When using this option, setting the `key` option is required. | -                                                  | No       |
+| <a id="opt-metrics-otlp-grpc-tls-key" href="#opt-metrics-otlp-grpc-tls-key" title="#opt-metrics-otlp-grpc-tls-key">`metrics.otlp.grpc.tls.key`</a> | This instructs the exporter to send the metrics to the OpenTelemetry Collector using HTTP.<br /> Setting the sub-options with their default values.              | null/false                                         | No       |
+| <a id="opt-metrics-otlp-grpc-tls-insecureskipverify" href="#opt-metrics-otlp-grpc-tls-insecureskipverify" title="#opt-metrics-otlp-grpc-tls-insecureskipverify">`metrics.otlp.grpc.tls.insecureskipverify`</a> | Allow the TLS connection to the OpenTelemetry Collector accepts any certificate presented by the server regardless of the hostnames it covers.                   | false                                              | Yes      |
+
+### resourceAttributes
+
+The `resourceAttributes` option allows setting the resource attributes sent along the traces.
+Traefik also supports the `OTEL_RESOURCE_ATTRIBUTES` env variable to set up the resource attributes.
+
+!!! info "Kubernetes Resource Attributes Detection"
+
+    Additionally, Traefik automatically discovers the following [Kubernetes resource attributes](https://opentelemetry.io/docs/specs/semconv/non-normative/k8s-attributes/) when running in a Kubernetes cluster:
+    
+    - `k8s.namespace.name`
+    - `k8s.pod.uid`
+    - `k8s.pod.name`
+    
+    Note that this automatic detection can fail, like if the Traefik pod is running in host network mode.
+    In this case, you should provide the attributes with the option or the env variable.

 ## Vendors

@@ -112,13 +128,13 @@ metrics:

 | Field | Description      | Default              | Required |
 |:------|:-------------------------------|:---------------------|:---------|
-| `metrics.addInternals` | Enables metrics for internal resources (e.g.: `ping@internal`). | false      | No      |
-| `datadog.address` | Defines the address for the exporter to send metrics to datadog-agent. More information [here](#address)|  `127.0.0.1:8125`     | Yes   |
-| `datadog.addEntryPointsLabels` | Enable metrics on entry points. |  true   | No   |
-| `datadog.addRoutersLabels` | Enable metrics on routers. |  false   | No   |
-| `datadog.addServicesLabels` | Enable metrics on services. |  true   | No   |
-| `datadog.pushInterval` | Defines the interval used by the exporter to push metrics to datadog-agent. |  10s   | No   |
-| `datadog.prefix` | Defines the prefix to use for metrics collection. |  "traefik"   | No   |
+| <a id="opt-metrics-addInternals-2" href="#opt-metrics-addInternals-2" title="#opt-metrics-addInternals-2">`metrics.addInternals`</a> | Enables metrics for internal resources (e.g.: `ping@internal`). | false      | No      |
+| <a id="opt-datadog-address" href="#opt-datadog-address" title="#opt-datadog-address">`datadog.address`</a> | Defines the address for the exporter to send metrics to datadog-agent. More information [here](#address)|  `127.0.0.1:8125`     | Yes   |
+| <a id="opt-datadog-addEntryPointsLabels" href="#opt-datadog-addEntryPointsLabels" title="#opt-datadog-addEntryPointsLabels">`datadog.addEntryPointsLabels`</a> | Enable metrics on entry points. |  true   | No   |
+| <a id="opt-datadog-addRoutersLabels" href="#opt-datadog-addRoutersLabels" title="#opt-datadog-addRoutersLabels">`datadog.addRoutersLabels`</a> | Enable metrics on routers. |  false   | No   |
+| <a id="opt-datadog-addServicesLabels" href="#opt-datadog-addServicesLabels" title="#opt-datadog-addServicesLabels">`datadog.addServicesLabels`</a> | Enable metrics on services. |  true   | No   |
+| <a id="opt-datadog-pushInterval" href="#opt-datadog-pushInterval" title="#opt-datadog-pushInterval">`datadog.pushInterval`</a> | Defines the interval used by the exporter to push metrics to datadog-agent. |  10s   | No   |
+| <a id="opt-datadog-prefix" href="#opt-datadog-prefix" title="#opt-datadog-prefix">`datadog.prefix`</a> | Defines the prefix to use for metrics collection. |  "traefik"   | No   |

 ##### `address`

@@ -170,16 +186,16 @@ metrics:

 | Field      | Description      | Default | Required |
 |:-----------|-------------------------|:--------|:---------|
-| `metrics.addInternal` | Enables metrics for internal resources (e.g.: `ping@internal`). | false      | No      |
-| `metrics.influxDB2.addEntryPointsLabels` | Enable metrics on entry points. | true      | No      |
-| `metrics.influxDB2.addRoutersLabels` | Enable metrics on routers. | false      | No      |
-| `metrics.influxDB2.addServicesLabels` | Enable metrics on services.| true      | No      |
-| `metrics.influxDB2.additionalLabels` | Additional labels (InfluxDB tags) on all metrics. | - | No      |
-| `metrics.influxDB2.pushInterval` | The interval used by the exporter to push metrics to InfluxDB server. | 10s      | No      |
-| `metrics.influxDB2.address` | Address of the InfluxDB v2 instance. | "http://localhost:8086"     | Yes      |
-| `metrics.influxDB2.token` | Token with which to connect to InfluxDB v2. | - | Yes      |
-| `metrics.influxDB2.org` | Organisation where metrics will be stored. | -  | Yes      |
-| `metrics.influxDB2.bucket` | Bucket where metrics will be stored. | -  | Yes      |
+| <a id="opt-metrics-addInternal" href="#opt-metrics-addInternal" title="#opt-metrics-addInternal">`metrics.addInternal`</a> | Enables metrics for internal resources (e.g.: `ping@internal`). | false      | No      |
+| <a id="opt-metrics-influxDB2-addEntryPointsLabels" href="#opt-metrics-influxDB2-addEntryPointsLabels" title="#opt-metrics-influxDB2-addEntryPointsLabels">`metrics.influxDB2.addEntryPointsLabels`</a> | Enable metrics on entry points. | true      | No      |
+| <a id="opt-metrics-influxDB2-addRoutersLabels" href="#opt-metrics-influxDB2-addRoutersLabels" title="#opt-metrics-influxDB2-addRoutersLabels">`metrics.influxDB2.addRoutersLabels`</a> | Enable metrics on routers. | false      | No      |
+| <a id="opt-metrics-influxDB2-addServicesLabels" href="#opt-metrics-influxDB2-addServicesLabels" title="#opt-metrics-influxDB2-addServicesLabels">`metrics.influxDB2.addServicesLabels`</a> | Enable metrics on services.| true      | No      |
+| <a id="opt-metrics-influxDB2-additionalLabels" href="#opt-metrics-influxDB2-additionalLabels" title="#opt-metrics-influxDB2-additionalLabels">`metrics.influxDB2.additionalLabels`</a> | Additional labels (InfluxDB tags) on all metrics. | - | No      |
+| <a id="opt-metrics-influxDB2-pushInterval" href="#opt-metrics-influxDB2-pushInterval" title="#opt-metrics-influxDB2-pushInterval">`metrics.influxDB2.pushInterval`</a> | The interval used by the exporter to push metrics to InfluxDB server. | 10s      | No      |
+| <a id="opt-metrics-influxDB2-address" href="#opt-metrics-influxDB2-address" title="#opt-metrics-influxDB2-address">`metrics.influxDB2.address`</a> | Address of the InfluxDB v2 instance. | "http://localhost:8086"     | Yes      |
+| <a id="opt-metrics-influxDB2-token" href="#opt-metrics-influxDB2-token" title="#opt-metrics-influxDB2-token">`metrics.influxDB2.token`</a> | Token with which to connect to InfluxDB v2. | - | Yes      |
+| <a id="opt-metrics-influxDB2-org" href="#opt-metrics-influxDB2-org" title="#opt-metrics-influxDB2-org">`metrics.influxDB2.org`</a> | Organisation where metrics will be stored. | -  | Yes      |
+| <a id="opt-metrics-influxDB2-bucket" href="#opt-metrics-influxDB2-bucket" title="#opt-metrics-influxDB2-bucket">`metrics.influxDB2.bucket`</a> | Bucket where metrics will be stored. | -  | Yes      |

 ### Prometheus

@@ -215,14 +231,14 @@ metrics:

 | Field      | Description         | Default | Required |
 |:-----------|---------------------|:--------|:---------|
-| `metrics.prometheus.addInternals` | Enables metrics for internal resources (e.g.: `ping@internals`). | false      | No      |
-| `metrics.prometheus.addEntryPointsLabels` | Enable metrics on entry points. | true      | No      |
-| `metrics.prometheus.addRoutersLabels` | Enable metrics on routers. | false      | No      |
-| `metrics.prometheus.addServicesLabels` | Enable metrics on services.| true      | No      |
-| `metrics.prometheus.buckets` | Buckets for latency metrics. |"0.100000, 0.300000, 1.200000, 5.000000"  | No      |
-| `metrics.prometheus.manualRouting` | Set to _true_, it disables the default internal router in order to allow creating a custom router for the `prometheus@internal` service. | false    | No      |
-| `metrics.prometheus.entryPoint` | Traefik Entrypoint name used to expose metrics. | "traefik"     | No      |
-| `metrics.prometheus.headerLabels` | Defines extra labels extracted from request headers for the `requests_total` metrics.<br />More information [here](#headerlabels). |       | Yes      |
+| <a id="opt-metrics-addInternals-3" href="#opt-metrics-addInternals-3" title="#opt-metrics-addInternals-3">`metrics.addInternals`</a> | Enables metrics for internal resources (e.g.: `ping@internals`). | false      | No      |
+| <a id="opt-metrics-prometheus-addEntryPointsLabels" href="#opt-metrics-prometheus-addEntryPointsLabels" title="#opt-metrics-prometheus-addEntryPointsLabels">`metrics.prometheus.addEntryPointsLabels`</a> | Enable metrics on entry points. | true      | No      |
+| <a id="opt-metrics-prometheus-addRoutersLabels" href="#opt-metrics-prometheus-addRoutersLabels" title="#opt-metrics-prometheus-addRoutersLabels">`metrics.prometheus.addRoutersLabels`</a> | Enable metrics on routers. | false      | No      |
+| <a id="opt-metrics-prometheus-addServicesLabels" href="#opt-metrics-prometheus-addServicesLabels" title="#opt-metrics-prometheus-addServicesLabels">`metrics.prometheus.addServicesLabels`</a> | Enable metrics on services.| true      | No      |
+| <a id="opt-metrics-prometheus-buckets" href="#opt-metrics-prometheus-buckets" title="#opt-metrics-prometheus-buckets">`metrics.prometheus.buckets`</a> | Buckets for latency metrics. |"0.100000, 0.300000, 1.200000, 5.000000"  | No      |
+| <a id="opt-metrics-prometheus-manualRouting" href="#opt-metrics-prometheus-manualRouting" title="#opt-metrics-prometheus-manualRouting">`metrics.prometheus.manualRouting`</a> | Set to _true_, it disables the default internal router in order to allow creating a custom router for the `prometheus@internal` service. | false    | No      |
+| <a id="opt-metrics-prometheus-entryPoint" href="#opt-metrics-prometheus-entryPoint" title="#opt-metrics-prometheus-entryPoint">`metrics.prometheus.entryPoint`</a> | Traefik Entrypoint name used to expose metrics. | "traefik"     | No      |
+| <a id="opt-metrics-prometheus-headerLabels" href="#opt-metrics-prometheus-headerLabels" title="#opt-metrics-prometheus-headerLabels">`metrics.prometheus.headerLabels`</a> | Defines extra labels extracted from request headers for the `requests_total` metrics.<br />More information [here](#headerlabels). |       | Yes      |

 ##### headerLabels

@@ -288,13 +304,13 @@ metrics:

 | Field      | Description       | Default | Required |
 |:-----------|:-------------------------|:--------|:---------|
-| `metrics.addInternals` | Enables metrics for internal resources (e.g.: `ping@internals`). | false      | No      |
-| `metrics.statsD.addEntryPointsLabels` | Enable metrics on entry points. | true      | No      |
-| `metrics.statsD.addRoutersLabels` | Enable metrics on routers. | false      | No      |
-| `metrics.statsD.addServicesLabels` | Enable metrics on services.| true      | No      |
-| `metrics.statsD.pushInterval` | The interval used by the exporter to push metrics to DataDog server. | 10s      | No      |
-| `metrics.statsD.address` | Address instructs exporter to send metrics to statsd at this address.  | "127.0.0.1:8125"     | Yes      |
-| `metrics.statsD.prefix` | The prefix to use for metrics collection. | "traefik"      | No      |
+| <a id="opt-metrics-addInternals-4" href="#opt-metrics-addInternals-4" title="#opt-metrics-addInternals-4">`metrics.addInternals`</a> | Enables metrics for internal resources (e.g.: `ping@internals`). | false      | No      |
+| <a id="opt-metrics-statsD-addEntryPointsLabels" href="#opt-metrics-statsD-addEntryPointsLabels" title="#opt-metrics-statsD-addEntryPointsLabels">`metrics.statsD.addEntryPointsLabels`</a> | Enable metrics on entry points. | true      | No      |
+| <a id="opt-metrics-statsD-addRoutersLabels" href="#opt-metrics-statsD-addRoutersLabels" title="#opt-metrics-statsD-addRoutersLabels">`metrics.statsD.addRoutersLabels`</a> | Enable metrics on routers. | false      | No      |
+| <a id="opt-metrics-statsD-addServicesLabels" href="#opt-metrics-statsD-addServicesLabels" title="#opt-metrics-statsD-addServicesLabels">`metrics.statsD.addServicesLabels`</a> | Enable metrics on services.| true      | No      |
+| <a id="opt-metrics-statsD-pushInterval" href="#opt-metrics-statsD-pushInterval" title="#opt-metrics-statsD-pushInterval">`metrics.statsD.pushInterval`</a> | The interval used by the exporter to push metrics to DataDog server. | 10s      | No      |
+| <a id="opt-metrics-statsD-address" href="#opt-metrics-statsD-address" title="#opt-metrics-statsD-address">`metrics.statsD.address`</a> | Address instructs exporter to send metrics to statsd at this address.  | "127.0.0.1:8125"     | Yes      |
+| <a id="opt-metrics-statsD-prefix" href="#opt-metrics-statsD-prefix" title="#opt-metrics-statsD-prefix">`metrics.statsD.prefix`</a> | The prefix to use for metrics collection. | "traefik"      | No      |

 ## Metrics Provided

@@ -303,42 +319,42 @@ metrics:
 === "OpenTelemetry"
    | Metric                     | Type  | [Labels](#labels)        | Description                                                        |
    |----------------------------|-------|--------------------------|--------------------------------------------------------------------|
-    | `traefik_config_reloads_total`        | Count |                          | The total count of configuration reloads.                          |
-    | `traefik_config_last_reload_success` | Gauge |                          | The timestamp of the last configuration reload success.            |
-    | `traefik_open_connections`           | Gauge | `entrypoint`, `protocol` | The current count of open connections, by entrypoint and protocol. |
-    | `traefik_tls_certs_not_after` | Gauge |                          | The expiration date of certificates.                               |
+    | <a id="opt-traefik-config-reloads-total" href="#opt-traefik-config-reloads-total" title="#opt-traefik-config-reloads-total">`traefik_config_reloads_total`</a> | Count |                          | The total count of configuration reloads.                          |
+    | <a id="opt-traefik-config-last-reload-success" href="#opt-traefik-config-last-reload-success" title="#opt-traefik-config-last-reload-success">`traefik_config_last_reload_success`</a> | Gauge |                          | The timestamp of the last configuration reload success.            |
+    | <a id="opt-traefik-open-connections" href="#opt-traefik-open-connections" title="#opt-traefik-open-connections">`traefik_open_connections`</a> | Gauge | `entrypoint`, `protocol` | The current count of open connections, by entrypoint and protocol. |
+    | <a id="opt-traefik-tls-certs-not-after" href="#opt-traefik-tls-certs-not-after" title="#opt-traefik-tls-certs-not-after">`traefik_tls_certs_not_after`</a> | Gauge |                          | The expiration date of certificates.                               |
    
 === "Prometheus"
    | Metric                     | Type  | [Labels](#labels)        | Description                                                        |
    |----------------------------|-------|--------------------------|--------------------------------------------------------------------|
-    | `traefik_config_reloads_total`        | Count |                          | The total count of configuration reloads.                          |
-    | `traefik_config_last_reload_success` | Gauge |                          | The timestamp of the last configuration reload success.            |
-    | `traefik_open_connections`           | Gauge | `entrypoint`, `protocol` | The current count of open connections, by entrypoint and protocol. |
-    | `traefik_tls_certs_not_after` | Gauge |      | The expiration date of certificates. |
+    | <a id="opt-traefik-config-reloads-total-2" href="#opt-traefik-config-reloads-total-2" title="#opt-traefik-config-reloads-total-2">`traefik_config_reloads_total`</a> | Count |                          | The total count of configuration reloads.                          |
+    | <a id="opt-traefik-config-last-reload-success-2" href="#opt-traefik-config-last-reload-success-2" title="#opt-traefik-config-last-reload-success-2">`traefik_config_last_reload_success`</a> | Gauge |                          | The timestamp of the last configuration reload success.            |
+    | <a id="opt-traefik-open-connections-2" href="#opt-traefik-open-connections-2" title="#opt-traefik-open-connections-2">`traefik_open_connections`</a> | Gauge | `entrypoint`, `protocol` | The current count of open connections, by entrypoint and protocol. |
+    | <a id="opt-traefik-tls-certs-not-after-2" href="#opt-traefik-tls-certs-not-after-2" title="#opt-traefik-tls-certs-not-after-2">`traefik_tls_certs_not_after`</a> | Gauge |      | The expiration date of certificates. |

 === "Datadog"
    | Metric                     | Type  | [Labels](#labels)        | Description                                                        |
    |----------------------------|-------|--------------------------|--------------------------------------------------------------------|
-    | `config.reload.total`        | Count |                          | The total count of configuration reloads.                          |
-    | `config.reload.lastSuccessTimestamp` | Gauge |                          | The timestamp of the last configuration reload success.            |
-    | `open.connections`           | Gauge | `entrypoint`, `protocol` | The current count of open connections, by entrypoint and protocol. |
-    | `tls.certs.notAfterTimestamp` | Gauge |                          | The expiration date of certificates.                               |
+    | <a id="opt-config-reload-total" href="#opt-config-reload-total" title="#opt-config-reload-total">`config.reload.total`</a> | Count |                          | The total count of configuration reloads.                          |
+    | <a id="opt-config-reload-lastSuccessTimestamp" href="#opt-config-reload-lastSuccessTimestamp" title="#opt-config-reload-lastSuccessTimestamp">`config.reload.lastSuccessTimestamp`</a> | Gauge |                          | The timestamp of the last configuration reload success.            |
+    | <a id="opt-open-connections" href="#opt-open-connections" title="#opt-open-connections">`open.connections`</a> | Gauge | `entrypoint`, `protocol` | The current count of open connections, by entrypoint and protocol. |
+    | <a id="opt-tls-certs-notAfterTimestamp" href="#opt-tls-certs-notAfterTimestamp" title="#opt-tls-certs-notAfterTimestamp">`tls.certs.notAfterTimestamp`</a> | Gauge |                          | The expiration date of certificates.                               |

 === "InfluxDB2"
    | Metric                     | Type  | [Labels](#labels)        | Description                                                        |
    |----------------------------|-------|--------------------------|--------------------------------------------------------------------|
-    | `traefik.config.reload.total`        | Count |                          | The total count of configuration reloads.                          |
-    | `traefik.config.reload.lastSuccessTimestamp` | Gauge |                          | The timestamp of the last configuration reload success.            |
-    | `traefik.open.connections`           | Gauge | `entrypoint`, `protocol` | The current count of open connections, by entrypoint and protocol. |
-    | `traefik.tls.certs.notAfterTimestamp` | Gauge |                          | The expiration date of certificates.                               |
+    | <a id="opt-traefik-config-reload-total" href="#opt-traefik-config-reload-total" title="#opt-traefik-config-reload-total">`traefik.config.reload.total`</a> | Count |                          | The total count of configuration reloads.                          |
+    | <a id="opt-traefik-config-reload-lastSuccessTimestamp" href="#opt-traefik-config-reload-lastSuccessTimestamp" title="#opt-traefik-config-reload-lastSuccessTimestamp">`traefik.config.reload.lastSuccessTimestamp`</a> | Gauge |                          | The timestamp of the last configuration reload success.            |
+    | <a id="opt-traefik-open-connections-3" href="#opt-traefik-open-connections-3" title="#opt-traefik-open-connections-3">`traefik.open.connections`</a> | Gauge | `entrypoint`, `protocol` | The current count of open connections, by entrypoint and protocol. |
+    | <a id="opt-traefik-tls-certs-notAfterTimestamp" href="#opt-traefik-tls-certs-notAfterTimestamp" title="#opt-traefik-tls-certs-notAfterTimestamp">`traefik.tls.certs.notAfterTimestamp`</a> | Gauge |                          | The expiration date of certificates.                               |

 === "StatsD"
    | Metric       | Type  | [Labels](#labels)        | Description                                                        |
    |----------------------------|-------|--------------------------|--------------------------------------------------------------------|
-    | `{prefix}.config.reload.total`    | Count |     | The total count of configuration reloads. |
-    | `{prefix}.config.reload.lastSuccessTimestamp` | Gauge |          | The timestamp of the last configuration reload success.            |
-    | `{prefix}.open.connections`    | Gauge | `entrypoint`, `protocol` | The current count of open connections, by entrypoint and protocol. |
-    | `{prefix}.tls.certs.notAfterTimestamp` | Gauge |    | The expiration date of certificates.   |
+    | <a id="opt-prefix-config-reload-total" href="#opt-prefix-config-reload-total" title="#opt-prefix-config-reload-total">`{prefix}.config.reload.total`</a> | Count |     | The total count of configuration reloads. |
+    | <a id="opt-prefix-config-reload-lastSuccessTimestamp" href="#opt-prefix-config-reload-lastSuccessTimestamp" title="#opt-prefix-config-reload-lastSuccessTimestamp">`{prefix}.config.reload.lastSuccessTimestamp`</a> | Gauge |          | The timestamp of the last configuration reload success.            |
+    | <a id="opt-prefix-open-connections" href="#opt-prefix-open-connections" title="#opt-prefix-open-connections">`{prefix}.open.connections`</a> | Gauge | `entrypoint`, `protocol` | The current count of open connections, by entrypoint and protocol. |
+    | <a id="opt-prefix-tls-certs-notAfterTimestamp" href="#opt-prefix-tls-certs-notAfterTimestamp" title="#opt-prefix-tls-certs-notAfterTimestamp">`{prefix}.tls.certs.notAfterTimestamp`</a> | Gauge |    | The expiration date of certificates.   |

 !!! note "\{prefix\} Default Value"
        By default, \{prefix\} value is `traefik`.
@@ -349,8 +365,8 @@ Here is a comprehensive list of labels that are provided by the global metrics:

 | Label        | Description      | example              |
 |--------------|----------------------------------------|----------------------|
-| `entrypoint` | Entrypoint that handled the connection | "example_entrypoint" |
-| `protocol`   | Connection protocol     | "TCP"      |
+| <a id="opt-entrypoint" href="#opt-entrypoint" title="#opt-entrypoint">`entrypoint`</a> | Entrypoint that handled the connection | "example_entrypoint" |
+| <a id="opt-protocol" href="#opt-protocol" title="#opt-protocol">`protocol`</a> | Connection protocol     | "TCP"      |

 ### OpenTelemetry Semantic Conventions

@@ -360,7 +376,7 @@ Traefik Proxy follows [official OpenTelemetry semantic conventions v1.23.1](http

 | Metric     | Type      | [Labels](#labels)       | Description   |
 |----------|-----------|-------------------------|------------------|
-| `http.server.request.duration`	 | Histogram | `error.type`, `http.request.method`, `http.response.status_code`, `network.protocol.name`, `server.address`, `server.port`, `url.scheme` | Duration of HTTP server requests  |
+| <a id="opt-http-server-request-duration" href="#opt-http-server-request-duration" title="#opt-http-server-request-duration">`http.server.request.duration`</a> | Histogram | `error.type`, `http.request.method`, `http.response.status_code`, `network.protocol.name`, `server.address`, `server.port`, `url.scheme` | Duration of HTTP server requests  |

 ##### Labels

@@ -368,35 +384,35 @@ Here is a comprehensive list of labels that are provided by the metrics:

 | Label     | Description   | example       |
 |-----------------------------|--------|---------------|
-| `error.type`                | Describes a class of error the operation ended with          | "500"         |
-| `http.request.method`       | HTTP request method                                          | "GET"         |
-| `http.response.status_code` | HTTP response status code                                    | "200"         |
-| `network.protocol.name`     | OSI application layer or non-OSI equivalent                  | "http/1.1"    |
-| `network.protocol.version`  | Version of the protocol specified in `network.protocol.name` | "1.1"         |
-| `server.address`            | Name of the local HTTP server that received the request      | "example.com" |
-| `server.port`               | Port of the local HTTP server that received the request      | "80"          |
-| `url.scheme`                | The URI scheme component identifying the used protocol       | "http"        |
+| <a id="opt-error-type" href="#opt-error-type" title="#opt-error-type">`error.type`</a> | Describes a class of error the operation ended with          | "500"         |
+| <a id="opt-http-request-method" href="#opt-http-request-method" title="#opt-http-request-method">`http.request.method`</a> | HTTP request method                                          | "GET"         |
+| <a id="opt-http-response-status-code" href="#opt-http-response-status-code" title="#opt-http-response-status-code">`http.response.status_code`</a> | HTTP response status code                                    | "200"         |
+| <a id="opt-network-protocol-name" href="#opt-network-protocol-name" title="#opt-network-protocol-name">`network.protocol.name`</a> | OSI application layer or non-OSI equivalent                  | "http/1.1"    |
+| <a id="opt-network-protocol-version" href="#opt-network-protocol-version" title="#opt-network-protocol-version">`network.protocol.version`</a> | Version of the protocol specified in `network.protocol.name` | "1.1"         |
+| <a id="opt-server-address" href="#opt-server-address" title="#opt-server-address">`server.address`</a> | Name of the local HTTP server that received the request      | "example.com" |
+| <a id="opt-server-port" href="#opt-server-port" title="#opt-server-port">`server.port`</a> | Port of the local HTTP server that received the request      | "80"          |
+| <a id="opt-url-scheme" href="#opt-url-scheme" title="#opt-url-scheme">`url.scheme`</a> | The URI scheme component identifying the used protocol       | "http"        |

 #### HTTP Client

 | Metric    | Type      | [Labels](#labels)    | Description  |
 |-------------------------------|-----------|-----------------|--------|
-| `http.client.request.duration`	 | Histogram | `error.type`, `http.request.method`, `http.response.status_code`, `network.protocol.name`, `server.address`, `server.port`, `url.scheme` | Duration of HTTP client requests  |
+| <a id="opt-http-client-request-duration" href="#opt-http-client-request-duration" title="#opt-http-client-request-duration">`http.client.request.duration`</a> | Histogram | `error.type`, `http.request.method`, `http.response.status_code`, `network.protocol.name`, `server.address`, `server.port`, `url.scheme` | Duration of HTTP client requests  |

 ##### Labels

 Here is a comprehensive list of labels that are provided by the metrics:

-| Label  | Description     | example       |
-|------  -----|------------|---------------|
-| `error.type`  | Describes a class of error the operation ended with    | "500"   |
-| `http.request.method`       | HTTP request method  | "GET" |
-| `http.response.status_code` | HTTP response status code  | "200" |
-| `network.protocol.name`     | OSI application layer or non-OSI equivalent                  | "http/1.1"    |
-| `network.protocol.version`  | Version of the protocol specified in `network.protocol.name` | "1.1"         |
-| `server.address`            | Name of the local HTTP server that received the request      | "example.com" |
-| `server.port`               | Port of the local HTTP server that received the request      | "80"          |
-| `url.scheme`                | The URI scheme component identifying the used protocol       | "http"        |
+| Label                                                                                              | Description                                                  | example       |
+|----------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------|---------------|
+| <a id="opt-error-type-2" href="#opt-error-type-2" title="#opt-error-type-2">`error.type`</a> | Describes a class of error the operation ended with          | "500"         |
+| <a id="opt-http-request-method-2" href="#opt-http-request-method-2" title="#opt-http-request-method-2">`http.request.method`</a> | HTTP request method                                          | "GET"         |
+| <a id="opt-http-response-status-code-2" href="#opt-http-response-status-code-2" title="#opt-http-response-status-code-2">`http.response.status_code`</a> | HTTP response status code                                    | "200"         |
+| <a id="opt-network-protocol-name-2" href="#opt-network-protocol-name-2" title="#opt-network-protocol-name-2">`network.protocol.name`</a> | OSI application layer or non-OSI equivalent                  | "http/1.1"    |
+| <a id="opt-network-protocol-version-2" href="#opt-network-protocol-version-2" title="#opt-network-protocol-version-2">`network.protocol.version`</a> | Version of the protocol specified in `network.protocol.name` | "1.1"         |
+| <a id="opt-server-address-2" href="#opt-server-address-2" title="#opt-server-address-2">`server.address`</a> | Name of the local HTTP server that received the request      | "example.com" |
+| <a id="opt-server-port-2" href="#opt-server-port-2" title="#opt-server-port-2">`server.port`</a> | Port of the local HTTP server that received the request      | "80"          |
+| <a id="opt-url-scheme-2" href="#opt-url-scheme-2" title="#opt-url-scheme-2">`url.scheme`</a> | The URI scheme component identifying the used protocol       | "http"        |

 ### HTTP Metrics

@@ -408,51 +424,51 @@ On top of the official OpenTelemetry semantic conventions, Traefik provides its

    | Metric   | Type      | [Labels](#labels)         | Description   |
    |-----------------------|-----------|--------------------|--------------------------|
-    | `traefik_entrypoint_requests_total`        | Count     | `code`, `method`, `protocol`, `entrypoint` | The total count of HTTP requests received by an entrypoint.         |
-    | `traefik_entrypoint_requests_tls_total`    | Count     | `tls_version`, `tls_cipher`, `entrypoint`  | The total count of HTTPS requests received by an entrypoint.        |
-    | `traefik_entrypoint_request_duration_seconds`     | Histogram | `code`, `method`, `protocol`, `entrypoint` | Request processing duration histogram on an entrypoint.             |
-    | `traefik_entrypoint_requests_bytes_total`  | Count     | `code`, `method`, `protocol`, `entrypoint` | The total size of HTTP requests in bytes handled by an entrypoint.  |
-    | `traefik_entrypoint_responses_bytes_total` | Count     | `code`, `method`, `protocol`, `entrypoint` | The total size of HTTP responses in bytes handled by an entrypoint. |
+    | <a id="opt-traefik-entrypoint-requests-total" href="#opt-traefik-entrypoint-requests-total" title="#opt-traefik-entrypoint-requests-total">`traefik_entrypoint_requests_total`</a> | Count     | `code`, `method`, `protocol`, `entrypoint` | The total count of HTTP requests received by an entrypoint.         |
+    | <a id="opt-traefik-entrypoint-requests-tls-total" href="#opt-traefik-entrypoint-requests-tls-total" title="#opt-traefik-entrypoint-requests-tls-total">`traefik_entrypoint_requests_tls_total`</a> | Count     | `tls_version`, `tls_cipher`, `entrypoint`  | The total count of HTTPS requests received by an entrypoint.        |
+    | <a id="opt-traefik-entrypoint-request-duration-seconds" href="#opt-traefik-entrypoint-request-duration-seconds" title="#opt-traefik-entrypoint-request-duration-seconds">`traefik_entrypoint_request_duration_seconds`</a> | Histogram | `code`, `method`, `protocol`, `entrypoint` | Request processing duration histogram on an entrypoint.             |
+    | <a id="opt-traefik-entrypoint-requests-bytes-total" href="#opt-traefik-entrypoint-requests-bytes-total" title="#opt-traefik-entrypoint-requests-bytes-total">`traefik_entrypoint_requests_bytes_total`</a> | Count     | `code`, `method`, `protocol`, `entrypoint` | The total size of HTTP requests in bytes handled by an entrypoint.  |
+    | <a id="opt-traefik-entrypoint-responses-bytes-total" href="#opt-traefik-entrypoint-responses-bytes-total" title="#opt-traefik-entrypoint-responses-bytes-total">`traefik_entrypoint_responses_bytes_total`</a> | Count     | `code`, `method`, `protocol`, `entrypoint` | The total size of HTTP responses in bytes handled by an entrypoint. |
    
 === "Prometheus"

    | Metric     | Type      | [Labels](#labels)      | Description      |
    |-----------------------|-----------|------------------------|-------------------------|
-    | `traefik_entrypoint_requests_total`        | Count     | `code`, `method`, `protocol`, `entrypoint` | The total count of HTTP requests received by an entrypoint.         |
-    | `traefik_entrypoint_requests_tls_total`    | Count     | `tls_version`, `tls_cipher`, `entrypoint`  | The total count of HTTPS requests received by an entrypoint.        |
-    | `traefik_entrypoint_request_duration_seconds`     | Histogram | `code`, `method`, `protocol`, `entrypoint` | Request processing duration histogram on an entrypoint.             |
-    | `traefik_entrypoint_requests_bytes_total`  | Count     | `code`, `method`, `protocol`, `entrypoint` | The total size of HTTP requests in bytes handled by an entrypoint.  |
-    | `traefik_entrypoint_responses_bytes_total` | Count     | `code`, `method`, `protocol`, `entrypoint` | The total size of HTTP responses in bytes handled by an entrypoint. |
+    | <a id="opt-traefik-entrypoint-requests-total-2" href="#opt-traefik-entrypoint-requests-total-2" title="#opt-traefik-entrypoint-requests-total-2">`traefik_entrypoint_requests_total`</a> | Count     | `code`, `method`, `protocol`, `entrypoint` | The total count of HTTP requests received by an entrypoint.         |
+    | <a id="opt-traefik-entrypoint-requests-tls-total-2" href="#opt-traefik-entrypoint-requests-tls-total-2" title="#opt-traefik-entrypoint-requests-tls-total-2">`traefik_entrypoint_requests_tls_total`</a> | Count     | `tls_version`, `tls_cipher`, `entrypoint`  | The total count of HTTPS requests received by an entrypoint.        |
+    | <a id="opt-traefik-entrypoint-request-duration-seconds-2" href="#opt-traefik-entrypoint-request-duration-seconds-2" title="#opt-traefik-entrypoint-request-duration-seconds-2">`traefik_entrypoint_request_duration_seconds`</a> | Histogram | `code`, `method`, `protocol`, `entrypoint` | Request processing duration histogram on an entrypoint.             |
+    | <a id="opt-traefik-entrypoint-requests-bytes-total-2" href="#opt-traefik-entrypoint-requests-bytes-total-2" title="#opt-traefik-entrypoint-requests-bytes-total-2">`traefik_entrypoint_requests_bytes_total`</a> | Count     | `code`, `method`, `protocol`, `entrypoint` | The total size of HTTP requests in bytes handled by an entrypoint.  |
+    | <a id="opt-traefik-entrypoint-responses-bytes-total-2" href="#opt-traefik-entrypoint-responses-bytes-total-2" title="#opt-traefik-entrypoint-responses-bytes-total-2">`traefik_entrypoint_responses_bytes_total`</a> | Count     | `code`, `method`, `protocol`, `entrypoint` | The total size of HTTP responses in bytes handled by an entrypoint. |

 === "Datadog"

    | Metric   | Type      | [Labels](#labels)     | Description     |
    |-----------------------|-----------|------------------|---------------------------|
-    | `entrypoint.requests.total`        | Count     | `code`, `method`, `protocol`, `entrypoint` | The total count of HTTP requests received by an entrypoint.         |
-    | `entrypoint.requests.tls.total`    | Count     | `tls_version`, `tls_cipher`, `entrypoint`  | The total count of HTTPS requests received by an entrypoint.        |
-    | `entrypoint.request.duration.seconds`     | Histogram | `code`, `method`, `protocol`, `entrypoint` | Request processing duration histogram on an entrypoint.             |
-    | `entrypoint.requests.bytes.total`  | Count     | `code`, `method`, `protocol`, `entrypoint` | The total size of HTTP requests in bytes handled by an entrypoint.  |
-    | `entrypoint.responses.bytes.total` | Count     | `code`, `method`, `protocol`, `entrypoint` | The total size of HTTP responses in bytes handled by an entrypoint. |
+    | <a id="opt-entrypoint-requests-total" href="#opt-entrypoint-requests-total" title="#opt-entrypoint-requests-total">`entrypoint.requests.total`</a> | Count     | `code`, `method`, `protocol`, `entrypoint` | The total count of HTTP requests received by an entrypoint.         |
+    | <a id="opt-entrypoint-requests-tls-total" href="#opt-entrypoint-requests-tls-total" title="#opt-entrypoint-requests-tls-total">`entrypoint.requests.tls.total`</a> | Count     | `tls_version`, `tls_cipher`, `entrypoint`  | The total count of HTTPS requests received by an entrypoint.        |
+    | <a id="opt-entrypoint-request-duration-seconds" href="#opt-entrypoint-request-duration-seconds" title="#opt-entrypoint-request-duration-seconds">`entrypoint.request.duration.seconds`</a> | Histogram | `code`, `method`, `protocol`, `entrypoint` | Request processing duration histogram on an entrypoint.             |
+    | <a id="opt-entrypoint-requests-bytes-total" href="#opt-entrypoint-requests-bytes-total" title="#opt-entrypoint-requests-bytes-total">`entrypoint.requests.bytes.total`</a> | Count     | `code`, `method`, `protocol`, `entrypoint` | The total size of HTTP requests in bytes handled by an entrypoint.  |
+    | <a id="opt-entrypoint-responses-bytes-total" href="#opt-entrypoint-responses-bytes-total" title="#opt-entrypoint-responses-bytes-total">`entrypoint.responses.bytes.total`</a> | Count     | `code`, `method`, `protocol`, `entrypoint` | The total size of HTTP responses in bytes handled by an entrypoint. |

 === "InfluxDB2"

    | Metric    | Type      | [Labels](#labels)   | Description     |
    |------------|-----------|-------------------|-----------------|
-    | `traefik.entrypoint.requests.total`        | Count     | `code`, `method`, `protocol`, `entrypoint` | The total count of HTTP requests received by an entrypoint.         |
-    | `traefik.entrypoint.requests.tls.total`    | Count     | `tls_version`, `tls_cipher`, `entrypoint`  | The total count of HTTPS requests received by an entrypoint.        |
-    | `traefik.entrypoint.request.duration.seconds`     | Histogram | `code`, `method`, `protocol`, `entrypoint` | Request processing duration histogram on an entrypoint.             |
-    | `traefik.entrypoint.requests.bytes.total`  | Count     | `code`, `method`, `protocol`, `entrypoint` | The total size of HTTP requests in bytes handled by an entrypoint.  |
-    | `traefik.entrypoint.responses.bytes.total` | Count     | `code`, `method`, `protocol`, `entrypoint` | The total size of HTTP responses in bytes handled by an entrypoint. |
+    | <a id="opt-traefik-entrypoint-requests-total-3" href="#opt-traefik-entrypoint-requests-total-3" title="#opt-traefik-entrypoint-requests-total-3">`traefik.entrypoint.requests.total`</a> | Count     | `code`, `method`, `protocol`, `entrypoint` | The total count of HTTP requests received by an entrypoint.         |
+    | <a id="opt-traefik-entrypoint-requests-tls-total-3" href="#opt-traefik-entrypoint-requests-tls-total-3" title="#opt-traefik-entrypoint-requests-tls-total-3">`traefik.entrypoint.requests.tls.total`</a> | Count     | `tls_version`, `tls_cipher`, `entrypoint`  | The total count of HTTPS requests received by an entrypoint.        |
+    | <a id="opt-traefik-entrypoint-request-duration-seconds-3" href="#opt-traefik-entrypoint-request-duration-seconds-3" title="#opt-traefik-entrypoint-request-duration-seconds-3">`traefik.entrypoint.request.duration.seconds`</a> | Histogram | `code`, `method`, `protocol`, `entrypoint` | Request processing duration histogram on an entrypoint.             |
+    | <a id="opt-traefik-entrypoint-requests-bytes-total-3" href="#opt-traefik-entrypoint-requests-bytes-total-3" title="#opt-traefik-entrypoint-requests-bytes-total-3">`traefik.entrypoint.requests.bytes.total`</a> | Count     | `code`, `method`, `protocol`, `entrypoint` | The total size of HTTP requests in bytes handled by an entrypoint.  |
+    | <a id="opt-traefik-entrypoint-responses-bytes-total-3" href="#opt-traefik-entrypoint-responses-bytes-total-3" title="#opt-traefik-entrypoint-responses-bytes-total-3">`traefik.entrypoint.responses.bytes.total`</a> | Count     | `code`, `method`, `protocol`, `entrypoint` | The total size of HTTP responses in bytes handled by an entrypoint. |

 === "StatsD"

    | Metric                     | Type  | [Labels](#labels)        | Description                                                        |
    |----------------------------|-------|--------------------------|--------------------------------------------------------------------|
-    | `{prefix}.entrypoint.requests.total`        | Count     | `code`, `method`, `protocol`, `entrypoint` | The total count of HTTP requests received by an entrypoint.         |
-    | `{prefix}.entrypoint.requests.tls.total`    | Count     | `tls_version`, `tls_cipher`, `entrypoint`  | The total count of HTTPS requests received by an entrypoint.        |
-    | `{prefix}.entrypoint.request.duration.seconds`     | Histogram | `code`, `method`, `protocol`, `entrypoint` | Request processing duration histogram on an entrypoint.             |
-    | `{prefix}.entrypoint.requests.bytes.total`  | Count     | `code`, `method`, `protocol`, `entrypoint` | The total size of HTTP requests in bytes handled by an entrypoint.  |
-    | `{prefix}.entrypoint.responses.bytes.total` | Count     | `code`, `method`, `protocol`, `entrypoint` | The total size of HTTP responses in bytes handled by an entrypoint. |
+    | <a id="opt-prefix-entrypoint-requests-total" href="#opt-prefix-entrypoint-requests-total" title="#opt-prefix-entrypoint-requests-total">`{prefix}.entrypoint.requests.total`</a> | Count     | `code`, `method`, `protocol`, `entrypoint` | The total count of HTTP requests received by an entrypoint.         |
+    | <a id="opt-prefix-entrypoint-requests-tls-total" href="#opt-prefix-entrypoint-requests-tls-total" title="#opt-prefix-entrypoint-requests-tls-total">`{prefix}.entrypoint.requests.tls.total`</a> | Count     | `tls_version`, `tls_cipher`, `entrypoint`  | The total count of HTTPS requests received by an entrypoint.        |
+    | <a id="opt-prefix-entrypoint-request-duration-seconds" href="#opt-prefix-entrypoint-request-duration-seconds" title="#opt-prefix-entrypoint-request-duration-seconds">`{prefix}.entrypoint.request.duration.seconds`</a> | Histogram | `code`, `method`, `protocol`, `entrypoint` | Request processing duration histogram on an entrypoint.             |
+    | <a id="opt-prefix-entrypoint-requests-bytes-total" href="#opt-prefix-entrypoint-requests-bytes-total" title="#opt-prefix-entrypoint-requests-bytes-total">`{prefix}.entrypoint.requests.bytes.total`</a> | Count     | `code`, `method`, `protocol`, `entrypoint` | The total size of HTTP requests in bytes handled by an entrypoint.  |
+    | <a id="opt-prefix-entrypoint-responses-bytes-total" href="#opt-prefix-entrypoint-responses-bytes-total" title="#opt-prefix-entrypoint-responses-bytes-total">`{prefix}.entrypoint.responses.bytes.total`</a> | Count     | `code`, `method`, `protocol`, `entrypoint` | The total size of HTTP responses in bytes handled by an entrypoint. |

 !!! note "\{prefix\} Default Value"
        By default, \{prefix\} value is `traefik`.
@@ -463,51 +479,51 @@ On top of the official OpenTelemetry semantic conventions, Traefik provides its

    | Metric    | Type      | [Labels](#labels)         | Description           |
    |-----------------------|-----------|----------------------|--------------------------------|
-    | `traefik_router_requests_total`        | Count     | `code`, `method`, `protocol`, `router`, `service` | The total count of HTTP requests handled by a router.          |
-    | `traefik_router_requests_tls_total`    | Count     | `tls_version`, `tls_cipher`, `router`, `service`  | The total count of HTTPS requests handled by a router.         |
-    | `traefik_router_request_duration_seconds`      | Histogram | `code`, `method`, `protocol`, `router`, `service` | Request processing duration histogram on a router.             |
-    | `traefik_router_requests_bytes_total`  | Count     | `code`, `method`, `protocol`, `router`, `service` | The total size of HTTP requests in bytes handled by a router.  |
-    | `traefik_router_responses_bytes_total` | Count     | `code`, `method`, `protocol`, `router`, `service` | The total size of HTTP responses in bytes handled by a router. |
+    | <a id="opt-traefik-router-requests-total" href="#opt-traefik-router-requests-total" title="#opt-traefik-router-requests-total">`traefik_router_requests_total`</a> | Count     | `code`, `method`, `protocol`, `router`, `service` | The total count of HTTP requests handled by a router.          |
+    | <a id="opt-traefik-router-requests-tls-total" href="#opt-traefik-router-requests-tls-total" title="#opt-traefik-router-requests-tls-total">`traefik_router_requests_tls_total`</a> | Count     | `tls_version`, `tls_cipher`, `router`, `service`  | The total count of HTTPS requests handled by a router.         |
+    | <a id="opt-traefik-router-request-duration-seconds" href="#opt-traefik-router-request-duration-seconds" title="#opt-traefik-router-request-duration-seconds">`traefik_router_request_duration_seconds`</a> | Histogram | `code`, `method`, `protocol`, `router`, `service` | Request processing duration histogram on a router.             |
+    | <a id="opt-traefik-router-requests-bytes-total" href="#opt-traefik-router-requests-bytes-total" title="#opt-traefik-router-requests-bytes-total">`traefik_router_requests_bytes_total`</a> | Count     | `code`, `method`, `protocol`, `router`, `service` | The total size of HTTP requests in bytes handled by a router.  |
+    | <a id="opt-traefik-router-responses-bytes-total" href="#opt-traefik-router-responses-bytes-total" title="#opt-traefik-router-responses-bytes-total">`traefik_router_responses_bytes_total`</a> | Count     | `code`, `method`, `protocol`, `router`, `service` | The total size of HTTP responses in bytes handled by a router. |
    
 === "Prometheus"

    | Metric                | Type      | [Labels](#labels)                                 | Description                                                    |
    |-----------------------|-----------|---------------------------------------------------|----------------------------------------------------------------|
-    | `traefik_router_requests_total`        | Count     | `code`, `method`, `protocol`, `router`, `service` | The total count of HTTP requests handled by a router.          |
-    | `traefik_router_requests_tls_total`    | Count     | `tls_version`, `tls_cipher`, `router`, `service`  | The total count of HTTPS requests handled by a router.         |
-    | `traefik_router_request_duration_seconds`      | Histogram | `code`, `method`, `protocol`, `router`, `service` | Request processing duration histogram on a router.             |
-    | `traefik_router_requests_bytes_total`  | Count     | `code`, `method`, `protocol`, `router`, `service` | The total size of HTTP requests in bytes handled by a router.  |
-    | `traefik_router_responses_bytes_total` | Count     | `code`, `method`, `protocol`, `router`, `service` | The total size of HTTP responses in bytes handled by a router. |
+    | <a id="opt-traefik-router-requests-total-2" href="#opt-traefik-router-requests-total-2" title="#opt-traefik-router-requests-total-2">`traefik_router_requests_total`</a> | Count     | `code`, `method`, `protocol`, `router`, `service` | The total count of HTTP requests handled by a router.          |
+    | <a id="opt-traefik-router-requests-tls-total-2" href="#opt-traefik-router-requests-tls-total-2" title="#opt-traefik-router-requests-tls-total-2">`traefik_router_requests_tls_total`</a> | Count     | `tls_version`, `tls_cipher`, `router`, `service`  | The total count of HTTPS requests handled by a router.         |
+    | <a id="opt-traefik-router-request-duration-seconds-2" href="#opt-traefik-router-request-duration-seconds-2" title="#opt-traefik-router-request-duration-seconds-2">`traefik_router_request_duration_seconds`</a> | Histogram | `code`, `method`, `protocol`, `router`, `service` | Request processing duration histogram on a router.             |
+    | <a id="opt-traefik-router-requests-bytes-total-2" href="#opt-traefik-router-requests-bytes-total-2" title="#opt-traefik-router-requests-bytes-total-2">`traefik_router_requests_bytes_total`</a> | Count     | `code`, `method`, `protocol`, `router`, `service` | The total size of HTTP requests in bytes handled by a router.  |
+    | <a id="opt-traefik-router-responses-bytes-total-2" href="#opt-traefik-router-responses-bytes-total-2" title="#opt-traefik-router-responses-bytes-total-2">`traefik_router_responses_bytes_total`</a> | Count     | `code`, `method`, `protocol`, `router`, `service` | The total size of HTTP responses in bytes handled by a router. |

 === "Datadog"

    | Metric    | Type      | [Labels](#labels)   | Description   |
    |-------------|-----------|---------------|---------------------|
-    | `router.requests.total`        | Count     | `code`, `method`, `protocol`, `router`, `service` | The total count of HTTP requests handled by a router.          |
-    | `router.requests.tls.total`    | Count     | `tls_version`, `tls_cipher`, `router`, `service`  | The total count of HTTPS requests handled by a router.         |
-    | `router.request.duration.seconds`      | Histogram | `code`, `method`, `protocol`, `router`, `service` | Request processing duration histogram on a router.             |
-    | `router.requests.bytes.total`  | Count     | `code`, `method`, `protocol`, `router`, `service` | The total size of HTTP requests in bytes handled by a router.  |
-    | `router.responses.bytes.total` | Count     | `code`, `method`, `protocol`, `router`, `service` | The total size of HTTP responses in bytes handled by a router. |
+    | <a id="opt-router-requests-total" href="#opt-router-requests-total" title="#opt-router-requests-total">`router.requests.total`</a> | Count     | `code`, `method`, `protocol`, `router`, `service` | The total count of HTTP requests handled by a router.          |
+    | <a id="opt-router-requests-tls-total" href="#opt-router-requests-tls-total" title="#opt-router-requests-tls-total">`router.requests.tls.total`</a> | Count     | `tls_version`, `tls_cipher`, `router`, `service`  | The total count of HTTPS requests handled by a router.         |
+    | <a id="opt-router-request-duration-seconds" href="#opt-router-request-duration-seconds" title="#opt-router-request-duration-seconds">`router.request.duration.seconds`</a> | Histogram | `code`, `method`, `protocol`, `router`, `service` | Request processing duration histogram on a router.             |
+    | <a id="opt-router-requests-bytes-total" href="#opt-router-requests-bytes-total" title="#opt-router-requests-bytes-total">`router.requests.bytes.total`</a> | Count     | `code`, `method`, `protocol`, `router`, `service` | The total size of HTTP requests in bytes handled by a router.  |
+    | <a id="opt-router-responses-bytes-total" href="#opt-router-responses-bytes-total" title="#opt-router-responses-bytes-total">`router.responses.bytes.total`</a> | Count     | `code`, `method`, `protocol`, `router`, `service` | The total size of HTTP responses in bytes handled by a router. |

 === "InfluxDB2"

    | Metric                | Type      | [Labels](#labels)                                 | Description                                                    |
    |-----------------------|-----------|---------------------------------------------------|----------------------------------------------------------------|
-    | `traefik.router.requests.total`        | Count     | `code`, `method`, `protocol`, `router`, `service` | The total count of HTTP requests handled by a router.          |
-    | `traefik.router.requests.tls.total`    | Count     | `tls_version`, `tls_cipher`, `router`, `service`  | The total count of HTTPS requests handled by a router.         |
-    | `traefik.router.request.duration.seconds`      | Histogram | `code`, `method`, `protocol`, `router`, `service` | Request processing duration histogram on a router.             |
-    | `traefik.router.requests.bytes.total`  | Count     | `code`, `method`, `protocol`, `router`, `service` | The total size of HTTP requests in bytes handled by a router.  |
-    | `traefik.router.responses.bytes.total` | Count     | `code`, `method`, `protocol`, `router`, `service` | The total size of HTTP responses in bytes handled by a router. |
+    | <a id="opt-traefik-router-requests-total-3" href="#opt-traefik-router-requests-total-3" title="#opt-traefik-router-requests-total-3">`traefik.router.requests.total`</a> | Count     | `code`, `method`, `protocol`, `router`, `service` | The total count of HTTP requests handled by a router.          |
+    | <a id="opt-traefik-router-requests-tls-total-3" href="#opt-traefik-router-requests-tls-total-3" title="#opt-traefik-router-requests-tls-total-3">`traefik.router.requests.tls.total`</a> | Count     | `tls_version`, `tls_cipher`, `router`, `service`  | The total count of HTTPS requests handled by a router.         |
+    | <a id="opt-traefik-router-request-duration-seconds-3" href="#opt-traefik-router-request-duration-seconds-3" title="#opt-traefik-router-request-duration-seconds-3">`traefik.router.request.duration.seconds`</a> | Histogram | `code`, `method`, `protocol`, `router`, `service` | Request processing duration histogram on a router.             |
+    | <a id="opt-traefik-router-requests-bytes-total-3" href="#opt-traefik-router-requests-bytes-total-3" title="#opt-traefik-router-requests-bytes-total-3">`traefik.router.requests.bytes.total`</a> | Count     | `code`, `method`, `protocol`, `router`, `service` | The total size of HTTP requests in bytes handled by a router.  |
+    | <a id="opt-traefik-router-responses-bytes-total-3" href="#opt-traefik-router-responses-bytes-total-3" title="#opt-traefik-router-responses-bytes-total-3">`traefik.router.responses.bytes.total`</a> | Count     | `code`, `method`, `protocol`, `router`, `service` | The total size of HTTP responses in bytes handled by a router. |

 === "StatsD"

    | Metric     | Type      | [Labels](#labels)      | Description   |
    |-----------------------|-----------|---------------|-------------|
-    | `{prefix}.router.requests.total`        | Count     | `code`, `method`, `protocol`, `router`, `service` | The total count of HTTP requests handled by a router.          |
-    | `{prefix}.router.requests.tls.total`    | Count     | `tls_version`, `tls_cipher`, `router`, `service`  | The total count of HTTPS requests handled by a router.         |
-    | `{prefix}.router.request.duration.seconds`      | Histogram | `code`, `method`, `protocol`, `router`, `service` | Request processing duration histogram on a router.             |
-    | `{prefix}.router.requests.bytes.total`  | Count     | `code`, `method`, `protocol`, `router`, `service` | The total size of HTTP requests in bytes handled by a router.  |
-    | `{prefix}.router.responses.bytes.total` | Count     | `code`, `method`, `protocol`, `router`, `service` | The total size of HTTP responses in bytes handled by a router. |
+    | <a id="opt-prefix-router-requests-total" href="#opt-prefix-router-requests-total" title="#opt-prefix-router-requests-total">`{prefix}.router.requests.total`</a> | Count     | `code`, `method`, `protocol`, `router`, `service` | The total count of HTTP requests handled by a router.          |
+    | <a id="opt-prefix-router-requests-tls-total" href="#opt-prefix-router-requests-tls-total" title="#opt-prefix-router-requests-tls-total">`{prefix}.router.requests.tls.total`</a> | Count     | `tls_version`, `tls_cipher`, `router`, `service`  | The total count of HTTPS requests handled by a router.         |
+    | <a id="opt-prefix-router-request-duration-seconds" href="#opt-prefix-router-request-duration-seconds" title="#opt-prefix-router-request-duration-seconds">`{prefix}.router.request.duration.seconds`</a> | Histogram | `code`, `method`, `protocol`, `router`, `service` | Request processing duration histogram on a router.             |
+    | <a id="opt-prefix-router-requests-bytes-total" href="#opt-prefix-router-requests-bytes-total" title="#opt-prefix-router-requests-bytes-total">`{prefix}.router.requests.bytes.total`</a> | Count     | `code`, `method`, `protocol`, `router`, `service` | The total size of HTTP requests in bytes handled by a router.  |
+    | <a id="opt-prefix-router-responses-bytes-total" href="#opt-prefix-router-responses-bytes-total" title="#opt-prefix-router-responses-bytes-total">`{prefix}.router.responses.bytes.total`</a> | Count     | `code`, `method`, `protocol`, `router`, `service` | The total size of HTTP responses in bytes handled by a router. |

 !!! note "\{prefix\} Default Value"
        By default, \{prefix\} value is `traefik`.
@@ -518,61 +534,61 @@ On top of the official OpenTelemetry semantic conventions, Traefik provides its

    | Metric    | Type      | Labels      | Description     |
    |-----------------------|-----------|------------|------------|
-    | `traefik_service_requests_total`        | Count     | `code`, `method`, `protocol`, `service` | The total count of HTTP requests processed on a service.    |
-    | `traefik_service_requests_tls_total`    | Count     | `tls_version`, `tls_cipher`, `service`  | The total count of HTTPS requests processed on a service.   |
-    | `traefik_service_request_duration_seconds`      | Histogram | `code`, `method`, `protocol`, `service` | Request processing duration histogram on a service.         |
-    | `traefik_service_retries_total`         | Count     | `service`                               | The count of requests retries on a service.                 |
-    | `traefik_service_server_up`             | Gauge     | `service`, `url`                        | Current service's server status, 0 for a down or 1 for up.  |
-    | `traefik_service_requests_bytes_total`  | Count     | `code`, `method`, `protocol`, `service` | The total size of requests in bytes received by a service.  |
-    | `traefik_service_responses_bytes_total` | Count     | `code`, `method`, `protocol`, `service` | The total size of responses in bytes returned by a service. |
+    | <a id="opt-traefik-service-requests-total" href="#opt-traefik-service-requests-total" title="#opt-traefik-service-requests-total">`traefik_service_requests_total`</a> | Count     | `code`, `method`, `protocol`, `service` | The total count of HTTP requests processed on a service.    |
+    | <a id="opt-traefik-service-requests-tls-total" href="#opt-traefik-service-requests-tls-total" title="#opt-traefik-service-requests-tls-total">`traefik_service_requests_tls_total`</a> | Count     | `tls_version`, `tls_cipher`, `service`  | The total count of HTTPS requests processed on a service.   |
+    | <a id="opt-traefik-service-request-duration-seconds" href="#opt-traefik-service-request-duration-seconds" title="#opt-traefik-service-request-duration-seconds">`traefik_service_request_duration_seconds`</a> | Histogram | `code`, `method`, `protocol`, `service` | Request processing duration histogram on a service.         |
+    | <a id="opt-traefik-service-retries-total" href="#opt-traefik-service-retries-total" title="#opt-traefik-service-retries-total">`traefik_service_retries_total`</a> | Count     | `service`                               | The count of requests retries on a service.                 |
+    | <a id="opt-traefik-service-server-up" href="#opt-traefik-service-server-up" title="#opt-traefik-service-server-up">`traefik_service_server_up`</a> | Gauge     | `service`, `url`                        | Current service's server status, 0 for a down or 1 for up. Only for services configured with healthcheck. |
+    | <a id="opt-traefik-service-requests-bytes-total" href="#opt-traefik-service-requests-bytes-total" title="#opt-traefik-service-requests-bytes-total">`traefik_service_requests_bytes_total`</a> | Count     | `code`, `method`, `protocol`, `service` | The total size of requests in bytes received by a service.  |
+    | <a id="opt-traefik-service-responses-bytes-total" href="#opt-traefik-service-responses-bytes-total" title="#opt-traefik-service-responses-bytes-total">`traefik_service_responses_bytes_total`</a> | Count     | `code`, `method`, `protocol`, `service` | The total size of responses in bytes returned by a service. |
    
 === "Prometheus"

    | Metric    | Type      | Labels    | Description    |
    |-----------------------|-----------|-------|------------|
-    | `traefik_service_requests_total`        | Count     | `code`, `method`, `protocol`, `service` | The total count of HTTP requests processed on a service.    |
-    | `traefik_service_requests_tls_total`    | Count     | `tls_version`, `tls_cipher`, `service`  | The total count of HTTPS requests processed on a service.   |
-    | `traefik_service_request_duration_seconds`      | Histogram | `code`, `method`, `protocol`, `service` | Request processing duration histogram on a service.         |
-    | `traefik_service_retries_total`         | Count     | `service`                               | The count of requests retries on a service.                 |
-    | `traefik_service_server_up`             | Gauge     | `service`, `url`                        | Current service's server status, 0 for a down or 1 for up.  |
-    | `traefik_service_requests_bytes_total`  | Count     | `code`, `method`, `protocol`, `service` | The total size of requests in bytes received by a service.  |
-    | `traefik_service_responses_bytes_total` | Count     | `code`, `method`, `protocol`, `service` | The total size of responses in bytes returned by a service. |
+    | <a id="opt-traefik-service-requests-total-2" href="#opt-traefik-service-requests-total-2" title="#opt-traefik-service-requests-total-2">`traefik_service_requests_total`</a> | Count     | `code`, `method`, `protocol`, `service` | The total count of HTTP requests processed on a service.    |
+    | <a id="opt-traefik-service-requests-tls-total-2" href="#opt-traefik-service-requests-tls-total-2" title="#opt-traefik-service-requests-tls-total-2">`traefik_service_requests_tls_total`</a> | Count     | `tls_version`, `tls_cipher`, `service`  | The total count of HTTPS requests processed on a service.   |
+    | <a id="opt-traefik-service-request-duration-seconds-2" href="#opt-traefik-service-request-duration-seconds-2" title="#opt-traefik-service-request-duration-seconds-2">`traefik_service_request_duration_seconds`</a> | Histogram | `code`, `method`, `protocol`, `service` | Request processing duration histogram on a service.         |
+    | <a id="opt-traefik-service-retries-total-2" href="#opt-traefik-service-retries-total-2" title="#opt-traefik-service-retries-total-2">`traefik_service_retries_total`</a> | Count     | `service`                               | The count of requests retries on a service.                 |
+    | <a id="opt-traefik-service-server-up-2" href="#opt-traefik-service-server-up-2" title="#opt-traefik-service-server-up-2">`traefik_service_server_up`</a> | Gauge     | `service`, `url`                        | Current service's server status, 0 for a down or 1 for up. Only for services configured with healthcheck. |
+    | <a id="opt-traefik-service-requests-bytes-total-2" href="#opt-traefik-service-requests-bytes-total-2" title="#opt-traefik-service-requests-bytes-total-2">`traefik_service_requests_bytes_total`</a> | Count     | `code`, `method`, `protocol`, `service` | The total size of requests in bytes received by a service.  |
+    | <a id="opt-traefik-service-responses-bytes-total-2" href="#opt-traefik-service-responses-bytes-total-2" title="#opt-traefik-service-responses-bytes-total-2">`traefik_service_responses_bytes_total`</a> | Count     | `code`, `method`, `protocol`, `service` | The total size of responses in bytes returned by a service. |

 === "Datadog"

    | Metric    | Type      | Labels    | Description |
    |-----------------------|-----------|--------|------------------|
-    | `service.requests.total`        | Count     | `code`, `method`, `protocol`, `service` | The total count of HTTP requests processed on a service.    |
-    | `router.service.tls.total`    | Count     | `tls_version`, `tls_cipher`, `service`  | The total count of HTTPS requests processed on a service.   |
-    | `service.request.duration.seconds`      | Histogram | `code`, `method`, `protocol`, `service` | Request processing duration histogram on a service.         |
-    | `service.retries.total`         | Count     | `service`                               | The count of requests retries on a service.                 |
-    | `service.server.up`             | Gauge     | `service`, `url`                        | Current service's server status, 0 for a down or 1 for up.  |
-    | `service.requests.bytes.total`  | Count     | `code`, `method`, `protocol`, `service` | The total size of requests in bytes received by a service.  |
-    | `service.responses.bytes.total` | Count     | `code`, `method`, `protocol`, `service` | The total size of responses in bytes returned by a service. |
+    | <a id="opt-service-requests-total" href="#opt-service-requests-total" title="#opt-service-requests-total">`service.requests.total`</a> | Count     | `code`, `method`, `protocol`, `service` | The total count of HTTP requests processed on a service.    |
+    | <a id="opt-router-service-tls-total" href="#opt-router-service-tls-total" title="#opt-router-service-tls-total">`router.service.tls.total`</a> | Count     | `tls_version`, `tls_cipher`, `service`  | The total count of HTTPS requests processed on a service.   |
+    | <a id="opt-service-request-duration-seconds" href="#opt-service-request-duration-seconds" title="#opt-service-request-duration-seconds">`service.request.duration.seconds`</a> | Histogram | `code`, `method`, `protocol`, `service` | Request processing duration histogram on a service.         |
+    | <a id="opt-service-retries-total" href="#opt-service-retries-total" title="#opt-service-retries-total">`service.retries.total`</a> | Count     | `service`                               | The count of requests retries on a service.                 |
+    | <a id="opt-service-server-up" href="#opt-service-server-up" title="#opt-service-server-up">`service.server.up`</a> | Gauge     | `service`, `url`                        | Current service's server status, 0 for a down or 1 for up. Only for services configured with healthcheck. |
+    | <a id="opt-service-requests-bytes-total" href="#opt-service-requests-bytes-total" title="#opt-service-requests-bytes-total">`service.requests.bytes.total`</a> | Count     | `code`, `method`, `protocol`, `service` | The total size of requests in bytes received by a service.  |
+    | <a id="opt-service-responses-bytes-total" href="#opt-service-responses-bytes-total" title="#opt-service-responses-bytes-total">`service.responses.bytes.total`</a> | Count     | `code`, `method`, `protocol`, `service` | The total size of responses in bytes returned by a service. |

 === "InfluxDB2"

    | Metric                | Type      | Labels                                  | Description                                                 |
    |-----------------------|-----------|-----------------------------------------|-------------------------------------------------------------|
-    | `traefik.service.requests.total`        | Count     | `code`, `method`, `protocol`, `service` | The total count of HTTP requests processed on a service.    |
-    | `traefik.service.requests.tls.total`    | Count     | `tls_version`, `tls_cipher`, `service`  | The total count of HTTPS requests processed on a service.   |
-    | `traefik.service.request.duration.seconds`      | Histogram | `code`, `method`, `protocol`, `service` | Request processing duration histogram on a service.         |
-    | `traefik.service.retries.total`         | Count     | `service`                               | The count of requests retries on a service.                 |
-    | `traefik.service.server.up`             | Gauge     | `service`, `url`                        | Current service's server status, 0 for a down or 1 for up.  |
-    | `traefik.service.requests.bytes.total`  | Count     | `code`, `method`, `protocol`, `service` | The total size of requests in bytes received by a service.  |
-    | `traefik.service.responses.bytes.total` | Count     | `code`, `method`, `protocol`, `service` | The total size of responses in bytes returned by a service. |
+    | <a id="opt-traefik-service-requests-total-3" href="#opt-traefik-service-requests-total-3" title="#opt-traefik-service-requests-total-3">`traefik.service.requests.total`</a> | Count     | `code`, `method`, `protocol`, `service` | The total count of HTTP requests processed on a service.    |
+    | <a id="opt-traefik-service-requests-tls-total-3" href="#opt-traefik-service-requests-tls-total-3" title="#opt-traefik-service-requests-tls-total-3">`traefik.service.requests.tls.total`</a> | Count     | `tls_version`, `tls_cipher`, `service`  | The total count of HTTPS requests processed on a service.   |
+    | <a id="opt-traefik-service-request-duration-seconds-3" href="#opt-traefik-service-request-duration-seconds-3" title="#opt-traefik-service-request-duration-seconds-3">`traefik.service.request.duration.seconds`</a> | Histogram | `code`, `method`, `protocol`, `service` | Request processing duration histogram on a service.         |
+    | <a id="opt-traefik-service-retries-total-3" href="#opt-traefik-service-retries-total-3" title="#opt-traefik-service-retries-total-3">`traefik.service.retries.total`</a> | Count     | `service`                               | The count of requests retries on a service.                 |
+    | <a id="opt-traefik-service-server-up-3" href="#opt-traefik-service-server-up-3" title="#opt-traefik-service-server-up-3">`traefik.service.server.up`</a> | Gauge     | `service`, `url`                        | Current service's server status, 0 for a down or 1 for up. Only for services configured with healthcheck. |
+    | <a id="opt-traefik-service-requests-bytes-total-3" href="#opt-traefik-service-requests-bytes-total-3" title="#opt-traefik-service-requests-bytes-total-3">`traefik.service.requests.bytes.total`</a> | Count     | `code`, `method`, `protocol`, `service` | The total size of requests in bytes received by a service.  |
+    | <a id="opt-traefik-service-responses-bytes-total-3" href="#opt-traefik-service-responses-bytes-total-3" title="#opt-traefik-service-responses-bytes-total-3">`traefik.service.responses.bytes.total`</a> | Count     | `code`, `method`, `protocol`, `service` | The total size of responses in bytes returned by a service. |

 === "StatsD"

    | Metric                | Type      | Labels   | Description    |
    |-----------------------|-----------|-----|---------|
-    | `{prefix}.service.requests.total`        | Count     | `code`, `method`, `protocol`, `service` | The total count of HTTP requests processed on a service.    |
-    | `{prefix}.service.requests.tls.total`    | Count     | `tls_version`, `tls_cipher`, `service`  | The total count of HTTPS requests processed on a service.   |
-    | `{prefix}.service.request.duration.seconds`      | Histogram | `code`, `method`, `protocol`, `service` | Request processing duration histogram on a service.         |
-    | `{prefix}.service.retries.total`         | Count     | `service`                               | The count of requests retries on a service.                 |
-    | `{prefix}.service.server.up`             | Gauge     | `service`, `url`                        | Current service's server status, 0 for a down or 1 for up.  |
-    | `{prefix}.service.requests.bytes.total`  | Count     | `code`, `method`, `protocol`, `service` | The total size of requests in bytes received by a service.  |
-    | `{prefix}.service.responses.bytes.total` | Count     | `code`, `method`, `protocol`, `service` | The total size of responses in bytes returned by a service. |
+    | <a id="opt-prefix-service-requests-total" href="#opt-prefix-service-requests-total" title="#opt-prefix-service-requests-total">`{prefix}.service.requests.total`</a> | Count     | `code`, `method`, `protocol`, `service` | The total count of HTTP requests processed on a service.    |
+    | <a id="opt-prefix-service-requests-tls-total" href="#opt-prefix-service-requests-tls-total" title="#opt-prefix-service-requests-tls-total">`{prefix}.service.requests.tls.total`</a> | Count     | `tls_version`, `tls_cipher`, `service`  | The total count of HTTPS requests processed on a service.   |
+    | <a id="opt-prefix-service-request-duration-seconds" href="#opt-prefix-service-request-duration-seconds" title="#opt-prefix-service-request-duration-seconds">`{prefix}.service.request.duration.seconds`</a> | Histogram | `code`, `method`, `protocol`, `service` | Request processing duration histogram on a service.         |
+    | <a id="opt-prefix-service-retries-total" href="#opt-prefix-service-retries-total" title="#opt-prefix-service-retries-total">`{prefix}.service.retries.total`</a> | Count     | `service`                               | The count of requests retries on a service.                 |
+    | <a id="opt-prefix-service-server-up" href="#opt-prefix-service-server-up" title="#opt-prefix-service-server-up">`{prefix}.service.server.up`</a> | Gauge     | `service`, `url`                        | Current service's server status, 0 for a down or 1 for up. Only for services configured with healthcheck. |
+    | <a id="opt-prefix-service-requests-bytes-total" href="#opt-prefix-service-requests-bytes-total" title="#opt-prefix-service-requests-bytes-total">`{prefix}.service.requests.bytes.total`</a> | Count     | `code`, `method`, `protocol`, `service` | The total size of requests in bytes received by a service.  |
+    | <a id="opt-prefix-service-responses-bytes-total" href="#opt-prefix-service-responses-bytes-total" title="#opt-prefix-service-responses-bytes-total">`{prefix}.service.responses.bytes.total`</a> | Count     | `code`, `method`, `protocol`, `service` | The total size of responses in bytes returned by a service. |

 !!! note "\{prefix\} Default Value"
        By default, \{prefix\} value is `traefik`.
@@ -583,18 +599,18 @@ Here is a comprehensive list of labels that are provided by the metrics:

 | Label         | Description      | example      |
 |---------------|-------------------|----------------------------|
-| `cn`          | Certificate Common Name     | "example.com"     |
-| `code`        | Request code       | "200"                      |
-| `entrypoint`  | Entrypoint that handled the request   | "example_entrypoint"       |
-| `method`      | Request Method     | "GET"    |
-| `protocol`    | Request protocol      | "http"                     |
-| `router`      | Router that handled the request       | "example_router"    |
-| `sans`        | Certificate Subject Alternative NameS | "example.com"              |
-| `serial`      | Certificate Serial Number   | "123..."                   |
-| `service`     | Service that handled the request      | "example_service@provider" |
-| `tls_cipher`  | TLS cipher used for the request       | "TLS_FALLBACK_SCSV"        |
-| `tls_version` | TLS version used for the request      | "1.0"                      |
-| `url`         | Service server url                    | "http://example.com"       |
+| <a id="opt-cn" href="#opt-cn" title="#opt-cn">`cn`</a> | Certificate Common Name     | "example.com"     |
+| <a id="opt-code" href="#opt-code" title="#opt-code">`code`</a> | Request code       | "200"                      |
+| <a id="opt-entrypoint-2" href="#opt-entrypoint-2" title="#opt-entrypoint-2">`entrypoint`</a> | Entrypoint that handled the request   | "example_entrypoint"       |
+| <a id="opt-method" href="#opt-method" title="#opt-method">`method`</a> | Request Method     | "GET"    |
+| <a id="opt-protocol-2" href="#opt-protocol-2" title="#opt-protocol-2">`protocol`</a> | Request protocol      | "http"                     |
+| <a id="opt-router" href="#opt-router" title="#opt-router">`router`</a> | Router that handled the request       | "example_router"    |
+| <a id="opt-sans" href="#opt-sans" title="#opt-sans">`sans`</a> | Certificate Subject Alternative NameS | "example.com"              |
+| <a id="opt-serial" href="#opt-serial" title="#opt-serial">`serial`</a> | Certificate Serial Number   | "123..."                   |
+| <a id="opt-service" href="#opt-service" title="#opt-service">`service`</a> | Service that handled the request      | "example_service@provider" |
+| <a id="opt-tls-cipher" href="#opt-tls-cipher" title="#opt-tls-cipher">`tls_cipher`</a> | TLS cipher used for the request       | "TLS_FALLBACK_SCSV"        |
+| <a id="opt-tls-version" href="#opt-tls-version" title="#opt-tls-version">`tls_version`</a> | TLS version used for the request      | "1.0"                      |
+| <a id="opt-url" href="#opt-url" title="#opt-url">`url`</a> | Service server url                    | "http://example.com"       |

 !!! info "`method` label value"

--- a/docs/content/reference/install-configuration/observability/tracing.md
+++ b/docs/content/reference/install-configuration/observability/tracing.md
@@ -36,27 +36,43 @@ tracing: {}

 ## Configuration Options

-| Field                                      | Description                                                                                                                                                                 | Default                            | Required |
-|:-------------------------------------------|:----------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:-----------------------------------|:---------|
-| `tracing.addInternals`                     | Enables tracing for internal resources (e.g.: `ping@internal`).                                                                                                             | false                              | No       |
-| `tracing.serviceName`                      | Defines the service name resource attribute.                                                                                                                                | "traefik"                          | No       |
-| `tracing.resourceAttributes`               | Defines additional resource attributes to be sent to the collector.                                                                                                         | []                                 | No       |
-| `tracing.sampleRate`                       | The proportion of requests to trace, specified between 0.0 and 1.0.                                                                                                         | 1.0                                | No       |
-| `tracing.capturedRequestHeaders`           | Defines the list of request headers to add as attributes.<br />It applies to client and server kind spans.                                                                  | []                                 | No       |
-| `tracing.capturedResponseHeaders`          | Defines the list of response headers to add as attributes.<br />It applies to client and server kind spans.                                                                 | []                                 | False    |
-| `tracing.safeQueryParams`                  | By default, all query parameters are redacted.<br />Defines the list of query parameters to not redact.                                                                     | []                                 | No       |
-| `tracing.otlp.http`                        | This instructs the exporter to send the tracing to the OpenTelemetry Collector using HTTP.<br /> Setting the sub-options with their default values.                         | null/false                         | No       |
-| `tracing.otlp.http.endpoint`               | URL of the OpenTelemetry Collector to send tracing to.<br /> Format="`<scheme>://<host>:<port><path>`"                                                                      | "http://localhost:4318/v1/tracing" | Yes      |
-| `tracing.otlp.http.headers`                | Additional headers sent with tracing by the exporter to the OpenTelemetry Collector.                                                                                        |                                    | No       |
-| `tracing.otlp.http.tls.ca`                 | Path to the certificate authority used for the secure connection to the OpenTelemetry Collector, it defaults to the system bundle.                                          | ""                                 | No       |
-| `tracing.otlp.http.tls.cert`               | Path to the public certificate used for the secure connection to the OpenTelemetry Collector. When using this option, setting the `key` option is required.                 | ""                                 | No       |
-| `tracing.otlp.http.tls.key`                | This instructs the exporter to send the tracing to the OpenTelemetry Collector using HTTP.<br /> Setting the sub-options with their default values.                         | ""null/false ""                    | No       |
-| `tracing.otlp.http.tls.insecureskipverify` | If `insecureSkipVerify` is `true`, the TLS connection to the OpenTelemetry Collector accepts any certificate presented by the server regardless of the hostnames it covers. | false                              | Yes      |
-| `tracing.otlp.grpc`                        | This instructs the exporter to send tracing to the OpenTelemetry Collector using gRPC.                                                                                      | false                              | No       |
-| `tracing.otlp.grpc.endpoint`               | Address of the OpenTelemetry Collector to send tracing to.<br /> Format="`<host>:<port>`"                                                                                   | "localhost:4317"                   | Yes      |
-| `tracing.otlp.grpc.headers`                | Additional headers sent with tracing by the exporter to the OpenTelemetry Collector.                                                                                        | []                                 | No       |
-| `tracing.otlp.grpc.insecure`               | Allows exporter to send tracing to the OpenTelemetry Collector without using a secured protocol.                                                                            | false                              | Yes      |
-| `tracing.otlp.grpc.tls.ca`                 | Path to the certificate authority used for the secure connection to the OpenTelemetry Collector, it defaults to the system bundle.                                          | ""                                 | No       |
-| `tracing.otlp.grpc.tls.cert`               | Path to the public certificate used for the secure connection to the OpenTelemetry Collector. When using this option, setting the `key` option is required.                 | ""                                 | No       |
-| `tracing.otlp.grpc.tls.key`                | This instructs the exporter to send the tracing to the OpenTelemetry Collector using HTTP.<br /> Setting the sub-options with their default values.                         | ""null/false ""                    | No       |
-| `tracing.otlp.grpc.tls.insecureskipverify` | If `insecureSkipVerify` is `true`, the TLS connection to the OpenTelemetry Collector accepts any certificate presented by the server regardless of the hostnames it covers. | false                              | Yes      |
+| Field                                                                                                                                                                                                          | Description                                                                                                                                                                 | Default                             | Required |
+|:---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:----------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:------------------------------------|:---------|
+| <a id="opt-tracing-addInternals" href="#opt-tracing-addInternals" title="#opt-tracing-addInternals">`tracing.addInternals`</a> | Enables tracing for internal resources (e.g.: `ping@internal`).                                                                                                             | false                               | No       |
+| <a id="opt-tracing-serviceName" href="#opt-tracing-serviceName" title="#opt-tracing-serviceName">`tracing.serviceName`</a> | Defines the service name resource attribute.                                                                                                                                | "traefik"                           | No       |
+| <a id="opt-tracing-resourceAttributes" href="#opt-tracing-resourceAttributes" title="#opt-tracing-resourceAttributes">`tracing.resourceAttributes`</a> | Defines additional resource attributes to be sent to the collector. See [resourceAttributes](#resourceattributes) for details.                                              | []                                  | No       |
+| <a id="opt-tracing-sampleRate" href="#opt-tracing-sampleRate" title="#opt-tracing-sampleRate">`tracing.sampleRate`</a> | The proportion of requests to trace, specified between 0.0 and 1.0.                                                                                                         | 1.0                                 | No       |
+| <a id="opt-tracing-capturedRequestHeaders" href="#opt-tracing-capturedRequestHeaders" title="#opt-tracing-capturedRequestHeaders">`tracing.capturedRequestHeaders`</a> | Defines the list of request headers to add as attributes.<br />It applies to client and server kind spans.                                                                  | []                                  | No       |
+| <a id="opt-tracing-capturedResponseHeaders" href="#opt-tracing-capturedResponseHeaders" title="#opt-tracing-capturedResponseHeaders">`tracing.capturedResponseHeaders`</a> | Defines the list of response headers to add as attributes.<br />It applies to client and server kind spans.                                                                 | []                                  | False    |
+| <a id="opt-tracing-safeQueryParams" href="#opt-tracing-safeQueryParams" title="#opt-tracing-safeQueryParams">`tracing.safeQueryParams`</a> | By default, all query parameters are redacted.<br />Defines the list of query parameters to not redact.                                                                     | []                                  | No       |
+| <a id="opt-tracing-otlp-http" href="#opt-tracing-otlp-http" title="#opt-tracing-otlp-http">`tracing.otlp.http`</a> | This instructs the exporter to send the tracing to the OpenTelemetry Collector using HTTP.<br /> Setting the sub-options with their default values.                         | null/false                          | No       |
+| <a id="opt-tracing-otlp-http-endpoint" href="#opt-tracing-otlp-http-endpoint" title="#opt-tracing-otlp-http-endpoint">`tracing.otlp.http.endpoint`</a> | URL of the OpenTelemetry Collector to send tracing to.<br /> Format="`<scheme>://<host>:<port><path>`"                                                                      | "https://localhost:4318/v1/tracing" | Yes      |
+| <a id="opt-tracing-otlp-http-headers" href="#opt-tracing-otlp-http-headers" title="#opt-tracing-otlp-http-headers">`tracing.otlp.http.headers`</a> | Additional headers sent with tracing by the exporter to the OpenTelemetry Collector.                                                                                        |                                     | No       |
+| <a id="opt-tracing-otlp-http-tls-ca" href="#opt-tracing-otlp-http-tls-ca" title="#opt-tracing-otlp-http-tls-ca">`tracing.otlp.http.tls.ca`</a> | Path to the certificate authority used for the secure connection to the OpenTelemetry Collector, it defaults to the system bundle.                                          | ""                                  | No       |
+| <a id="opt-tracing-otlp-http-tls-cert" href="#opt-tracing-otlp-http-tls-cert" title="#opt-tracing-otlp-http-tls-cert">`tracing.otlp.http.tls.cert`</a> | Path to the public certificate used for the secure connection to the OpenTelemetry Collector. When using this option, setting the `key` option is required.                 | ""                                  | No       |
+| <a id="opt-tracing-otlp-http-tls-key" href="#opt-tracing-otlp-http-tls-key" title="#opt-tracing-otlp-http-tls-key">`tracing.otlp.http.tls.key`</a> | This instructs the exporter to send the tracing to the OpenTelemetry Collector using HTTP.<br /> Setting the sub-options with their default values.                         | ""null/false ""                     | No       |
+| <a id="opt-tracing-otlp-http-tls-insecureskipverify" href="#opt-tracing-otlp-http-tls-insecureskipverify" title="#opt-tracing-otlp-http-tls-insecureskipverify">`tracing.otlp.http.tls.insecureskipverify`</a> | If `insecureSkipVerify` is `true`, the TLS connection to the OpenTelemetry Collector accepts any certificate presented by the server regardless of the hostnames it covers. | false                               | Yes      |
+| <a id="opt-tracing-otlp-grpc" href="#opt-tracing-otlp-grpc" title="#opt-tracing-otlp-grpc">`tracing.otlp.grpc`</a> | This instructs the exporter to send tracing to the OpenTelemetry Collector using gRPC.                                                                                      | false                               | No       |
+| <a id="opt-tracing-otlp-grpc-endpoint" href="#opt-tracing-otlp-grpc-endpoint" title="#opt-tracing-otlp-grpc-endpoint">`tracing.otlp.grpc.endpoint`</a> | Address of the OpenTelemetry Collector to send tracing to.<br /> Format="`<host>:<port>`"                                                                                   | "localhost:4317"                    | Yes      |
+| <a id="opt-tracing-otlp-grpc-headers" href="#opt-tracing-otlp-grpc-headers" title="#opt-tracing-otlp-grpc-headers">`tracing.otlp.grpc.headers`</a> | Additional headers sent with tracing by the exporter to the OpenTelemetry Collector.                                                                                        | []                                  | No       |
+| <a id="opt-tracing-otlp-grpc-insecure" href="#opt-tracing-otlp-grpc-insecure" title="#opt-tracing-otlp-grpc-insecure">`tracing.otlp.grpc.insecure`</a> | Allows exporter to send tracing to the OpenTelemetry Collector without using a secured protocol.                                                                            | false                               | Yes      |
+| <a id="opt-tracing-otlp-grpc-tls-ca" href="#opt-tracing-otlp-grpc-tls-ca" title="#opt-tracing-otlp-grpc-tls-ca">`tracing.otlp.grpc.tls.ca`</a> | Path to the certificate authority used for the secure connection to the OpenTelemetry Collector, it defaults to the system bundle.                                          | ""                                  | No       |
+| <a id="opt-tracing-otlp-grpc-tls-cert" href="#opt-tracing-otlp-grpc-tls-cert" title="#opt-tracing-otlp-grpc-tls-cert">`tracing.otlp.grpc.tls.cert`</a> | Path to the public certificate used for the secure connection to the OpenTelemetry Collector. When using this option, setting the `key` option is required.                 | ""                                  | No       |
+| <a id="opt-tracing-otlp-grpc-tls-key" href="#opt-tracing-otlp-grpc-tls-key" title="#opt-tracing-otlp-grpc-tls-key">`tracing.otlp.grpc.tls.key`</a> | This instructs the exporter to send the tracing to the OpenTelemetry Collector using HTTP.<br /> Setting the sub-options with their default values.                         | ""null/false ""                     | No       |
+| <a id="opt-tracing-otlp-grpc-tls-insecureskipverify" href="#opt-tracing-otlp-grpc-tls-insecureskipverify" title="#opt-tracing-otlp-grpc-tls-insecureskipverify">`tracing.otlp.grpc.tls.insecureskipverify`</a> | If `insecureSkipVerify` is `true`, the TLS connection to the OpenTelemetry Collector accepts any certificate presented by the server regardless of the hostnames it covers. | false                               | Yes      |
+
+## resourceAttributes
+
+The `resourceAttributes` option allows setting the resource attributes sent along the traces.
+Traefik also supports the `OTEL_RESOURCE_ATTRIBUTES` env variable to set up the resource attributes.
+
+!!! info "Kubernetes Resource Attributes Detection"
+
+    Additionally, Traefik automatically discovers the following [Kubernetes resource attributes](https://opentelemetry.io/docs/specs/semconv/non-normative/k8s-attributes/) when running in a Kubernetes cluster:
+    
+    - `k8s.namespace.name`
+    - `k8s.pod.uid`
+    - `k8s.pod.name`
+    
+    Note that this automatic detection can fail, like if the Traefik pod is running in host network mode.
+    In this case, you should provide the attributes with the option or the env variable.
--- a/docs/content/reference/install-configuration/providers/docker.md
+++ b/docs/content/reference/install-configuration/providers/docker.md
@@ -40,22 +40,22 @@ services:

 | Field | Description                                               | Default              | Required |
 |:------|:----------------------------------------------------------|:---------------------|:---------|
-| `providers.providersThrottleDuration` | Minimum amount of time to wait for, after a configuration reload, before taking into account any new configuration refresh event.<br />If multiple events occur within this time, only the most recent one is taken into account, and all others are discarded.<br />**This option cannot be set per provider, but the throttling algorithm applies to each of them independently.** | 2s  | No |
-| `providers.docker.endpoint` | Specifies the Docker API endpoint. See [here](#endpoint) for more information|  "unix:///var/run/docker.sock"     | Yes   |
-| `providers.docker.username` | Defines the username for Basic HTTP authentication. This should be used when the Docker daemon socket is exposed through an HTTP proxy that requires Basic HTTP authentication.|  ""    | No   |
-| `providers.docker.password` | Defines the password for Basic HTTP authentication. This should be used when the Docker daemon socket is exposed through an HTTP proxy that requires Basic HTTP authentication.|  ""    | No   |
-| `providers.docker.useBindPortIP` | Instructs Traefik to use the IP/Port attached to the container's binding instead of its inner network IP/Port. See [here](#usebindportip) for more information |  false   | No   |
-| `providers.docker.exposedByDefault` | Expose containers by default through Traefik. See [here](./overview.md#restrict-the-scope-of-service-discovery) for additional information |  true    | No   |
-| `providers.docker.network` | Defines a default docker network to use for connections to all containers. This option can be overridden on a per-container basis with the `traefik.docker.network` label.|  ""    | No   |
-| `providers.docker.defaultRule` | Defines what routing rule to apply to a container if no rule is defined by a label. See [here](#defaultrule) for more information. |  ```"Host(`{{ normalize .Name }}`)"```  | No   |
-| `providers.docker.httpClientTimeout` | Defines the client timeout (in seconds) for HTTP connections. If its value is 0, no timeout is set. |  0   | No   |
-| `providers.docker.watch` | Instructs Traefik to watch Docker events or not. |  True   | No   |
-| `providers.docker.constraints` | Defines an expression that Traefik matches against the container labels to determine whether to create any route for that container. See [here](#constraints) for more information.  |  ""   | No   |
-| `providers.docker.allowEmptyServices` |  Instructs the provider to create any [servers load balancer](../../../routing/services/index.md#servers-load-balancer) defined for Docker containers regardless of the [healthiness](https://docs.docker.com/engine/reference/builder/#healthcheck) of the corresponding containers. |  false   | No   |
-| `providers.docker.tls.ca` | Defines the path to the certificate authority used for the secure connection to Docker, it defaults to the system bundle.  |  ""   | No   |
-| `providers.docker.tls.cert` | Defines the path to the public certificate used for the secure connection to Docker. When using this option, setting the `key` option is required. |   ""  | Yes   |
-| `providers.docker.tls.key` | Defines the path to the private key used for the secure connection to Docker. When using this option, setting the `cert` option is required. |  ""   | Yes   |
-| `providers.docker.tls.insecureSkipVerify` | Instructs the provider to accept any certificate presented by the Docker server when establishing a TLS connection, regardless of the hostnames the certificate covers. | false   | No   |
+| <a id="opt-providers-providersThrottleDuration" href="#opt-providers-providersThrottleDuration" title="#opt-providers-providersThrottleDuration">`providers.providersThrottleDuration`</a> | Minimum amount of time to wait for, after a configuration reload, before taking into account any new configuration refresh event.<br />If multiple events occur within this time, only the most recent one is taken into account, and all others are discarded.<br />**This option cannot be set per provider, but the throttling algorithm applies to each of them independently.** | 2s  | No |
+| <a id="opt-providers-docker-endpoint" href="#opt-providers-docker-endpoint" title="#opt-providers-docker-endpoint">`providers.docker.endpoint`</a> | Specifies the Docker API endpoint. See [here](#endpoint) for more information|  "unix:///var/run/docker.sock"     | Yes   |
+| <a id="opt-providers-docker-username" href="#opt-providers-docker-username" title="#opt-providers-docker-username">`providers.docker.username`</a> | Defines the username for Basic HTTP authentication. This should be used when the Docker daemon socket is exposed through an HTTP proxy that requires Basic HTTP authentication.|  ""    | No   |
+| <a id="opt-providers-docker-password" href="#opt-providers-docker-password" title="#opt-providers-docker-password">`providers.docker.password`</a> | Defines the password for Basic HTTP authentication. This should be used when the Docker daemon socket is exposed through an HTTP proxy that requires Basic HTTP authentication.|  ""    | No   |
+| <a id="opt-providers-docker-useBindPortIP" href="#opt-providers-docker-useBindPortIP" title="#opt-providers-docker-useBindPortIP">`providers.docker.useBindPortIP`</a> | Instructs Traefik to use the IP/Port attached to the container's binding instead of its inner network IP/Port. See [here](#usebindportip) for more information |  false   | No   |
+| <a id="opt-providers-docker-exposedByDefault" href="#opt-providers-docker-exposedByDefault" title="#opt-providers-docker-exposedByDefault">`providers.docker.exposedByDefault`</a> | Expose containers by default through Traefik. See [here](./overview.md#exposedbydefault-and-traefikenable) for additional information |  true    | No   |
+| <a id="opt-providers-docker-network" href="#opt-providers-docker-network" title="#opt-providers-docker-network">`providers.docker.network`</a> | Defines a default docker network to use for connections to all containers. This option can be overridden on a per-container basis with the `traefik.docker.network` label.|  ""    | No   |
+| <a id="opt-providers-docker-defaultRule" href="#opt-providers-docker-defaultRule" title="#opt-providers-docker-defaultRule">`providers.docker.defaultRule`</a> | Defines what routing rule to apply to a container if no rule is defined by a label. See [here](#defaultrule) for more information. |  ```"Host(`{{ normalize .Name }}`)"```  | No   |
+| <a id="opt-providers-docker-httpClientTimeout" href="#opt-providers-docker-httpClientTimeout" title="#opt-providers-docker-httpClientTimeout">`providers.docker.httpClientTimeout`</a> | Defines the client timeout (in seconds) for HTTP connections. If its value is 0, no timeout is set. |  0   | No   |
+| <a id="opt-providers-docker-watch" href="#opt-providers-docker-watch" title="#opt-providers-docker-watch">`providers.docker.watch`</a> | Instructs Traefik to watch Docker events or not. |  True   | No   |
+| <a id="opt-providers-docker-constraints" href="#opt-providers-docker-constraints" title="#opt-providers-docker-constraints">`providers.docker.constraints`</a> | Defines an expression that Traefik matches against the container labels to determine whether to create any route for that container. See [here](#constraints) for more information.  |  ""   | No   |
+| <a id="opt-providers-docker-allowEmptyServices" href="#opt-providers-docker-allowEmptyServices" title="#opt-providers-docker-allowEmptyServices">`providers.docker.allowEmptyServices`</a> |  Instructs the provider to create any [servers load balancer](../../../routing/services/index.md#servers-load-balancer) defined for Docker containers regardless of the [healthiness](https://docs.docker.com/engine/reference/builder/#healthcheck) of the corresponding containers. |  false   | No   |
+| <a id="opt-providers-docker-tls-ca" href="#opt-providers-docker-tls-ca" title="#opt-providers-docker-tls-ca">`providers.docker.tls.ca`</a> | Defines the path to the certificate authority used for the secure connection to Docker, it defaults to the system bundle.  |  ""   | No   |
+| <a id="opt-providers-docker-tls-cert" href="#opt-providers-docker-tls-cert" title="#opt-providers-docker-tls-cert">`providers.docker.tls.cert`</a> | Defines the path to the public certificate used for the secure connection to Docker. When using this option, setting the `key` option is required. |   ""  | Yes   |
+| <a id="opt-providers-docker-tls-key" href="#opt-providers-docker-tls-key" title="#opt-providers-docker-tls-key">`providers.docker.tls.key`</a> | Defines the path to the private key used for the secure connection to Docker. When using this option, setting the `cert` option is required. |  ""   | Yes   |
+| <a id="opt-providers-docker-tls-insecureSkipVerify" href="#opt-providers-docker-tls-insecureSkipVerify" title="#opt-providers-docker-tls-insecureSkipVerify">`providers.docker.tls.insecureSkipVerify`</a> | Instructs the provider to accept any certificate presented by the Docker server when establishing a TLS connection, regardless of the hostnames the certificate covers. | false   | No   |

 ### `endpoint`

@@ -192,13 +192,13 @@ but still uses the `traefik.http.services.<name>.loadbalancer.server.port` that

    | port label         | Container's binding                                | Routes to      |
    |--------------------|----------------------------------------------------|----------------|
-    |          -         |           -                                        | IntIP:IntPort  |
-    |          -         | ExtPort:IntPort                                    | IntIP:IntPort  |
-    |          -         | ExtIp:ExtPort:IntPort                              | ExtIp:ExtPort  |
-    | LblPort            |           -                                        | IntIp:LblPort  |
-    | LblPort            | ExtIp:ExtPort:LblPort                              | ExtIp:ExtPort  |
-    | LblPort            | ExtIp:ExtPort:OtherPort                            | IntIp:LblPort  |
-    | LblPort            | ExtIp1:ExtPort1:IntPort1 & ExtIp2:LblPort:IntPort2 | ExtIp2:LblPort |
+    | <a id="opt-row" href="#opt-row" title="#opt-row">-</a> |           -                                        | IntIP:IntPort  |
+    | <a id="opt-row-2" href="#opt-row-2" title="#opt-row-2">-</a> | ExtPort:IntPort                                    | IntIP:IntPort  |
+    | <a id="opt-row-3" href="#opt-row-3" title="#opt-row-3">-</a> | ExtIp:ExtPort:IntPort                              | ExtIp:ExtPort  |
+    | <a id="opt-LblPort" href="#opt-LblPort" title="#opt-LblPort">LblPort</a> |           -                                        | IntIp:LblPort  |
+    | <a id="opt-LblPort-2" href="#opt-LblPort-2" title="#opt-LblPort-2">LblPort</a> | ExtIp:ExtPort:LblPort                              | ExtIp:ExtPort  |
+    | <a id="opt-LblPort-3" href="#opt-LblPort-3" title="#opt-LblPort-3">LblPort</a> | ExtIp:ExtPort:OtherPort                            | IntIp:LblPort  |
+    | <a id="opt-LblPort-4" href="#opt-LblPort-4" title="#opt-LblPort-4">LblPort</a> | ExtIp1:ExtPort1:IntPort1 & ExtIp2:LblPort:IntPort2 | ExtIp2:LblPort |

    !!! info ""
        In the above table:
@@ -306,7 +306,7 @@ as well as the usual boolean logic, as shown in examples below.
    constraints = "LabelRegex(`a.label.name`, `a.+`)"
    ```

-For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#restrict-the-scope-of-service-discovery).
+For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#exposedbydefault-and-traefikenable).

 ```yaml tab="File (YAML)"
 providers:
--- a/docs/content/reference/install-configuration/providers/hashicorp/consul-catalog.md
+++ b/docs/content/reference/install-configuration/providers/hashicorp/consul-catalog.md
@@ -32,34 +32,34 @@ Attaching tags to services:

 | Field | Description                                               | Default              | Required |
 |:------|:----------------------------------------------------------|:---------------------|:---------|
-| `providers.providersThrottleDuration` | Minimum amount of time to wait for, after a configuration reload, before taking into account any new configuration refresh event.<br />If multiple events occur within this time, only the most recent one is taken into account, and all others are discarded.<br />**This option cannot be set per provider, but the throttling algorithm applies to each of them independently.** | 2s  | No |
-| `providers.consulCatalog.refreshInterval` | Defines the polling interval.|  15s    | No   |
-| `providers.consulCatalog.prefix` | Defines the prefix for Consul Catalog tags defining Traefik labels.|  traefik    | yes   |
-| `providers.consulCatalog.requireConsistent` | Forces the read to be fully consistent. See [here](#requireconsistent) for more information.|  false    | yes   |
-| `providers.consulCatalog.exposedByDefault` | Expose Consul Catalog services by default in Traefik. If set to `false`, services that do not have a `traefik.enable=true` tag will be ignored from the resulting routing configuration. See [here](../overview.md#restrict-the-scope-of-service-discovery). | true | no |
-| `providers.consulCatalog.defaultRule` | The Default Host rule for all services. See [here](#defaultrule) for more information. |   ```"Host(`{{ normalize .Name }}`)"```   | No   |
-| `providers.consulCatalog.connectAware` | Enable Consul Connect support. If set to `true`, Traefik will be enabled to communicate with Connect services.   | false   | No |
-| `providers.consulCatalog.connectByDefault` | Consider every service as Connect capable by default. If set to true, Traefik will consider every Consul Catalog service to be Connect capable by default. The option can be overridden on an instance basis with the traefik.consulcatalog.connect tag. | false   | No |
-| `providers.consulCatalog.serviceName` | Defines the name of the Traefik service in Consul Catalog. | "traefik"   | No |
-| `providers.consulCatalog.constraints` | Defines an expression that Traefik matches against the container labels to determine whether to create any route for that container. See [here](#constraints) for more information. | ""   | No |
-| `providers.consulCatalog.namespaces` | Defines the namespaces to query. See [here](#namespaces) for more information. |  ""     | no   |
-| `providers.consulCatalog.stale` | Instruct Traefik to use stale consistency for catalog reads. |  false    | no   |
-| `providers.consulCatalog.cache` | Instruct Traefik to use local agent caching for catalog reads. |  false    | no   |
-| `providers.consulCatalog.endpoint` | Defines the Consul server endpoint. |  -    | yes   |
-| `providers.consulCatalog.endpoint.address` | Defines the address of the Consul server. |  127.0.0.1:8500    | no   |
-| `providers.consulCatalog.endpoint.scheme` | Defines the URI scheme for the Consul server. |  ""   | no   |
-| `providers.consulCatalog.endpoint.datacenter` | Defines the datacenter to use. If not provided in Traefik, Consul uses the default agent datacenter. |  ""   | no   |
-| `providers.consulCatalog.endpoint.token` |  Defines a per-request ACL token which overwrites the agent's default token. |  ""    | no   |
-| `providers.consulCatalog.endpoint.endpointWaitTime` |  Defines a duration for which a `watch` can block. If not provided, the agent default values will be used. |  ""    | no   |
-| `providers.consulCatalog.endpoint.httpAuth` | Defines authentication settings for the HTTP client using HTTP Basic Authentication. |  N/A    | no   |
-| `providers.consulCatalog.endpoint.httpAuth.username` | Defines the username to use for HTTP Basic Authentication. |  ""    | no   |
-| `providers.consulCatalog.endpoint.httpAuth.password` | Defines the password to use for HTTP Basic Authentication. |  ""    | no   |
-| `providers.consulCatalog.strictChecks` | Define which [Consul Service health checks](https://developer.hashicorp.com/consul/docs/services/usage/checks#define-initial-health-check-status) are allowed to take on traffic. |  "passing,warning"    | no   |
-| `providers.consulCatalog.tls.ca` | Defines the path to the certificate authority used for the secure connection to Consul Calatog, it defaults to the system bundle.  |  ""   | No   |
-| `providers.consulCatalog.tls.cert` | Defines the path to the public certificate used for the secure connection to Consul Calatog. When using this option, setting the `key` option is required. | "" | Yes   |
-| `providers.consulCatalog.tls.key` | Defines the path to the private key used for the secure connection to Consul Catalog. When using this option, setting the `cert` option is required. | ""   | Yes   |
-| `providers.consulCatalog.tls.insecureSkipVerify` | Instructs the provider to accept any certificate presented by Consul Catalog when establishing a TLS connection, regardless of the hostnames the certificate covers. | false   | No   |
-| `providers.consulCatalog.watch` | When set to `true`, watches for Consul changes ([Consul watches checks](https://www.consul.io/docs/dynamic-app-config/watches#checks)). | false   | No   |
+| <a id="opt-providers-providersThrottleDuration" href="#opt-providers-providersThrottleDuration" title="#opt-providers-providersThrottleDuration">`providers.providersThrottleDuration`</a> | Minimum amount of time to wait for, after a configuration reload, before taking into account any new configuration refresh event.<br />If multiple events occur within this time, only the most recent one is taken into account, and all others are discarded.<br />**This option cannot be set per provider, but the throttling algorithm applies to each of them independently.** | 2s  | No |
+| <a id="opt-providers-consulCatalog-refreshInterval" href="#opt-providers-consulCatalog-refreshInterval" title="#opt-providers-consulCatalog-refreshInterval">`providers.consulCatalog.refreshInterval`</a> | Defines the polling interval.|  15s    | No   |
+| <a id="opt-providers-consulCatalog-prefix" href="#opt-providers-consulCatalog-prefix" title="#opt-providers-consulCatalog-prefix">`providers.consulCatalog.prefix`</a> | Defines the prefix for Consul Catalog tags defining Traefik labels.|  traefik    | yes   |
+| <a id="opt-providers-consulCatalog-requireConsistent" href="#opt-providers-consulCatalog-requireConsistent" title="#opt-providers-consulCatalog-requireConsistent">`providers.consulCatalog.requireConsistent`</a> | Forces the read to be fully consistent. See [here](#requireconsistent) for more information.|  false    | yes   |
+| <a id="opt-providers-consulCatalog-exposedByDefault" href="#opt-providers-consulCatalog-exposedByDefault" title="#opt-providers-consulCatalog-exposedByDefault">`providers.consulCatalog.exposedByDefault`</a> | Expose Consul Catalog services by default in Traefik. If set to `false`, services that do not have a `traefik.enable=true` tag will be ignored from the resulting routing configuration. See [here](../overview.md#exposedbydefault-and-traefikenable). | true | no |
+| <a id="opt-providers-consulCatalog-defaultRule" href="#opt-providers-consulCatalog-defaultRule" title="#opt-providers-consulCatalog-defaultRule">`providers.consulCatalog.defaultRule`</a> | The Default Host rule for all services. See [here](#defaultrule) for more information. |   ```"Host(`{{ normalize .Name }}`)"```   | No   |
+| <a id="opt-providers-consulCatalog-connectAware" href="#opt-providers-consulCatalog-connectAware" title="#opt-providers-consulCatalog-connectAware">`providers.consulCatalog.connectAware`</a> | Enable Consul Connect support. If set to `true`, Traefik will be enabled to communicate with Connect services.   | false   | No |
+| <a id="opt-providers-consulCatalog-connectByDefault" href="#opt-providers-consulCatalog-connectByDefault" title="#opt-providers-consulCatalog-connectByDefault">`providers.consulCatalog.connectByDefault`</a> | Consider every service as Connect capable by default. If set to true, Traefik will consider every Consul Catalog service to be Connect capable by default. The option can be overridden on an instance basis with the traefik.consulcatalog.connect tag. | false   | No |
+| <a id="opt-providers-consulCatalog-serviceName" href="#opt-providers-consulCatalog-serviceName" title="#opt-providers-consulCatalog-serviceName">`providers.consulCatalog.serviceName`</a> | Defines the name of the Traefik service in Consul Catalog. | "traefik"   | No |
+| <a id="opt-providers-consulCatalog-constraints" href="#opt-providers-consulCatalog-constraints" title="#opt-providers-consulCatalog-constraints">`providers.consulCatalog.constraints`</a> | Defines an expression that Traefik matches against the container labels to determine whether to create any route for that container. See [here](#constraints) for more information. | ""   | No |
+| <a id="opt-providers-consulCatalog-namespaces" href="#opt-providers-consulCatalog-namespaces" title="#opt-providers-consulCatalog-namespaces">`providers.consulCatalog.namespaces`</a> | Defines the namespaces to query. See [here](#namespaces) for more information. |  ""     | no   |
+| <a id="opt-providers-consulCatalog-stale" href="#opt-providers-consulCatalog-stale" title="#opt-providers-consulCatalog-stale">`providers.consulCatalog.stale`</a> | Instruct Traefik to use stale consistency for catalog reads. |  false    | no   |
+| <a id="opt-providers-consulCatalog-cache" href="#opt-providers-consulCatalog-cache" title="#opt-providers-consulCatalog-cache">`providers.consulCatalog.cache`</a> | Instruct Traefik to use local agent caching for catalog reads. |  false    | no   |
+| <a id="opt-providers-consulCatalog-endpoint" href="#opt-providers-consulCatalog-endpoint" title="#opt-providers-consulCatalog-endpoint">`providers.consulCatalog.endpoint`</a> | Defines the Consul server endpoint. |  -    | yes   |
+| <a id="opt-providers-consulCatalog-endpoint-address" href="#opt-providers-consulCatalog-endpoint-address" title="#opt-providers-consulCatalog-endpoint-address">`providers.consulCatalog.endpoint.address`</a> | Defines the address of the Consul server. |  127.0.0.1:8500    | no   |
+| <a id="opt-providers-consulCatalog-endpoint-scheme" href="#opt-providers-consulCatalog-endpoint-scheme" title="#opt-providers-consulCatalog-endpoint-scheme">`providers.consulCatalog.endpoint.scheme`</a> | Defines the URI scheme for the Consul server. |  ""   | no   |
+| <a id="opt-providers-consulCatalog-endpoint-datacenter" href="#opt-providers-consulCatalog-endpoint-datacenter" title="#opt-providers-consulCatalog-endpoint-datacenter">`providers.consulCatalog.endpoint.datacenter`</a> | Defines the datacenter to use. If not provided in Traefik, Consul uses the default agent datacenter. |  ""   | no   |
+| <a id="opt-providers-consulCatalog-endpoint-token" href="#opt-providers-consulCatalog-endpoint-token" title="#opt-providers-consulCatalog-endpoint-token">`providers.consulCatalog.endpoint.token`</a> |  Defines a per-request ACL token which overwrites the agent's default token. |  ""    | no   |
+| <a id="opt-providers-consulCatalog-endpoint-endpointWaitTime" href="#opt-providers-consulCatalog-endpoint-endpointWaitTime" title="#opt-providers-consulCatalog-endpoint-endpointWaitTime">`providers.consulCatalog.endpoint.endpointWaitTime`</a> |  Defines a duration for which a `watch` can block. If not provided, the agent default values will be used. |  ""    | no   |
+| <a id="opt-providers-consulCatalog-endpoint-httpAuth" href="#opt-providers-consulCatalog-endpoint-httpAuth" title="#opt-providers-consulCatalog-endpoint-httpAuth">`providers.consulCatalog.endpoint.httpAuth`</a> | Defines authentication settings for the HTTP client using HTTP Basic Authentication. |  N/A    | no   |
+| <a id="opt-providers-consulCatalog-endpoint-httpAuth-username" href="#opt-providers-consulCatalog-endpoint-httpAuth-username" title="#opt-providers-consulCatalog-endpoint-httpAuth-username">`providers.consulCatalog.endpoint.httpAuth.username`</a> | Defines the username to use for HTTP Basic Authentication. |  ""    | no   |
+| <a id="opt-providers-consulCatalog-endpoint-httpAuth-password" href="#opt-providers-consulCatalog-endpoint-httpAuth-password" title="#opt-providers-consulCatalog-endpoint-httpAuth-password">`providers.consulCatalog.endpoint.httpAuth.password`</a> | Defines the password to use for HTTP Basic Authentication. |  ""    | no   |
+| <a id="opt-providers-consulCatalog-strictChecks" href="#opt-providers-consulCatalog-strictChecks" title="#opt-providers-consulCatalog-strictChecks">`providers.consulCatalog.strictChecks`</a> | Define which [Consul Service health checks](https://developer.hashicorp.com/consul/docs/services/usage/checks#define-initial-health-check-status) are allowed to take on traffic. |  "passing,warning"    | no   |
+| <a id="opt-providers-consulCatalog-tls-ca" href="#opt-providers-consulCatalog-tls-ca" title="#opt-providers-consulCatalog-tls-ca">`providers.consulCatalog.tls.ca`</a> | Defines the path to the certificate authority used for the secure connection to Consul Calatog, it defaults to the system bundle.  |  ""   | No   |
+| <a id="opt-providers-consulCatalog-tls-cert" href="#opt-providers-consulCatalog-tls-cert" title="#opt-providers-consulCatalog-tls-cert">`providers.consulCatalog.tls.cert`</a> | Defines the path to the public certificate used for the secure connection to Consul Calatog. When using this option, setting the `key` option is required. | "" | Yes   |
+| <a id="opt-providers-consulCatalog-tls-key" href="#opt-providers-consulCatalog-tls-key" title="#opt-providers-consulCatalog-tls-key">`providers.consulCatalog.tls.key`</a> | Defines the path to the private key used for the secure connection to Consul Catalog. When using this option, setting the `cert` option is required. | ""   | Yes   |
+| <a id="opt-providers-consulCatalog-tls-insecureSkipVerify" href="#opt-providers-consulCatalog-tls-insecureSkipVerify" title="#opt-providers-consulCatalog-tls-insecureSkipVerify">`providers.consulCatalog.tls.insecureSkipVerify`</a> | Instructs the provider to accept any certificate presented by Consul Catalog when establishing a TLS connection, regardless of the hostnames the certificate covers. | false   | No   |
+| <a id="opt-providers-consulCatalog-watch" href="#opt-providers-consulCatalog-watch" title="#opt-providers-consulCatalog-watch">`providers.consulCatalog.watch`</a> | When set to `true`, watches for Consul changes ([Consul watches checks](https://www.consul.io/docs/dynamic-app-config/watches#checks)). | false   | No   |

 ### `requireConsistent`

@@ -166,7 +166,7 @@ providers:
 # ...
 ```

-For additional information, refer to [Restrict the Scope of Service Discovery](../overview.md#restrict-the-scope-of-service-discovery).
+For additional information, refer to [Restrict the Scope of Service Discovery](../overview.md#exposedbydefault-and-traefikenable).

 ### `namespaces`

--- a/docs/content/reference/install-configuration/providers/hashicorp/consul.md
+++ b/docs/content/reference/install-configuration/providers/hashicorp/consul.md
@@ -26,18 +26,18 @@ providers:

 | Field | Description                                               | Default              | Required |
 |:------|:----------------------------------------------------------|:---------------------|:---------|
-| `providers.providersThrottleDuration` | Minimum amount of time to wait for, after a configuration reload, before taking into account any new configuration refresh event.<br />If multiple events occur within this time, only the most recent one is taken into account, and all others are discarded.<br />**This option cannot be set per provider, but the throttling algorithm applies to each of them independently.** | 2s  | No |
-| `providers.consul.endpoints` | Defines the endpoint to access Consul. |  "127.0.0.1:8500"     | yes   |
-| `providers.consul.rootKey` | Defines the root key of the configuration. |  "traefik"     | yes   |
-| `providers.consul.namespaces` | Defines the namespaces to query. See [here](#namespaces) for more information |  ""     | no   |
-| `providers.consul.username` | Defines a username to connect to Consul with. |  ""     | no   |
-| `providers.consul.password` | Defines a password with which to connect to Consul. |  ""     | no   |
-| `providers.consul.token` | Defines a token with which to connect to Consul. |  ""     | no   |
-| `providers.consul.tls` | Defines the TLS configuration used for the secure connection to Consul  |  -   | No   |
-| `providers.consul.tls.ca` | Defines the path to the certificate authority used for the secure connection to Consul, it defaults to the system bundle.  |  -   | Yes   |
-| `providers.consul.tls.cert` | Defines the path to the public certificate used for the secure connection to Consul. When using this option, setting the `key` option is required. |  -  | Yes   |
-| `providers.consul.tls.key` | Defines the path to the private key used for the secure connection to Consul. When using this option, setting the `cert` option is required. |  -   | Yes   |
-| `providers.consul.tls.insecureSkipVerify` | Instructs the provider to accept any certificate presented by Consul when establishing a TLS connection, regardless of the hostnames the certificate covers. | false   | No   |
+| <a id="opt-providers-providersThrottleDuration" href="#opt-providers-providersThrottleDuration" title="#opt-providers-providersThrottleDuration">`providers.providersThrottleDuration`</a> | Minimum amount of time to wait for, after a configuration reload, before taking into account any new configuration refresh event.<br />If multiple events occur within this time, only the most recent one is taken into account, and all others are discarded.<br />**This option cannot be set per provider, but the throttling algorithm applies to each of them independently.** | 2s  | No |
+| <a id="opt-providers-consul-endpoints" href="#opt-providers-consul-endpoints" title="#opt-providers-consul-endpoints">`providers.consul.endpoints`</a> | Defines the endpoint to access Consul. |  "127.0.0.1:8500"     | yes   |
+| <a id="opt-providers-consul-rootKey" href="#opt-providers-consul-rootKey" title="#opt-providers-consul-rootKey">`providers.consul.rootKey`</a> | Defines the root key of the configuration. |  "traefik"     | yes   |
+| <a id="opt-providers-consul-namespaces" href="#opt-providers-consul-namespaces" title="#opt-providers-consul-namespaces">`providers.consul.namespaces`</a> | Defines the namespaces to query. See [here](#namespaces) for more information |  ""     | no   |
+| <a id="opt-providers-consul-username" href="#opt-providers-consul-username" title="#opt-providers-consul-username">`providers.consul.username`</a> | Defines a username to connect to Consul with. |  ""     | no   |
+| <a id="opt-providers-consul-password" href="#opt-providers-consul-password" title="#opt-providers-consul-password">`providers.consul.password`</a> | Defines a password with which to connect to Consul. |  ""     | no   |
+| <a id="opt-providers-consul-token" href="#opt-providers-consul-token" title="#opt-providers-consul-token">`providers.consul.token`</a> | Defines a token with which to connect to Consul. |  ""     | no   |
+| <a id="opt-providers-consul-tls" href="#opt-providers-consul-tls" title="#opt-providers-consul-tls">`providers.consul.tls`</a> | Defines the TLS configuration used for the secure connection to Consul  |  -   | No   |
+| <a id="opt-providers-consul-tls-ca" href="#opt-providers-consul-tls-ca" title="#opt-providers-consul-tls-ca">`providers.consul.tls.ca`</a> | Defines the path to the certificate authority used for the secure connection to Consul, it defaults to the system bundle.  |  -   | Yes   |
+| <a id="opt-providers-consul-tls-cert" href="#opt-providers-consul-tls-cert" title="#opt-providers-consul-tls-cert">`providers.consul.tls.cert`</a> | Defines the path to the public certificate used for the secure connection to Consul. When using this option, setting the `key` option is required. |  -  | Yes   |
+| <a id="opt-providers-consul-tls-key" href="#opt-providers-consul-tls-key" title="#opt-providers-consul-tls-key">`providers.consul.tls.key`</a> | Defines the path to the private key used for the secure connection to Consul. When using this option, setting the `cert` option is required. |  -   | Yes   |
+| <a id="opt-providers-consul-tls-insecureSkipVerify" href="#opt-providers-consul-tls-insecureSkipVerify" title="#opt-providers-consul-tls-insecureSkipVerify">`providers.consul.tls.insecureSkipVerify`</a> | Instructs the provider to accept any certificate presented by Consul when establishing a TLS connection, regardless of the hostnames the certificate covers. | false   | No   |

 ### `namespaces`

--- a/docs/content/reference/install-configuration/providers/hashicorp/nomad.md
+++ b/docs/content/reference/install-configuration/providers/hashicorp/nomad.md
@@ -39,25 +39,25 @@ service {

 | Field | Description                                               | Default              | Required |
 |:------|:----------------------------------------------------------|:---------------------|:---------|
-| `providers.providersThrottleDuration` | Minimum amount of time to wait for, after a configuration reload, before taking into account any new configuration refresh event.<br />If multiple events occur within this time, only the most recent one is taken into account, and all others are discarded.<br />**This option cannot be set per provider, but the throttling algorithm applies to each of them independently.** | 2s  | No |
-| `providers.nomad.namespaces` | Defines the namespaces in which the nomad services will be discovered.|  ""     | No   |
-| `providers.nomad.refreshInterval` | Defines the polling interval. This option is ignored when the `watch` option is enabled |  15s     | No   |
-| `providers.nomad.watch` | Enables the watch mode to refresh the configuration on a per-event basis. |  false     | No   |
-| `providers.nomad.throttleDuration` | Defines how often the provider is allowed to handle service events from Nomad. This option is only compatible when the `watch` option is enabled |  0s     | No   |
-| `providers.nomad.defaultRule` | The Default Host rule for all services. See [here](#defaultrule) for more information |   ```"Host(`{{ normalize .Name }}`)"```   | No   |
-| `providers.nomad.constraints` | Defines an expression that Traefik matches against the container labels to determine whether to create any route for that container. See [here](#constraints) for more information.  |  ""   | No   |
-| `providers.nomad.exposedByDefault` | Expose Nomad services by default in Traefik. If set to `false`, services that do not have a `traefik.enable=true` tag will be ignored from the resulting routing configuration. See [here](../overview.md#restrict-the-scope-of-service-discovery) for additional information |  true    | No   |
-| `providers.nomad.allowEmptyServices` |  Instructs the provider to create any [servers load balancer](../../../../routing/services/index.md#servers-load-balancer) defined for Docker containers regardless of the [healthiness](https://docs.docker.com/engine/reference/builder/#healthcheck) of the corresponding containers. |  false   | No   |
-| `providers.nomad.prefix` | Defines the prefix for Nomad service tags defining Traefik labels. | `traefik`     | yes   |
-| `providers.nomad.stale` | Instructs Traefik to use stale consistency for Nomad service API reads. See [here](#stale) for more information | false   | No   |
-| `providers.nomad.endpoint.address` | Defines the Address of the Nomad server. | `http://127.0.0.1:4646`  | No   |
-| `providers.nomad.endpoint.token` | Defines a per-request ACL token if Nomad ACLs are enabled. See [here](#token) for more information | ""  | No   |
-| `providers.nomad.endpoint.endpointWaitTime` | Defines a duration for which a `watch` can block. If not provided, the agent default values will be used. | ""  | No   |
-| `providers.nomad.endpoint.tls` | Defines the TLS configuration used for the secure connection to the Nomad APi.  |  -   | No   |
-| `providers.nomad.endpoint.tls.ca` | Defines the path to the certificate authority used for the secure connection to the Nomad API, it defaults to the system bundle.  |   ""  | No   |
-| `providers.nomad.endpoint.tls.cert` | Defines the path to the public certificate used for the secure connection to the Nomad API. When using this option, setting the `key` option is required. | '"  | Yes   |
-| `providers.nomad.endpoint.tls.key` | Defines the path to the private key used for the secure connection to the Nomad API. When using this option, setting the `cert` option is required. |  ""   | Yes   |
-| `providers.nomad.endpoint.tls.insecureSkipVerify` | Instructs the provider to accept any certificate presented by Nomad when establishing a TLS connection, regardless of the hostnames the certificate covers. | false   | No   |
+| <a id="opt-providers-providersThrottleDuration" href="#opt-providers-providersThrottleDuration" title="#opt-providers-providersThrottleDuration">`providers.providersThrottleDuration`</a> | Minimum amount of time to wait for, after a configuration reload, before taking into account any new configuration refresh event.<br />If multiple events occur within this time, only the most recent one is taken into account, and all others are discarded.<br />**This option cannot be set per provider, but the throttling algorithm applies to each of them independently.** | 2s  | No |
+| <a id="opt-providers-nomad-namespaces" href="#opt-providers-nomad-namespaces" title="#opt-providers-nomad-namespaces">`providers.nomad.namespaces`</a> | Defines the namespaces in which the nomad services will be discovered.|  ""     | No   |
+| <a id="opt-providers-nomad-refreshInterval" href="#opt-providers-nomad-refreshInterval" title="#opt-providers-nomad-refreshInterval">`providers.nomad.refreshInterval`</a> | Defines the polling interval. This option is ignored when the `watch` option is enabled |  15s     | No   |
+| <a id="opt-providers-nomad-watch" href="#opt-providers-nomad-watch" title="#opt-providers-nomad-watch">`providers.nomad.watch`</a> | Enables the watch mode to refresh the configuration on a per-event basis. |  false     | No   |
+| <a id="opt-providers-nomad-throttleDuration" href="#opt-providers-nomad-throttleDuration" title="#opt-providers-nomad-throttleDuration">`providers.nomad.throttleDuration`</a> | Defines how often the provider is allowed to handle service events from Nomad. This option is only compatible when the `watch` option is enabled |  0s     | No   |
+| <a id="opt-providers-nomad-defaultRule" href="#opt-providers-nomad-defaultRule" title="#opt-providers-nomad-defaultRule">`providers.nomad.defaultRule`</a> | The Default Host rule for all services. See [here](#defaultrule) for more information |   ```"Host(`{{ normalize .Name }}`)"```   | No   |
+| <a id="opt-providers-nomad-constraints" href="#opt-providers-nomad-constraints" title="#opt-providers-nomad-constraints">`providers.nomad.constraints`</a> | Defines an expression that Traefik matches against the container labels to determine whether to create any route for that container. See [here](#constraints) for more information.  |  ""   | No   |
+| <a id="opt-providers-nomad-exposedByDefault" href="#opt-providers-nomad-exposedByDefault" title="#opt-providers-nomad-exposedByDefault">`providers.nomad.exposedByDefault`</a> | Expose Nomad services by default in Traefik. If set to `false`, services that do not have a `traefik.enable=true` tag will be ignored from the resulting routing configuration. See [here](../overview.md#exposedbydefault-and-traefikenable) for additional information |  true    | No   |
+| <a id="opt-providers-nomad-allowEmptyServices" href="#opt-providers-nomad-allowEmptyServices" title="#opt-providers-nomad-allowEmptyServices">`providers.nomad.allowEmptyServices`</a> |  Instructs the provider to create any [servers load balancer](../../../../routing/services/index.md#servers-load-balancer) defined for Docker containers regardless of the [healthiness](https://docs.docker.com/engine/reference/builder/#healthcheck) of the corresponding containers. |  false   | No   |
+| <a id="opt-providers-nomad-prefix" href="#opt-providers-nomad-prefix" title="#opt-providers-nomad-prefix">`providers.nomad.prefix`</a> | Defines the prefix for Nomad service tags defining Traefik labels. | `traefik`     | yes   |
+| <a id="opt-providers-nomad-stale" href="#opt-providers-nomad-stale" title="#opt-providers-nomad-stale">`providers.nomad.stale`</a> | Instructs Traefik to use stale consistency for Nomad service API reads. See [here](#stale) for more information | false   | No   |
+| <a id="opt-providers-nomad-endpoint-address" href="#opt-providers-nomad-endpoint-address" title="#opt-providers-nomad-endpoint-address">`providers.nomad.endpoint.address`</a> | Defines the Address of the Nomad server. | `http://127.0.0.1:4646`  | No   |
+| <a id="opt-providers-nomad-endpoint-token" href="#opt-providers-nomad-endpoint-token" title="#opt-providers-nomad-endpoint-token">`providers.nomad.endpoint.token`</a> | Defines a per-request ACL token if Nomad ACLs are enabled. See [here](#token) for more information | ""  | No   |
+| <a id="opt-providers-nomad-endpoint-endpointWaitTime" href="#opt-providers-nomad-endpoint-endpointWaitTime" title="#opt-providers-nomad-endpoint-endpointWaitTime">`providers.nomad.endpoint.endpointWaitTime`</a> | Defines a duration for which a `watch` can block. If not provided, the agent default values will be used. | ""  | No   |
+| <a id="opt-providers-nomad-endpoint-tls" href="#opt-providers-nomad-endpoint-tls" title="#opt-providers-nomad-endpoint-tls">`providers.nomad.endpoint.tls`</a> | Defines the TLS configuration used for the secure connection to the Nomad APi.  |  -   | No   |
+| <a id="opt-providers-nomad-endpoint-tls-ca" href="#opt-providers-nomad-endpoint-tls-ca" title="#opt-providers-nomad-endpoint-tls-ca">`providers.nomad.endpoint.tls.ca`</a> | Defines the path to the certificate authority used for the secure connection to the Nomad API, it defaults to the system bundle.  |   ""  | No   |
+| <a id="opt-providers-nomad-endpoint-tls-cert" href="#opt-providers-nomad-endpoint-tls-cert" title="#opt-providers-nomad-endpoint-tls-cert">`providers.nomad.endpoint.tls.cert`</a> | Defines the path to the public certificate used for the secure connection to the Nomad API. When using this option, setting the `key` option is required. | '"  | Yes   |
+| <a id="opt-providers-nomad-endpoint-tls-key" href="#opt-providers-nomad-endpoint-tls-key" title="#opt-providers-nomad-endpoint-tls-key">`providers.nomad.endpoint.tls.key`</a> | Defines the path to the private key used for the secure connection to the Nomad API. When using this option, setting the `cert` option is required. |  ""   | Yes   |
+| <a id="opt-providers-nomad-endpoint-tls-insecureSkipVerify" href="#opt-providers-nomad-endpoint-tls-insecureSkipVerify" title="#opt-providers-nomad-endpoint-tls-insecureSkipVerify">`providers.nomad.endpoint.tls.insecureSkipVerify`</a> | Instructs the provider to accept any certificate presented by Nomad when establishing a TLS connection, regardless of the hostnames the certificate covers. | false   | No   |

 ### `namespaces`

@@ -245,7 +245,7 @@ providers:
 # ...
 ```

-For additional information, refer to [Restrict the Scope of Service Discovery](../overview.md#restrict-the-scope-of-service-discovery).
+For additional information, refer to [Restrict the Scope of Service Discovery](../overview.md#exposedbydefault-and-traefikenable).

 ## Routing Configuration

--- a/docs/content/reference/install-configuration/providers/kubernetes/kubernetes-crd.md
+++ b/docs/content/reference/install-configuration/providers/kubernetes/kubernetes-crd.md
@@ -54,19 +54,19 @@ providers:

 | Field | Description                                               | Default | Required |
 |:------|:----------------------------------------------------------|:--------|:---------|
-| `providers.providersThrottleDuration` | Minimum amount of time to wait for, after a configuration reload, before taking into account any new configuration refresh event.<br />If multiple events occur within this time, only the most recent one is taken into account, and all others are discarded.<br />**This option cannot be set per provider, but the throttling algorithm applies to each of them independently.** | 2s      | No |
-| `providers.kubernetesCRD.endpoint` | Server endpoint URL.<br />More information [here](#endpoint). | ""      | No |
-| `providers.kubernetesCRD.token` | Bearer token used for the Kubernetes client configuration. | ""      | No |
-| `providers.kubernetesCRD.certAuthFilePath` | Path to the certificate authority file.<br />Used for the Kubernetes client configuration. | ""      | No |
-| `providers.kubernetesCRD.namespaces` | Array of namespaces to watch.<br />If left empty, watch all namespaces. | []      | No |
-| `providers.kubernetesCRD.labelselector` | Allow filtering on specific resource objects only using label selectors.<br />Only to Traefik [Custom Resources](#list-of-resources) (they all must match the filter).<br />No effect on Kubernetes `Secrets`, `EndpointSlices` and `Services`.<br />See [label-selectors](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors) for details. | ""      | No |
-| `providers.kubernetesCRD.ingressClass` | Value of `kubernetes.io/ingress.class` annotation that identifies resource objects to be processed.<br />If empty, resources missing the annotation, having an empty value, or the value `traefik` are processed. | ""      | No |
-| `providers.kubernetesCRD.throttleDuration` | Minimum amount of time to wait between two Kubernetes events before producing a new configuration.<br />This prevents a Kubernetes cluster that updates many times per second from continuously changing your Traefik configuration.<br />If empty, every event is caught. | 0s      | No |
-| `providers.kubernetesCRD.allowEmptyServices` | Allows creating a route to reach a service that has no endpoint available.<br />It allows Traefik to handle the requests and responses targeting this service (applying middleware or observability operations) before returning a `503` HTTP Status.  | false   | No |
-| `providers.kubernetesCRD.allowCrossNamespace` | Allows the `IngressRoutes` to reference resources in namespaces other than theirs. | false   | No |
-| `providers.kubernetesCRD.allowExternalNameServices` | Allows the `IngressRoutes` to reference ExternalName services. | false   | No |
-| `providers.kubernetesCRD.nativeLBByDefault` | Allow using the Kubernetes Service load balancing between the pods instead of the one provided by Traefik for every `IngressRoute` by default.<br />It can br overridden in the [`ServerTransport`](../../../../routing/services/index.md#serverstransport). | false   | No |
-| `providers.kubernetesCRD.disableClusterScopeResources` | Prevent from discovering cluster scope resources (`IngressClass` and `Nodes`).<br />By doing so, it alleviates the requirement of giving Traefik the rights to look up for cluster resources.<br />Furthermore, Traefik will not handle IngressRoutes with IngressClass references, therefore such Ingresses will be ignored (please note that annotations are not affected by this option).<br />This will also prevent from using the `NodePortLB` options on services. | false   | No |
+| <a id="opt-providers-providersThrottleDuration" href="#opt-providers-providersThrottleDuration" title="#opt-providers-providersThrottleDuration">`providers.providersThrottleDuration`</a> | Minimum amount of time to wait for, after a configuration reload, before taking into account any new configuration refresh event.<br />If multiple events occur within this time, only the most recent one is taken into account, and all others are discarded.<br />**This option cannot be set per provider, but the throttling algorithm applies to each of them independently.** | 2s      | No |
+| <a id="opt-providers-kubernetesCRD-endpoint" href="#opt-providers-kubernetesCRD-endpoint" title="#opt-providers-kubernetesCRD-endpoint">`providers.kubernetesCRD.endpoint`</a> | Server endpoint URL.<br />More information [here](#endpoint). | ""      | No |
+| <a id="opt-providers-kubernetesCRD-token" href="#opt-providers-kubernetesCRD-token" title="#opt-providers-kubernetesCRD-token">`providers.kubernetesCRD.token`</a> | Bearer token used for the Kubernetes client configuration. | ""      | No |
+| <a id="opt-providers-kubernetesCRD-certAuthFilePath" href="#opt-providers-kubernetesCRD-certAuthFilePath" title="#opt-providers-kubernetesCRD-certAuthFilePath">`providers.kubernetesCRD.certAuthFilePath`</a> | Path to the certificate authority file.<br />Used for the Kubernetes client configuration. | ""      | No |
+| <a id="opt-providers-kubernetesCRD-namespaces" href="#opt-providers-kubernetesCRD-namespaces" title="#opt-providers-kubernetesCRD-namespaces">`providers.kubernetesCRD.namespaces`</a> | Array of namespaces to watch.<br />If left empty, watch all namespaces. | []      | No |
+| <a id="opt-providers-kubernetesCRD-labelselector" href="#opt-providers-kubernetesCRD-labelselector" title="#opt-providers-kubernetesCRD-labelselector">`providers.kubernetesCRD.labelselector`</a> | Allow filtering on specific resource objects only using label selectors.<br />Only to Traefik [Custom Resources](#list-of-resources) (they all must match the filter).<br />No effect on Kubernetes `Secrets`, `EndpointSlices` and `Services`.<br />See [label-selectors](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors) for details. | ""      | No |
+| <a id="opt-providers-kubernetesCRD-ingressClass" href="#opt-providers-kubernetesCRD-ingressClass" title="#opt-providers-kubernetesCRD-ingressClass">`providers.kubernetesCRD.ingressClass`</a> | Value of `kubernetes.io/ingress.class` annotation that identifies resource objects to be processed.<br />If empty, resources missing the annotation, having an empty value, or the value `traefik` are processed. | ""      | No |
+| <a id="opt-providers-kubernetesCRD-throttleDuration" href="#opt-providers-kubernetesCRD-throttleDuration" title="#opt-providers-kubernetesCRD-throttleDuration">`providers.kubernetesCRD.throttleDuration`</a> | Minimum amount of time to wait between two Kubernetes events before producing a new configuration.<br />This prevents a Kubernetes cluster that updates many times per second from continuously changing your Traefik configuration.<br />If empty, every event is caught. | 0s      | No |
+| <a id="opt-providers-kubernetesCRD-allowEmptyServices" href="#opt-providers-kubernetesCRD-allowEmptyServices" title="#opt-providers-kubernetesCRD-allowEmptyServices">`providers.kubernetesCRD.allowEmptyServices`</a> | Allows creating a route to reach a service that has no endpoint available.<br />It allows Traefik to handle the requests and responses targeting this service (applying middleware or observability operations) before returning a `503` HTTP Status.  | false   | No |
+| <a id="opt-providers-kubernetesCRD-allowCrossNamespace" href="#opt-providers-kubernetesCRD-allowCrossNamespace" title="#opt-providers-kubernetesCRD-allowCrossNamespace">`providers.kubernetesCRD.allowCrossNamespace`</a> | Allows the `IngressRoutes` to reference resources in namespaces other than theirs. | false   | No |
+| <a id="opt-providers-kubernetesCRD-allowExternalNameServices" href="#opt-providers-kubernetesCRD-allowExternalNameServices" title="#opt-providers-kubernetesCRD-allowExternalNameServices">`providers.kubernetesCRD.allowExternalNameServices`</a> | Allows the `IngressRoutes` to reference ExternalName services. | false   | No |
+| <a id="opt-providers-kubernetesCRD-nativeLBByDefault" href="#opt-providers-kubernetesCRD-nativeLBByDefault" title="#opt-providers-kubernetesCRD-nativeLBByDefault">`providers.kubernetesCRD.nativeLBByDefault`</a> | Allow using the Kubernetes Service load balancing between the pods instead of the one provided by Traefik for every `IngressRoute` by default.<br />It can br overridden in the [`ServerTransport`](../../../../routing/services/index.md#serverstransport). | false   | No |
+| <a id="opt-providers-kubernetesCRD-disableClusterScopeResources" href="#opt-providers-kubernetesCRD-disableClusterScopeResources" title="#opt-providers-kubernetesCRD-disableClusterScopeResources">`providers.kubernetesCRD.disableClusterScopeResources`</a> | Prevent from discovering cluster scope resources (`IngressClass` and `Nodes`).<br />By doing so, it alleviates the requirement of giving Traefik the rights to look up for cluster resources.<br />Furthermore, Traefik will not handle IngressRoutes with IngressClass references, therefore such Ingresses will be ignored (please note that annotations are not affected by this option).<br />This will also prevent from using the `NodePortLB` options on services. | false   | No |

 ### endpoint

@@ -108,18 +108,18 @@ See the dedicated section in [routing](../../../../routing/providers/kubernetes-

 <!-- markdownlint-disable MD013 -->

-| Resource  | Purpose    |
-|--------------------------------------------------|--------------------------------------------------------------------|
-| [IngressRoute](../../../../routing/providers/kubernetes-crd.md#kind-ingressroute)     | HTTP Routing     |
-| [Middleware](../../../../middlewares/http/overview.md)    | Tweaks the HTTP requests before they are sent to your service  |
-| [TraefikService](../../../../routing/providers/kubernetes-crd.md#kind-traefikservice)  | Abstraction for HTTP loadbalancing/mirroring  | 
-| [TLSOptions](../../../../routing/providers/kubernetes-crd.md#kind-tlsoption)  | Allows configuring some parameters of the TLS connection  |
-| [TLSStores](../../../../routing/providers/kubernetes-crd.md#kind-tlsstore) | Allows configuring the default TLS store    |  
-| [ServersTransport](../../../../routing/providers/kubernetes-crd.md#kind-serverstransport)       | Allows configuring the transport between Traefik and the backends | 
-| [IngressRouteTCP](../../../../routing/providers/kubernetes-crd.md#kind-ingressroutetcp)       | TCP Routing  | 
-| [MiddlewareTCP](../../../../routing/providers/kubernetes-crd.md#kind-middlewaretcp) | Tweaks the TCP requests before they are sent to your service       |
-| [ServersTransportTCP](../../../../routing/providers/kubernetes-crd.md#kind-serverstransporttc) | Allows configuring the transport between Traefik and the backends |
-| [IngressRouteUDP](../../../../routing/providers/kubernetes-crd.md#kind-ingressrouteudp)         | UDP Routing       |
+| Resource                                                                                                                                                                                            | Purpose                                                           |
+|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------|
+| <a id="opt-IngressRoute" href="#opt-IngressRoute" title="#opt-IngressRoute">[IngressRoute](../../../routing-configuration/kubernetes/crd/http/ingressroute.md)</a> | HTTP Routing                                                      |
+| <a id="opt-Middleware" href="#opt-Middleware" title="#opt-Middleware">[Middleware](../../../routing-configuration/kubernetes/crd/http/middleware.md)</a> | Tweaks the HTTP requests before they are sent to your service     |
+| <a id="opt-TraefikService" href="#opt-TraefikService" title="#opt-TraefikService">[TraefikService](../../../routing-configuration/kubernetes/crd/http/traefikservice.md)</a> | Abstraction for HTTP loadbalancing/mirroring                      | 
+| <a id="opt-TLSOptions" href="#opt-TLSOptions" title="#opt-TLSOptions">[TLSOptions](../../../routing-configuration/kubernetes/crd/tls/tlsoption.md)</a> | Allows configuring some parameters of the TLS connection          |
+| <a id="opt-TLSStores" href="#opt-TLSStores" title="#opt-TLSStores">[TLSStores](../../../routing-configuration/kubernetes/crd/tls/tlsstore.md)</a> | Allows configuring the default TLS store                          |  
+| <a id="opt-ServersTransport" href="#opt-ServersTransport" title="#opt-ServersTransport">[ServersTransport](../../../routing-configuration/kubernetes/crd/http/serverstransport.md)</a> | Allows configuring the transport between Traefik and the backends | 
+| <a id="opt-IngressRouteTCP" href="#opt-IngressRouteTCP" title="#opt-IngressRouteTCP">[IngressRouteTCP](../../../routing-configuration/kubernetes/crd/tcp/ingressroutetcp.md)</a> | TCP Routing                                                       | 
+| <a id="opt-MiddlewareTCP" href="#opt-MiddlewareTCP" title="#opt-MiddlewareTCP">[MiddlewareTCP](../../../routing-configuration/kubernetes/crd/tcp/middlewaretcp.md)</a> | Tweaks the TCP requests before they are sent to your service      |
+| <a id="opt-ServersTransportTCP" href="#opt-ServersTransportTCP" title="#opt-ServersTransportTCP">[ServersTransportTCP](../../../routing-configuration/kubernetes/crd/tcp/serverstransporttcp.md)</a> | Allows configuring the transport between Traefik and the backends |
+| <a id="opt-IngressRouteUDP" href="#opt-IngressRouteUDP" title="#opt-IngressRouteUDP">[IngressRouteUDP](../../../routing-configuration/kubernetes/crd/udp/ingressrouteudp.md)</a> | UDP Routing                                                       |

 ## Particularities

--- a/docs/content/reference/install-configuration/providers/kubernetes/kubernetes-gateway.md
+++ b/docs/content/reference/install-configuration/providers/kubernetes/kubernetes-gateway.md
@@ -69,19 +69,19 @@ providers:

 | Field                                                                 | Description                                                                                                                                                                                                                                                                                                                                                                                           | Default | Required |
 |:----------------------------------------------------------------------|:------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:--------|:---------|
-| `providers.providersThrottleDuration`                                 | Minimum amount of time to wait for, after a configuration reload, before taking into account any new configuration refresh event.<br />If multiple events occur within this time, only the most recent one is taken into account, and all others are discarded.<br />**This option cannot be set per provider, but the throttling algorithm applies to each of them independently.**                  | 2s      | No       |
-| `providers.kubernetesGateway.endpoint`                                | Server endpoint URL.<br />More information [here](#endpoint).                                                                                                                                                                                                                                                                                                                                         | ""      | No       |
-| `providers.kubernetesGateway.experimentalChannel`                     | Toggles support for the Experimental Channel resources ([Gateway API release channels documentation](https://gateway-api.sigs.k8s.io/concepts/versioning/#release-channels)).<br />(ex: `TCPRoute` and `TLSRoute`)                                                                                                                                                                                    | false   | No       |
-| `providers.kubernetesGateway.token`                                   | Bearer token used for the Kubernetes client configuration.                                                                                                                                                                                                                                                                                                                                            | ""      | No       |
-| `providers.kubernetesGateway.certAuthFilePath`                        | Path to the certificate authority file.<br />Used for the Kubernetes client configuration.                                                                                                                                                                                                                                                                                                            | ""      | No       |
-| `providers.kubernetesGateway.namespaces`                              | Array of namespaces to watch.<br />If left empty, watch all namespaces.                                                                                                                                                                                                                                                                                                                               | []      | No       |
-| `providers.kubernetesGateway.labelselector`                           | Allow filtering on specific resource objects only using label selectors.<br />Only to Traefik [Custom Resources](./kubernetes-crd.md#list-of-resources) (they all must match the filter).<br />No effect on Kubernetes `Secrets`, `EndpointSlices` and `Services`.<br />See [label-selectors](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors) for details. | ""      | No       |
-| `providers.kubernetesGateway.throttleDuration`                        | Minimum amount of time to wait between two Kubernetes events before producing a new configuration.<br />This prevents a Kubernetes cluster that updates many times per second from continuously changing your Traefik configuration.<br />If empty, every event is caught.                                                                                                                            | 0s      | No       |
-| `providers.kubernetesGateway.nativeLBByDefault`                       | Defines whether to use Native Kubernetes load-balancing mode by default. For more information, please check out the `traefik.io/service.nativelb` service annotation documentation.                                                                                                                                                                                                                   | false   | No       |
-| `providers.kubernetesGateway.`<br />`statusAddress.hostname`          | Hostname copied to the Gateway `status.addresses`.                                                                                                                                                                                                                                                                                                                                                    | ""      | No       |
-| `providers.kubernetesGateway.`<br />`statusAddress.ip`                | IP address copied to the Gateway `status.addresses`, and currently only supports one IP value (IPv4 or IPv6).                                                                                                                                                                                                                                                                                         | ""      | No       |
-| `providers.kubernetesGateway.`<br />`statusAddress.service.namespace` | The namespace of the Kubernetes service to copy status addresses from.<br />When using third parties tools like External-DNS, this option can be used to copy the service `loadbalancer.status` (containing the service's endpoints IPs) to the Gateway `status.addresses`.                                                                                                                           | ""      | No       |
-| `providers.kubernetesGateway.`<br />`statusAddress.service.name`      | The name of the Kubernetes service to copy status addresses from.<br />When using third parties tools like External-DNS, this option can be used to copy the service `loadbalancer.status` (containing the service's endpoints IPs) to the Gateway `status.addresses`.                                                                                                                                | ""      | No       |
+| <a id="opt-providers-providersThrottleDuration" href="#opt-providers-providersThrottleDuration" title="#opt-providers-providersThrottleDuration">`providers.providersThrottleDuration`</a> | Minimum amount of time to wait for, after a configuration reload, before taking into account any new configuration refresh event.<br />If multiple events occur within this time, only the most recent one is taken into account, and all others are discarded.<br />**This option cannot be set per provider, but the throttling algorithm applies to each of them independently.**                  | 2s      | No       |
+| <a id="opt-providers-kubernetesGateway-endpoint" href="#opt-providers-kubernetesGateway-endpoint" title="#opt-providers-kubernetesGateway-endpoint">`providers.kubernetesGateway.endpoint`</a> | Server endpoint URL.<br />More information [here](#endpoint).                                                                                                                                                                                                                                                                                                                                         | ""      | No       |
+| <a id="opt-providers-kubernetesGateway-experimentalChannel" href="#opt-providers-kubernetesGateway-experimentalChannel" title="#opt-providers-kubernetesGateway-experimentalChannel">`providers.kubernetesGateway.experimentalChannel`</a> | Toggles support for the Experimental Channel resources ([Gateway API release channels documentation](https://gateway-api.sigs.k8s.io/concepts/versioning/#release-channels)).<br />(ex: `TCPRoute` and `TLSRoute`)                                                                                                                                                                                    | false   | No       |
+| <a id="opt-providers-kubernetesGateway-token" href="#opt-providers-kubernetesGateway-token" title="#opt-providers-kubernetesGateway-token">`providers.kubernetesGateway.token`</a> | Bearer token used for the Kubernetes client configuration.                                                                                                                                                                                                                                                                                                                                            | ""      | No       |
+| <a id="opt-providers-kubernetesGateway-certAuthFilePath" href="#opt-providers-kubernetesGateway-certAuthFilePath" title="#opt-providers-kubernetesGateway-certAuthFilePath">`providers.kubernetesGateway.certAuthFilePath`</a> | Path to the certificate authority file.<br />Used for the Kubernetes client configuration.                                                                                                                                                                                                                                                                                                            | ""      | No       |
+| <a id="opt-providers-kubernetesGateway-namespaces" href="#opt-providers-kubernetesGateway-namespaces" title="#opt-providers-kubernetesGateway-namespaces">`providers.kubernetesGateway.namespaces`</a> | Array of namespaces to watch.<br />If left empty, watch all namespaces.                                                                                                                                                                                                                                                                                                                               | []      | No       |
+| <a id="opt-providers-kubernetesGateway-labelselector" href="#opt-providers-kubernetesGateway-labelselector" title="#opt-providers-kubernetesGateway-labelselector">`providers.kubernetesGateway.labelselector`</a> | Allow filtering on specific resource objects only using label selectors.<br />Only to Traefik [Custom Resources](./kubernetes-crd.md#list-of-resources) (they all must match the filter).<br />No effect on Kubernetes `Secrets`, `EndpointSlices` and `Services`.<br />See [label-selectors](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors) for details. | ""      | No       |
+| <a id="opt-providers-kubernetesGateway-throttleDuration" href="#opt-providers-kubernetesGateway-throttleDuration" title="#opt-providers-kubernetesGateway-throttleDuration">`providers.kubernetesGateway.throttleDuration`</a> | Minimum amount of time to wait between two Kubernetes events before producing a new configuration.<br />This prevents a Kubernetes cluster that updates many times per second from continuously changing your Traefik configuration.<br />If empty, every event is caught.                                                                                                                            | 0s      | No       |
+| <a id="opt-providers-kubernetesGateway-nativeLBByDefault" href="#opt-providers-kubernetesGateway-nativeLBByDefault" title="#opt-providers-kubernetesGateway-nativeLBByDefault">`providers.kubernetesGateway.nativeLBByDefault`</a> | Defines whether to use Native Kubernetes load-balancing mode by default. For more information, please check out the `traefik.io/service.nativelb` service annotation documentation.                                                                                                                                                                                                                   | false   | No       |
+| <a id="opt-providers-kubernetesGateway-statusAddress-hostname" href="#opt-providers-kubernetesGateway-statusAddress-hostname" title="#opt-providers-kubernetesGateway-statusAddress-hostname">`providers.kubernetesGateway.`<br />`statusAddress.hostname`</a> | Hostname copied to the Gateway `status.addresses`.                                                                                                                                                                                                                                                                                                                                                    | ""      | No       |
+| <a id="opt-providers-kubernetesGateway-statusAddress-ip" href="#opt-providers-kubernetesGateway-statusAddress-ip" title="#opt-providers-kubernetesGateway-statusAddress-ip">`providers.kubernetesGateway.`<br />`statusAddress.ip`</a> | IP address copied to the Gateway `status.addresses`, and currently only supports one IP value (IPv4 or IPv6).                                                                                                                                                                                                                                                                                         | ""      | No       |
+| <a id="opt-providers-kubernetesGateway-statusAddress-service-namespace" href="#opt-providers-kubernetesGateway-statusAddress-service-namespace" title="#opt-providers-kubernetesGateway-statusAddress-service-namespace">`providers.kubernetesGateway.`<br />`statusAddress.service.namespace`</a> | The namespace of the Kubernetes service to copy status addresses from.<br />When using third parties tools like External-DNS, this option can be used to copy the service `loadbalancer.status` (containing the service's endpoints IPs) to the Gateway `status.addresses`.                                                                                                                           | ""      | No       |
+| <a id="opt-providers-kubernetesGateway-statusAddress-service-name" href="#opt-providers-kubernetesGateway-statusAddress-service-name" title="#opt-providers-kubernetesGateway-statusAddress-service-name">`providers.kubernetesGateway.`<br />`statusAddress.service.name`</a> | The name of the Kubernetes service to copy status addresses from.<br />When using third parties tools like External-DNS, this option can be used to copy the service `loadbalancer.status` (containing the service's endpoints IPs) to the Gateway `status.addresses`.                                                                                                                                | ""      | No       |

 <!-- markdownlint-enable MD013 -->

--- a/docs/content/reference/install-configuration/providers/kubernetes/kubernetes-ingress-nginx.md
+++ b/docs/content/reference/install-configuration/providers/kubernetes/kubernetes-ingress-nginx.md
@@ -49,21 +49,21 @@ which in turn creates the resulting routers, services, handlers, etc.

 | Field                                                       | Description                                                                                                                                                                                                                                                                                                                                                                          | Default | Required |
 |:------------------------------------------------------------|:-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:--------|:---------|
-| `providers.providersThrottleDuration`                       | Minimum amount of time to wait for, after a configuration reload, before taking into account any new configuration refresh event.<br />If multiple events occur within this time, only the most recent one is taken into account, and all others are discarded.<br />**This option cannot be set per provider, but the throttling algorithm applies to each of them independently.** | 2s      | No       |
-| `providers.kubernetesIngressNGINX.endpoint`                 | Server endpoint URL.<br />More information [here](#endpoint).                                                                                                                                                                                                                                                                                                                        | ""      | No       |
-| `providers.kubernetesIngressNGINX.token`                    | Bearer token used for the Kubernetes client configuration.                                                                                                                                                                                                                                                                                                                           | ""      | No       |
-| `providers.kubernetesIngressNGINX.certAuthFilePath`         | Path to the certificate authority file.<br />Used for the Kubernetes client configuration.                                                                                                                                                                                                                                                                                           | ""      | No       |
-| `providers.kubernetesIngressNGINX.throttleDuration`         | Minimum amount of time to wait between two Kubernetes events before producing a new configuration.<br />This prevents a Kubernetes cluster that updates many times per second from continuously changing your Traefik configuration.<br />If empty, every event is caught.                                                                                                           | 0s      | No       |
-| `providers.kubernetesIngressNGINX.watchNamespace`           | Namespace the controller watches for updates to Kubernetes objects. All namespaces are watched if this parameter is left empty.                                                                                                                                                                                                                                                      | ""      | No       |
-| `providers.kubernetesIngressNGINX.watchNamespaceSelector`   | Selector selects namespaces the controller watches for updates to Kubernetes objects.                                                                                                                                                                                                                                                                                                | ""      | No       |
-| `providers.kubernetesIngressNGINX.ingressClass`             | Name of the ingress class this controller satisfies.                                                                                                                                                                                                                                                                                                                                 | ""      | No       |
-| `providers.kubernetesIngressNGINX.controllerClass`          | Ingress Class Controller value this controller satisfies.                                                                                                                                                                                                                                                                                                                            | ""      | No       |
-| `providers.kubernetesIngressNGINX.watchIngressWithoutClass` | Define if Ingress Controller should also watch for Ingresses without an IngressClass or the annotation specified.                                                                                                                                                                                                                                                                    | false   | No       |
-| `providers.kubernetesIngressNGINX.ingressClassByName`       | Define if Ingress Controller should watch for Ingress Class by Name together with Controller Class.                                                                                                                                                                                                                                                                                  | false   | No       |
-| `providers.kubernetesIngressNGINX.publishService`           | Service fronting the Ingress controller. Takes the form namespace/name.                                                                                                                                                                                                                                                                                                              | ""      | No       |
-| `providers.kubernetesIngressNGINX.publishStatusAddress`     | Customized address (or addresses, separated by comma) to set as the load-balancer status of Ingress objects this controller satisfies.                                                                                                                                                                                                                                               | ""      | No       |
-| `providers.kubernetesIngressNGINX.defaultBackendService`    | Service used to serve HTTP requests not matching any known server name (catch-all). Takes the form 'namespace/name'.                                                                                                                                                                                                                                                                 | ""      | No       |
-| `providers.kubernetesIngressNGINX.disableSvcExternalName`   | Disable support for Services of type ExternalName.                                                                                                                                                                                                                                                                                                                                   | false   | No       |
+| <a id="opt-providers-providersThrottleDuration" href="#opt-providers-providersThrottleDuration" title="#opt-providers-providersThrottleDuration">`providers.providersThrottleDuration`</a> | Minimum amount of time to wait for, after a configuration reload, before taking into account any new configuration refresh event.<br />If multiple events occur within this time, only the most recent one is taken into account, and all others are discarded.<br />**This option cannot be set per provider, but the throttling algorithm applies to each of them independently.** | 2s      | No       |
+| <a id="opt-providers-kubernetesIngressNGINX-endpoint" href="#opt-providers-kubernetesIngressNGINX-endpoint" title="#opt-providers-kubernetesIngressNGINX-endpoint">`providers.kubernetesIngressNGINX.endpoint`</a> | Server endpoint URL.<br />More information [here](#endpoint).                                                                                                                                                                                                                                                                                                                        | ""      | No       |
+| <a id="opt-providers-kubernetesIngressNGINX-token" href="#opt-providers-kubernetesIngressNGINX-token" title="#opt-providers-kubernetesIngressNGINX-token">`providers.kubernetesIngressNGINX.token`</a> | Bearer token used for the Kubernetes client configuration.                                                                                                                                                                                                                                                                                                                           | ""      | No       |
+| <a id="opt-providers-kubernetesIngressNGINX-certAuthFilePath" href="#opt-providers-kubernetesIngressNGINX-certAuthFilePath" title="#opt-providers-kubernetesIngressNGINX-certAuthFilePath">`providers.kubernetesIngressNGINX.certAuthFilePath`</a> | Path to the certificate authority file.<br />Used for the Kubernetes client configuration.                                                                                                                                                                                                                                                                                           | ""      | No       |
+| <a id="opt-providers-kubernetesIngressNGINX-throttleDuration" href="#opt-providers-kubernetesIngressNGINX-throttleDuration" title="#opt-providers-kubernetesIngressNGINX-throttleDuration">`providers.kubernetesIngressNGINX.throttleDuration`</a> | Minimum amount of time to wait between two Kubernetes events before producing a new configuration.<br />This prevents a Kubernetes cluster that updates many times per second from continuously changing your Traefik configuration.<br />If empty, every event is caught.                                                                                                           | 0s      | No       |
+| <a id="opt-providers-kubernetesIngressNGINX-watchNamespace" href="#opt-providers-kubernetesIngressNGINX-watchNamespace" title="#opt-providers-kubernetesIngressNGINX-watchNamespace">`providers.kubernetesIngressNGINX.watchNamespace`</a> | Namespace the controller watches for updates to Kubernetes objects. All namespaces are watched if this parameter is left empty.                                                                                                                                                                                                                                                      | ""      | No       |
+| <a id="opt-providers-kubernetesIngressNGINX-watchNamespaceSelector" href="#opt-providers-kubernetesIngressNGINX-watchNamespaceSelector" title="#opt-providers-kubernetesIngressNGINX-watchNamespaceSelector">`providers.kubernetesIngressNGINX.watchNamespaceSelector`</a> | Selector selects namespaces the controller watches for updates to Kubernetes objects.                                                                                                                                                                                                                                                                                                | ""      | No       |
+| <a id="opt-providers-kubernetesIngressNGINX-ingressClass" href="#opt-providers-kubernetesIngressNGINX-ingressClass" title="#opt-providers-kubernetesIngressNGINX-ingressClass">`providers.kubernetesIngressNGINX.ingressClass`</a> | Name of the ingress class this controller satisfies.                                                                                                                                                                                                                                                                                                                                 | ""      | No       |
+| <a id="opt-providers-kubernetesIngressNGINX-controllerClass" href="#opt-providers-kubernetesIngressNGINX-controllerClass" title="#opt-providers-kubernetesIngressNGINX-controllerClass">`providers.kubernetesIngressNGINX.controllerClass`</a> | Ingress Class Controller value this controller satisfies.                                                                                                                                                                                                                                                                                                                            | ""      | No       |
+| <a id="opt-providers-kubernetesIngressNGINX-watchIngressWithoutClass" href="#opt-providers-kubernetesIngressNGINX-watchIngressWithoutClass" title="#opt-providers-kubernetesIngressNGINX-watchIngressWithoutClass">`providers.kubernetesIngressNGINX.watchIngressWithoutClass`</a> | Define if Ingress Controller should also watch for Ingresses without an IngressClass or the annotation specified.                                                                                                                                                                                                                                                                    | false   | No       |
+| <a id="opt-providers-kubernetesIngressNGINX-ingressClassByName" href="#opt-providers-kubernetesIngressNGINX-ingressClassByName" title="#opt-providers-kubernetesIngressNGINX-ingressClassByName">`providers.kubernetesIngressNGINX.ingressClassByName`</a> | Define if Ingress Controller should watch for Ingress Class by Name together with Controller Class.                                                                                                                                                                                                                                                                                  | false   | No       |
+| <a id="opt-providers-kubernetesIngressNGINX-publishService" href="#opt-providers-kubernetesIngressNGINX-publishService" title="#opt-providers-kubernetesIngressNGINX-publishService">`providers.kubernetesIngressNGINX.publishService`</a> | Service fronting the Ingress controller. Takes the form namespace/name.                                                                                                                                                                                                                                                                                                              | ""      | No       |
+| <a id="opt-providers-kubernetesIngressNGINX-publishStatusAddress" href="#opt-providers-kubernetesIngressNGINX-publishStatusAddress" title="#opt-providers-kubernetesIngressNGINX-publishStatusAddress">`providers.kubernetesIngressNGINX.publishStatusAddress`</a> | Customized address (or addresses, separated by comma) to set as the load-balancer status of Ingress objects this controller satisfies.                                                                                                                                                                                                                                               | ""      | No       |
+| <a id="opt-providers-kubernetesIngressNGINX-defaultBackendService" href="#opt-providers-kubernetesIngressNGINX-defaultBackendService" title="#opt-providers-kubernetesIngressNGINX-defaultBackendService">`providers.kubernetesIngressNGINX.defaultBackendService`</a> | Service used to serve HTTP requests not matching any known server name (catch-all). Takes the form 'namespace/name'.                                                                                                                                                                                                                                                                 | ""      | No       |
+| <a id="opt-providers-kubernetesIngressNGINX-disableSvcExternalName" href="#opt-providers-kubernetesIngressNGINX-disableSvcExternalName" title="#opt-providers-kubernetesIngressNGINX-disableSvcExternalName">`providers.kubernetesIngressNGINX.disableSvcExternalName`</a> | Disable support for Services of type ExternalName.                                                                                                                                                                                                                                                                                                                                   | false   | No       |

 <!-- markdownlint-enable MD013 -->

--- a/docs/content/reference/install-configuration/providers/kubernetes/kubernetes-ingress.md
+++ b/docs/content/reference/install-configuration/providers/kubernetes/kubernetes-ingress.md
@@ -3,7 +3,7 @@ title: "Traefik Kubernetes Ingress Documentation"
 description: "Understand the requirements, routing configuration, and how to set up Traefik Proxy as your Kubernetes Ingress Controller. Read the technical documentation."
 ---

-# Traefik & Kubernetes 
+# Traefik & Kubernetes

 The Traefik Kubernetes Ingress provider is a Kubernetes Ingress controller; i.e,
 it manages access to cluster services by supporting the [Ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/) specification.
@@ -42,28 +42,29 @@ and derives the corresponding dynamic configuration from it,
 which in turn creates the resulting routers, services, handlers, etc.

 ## Configuration Options
+
 <!-- markdownlint-disable MD013 -->

-| Field                                                                  | Description                                                                                                                                                                                                                                                                                                                                                                                                                                                            | Default | Required |
-|:-----------------------------------------------------------------------|:-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:--------|:---------|
-| `providers.providersThrottleDuration`                                  | Minimum amount of time to wait for, after a configuration reload, before taking into account any new configuration refresh event.<br />If multiple events occur within this time, only the most recent one is taken into account, and all others are discarded.<br />**This option cannot be set per provider, but the throttling algorithm applies to each of them independently.**                                                                                   | 2s      | No       |
-| `providers.kubernetesIngress.endpoint`                                 | Server endpoint URL.<br />More information [here](#endpoint).                                                                                                                                                                                                                                                                                                                                                                                                          | ""      | No       |
-| `providers.kubernetesIngress.token`                                    | Bearer token used for the Kubernetes client configuration.                                                                                                                                                                                                                                                                                                                                                                                                             | ""      | No       |
-| `providers.kubernetesIngress.certAuthFilePath`                         | Path to the certificate authority file.<br />Used for the Kubernetes client configuration.                                                                                                                                                                                                                                                                                                                                                                             | ""      | No       |
-| `providers.kubernetesCRD.namespaces`                                   | Array of namespaces to watch.<br />If left empty, watch all namespaces.                                                                                                                                                                                                                                                                                                                                                                                                |         | No       |
-| `providers.kubernetesIngress.labelselector`                            | Allow filtering on Ingress objects using label selectors.<br />No effect on Kubernetes `Secrets`, `EndpointSlices` and `Services`.<br />See [label-selectors](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors) for details.                                                                                                                                                                                                  | ""      | No       |
-| `providers.kubernetesIngress.ingressClass`                             | The `IngressClass` resource name or the `kubernetes.io/ingress.class` annotation value that identifies resource objects to be processed.<br />If empty, resources missing the annotation, having an empty value, or the value `traefik` are processed.                                                                                                                                                                                                                 | ""      | No       |
-| `providers.kubernetesIngress.disableIngressClassLookup`                | Prevent to discover IngressClasses in the cluster.<br />It alleviates the requirement of giving Traefik the rights to look IngressClasses up.<br />Ignore Ingresses with IngressClass.<br />Annotations are not affected by this option.                                                                                                                                                                                                                               | false   | No       |
-| `providers.kubernetesIngress.`<br />`ingressEndpoint.hostname`         | Hostname used for Kubernetes Ingress endpoints.                                                                                                                                                                                                                                                                                                                                                                                                                        | ""      | No       |
-| `providers.kubernetesIngress.`<br />`ingressEndpoint.ip`               | This IP will get copied to the Ingress `status.loadbalancer.ip`, and currently only supports one IP value (IPv4 or IPv6).                                                                                                                                                                                                                                                                                                                                              | ""      | No       |
-| `providers.kubernetesIngress.`<br />`ingressEndpoint.publishedService` | The Kubernetes service to copy status from.<br />More information [here](#ingressendpointpublishedservice).                                                                                                                                                                                                                                                                                                                                                            | ""      | No       |
-| `providers.kubernetesIngress.throttleDuration`                         | Minimum amount of time to wait between two Kubernetes events before producing a new configuration.<br />This prevents a Kubernetes cluster that updates many times per second from continuously changing your Traefik configuration.<br />If empty, every event is caught.                                                                                                                                                                                             | 0s      | No       |
-| `providers.kubernetesIngress.allowEmptyServices`                       | Allows creating a route to reach a service that has no endpoint available.<br />It allows Traefik to handle the requests and responses targeting this service (applying middleware or observability operations) before returning a `503` HTTP Status.                                                                                                                                                                                                                  | false   | No       |
-| `providers.kubernetesIngress.allowCrossNamespace`                      | Allows the `Ingress` to reference resources in namespaces other than theirs.                                                                                                                                                                                                                                                                                                                                                                                           | false   | No       |
-| `providers.kubernetesIngress.allowExternalNameServices`                | Allows the `Ingress` to reference ExternalName services.                                                                                                                                                                                                                                                                                                                                                                                                               | false   | No       |
-| `providers.kubernetesIngress.nativeLBByDefault`                        | Allow using the Kubernetes Service load balancing between the pods instead of the one provided by Traefik for every `Ingress` by default.<br />It can br overridden in the [`ServerTransport`](../../../../routing/services/index.md#serverstransport).                                                                                                                                                                                                                | false   | No       |
-| `providers.kubernetesIngress.disableClusterScopeResources`             | Prevent from discovering cluster scope resources (`IngressClass` and `Nodes`).<br />By doing so, it alleviates the requirement of giving Traefik the rights to look up for cluster resources.<br />Furthermore, Traefik  will not handle Ingresses with IngressClass references, therefore such Ingresses will be ignored (please note that annotations are not affected by this option).<br />This will also prevent from using the `NodePortLB` options on services. | false   | No       |
-| `providers.kubernetesIngress.strictPrefixMatching`                     | Make prefix matching strictly comply with the Kubernetes Ingress specification (path-element-wise matching instead of character-by-character string matching). For example, a PathPrefix of `/foo` will match `/foo`, `/foo/`, and `/foo/bar` but not `/foobar`.                                                                                                                                                                                                       | false   | No       |
+| Field                                                               | Description    | Default | Required |
+| :------------------------------------------------------------------ | :------------- | :------ | :------- |
+| <a id="opt-providers-providersThrottleDuration" href="#opt-providers-providersThrottleDuration" title="#opt-providers-providersThrottleDuration">`providers.providersThrottleDuration`</a> | Minimum amount of time to wait for, after a configuration reload, before taking into account any new configuration refresh event.<br />If multiple events occur within this time, only the most recent one is taken into account, and all others are discarded.<br />**This option cannot be set per provider, but the throttling algorithm applies to each of them independently.**     | 2s      | No       |
+| <a id="opt-providers-kubernetesIngress-endpoint" href="#opt-providers-kubernetesIngress-endpoint" title="#opt-providers-kubernetesIngress-endpoint">`providers.kubernetesIngress.endpoint`</a> | Server endpoint URL.<br />More information [here](#endpoint).   | ""      | No       |
+| <a id="opt-providers-kubernetesIngress-token" href="#opt-providers-kubernetesIngress-token" title="#opt-providers-kubernetesIngress-token">`providers.kubernetesIngress.token`</a> | Bearer token used for the Kubernetes client configuration.  | ""      | No       |
+| <a id="opt-providers-kubernetesIngress-certAuthFilePath" href="#opt-providers-kubernetesIngress-certAuthFilePath" title="#opt-providers-kubernetesIngress-certAuthFilePath">`providers.kubernetesIngress.certAuthFilePath`</a> | Path to the certificate authority file.<br />Used for the Kubernetes client configuration.  | ""      | No       |
+| <a id="opt-providers-kubernetesIngress-namespaces" href="#opt-providers-kubernetesIngress-namespaces" title="#opt-providers-kubernetesIngress-namespaces">`providers.kubernetesIngress.namespaces`</a> | Array of namespaces to watch.<br />If left empty, watch all namespaces.   |         | No       |
+| <a id="opt-providers-kubernetesIngress-labelselector" href="#opt-providers-kubernetesIngress-labelselector" title="#opt-providers-kubernetesIngress-labelselector">`providers.kubernetesIngress.labelselector`</a> | Allow filtering on Ingress objects using label selectors.<br />No effect on Kubernetes `Secrets`, `EndpointSlices` and `Services`.<br />See [label-selectors](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors) for details.        | ""      | No       |
+| <a id="opt-providers-kubernetesIngress-ingressClass" href="#opt-providers-kubernetesIngress-ingressClass" title="#opt-providers-kubernetesIngress-ingressClass">`providers.kubernetesIngress.ingressClass`</a> | The `IngressClass` resource name or the `kubernetes.io/ingress.class` annotation value that identifies resource objects to be processed.<br />If empty, resources missing the annotation, having an empty value, or the value `traefik` are processed.     | ""      | No       |
+| <a id="opt-providers-kubernetesIngress-disableIngressClassLookup" href="#opt-providers-kubernetesIngress-disableIngressClassLookup" title="#opt-providers-kubernetesIngress-disableIngressClassLookup">`providers.kubernetesIngress.disableIngressClassLookup`</a> | Prevent to discover IngressClasses in the cluster.<br />It alleviates the requirement of giving Traefik the rights to look IngressClasses up.<br />Ignore Ingresses with IngressClass.<br />Annotations are not affected by this option.   | false   | No       |
+| <a id="opt-providers-kubernetesIngress-ingressEndpoint-hostname" href="#opt-providers-kubernetesIngress-ingressEndpoint-hostname" title="#opt-providers-kubernetesIngress-ingressEndpoint-hostname">`providers.kubernetesIngress.`<br />`ingressEndpoint.hostname`</a> | Hostname used for Kubernetes Ingress endpoints.  | ""      | No       |
+| <a id="opt-providers-kubernetesIngress-ingressEndpoint-ip" href="#opt-providers-kubernetesIngress-ingressEndpoint-ip" title="#opt-providers-kubernetesIngress-ingressEndpoint-ip">`providers.kubernetesIngress.`<br />`ingressEndpoint.ip`</a> | This IP will get copied to the Ingress `status.loadbalancer.ip`, and currently only supports one IP value (IPv4 or IPv6). | ""      | No       |
+| <a id="opt-providers-kubernetesIngress-ingressEndpoint-publishedService" href="#opt-providers-kubernetesIngress-ingressEndpoint-publishedService" title="#opt-providers-kubernetesIngress-ingressEndpoint-publishedService">`providers.kubernetesIngress.`<br />`ingressEndpoint.publishedService`</a> | The Kubernetes service to copy status from.<br />More information [here](#ingressendpointpublishedservice). | ""      | No       |
+| <a id="opt-providers-kubernetesIngress-throttleDuration" href="#opt-providers-kubernetesIngress-throttleDuration" title="#opt-providers-kubernetesIngress-throttleDuration">`providers.kubernetesIngress.throttleDuration`</a> | Minimum amount of time to wait between two Kubernetes events before producing a new configuration.<br />This prevents a Kubernetes cluster that updates many times per second from continuously changing your Traefik configuration.<br />If empty, every event is caught.  | 0s      | No       |
+| <a id="opt-providers-kubernetesIngress-allowEmptyServices" href="#opt-providers-kubernetesIngress-allowEmptyServices" title="#opt-providers-kubernetesIngress-allowEmptyServices">`providers.kubernetesIngress.allowEmptyServices`</a> | Allows creating a route to reach a service that has no endpoint available.<br />It allows Traefik to handle the requests and responses targeting this service (applying middleware or observability operations) before returning a `503` HTTP Status.  | false   | No       |
+| <a id="opt-providers-kubernetesIngress-allowCrossNamespace" href="#opt-providers-kubernetesIngress-allowCrossNamespace" title="#opt-providers-kubernetesIngress-allowCrossNamespace">`providers.kubernetesIngress.allowCrossNamespace`</a> | Allows the `Ingress` to reference resources in namespaces other than theirs. | false   | No       |
+| <a id="opt-providers-kubernetesIngress-allowExternalNameServices" href="#opt-providers-kubernetesIngress-allowExternalNameServices" title="#opt-providers-kubernetesIngress-allowExternalNameServices">`providers.kubernetesIngress.allowExternalNameServices`</a> | Allows the `Ingress` to reference ExternalName services.   | false   | No       |
+| <a id="opt-providers-kubernetesIngress-nativeLBByDefault" href="#opt-providers-kubernetesIngress-nativeLBByDefault" title="#opt-providers-kubernetesIngress-nativeLBByDefault">`providers.kubernetesIngress.nativeLBByDefault`</a> | Allow using the Kubernetes Service load balancing between the pods instead of the one provided by Traefik for every `Ingress` by default.<br />It can br overridden in the [`ServerTransport`](../../../../routing/services/index.md#serverstransport).         | false   | No       |
+| <a id="opt-providers-kubernetesIngress-disableClusterScopeResources" href="#opt-providers-kubernetesIngress-disableClusterScopeResources" title="#opt-providers-kubernetesIngress-disableClusterScopeResources">`providers.kubernetesIngress.disableClusterScopeResources`</a> | Prevent from discovering cluster scope resources (`IngressClass` and `Nodes`).<br />By doing so, it alleviates the requirement of giving Traefik the rights to look up for cluster resources.<br />Furthermore, Traefik will not handle Ingresses with IngressClass references, therefore such Ingresses will be ignored (please note that annotations are not affected by this option).<br />This will also prevent from using the `NodePortLB` options on services. | false   | No       |
+| <a id="opt-providers-kubernetesIngress-strictPrefixMatching" href="#opt-providers-kubernetesIngress-strictPrefixMatching" title="#opt-providers-kubernetesIngress-strictPrefixMatching">`providers.kubernetesIngress.strictPrefixMatching`</a> | Make prefix matching strictly comply with the Kubernetes Ingress specification (path-element-wise matching instead of character-by-character string matching). For example, a PathPrefix of `/foo` will match `/foo`, `/foo/`, and `/foo/bar` but not `/foobar`.                           | false   | No       |

 <!-- markdownlint-enable MD013 -->

@@ -81,7 +82,7 @@ Both are mounted automatically when deployed inside Kubernetes.
 The endpoint may be specified to override the environment variable values inside
 a cluster.

-When the environment variables are not found, Traefik tries to connect to the 
+When the environment variables are not found, Traefik tries to connect to the
 Kubernetes API server with an external-cluster client.

 In this case, the endpoint is required.
@@ -105,7 +106,7 @@ providers:
 --providers.kubernetesingress.endpoint=http://localhost:8080
 ```

-###  `ingressEndpoint.publishedService`
+### `ingressEndpoint.publishedService`

 Format: `namespace/servicename`.

@@ -136,17 +137,16 @@ providers:
 --providers.kubernetesingress.ingressendpoint.publishedservice=namespace/foo-service
 ```

-
 ## Routing Configuration

 See the dedicated section in [routing](../../../../routing/providers/kubernetes-ingress.md).

 ## Further

-To learn more about the various aspects of the Ingress specification that 
+To learn more about the various aspects of the Ingress specification that
 Traefik supports,
-many examples of Ingresses definitions are located in the test 
-[examples](https://github.com/traefik/traefik/tree/v3.1/pkg/provider/kubernetes/ingress/fixtures) 
+many examples of Ingresses definitions are located in the test
+[examples](https://github.com/traefik/traefik/tree/v3.1/pkg/provider/kubernetes/ingress/fixtures)
 of the Traefik repository.

 {!traefik-for-business-applications.md!}
--- a/docs/content/reference/install-configuration/providers/kv/etcd.md
+++ b/docs/content/reference/install-configuration/providers/kv/etcd.md
@@ -26,16 +26,16 @@ providers:

 | Field | Description                                               | Default              | Required |
 |:------|:----------------------------------------------------------|:---------------------|:---------|
-| `providers.providersThrottleDuration` | Minimum amount of time to wait for, after a configuration reload, before taking into account any new configuration refresh event.<br />If multiple events occur within this time, only the most recent one is taken into account, and all others are discarded.<br />**This option cannot be set per provider, but the throttling algorithm applies to each of them independently.** | 2s  | No |
-| `providers.etcd.endpoints` | Defines the endpoint to access etcd. |  "127.0.0.1:2379"     | Yes   |
-| `providers.etcd.rootKey` | Defines the root key for the configuration. |  "traefik"   | Yes   |
-| `providers.etcd.username` | Defines a username with which to connect to etcd. |  ""   | No   |
-| `providers.etcd.password` | Defines a password for connecting to etcd. |  ""    | No   |
-| `providers.etcd.tls` | Defines the TLS configuration used for the secure connection to etcd. |  -  | No   |
-| `providers.etcd.tls.ca` | Defines the path to the certificate authority used for the secure connection to etcd, it defaults to the system bundle.  | "" | No   |
-| `providers.etcd.tls.cert` | Defines the path to the public certificate used for the secure connection to etcd. When using this option, setting the `key` option is required. | "" | Yes   |
-| `providers.etcd.tls.key` | Defines the path to the private key used for the secure connection to etcd. When using this option, setting the `cert` option is required. | ""  | Yes   |
-| `providers.etcd.tls.insecureSkipVerify` | Instructs the provider to accept any certificate presented by etcd when establishing a TLS connection, regardless of the hostnames the certificate covers. | false   | No   |
+| <a id="opt-providers-providersThrottleDuration" href="#opt-providers-providersThrottleDuration" title="#opt-providers-providersThrottleDuration">`providers.providersThrottleDuration`</a> | Minimum amount of time to wait for, after a configuration reload, before taking into account any new configuration refresh event.<br />If multiple events occur within this time, only the most recent one is taken into account, and all others are discarded.<br />**This option cannot be set per provider, but the throttling algorithm applies to each of them independently.** | 2s  | No |
+| <a id="opt-providers-etcd-endpoints" href="#opt-providers-etcd-endpoints" title="#opt-providers-etcd-endpoints">`providers.etcd.endpoints`</a> | Defines the endpoint to access etcd. |  "127.0.0.1:2379"     | Yes   |
+| <a id="opt-providers-etcd-rootKey" href="#opt-providers-etcd-rootKey" title="#opt-providers-etcd-rootKey">`providers.etcd.rootKey`</a> | Defines the root key for the configuration. |  "traefik"   | Yes   |
+| <a id="opt-providers-etcd-username" href="#opt-providers-etcd-username" title="#opt-providers-etcd-username">`providers.etcd.username`</a> | Defines a username with which to connect to etcd. |  ""   | No   |
+| <a id="opt-providers-etcd-password" href="#opt-providers-etcd-password" title="#opt-providers-etcd-password">`providers.etcd.password`</a> | Defines a password for connecting to etcd. |  ""    | No   |
+| <a id="opt-providers-etcd-tls" href="#opt-providers-etcd-tls" title="#opt-providers-etcd-tls">`providers.etcd.tls`</a> | Defines the TLS configuration used for the secure connection to etcd. |  -  | No   |
+| <a id="opt-providers-etcd-tls-ca" href="#opt-providers-etcd-tls-ca" title="#opt-providers-etcd-tls-ca">`providers.etcd.tls.ca`</a> | Defines the path to the certificate authority used for the secure connection to etcd, it defaults to the system bundle.  | "" | No   |
+| <a id="opt-providers-etcd-tls-cert" href="#opt-providers-etcd-tls-cert" title="#opt-providers-etcd-tls-cert">`providers.etcd.tls.cert`</a> | Defines the path to the public certificate used for the secure connection to etcd. When using this option, setting the `key` option is required. | "" | Yes   |
+| <a id="opt-providers-etcd-tls-key" href="#opt-providers-etcd-tls-key" title="#opt-providers-etcd-tls-key">`providers.etcd.tls.key`</a> | Defines the path to the private key used for the secure connection to etcd. When using this option, setting the `cert` option is required. | ""  | Yes   |
+| <a id="opt-providers-etcd-tls-insecureSkipVerify" href="#opt-providers-etcd-tls-insecureSkipVerify" title="#opt-providers-etcd-tls-insecureSkipVerify">`providers.etcd.tls.insecureSkipVerify`</a> | Instructs the provider to accept any certificate presented by etcd when establishing a TLS connection, regardless of the hostnames the certificate covers. | false   | No   |

 ## Routing Configuration

--- a/docs/content/reference/install-configuration/providers/kv/redis.md
+++ b/docs/content/reference/install-configuration/providers/kv/redis.md
@@ -26,25 +26,25 @@ providers:

 | Field | Description                                               | Default              | Required |
 |:------|:----------------------------------------------------------|:---------------------|:---------|
-| `providers.providersThrottleDuration` | Minimum amount of time to wait for, after a configuration reload, before taking into account any new configuration refresh event.<br />If multiple events occur within this time, only the most recent one is taken into account, and all others are discarded.<br />**This option cannot be set per provider, but the throttling algorithm applies to each of them independently.** | 2s  | No |
-| `providers.redis.endpoints` | Defines the endpoint to access Redis. |  "127.0.0.1:6379"    | Yes   |
-| `providers.redis.rootKey` | Defines the root key for the configuration. |  "traefik"     | Yes   |
-| `providers.redis.username` | Defines a username for connecting to Redis. |  ""    | No   |
-| `providers.redis.password` | Defines a password for connecting to Redis. |  ""    | No   |
-| `providers.redis.db` | Defines the database to be selected after connecting to the Redis. |  0    | No   |
-| `providers.redis.tls` | Defines the TLS configuration used for the secure connection to Redis. |  -    | No   |
-| `providers.redis.tls.ca` | Defines the path to the certificate authority used for the secure connection to Redis, it defaults to the system bundle.  | "" | No   |
-| `providers.redis.tls.cert` | Defines the path to the public certificate used for the secure connection to Redis. When using this option, setting the `key` option is required. |  ""   | Yes   |
-| `providers.redis.tls.key` | Defines the path to the private key used for the secure connection to Redis. When using this option, setting the `cert` option is required. |  ""   | Yes   |
-| `providers.redis.tls.insecureSkipVerify` | Instructs the provider to accept any certificate presented by Redis when establishing a TLS connection, regardless of the hostnames the certificate covers. | false   | No   |
-| `providers.redis.sentinel` | Defines the Sentinel configuration used to interact with Redis Sentinel. | -   | No   |
-| `providers.redis.sentinel.masterName` | Defines the name of the Sentinel master. |  ""  | Yes   |
-| `providers.redis.sentinel.username` | Defines the username for Sentinel authentication. | "" | No   |
-| `providers.redis.sentinel.password` | Defines the password for Sentinel authentication. | "" | No   |
-| `providers.redis.sentinel.latencyStrategy` | Defines whether to route commands to the closest master or replica nodes (mutually exclusive with RandomStrategy and ReplicaStrategy). | false   | No   |
-| `providers.redis.sentinel.randomStrategy` | Defines whether to route commands randomly to master or replica nodes (mutually exclusive with LatencyStrategy and ReplicaStrategy). | false   | No   |
-| `providers.redis.sentinel.replicaStrategy` | Defines whether to route commands randomly to master or replica nodes (mutually exclusive with LatencyStrategy and ReplicaStrategy). | false   | No   |
-| `providers.redis.sentinel.useDisconnectedReplicas` | Defines whether to use replicas disconnected with master when cannot get connected replicas. | false   | false   |
+| <a id="opt-providers-providersThrottleDuration" href="#opt-providers-providersThrottleDuration" title="#opt-providers-providersThrottleDuration">`providers.providersThrottleDuration`</a> | Minimum amount of time to wait for, after a configuration reload, before taking into account any new configuration refresh event.<br />If multiple events occur within this time, only the most recent one is taken into account, and all others are discarded.<br />**This option cannot be set per provider, but the throttling algorithm applies to each of them independently.** | 2s  | No |
+| <a id="opt-providers-redis-endpoints" href="#opt-providers-redis-endpoints" title="#opt-providers-redis-endpoints">`providers.redis.endpoints`</a> | Defines the endpoint to access Redis. |  "127.0.0.1:6379"    | Yes   |
+| <a id="opt-providers-redis-rootKey" href="#opt-providers-redis-rootKey" title="#opt-providers-redis-rootKey">`providers.redis.rootKey`</a> | Defines the root key for the configuration. |  "traefik"     | Yes   |
+| <a id="opt-providers-redis-username" href="#opt-providers-redis-username" title="#opt-providers-redis-username">`providers.redis.username`</a> | Defines a username for connecting to Redis. |  ""    | No   |
+| <a id="opt-providers-redis-password" href="#opt-providers-redis-password" title="#opt-providers-redis-password">`providers.redis.password`</a> | Defines a password for connecting to Redis. |  ""    | No   |
+| <a id="opt-providers-redis-db" href="#opt-providers-redis-db" title="#opt-providers-redis-db">`providers.redis.db`</a> | Defines the database to be selected after connecting to the Redis. |  0    | No   |
+| <a id="opt-providers-redis-tls" href="#opt-providers-redis-tls" title="#opt-providers-redis-tls">`providers.redis.tls`</a> | Defines the TLS configuration used for the secure connection to Redis. |  -    | No   |
+| <a id="opt-providers-redis-tls-ca" href="#opt-providers-redis-tls-ca" title="#opt-providers-redis-tls-ca">`providers.redis.tls.ca`</a> | Defines the path to the certificate authority used for the secure connection to Redis, it defaults to the system bundle.  | "" | No   |
+| <a id="opt-providers-redis-tls-cert" href="#opt-providers-redis-tls-cert" title="#opt-providers-redis-tls-cert">`providers.redis.tls.cert`</a> | Defines the path to the public certificate used for the secure connection to Redis. When using this option, setting the `key` option is required. |  ""   | Yes   |
+| <a id="opt-providers-redis-tls-key" href="#opt-providers-redis-tls-key" title="#opt-providers-redis-tls-key">`providers.redis.tls.key`</a> | Defines the path to the private key used for the secure connection to Redis. When using this option, setting the `cert` option is required. |  ""   | Yes   |
+| <a id="opt-providers-redis-tls-insecureSkipVerify" href="#opt-providers-redis-tls-insecureSkipVerify" title="#opt-providers-redis-tls-insecureSkipVerify">`providers.redis.tls.insecureSkipVerify`</a> | Instructs the provider to accept any certificate presented by Redis when establishing a TLS connection, regardless of the hostnames the certificate covers. | false   | No   |
+| <a id="opt-providers-redis-sentinel" href="#opt-providers-redis-sentinel" title="#opt-providers-redis-sentinel">`providers.redis.sentinel`</a> | Defines the Sentinel configuration used to interact with Redis Sentinel. | -   | No   |
+| <a id="opt-providers-redis-sentinel-masterName" href="#opt-providers-redis-sentinel-masterName" title="#opt-providers-redis-sentinel-masterName">`providers.redis.sentinel.masterName`</a> | Defines the name of the Sentinel master. |  ""  | Yes   |
+| <a id="opt-providers-redis-sentinel-username" href="#opt-providers-redis-sentinel-username" title="#opt-providers-redis-sentinel-username">`providers.redis.sentinel.username`</a> | Defines the username for Sentinel authentication. | "" | No   |
+| <a id="opt-providers-redis-sentinel-password" href="#opt-providers-redis-sentinel-password" title="#opt-providers-redis-sentinel-password">`providers.redis.sentinel.password`</a> | Defines the password for Sentinel authentication. | "" | No   |
+| <a id="opt-providers-redis-sentinel-latencyStrategy" href="#opt-providers-redis-sentinel-latencyStrategy" title="#opt-providers-redis-sentinel-latencyStrategy">`providers.redis.sentinel.latencyStrategy`</a> | Defines whether to route commands to the closest master or replica nodes (mutually exclusive with RandomStrategy and ReplicaStrategy). | false   | No   |
+| <a id="opt-providers-redis-sentinel-randomStrategy" href="#opt-providers-redis-sentinel-randomStrategy" title="#opt-providers-redis-sentinel-randomStrategy">`providers.redis.sentinel.randomStrategy`</a> | Defines whether to route commands randomly to master or replica nodes (mutually exclusive with LatencyStrategy and ReplicaStrategy). | false   | No   |
+| <a id="opt-providers-redis-sentinel-replicaStrategy" href="#opt-providers-redis-sentinel-replicaStrategy" title="#opt-providers-redis-sentinel-replicaStrategy">`providers.redis.sentinel.replicaStrategy`</a> | Defines whether to route commands randomly to master or replica nodes (mutually exclusive with LatencyStrategy and ReplicaStrategy). | false   | No   |
+| <a id="opt-providers-redis-sentinel-useDisconnectedReplicas" href="#opt-providers-redis-sentinel-useDisconnectedReplicas" title="#opt-providers-redis-sentinel-useDisconnectedReplicas">`providers.redis.sentinel.useDisconnectedReplicas`</a> | Defines whether to use replicas disconnected with master when cannot get connected replicas. | false   | false   |

 ## Routing Configuration

--- a/docs/content/reference/install-configuration/providers/kv/zk.md
+++ b/docs/content/reference/install-configuration/providers/kv/zk.md
@@ -26,16 +26,16 @@ providers:

 | Field | Description                                               | Default              | Required |
 |:------|:----------------------------------------------------------|:---------------------|:---------|
-| `providers.providersThrottleDuration` | Minimum amount of time to wait for, after a configuration reload, before taking into account any new configuration refresh event.<br />If multiple events occur within this time, only the most recent one is taken into account, and all others are discarded.<br />**This option cannot be set per provider, but the throttling algorithm applies to each of them independently.** | 2s  | No |
-| `providers.zooKeeper.endpoints` | Defines the endpoint to access ZooKeeper. |  "127.0.0.1:2181"     | Yes   |
-| `providers.zooKeeper.rootKey` | Defines the root key for the configuration. |  "traefik"   | Yes   |
-| `providers.zooKeeper.username` | Defines a username with which to connect to zooKeeper. |  ""   | No   |
-| `providers.zooKeeper.password` | Defines a password for connecting to zooKeeper. |  ""    | No   |
-| `providers.zooKeeper.tls` | Defines the TLS configuration used for the secure connection to zooKeeper. |  -  | No   |
-| `providers.zooKeeper.tls.ca` | Defines the path to the certificate authority used for the secure connection to zooKeeper, it defaults to the system bundle.  |  ""   | No   |
-| `providers.zooKeeper.tls.cert` | Defines the path to the public certificate used for the secure connection to zooKeeper. When using this option, setting the `key` option is required. |  ""   | Yes   |
-| `providers.zooKeeper.tls.key` | Defines the path to the private key used for the secure connection to zooKeeper. When using this option, setting the `cert` option is required. |  ""   | Yes   |
-| `providers.zooKeeper.tls.insecureSkipVerify` | Instructs the provider to accept any certificate presented by etcd when establishing a TLS connection, regardless of the hostnames the certificate covers. | false   | No   |
+| <a id="opt-providers-providersThrottleDuration" href="#opt-providers-providersThrottleDuration" title="#opt-providers-providersThrottleDuration">`providers.providersThrottleDuration`</a> | Minimum amount of time to wait for, after a configuration reload, before taking into account any new configuration refresh event.<br />If multiple events occur within this time, only the most recent one is taken into account, and all others are discarded.<br />**This option cannot be set per provider, but the throttling algorithm applies to each of them independently.** | 2s  | No |
+| <a id="opt-providers-zooKeeper-endpoints" href="#opt-providers-zooKeeper-endpoints" title="#opt-providers-zooKeeper-endpoints">`providers.zooKeeper.endpoints`</a> | Defines the endpoint to access ZooKeeper. |  "127.0.0.1:2181"     | Yes   |
+| <a id="opt-providers-zooKeeper-rootKey" href="#opt-providers-zooKeeper-rootKey" title="#opt-providers-zooKeeper-rootKey">`providers.zooKeeper.rootKey`</a> | Defines the root key for the configuration. |  "traefik"   | Yes   |
+| <a id="opt-providers-zooKeeper-username" href="#opt-providers-zooKeeper-username" title="#opt-providers-zooKeeper-username">`providers.zooKeeper.username`</a> | Defines a username with which to connect to zooKeeper. |  ""   | No   |
+| <a id="opt-providers-zooKeeper-password" href="#opt-providers-zooKeeper-password" title="#opt-providers-zooKeeper-password">`providers.zooKeeper.password`</a> | Defines a password for connecting to zooKeeper. |  ""    | No   |
+| <a id="opt-providers-zooKeeper-tls" href="#opt-providers-zooKeeper-tls" title="#opt-providers-zooKeeper-tls">`providers.zooKeeper.tls`</a> | Defines the TLS configuration used for the secure connection to zooKeeper. |  -  | No   |
+| <a id="opt-providers-zooKeeper-tls-ca" href="#opt-providers-zooKeeper-tls-ca" title="#opt-providers-zooKeeper-tls-ca">`providers.zooKeeper.tls.ca`</a> | Defines the path to the certificate authority used for the secure connection to zooKeeper, it defaults to the system bundle.  |  ""   | No   |
+| <a id="opt-providers-zooKeeper-tls-cert" href="#opt-providers-zooKeeper-tls-cert" title="#opt-providers-zooKeeper-tls-cert">`providers.zooKeeper.tls.cert`</a> | Defines the path to the public certificate used for the secure connection to zooKeeper. When using this option, setting the `key` option is required. |  ""   | Yes   |
+| <a id="opt-providers-zooKeeper-tls-key" href="#opt-providers-zooKeeper-tls-key" title="#opt-providers-zooKeeper-tls-key">`providers.zooKeeper.tls.key`</a> | Defines the path to the private key used for the secure connection to zooKeeper. When using this option, setting the `cert` option is required. |  ""   | Yes   |
+| <a id="opt-providers-zooKeeper-tls-insecureSkipVerify" href="#opt-providers-zooKeeper-tls-insecureSkipVerify" title="#opt-providers-zooKeeper-tls-insecureSkipVerify">`providers.zooKeeper.tls.insecureSkipVerify`</a> | Instructs the provider to accept any certificate presented by etcd when establishing a TLS connection, regardless of the hostnames the certificate covers. | false   | No   |

 ## Routing Configuration

--- a/docs/content/reference/install-configuration/providers/others/ecs.md
+++ b/docs/content/reference/install-configuration/providers/others/ecs.md
@@ -26,18 +26,18 @@ providers:

 | Field | Description                                               | Default              | Required |
 |:------|:----------------------------------------------------------|:---------------------|:---------|
-| `providers.providersThrottleDuration` | Minimum amount of time to wait for, after a configuration reload, before taking into account any new configuration refresh event.<br />If multiple events occur within this time, only the most recent one is taken into account, and all others are discarded.<br />**This option cannot be set per provider, but the throttling algorithm applies to each of them independently.** | 2s  | No |
-| `providers.ecs.autoDiscoverClusters` | Search for services in cluster list. If set to `true` service discovery is enabled for all clusters. |  false  | No   |
-| `providers.ecs.ecsAnywhere` | Enable ECS Anywhere support. |  false    | No   |
-| `providers.ecs.clusters` | Search for services in cluster list. This option is ignored if `autoDiscoverClusters` is set to `true`. |  `["default"]`  | No   |
-| `providers.ecs.exposedByDefault` | Expose ECS services by default in Traefik. | true  | No   |
-| `providers.ecs.constraints` |  Defines an expression that Traefik matches against the container labels to determine whether to create any route for that container. See [here](#constraints) for more information.  | true  | No   |
-| `providers.ecs.healthyTasksOnly` |  Defines whether Traefik discovers only healthy tasks (`HEALTHY` healthStatus).  | false  | No   |
-| `providers.ecs.defaultRule` | The Default Host rule for all services. See [here](#defaultrule) for more information. |   ```"Host(`{{ normalize .Name }}`)"```  | No   |
-| `providers.ecs.refreshSeconds` | Defines the polling interval (in seconds).   | 15   | No |
-| `providers.ecs.region` | Defines the region of the ECS instance. See [here](#credentials) for more information.  | ""   | No |
-| `providers.ecs.accessKeyID` | Defines the Access Key ID for the ECS instance. See [here](#credentials) for more information.  | ""   | No |
-| `providers.ecs.secretAccessKey` | Defines the Secret Access Key for the ECS instance. See [here](#credentials) for more information.  | ""   | No |
+| <a id="opt-providers-providersThrottleDuration" href="#opt-providers-providersThrottleDuration" title="#opt-providers-providersThrottleDuration">`providers.providersThrottleDuration`</a> | Minimum amount of time to wait for, after a configuration reload, before taking into account any new configuration refresh event.<br />If multiple events occur within this time, only the most recent one is taken into account, and all others are discarded.<br />**This option cannot be set per provider, but the throttling algorithm applies to each of them independently.** | 2s  | No |
+| <a id="opt-providers-ecs-autoDiscoverClusters" href="#opt-providers-ecs-autoDiscoverClusters" title="#opt-providers-ecs-autoDiscoverClusters">`providers.ecs.autoDiscoverClusters`</a> | Search for services in cluster list. If set to `true` service discovery is enabled for all clusters. |  false  | No   |
+| <a id="opt-providers-ecs-ecsAnywhere" href="#opt-providers-ecs-ecsAnywhere" title="#opt-providers-ecs-ecsAnywhere">`providers.ecs.ecsAnywhere`</a> | Enable ECS Anywhere support. |  false    | No   |
+| <a id="opt-providers-ecs-clusters" href="#opt-providers-ecs-clusters" title="#opt-providers-ecs-clusters">`providers.ecs.clusters`</a> | Search for services in cluster list. This option is ignored if `autoDiscoverClusters` is set to `true`. |  `["default"]`  | No   |
+| <a id="opt-providers-ecs-exposedByDefault" href="#opt-providers-ecs-exposedByDefault" title="#opt-providers-ecs-exposedByDefault">`providers.ecs.exposedByDefault`</a> | Expose ECS services by default in Traefik. | true  | No   |
+| <a id="opt-providers-ecs-constraints" href="#opt-providers-ecs-constraints" title="#opt-providers-ecs-constraints">`providers.ecs.constraints`</a> |  Defines an expression that Traefik matches against the container labels to determine whether to create any route for that container. See [here](#constraints) for more information.  | true  | No   |
+| <a id="opt-providers-ecs-healthyTasksOnly" href="#opt-providers-ecs-healthyTasksOnly" title="#opt-providers-ecs-healthyTasksOnly">`providers.ecs.healthyTasksOnly`</a> |  Defines whether Traefik discovers only healthy tasks (`HEALTHY` healthStatus).  | false  | No   |
+| <a id="opt-providers-ecs-defaultRule" href="#opt-providers-ecs-defaultRule" title="#opt-providers-ecs-defaultRule">`providers.ecs.defaultRule`</a> | The Default Host rule for all services. See [here](#defaultrule) for more information. |   ```"Host(`{{ normalize .Name }}`)"```  | No   |
+| <a id="opt-providers-ecs-refreshSeconds" href="#opt-providers-ecs-refreshSeconds" title="#opt-providers-ecs-refreshSeconds">`providers.ecs.refreshSeconds`</a> | Defines the polling interval (in seconds).   | 15   | No |
+| <a id="opt-providers-ecs-region" href="#opt-providers-ecs-region" title="#opt-providers-ecs-region">`providers.ecs.region`</a> | Defines the region of the ECS instance. See [here](#credentials) for more information.  | ""   | No |
+| <a id="opt-providers-ecs-accessKeyID" href="#opt-providers-ecs-accessKeyID" title="#opt-providers-ecs-accessKeyID">`providers.ecs.accessKeyID`</a> | Defines the Access Key ID for the ECS instance. See [here](#credentials) for more information.  | ""   | No |
+| <a id="opt-providers-ecs-secretAccessKey" href="#opt-providers-ecs-secretAccessKey" title="#opt-providers-ecs-secretAccessKey">`providers.ecs.secretAccessKey`</a> | Defines the Secret Access Key for the ECS instance. See [here](#credentials) for more information.  | ""   | No |

 ### `constraints`

@@ -103,7 +103,7 @@ providers:
 # ...
 ```

-For additional information, refer to [Restrict the Scope of Service Discovery](../overview.md#restrict-the-scope-of-service-discovery).
+For additional information, refer to [Restrict the Scope of Service Discovery](../overview.md#exposedbydefault-and-traefikenable).

 ### `defaultRule`

--- a/docs/content/reference/install-configuration/providers/others/file.md
+++ b/docs/content/reference/install-configuration/providers/others/file.md
@@ -100,10 +100,10 @@ http:

 | Field | Description                                               | Default              | Required |
 |:------|:----------------------------------------------------------|:---------------------|:---------|
-| `providers.providersThrottleDuration` | Minimum amount of time to wait for, after a configuration reload, before taking into account any new configuration refresh event.<br />If multiple events occur within this time, only the most recent one is taken into account, and all others are discarded.<br />**This option cannot be set per provider, but the throttling algorithm applies to each of them independently.** | 2s  | No |
-| `providers.file.filename` | Defines the path to the configuration file.  |  ""    | Yes   |
-| `providers.file.directory` | Defines the path to the directory that contains the configuration files. The `filename` and `directory` options are mutually exclusive. It is recommended to use `directory`.  |  ""    | Yes   |
-| `providers.file.watch` | Set the `watch` option to `true` to allow Traefik to automatically watch for file changes. It works with both the `filename` and the `directory` options. | true | No |
+| <a id="opt-providers-providersThrottleDuration" href="#opt-providers-providersThrottleDuration" title="#opt-providers-providersThrottleDuration">`providers.providersThrottleDuration`</a> | Minimum amount of time to wait for, after a configuration reload, before taking into account any new configuration refresh event.<br />If multiple events occur within this time, only the most recent one is taken into account, and all others are discarded.<br />**This option cannot be set per provider, but the throttling algorithm applies to each of them independently.** | 2s  | No |
+| <a id="opt-providers-file-filename" href="#opt-providers-file-filename" title="#opt-providers-file-filename">`providers.file.filename`</a> | Defines the path to the configuration file.  |  ""    | Yes   |
+| <a id="opt-providers-file-directory" href="#opt-providers-file-directory" title="#opt-providers-file-directory">`providers.file.directory`</a> | Defines the path to the directory that contains the configuration files. The `filename` and `directory` options are mutually exclusive. It is recommended to use `directory`.  |  ""    | Yes   |
+| <a id="opt-providers-file-watch" href="#opt-providers-file-watch" title="#opt-providers-file-watch">`providers.file.watch`</a> | Set the `watch` option to `true` to allow Traefik to automatically watch for file changes. It works with both the `filename` and the `directory` options. | true | No |

 !!! warning "Limitations"

--- a/docs/content/reference/install-configuration/providers/others/http.md
+++ b/docs/content/reference/install-configuration/providers/others/http.md
@@ -30,15 +30,15 @@ providers:

 | Field | Description                                               | Default              | Required |
 |:------|:----------------------------------------------------------|:---------------------|:---------|
-| `providers.providersThrottleDuration` | Minimum amount of time to wait for, after a configuration reload, before taking into account any new configuration refresh event.<br />If multiple events occur within this time, only the most recent one is taken into account, and all others are discarded.<br />**This option cannot be set per provider, but the throttling algorithm applies to each of them independently.** | 2s  | No |
-| `providers.http.endpoint` | Defines the HTTP(S) endpoint to poll. |  ""    | Yes   |
-| `providers.http.pollInterval` | Defines the polling interval. |  5s    | No   |
-| `providers.http.pollTimeout` | Defines the polling timeout when connecting to the endpoint. |  5s    | No   |
-| `providers.http.headers` | Defines custom headers to be sent to the endpoint. |  ""    | No   |
-| `providers.http.tls.ca` | Defines the path to the certificate authority used for the secure connection to the endpoint, it defaults to the system bundle.  |  ""   | No   |
-| `providers.http.tls.cert` | Defines the path to the public certificate used for the secure connection to the endpoint. When using this option, setting the `key` option is required. |  ""   | Yes   |
-| `providers.http.tls.key` | Defines the path to the private key used for the secure connection to the endpoint. When using this option, setting the `cert` option is required. |  ""  | Yes   |
-| `providers.http.tls.insecureSkipVerify` | Instructs the provider to accept any certificate presented by endpoint when establishing a TLS connection, regardless of the hostnames the certificate covers. | false   | No   |
+| <a id="opt-providers-providersThrottleDuration" href="#opt-providers-providersThrottleDuration" title="#opt-providers-providersThrottleDuration">`providers.providersThrottleDuration`</a> | Minimum amount of time to wait for, after a configuration reload, before taking into account any new configuration refresh event.<br />If multiple events occur within this time, only the most recent one is taken into account, and all others are discarded.<br />**This option cannot be set per provider, but the throttling algorithm applies to each of them independently.** | 2s  | No |
+| <a id="opt-providers-http-endpoint" href="#opt-providers-http-endpoint" title="#opt-providers-http-endpoint">`providers.http.endpoint`</a> | Defines the HTTP(S) endpoint to poll. |  ""    | Yes   |
+| <a id="opt-providers-http-pollInterval" href="#opt-providers-http-pollInterval" title="#opt-providers-http-pollInterval">`providers.http.pollInterval`</a> | Defines the polling interval. |  5s    | No   |
+| <a id="opt-providers-http-pollTimeout" href="#opt-providers-http-pollTimeout" title="#opt-providers-http-pollTimeout">`providers.http.pollTimeout`</a> | Defines the polling timeout when connecting to the endpoint. |  5s    | No   |
+| <a id="opt-providers-http-headers" href="#opt-providers-http-headers" title="#opt-providers-http-headers">`providers.http.headers`</a> | Defines custom headers to be sent to the endpoint. |  ""    | No   |
+| <a id="opt-providers-http-tls-ca" href="#opt-providers-http-tls-ca" title="#opt-providers-http-tls-ca">`providers.http.tls.ca`</a> | Defines the path to the certificate authority used for the secure connection to the endpoint, it defaults to the system bundle.  |  ""   | No   |
+| <a id="opt-providers-http-tls-cert" href="#opt-providers-http-tls-cert" title="#opt-providers-http-tls-cert">`providers.http.tls.cert`</a> | Defines the path to the public certificate used for the secure connection to the endpoint. When using this option, setting the `key` option is required. |  ""   | Yes   |
+| <a id="opt-providers-http-tls-key" href="#opt-providers-http-tls-key" title="#opt-providers-http-tls-key">`providers.http.tls.key`</a> | Defines the path to the private key used for the secure connection to the endpoint. When using this option, setting the `cert` option is required. |  ""  | Yes   |
+| <a id="opt-providers-http-tls-insecureSkipVerify" href="#opt-providers-http-tls-insecureSkipVerify" title="#opt-providers-http-tls-insecureSkipVerify">`providers.http.tls.insecureSkipVerify`</a> | Instructs the provider to accept any certificate presented by endpoint when establishing a TLS connection, regardless of the hostnames the certificate covers. | false   | No   |

 ### headers

--- a/docs/content/reference/install-configuration/providers/overview.md
+++ b/docs/content/reference/install-configuration/providers/overview.md
@@ -51,20 +51,20 @@ Below is the list of the currently supported providers in Traefik.

 | Provider                                          | Type         | Configuration Type   | Provider Name       |
 |--------------------------------------------------------------|--------------|----------------------|---------------------|
-| [Docker](./docker.md)                                        | Orchestrator | Label                | `docker`            |
-| [Docker Swarm](./swarm.md)                                   | Orchestrator | Label                | `swarm`             |
-| [Kubernetes IngressRoute](./kubernetes/kubernetes-crd.md)    | Orchestrator | Custom Resource      | `kubernetescrd`     |
-| [Kubernetes Ingress](./kubernetes/kubernetes-ingress.md)     | Orchestrator | Ingress              | `kubernetes`        |
-| [Kubernetes Gateway API](./kubernetes/kubernetes-gateway.md) | Orchestrator | Gateway API Resource | `kubernetesgateway` |
-| [Consul Catalog](./hashicorp/consul-catalog.md)              | Orchestrator | Label                | `consulcatalog`     |
-| [Nomad](./hashicorp/nomad.md)                                | Orchestrator | Label                | `nomad`             |
-| [ECS](./others/ecs.md)                                       | Orchestrator | Label                | `ecs`               |
-| [File](./others/file.md)                                     | Manual       | YAML/TOML format     | `file`              |
-| [Consul](./hashicorp/consul.md)                              | KV           | KV                   | `consul`            |
-| [Etcd](./kv/etcd.md)                                         | KV           | KV                   | `etcd`              |
-| [ZooKeeper](./kv/zk.md)                                      | KV           | KV                   | `zookeeper`         |
-| [Redis](./kv/redis.md)                                       | KV           | KV                   | `redis`             |
-| [HTTP](./others/http.md)                                     | Manual       | JSON/YAML format          | `http`              |
+| <a id="opt-Docker" href="#opt-Docker" title="#opt-Docker">[Docker](./docker.md)</a> | Orchestrator | Label                | `docker`            |
+| <a id="opt-Docker-Swarm" href="#opt-Docker-Swarm" title="#opt-Docker-Swarm">[Docker Swarm](./swarm.md)</a> | Orchestrator | Label                | `swarm`             |
+| <a id="opt-Kubernetes-IngressRoute" href="#opt-Kubernetes-IngressRoute" title="#opt-Kubernetes-IngressRoute">[Kubernetes IngressRoute](./kubernetes/kubernetes-crd.md)</a> | Orchestrator | Custom Resource      | `kubernetescrd`     |
+| <a id="opt-Kubernetes-Ingress" href="#opt-Kubernetes-Ingress" title="#opt-Kubernetes-Ingress">[Kubernetes Ingress](./kubernetes/kubernetes-ingress.md)</a> | Orchestrator | Ingress              | `kubernetes`        |
+| <a id="opt-Kubernetes-Gateway-API" href="#opt-Kubernetes-Gateway-API" title="#opt-Kubernetes-Gateway-API">[Kubernetes Gateway API](./kubernetes/kubernetes-gateway.md)</a> | Orchestrator | Gateway API Resource | `kubernetesgateway` |
+| <a id="opt-Consul-Catalog" href="#opt-Consul-Catalog" title="#opt-Consul-Catalog">[Consul Catalog](./hashicorp/consul-catalog.md)</a> | Orchestrator | Label                | `consulcatalog`     |
+| <a id="opt-Nomad" href="#opt-Nomad" title="#opt-Nomad">[Nomad](./hashicorp/nomad.md)</a> | Orchestrator | Label                | `nomad`             |
+| <a id="opt-ECS" href="#opt-ECS" title="#opt-ECS">[ECS](./others/ecs.md)</a> | Orchestrator | Label                | `ecs`               |
+| <a id="opt-File" href="#opt-File" title="#opt-File">[File](./others/file.md)</a> | Manual       | YAML/TOML format     | `file`              |
+| <a id="opt-Consul" href="#opt-Consul" title="#opt-Consul">[Consul](./hashicorp/consul.md)</a> | KV           | KV                   | `consul`            |
+| <a id="opt-Etcd" href="#opt-Etcd" title="#opt-Etcd">[Etcd](./kv/etcd.md)</a> | KV           | KV                   | `etcd`              |
+| <a id="opt-ZooKeeper" href="#opt-ZooKeeper" title="#opt-ZooKeeper">[ZooKeeper](./kv/zk.md)</a> | KV           | KV                   | `zookeeper`         |
+| <a id="opt-Redis" href="#opt-Redis" title="#opt-Redis">[Redis](./kv/redis.md)</a> | KV           | KV                   | `redis`             |
+| <a id="opt-HTTP" href="#opt-HTTP" title="#opt-HTTP">[HTTP](./others/http.md)</a> | Manual       | JSON/YAML format          | `http`              |

 !!! info "More Providers"

--- a/docs/content/reference/install-configuration/providers/swarm.md
+++ b/docs/content/reference/install-configuration/providers/swarm.md
@@ -45,23 +45,23 @@ services:

 | Field                                    | Description                                                                                                                                                                                                                                                                                                                                                                          | Default                               | Required |
 |:-----------------------------------------|:-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:--------------------------------------|:---------|
-| `providers.providersThrottleDuration`    | Minimum amount of time to wait for, after a configuration reload, before taking into account any new configuration refresh event.<br />If multiple events occur within this time, only the most recent one is taken into account, and all others are discarded.<br />**This option cannot be set per provider, but the throttling algorithm applies to each of them independently.** | 2s                                    | No       |
-| `providers.swarm.endpoint`               | Specifies the Docker API endpoint. See [here](#endpoint) for more information                                                                                                                                                                                                                                                                                                        | `unix:///var/run/docker.sock`         | Yes      |
-| `providers.swarm.username`               | Defines the username for Basic HTTP authentication. This should be used when the Docker daemon socket is exposed through an HTTP proxy that requires Basic HTTP authentication.                                                                                                                                                                                                      | ""                                    | No       |
-| `providers.swarm.password`               | Defines the password for Basic HTTP authentication. This should be used when the Docker daemon socket is exposed through an HTTP proxy that requires Basic HTTP authentication.                                                                                                                                                                                                      | ""                                    | No       |
-| `providers.swarm.useBindPortIP`          | Instructs Traefik to use the IP/Port attached to the container's binding instead of its inner network IP/Port. See [here](#usebindportip) for more information                                                                                                                                                                                                                       | false                                 | No       |
-| `providers.swarm.exposedByDefault`       | Expose containers by default through Traefik. See [here](./overview.md#restrict-the-scope-of-service-discovery) for additional information                                                                                                                                                                                                                                           | true                                  | No       |
-| `providers.swarm.network`                | Defines a default docker network to use for connections to all containers. This option can be overridden on a per-container basis with the `traefik.swarm.network` label.                                                                                                                                                                                                            | ""                                    | No       |
-| `providers.swarm.defaultRule`            | Defines what routing rule to apply to a container if no rule is defined by a label. See [here](#defaultrule) for more information                                                                                                                                                                                                                                                    | ```"Host(`{{ normalize .Name }}`)"``` | No       |
-| `providers.swarm.refreshSeconds`         | Defines the polling interval for Swarm Mode.                                                                                                                                                                                                                                                                                                                                         | "15s"                                 | No       |
-| `providers.swarm.httpClientTimeout`      | Defines the client timeout (in seconds) for HTTP connections. If its value is 0, no timeout is set.                                                                                                                                                                                                                                                                                  | 0                                     | No       |
-| `providers.swarm.watch`                  | Instructs Traefik to watch Docker events or not.                                                                                                                                                                                                                                                                                                                                     | True                                  | No       |
-| `providers.swarm.constraints`            | Defines an expression that Traefik matches against the container labels to determine whether to create any route for that container. See [here](#constraints) for more information.                                                                                                                                                                                                  | ""                                    | No       |
-| `providers.swarm.allowEmptyServices`     | Instructs the provider to create any [servers load balancer](../../../routing/services/index.md#servers-load-balancer) defined for Docker containers regardless of the [healthiness](https://docs.docker.com/engine/reference/builder/#healthcheck) of the corresponding containers.                                                                                                 | false                                 | No       |
-| `providers.swarm.tls.ca`                 | Defines the path to the certificate authority used for the secure connection to Docker, it defaults to the system bundle.                                                                                                                                                                                                                                                            | ""                                    | No       |
-| `providers.swarm.tls.cert`               | Defines the path to the public certificate used for the secure connection to Docker. When using this option, setting the `key` option is required.                                                                                                                                                                                                                                   | ""                                    | Yes      |
-| `providers.swarm.tls.key`                | Defines the path to the private key used for the secure connection to Docker. When using this option, setting the `cert` option is required.                                                                                                                                                                                                                                         | ""                                    | Yes      |
-| `providers.swarm.tls.insecureSkipVerify` | Instructs the provider to accept any certificate presented by the Docker server when establishing a TLS connection, regardless of the hostnames the certificate covers.                                                                                                                                                                                                              | false                                 | No       |
+| <a id="opt-providers-providersThrottleDuration" href="#opt-providers-providersThrottleDuration" title="#opt-providers-providersThrottleDuration">`providers.providersThrottleDuration`</a> | Minimum amount of time to wait for, after a configuration reload, before taking into account any new configuration refresh event.<br />If multiple events occur within this time, only the most recent one is taken into account, and all others are discarded.<br />**This option cannot be set per provider, but the throttling algorithm applies to each of them independently.** | 2s                                    | No       |
+| <a id="opt-providers-swarm-endpoint" href="#opt-providers-swarm-endpoint" title="#opt-providers-swarm-endpoint">`providers.swarm.endpoint`</a> | Specifies the Docker API endpoint. See [here](#endpoint) for more information                                                                                                                                                                                                                                                                                                        | `unix:///var/run/docker.sock`         | Yes      |
+| <a id="opt-providers-swarm-username" href="#opt-providers-swarm-username" title="#opt-providers-swarm-username">`providers.swarm.username`</a> | Defines the username for Basic HTTP authentication. This should be used when the Docker daemon socket is exposed through an HTTP proxy that requires Basic HTTP authentication.                                                                                                                                                                                                      | ""                                    | No       |
+| <a id="opt-providers-swarm-password" href="#opt-providers-swarm-password" title="#opt-providers-swarm-password">`providers.swarm.password`</a> | Defines the password for Basic HTTP authentication. This should be used when the Docker daemon socket is exposed through an HTTP proxy that requires Basic HTTP authentication.                                                                                                                                                                                                      | ""                                    | No       |
+| <a id="opt-providers-swarm-useBindPortIP" href="#opt-providers-swarm-useBindPortIP" title="#opt-providers-swarm-useBindPortIP">`providers.swarm.useBindPortIP`</a> | Instructs Traefik to use the IP/Port attached to the container's binding instead of its inner network IP/Port. See [here](#usebindportip) for more information                                                                                                                                                                                                                       | false                                 | No       |
+| <a id="opt-providers-swarm-exposedByDefault" href="#opt-providers-swarm-exposedByDefault" title="#opt-providers-swarm-exposedByDefault">`providers.swarm.exposedByDefault`</a> | Expose containers by default through Traefik. See [here](./overview.md#exposedbydefault-and-traefikenable) for additional information                                                                                                                                                                                                                                           | true                                  | No       |
+| <a id="opt-providers-swarm-network" href="#opt-providers-swarm-network" title="#opt-providers-swarm-network">`providers.swarm.network`</a> | Defines a default docker network to use for connections to all containers. This option can be overridden on a per-container basis with the `traefik.swarm.network` label.                                                                                                                                                                                                            | ""                                    | No       |
+| <a id="opt-providers-swarm-defaultRule" href="#opt-providers-swarm-defaultRule" title="#opt-providers-swarm-defaultRule">`providers.swarm.defaultRule`</a> | Defines what routing rule to apply to a container if no rule is defined by a label. See [here](#defaultrule) for more information                                                                                                                                                                                                                                                    | ```"Host(`{{ normalize .Name }}`)"``` | No       |
+| <a id="opt-providers-swarm-refreshSeconds" href="#opt-providers-swarm-refreshSeconds" title="#opt-providers-swarm-refreshSeconds">`providers.swarm.refreshSeconds`</a> | Defines the polling interval for Swarm Mode.                                                                                                                                                                                                                                                                                                                                         | "15s"                                 | No       |
+| <a id="opt-providers-swarm-httpClientTimeout" href="#opt-providers-swarm-httpClientTimeout" title="#opt-providers-swarm-httpClientTimeout">`providers.swarm.httpClientTimeout`</a> | Defines the client timeout (in seconds) for HTTP connections. If its value is 0, no timeout is set.                                                                                                                                                                                                                                                                                  | 0                                     | No       |
+| <a id="opt-providers-swarm-watch" href="#opt-providers-swarm-watch" title="#opt-providers-swarm-watch">`providers.swarm.watch`</a> | Instructs Traefik to watch Docker events or not.                                                                                                                                                                                                                                                                                                                                     | True                                  | No       |
+| <a id="opt-providers-swarm-constraints" href="#opt-providers-swarm-constraints" title="#opt-providers-swarm-constraints">`providers.swarm.constraints`</a> | Defines an expression that Traefik matches against the container labels to determine whether to create any route for that container. See [here](#constraints) for more information.                                                                                                                                                                                                  | ""                                    | No       |
+| <a id="opt-providers-swarm-allowEmptyServices" href="#opt-providers-swarm-allowEmptyServices" title="#opt-providers-swarm-allowEmptyServices">`providers.swarm.allowEmptyServices`</a> | Instructs the provider to create any [servers load balancer](../../../routing/services/index.md#servers-load-balancer) defined for Docker containers regardless of the [healthiness](https://docs.docker.com/engine/reference/builder/#healthcheck) of the corresponding containers.                                                                                                 | false                                 | No       |
+| <a id="opt-providers-swarm-tls-ca" href="#opt-providers-swarm-tls-ca" title="#opt-providers-swarm-tls-ca">`providers.swarm.tls.ca`</a> | Defines the path to the certificate authority used for the secure connection to Docker, it defaults to the system bundle.                                                                                                                                                                                                                                                            | ""                                    | No       |
+| <a id="opt-providers-swarm-tls-cert" href="#opt-providers-swarm-tls-cert" title="#opt-providers-swarm-tls-cert">`providers.swarm.tls.cert`</a> | Defines the path to the public certificate used for the secure connection to Docker. When using this option, setting the `key` option is required.                                                                                                                                                                                                                                   | ""                                    | Yes      |
+| <a id="opt-providers-swarm-tls-key" href="#opt-providers-swarm-tls-key" title="#opt-providers-swarm-tls-key">`providers.swarm.tls.key`</a> | Defines the path to the private key used for the secure connection to Docker. When using this option, setting the `cert` option is required.                                                                                                                                                                                                                                         | ""                                    | Yes      |
+| <a id="opt-providers-swarm-tls-insecureSkipVerify" href="#opt-providers-swarm-tls-insecureSkipVerify" title="#opt-providers-swarm-tls-insecureSkipVerify">`providers.swarm.tls.insecureSkipVerify`</a> | Instructs the provider to accept any certificate presented by the Docker server when establishing a TLS connection, regardless of the hostnames the certificate covers.                                                                                                                                                                                                              | false                                 | No       |

 ### `endpoint`

@@ -198,13 +198,13 @@ but still uses the `traefik.http.services.<name>.loadbalancer.server.port` that

    | port label         | Container's binding                                | Routes to      |
    |--------------------|----------------------------------------------------|----------------|
-    |          -         |           -                                        | IntIP:IntPort  |
-    |          -         | ExtPort:IntPort                                    | IntIP:IntPort  |
-    |          -         | ExtIp:ExtPort:IntPort                              | ExtIp:ExtPort  |
-    | LblPort            |           -                                        | IntIp:LblPort  |
-    | LblPort            | ExtIp:ExtPort:LblPort                              | ExtIp:ExtPort  |
-    | LblPort            | ExtIp:ExtPort:OtherPort                            | IntIp:LblPort  |
-    | LblPort            | ExtIp1:ExtPort1:IntPort1 & ExtIp2:LblPort:IntPort2 | ExtIp2:LblPort |
+    | <a id="opt-row" href="#opt-row" title="#opt-row">-</a> |           -                                        | IntIP:IntPort  |
+    | <a id="opt-row-2" href="#opt-row-2" title="#opt-row-2">-</a> | ExtPort:IntPort                                    | IntIP:IntPort  |
+    | <a id="opt-row-3" href="#opt-row-3" title="#opt-row-3">-</a> | ExtIp:ExtPort:IntPort                              | ExtIp:ExtPort  |
+    | <a id="opt-LblPort" href="#opt-LblPort" title="#opt-LblPort">LblPort</a> |           -                                        | IntIp:LblPort  |
+    | <a id="opt-LblPort-2" href="#opt-LblPort-2" title="#opt-LblPort-2">LblPort</a> | ExtIp:ExtPort:LblPort                              | ExtIp:ExtPort  |
+    | <a id="opt-LblPort-3" href="#opt-LblPort-3" title="#opt-LblPort-3">LblPort</a> | ExtIp:ExtPort:OtherPort                            | IntIp:LblPort  |
+    | <a id="opt-LblPort-4" href="#opt-LblPort-4" title="#opt-LblPort-4">LblPort</a> | ExtIp1:ExtPort1:IntPort1 & ExtIp2:LblPort:IntPort2 | ExtIp2:LblPort |

    !!! info ""
        In the above table:
@@ -312,7 +312,7 @@ as well as the usual boolean logic, as shown in examples below.
    constraints = "LabelRegex(`a.label.name`, `a.+`)"
    ```

-For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#restrict-the-scope-of-service-discovery).
+For additional information, refer to [Restrict the Scope of Service Discovery](./overview.md#exposedbydefault-and-traefikenable).

 ```yaml tab="File (YAML)"
 providers:
--- a/docs/content/reference/install-configuration/tls/certificate-resolvers/acme.md
+++ b/docs/content/reference/install-configuration/tls/certificate-resolvers/acme.md
@@ -73,30 +73,35 @@ certificatesResolvers:

 ACME certificate resolvers have the following configuration options:

-| Field                                             | Description                                                                                                                                                                                                                                                                                                                | Default                                        | Required |
-|:--------------------------------------------------|:---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:-----------------------------------------------|:---------|
-| `acme.email`                                      | Email address used for registration.                                                                                                                                                                                                                                                                                       | ""                                             | Yes      |
-| `acme.caServer`                                   | CA server to use.                                                                                                                                                                                                                                                                                                          | https://acme-v02.api.letsencrypt.org/directory | No       |
-| `acme.preferredChain`                             | Preferred chain to use. If the CA offers multiple certificate chains, prefer the chain with an issuer matching this Subject Common Name. If no match, the default offered chain will be used.                                                                                                                              | ""                                             | No       |
-| `acme.keyType`                                    | KeyType to use.                                                                                                                                                                                                                                                                                                            | "RSA4096"                                      | No       |
-| `acme.eab`                                        | Enable external account binding.                                                                                                                                                                                                                                                                                           |                                                | No       |
-| `acme.eab.kid`                                    | Key identifier from External CA.                                                                                                                                                                                                                                                                                           | ""                                             | No       |
-| `acme.eab.hmacEncoded`                            | HMAC key from External CA, should be in Base64 URL Encoding without padding format.                                                                                                                                                                                                                                        | ""                                             | No       |
-| `acme.certificatesDuration`                       | The certificates' duration in hours, exclusively used to determine renewal dates.                                                                                                                                                                                                                                          | 2160                                           | No       |
-| `acme.clientTimeout`  | Timeout for HTTP Client used to communicate with the ACME server. | 2m  | No       |
-| `acme.clientResponseHeaderTimeout`  | Timeout for response headers for HTTP Client used to communicate with the ACME server. | 30s  | No       |
-| `acme.dnsChallenge`                               | Enable DNS-01 challenge. More information [here](#dnschallenge).                                                                                                                                                                                                                                                           | -                                              | No       |
-| `acme.dnsChallenge.provider`                      | DNS provider to use.                                                                                                                                                                                                                                                                                                       | ""                                             | No       |
-| `acme.dnsChallenge.resolvers`                     | DNS servers to resolve the FQDN authority.                                                                                                                                                                                                                                                                                 | []                                             | No       |
-| `acme.dnsChallenge.propagation.delayBeforeChecks` | By default, the provider will verify the TXT DNS challenge record before letting ACME verify. If `delayBeforeCheck` is greater than zero, this check is delayed for the configured duration in seconds. This is Useful if internal networks block external DNS queries.                                                    | 0s                                             | No       |
-| `acme.dnsChallenge.propagation.disableChecks`     | Disables the challenge TXT record propagation checks, before notifying ACME that the DNS challenge is ready. Please note that disabling checks can prevent the challenge from succeeding.                                                                                                                                  | false                                          | No       |
-| `acme.dnsChallenge.propagation.requireAllRNS`     | Enables the challenge TXT record to be propagated to all recursive nameservers. If you have disabled authoritative nameservers checks (with `propagation.disableANSChecks`), it is recommended to check all recursive nameservers instead.                                                                                 | false                                          | No       |
-| `acme.dnsChallenge.propagation.disableANSChecks`  | Disables the challenge TXT record propagation checks against authoritative nameservers. This option will skip the propagation check against the nameservers of the authority (SOA). It should be used only if the nameservers of the authority are not reachable.                                                          | false                                          | No       |
-| `acme.httpChallenge`                              | Enable HTTP-01 challenge. More information [here](#httpchallenge).                                                                                                                                                                                                                                                         |                                                | No       |
-| `acme.httpChallenge.entryPoint`                   | EntryPoint to use for the HTTP-01 challenges. Must be reachable by Let's Encrypt through port 80                                                                                                                                                                                                                           | ""                                             | Yes      |
-| `acme.httpChallenge.delay`                        | The delay between the creation of the challenge and the validation. A value lower than or equal to zero means no delay.                                                                                                                                                                                                    | 0                                              | No       |
-| `acme.tlsChallenge`                               | Enable TLS-ALPN-01 challenge. Traefik must be reachable by Let's Encrypt through port 443. More information [here](#tlschallenge).                                                                                                                                                                                         | -                                              | No       |
-| `acme.storage`                                    | File path used for certificates storage.                                                                                                                                                                                                                                                                                   | "acme.json"                                    | Yes      |
+| Field | Description | Default | Required |
+|:------|:------------|:--------|:---------|
+| <a id="opt-acme-email" href="#opt-acme-email" title="#opt-acme-email">`acme.email`</a> | Email address used for registration. | "" | Yes |
+| <a id="opt-acme-caServer" href="#opt-acme-caServer" title="#opt-acme-caServer">`acme.caServer`</a> | CA server to use. | https://acme-v02.api.letsencrypt.org/directory | No |
+| <a id="opt-acme-preferredChain" href="#opt-acme-preferredChain" title="#opt-acme-preferredChain">`acme.preferredChain`</a> | Preferred chain to use. If the CA offers multiple certificate chains, prefer the chain with an issuer matching this Subject Common Name. If no match, the default offered chain will be used. | "" | No |
+| <a id="opt-acme-keyType" href="#opt-acme-keyType" title="#opt-acme-keyType">`acme.keyType`</a> | KeyType to use. | "RSA4096" | No |
+| <a id="opt-acme-profile" href="#opt-acme-profile" title="#opt-acme-profile">`acme.profile`</a> | Certificate profile to use. | "" | No |
+| <a id="opt-acme-caCertificates" href="#opt-acme-caCertificates" title="#opt-acme-caCertificates">`acme.caCertificates`</a> | Specify the paths to PEM encoded CA Certificates that can be used to authenticate an ACME server with an HTTPS certificate not issued by a CA in the system-wide trusted root list. | [] | No |
+| <a id="opt-acme-caSystemCertPool" href="#opt-acme-caSystemCertPool" title="#opt-acme-caSystemCertPool">`acme.caSystemCertPool`</a> | Defines if the certificates pool must use a copy of the system cert pool. | false | No |
+| <a id="opt-acme-caServerName" href="#opt-acme-caServerName" title="#opt-acme-caServerName">`acme.caServerName`</a> | Specify the CA server name that can be used to authenticate an ACME server with an HTTPS certificate not issued by a CA in the system-wide trusted root list. | "" | No |
+| <a id="opt-acme-emailAddresses" href="#opt-acme-emailAddresses" title="#opt-acme-emailAddresses">`acme.emailAddresses`</a> | CSR email addresses to use. | "" | No |
+| <a id="opt-acme-eab" href="#opt-acme-eab" title="#opt-acme-eab">`acme.eab`</a> | Enable external account binding. | | No |
+| <a id="opt-acme-eab-kid" href="#opt-acme-eab-kid" title="#opt-acme-eab-kid">`acme.eab.kid`</a> | Key identifier from External CA. | "" | No |
+| <a id="opt-acme-eab-hmacEncoded" href="#opt-acme-eab-hmacEncoded" title="#opt-acme-eab-hmacEncoded">`acme.eab.hmacEncoded`</a> | HMAC key from External CA, should be in Base64 URL Encoding without padding format. | "" | No |
+| <a id="opt-acme-certificatesDuration" href="#opt-acme-certificatesDuration" title="#opt-acme-certificatesDuration">`acme.certificatesDuration`</a> | The certificates' duration in hours, exclusively used to determine renewal dates. | 2160 | No |
+| <a id="opt-acme-clientTimeout" href="#opt-acme-clientTimeout" title="#opt-acme-clientTimeout">`acme.clientTimeout`</a> | Timeout for HTTP Client used to communicate with the ACME server. | 2m | No |
+| <a id="opt-acme-clientResponseHeaderTimeout" href="#opt-acme-clientResponseHeaderTimeout" title="#opt-acme-clientResponseHeaderTimeout">`acme.clientResponseHeaderTimeout`</a> | Timeout for response headers for HTTP Client used to communicate with the ACME server. | 30s | No |
+| <a id="opt-acme-dnsChallenge" href="#opt-acme-dnsChallenge" title="#opt-acme-dnsChallenge">`acme.dnsChallenge`</a> | Enable DNS-01 challenge. More information [here](#dnschallenge). | - | No |
+| <a id="opt-acme-dnsChallenge-provider" href="#opt-acme-dnsChallenge-provider" title="#opt-acme-dnsChallenge-provider">`acme.dnsChallenge.provider`</a> | DNS provider to use. | "" | No |
+| <a id="opt-acme-dnsChallenge-resolvers" href="#opt-acme-dnsChallenge-resolvers" title="#opt-acme-dnsChallenge-resolvers">`acme.dnsChallenge.resolvers`</a> | DNS servers to resolve the FQDN authority. | [] | No |
+| <a id="opt-acme-dnsChallenge-propagation-delayBeforeChecks" href="#opt-acme-dnsChallenge-propagation-delayBeforeChecks" title="#opt-acme-dnsChallenge-propagation-delayBeforeChecks">`acme.dnsChallenge.propagation.delayBeforeChecks`</a> | By default, the provider will verify the TXT DNS challenge record before letting ACME verify. If `delayBeforeCheck` is greater than zero, this check is delayed for the configured duration in seconds. This is Useful if internal networks block external DNS queries. | 0s | No |
+| <a id="opt-acme-dnsChallenge-propagation-disableChecks" href="#opt-acme-dnsChallenge-propagation-disableChecks" title="#opt-acme-dnsChallenge-propagation-disableChecks">`acme.dnsChallenge.propagation.disableChecks`</a> | Disables the challenge TXT record propagation checks, before notifying ACME that the DNS challenge is ready. Please note that disabling checks can prevent the challenge from succeeding. | false | No |
+| <a id="opt-acme-dnsChallenge-propagation-requireAllRNS" href="#opt-acme-dnsChallenge-propagation-requireAllRNS" title="#opt-acme-dnsChallenge-propagation-requireAllRNS">`acme.dnsChallenge.propagation.requireAllRNS`</a> | Enables the challenge TXT record to be propagated to all recursive nameservers. If you have disabled authoritative nameservers checks (with `propagation.disableANSChecks`), it is recommended to check all recursive nameservers instead. | false | No |
+| <a id="opt-acme-dnsChallenge-propagation-disableANSChecks" href="#opt-acme-dnsChallenge-propagation-disableANSChecks" title="#opt-acme-dnsChallenge-propagation-disableANSChecks">`acme.dnsChallenge.propagation.disableANSChecks`</a> | Disables the challenge TXT record propagation checks against authoritative nameservers. This option will skip the propagation check against the nameservers of the authority (SOA). It should be used only if the nameservers of the authority are not reachable. | false | No |
+| <a id="opt-acme-httpChallenge" href="#opt-acme-httpChallenge" title="#opt-acme-httpChallenge">`acme.httpChallenge`</a> | Enable HTTP-01 challenge. More information [here](#httpchallenge). | | No |
+| <a id="opt-acme-httpChallenge-entryPoint" href="#opt-acme-httpChallenge-entryPoint" title="#opt-acme-httpChallenge-entryPoint">`acme.httpChallenge.entryPoint`</a> | EntryPoint to use for the HTTP-01 challenges. Must be reachable by Let's Encrypt through port 80 | "" | Yes |
+| <a id="opt-acme-httpChallenge-delay" href="#opt-acme-httpChallenge-delay" title="#opt-acme-httpChallenge-delay">`acme.httpChallenge.delay`</a> | The delay between the creation of the challenge and the validation. A value lower than or equal to zero means no delay. | 0 | No |
+| <a id="opt-acme-tlsChallenge" href="#opt-acme-tlsChallenge" title="#opt-acme-tlsChallenge">`acme.tlsChallenge`</a> | Enable TLS-ALPN-01 challenge. Traefik must be reachable by Let's Encrypt through port 443. More information [here](#tlschallenge). | - | No |
+| <a id="opt-acme-storage" href="#opt-acme-storage" title="#opt-acme-storage">`acme.storage`</a> | File path used for certificates storage. | "acme.json" | Yes |

 ## Automatic Certificate Renewal

--- a/docs/content/reference/install-configuration/tls/spiffe.md
+++ b/docs/content/reference/install-configuration/tls/spiffe.md
@@ -44,7 +44,7 @@ spiffe:
 ## ServersTransport

 Enabling SPIFFE does not imply that backend connections are going to use it automatically.
-Each [ServersTransport](../../../routing/services/index.md#serverstransport_1) or [TCPServersTransport](../../../routing/services/index.md#serverstransport_2), that is meant to be secured with SPIFFE, must explicitly enable it (see [SPIFFE with ServersTransport](../../../routing/services/index.md#spiffe) or [SPIFFE with TCPServersTransport](../../../routing/services/index.md#spiffe_1)).
+Each [ServersTransport](../../routing-configuration/http/load-balancing/serverstransport.md) or [TCPServersTransport](../../routing-configuration/tcp/serverstransport.md), that is meant to be secured with SPIFFE, must explicitly enable it (see [SPIFFE with ServersTransport](../../routing-configuration/http/load-balancing/serverstransport.md#opt-spiffe) or [SPIFFE with TCPServersTransport](../../routing-configuration/tcp/serverstransport.md#opt-serverstransport-spiffe)).

 ### Configuration Example

--- a/docs/content/reference/routing-configuration/http/load-balancing/serverstransport.md
+++ b/docs/content/reference/routing-configuration/http/load-balancing/serverstransport.md
@@ -94,19 +94,20 @@ labels:

 ## Configuration Options

-| Field | Description                                               | Default              | Required |
-|:------|:----------------------------------------------------------|:---------------------|:---------|
-| `serverName` | Configures the server name that will be used as the SNI. | "" | No |
-| `certificates` | Defines the list of certificates (as file paths, or data bytes) that will be set as client certificates for mTLS. | [] | No |
-| `insecureSkipVerify` | Controls whether the server's certificate chain and host name is verified. | false  | No |
-| `rootcas` | Set of root certificate authorities to use when verifying server certificates. (for mTLS connections). | [] | No |
-| `maxIdleConnsPerHost` | Maximum idle (keep-alive) connections to keep per-host. | 200 | No |
-| `disableHTTP2` | Disables HTTP/2 for connections with servers. | false | No |
-| `peerCertURI` | Defines the URI used to match against SAN URIs during the server's certificate verification. | "" | No |
-| `forwardingTimeouts.dialTimeout` | Amount of time to wait until a connection to a server can be established.<br />0 = no timeout | 30s  | No |
-| `forwardingTimeouts.responseHeaderTimeout` | Amount of time to wait for a server's response headers after fully writing the request (including its body, if any).<br />0 = no timeout | 0s  | No |
-| `forwardingTimeouts.idleConnTimeout` | Maximum amount of time an idle (keep-alive) connection will remain idle before closing itself.<br />0 = no timeout | 90s  | No |
-| `forwardingTimeouts.readIdleTimeout` | Defines the timeout after which a health check using ping frame will be carried out if no frame is received on the HTTP/2 connection.  | 0s  | No |
-| `forwardingTimeouts.pingTimeout` | Defines the timeout after which the HTTP/2 connection will be closed if a response to ping is not received. | 15s  | No |
-| `spiffe.ids` | Defines the allowed SPIFFE IDs.<br />This takes precedence over the SPIFFE TrustDomain. | []  | No |
-| `spiffe.trustDomain` | Defines the SPIFFE trust domain. | ""  | No |
+| Field                                                                                                                                                                                                          | Description                                                                                                                              | Default | Required |
+|:---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:-----------------------------------------------------------------------------------------------------------------------------------------|:--------|:---------|
+| <a id="opt-serverName" href="#opt-serverName" title="#opt-serverName">`serverName`</a> | Configures the server name that will be used as the SNI.                                                                                 | ""      | No       |
+| <a id="opt-certificates" href="#opt-certificates" title="#opt-certificates">`certificates`</a> | Defines the list of certificates (as file paths, or data bytes) that will be set as client certificates for mTLS.                        | []      | No       |
+| <a id="opt-insecureSkipVerify" href="#opt-insecureSkipVerify" title="#opt-insecureSkipVerify">`insecureSkipVerify`</a> | Controls whether the server's certificate chain and host name is verified.                                                               | false   | No       |
+| <a id="opt-rootcas" href="#opt-rootcas" title="#opt-rootcas">`rootcas`</a> | Set of root certificate authorities to use when verifying server certificates. (for mTLS connections).                                   | []      | No       |
+| <a id="opt-maxIdleConnsPerHost" href="#opt-maxIdleConnsPerHost" title="#opt-maxIdleConnsPerHost">`maxIdleConnsPerHost`</a> | Maximum idle (keep-alive) connections to keep per-host.                                                                                  | 200     | No       |
+| <a id="opt-disableHTTP2" href="#opt-disableHTTP2" title="#opt-disableHTTP2">`disableHTTP2`</a> | Disables HTTP/2 for connections with servers.                                                                                            | false   | No       |
+| <a id="opt-peerCertURI" href="#opt-peerCertURI" title="#opt-peerCertURI">`peerCertURI`</a> | Defines the URI used to match against SAN URIs during the server's certificate verification.                                             | ""      | No       |
+| <a id="opt-forwardingTimeouts-dialTimeout" href="#opt-forwardingTimeouts-dialTimeout" title="#opt-forwardingTimeouts-dialTimeout">`forwardingTimeouts.dialTimeout`</a> | Amount of time to wait until a connection to a server can be established.<br />0 = no timeout                                            | 30s     | No       |
+| <a id="opt-forwardingTimeouts-responseHeaderTimeout" href="#opt-forwardingTimeouts-responseHeaderTimeout" title="#opt-forwardingTimeouts-responseHeaderTimeout">`forwardingTimeouts.responseHeaderTimeout`</a> | Amount of time to wait for a server's response headers after fully writing the request (including its body, if any).<br />0 = no timeout | 0s      | No       |
+| <a id="opt-forwardingTimeouts-idleConnTimeout" href="#opt-forwardingTimeouts-idleConnTimeout" title="#opt-forwardingTimeouts-idleConnTimeout">`forwardingTimeouts.idleConnTimeout`</a> | Maximum amount of time an idle (keep-alive) connection will remain idle before closing itself.<br />0 = no timeout                       | 90s     | No       |
+| <a id="opt-forwardingTimeouts-readIdleTimeout" href="#opt-forwardingTimeouts-readIdleTimeout" title="#opt-forwardingTimeouts-readIdleTimeout">`forwardingTimeouts.readIdleTimeout`</a> | Defines the timeout after which a health check using ping frame will be carried out if no frame is received on the HTTP/2 connection.    | 0s      | No       |
+| <a id="opt-forwardingTimeouts-pingTimeout" href="#opt-forwardingTimeouts-pingTimeout" title="#opt-forwardingTimeouts-pingTimeout">`forwardingTimeouts.pingTimeout`</a> | Defines the timeout after which the HTTP/2 connection will be closed if a response to ping is not received.                              | 15s     | No       |
+| <a id="opt-spiffe" href="#opt-spiffe" title="#opt-spiffe">`spiffe`</a> | Defines the SPIFFE configuration. An empty `spiffe` section enables SPIFFE (that allows any SPIFFE ID).                                  |         | No       |
+| <a id="opt-spiffe-ids" href="#opt-spiffe-ids" title="#opt-spiffe-ids">`spiffe.ids`</a> | Defines the allowed SPIFFE IDs.<br />This takes precedence over the SPIFFE TrustDomain.                                                  | []      | No       |
+| <a id="opt-spiffe-trustDomain" href="#opt-spiffe-trustDomain" title="#opt-spiffe-trustDomain">`spiffe.trustDomain`</a> | Defines the SPIFFE trust domain.                                                                                                         | ""      | No       |
--- a/docs/content/reference/routing-configuration/http/load-balancing/service.md
+++ b/docs/content/reference/routing-configuration/http/load-balancing/service.md
@@ -3,13 +3,16 @@ title: "Traefik HTTP Services Documentation"
 description: "A service is in charge of connecting incoming requests to the Servers that can handle them. Read the technical documentation."
 ---

+Traefik services define how to distribute incoming traffic across your backend servers.
+Each service implements one of the load balancing strategies detailed on this page to ensure optimal traffic distribution and high availability.
+
 ## Service Load Balancer

 The load balancers are able to load balance the requests between multiple instances of your programs.

 Each service has a load-balancer, even if there is only one server to forward traffic to.

-## Configuration Example
+### Configuration Example

 ```yaml tab="Structured (YAML)"
 http:
@@ -89,13 +92,13 @@ labels:

 | Field                              | Description                                                                                                                                                                                                                                                                                                                                                                                   | Required |
 |------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|----------|
-| `servers`                          | Represents individual backend instances for your service                                                                                                                                                                                                                                                                                                                                      | Yes      |
-| `sticky`                           | Defines a `Set-Cookie` header is set on the initial response to let the client know which server handles the first response.                                                                                                                                                                                                                                                                  | No       |
-| `healthcheck`                      | Configures health check to remove unhealthy servers from the load balancing rotation.                                                                                                                                                                                                                                                                                                         | No       |
-| `passHostHeader`                   | Allows forwarding of the client Host header to server. By default, `passHostHeader` is true.                                                                                                                                                                                                                                                                                                  | No       |
-| `serversTransport`                 | Allows to reference an [HTTP ServersTransport](./serverstransport.md) configuration for the communication between Traefik and your servers. If no `serversTransport` is specified, the `default@internal` will be used.                                                                                                                                                                       | No       |
-| `responseForwarding`               | Configures how Traefik forwards the response from the backend server to the client.                                                                                                                                                                                                                                                                                                           | No       |
-| `responseForwarding.FlushInterval` | Specifies the interval in between flushes to the client while copying the response body. It is a duration in milliseconds, defaulting to 100ms. A negative value means to flush immediately after each write to the client. The `FlushInterval` is ignored when ReverseProxy recognizes a response as a streaming response; for such responses, writes are flushed to the client immediately. | No       |
+| <a id="opt-servers" href="#opt-servers" title="#opt-servers">`servers`</a> | Represents individual backend instances for your service                                                                                                                                                                                                                                                                                                                                      | Yes      |
+| <a id="opt-sticky" href="#opt-sticky" title="#opt-sticky">`sticky`</a> | Defines a `Set-Cookie` header is set on the initial response to let the client know which server handles the first response.                                                                                                                                                                                                                                                                  | No       |
+| <a id="opt-healthcheck" href="#opt-healthcheck" title="#opt-healthcheck">`healthcheck`</a> | Configures health check to remove unhealthy servers from the load balancing rotation.                                                                                                                                                                                                                                                                                                         | No       |
+| <a id="opt-passHostHeader" href="#opt-passHostHeader" title="#opt-passHostHeader">`passHostHeader`</a> | Allows forwarding of the client Host header to server. By default, `passHostHeader` is true.                                                                                                                                                                                                                                                                                                  | No       |
+| <a id="opt-serversTransport" href="#opt-serversTransport" title="#opt-serversTransport">`serversTransport`</a> | Allows to reference an [HTTP ServersTransport](./serverstransport.md) configuration for the communication between Traefik and your servers. If no `serversTransport` is specified, the `default@internal` will be used.                                                                                                                                                                       | No       |
+| <a id="opt-responseForwarding" href="#opt-responseForwarding" title="#opt-responseForwarding">`responseForwarding`</a> | Configures how Traefik forwards the response from the backend server to the client.                                                                                                                                                                                                                                                                                                           | No       |
+| <a id="opt-responseForwarding-FlushInterval" href="#opt-responseForwarding-FlushInterval" title="#opt-responseForwarding-FlushInterval">`responseForwarding.FlushInterval`</a> | Specifies the interval in between flushes to the client while copying the response body. It is a duration in milliseconds, defaulting to 100ms. A negative value means to flush immediately after each write to the client. The `FlushInterval` is ignored when ReverseProxy recognizes a response as a streaming response; for such responses, writes are flushed to the client immediately. | No       |

 #### Servers

@@ -105,9 +108,9 @@ Servers represent individual backend instances for your service. The [service lo

 | Field          | Description                                        | Required                                                                         |
 |----------------|----------------------------------------------------|----------------------------------------------------------------------------------|
-| `url`          | Points to a specific instance.                     | Yes for File provider, No for [Docker provider](../../other-providers/docker.md) |
-| `weight`       | Allows for weighted load balancing on the servers. | No                                                                               |
-| `preservePath` | Allows to preserve the URL path.                   | No                                                                               |
+| <a id="opt-url" href="#opt-url" title="#opt-url">`url`</a> | Points to a specific instance.                     | Yes for File provider, No for [Docker provider](../../other-providers/docker.md) |
+| <a id="opt-weight" href="#opt-weight" title="#opt-weight">`weight`</a> | Allows for weighted load balancing on the servers. | No                                                                               |
+| <a id="opt-preservePath" href="#opt-preservePath" title="#opt-preservePath">`preservePath`</a> | Allows to preserve the URL path.                   | No                                                                               |

 #### Health Check

@@ -119,19 +122,19 @@ Below are the available options for the health check mechanism:

 | Field               | Description                                                                                                                   | Default | Required |
 |---------------------|-------------------------------------------------------------------------------------------------------------------------------|---------|----------|
-| `path`              | Defines the server URL path for the health check endpoint.                                                                    | ""      | Yes      |
-| `scheme`            | Replaces the server URL scheme for the health check endpoint.                                                                 |         | No       |
-| `mode`              | If defined to `grpc`, will use the gRPC health check protocol to probe the server.                                            | http    | No       |
-| `hostname`          | Defines the value of hostname in the Host header of the health check request.                                                 | ""      | No       |
-| `port`              | Replaces the server URL port for the health check endpoint.                                                                   |         | No       |
-| `interval`          | Defines the frequency of the health check calls for healthy targets.                                                          | 30s     | No       |
-| `unhealthyInterval` | Defines the frequency of the health check calls for unhealthy targets. When not defined, it defaults to the `interval` value. | 30s     | No       |
-| `timeout`           | Defines the maximum duration Traefik will wait for a health check request before considering the server unhealthy.            | 5s      | No       |
-| `headers`           | Defines custom headers to be sent to the health check endpoint.                                                               |         | No       |
-| `followRedirects`   | Defines whether redirects should be followed during the health check calls.                                                   | true    | No       |
-| `hostname`          | Defines the value of hostname in the Host header of the health check request.                                                 | ""      | No       |
-| `method`            | Defines the HTTP method that will be used while connecting to the endpoint.                                                   | GET     | No       |
-| `status`            | Defines the expected HTTP status code of the response to the health check request.                                            |         | No       |
+| <a id="opt-path" href="#opt-path" title="#opt-path">`path`</a> | Defines the server URL path for the health check endpoint.                                                                    | ""      | Yes      |
+| <a id="opt-scheme" href="#opt-scheme" title="#opt-scheme">`scheme`</a> | Replaces the server URL scheme for the health check endpoint.                                                                 |         | No       |
+| <a id="opt-mode" href="#opt-mode" title="#opt-mode">`mode`</a> | If defined to `grpc`, will use the gRPC health check protocol to probe the server.                                            | http    | No       |
+| <a id="opt-hostname" href="#opt-hostname" title="#opt-hostname">`hostname`</a> | Defines the value of hostname in the Host header of the health check request.                                                 | ""      | No       |
+| <a id="opt-port" href="#opt-port" title="#opt-port">`port`</a> | Replaces the server URL port for the health check endpoint.                                                                   |         | No       |
+| <a id="opt-interval" href="#opt-interval" title="#opt-interval">`interval`</a> | Defines the frequency of the health check calls for healthy targets.                                                          | 30s     | No       |
+| <a id="opt-unhealthyInterval" href="#opt-unhealthyInterval" title="#opt-unhealthyInterval">`unhealthyInterval`</a> | Defines the frequency of the health check calls for unhealthy targets. When not defined, it defaults to the `interval` value. | 30s     | No       |
+| <a id="opt-timeout" href="#opt-timeout" title="#opt-timeout">`timeout`</a> | Defines the maximum duration Traefik will wait for a health check request before considering the server unhealthy.            | 5s      | No       |
+| <a id="opt-headers" href="#opt-headers" title="#opt-headers">`headers`</a> | Defines custom headers to be sent to the health check endpoint.                                                               |         | No       |
+| <a id="opt-followRedirects" href="#opt-followRedirects" title="#opt-followRedirects">`followRedirects`</a> | Defines whether redirects should be followed during the health check calls.                                                   | true    | No       |
+| <a id="opt-hostname-2" href="#opt-hostname-2" title="#opt-hostname-2">`hostname`</a> | Defines the value of hostname in the Host header of the health check request.                                                 | ""      | No       |
+| <a id="opt-method" href="#opt-method" title="#opt-method">`method`</a> | Defines the HTTP method that will be used while connecting to the endpoint.                                                   | GET     | No       |
+| <a id="opt-status" href="#opt-status" title="#opt-status">`status`</a> | Defines the expected HTTP status code of the response to the health check request.                                            |         | No       |

 #### Sticky sessions

--- a/docs/content/reference/routing-configuration/http/middlewares/addprefix.md
+++ b/docs/content/reference/routing-configuration/http/middlewares/addprefix.md
@@ -54,4 +54,4 @@ spec:

 | Field  | Description                                                                                                                                                                                                | Default | Required |
 |:-----------------------------|:-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:--------|:---------|
-| `prefix` | String to add **before** the current path in the requested URL. It should include a leading slash (`/`). | "" | Yes |
+| <a id="opt-prefix" href="#opt-prefix" title="#opt-prefix">`prefix`</a> | String to add **before** the current path in the requested URL. It should include a leading slash (`/`). | "" | Yes |
--- a/docs/content/reference/routing-configuration/http/middlewares/apikey.md
+++ b/docs/content/reference/routing-configuration/http/middlewares/apikey.md
@@ -46,11 +46,11 @@ stringData:

 | Field                        | Description   | Default | Required |
 |:-----------------------------|:------------------------------------------------|:--------|:---------|
-| `keySource.header`           | Defines the header name containing the secret sent by the client.<br /> Either `keySource.header` or `keySource.query` or `keySource.cookie` must be set.                                                 | ""      | No       |
-| `keySource.headerAuthScheme` | Defines the scheme when using `Authorization` as header name. <br /> Check out the `Authorization` header [documentation](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Authorization#syntax). | ""      | No       |
-| `keySource.query`            | Defines the query parameter name containing the secret sent by the client.<br /> Either `keySource.header` or `keySource.query` or `keySource.cookie` must be set.                                       | ""      | No       |
-| `keySource.cookie`           | Defines the cookie name containing the secret sent by the client.<br /> Either `keySource.header` or `keySource.query` or `keySource.cookie` must be set.                                                | ""      | No       |
-| `secretNonBase64Encoded`     | Defines whether the secret sent by the client is base64 encoded. | false   | No       |
-| `secretValues`               | Contain the hash of the API keys. <br /> Supported hashing algorithms are Bcrypt, SHA1 and MD5. <br /> The hash should be generated using `htpasswd`.<br />Can reference a Kubernetes Secret using the URN format: `urn:k8s:secret:[name]:[valueKey]` | []      | Yes      |
+| <a id="opt-keySource-header" href="#opt-keySource-header" title="#opt-keySource-header">`keySource.header`</a> | Defines the header name containing the secret sent by the client.<br /> Either `keySource.header` or `keySource.query` or `keySource.cookie` must be set.                                                 | ""      | No       |
+| <a id="opt-keySource-headerAuthScheme" href="#opt-keySource-headerAuthScheme" title="#opt-keySource-headerAuthScheme">`keySource.headerAuthScheme`</a> | Defines the scheme when using `Authorization` as header name. <br /> Check out the `Authorization` header [documentation](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Authorization#syntax). | ""      | No       |
+| <a id="opt-keySource-query" href="#opt-keySource-query" title="#opt-keySource-query">`keySource.query`</a> | Defines the query parameter name containing the secret sent by the client.<br /> Either `keySource.header` or `keySource.query` or `keySource.cookie` must be set.                                       | ""      | No       |
+| <a id="opt-keySource-cookie" href="#opt-keySource-cookie" title="#opt-keySource-cookie">`keySource.cookie`</a> | Defines the cookie name containing the secret sent by the client.<br /> Either `keySource.header` or `keySource.query` or `keySource.cookie` must be set.                                                | ""      | No       |
+| <a id="opt-secretNonBase64Encoded" href="#opt-secretNonBase64Encoded" title="#opt-secretNonBase64Encoded">`secretNonBase64Encoded`</a> | Defines whether the secret sent by the client is base64 encoded. | false   | No       |
+| <a id="opt-secretValues" href="#opt-secretValues" title="#opt-secretValues">`secretValues`</a> | Contain the hash of the API keys. <br /> Supported hashing algorithms are Bcrypt, SHA1 and MD5. <br /> The hash should be generated using `htpasswd`.<br />Can reference a Kubernetes Secret using the URN format: `urn:k8s:secret:[name]:[valueKey]` | []      | Yes      |

 {!traefik-for-business-applications.md!}
--- a/docs/content/reference/routing-configuration/http/middlewares/basicauth.md
+++ b/docs/content/reference/routing-configuration/http/middlewares/basicauth.md
@@ -64,11 +64,11 @@ spec:

 | Field      | Description                                                                                                                                                                                 | Default | Required |
 |:-----------|:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:--------|:---------|
-| `users` | Array of authorized users. Each user must be declared using the `name:hashed-password` format. (More information [here](#users))| ""      | No      |
-| `usersFile` | Path to an external file that contains the authorized users for the middleware. <br />The file content is a list of `name:hashed-password`. (More information [here](#usersfile)) | ""      | No      |
-| `realm` | Allow customizing the realm for the authentication.| "traefik"      | No      |
-| `headerField` | Allow defining a header field to store the authenticated user.| ""      | No      |
-| `removeHeader` | Allow removing the authorization header before forwarding the request to your service. | false      | No      |
+| <a id="opt-users" href="#opt-users" title="#opt-users">`users`</a> | Array of authorized users. Each user must be declared using the `name:hashed-password` format. (More information [here](#users-usersfile))| ""      | No      |
+| <a id="opt-usersFile" href="#opt-usersFile" title="#opt-usersFile">`usersFile`</a> | Path to an external file that contains the authorized users for the middleware. <br />The file content is a list of `name:hashed-password`. (More information [here](#users-usersfile)) | ""      | No      |
+| <a id="opt-realm" href="#opt-realm" title="#opt-realm">`realm`</a> | Allow customizing the realm for the authentication.| "traefik"      | No      |
+| <a id="opt-headerField" href="#opt-headerField" title="#opt-headerField">`headerField`</a> | Allow defining a header field to store the authenticated user.| ""      | No      |
+| <a id="opt-removeHeader" href="#opt-removeHeader" title="#opt-removeHeader">`removeHeader`</a> | Allow removing the authorization header before forwarding the request to your service. | false      | No      |

 ### Passwords format

--- a/docs/content/reference/routing-configuration/http/middlewares/buffering.md
+++ b/docs/content/reference/routing-configuration/http/middlewares/buffering.md
@@ -58,11 +58,11 @@ spec:

 | Field | Description | Default | Required |
 |:------|:------------|:--------|:---------|
-| `maxRequestBodyBytes`  | Maximum allowed body size for the request (in bytes). <br /> If the request exceeds the allowed size, it is not forwarded to the Service, and the client gets a `413` (Request Entity Too Large) response. | 0 | No |
-| `memRequestBodyBytes`  | Threshold (in bytes) from which the request will be buffered on disk instead of in memory with the `memRequestBodyBytes` option.| 1048576 | No |
-| `maxResponseBodyBytes` | Maximum allowed response size from the Service (in bytes). <br /> If the response exceeds the allowed size, it is not forwarded to the client. The client gets a `500` (Internal Server Error) response instead. | 0 | No |
-| `memResponseBodyBytes` | Threshold (in bytes) from which the response will be buffered on disk instead of in memory with the `memResponseBodyBytes` option.| 1048576 | No |
-| `retryExpression`      | Replay the request using `retryExpression`.<br /> More information [here](#retryexpression). | "" | No |
+| <a id="opt-maxRequestBodyBytes" href="#opt-maxRequestBodyBytes" title="#opt-maxRequestBodyBytes">`maxRequestBodyBytes`</a> | Maximum allowed body size for the request (in bytes). <br /> If the request exceeds the allowed size, it is not forwarded to the Service, and the client gets a `413` (Request Entity Too Large) response. | 0 | No |
+| <a id="opt-memRequestBodyBytes" href="#opt-memRequestBodyBytes" title="#opt-memRequestBodyBytes">`memRequestBodyBytes`</a> | Threshold (in bytes) from which the request will be buffered on disk instead of in memory with the `memRequestBodyBytes` option.| 1048576 | No |
+| <a id="opt-maxResponseBodyBytes" href="#opt-maxResponseBodyBytes" title="#opt-maxResponseBodyBytes">`maxResponseBodyBytes`</a> | Maximum allowed response size from the Service (in bytes). <br /> If the response exceeds the allowed size, it is not forwarded to the client. The client gets a `500` (Internal Server Error) response instead. | 0 | No |
+| <a id="opt-memResponseBodyBytes" href="#opt-memResponseBodyBytes" title="#opt-memResponseBodyBytes">`memResponseBodyBytes`</a> | Threshold (in bytes) from which the response will be buffered on disk instead of in memory with the `memResponseBodyBytes` option.| 1048576 | No |
+| <a id="opt-retryExpression" href="#opt-retryExpression" title="#opt-retryExpression">`retryExpression`</a> | Replay the request using `retryExpression`.<br /> More information [here](#retryexpression). | "" | No |

 ### retryExpression

--- a/docs/content/reference/routing-configuration/http/middlewares/chain.md
+++ b/docs/content/reference/routing-configuration/http/middlewares/chain.md
@@ -168,4 +168,4 @@ spec:

 | Field | Description | Default | Required |
 |:------|:------------|:--------|:---------|
-| `middlewares`  | List of middlewares to chain.<br /> The middlewares have to be in the same namespace as the `chain` middleware. | [] | Yes |
+| <a id="opt-middlewares" href="#opt-middlewares" title="#opt-middlewares">`middlewares`</a> | List of middlewares to chain.<br /> The middlewares have to be in the same namespace as the `chain` middleware. | [] | Yes |
--- a/docs/content/reference/routing-configuration/http/middlewares/circuitbreaker.md
+++ b/docs/content/reference/routing-configuration/http/middlewares/circuitbreaker.md
@@ -65,11 +65,11 @@ spec:

 | Field | Description | Default | Required |
 |:------|:------------|:--------|:---------|
-| `expression` | Condition to open the circuit breaker and applies the fallback mechanism instead of calling your services.<br />More information [here](#expression) | 100ms | No |
-| `checkPeriod` | The interval between successive checks of the circuit breaker condition (when in standby state). | 100ms | No |
-| `fallbackDuration` | The duration for which the circuit breaker will wait before trying to recover (from a tripped state). | 10s | No |
-| `recoveryDuration` | The duration for which the circuit breaker will try to recover (as soon as it is in recovering state). | 10s | No |
-| `responseCode` | The status code that the circuit breaker will return while it is in the open state. | 503 | No |
+| <a id="opt-expression" href="#opt-expression" title="#opt-expression">`expression`</a> | Condition to open the circuit breaker and applies the fallback mechanism instead of calling your services.<br />More information [here](#expression) | 100ms | No |
+| <a id="opt-checkPeriod" href="#opt-checkPeriod" title="#opt-checkPeriod">`checkPeriod`</a> | The interval between successive checks of the circuit breaker condition (when in standby state). | 100ms | No |
+| <a id="opt-fallbackDuration" href="#opt-fallbackDuration" title="#opt-fallbackDuration">`fallbackDuration`</a> | The duration for which the circuit breaker will wait before trying to recover (from a tripped state). | 10s | No |
+| <a id="opt-recoveryDuration" href="#opt-recoveryDuration" title="#opt-recoveryDuration">`recoveryDuration`</a> | The duration for which the circuit breaker will try to recover (as soon as it is in recovering state). | 10s | No |
+| <a id="opt-responseCode" href="#opt-responseCode" title="#opt-responseCode">`responseCode`</a> | The status code that the circuit breaker will return while it is in the open state. | 503 | No |

 ### expression

@@ -77,9 +77,9 @@ The `expression` option can check three different metrics:

 | Metrics | Description | Example |
 |:------|:------------|:--------|
-| `NetworkErrorRatio`   | The network error ratio to open the circuit breaker. | `NetworkErrorRatio() > 0.30` opens the circuit breaker at a 30% ratio of network errors |
-| `ResponseCodeRatio`   | The status code ratio to open the circuit breaker.<br />More information [below](#responsecoderatio) | `ResponseCodeRatio(500, 600, 0, 600) > 0.25` opens the circuit breaker if 25% of the requests returned a 5XX status (amongst the request that returned a status code from 0 to 5XX)  |
-| `LatencyAtQuantileMS` | The latency at a quantile in milliseconds to open the circuit breaker when a given proportion of your requests become too slow.<br /> Only floating point number (with the trailing .0) for the quantile value. | `LatencyAtQuantileMS(50.0) > 100` opens the circuit breaker when the median latency (quantile 50) reaches 100ms. |
+| <a id="opt-NetworkErrorRatio" href="#opt-NetworkErrorRatio" title="#opt-NetworkErrorRatio">`NetworkErrorRatio`</a> | The network error ratio to open the circuit breaker. | `NetworkErrorRatio() > 0.30` opens the circuit breaker at a 30% ratio of network errors |
+| <a id="opt-ResponseCodeRatio" href="#opt-ResponseCodeRatio" title="#opt-ResponseCodeRatio">`ResponseCodeRatio`</a> | The status code ratio to open the circuit breaker.<br />More information [below](#responsecoderatio) | `ResponseCodeRatio(500, 600, 0, 600) > 0.25` opens the circuit breaker if 25% of the requests returned a 5XX status (amongst the request that returned a status code from 0 to 5XX)  |
+| <a id="opt-LatencyAtQuantileMS" href="#opt-LatencyAtQuantileMS" title="#opt-LatencyAtQuantileMS">`LatencyAtQuantileMS`</a> | The latency at a quantile in milliseconds to open the circuit breaker when a given proportion of your requests become too slow.<br /> Only floating point number (with the trailing .0) for the quantile value. | `LatencyAtQuantileMS(50.0) > 100` opens the circuit breaker when the median latency (quantile 50) reaches 100ms. |

 #### ResponseCodeRatio

--- a/docs/content/reference/routing-configuration/http/middlewares/compress.md
+++ b/docs/content/reference/routing-configuration/http/middlewares/compress.md
@@ -51,11 +51,11 @@ spec:

 | Field                        | Description                                                                                                                                                                                                | Default | Required |
 |:-----------------------------|:-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:--------|:---------|
-|`excludedContentTypes` | List of content types to compare the `Content-Type` header of the incoming requests and responses before compressing. <br /> The responses with content types defined in `excludedContentTypes` are not compressed. <br /> Content types are compared in a case-insensitive, whitespace-ignored manner. <br /> **The `excludedContentTypes` and `includedContentTypes` options are mutually exclusive.** | "" | No |
-|`defaultEncoding` | specifies the default encoding if the `Accept-Encoding` header is not in the request or contains a wildcard (`*`). | "" | No |
-|`encodings` | Specifies the list of supported compression encodings. At least one encoding value must be specified, and valid entries are `zstd` (Zstandard), `br` (Brotli), and `gzip` (Gzip). The order of the list also sets the priority, the top entry has the highest priority. | zstd, br, gzip | No |
-| `includedContentTypes` | List of content types to compare the `Content-Type` header of the responses before compressing. <br /> The responses with content types defined in `includedContentTypes` are compressed. <br /> Content types are compared in a case-insensitive, whitespace-ignored manner.<br /> **The `excludedContentTypes` and `includedContentTypes` options are mutually exclusive.** | "" | No |
-| `minResponseBodyBytes` | `Minimum amount of bytes a response body must have to be compressed. <br />Responses smaller than the specified values will **not** be compressed. | 1024 | No |
+| <a id="opt-excludedContentTypes" href="#opt-excludedContentTypes" title="#opt-excludedContentTypes">`excludedContentTypes`</a> | List of content types to compare the `Content-Type` header of the incoming requests and responses before compressing. <br /> The responses with content types defined in `excludedContentTypes` are not compressed. <br /> Content types are compared in a case-insensitive, whitespace-ignored manner. <br /> **The `excludedContentTypes` and `includedContentTypes` options are mutually exclusive.** | "" | No |
+| <a id="opt-defaultEncoding" href="#opt-defaultEncoding" title="#opt-defaultEncoding">`defaultEncoding`</a> | specifies the default encoding if the `Accept-Encoding` header is not in the request or contains a wildcard (`*`). | "" | No |
+| <a id="opt-encodings" href="#opt-encodings" title="#opt-encodings">`encodings`</a> | Specifies the list of supported compression encodings. At least one encoding value must be specified, and valid entries are `zstd` (Zstandard), `br` (Brotli), and `gzip` (Gzip). The order of the list also sets the priority, the top entry has the highest priority. | gzip, br, zstd | No |
+| <a id="opt-includedContentTypes" href="#opt-includedContentTypes" title="#opt-includedContentTypes">`includedContentTypes`</a> | List of content types to compare the `Content-Type` header of the responses before compressing. <br /> The responses with content types defined in `includedContentTypes` are compressed. <br /> Content types are compared in a case-insensitive, whitespace-ignored manner.<br /> **The `excludedContentTypes` and `includedContentTypes` options are mutually exclusive.** | "" | No |
+| <a id="opt-minResponseBodyBytes" href="#opt-minResponseBodyBytes" title="#opt-minResponseBodyBytes">`minResponseBodyBytes`</a> | `Minimum amount of bytes a response body must have to be compressed. <br />Responses smaller than the specified values will **not** be compressed. | 1024 | No |

 ## Compression activation

--- a/docs/content/reference/routing-configuration/http/middlewares/digestauth.md
+++ b/docs/content/reference/routing-configuration/http/middlewares/digestauth.md
@@ -59,11 +59,11 @@ spec:

 | Field      | Description    | Default | Required |
 |:-----------|:---------------------------------------------------------------------------------|:--------|:---------|
-| `users` | Array of authorized users. Each user must be declared using the `name:realm:encoded-password` format.<br /> The option `users` supports Kubernetes secrets.<br />(More information [here](#users--usersfile))| []  | No      |
-| `usersFile` | Path to an external file that contains the authorized users for the middleware. <br />The file content is a list of `name:realm:encoded-password`. (More information [here](#users--usersfile)) | ""      | No      |
-| `realm` | Allow customizing the realm for the authentication.| "traefik"      | No      |
-| `headerField` | Allow defining a header field to store the authenticated user.| ""      | No      |
-| `removeHeader` | Allow removing the authorization header before forwarding the request to your service. | false      | No      |
+| <a id="opt-users" href="#opt-users" title="#opt-users">`users`</a> | Array of authorized users. Each user must be declared using the `name:realm:encoded-password` format.<br /> The option `users` supports Kubernetes secrets.<br />(More information [here](#users--usersfile))| []  | No      |
+| <a id="opt-usersFile" href="#opt-usersFile" title="#opt-usersFile">`usersFile`</a> | Path to an external file that contains the authorized users for the middleware. <br />The file content is a list of `name:realm:encoded-password`. (More information [here](#users--usersfile)) | ""      | No      |
+| <a id="opt-realm" href="#opt-realm" title="#opt-realm">`realm`</a> | Allow customizing the realm for the authentication.| "traefik"      | No      |
+| <a id="opt-headerField" href="#opt-headerField" title="#opt-headerField">`headerField`</a> | Allow defining a header field to store the authenticated user.| ""      | No      |
+| <a id="opt-removeHeader" href="#opt-removeHeader" title="#opt-removeHeader">`removeHeader`</a> | Allow removing the authorization header before forwarding the request to your service. | false      | No      |

 ### Passwords format

--- a/docs/content/reference/routing-configuration/http/middlewares/distributed-ratelimit.md
+++ b/docs/content/reference/routing-configuration/http/middlewares/distributed-ratelimit.md
@@ -85,27 +85,27 @@ When the bucket is not full, on token is generated every 10 seconds (6 every 1 m

 | Field      | Description                                                                                                                                                                                 | Default | Required |
 |:-----------|:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:--------|:---------|
-| `limit` | Number of requests used to define the rate using the `period`.<br /> 0 means **no rate limiting**.<br />More information [here](#rate-and-burst).| 0      | No      |
-| `period` | Period of time used to define the rate.<br />More information [here](#rate-and-burst).| 1s | No |
-| `burst` | Maximum number of requests allowed to go through at the very same moment.<br />More information [here](#rate-and-burst). | 1 | No |
-| `denyOnError` | Forces to return a 429 error if the number of remaining requests accepted cannot be get.<br /> Set to `false`, this option allows the request to reach the backend. | true    | No       |
-| `responseHeaders` | Injects the following rate limiting headers in the response:<br />- X-Rate-Limit-Remaining<br />- X-Rate-Limit-Limit<br />- X-Rate-Limit-Period<br />- X-Rate-Limit-Reset<br />The added headers indicate how many tokens are left in the bucket (in the token bucket analogy) after the reservation for the request was made. | false   | No       |
-| `store.redis.endpoints`              | Endpoints of the Redis instances to connect to (example: `redis.traefik-hub.svc.cluster.local:6379`) | "" | Yes      |
-| `store.redis.username`               | The username Traefik Hub will use to connect to Redis                                                | "" | No       |
-| `store.redis.password`               | The password Traefik Hub will use to connect to Redis                                                | "" | No       |
-| `store.redis.database`               | The database Traefik Hub will use to sore information (default: `0`)                                 | "" | No       |
-| `store.redis.cluster`                | Enable Redis Cluster                                                                                 | "" | No       |
-| `store.redis.tls.caBundle`           | Custom CA bundle                                                                                     | "" | No       |
-| `store.redis.tls.cert`               | TLS certificate                                                                                      | "" | No       |
-| `store.redis.tls.key`                | TLS key                                                                                              | "" | No       |
-| `store.redis.tls.insecureSkipVerify` | Allow skipping the TLS verification                                                                  | "" | No       |
-| `store.redis.sentinel.masterSet`     | Name of the set of main nodes to use for main selection. Required when using Sentinel.               | "" | No       |
-| `store.redis.sentinel.username`      | Username to use for sentinel authentication (can be different from `username`)                       | "" | No       |
-| `store.redis.sentinel.password`      | Password to use for sentinel authentication (can be different from `password`)                       | "" | No       |
-| `sourceCriterion.requestHost` | Whether to consider the request host as the source.<br />More information about `sourceCriterion`[here](#sourcecriterion). | false      | No      |
-| `sourceCriterion.requestHeaderName` | Name of the header used to group incoming requests.<br />More information about `sourceCriterion`[here](#sourcecriterion). | ""      | No      |
-| `sourceCriterion.ipStrategy.depth` | Depth position of the IP to select in the `X-Forwarded-For` header (starting from the right).<br />0 means no depth.<br />If greater than the total number of IPs in `X-Forwarded-For`, then the client IP is empty<br />If higher than 0, the `excludedIPs` options is not evaluated.<br />More information about [`sourceCriterion`](#sourcecriterion), [`ipStrategy`](#ipstrategy), and [`depth`](#sourcecriterionipstrategydepth) below. | 0      | No      |
-| `sourceCriterion.ipStrategy.excludedIPs` | Allows Traefik to scan the `X-Forwarded-For` header and select the first IP not in the list.<br />If `depth` is specified, `excludedIPs` is ignored.<br />More information about [`sourceCriterion`](#sourcecriterion), [`ipStrategy`](#ipstrategy), and [`excludedIPs`](#sourcecriterionipstrategyexcludedips) below. |       | No      |
+| <a id="opt-limit" href="#opt-limit" title="#opt-limit">`limit`</a> | Number of requests used to define the rate using the `period`.<br /> 0 means **no rate limiting**.<br />More information [here](#rate-and-burst).| 0      | No      |
+| <a id="opt-period" href="#opt-period" title="#opt-period">`period`</a> | Period of time used to define the rate.<br />More information [here](#rate-and-burst).| 1s | No |
+| <a id="opt-burst" href="#opt-burst" title="#opt-burst">`burst`</a> | Maximum number of requests allowed to go through at the very same moment.<br />More information [here](#rate-and-burst). | 1 | No |
+| <a id="opt-denyOnError" href="#opt-denyOnError" title="#opt-denyOnError">`denyOnError`</a> | Forces to return a 429 error if the number of remaining requests accepted cannot be get.<br /> Set to `false`, this option allows the request to reach the backend. | true    | No       |
+| <a id="opt-responseHeaders" href="#opt-responseHeaders" title="#opt-responseHeaders">`responseHeaders`</a> | Injects the following rate limiting headers in the response:<br />- `X-Rate-Limit-Remaining`<br />- `X-Rate-Limit-Limit`<br />- `X-Rate-Limit-Period`<br />- `X-Rate-Limit-Reset`<br />The added headers indicate how many tokens are left in the bucket (in the token bucket analogy) after the reservation for the request was made. | false   | No       |
+| <a id="opt-store-redis-endpoints" href="#opt-store-redis-endpoints" title="#opt-store-redis-endpoints">`store.redis.endpoints`</a> | Endpoints of the Redis instances to connect to (example: `redis.traefik-hub.svc.cluster.local:6379`) | "" | Yes      |
+| <a id="opt-store-redis-username" href="#opt-store-redis-username" title="#opt-store-redis-username">`store.redis.username`</a> | The username Traefik Hub will use to connect to Redis                                                | "" | No       |
+| <a id="opt-store-redis-password" href="#opt-store-redis-password" title="#opt-store-redis-password">`store.redis.password`</a> | The password Traefik Hub will use to connect to Redis                                                | "" | No       |
+| <a id="opt-store-redis-database" href="#opt-store-redis-database" title="#opt-store-redis-database">`store.redis.database`</a> | The database Traefik Hub will use to sore information (default: `0`)                                 | "" | No       |
+| <a id="opt-store-redis-cluster" href="#opt-store-redis-cluster" title="#opt-store-redis-cluster">`store.redis.cluster`</a> | Enable Redis Cluster                                                                                 | "" | No       |
+| <a id="opt-store-redis-tls-caBundle" href="#opt-store-redis-tls-caBundle" title="#opt-store-redis-tls-caBundle">`store.redis.tls.caBundle`</a> | Custom CA bundle                                                                                     | "" | No       |
+| <a id="opt-store-redis-tls-cert" href="#opt-store-redis-tls-cert" title="#opt-store-redis-tls-cert">`store.redis.tls.cert`</a> | TLS certificate                                                                                      | "" | No       |
+| <a id="opt-store-redis-tls-key" href="#opt-store-redis-tls-key" title="#opt-store-redis-tls-key">`store.redis.tls.key`</a> | TLS key                                                                                              | "" | No       |
+| <a id="opt-store-redis-tls-insecureSkipVerify" href="#opt-store-redis-tls-insecureSkipVerify" title="#opt-store-redis-tls-insecureSkipVerify">`store.redis.tls.insecureSkipVerify`</a> | Allow skipping the TLS verification                                                                  | "" | No       |
+| <a id="opt-store-redis-sentinel-masterSet" href="#opt-store-redis-sentinel-masterSet" title="#opt-store-redis-sentinel-masterSet">`store.redis.sentinel.masterSet`</a> | Name of the set of main nodes to use for main selection. Required when using Sentinel.               | "" | No       |
+| <a id="opt-store-redis-sentinel-username" href="#opt-store-redis-sentinel-username" title="#opt-store-redis-sentinel-username">`store.redis.sentinel.username`</a> | Username to use for sentinel authentication (can be different from `username`)                       | "" | No       |
+| <a id="opt-store-redis-sentinel-password" href="#opt-store-redis-sentinel-password" title="#opt-store-redis-sentinel-password">`store.redis.sentinel.password`</a> | Password to use for sentinel authentication (can be different from `password`)                       | "" | No       |
+| <a id="opt-sourceCriterion-requestHost" href="#opt-sourceCriterion-requestHost" title="#opt-sourceCriterion-requestHost">`sourceCriterion.requestHost`</a> | Whether to consider the request host as the source.<br />More information about `sourceCriterion`[here](#sourcecriterion). | false      | No      |
+| <a id="opt-sourceCriterion-requestHeaderName" href="#opt-sourceCriterion-requestHeaderName" title="#opt-sourceCriterion-requestHeaderName">`sourceCriterion.requestHeaderName`</a> | Name of the header used to group incoming requests.<br />More information about `sourceCriterion`[here](#sourcecriterion). | ""      | No      |
+| <a id="opt-sourceCriterion-ipStrategy-depth" href="#opt-sourceCriterion-ipStrategy-depth" title="#opt-sourceCriterion-ipStrategy-depth">`sourceCriterion.ipStrategy.depth`</a> | Depth position of the IP to select in the `X-Forwarded-For` header (starting from the right).<br />0 means no depth.<br />If greater than the total number of IPs in `X-Forwarded-For`, then the client IP is empty<br />If higher than 0, the `excludedIPs` options is not evaluated.<br />More information about [`sourceCriterion`](#sourcecriterion), [`ipStrategy`](#ipstrategy), and [`depth`](#sourcecriterionipstrategydepth) below. | 0      | No      |
+| <a id="opt-sourceCriterion-ipStrategy-excludedIPs" href="#opt-sourceCriterion-ipStrategy-excludedIPs" title="#opt-sourceCriterion-ipStrategy-excludedIPs">`sourceCriterion.ipStrategy.excludedIPs`</a> | Allows Traefik to scan the `X-Forwarded-For` header and select the first IP not in the list.<br />If `depth` is specified, `excludedIPs` is ignored.<br />More information about [`sourceCriterion`](#sourcecriterion), [`ipStrategy`](#ipstrategy), and [`excludedIPs`](#sourcecriterionipstrategyexcludedips) below. |       | No      |

 ### sourceCriterion

@@ -113,8 +113,6 @@ The `sourceCriterion` option defines what criterion is used to group requests as
 If several strategies are defined at the same time, an error will be raised.
 If none are set, the default is to use the request's remote address field (as an `ipStrategy`).

-Check out the [OIDC + RateLimit & DistributedRateLimit guide](../../../../secure/middleware/drl-oidc.md) to see this option in action.
-
 ### ipStrategy

 The `ipStrategy` option defines two parameters that configures how Traefik determines the client IP: `depth`, and `excludedIPs`.
@@ -129,9 +127,9 @@ If `depth` is set to 2, and the request `X-Forwarded-For` header is `"10.0.0.1,1

 | `X-Forwarded-For`                       | `depth` | clientIP     |
 |-----------------------------------------|---------|--------------|
-| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `1`     | `"13.0.0.1"` |
-| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `3`     | `"11.0.0.1"` |
-| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `5`     | `""`         |
+| <a id="opt-10-0-0-111-0-0-112-0-0-113-0-0-1" href="#opt-10-0-0-111-0-0-112-0-0-113-0-0-1" title="#opt-10-0-0-111-0-0-112-0-0-113-0-0-1">`"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"`</a> | `1`     | `"13.0.0.1"` |
+| <a id="opt-10-0-0-111-0-0-112-0-0-113-0-0-1-2" href="#opt-10-0-0-111-0-0-112-0-0-113-0-0-1-2" title="#opt-10-0-0-111-0-0-112-0-0-113-0-0-1-2">`"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"`</a> | `3`     | `"11.0.0.1"` |
+| <a id="opt-10-0-0-111-0-0-112-0-0-113-0-0-1-3" href="#opt-10-0-0-111-0-0-112-0-0-113-0-0-1-3" title="#opt-10-0-0-111-0-0-112-0-0-113-0-0-1-3">`"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"`</a> | `5`     | `""`         |

 ### sourceCriterion.ipStrategy.excludedIPs

@@ -144,20 +142,20 @@ In this case, `excludedIPs` should be set to match the list of `X-Forwarded-For

 Example to use each IP as a distinct source:

-| X-Forwarded-For                | excludedIPs           | clientIP     |
+| `X-Forwarded-For`              | excludedIPs           | clientIP     |
 |--------------------------------|-----------------------|--------------|
-| `"10.0.0.1,11.0.0.1,12.0.0.1"` | `"11.0.0.1,12.0.0.1"` | `"10.0.0.1"` |
-| `"10.0.0.2,11.0.0.1,12.0.0.1"` | `"11.0.0.1,12.0.0.1"` | `"10.0.0.2"` |
+| <a id="opt-10-0-0-111-0-0-112-0-0-1" href="#opt-10-0-0-111-0-0-112-0-0-1" title="#opt-10-0-0-111-0-0-112-0-0-1">`"10.0.0.1,11.0.0.1,12.0.0.1"`</a> | `"11.0.0.1,12.0.0.1"` | `"10.0.0.1"` |
+| <a id="opt-10-0-0-211-0-0-112-0-0-1" href="#opt-10-0-0-211-0-0-112-0-0-1" title="#opt-10-0-0-211-0-0-112-0-0-1">`"10.0.0.2,11.0.0.1,12.0.0.1"`</a> | `"11.0.0.1,12.0.0.1"` | `"10.0.0.2"` |

 2. Group together a set of IPs (also behind a common set of reverse-proxies) so that they are considered the same source, and all contribute to the same rate-limit bucket.

 Example to group IPs together as same source:

-|  X-Forwarded-For               |  excludedIPs | clientIP     |
+| `X-Forwarded-For`              | excludedIPs  | clientIP     |
 |--------------------------------|--------------|--------------|
-| `"10.0.0.1,11.0.0.1,12.0.0.1"` | `"12.0.0.1"` | `"11.0.0.1"` |
-| `"10.0.0.2,11.0.0.1,12.0.0.1"` | `"12.0.0.1"` | `"11.0.0.1"` |
-| `"10.0.0.3,11.0.0.1,12.0.0.1"` | `"12.0.0.1"` | `"11.0.0.1"` |
+| <a id="opt-10-0-0-111-0-0-112-0-0-1-2" href="#opt-10-0-0-111-0-0-112-0-0-1-2" title="#opt-10-0-0-111-0-0-112-0-0-1-2">`"10.0.0.1,11.0.0.1,12.0.0.1"`</a> | `"12.0.0.1"` | `"11.0.0.1"` |
+| <a id="opt-10-0-0-211-0-0-112-0-0-1-2" href="#opt-10-0-0-211-0-0-112-0-0-1-2" title="#opt-10-0-0-211-0-0-112-0-0-1-2">`"10.0.0.2,11.0.0.1,12.0.0.1"`</a> | `"12.0.0.1"` | `"11.0.0.1"` |
+| <a id="opt-10-0-0-311-0-0-112-0-0-1" href="#opt-10-0-0-311-0-0-112-0-0-1" title="#opt-10-0-0-311-0-0-112-0-0-1">`"10.0.0.3,11.0.0.1,12.0.0.1"`</a> | `"12.0.0.1"` | `"11.0.0.1"` |

 ### store

--- a/docs/content/reference/routing-configuration/http/middlewares/errorpages.md
+++ b/docs/content/reference/routing-configuration/http/middlewares/errorpages.md
@@ -18,6 +18,9 @@ http:
          - "501"
          - "503"
          - "505-599"
+        statusRewrites:
+          "418": "404"
+          "502-504": "500"
        service: error-handler-service
        query: "/{status}.html"

@@ -33,6 +36,10 @@ http:
    service = "error-handler-service"
    query = "/{status}.html"

+    [http.middlewares.test-errors.errors.statusRewrites]
+      "418" = "404"
+      "502-504" = "500"
+
 [http.services]
  # ... definition of the error-handler-service
 ```
@@ -41,6 +48,8 @@ http:
 # Dynamic Custom Error Page for 5XX Status Code
 labels:
  - "traefik.http.middlewares.test-errors.errors.status=500,501,503,505-599"
+  - "traefik.http.middlewares.test-errors.errors.statusRewrites.418=404"
+  - "traefik.http.middlewares.test-errors.errors.statusRewrites.502-504=500"
  - "traefik.http.middlewares.test-errors.errors.service=error-handler-service"
  - "traefik.http.middlewares.test-errors.errors.query=/{status}.html"
 ```
@@ -51,6 +60,8 @@ labels:
  // ...
  "Tags": [
    "traefik.http.middlewares.test-errors.errors.status=500,501,503,505-599",
+    "traefik.http.middlewares.test-errors.errors.statusRewrites.418=404",
+    "traefik.http.middlewares.test-errors.errors.statusRewrites.502-504=500",
    "traefik.http.middlewares.test-errors.errors.service=error-handler-service",
    "traefik.http.middlewares.test-errors.errors.query=/{status}.html"
  ]
@@ -71,6 +82,9 @@ spec:
      - "501"
      - "503"
      - "505-599"
+    statusRewrites:
+      "418": "404"
+      "502-504": "500"
    query: /{status}.html
    service:
      name: error-handler-service
@@ -81,9 +95,10 @@ spec:

 | Field      | Description                                                                                                                                                                                 | Default | Required |
 |:-----------|:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:--------|:---------|
-| `status` | Defines which status or range of statuses should result in an error page.<br/> The status code ranges are inclusive (`505-599` will trigger with every code between `505` and `599`, `505` and `599` included).<br /> You can define either a status code as a number (`500`), as multiple comma-separated numbers (`500,502`), as ranges by separating two codes with a dash (`505-599`), or a combination of the two (`404,418,505-599`).  | []     | No      | 
-| `service` | The service that will serve the new requested error page.<br /> More information [here](#service-and-hostheader). | ""      | No      |
-| `query` | The URL for the error page (hosted by `service`).<br /> More information [here](#query) | ""      | No      |
+| <a id="opt-status" href="#opt-status" title="#opt-status">`status`</a> | Defines which status or range of statuses should result in an error page.<br/> The status code ranges are inclusive (`505-599` will trigger with every code between `505` and `599`, `505` and `599` included).<br /> You can define either a status code as a number (`500`), as multiple comma-separated numbers (`500,502`), as ranges by separating two codes with a dash (`505-599`), or a combination of the two (`404,418,505-599`).  | []     | No      | 
+| <a id="opt-statusRewrites" href="#opt-statusRewrites" title="#opt-statusRewrites">`statusRewrites`</a> | An optional mapping of status codes to be rewritten. More information [here](#statusrewrites).  | []     | No      |
+| <a id="opt-service" href="#opt-service" title="#opt-service">`service`</a> | The service that will serve the new requested error page.<br /> More information [here](#service-and-hostheader). | ""      | No      |
+| <a id="opt-query" href="#opt-query" title="#opt-query">`query`</a> | The URL for the error page (hosted by `service`).<br /> More information [here](#query) | ""      | No      |

 ### service and HostHeader

@@ -94,6 +109,15 @@ the [`passHostHeader`](../../../../routing/services/index.md#pass-host-header) o
 !!!info "Kubernetes"
    When specifying a service in Kubernetes (e.g., in an IngressRoute), you need to reference the `name`, `namespace`, and `port` of your Kubernetes Service resource. For example, `my-service.my-namespace@kubernetescrd` (or `my-service.my-namespace@kubernetescrd:80`) ensures that requests go to the correct service and port.

+### statusRewrites
+
+`statusRewrites` is an optional mapping of status codes to be rewritten.
+
+For example, if a service returns a 418, you might want to rewrite it to a 404.
+You can map individual status codes or even ranges to a different status code.
+
+The syntax for ranges follows the same rules as the <a href="#opt-status">`status`</a> option.
+
 ### query

 There are multiple variables that can be placed in the `query` option to insert values in the URL.
@@ -102,5 +126,6 @@ The table below lists all the available variables and their associated values.

 | Variable   | Value                                                            |
 |------------|------------------------------------------------------------------|
-| `{status}` | The response status code.                                        |
-| `{url}`    | The [escaped](https://pkg.go.dev/net/url#QueryEscape) request URL.|
+| <a id="opt-status-2" href="#opt-status-2" title="#opt-status-2">`{status}`</a> | The response status code.                                        |
+| <a id="opt-originalStatus" href="#opt-originalStatus" title="#opt-originalStatus">`{originalStatus}`</a> | The original response status code, if it has been modified by the `statusRewrites` option. |
+| <a id="opt-url" href="#opt-url" title="#opt-url">`{url}`</a> | The [escaped](https://pkg.go.dev/net/url#QueryEscape) request URL.|
--- a/docs/content/reference/routing-configuration/http/middlewares/forwardauth.md
+++ b/docs/content/reference/routing-configuration/http/middlewares/forwardauth.md
@@ -55,23 +55,23 @@ spec:

 | Field      | Description     | Default | Required |
 |:-----------|:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:--------|:---------|
-| `address` | Authentication server address. | "" | Yes      |
-| `trustForwardHeader` | Trust all `X-Forwarded-*` headers. | false | No      |
-| `authResponseHeaders` | List of headers to copy from the authentication server response and set on forwarded request, replacing any existing conflicting headers. | [] | No      |
-| `authResponseHeadersRegex` | Regex to match by the headers to copy from the authentication server response and set on forwarded request, after stripping all headers that match the regex.<br /> More information [here](#authresponseheadersregex). | "" | No      |
-| `authRequestHeaders` | List of the headers to copy from the request to the authentication server. <br /> It allows filtering headers that should not be passed to the authentication server. <br /> If not set or empty, then all request headers are passed. | [] | No      |
-| `addAuthCookiesToResponse` | List of cookies to copy from the authentication server to the response, replacing any existing conflicting cookie from the forwarded response.<br /> Please note that all backend cookies matching the configured list will not be added to the response. | [] | No      |
-| `forwardBody` | Sets the `forwardBody` option to `true` to send the Body. As body is read inside Traefik before forwarding, this breaks streaming. | false | No      |
-| `maxBodySize` | Set the `maxBodySize` to limit the body size in bytes. If body is bigger than this, it returns a 401 (unauthorized). | -1 | No      |
-| `headerField` | Defines a header field to store the authenticated user. | "" | No      |
-| `preserveLocationHeader` | Defines whether to forward the Location header to the client as is or prefix it with the domain name of the authentication server. | false | No      |
-| `PreserveRequestMethod` | Defines whether to preserve the original request method while forwarding the request to the authentication server. | false | No      |
-| `tls.ca` | Sets the path to the certificate authority used for the secured connection to the authentication server, it defaults to the system bundle. | "" | No |
-| `tls.cert` | Sets the path to the public certificate used for the secure connection to the authentication server. When using this option, setting the key option is required. | "" | No |
-| `tls.key` | Sets the path to the private key used for the secure connection to the authentication server. When using this option, setting the `cert` option is required. | "" | No |
-| `tls.caSecret` | Defines the secret that contains the certificate authority used for the secured connection to the authentication server, it defaults to the system bundle. **This option is only available for the Kubernetes CRD**. | | No |
-| `tls.certSecret` | Defines the secret that contains both the private and public certificates used for the secure connection to the authentication server. **This option is only available for the Kubernetes CRD**. |  | No |
-| `tls.insecureSkipVerify` | During TLS connections, if this option is set to `true`, the authentication server will accept any certificate presented by the server regardless of the host names it covers. | false | No |
+| <a id="opt-address" href="#opt-address" title="#opt-address">`address`</a> | Authentication server address. | "" | Yes      |
+| <a id="opt-trustForwardHeader" href="#opt-trustForwardHeader" title="#opt-trustForwardHeader">`trustForwardHeader`</a> | Trust all `X-Forwarded-*` headers. | false | No      |
+| <a id="opt-authResponseHeaders" href="#opt-authResponseHeaders" title="#opt-authResponseHeaders">`authResponseHeaders`</a> | List of headers to copy from the authentication server response and set on forwarded request, replacing any existing conflicting headers. | [] | No      |
+| <a id="opt-authResponseHeadersRegex" href="#opt-authResponseHeadersRegex" title="#opt-authResponseHeadersRegex">`authResponseHeadersRegex`</a> | Regex to match by the headers to copy from the authentication server response and set on forwarded request, after stripping all headers that match the regex.<br /> More information [here](#authresponseheadersregex). | "" | No      |
+| <a id="opt-authRequestHeaders" href="#opt-authRequestHeaders" title="#opt-authRequestHeaders">`authRequestHeaders`</a> | List of the headers to copy from the request to the authentication server. <br /> It allows filtering headers that should not be passed to the authentication server. <br /> If not set or empty, then all request headers are passed. | [] | No      |
+| <a id="opt-addAuthCookiesToResponse" href="#opt-addAuthCookiesToResponse" title="#opt-addAuthCookiesToResponse">`addAuthCookiesToResponse`</a> | List of cookies to copy from the authentication server to the response, replacing any existing conflicting cookie from the forwarded response.<br /> Please note that all backend cookies matching the configured list will not be added to the response. | [] | No      |
+| <a id="opt-forwardBody" href="#opt-forwardBody" title="#opt-forwardBody">`forwardBody`</a> | Sets the `forwardBody` option to `true` to send the Body. As body is read inside Traefik before forwarding, this breaks streaming. | false | No      |
+| <a id="opt-maxBodySize" href="#opt-maxBodySize" title="#opt-maxBodySize">`maxBodySize`</a> | Set the `maxBodySize` to limit the body size in bytes. If body is bigger than this, it returns a 401 (unauthorized). | -1 | No      |
+| <a id="opt-headerField" href="#opt-headerField" title="#opt-headerField">`headerField`</a> | Defines a header field to store the authenticated user. | "" | No      |
+| <a id="opt-preserveLocationHeader" href="#opt-preserveLocationHeader" title="#opt-preserveLocationHeader">`preserveLocationHeader`</a> | Defines whether to forward the Location header to the client as is or prefix it with the domain name of the authentication server. | false | No      |
+| <a id="opt-preserveRequestMethod" href="#opt-preserveRequestMethod" title="#opt-preserveRequestMethod">`preserveRequestMethod`</a> | Defines whether to preserve the original request method while forwarding the request to the authentication server. | false | No      |
+| <a id="opt-tls-ca" href="#opt-tls-ca" title="#opt-tls-ca">`tls.ca`</a> | Sets the path to the certificate authority used for the secured connection to the authentication server, it defaults to the system bundle. | "" | No |
+| <a id="opt-tls-cert" href="#opt-tls-cert" title="#opt-tls-cert">`tls.cert`</a> | Sets the path to the public certificate used for the secure connection to the authentication server. When using this option, setting the key option is required. | "" | No |
+| <a id="opt-tls-key" href="#opt-tls-key" title="#opt-tls-key">`tls.key`</a> | Sets the path to the private key used for the secure connection to the authentication server. When using this option, setting the `cert` option is required. | "" | No |
+| <a id="opt-tls-caSecret" href="#opt-tls-caSecret" title="#opt-tls-caSecret">`tls.caSecret`</a> | Defines the secret that contains the certificate authority used for the secured connection to the authentication server, it defaults to the system bundle. **This option is only available for the Kubernetes CRD**. | | No |
+| <a id="opt-tls-certSecret" href="#opt-tls-certSecret" title="#opt-tls-certSecret">`tls.certSecret`</a> | Defines the secret that contains both the private and public certificates used for the secure connection to the authentication server. **This option is only available for the Kubernetes CRD**. |  | No |
+| <a id="opt-tls-insecureSkipVerify" href="#opt-tls-insecureSkipVerify" title="#opt-tls-insecureSkipVerify">`tls.insecureSkipVerify`</a> | During TLS connections, if this option is set to `true`, the authentication server will accept any certificate presented by the server regardless of the host names it covers. | false | No |

 ### authResponseHeadersRegex

@@ -87,10 +87,10 @@ The following request properties are provided to the forward-auth target endpoin

 | Property          | Forward-Request Header |
 |-------------------|------------------------|
-| HTTP Method       | X-Forwarded-Method     |
-| Protocol          | X-Forwarded-Proto      |
-| Host              | X-Forwarded-Host       |
-| Request URI       | X-Forwarded-Uri        |
-| Source IP-Address | X-Forwarded-For        |
+| <a id="opt-HTTP-Method" href="#opt-HTTP-Method" title="#opt-HTTP-Method">HTTP Method</a> | `X-Forwarded-Method`     |
+| <a id="opt-Protocol" href="#opt-Protocol" title="#opt-Protocol">Protocol</a> | `X-Forwarded-Proto`      |
+| <a id="opt-Host" href="#opt-Host" title="#opt-Host">Host</a> | `X-Forwarded-Host`       |
+| <a id="opt-Request-URI" href="#opt-Request-URI" title="#opt-Request-URI">Request URI</a> | `X-Forwarded-Uri`        |
+| <a id="opt-Source-IP-Address" href="#opt-Source-IP-Address" title="#opt-Source-IP-Address">Source IP-Address</a> | `X-Forwarded-For`        |

 {!traefik-for-business-applications.md!}
--- a/docs/content/reference/routing-configuration/http/middlewares/grpcweb.md
+++ b/docs/content/reference/routing-configuration/http/middlewares/grpcweb.md
@@ -56,7 +56,7 @@ spec:

 | Field                        | Description         | Default | Required |
 |:-----------------------------|:------------------------------------------|:--------|:---------|
-| `allowOrigins` | List of allowed origins. <br /> A wildcard origin `*` can also be configured to match all requests.<br /> More information [here](#alloworigins). | [] | No |
+| <a id="opt-allowOrigins" href="#opt-allowOrigins" title="#opt-allowOrigins">`allowOrigins`</a> | List of allowed origins. <br /> A wildcard origin `*` can also be configured to match all requests.<br /> More information [here](#alloworigins). | [] | No |

 ### allowOrigins

--- a/docs/content/reference/routing-configuration/http/middlewares/headers.md
+++ b/docs/content/reference/routing-configuration/http/middlewares/headers.md
@@ -9,11 +9,11 @@ By default, the following headers are automatically added when proxying requests

 | Property                  | HTTP Header                |
 |---------------------------|----------------------------|
-| Client's IP               | X-Forwarded-For, X-Real-Ip |
-| Host                      | X-Forwarded-Host           |
-| Port                      | X-Forwarded-Port           |
-| Protocol                  | X-Forwarded-Proto          |
-| Proxy Server's Hostname   | X-Forwarded-Server         |
+| <a id="opt-Clients-IP" href="#opt-Clients-IP" title="#opt-Clients-IP">Client's IP</a> | `X-Forwarded-For`, `X-Real-Ip` |
+| <a id="opt-Host" href="#opt-Host" title="#opt-Host">Host</a> | `X-Forwarded-Host`           |
+| <a id="opt-Port" href="#opt-Port" title="#opt-Port">Port</a> | `X-Forwarded-Port`           |
+| <a id="opt-Protocol" href="#opt-Protocol" title="#opt-Protocol">Protocol</a> | `X-Forwarded-Proto`          |
+| <a id="opt-Proxy-Servers-Hostname" href="#opt-Proxy-Servers-Hostname" title="#opt-Proxy-Servers-Hostname">Proxy Server's Hostname</a> | `X-Forwarded-Server`         |

 ## Configuration Examples

@@ -266,34 +266,34 @@ spec:

 | Field                         | Description                                       | Default   | Required |
 | ----------------------------- | ------------------------------------------------- | --------- | -------- |
-| `customRequestHeaders`          | Lists the header names and values for requests.  | [] | No |
-| `customResponseHeaders`         | Lists the header names and values for responses. | [] | No |
-| `accessControlAllowCredentials` | Indicates if the request can include user credentials.| false     | No |
-| `accessControlAllowHeaders`     | Specifies allowed request header names.          | [] | No |
-| `accessControlAllowMethods`     | Specifies allowed request methods.               | [] | No |
-| `accessControlAllowOriginList`  | Specifies allowed origins. More information [here](#accesscontrolalloworiginlist)      | []      | No |
-| `accessControlAllowOriginListRegex` | Allows origins matching regex. More information [here](#accesscontrolalloworiginlistregex)            | []      | No |
-| `accessControlExposeHeaders`    | Specifies which headers are safe to expose to the API of a CORS API specification.       |  []    | No |
-| `accessControlMaxAge`           | Time (in seconds) to cache preflight requests.   | 0         | No |
-| `addVaryHeader`                | Used in conjunction with `accessControlAllowOriginList` to determine whether the `Vary` header should be added or modified to demonstrate that server responses can differ based on the value of the origin header. | false     | No |
-| `allowedHosts`                  | Lists allowed domain names.                      | []      | No |
-| `hostsProxyHeaders`             | Specifies header keys for proxied hostname.      | []      | No |
-| `sslProxyHeaders`               | Defines a set of header keys with associated values that would indicate a valid HTTPS request. It can be useful when using other proxies (example: `"X-Forwarded-Proto": "https"`).        |   {}   | No |
-| `stsSeconds`                    | Max age for `Strict-Transport-Security` header.    | 0         | No |
-| `stsIncludeSubdomains`          | If set to `true`, the `includeSubDomains` directive is appended to the `Strict-Transport-Security` header.    | false     | No |
-| `stsPreload`                    | Adds preload flag to STS header.                 | false     | No |
-| `forceSTSHeader`                | Adds STS header for HTTP connections.            | false     | No |
-| `frameDeny`                     | Set `frameDeny` to `true` to add the `X-Frame-Options` header with the value of `DENY`.                | false     | No |
-| `customFrameOptionsValue`       | allows the `X-Frame-Options` header value to be set with a custom value. This overrides the `FrameDeny` option.  |    ""  | No |
-| `contentTypeNosniff`            | Set `contentTypeNosniff` to true to add the `X-Content-Type-Options` header with the value `nosniff`.  | false     | No |
-| `browserXssFilter`              | Set `browserXssFilter` to true to add the `X-XSS-Protection` header with the value `1; mode=block`.  | false     | No |
-| `customBrowserXSSValue`         | allows the `X-XSS-Protection` header value to be set with a custom value. This overrides the `BrowserXssFilter` option.   | false | No |
-| `contentSecurityPolicy`         | allows the `Content-Security-Policy` header value to be set with a custom value.           | false | No |
-| `contentSecurityPolicyReportOnly` | allows the `Content-Security-Policy-Report-Only` header value to be set with a custom value.    |   ""  | No |
-| `publicKey`                     | Implements HPKP for certificate pinning.         |  "" | No |
-| `referrerPolicy`                | Controls forwarding of `Referer` header.         | "" | No |
-| `permissionsPolicy`             | allows sites to control browser features.                   | ""      | No |
-| `isDevelopment`                 | Set `true` when developing to mitigate the unwanted effects of the `AllowedHosts`, SSL, and STS options. Usually testing takes place using HTTP, not HTTPS, and on `localhost`, not your production domain.    | false     | No |
+| <a id="opt-customRequestHeaders" href="#opt-customRequestHeaders" title="#opt-customRequestHeaders">`customRequestHeaders`</a> | Lists the header names and values for requests.  | [] | No |
+| <a id="opt-customResponseHeaders" href="#opt-customResponseHeaders" title="#opt-customResponseHeaders">`customResponseHeaders`</a> | Lists the header names and values for responses. | [] | No |
+| <a id="opt-accessControlAllowCredentials" href="#opt-accessControlAllowCredentials" title="#opt-accessControlAllowCredentials">`accessControlAllowCredentials`</a> | Indicates if the request can include user credentials.| false     | No |
+| <a id="opt-accessControlAllowHeaders" href="#opt-accessControlAllowHeaders" title="#opt-accessControlAllowHeaders">`accessControlAllowHeaders`</a> | Specifies allowed request header names.          | [] | No |
+| <a id="opt-accessControlAllowMethods" href="#opt-accessControlAllowMethods" title="#opt-accessControlAllowMethods">`accessControlAllowMethods`</a> | Specifies allowed request methods.               | [] | No |
+| <a id="opt-accessControlAllowOriginList" href="#opt-accessControlAllowOriginList" title="#opt-accessControlAllowOriginList">`accessControlAllowOriginList`</a> | Specifies allowed origins. More information [here](#accesscontrolalloworiginlist)      | []      | No |
+| <a id="opt-accessControlAllowOriginListRegex" href="#opt-accessControlAllowOriginListRegex" title="#opt-accessControlAllowOriginListRegex">`accessControlAllowOriginListRegex`</a> | Allows origins matching regex. More information [here](#accesscontrolalloworiginlistregex)            | []      | No |
+| <a id="opt-accessControlExposeHeaders" href="#opt-accessControlExposeHeaders" title="#opt-accessControlExposeHeaders">`accessControlExposeHeaders`</a> | Specifies which headers are safe to expose to the API of a CORS API specification.       |  []    | No |
+| <a id="opt-accessControlMaxAge" href="#opt-accessControlMaxAge" title="#opt-accessControlMaxAge">`accessControlMaxAge`</a> | Time (in seconds) to cache preflight requests.   | 0         | No |
+| <a id="opt-addVaryHeader" href="#opt-addVaryHeader" title="#opt-addVaryHeader">`addVaryHeader`</a> | Used in conjunction with `accessControlAllowOriginList` to determine whether the `Vary` header should be added or modified to demonstrate that server responses can differ based on the value of the origin header. | false     | No |
+| <a id="opt-allowedHosts" href="#opt-allowedHosts" title="#opt-allowedHosts">`allowedHosts`</a> | Lists allowed domain names.                      | []      | No |
+| <a id="opt-hostsProxyHeaders" href="#opt-hostsProxyHeaders" title="#opt-hostsProxyHeaders">`hostsProxyHeaders`</a> | Specifies header keys for proxied hostname.      | []      | No |
+| <a id="opt-sslProxyHeaders" href="#opt-sslProxyHeaders" title="#opt-sslProxyHeaders">`sslProxyHeaders`</a> | Defines a set of header keys with associated values that would indicate a valid HTTPS request. It can be useful when using other proxies (example: `"X-Forwarded-Proto": "https"`).        |   {}   | No |
+| <a id="opt-stsSeconds" href="#opt-stsSeconds" title="#opt-stsSeconds">`stsSeconds`</a> | Max age for `Strict-Transport-Security` header.    | 0         | No |
+| <a id="opt-stsIncludeSubdomains" href="#opt-stsIncludeSubdomains" title="#opt-stsIncludeSubdomains">`stsIncludeSubdomains`</a> | If set to `true`, the `includeSubDomains` directive is appended to the `Strict-Transport-Security` header.    | false     | No |
+| <a id="opt-stsPreload" href="#opt-stsPreload" title="#opt-stsPreload">`stsPreload`</a> | Adds preload flag to STS header.                 | false     | No |
+| <a id="opt-forceSTSHeader" href="#opt-forceSTSHeader" title="#opt-forceSTSHeader">`forceSTSHeader`</a> | Adds STS header for HTTP connections.            | false     | No |
+| <a id="opt-frameDeny" href="#opt-frameDeny" title="#opt-frameDeny">`frameDeny`</a> | Set `frameDeny` to `true` to add the `X-Frame-Options` header with the value of `DENY`.                | false     | No |
+| <a id="opt-customFrameOptionsValue" href="#opt-customFrameOptionsValue" title="#opt-customFrameOptionsValue">`customFrameOptionsValue`</a> | allows the `X-Frame-Options` header value to be set with a custom value. This overrides the `FrameDeny` option.  |    ""  | No |
+| <a id="opt-contentTypeNosniff" href="#opt-contentTypeNosniff" title="#opt-contentTypeNosniff">`contentTypeNosniff`</a> | Set `contentTypeNosniff` to true to add the `X-Content-Type-Options` header with the value `nosniff`.  | false     | No |
+| <a id="opt-browserXssFilter" href="#opt-browserXssFilter" title="#opt-browserXssFilter">`browserXssFilter`</a> | Set `browserXssFilter` to true to add the `X-XSS-Protection` header with the value `1; mode=block`.  | false     | No |
+| <a id="opt-customBrowserXSSValue" href="#opt-customBrowserXSSValue" title="#opt-customBrowserXSSValue">`customBrowserXSSValue`</a> | allows the `X-XSS-Protection` header value to be set with a custom value. This overrides the `BrowserXssFilter` option.   | false | No |
+| <a id="opt-contentSecurityPolicy" href="#opt-contentSecurityPolicy" title="#opt-contentSecurityPolicy">`contentSecurityPolicy`</a> | allows the `Content-Security-Policy` header value to be set with a custom value.           | false | No |
+| <a id="opt-contentSecurityPolicyReportOnly" href="#opt-contentSecurityPolicyReportOnly" title="#opt-contentSecurityPolicyReportOnly">`contentSecurityPolicyReportOnly`</a> | allows the `Content-Security-Policy-Report-Only` header value to be set with a custom value.    |   ""  | No |
+| <a id="opt-publicKey" href="#opt-publicKey" title="#opt-publicKey">`publicKey`</a> | Implements HPKP for certificate pinning.         |  "" | No |
+| <a id="opt-referrerPolicy" href="#opt-referrerPolicy" title="#opt-referrerPolicy">`referrerPolicy`</a> | Controls forwarding of `Referer` header.         | "" | No |
+| <a id="opt-permissionsPolicy" href="#opt-permissionsPolicy" title="#opt-permissionsPolicy">`permissionsPolicy`</a> | allows sites to control browser features.                   | ""      | No |
+| <a id="opt-isDevelopment" href="#opt-isDevelopment" title="#opt-isDevelopment">`isDevelopment`</a> | Set `true` when developing to mitigate the unwanted effects of the `AllowedHosts`, SSL, and STS options. Usually testing takes place using HTTP, not HTTPS, and on `localhost`, not your production domain.    | false     | No |

 ### `accessControlAllowOriginList`

--- a/docs/content/reference/routing-configuration/http/middlewares/hmac.md
+++ b/docs/content/reference/routing-configuration/http/middlewares/hmac.md
@@ -52,9 +52,9 @@ spec:

 | Field             | Description                | Default | Required |
 |:------------------|:---------------------------------------------|:--------|:---------|
-| `keys`            | A static set of secret keys to be used by HMAC middleware.    |         | Yes      |
-| `validateDigest`  | Determines whether the middleware should validate the digest sum of the request body.      | true    | No  |
-| `enforcedHeaders` | A set of headers that must be included in the computation of the signature of the request. |        | No    |
+| <a id="opt-keys" href="#opt-keys" title="#opt-keys">`keys`</a> | A static set of secret keys to be used by HMAC middleware.    |         | Yes      |
+| <a id="opt-validateDigest" href="#opt-validateDigest" title="#opt-validateDigest">`validateDigest`</a> | Determines whether the middleware should validate the digest sum of the request body.      | true    | No  |
+| <a id="opt-enforcedHeaders" href="#opt-enforcedHeaders" title="#opt-enforcedHeaders">`enforcedHeaders`</a> | A set of headers that must be included in the computation of the signature of the request. |        | No    |

 ## Authentication Mechanism

@@ -72,12 +72,12 @@ Authorization: Hmac keyId="secret-id-1",algorithm="hmac-sha256",headers="(reques

 | Parameter   | Description  | Example                            |
 |-------------|--------------------------------|------------------------------------|
-| `keyId`     | Identifier of the key being used by the sender to build the signature     | `keyId="secret-key-1"`             |
-| `algorithm` | Algorithm used to generate the signature.<br /> Supported values are `hmac-sha1`, `hmac-sha256`, `hmac-sha384` and `hmac-sha512`. | `algorithm="hmac-sha512"`          |
-| `headers`   | List of headers to use in order to build the signature string.<br /> Each item **must** be lowercase.    | `headers="host content-type"`      |
-| `signature` | Digital Signature of the request. See [computing the signature](#computing-the-signature).      | `signature="c29tZXNpZ25hdHVyZQ=="` |
-| `created`   | Unix timestamp of the signature creation.    | `created="1574453022"`     |
-| `expires`   | Unix timestamp of the signature expiration.     | `expires="1574453022"`             |
+| <a id="opt-keyId" href="#opt-keyId" title="#opt-keyId">`keyId`</a> | Identifier of the key being used by the sender to build the signature     | `keyId="secret-key-1"`             |
+| <a id="opt-algorithm" href="#opt-algorithm" title="#opt-algorithm">`algorithm`</a> | Algorithm used to generate the signature.<br /> Supported values are `hmac-sha1`, `hmac-sha256`, `hmac-sha384` and `hmac-sha512`. | `algorithm="hmac-sha512"`          |
+| <a id="opt-headers" href="#opt-headers" title="#opt-headers">`headers`</a> | List of headers to use in order to build the signature string.<br /> Each item **must** be lowercase.    | `headers="host content-type"`      |
+| <a id="opt-signature" href="#opt-signature" title="#opt-signature">`signature`</a> | Digital Signature of the request. See [computing the signature](#computing-the-signature).      | `signature="c29tZXNpZ25hdHVyZQ=="` |
+| <a id="opt-created" href="#opt-created" title="#opt-created">`created`</a> | Unix timestamp of the signature creation.    | `created="1574453022"`     |
+| <a id="opt-expires" href="#opt-expires" title="#opt-expires">`expires`</a> | Unix timestamp of the signature expiration.     | `expires="1574453022"`             |

 !!! danger "Time sensitivity"
    If the `created` timestamp is in the future or the `expires` timestamp is in the past, the middleware will refuse the request.
@@ -120,9 +120,9 @@ To allow this, the `headers` parameter accepts special header names that can be

 | Value                 | Description     | Signature String Example         |
 | --------------------- | ------------------------------------------------------------- |------------------------- |
-| `(request-target)`    | Obtained by concatenating the lowercase `:method`, an ASCII space, and the `:path` pseudo-headers ([as specified in HTTP/2](https://tools.ietf.org/html/rfc7540#section-8.1.2.3)).    | `(request-target): get /api/V1/resource?query=foo` |
-| `(created)`           | Value of the authorization header `created` parameter.         | `(created): 1584453022`      |
-| `(expires)`           | Value of the authorization header `expires` parameter.      | `(expires): 1584453082`      |
+| <a id="opt-request-target" href="#opt-request-target" title="#opt-request-target">`(request-target)`</a> | Obtained by concatenating the lowercase `:method`, an ASCII space, and the `:path` pseudo-headers ([as specified in HTTP/2](https://tools.ietf.org/html/rfc7540#section-8.1.2.3)).    | `(request-target): get /api/V1/resource?query=foo` |
+| <a id="opt-created-2" href="#opt-created-2" title="#opt-created-2">`(created)`</a> | Value of the authorization header `created` parameter.         | `(created): 1584453022`      |
+| <a id="opt-expires-2" href="#opt-expires-2" title="#opt-expires-2">`(expires)`</a> | Value of the authorization header `expires` parameter.      | `(expires): 1584453082`      |

 Their evaluated value is obtained by appending the special header name with an ASCII colon `:` an ASCII space \` \` then the designated value.

@@ -204,4 +204,4 @@ Only SHA-256 and SHA-512 checksums are supported for checksum computation.

    To disable this feature and only perform authentication, set the `validateDigest` option to `false` in the middleware configuration.

-{!traefik-for-business-applications.md!}
+{!traefik-for-business-applications.md!}
--- a/docs/content/reference/routing-configuration/http/middlewares/inflightreq.md
+++ b/docs/content/reference/routing-configuration/http/middlewares/inflightreq.md
@@ -54,12 +54,12 @@ spec:

 | Field      | Description                                                                                                                                                                                 | Default | Required |
 |:-----------|:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:--------|:---------|
-| `amount` | The `amount` option defines the maximum amount of allowed simultaneous in-flight request. <br /> The middleware responds with `HTTP 429 Too Many Requests` if there are already `amount` requests in progress (based on the same `sourceCriterion` strategy). | 0      | No      |
-| `sourceCriterion.requestHost` | Whether to consider the request host as the source.<br /> More information about `sourceCriterion`[here](#sourcecriterion). | false      | No      |
-| `sourceCriterion.requestHeaderName` | Name of the header used to group incoming requests.<br /> More information about `sourceCriterion`[here](#sourcecriterion). | ""      | No      |
-| `sourceCriterion.ipStrategy.depth` | Depth position of the IP to select in the `X-Forwarded-For` header (starting from the right).<br />0 means no depth.<br />If greater than the total number of IPs in `X-Forwarded-For`, then the client IP is empty<br />If higher than 0, the `excludedIPs` options is not evaluated.<br /> More information about [`sourceCriterion`](#sourcecriterion), [`ipStrategy](#ipstrategy), and [`depth`](#example-of-depth--x-forwarded-for) below. | 0      | No      |
-| `sourceCriterion.ipStrategy.excludedIPs` | Allows Traefik to scan the `X-Forwarded-For` header and select the first IP not in the list.<br />If `depth` is specified, `excludedIPs` is ignored.<br /> More information about [`sourceCriterion`](#sourcecriterion), [`ipStrategy](#ipstrategy), and [`excludedIPs`](#example-of-excludedips--x-forwarded-for) below. | | No      |
-| `sourceCriterion.ipStrategy.ipv6Subnet` |  If `ipv6Subnet` is provided and the selected IP is IPv6, the IP is transformed into the first IP of the subnet it belongs to. <br /> More information about [`sourceCriterion`](#sourcecriterion), [`ipStrategy.ipv6Subnet`](#ipstrategyipv6subnet), and [`excludedIPs`](#example-of-excludedips--x-forwarded-for) below. |  | No      |
+| <a id="opt-amount" href="#opt-amount" title="#opt-amount">`amount`</a> | The `amount` option defines the maximum amount of allowed simultaneous in-flight request. <br /> The middleware responds with `HTTP 429 Too Many Requests` if there are already `amount` requests in progress (based on the same `sourceCriterion` strategy). | 0      | No      |
+| <a id="opt-sourceCriterion-requestHost" href="#opt-sourceCriterion-requestHost" title="#opt-sourceCriterion-requestHost">`sourceCriterion.requestHost`</a> | Whether to consider the request host as the source.<br /> More information about `sourceCriterion`[here](#sourcecriterion). | false      | No      |
+| <a id="opt-sourceCriterion-requestHeaderName" href="#opt-sourceCriterion-requestHeaderName" title="#opt-sourceCriterion-requestHeaderName">`sourceCriterion.requestHeaderName`</a> | Name of the header used to group incoming requests.<br /> More information about `sourceCriterion`[here](#sourcecriterion). | ""      | No      |
+| <a id="opt-sourceCriterion-ipStrategy-depth" href="#opt-sourceCriterion-ipStrategy-depth" title="#opt-sourceCriterion-ipStrategy-depth">`sourceCriterion.ipStrategy.depth`</a> | Depth position of the IP to select in the `X-Forwarded-For` header (starting from the right).<br />0 means no depth.<br />If greater than the total number of IPs in `X-Forwarded-For`, then the client IP is empty<br />If higher than 0, the `excludedIPs` options is not evaluated.<br /> More information about [`sourceCriterion`](#sourcecriterion), [`ipStrategy](#ipstrategy), and [`depth`](#example-of-depth--x-forwarded-for) below. | 0      | No      |
+| <a id="opt-sourceCriterion-ipStrategy-excludedIPs" href="#opt-sourceCriterion-ipStrategy-excludedIPs" title="#opt-sourceCriterion-ipStrategy-excludedIPs">`sourceCriterion.ipStrategy.excludedIPs`</a> | Allows Traefik to scan the `X-Forwarded-For` header and select the first IP not in the list.<br />If `depth` is specified, `excludedIPs` is ignored.<br /> More information about [`sourceCriterion`](#sourcecriterion), [`ipStrategy](#ipstrategy), and [`excludedIPs`](#example-of-excludedips--x-forwarded-for) below. | | No      |
+| <a id="opt-sourceCriterion-ipStrategy-ipv6Subnet" href="#opt-sourceCriterion-ipStrategy-ipv6Subnet" title="#opt-sourceCriterion-ipStrategy-ipv6Subnet">`sourceCriterion.ipStrategy.ipv6Subnet`</a> |  If `ipv6Subnet` is provided and the selected IP is IPv6, the IP is transformed into the first IP of the subnet it belongs to. <br /> More information about [`sourceCriterion`](#sourcecriterion), [`ipStrategy.ipv6Subnet`](#ipstrategyipv6subnet), and [`excludedIPs`](#example-of-excludedips--x-forwarded-for) below. |  | No      |

 ### sourceCriterion

@@ -90,26 +90,26 @@ If `ipv6Subnet` is provided, the IP is transformed in the following way.

 | IP                     | ipv6Subnet | clientIP              |
 |---------------------------|--------------|-----------------------|
-| `"::abcd:1111:2222:3333"` | `64`         | `"::0:0:0:0"`         |
-| `"::abcd:1111:2222:3333"` | `80`         | `"::abcd:0:0:0:0"`    |
-| `"::abcd:1111:2222:3333"` | `96`         | `"::abcd:1111:0:0:0"` |
+| <a id="opt-abcd111122223333" href="#opt-abcd111122223333" title="#opt-abcd111122223333">`"::abcd:1111:2222:3333"`</a> | `64`         | `"::0:0:0:0"`         |
+| <a id="opt-abcd111122223333-2" href="#opt-abcd111122223333-2" title="#opt-abcd111122223333-2">`"::abcd:1111:2222:3333"`</a> | `80`         | `"::abcd:0:0:0:0"`    |
+| <a id="opt-abcd111122223333-3" href="#opt-abcd111122223333-3" title="#opt-abcd111122223333-3">`"::abcd:1111:2222:3333"`</a> | `96`         | `"::abcd:1111:0:0:0"` |

-### Example of Depth & X-Forwarded-For
+### Example of Depth & `X-Forwarded-For`

 If `depth` is set to 2, and the request `X-Forwarded-For` header is `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` then the "real" client IP is `"10.0.0.1"` (at depth 4) but the IP used as the criterion is `"12.0.0.1"` (`depth=2`).

-| X-Forwarded-For                      | depth | clientIP     |
-|-----------------------------------------|---------|--------------|
-| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `1`     | `"13.0.0.1"` |
-| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `3`     | `"11.0.0.1"` |
-| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `5`     | `""`         |
+| `X-Forwarded-For`                       | depth | clientIP     |
+|-----------------------------------------|-------|--------------|
+| <a id="opt-10-0-0-111-0-0-112-0-0-113-0-0-1" href="#opt-10-0-0-111-0-0-112-0-0-113-0-0-1" title="#opt-10-0-0-111-0-0-112-0-0-113-0-0-1">`"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"`</a> | `1`     | `"13.0.0.1"` |
+| <a id="opt-10-0-0-111-0-0-112-0-0-113-0-0-1-2" href="#opt-10-0-0-111-0-0-112-0-0-113-0-0-1-2" title="#opt-10-0-0-111-0-0-112-0-0-113-0-0-1-2">`"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"`</a> | `3`     | `"11.0.0.1"` |
+| <a id="opt-10-0-0-111-0-0-112-0-0-113-0-0-1-3" href="#opt-10-0-0-111-0-0-112-0-0-113-0-0-1-3" title="#opt-10-0-0-111-0-0-112-0-0-113-0-0-1-3">`"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"`</a> | `5`     | `""`         |

 ### Example of ExcludedIPs & X-Forwarded-For

-| X-Forwarded-For                       | excludedIPs        | clientIP     |
+| `X-Forwarded-For`                       | excludedIPs           | clientIP     |
 |-----------------------------------------|-----------------------|--------------|
-| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `"12.0.0.1,13.0.0.1"` | `"11.0.0.1"` |
-| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `"15.0.0.1,13.0.0.1"` | `"12.0.0.1"` |
-| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `"10.0.0.1,13.0.0.1"` | `"12.0.0.1"` |
-| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `"15.0.0.1,16.0.0.1"` | `"13.0.0.1"` |
-| `"10.0.0.1,11.0.0.1"`                   | `"10.0.0.1,11.0.0.1"` | `""`         |
+| <a id="opt-10-0-0-111-0-0-112-0-0-113-0-0-1-4" href="#opt-10-0-0-111-0-0-112-0-0-113-0-0-1-4" title="#opt-10-0-0-111-0-0-112-0-0-113-0-0-1-4">`"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"`</a> | `"12.0.0.1,13.0.0.1"` | `"11.0.0.1"` |
+| <a id="opt-10-0-0-111-0-0-112-0-0-113-0-0-1-5" href="#opt-10-0-0-111-0-0-112-0-0-113-0-0-1-5" title="#opt-10-0-0-111-0-0-112-0-0-113-0-0-1-5">`"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"`</a> | `"15.0.0.1,13.0.0.1"` | `"12.0.0.1"` |
+| <a id="opt-10-0-0-111-0-0-112-0-0-113-0-0-1-6" href="#opt-10-0-0-111-0-0-112-0-0-113-0-0-1-6" title="#opt-10-0-0-111-0-0-112-0-0-113-0-0-1-6">`"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"`</a> | `"10.0.0.1,13.0.0.1"` | `"12.0.0.1"` |
+| <a id="opt-10-0-0-111-0-0-112-0-0-113-0-0-1-7" href="#opt-10-0-0-111-0-0-112-0-0-113-0-0-1-7" title="#opt-10-0-0-111-0-0-112-0-0-113-0-0-1-7">`"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"`</a> | `"15.0.0.1,16.0.0.1"` | `"13.0.0.1"` |
+| <a id="opt-10-0-0-111-0-0-1" href="#opt-10-0-0-111-0-0-1" title="#opt-10-0-0-111-0-0-1">`"10.0.0.1,11.0.0.1"`</a> | `"10.0.0.1,11.0.0.1"` | `""`         |
--- a/docs/content/reference/routing-configuration/http/middlewares/ipallowlist.md
+++ b/docs/content/reference/routing-configuration/http/middlewares/ipallowlist.md
@@ -56,10 +56,10 @@ spec:

 | Field      | Description     | Default | Required |
 |:-----------|:------------------------------|:--------|:---------|
-| `sourceRange` | List of allowed IPs (or ranges of allowed IPs by using CIDR notation). |      | Yes      |
-| `ipStrategy.depth` | Depth position of the IP to select in the `X-Forwarded-For` header (starting from the right).<br />0 means no depth.<br />If greater than the total number of IPs in `X-Forwarded-For`, then the client IP is empty<br /> If higher than 0, the `excludedIPs` options is not evaluated.<br /> More information about [`ipStrategy](#ipstrategy), and [`depth`](#example-of-depth--x-forwarded-for) below. | 0      | No      |
-| `ipStrategy.excludedIPs` | Allows Traefik to scan the `X-Forwarded-For` header and select the first IP not in the list.<br />If `depth` is specified, `excludedIPs` is ignored.<br /> More information about [`ipStrategy](#ipstrategy), and [`excludedIPs`](#example-of-excludedips--x-forwarded-for) below. |       | No      |
-| `ipStrategy.ipv6Subnet` |  If `ipv6Subnet` is provided and the selected IP is IPv6, the IP is transformed into the first IP of the subnet it belongs to. <br />More information about [`ipStrategy.ipv6Subnet`](#ipstrategyipv6subnet), and [`excludedIPs`](#example-of-excludedips--x-forwarded-for) below. |       | No      |
+| <a id="opt-sourceRange" href="#opt-sourceRange" title="#opt-sourceRange">`sourceRange`</a> | List of allowed IPs (or ranges of allowed IPs by using CIDR notation). |      | Yes      |
+| <a id="opt-ipStrategy-depth" href="#opt-ipStrategy-depth" title="#opt-ipStrategy-depth">`ipStrategy.depth`</a> | Depth position of the IP to select in the `X-Forwarded-For` header (starting from the right).<br />0 means no depth.<br />If greater than the total number of IPs in `X-Forwarded-For`, then the client IP is empty<br /> If higher than 0, the `excludedIPs` options is not evaluated.<br /> More information about [`ipStrategy](#ipstrategy), and [`depth`](#example-of-depth--x-forwarded-for) below. | 0      | No      |
+| <a id="opt-ipStrategy-excludedIPs" href="#opt-ipStrategy-excludedIPs" title="#opt-ipStrategy-excludedIPs">`ipStrategy.excludedIPs`</a> | Allows Traefik to scan the `X-Forwarded-For` header and select the first IP not in the list.<br />If `depth` is specified, `excludedIPs` is ignored.<br /> More information about [`ipStrategy](#ipstrategy), and [`excludedIPs`](#example-of-excludedips--x-forwarded-for) below. |       | No      |
+| <a id="opt-ipStrategy-ipv6Subnet" href="#opt-ipStrategy-ipv6Subnet" title="#opt-ipStrategy-ipv6Subnet">`ipStrategy.ipv6Subnet`</a> |  If `ipv6Subnet` is provided and the selected IP is IPv6, the IP is transformed into the first IP of the subnet it belongs to. <br />More information about [`ipStrategy.ipv6Subnet`](#ipstrategyipv6subnet), and [`excludedIPs`](#example-of-excludedips--x-forwarded-for) below. |       | No      |

 ### ipStrategy

@@ -95,26 +95,26 @@ If `ipv6Subnet` is provided, the IP is transformed in the following way.

 | IP                      | ipv6Subnet | clientIP              |
 |---------------------------|--------------|-----------------------|
-| `"::abcd:1111:2222:3333"` | `64`         | `"::0:0:0:0"`         |
-| `"::abcd:1111:2222:3333"` | `80`         | `"::abcd:0:0:0:0"`    |
-| `"::abcd:1111:2222:3333"` | `96`         | `"::abcd:1111:0:0:0"` |
+| <a id="opt-abcd111122223333" href="#opt-abcd111122223333" title="#opt-abcd111122223333">`"::abcd:1111:2222:3333"`</a> | `64`         | `"::0:0:0:0"`         |
+| <a id="opt-abcd111122223333-2" href="#opt-abcd111122223333-2" title="#opt-abcd111122223333-2">`"::abcd:1111:2222:3333"`</a> | `80`         | `"::abcd:0:0:0:0"`    |
+| <a id="opt-abcd111122223333-3" href="#opt-abcd111122223333-3" title="#opt-abcd111122223333-3">`"::abcd:1111:2222:3333"`</a> | `96`         | `"::abcd:1111:0:0:0"` |

-### Example of Depth & X-Forwarded-For
+### Example of Depth & `X-Forwarded-For`

 If `depth` is set to 2, and the request `X-Forwarded-For` header is `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` then the "real" client IP is `"10.0.0.1"` (at depth 4) but the IP used as the criterion is `"12.0.0.1"` (`depth=2`).

-| X-Forwarded-For                       | depth | clientIP     |
+| `X-Forwarded-For`                       | depth   | clientIP     |
 |-----------------------------------------|---------|--------------|
-| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `1`     | `"13.0.0.1"` |
-| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `3`     | `"11.0.0.1"` |
-| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `5`     | `""`         |
+| <a id="opt-10-0-0-111-0-0-112-0-0-113-0-0-1" href="#opt-10-0-0-111-0-0-112-0-0-113-0-0-1" title="#opt-10-0-0-111-0-0-112-0-0-113-0-0-1">`"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"`</a> | `1`     | `"13.0.0.1"` |
+| <a id="opt-10-0-0-111-0-0-112-0-0-113-0-0-1-2" href="#opt-10-0-0-111-0-0-112-0-0-113-0-0-1-2" title="#opt-10-0-0-111-0-0-112-0-0-113-0-0-1-2">`"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"`</a> | `3`     | `"11.0.0.1"` |
+| <a id="opt-10-0-0-111-0-0-112-0-0-113-0-0-1-3" href="#opt-10-0-0-111-0-0-112-0-0-113-0-0-1-3" title="#opt-10-0-0-111-0-0-112-0-0-113-0-0-1-3">`"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"`</a> | `5`     | `""`         |

-### Example of ExcludedIPs & X-Forwarded-For
+### Example of ExcludedIPs & `X-Forwarded-For`

-| X-Forwarded-For                       | excludedIPs         | clientIP     |
+| `X-Forwarded-For`                       | excludedIPs           | clientIP     |
 |-----------------------------------------|-----------------------|--------------|
-| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `"12.0.0.1,13.0.0.1"` | `"11.0.0.1"` |
-| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `"15.0.0.1,13.0.0.1"` | `"12.0.0.1"` |
-| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `"10.0.0.1,13.0.0.1"` | `"12.0.0.1"` |
-| `"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"` | `"15.0.0.1,16.0.0.1"` | `"13.0.0.1"` |
-| `"10.0.0.1,11.0.0.1"`                   | `"10.0.0.1,11.0.0.1"` | `""`         |
+| <a id="opt-10-0-0-111-0-0-112-0-0-113-0-0-1-4" href="#opt-10-0-0-111-0-0-112-0-0-113-0-0-1-4" title="#opt-10-0-0-111-0-0-112-0-0-113-0-0-1-4">`"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"`</a> | `"12.0.0.1,13.0.0.1"` | `"11.0.0.1"` |
+| <a id="opt-10-0-0-111-0-0-112-0-0-113-0-0-1-5" href="#opt-10-0-0-111-0-0-112-0-0-113-0-0-1-5" title="#opt-10-0-0-111-0-0-112-0-0-113-0-0-1-5">`"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"`</a> | `"15.0.0.1,13.0.0.1"` | `"12.0.0.1"` |
+| <a id="opt-10-0-0-111-0-0-112-0-0-113-0-0-1-6" href="#opt-10-0-0-111-0-0-112-0-0-113-0-0-1-6" title="#opt-10-0-0-111-0-0-112-0-0-113-0-0-1-6">`"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"`</a> | `"10.0.0.1,13.0.0.1"` | `"12.0.0.1"` |
+| <a id="opt-10-0-0-111-0-0-112-0-0-113-0-0-1-7" href="#opt-10-0-0-111-0-0-112-0-0-113-0-0-1-7" title="#opt-10-0-0-111-0-0-112-0-0-113-0-0-1-7">`"10.0.0.1,11.0.0.1,12.0.0.1,13.0.0.1"`</a> | `"15.0.0.1,16.0.0.1"` | `"13.0.0.1"` |
+| <a id="opt-10-0-0-111-0-0-1" href="#opt-10-0-0-111-0-0-1" title="#opt-10-0-0-111-0-0-1">`"10.0.0.1,11.0.0.1"`</a> | `"10.0.0.1,11.0.0.1"` | `""`         |
--- a/docs/content/reference/routing-configuration/http/middlewares/jwt.md
+++ b/docs/content/reference/routing-configuration/http/middlewares/jwt.md
@@ -36,22 +36,22 @@ spec:

 | Field           | Description   | Default | Required |
 |:----------------|:------------------------------------------------|:--------|:---------|
-| `signingSecret` | Defines the secret used for signing the JWT certificates. <br /> It is then used by the middleware to verify incoming requests. <br /> At least one of `signingSecret`, `publicKey`, `jwksFile` or `jwksUrl` options must be set. (More information [here](#signingsecret)) | ""      | No       |
-| `signingSecretBase64Encoded` | Defines whether the `signingSecret` is base64-encoded. <br /> If set to `true`, the `signingSecret` is base64-decoded before being used. | false   | No  |
-| `publicKey` | Defines the public key used to verify secret signature in incoming requests. <br /> In that case, users should sign their token using a private key corresponding to the configured public key. <br /> At least one of `signingSecret`, `publicKey`, `jwksFile` or `jwksUrl` options must be set. | ""      | No       |
-| `jwksFile` | Defines a set of [JWK](https://tools.ietf.org/html/rfc7517) to be used to verify the signature of JWTs. <br /> The option can either be a path to a file mounted on the API Gateway or directly the content of a JWK set file. <br /> At least one of `signingSecret`, `publicKey`, `jwksFile` or `jwksUrl` options must be set. (More information [here](#jwksfile)) | ""      | No       |
-| `jwksUrl` | Defines the URL of the host serving a [JWK](https://tools.ietf.org/html/rfc7517) set. <br />The keys are cached if the HTTP Cache Control allows for caching. <br /> At least one of `signingSecret`, `publicKey`, `jwksFile` or `jwksUrl` options must be set.<br />(More information [here](#jwksurl)) | ""      | No       |
-| `forwardAuthorization` | Defines whether the authorization header will be forwarded or stripped from a request after it has been approved by the middleware. | false   | No       |
-| `tokenKey` | Defines the name of the query and form data parameter used for passing the JWT, for applications that can't pass it in the `Authorization` header. <br /> The middleware always looks in the `Authorization` header first, even with this option enabled. <br /> This option should only be enabled if the JWT cannot be passed as an Authorization header, as it is not recommended by the [RFC](https://www.rfc-editor.org/rfc/rfc6750#section-2). | "" | No |
-| `claims` | Defines the claims to validate in order to authorize the request. <br /> The `claims` option can only be used with JWT-formatted token. (More information [here](#claims)) | "" | No |
-| `usernameClaim` | Defines the claim that will be evaluated to populate the `clientusername` in the access logs. <br /> The `usernameClaim` option can only be used with JWT-formatted token.| ""      | No       |
-| `forwardHeaders` | Defines the HTTP headers to add to requests and populates them with values extracted from the access token claims returned by the authorization server. <br /> Claims to be forwarded that are not found in the JWT result in empty headers. <br /> The `forwardHeaders` option can only be used with JWT-formatted token. | []      | No       |
-| `clientConfig.tls.ca` | PEM-encoded certificate bundle or a URN referencing a secret containing the certificate bundle used to establish a TLS connection with the authorization server  (More information [here](#clientconfig)) | ""      | No       |
-| `clientConfig.tls.cert` | PEM-encoded certificate or a URN referencing a secret containing the certificate used to establish a TLS connection with the Vault server (More information [here](#clientconfig)) | ""      | No       |
-| `clientConfig.tls.key`  | PEM-encoded key or a URN referencing a secret containing the key used to establish a TLS connection with the Vault server. (More information [here](#clientconfig)) | ""      | No       |
-| `clientConfig.tls.insecureSkipVerify` | Disables TLS certificate verification when communicating with the authorization server. <br /> Useful for testing purposes but strongly discouraged for production. (More information [here](#clientconfig)) | ""      | No       |
-| `clientConfig.timeoutSeconds` | Defines the time before giving up requests to the authorization server.   | 5       | No       |
-| `clientConfig.maxRetries` | Defines the number of retries for requests to authorization server that fail. | 3       | No       |
+| <a id="opt-signingSecret" href="#opt-signingSecret" title="#opt-signingSecret">`signingSecret`</a> | Defines the secret used for signing the JWT certificates. <br /> It is then used by the middleware to verify incoming requests. <br /> At least one of `signingSecret`, `publicKey`, `jwksFile` or `jwksUrl` options must be set. (More information [here](#signingsecret)) | ""      | No       |
+| <a id="opt-signingSecretBase64Encoded" href="#opt-signingSecretBase64Encoded" title="#opt-signingSecretBase64Encoded">`signingSecretBase64Encoded`</a> | Defines whether the `signingSecret` is base64-encoded. <br /> If set to `true`, the `signingSecret` is base64-decoded before being used. | false   | No  |
+| <a id="opt-publicKey" href="#opt-publicKey" title="#opt-publicKey">`publicKey`</a> | Defines the public key used to verify secret signature in incoming requests. <br /> In that case, users should sign their token using a private key corresponding to the configured public key. <br /> At least one of `signingSecret`, `publicKey`, `jwksFile` or `jwksUrl` options must be set. | ""      | No       |
+| <a id="opt-jwksFile" href="#opt-jwksFile" title="#opt-jwksFile">`jwksFile`</a> | Defines a set of [JWK](https://tools.ietf.org/html/rfc7517) to be used to verify the signature of JWTs. <br /> The option can either be a path to a file mounted on the API Gateway or directly the content of a JWK set file. <br /> At least one of `signingSecret`, `publicKey`, `jwksFile` or `jwksUrl` options must be set. (More information [here](#jwksfile)) | ""      | No       |
+| <a id="opt-jwksUrl" href="#opt-jwksUrl" title="#opt-jwksUrl">`jwksUrl`</a> | Defines the URL of the host serving a [JWK](https://tools.ietf.org/html/rfc7517) set. <br />The keys are cached if the HTTP Cache Control allows for caching. <br /> At least one of `signingSecret`, `publicKey`, `jwksFile` or `jwksUrl` options must be set.<br />(More information [here](#jwksurl)) | ""      | No       |
+| <a id="opt-forwardAuthorization" href="#opt-forwardAuthorization" title="#opt-forwardAuthorization">`forwardAuthorization`</a> | Defines whether the authorization header will be forwarded or stripped from a request after it has been approved by the middleware. | false   | No       |
+| <a id="opt-tokenKey" href="#opt-tokenKey" title="#opt-tokenKey">`tokenKey`</a> | Defines the name of the query and form data parameter used for passing the JWT, for applications that can't pass it in the `Authorization` header. <br /> The middleware always looks in the `Authorization` header first, even with this option enabled. <br /> This option should only be enabled if the JWT cannot be passed as an Authorization header, as it is not recommended by the [RFC](https://www.rfc-editor.org/rfc/rfc6750#section-2). | "" | No |
+| <a id="opt-claims" href="#opt-claims" title="#opt-claims">`claims`</a> | Defines the claims to validate in order to authorize the request. <br /> The `claims` option can only be used with JWT-formatted token. (More information [here](#claims)) | "" | No |
+| <a id="opt-usernameClaim" href="#opt-usernameClaim" title="#opt-usernameClaim">`usernameClaim`</a> | Defines the claim that will be evaluated to populate the `clientusername` in the access logs. <br /> The `usernameClaim` option can only be used with JWT-formatted token.| ""      | No       |
+| <a id="opt-forwardHeaders" href="#opt-forwardHeaders" title="#opt-forwardHeaders">`forwardHeaders`</a> | Defines the HTTP headers to add to requests and populates them with values extracted from the access token claims returned by the authorization server. <br /> Claims to be forwarded that are not found in the JWT result in empty headers. <br /> The `forwardHeaders` option can only be used with JWT-formatted token. | []      | No       |
+| <a id="opt-clientConfig-tls-ca" href="#opt-clientConfig-tls-ca" title="#opt-clientConfig-tls-ca">`clientConfig.tls.ca`</a> | PEM-encoded certificate bundle or a URN referencing a secret containing the certificate bundle used to establish a TLS connection with the authorization server  (More information [here](#clientconfig)) | ""      | No       |
+| <a id="opt-clientConfig-tls-cert" href="#opt-clientConfig-tls-cert" title="#opt-clientConfig-tls-cert">`clientConfig.tls.cert`</a> | PEM-encoded certificate or a URN referencing a secret containing the certificate used to establish a TLS connection with the Vault server (More information [here](#clientconfig)) | ""      | No       |
+| <a id="opt-clientConfig-tls-key" href="#opt-clientConfig-tls-key" title="#opt-clientConfig-tls-key">`clientConfig.tls.key`</a> | PEM-encoded key or a URN referencing a secret containing the key used to establish a TLS connection with the Vault server. (More information [here](#clientconfig)) | ""      | No       |
+| <a id="opt-clientConfig-tls-insecureSkipVerify" href="#opt-clientConfig-tls-insecureSkipVerify" title="#opt-clientConfig-tls-insecureSkipVerify">`clientConfig.tls.insecureSkipVerify`</a> | Disables TLS certificate verification when communicating with the authorization server. <br /> Useful for testing purposes but strongly discouraged for production. (More information [here](#clientconfig)) | ""      | No       |
+| <a id="opt-clientConfig-timeoutSeconds" href="#opt-clientConfig-timeoutSeconds" title="#opt-clientConfig-timeoutSeconds">`clientConfig.timeoutSeconds`</a> | Defines the time before giving up requests to the authorization server.   | 5       | No       |
+| <a id="opt-clientConfig-maxRetries" href="#opt-clientConfig-maxRetries" title="#opt-clientConfig-maxRetries">`clientConfig.maxRetries`</a> | Defines the number of retries for requests to authorization server that fail. | 3       | No       |

 ### claims

@@ -61,20 +61,20 @@ The following functions are supported in `claims`:

 | Function          | Description        | Example        |
 |-------------------|--------------------|-----------------|
-| Equals            | Validates the equality of the value in `key` with `value`.                     | Equals(\`grp\`, \`admin\`)                   |
-| Prefix            | Validates the value in `key` has the prefix of `value`.                        | Prefix(\`referrer\`, \`http://example.com\`) |
-| Contains (string) | Validates the value in `key` contains `value`.                                 | Contains(\`referrer\`, \`/foo/\`)            |
-| Contains (array)  | Validates the `key` array contains the `value`.                                | Contains(\`areas\`, \`home\`)                |
-| SplitContains     | Validates the value in `key` contains the `value` once split by the separator. | SplitContains(\`scope\`, \` \`, \`writer\`)  |
-| OneOf             | Validates the `key` array contains one of the `values`.                        | OneOf(\`areas\`, \`office\`, \`lab\`)        |
+| <a id="opt-Equals" href="#opt-Equals" title="#opt-Equals">Equals</a> | Validates the equality of the value in `key` with `value`.                     | Equals(\`grp\`, \`admin\`)                   |
+| <a id="opt-Prefix" href="#opt-Prefix" title="#opt-Prefix">Prefix</a> | Validates the value in `key` has the prefix of `value`.                        | Prefix(\`referrer\`, \`http://example.com\`) |
+| <a id="opt-Contains-string" href="#opt-Contains-string" title="#opt-Contains-string">Contains (string)</a> | Validates the value in `key` contains `value`.                                 | Contains(\`referrer\`, \`/foo/\`)            |
+| <a id="opt-Contains-array" href="#opt-Contains-array" title="#opt-Contains-array">Contains (array)</a> | Validates the `key` array contains the `value`.                                | Contains(\`areas\`, \`home\`)                |
+| <a id="opt-SplitContains" href="#opt-SplitContains" title="#opt-SplitContains">SplitContains</a> | Validates the value in `key` contains the `value` once split by the separator. | SplitContains(\`scope\`, \` \`, \`writer\`)  |
+| <a id="opt-OneOf" href="#opt-OneOf" title="#opt-OneOf">OneOf</a> | Validates the `key` array contains one of the `values`.                        | OneOf(\`areas\`, \`office\`, \`lab\`)        |

 All functions can be joined by boolean operands. The supported operands are:

 | Operand | Description        | Example        |
 |---------|--------------------|-----------------|
-| &&      | Compares two functions and returns true only if both evaluate to true. | Equals(\`grp\`, \`admin\`) && Equals(\`active\`, \`true\`)   |
-| \|\|    | Compares two functions and returns true if either evaluate to true.    | Equals(\`grp\`, \`admin\`) \|\| Equals(\`active\`, \`true\`) |
-| !       | Returns false if the function is true, otherwise returns true.         | !Equals(\`grp\`, \`testers\`)                                |
+| <a id="opt-row" href="#opt-row" title="#opt-row">&&</a> | Compares two functions and returns true only if both evaluate to true. | Equals(\`grp\`, \`admin\`) && Equals(\`active\`, \`true\`)   |
+| <a id="opt-row-2" href="#opt-row-2" title="#opt-row-2">\|\|</a> | Compares two functions and returns true if either evaluate to true.    | Equals(\`grp\`, \`admin\`) \|\| Equals(\`active\`, \`true\`) |
+| <a id="opt-row-3" href="#opt-row-3" title="#opt-row-3">!</a> | Returns false if the function is true, otherwise returns true.         | !Equals(\`grp\`, \`testers\`)                                |

 All examples will return true for the following data structure:

@@ -230,4 +230,4 @@ The reference to a Kubernetes secret takes the form of a URN:
 urn:k8s:secret:[name]:[valueKey]
 ```

-{!traefik-for-business-applications.md!}
+{!traefik-for-business-applications.md!}
--- a/docs/content/reference/routing-configuration/http/middlewares/ldap.md
+++ b/docs/content/reference/routing-configuration/http/middlewares/ldap.md
@@ -64,24 +64,24 @@ spec:

 | Field | Description | Default | Required |
 |:------|:------------|:--------|:---------|
-| `url` | LDAP server URL. Either the `ldaps` or `ldap` protocol and end with a port (ex: `ldaps://ldap.example.org:636`). | ""      | Yes      |
-| `startTLS` | Enable [`StartTLS`](https://tools.ietf.org/html/rfc4511#section-4.14) request when initializing the connection with the LDAP server. | false   | No       |
-| `certificateAuthority` | PEM-encoded certificate to use to establish a connection with the LDAP server if the connection uses TLS but that the certificate was signed by a custom Certificate Authority. | ""      | No       |
-| `insecureSkipVerify` | Allow proceeding and operating even for server TLS connections otherwise considered insecure. | false   | No       |
-| `bindDN` | Domain name to bind to in order to authenticate to the LDAP server when running on search mode.<br /> Leaving this empty with search mode means binds are anonymous, which is rarely expected behavior.<br /> Not used when running in [bind mode](#bind-mode-vs-search-mode). | ""      | No       |
-| `bindPassword` |  Password for the `bindDN` used in search mode to authenticate with the LDAP server. More information [here](#bindpassword) | ""      | No       |
-| `connPool` | Pool of connections to the LDAP server (to minimize the impact on the performance). | None    | No       |
-| `connPool.size` | Number of connections managed by the pool can be customized with the `size` property. | 10      | No       |
-| `connPool.burst` | Ephemeral connections that are opened when the pool is already full. Once the number of connection exceeds `size` + `burst`, a `Too Many Connections` error is returned. | 5       | No       |
-| `connPool.ttl` | Pooled connections are still meant to be short-lived, so they are closed after roughly one minute by default. This behavior can be modified with the `ttl` property. | 60s     | No       |
-| `baseDN` | Base domain name that should be used for bind and search queries. | ""      | Yes      |
-| `attribute` | The attribute used to bind a user. Bind queries use this pattern: `<attr>=<username>,<baseDN>`, where the username is extracted from the request header. | cn      | Yes      |
-| `forwardUsername` | Forward the username in a specific header, defined using the `forwardUsernameHeader` option. | ""      | No       |
-| `forwardUsernameHeader` | Name of the header to put the username in when forwarding it. This is not used if the `forwardUsername` option is set to `false`. | Username | Yes      |
-| `forwardAuthorization` | Enable to forward the authorization header from the request after it has been approved by the middleware. | false   | Yes      |
-| `searchFilter` | If not empty, the middleware will run in [search mode](#bind-mode-vs-search-mode), filtering search results with the given query.<br />Filter queries can use the `%s` placeholder that is replaced by the username provided in the `Authorization` header of the request (for example: `(&(objectClass=inetOrgPerson)(gidNumber=500)(uid=%s))`). | ""      | No       |
-| `wwwAuthenticateHeader` | Allow setting a `WWW-Authenticate` header in the `401 Unauthorized` response. See [the WWW-Authenticate header documentation](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/WWW-Authenticate) for more information.<br /> The `realm` directive of the `WWW-Authenticate` header can be customized with the `wwwAuthenticateHeaderRealm` option. | false   | No       |
-| `wwwAuthenticateHeaderRealm` | Realm name to set in the `WWW-Authenticate` header. This option is ineffective unless the `wwwAuthenticateHeader` option is set to `true`. | ""      | No       |
+| <a id="opt-url" href="#opt-url" title="#opt-url">`url`</a> | LDAP server URL. Either the `ldaps` or `ldap` protocol and end with a port (ex: `ldaps://ldap.example.org:636`). | ""      | Yes      |
+| <a id="opt-startTLS" href="#opt-startTLS" title="#opt-startTLS">`startTLS`</a> | Enable [`StartTLS`](https://tools.ietf.org/html/rfc4511#section-4.14) request when initializing the connection with the LDAP server. | false   | No       |
+| <a id="opt-certificateAuthority" href="#opt-certificateAuthority" title="#opt-certificateAuthority">`certificateAuthority`</a> | PEM-encoded certificate to use to establish a connection with the LDAP server if the connection uses TLS but that the certificate was signed by a custom Certificate Authority. | ""      | No       |
+| <a id="opt-insecureSkipVerify" href="#opt-insecureSkipVerify" title="#opt-insecureSkipVerify">`insecureSkipVerify`</a> | Allow proceeding and operating even for server TLS connections otherwise considered insecure. | false   | No       |
+| <a id="opt-bindDN" href="#opt-bindDN" title="#opt-bindDN">`bindDN`</a> | Domain name to bind to in order to authenticate to the LDAP server when running on search mode.<br /> Leaving this empty with search mode means binds are anonymous, which is rarely expected behavior.<br /> Not used when running in [bind mode](#bind-mode-vs-search-mode). | ""      | No       |
+| <a id="opt-bindPassword" href="#opt-bindPassword" title="#opt-bindPassword">`bindPassword`</a> |  Password for the `bindDN` used in search mode to authenticate with the LDAP server. More information [here](#bindpassword) | ""      | No       |
+| <a id="opt-connPool" href="#opt-connPool" title="#opt-connPool">`connPool`</a> | Pool of connections to the LDAP server (to minimize the impact on the performance). | None    | No       |
+| <a id="opt-connPool-size" href="#opt-connPool-size" title="#opt-connPool-size">`connPool.size`</a> | Number of connections managed by the pool can be customized with the `size` property. | 10      | No       |
+| <a id="opt-connPool-burst" href="#opt-connPool-burst" title="#opt-connPool-burst">`connPool.burst`</a> | Ephemeral connections that are opened when the pool is already full. Once the number of connection exceeds `size` + `burst`, a `Too Many Connections` error is returned. | 5       | No       |
+| <a id="opt-connPool-ttl" href="#opt-connPool-ttl" title="#opt-connPool-ttl">`connPool.ttl`</a> | Pooled connections are still meant to be short-lived, so they are closed after roughly one minute by default. This behavior can be modified with the `ttl` property. | 60s     | No       |
+| <a id="opt-baseDN" href="#opt-baseDN" title="#opt-baseDN">`baseDN`</a> | Base domain name that should be used for bind and search queries. | ""      | Yes      |
+| <a id="opt-attribute" href="#opt-attribute" title="#opt-attribute">`attribute`</a> | The attribute used to bind a user. Bind queries use this pattern: `<attr>=<username>,<baseDN>`, where the username is extracted from the request header. | cn      | Yes      |
+| <a id="opt-forwardUsername" href="#opt-forwardUsername" title="#opt-forwardUsername">`forwardUsername`</a> | Forward the username in a specific header, defined using the `forwardUsernameHeader` option. | ""      | No       |
+| <a id="opt-forwardUsernameHeader" href="#opt-forwardUsernameHeader" title="#opt-forwardUsernameHeader">`forwardUsernameHeader`</a> | Name of the header to put the username in when forwarding it. This is not used if the `forwardUsername` option is set to `false`. | Username | Yes      |
+| <a id="opt-forwardAuthorization" href="#opt-forwardAuthorization" title="#opt-forwardAuthorization">`forwardAuthorization`</a> | Enable to forward the authorization header from the request after it has been approved by the middleware. | false   | Yes      |
+| <a id="opt-searchFilter" href="#opt-searchFilter" title="#opt-searchFilter">`searchFilter`</a> | If not empty, the middleware will run in [search mode](#bind-mode-vs-search-mode), filtering search results with the given query.<br />Filter queries can use the `%s` placeholder that is replaced by the username provided in the `Authorization` header of the request (for example: `(&(objectClass=inetOrgPerson)(gidNumber=500)(uid=%s))`). | ""      | No       |
+| <a id="opt-wwwAuthenticateHeader" href="#opt-wwwAuthenticateHeader" title="#opt-wwwAuthenticateHeader">`wwwAuthenticateHeader`</a> | Allow setting a `WWW-Authenticate` header in the `401 Unauthorized` response. See [the WWW-Authenticate header documentation](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/WWW-Authenticate) for more information.<br /> The `realm` directive of the `WWW-Authenticate` header can be customized with the `wwwAuthenticateHeaderRealm` option. | false   | No       |
+| <a id="opt-wwwAuthenticateHeaderRealm" href="#opt-wwwAuthenticateHeaderRealm" title="#opt-wwwAuthenticateHeaderRealm">`wwwAuthenticateHeaderRealm`</a> | Realm name to set in the `WWW-Authenticate` header. This option is ineffective unless the `wwwAuthenticateHeader` option is set to `true`. | ""      | No       |

 ### bindPassword

@@ -102,4 +102,4 @@ and a `bindPassword`, then the middleware runs in search mode. In this mode, a s
 issued to the LDAP server before trying to bind. If result of this search returns only 1 record,
 it tries to issue a bind request with this record, otherwise it aborts a `401 Unauthorized` status code.

-{!traefik-for-business-applications.md!}
+{!traefik-for-business-applications.md!}
--- a/docs/content/reference/routing-configuration/http/middlewares/oauth2-client-credentials.md
+++ b/docs/content/reference/routing-configuration/http/middlewares/oauth2-client-credentials.md
@@ -49,32 +49,32 @@ stringData:

 | Field | Description                                                                                 | Default | Required |
 |:------|:--------------------------------------------------------------------------------------------|:--------|:---------|
-| `audience` | Defines the audience configured in your authorization server. <br /> The audience value is the base address of the resource being accessed, for example: https://api.example.com. | ""      | Yes      |
-| `claims` | Defines the claims to validate in order to authorize the request. <br /> The `claims` option can only be used with JWT-formatted token.  (More information [here](#claims)) | ""      | No       |
-| `clientConfig.tls.ca` | PEM-encoded certificate bundle or a URN referencing a secret containing the certificate bundle used to establish a TLS connection with the authorization server  (More information [here](#clientconfig)) | ""      | No       |
-| `clientConfig.tls.cert` | PEM-encoded certificate or a URN referencing a secret containing the certificate used to establish a TLS connection with the Vault server (More information [here](#clientconfig)) | ""      | No       |
-| `clientConfig.tls.key`  | PEM-encoded key or a URN referencing a secret containing the key used to establish a TLS connection with the Vault server. (More information [here](#clientconfig)) | ""      | No       |
-| `clientConfig.tls.insecureSkipVerify` | Disables TLS certificate verification when communicating with the authorization server. <br /> Useful for testing purposes but strongly discouraged for production. (More information [here](#clientconfig)) | ""      | No       |
-| `clientConfig.timeoutSeconds` | Defines the time before giving up requests to the authorization server.   | 5       | No       |
-| `clientConfig.maxRetries` | Defines the number of retries for requests to authorization server that fail. | 3       | No       |
-| `clientID`     | Defines the unique client identifier for an account on the OpenID Connect provider, must be set when the `clientSecret` option is set.<br />More information [here](#storing-secret-values-in-kubernetes-secrets). | ""      | Yes       |
-| `clientSecret` | Defines the unique client secret for an account on the OpenID Connect provider, must be set when the `clientID` option is set.<br />More information [here](#storing-secret-values-in-kubernetes-secrets). | ""      | Yes       |
-| `forwardHeaders` | Defines the HTTP headers to add to requests and populates them with values extracted from the access token claims returned by the authorization server. <br /> Claims to be forwarded that are not found in the JWT result in empty headers. <br /> The `forwardHeaders` option can only be used with JWT-formatted token. | []      | No       |
-| `store.keyPrefix` | Defines the prefix of the key for the entries that store the sessions. | ""      | No       |
-| `store.redis.endpoints`              | Endpoints of the Redis instances to connect to (example: `redis.traefik-hub.svc.cluster.local:6379`) | "" | Yes      |
-| `store.redis.username`               | The username Traefik Hub will use to connect to Redis          | "" | No       |
-| `store.redis.password`               | The password Traefik Hub will use to connect to Redis    | "" | No       |
-| `store.redis.database`               | The database Traefik Hub will use to sore information (default: `0`)                                 | "" | No       |
-| `store.redis.cluster`                | Enable Redis Cluster           | "" | No       |
-| `store.redis.tls.caBundle`           | Custom CA bundle    | "" | No       |
-| `store.redis.tls.cert`               | TLS certificate         | "" | No       |
-| `store.redis.tls.key`                | TLS   | "" | No       |
-| `store.redis.tls.insecureSkipVerify` | Allow skipping the TLS verification | "" | No       |
-| `store.redis.sentinel.masterSet`     | Name of the set of main nodes to use for main selection. Required when using Sentinel.               | "" | No       |
-| `store.redis.sentinel.username`      | Username to use for sentinel authentication (can be different from `username`)  | "" | No       |
-| `store.redis.sentinel.password`      | Password to use for sentinel authentication (can be different from `password`)        | "" | No       |
-| `url` | Defines the authorization server URL (for example: `https://tenant.auth0.com/oauth/token`). | ""      | Yes      |
-| `usernameClaim` | Defines the claim that will be evaluated to populate the `clientusername` in the access logs. <br /> The `usernameClaim` option can only be used with JWT-formatted token.| ""      | No       |
+| <a id="opt-audience" href="#opt-audience" title="#opt-audience">`audience`</a> | Defines the audience configured in your authorization server. <br /> The audience value is the base address of the resource being accessed, for example: https://api.example.com. | ""      | Yes      |
+| <a id="opt-claims" href="#opt-claims" title="#opt-claims">`claims`</a> | Defines the claims to validate in order to authorize the request. <br /> The `claims` option can only be used with JWT-formatted token.  (More information [here](#claims)) | ""      | No       |
+| <a id="opt-clientConfig-tls-ca" href="#opt-clientConfig-tls-ca" title="#opt-clientConfig-tls-ca">`clientConfig.tls.ca`</a> | PEM-encoded certificate bundle or a URN referencing a secret containing the certificate bundle used to establish a TLS connection with the authorization server  (More information [here](#clientconfig)) | ""      | No       |
+| <a id="opt-clientConfig-tls-cert" href="#opt-clientConfig-tls-cert" title="#opt-clientConfig-tls-cert">`clientConfig.tls.cert`</a> | PEM-encoded certificate or a URN referencing a secret containing the certificate used to establish a TLS connection with the Vault server (More information [here](#clientconfig)) | ""      | No       |
+| <a id="opt-clientConfig-tls-key" href="#opt-clientConfig-tls-key" title="#opt-clientConfig-tls-key">`clientConfig.tls.key`</a> | PEM-encoded key or a URN referencing a secret containing the key used to establish a TLS connection with the Vault server. (More information [here](#clientconfig)) | ""      | No       |
+| <a id="opt-clientConfig-tls-insecureSkipVerify" href="#opt-clientConfig-tls-insecureSkipVerify" title="#opt-clientConfig-tls-insecureSkipVerify">`clientConfig.tls.insecureSkipVerify`</a> | Disables TLS certificate verification when communicating with the authorization server. <br /> Useful for testing purposes but strongly discouraged for production. (More information [here](#clientconfig)) | ""      | No       |
+| <a id="opt-clientConfig-timeoutSeconds" href="#opt-clientConfig-timeoutSeconds" title="#opt-clientConfig-timeoutSeconds">`clientConfig.timeoutSeconds`</a> | Defines the time before giving up requests to the authorization server.   | 5       | No       |
+| <a id="opt-clientConfig-maxRetries" href="#opt-clientConfig-maxRetries" title="#opt-clientConfig-maxRetries">`clientConfig.maxRetries`</a> | Defines the number of retries for requests to authorization server that fail. | 3       | No       |
+| <a id="opt-clientID" href="#opt-clientID" title="#opt-clientID">`clientID`</a> | Defines the unique client identifier for an account on the OpenID Connect provider, must be set when the `clientSecret` option is set.<br />More information [here](#storing-secret-values-in-kubernetes-secrets). | ""      | Yes       |
+| <a id="opt-clientSecret" href="#opt-clientSecret" title="#opt-clientSecret">`clientSecret`</a> | Defines the unique client secret for an account on the OpenID Connect provider, must be set when the `clientID` option is set.<br />More information [here](#storing-secret-values-in-kubernetes-secrets). | ""      | Yes       |
+| <a id="opt-forwardHeaders" href="#opt-forwardHeaders" title="#opt-forwardHeaders">`forwardHeaders`</a> | Defines the HTTP headers to add to requests and populates them with values extracted from the access token claims returned by the authorization server. <br /> Claims to be forwarded that are not found in the JWT result in empty headers. <br /> The `forwardHeaders` option can only be used with JWT-formatted token. | []      | No       |
+| <a id="opt-store-keyPrefix" href="#opt-store-keyPrefix" title="#opt-store-keyPrefix">`store.keyPrefix`</a> | Defines the prefix of the key for the entries that store the sessions. | ""      | No       |
+| <a id="opt-store-redis-endpoints" href="#opt-store-redis-endpoints" title="#opt-store-redis-endpoints">`store.redis.endpoints`</a> | Endpoints of the Redis instances to connect to (example: `redis.traefik-hub.svc.cluster.local:6379`) | "" | Yes      |
+| <a id="opt-store-redis-username" href="#opt-store-redis-username" title="#opt-store-redis-username">`store.redis.username`</a> | The username Traefik Hub will use to connect to Redis          | "" | No       |
+| <a id="opt-store-redis-password" href="#opt-store-redis-password" title="#opt-store-redis-password">`store.redis.password`</a> | The password Traefik Hub will use to connect to Redis    | "" | No       |
+| <a id="opt-store-redis-database" href="#opt-store-redis-database" title="#opt-store-redis-database">`store.redis.database`</a> | The database Traefik Hub will use to sore information (default: `0`)                                 | "" | No       |
+| <a id="opt-store-redis-cluster" href="#opt-store-redis-cluster" title="#opt-store-redis-cluster">`store.redis.cluster`</a> | Enable Redis Cluster           | "" | No       |
+| <a id="opt-store-redis-tls-caBundle" href="#opt-store-redis-tls-caBundle" title="#opt-store-redis-tls-caBundle">`store.redis.tls.caBundle`</a> | Custom CA bundle    | "" | No       |
+| <a id="opt-store-redis-tls-cert" href="#opt-store-redis-tls-cert" title="#opt-store-redis-tls-cert">`store.redis.tls.cert`</a> | TLS certificate         | "" | No       |
+| <a id="opt-store-redis-tls-key" href="#opt-store-redis-tls-key" title="#opt-store-redis-tls-key">`store.redis.tls.key`</a> | TLS   | "" | No       |
+| <a id="opt-store-redis-tls-insecureSkipVerify" href="#opt-store-redis-tls-insecureSkipVerify" title="#opt-store-redis-tls-insecureSkipVerify">`store.redis.tls.insecureSkipVerify`</a> | Allow skipping the TLS verification | "" | No       |
+| <a id="opt-store-redis-sentinel-masterSet" href="#opt-store-redis-sentinel-masterSet" title="#opt-store-redis-sentinel-masterSet">`store.redis.sentinel.masterSet`</a> | Name of the set of main nodes to use for main selection. Required when using Sentinel.               | "" | No       |
+| <a id="opt-store-redis-sentinel-username" href="#opt-store-redis-sentinel-username" title="#opt-store-redis-sentinel-username">`store.redis.sentinel.username`</a> | Username to use for sentinel authentication (can be different from `username`)  | "" | No       |
+| <a id="opt-store-redis-sentinel-password" href="#opt-store-redis-sentinel-password" title="#opt-store-redis-sentinel-password">`store.redis.sentinel.password`</a> | Password to use for sentinel authentication (can be different from `password`)        | "" | No       |
+| <a id="opt-url" href="#opt-url" title="#opt-url">`url`</a> | Defines the authorization server URL (for example: `https://tenant.auth0.com/oauth/token`). | ""      | Yes      |
+| <a id="opt-usernameClaim" href="#opt-usernameClaim" title="#opt-usernameClaim">`usernameClaim`</a> | Defines the claim that will be evaluated to populate the `clientusername` in the access logs. <br /> The `usernameClaim` option can only be used with JWT-formatted token.| ""      | No       |

 ### Storing secret values in Kubernetes secrets

@@ -93,20 +93,20 @@ The following functions are supported in `claims`:

 | Function          | Description        | Example        |
 |-------------------|--------------------|-----------------|
-| Equals            | Validates the equality of the value in `key` with `value`.                     | Equals(\`grp\`, \`admin\`)                   |
-| Prefix            | Validates the value in `key` has the prefix of `value`.                        | Prefix(\`referrer\`, \`http://example.com\`) |
-| Contains (string) | Validates the value in `key` contains `value`.                                 | Contains(\`referrer\`, \`/foo/\`)            |
-| Contains (array)  | Validates the `key` array contains the `value`.                                | Contains(\`areas\`, \`home\`)                |
-| SplitContains     | Validates the value in `key` contains the `value` once split by the separator. | SplitContains(\`scope\`, \` \`, \`writer\`)  |
-| OneOf             | Validates the `key` array contains one of the `values`.                        | OneOf(\`areas\`, \`office\`, \`lab\`)        |
+| <a id="opt-Equals" href="#opt-Equals" title="#opt-Equals">Equals</a> | Validates the equality of the value in `key` with `value`.                     | Equals(\`grp\`, \`admin\`)                   |
+| <a id="opt-Prefix" href="#opt-Prefix" title="#opt-Prefix">Prefix</a> | Validates the value in `key` has the prefix of `value`.                        | Prefix(\`referrer\`, \`http://example.com\`) |
+| <a id="opt-Contains-string" href="#opt-Contains-string" title="#opt-Contains-string">Contains (string)</a> | Validates the value in `key` contains `value`.                                 | Contains(\`referrer\`, \`/foo/\`)            |
+| <a id="opt-Contains-array" href="#opt-Contains-array" title="#opt-Contains-array">Contains (array)</a> | Validates the `key` array contains the `value`.                                | Contains(\`areas\`, \`home\`)                |
+| <a id="opt-SplitContains" href="#opt-SplitContains" title="#opt-SplitContains">SplitContains</a> | Validates the value in `key` contains the `value` once split by the separator. | SplitContains(\`scope\`, \` \`, \`writer\`)  |
+| <a id="opt-OneOf" href="#opt-OneOf" title="#opt-OneOf">OneOf</a> | Validates the `key` array contains one of the `values`.                        | OneOf(\`areas\`, \`office\`, \`lab\`)        |

 All functions can be joined by boolean operands. The supported operands are:

 | Operand | Description        | Example        |
 |---------|--------------------|-----------------|
-| &&      | Compares two functions and returns true only if both evaluate to true. | Equals(\`grp\`, \`admin\`) && Equals(\`active\`, \`true\`)   |
-| \|\|    | Compares two functions and returns true if either evaluate to true.    | Equals(\`grp\`, \`admin\`) \|\| Equals(\`active\`, \`true\`) |
-| !       | Returns false if the function is true, otherwise returns true.         | !Equals(\`grp\`, \`testers\`)                                |
+| <a id="opt-row" href="#opt-row" title="#opt-row">&&</a> | Compares two functions and returns true only if both evaluate to true. | Equals(\`grp\`, \`admin\`) && Equals(\`active\`, \`true\`)   |
+| <a id="opt-row-2" href="#opt-row-2" title="#opt-row-2">\|\|</a> | Compares two functions and returns true if either evaluate to true.    | Equals(\`grp\`, \`admin\`) \|\| Equals(\`active\`, \`true\`) |
+| <a id="opt-row-3" href="#opt-row-3" title="#opt-row-3">!</a> | Returns false if the function is true, otherwise returns true.         | !Equals(\`grp\`, \`testers\`)                                |

 All examples will return true for the following data structure:

--- a/docs/content/reference/routing-configuration/http/middlewares/oauth2-token-introspection.md
+++ b/docs/content/reference/routing-configuration/http/middlewares/oauth2-token-introspection.md
@@ -40,23 +40,23 @@ spec:

 | Field | Description | Default | Required |
 |:------|:------------|:--------|:---------|
-| `claims` | Defines the claims to validate in order to authorize the request. <br /> The `claims` option can only be used with JWT-formatted token.  (More information [here](#claims)) | ""      | No       |
-| `clientConfig.url` | Defines the introspection endpoint URL. It must include the scheme and path. | ""      | Yes      |
-| `clientConfig.headers` | Defines the headers to send in every introspection request. Values can be plain strings or a valid [Go template](https://pkg.go.dev/text/template). <br /> Currently, a variable of type [`Request`](https://pkg.go.dev/net/http#Request) corresponding to the request being introspected is accessible in templates. | ""      | No       |
-| `clientConfig.tokenTypeHint` | Defines the type of token being introspected, sent as a hint to the introspection server. <br /> Please refer to the [official documentation](https://tools.ietf.org/html/rfc7662) for more details. | ""      | No       |
-| `clientConfig.tls.ca` | PEM-encoded certificate bundle or a URN referencing a secret containing the certificate bundle used to establish a TLS connection with the authorization server  (More information [here](#clientconfig)) | ""      | No       |
-| `clientConfig.tls.cert` | PEM-encoded certificate or a URN referencing a secret containing the certificate used to establish a TLS connection with the Vault server (More information [here](#clientconfig)) | ""      | No       |
-| `clientConfig.tls.key`  | PEM-encoded key or a URN referencing a secret containing the key used to establish a TLS connection with the Vault server. (More information [here](#clientconfig)) | ""      | No       |
-| `clientConfig.tls.insecureSkipVerify` | Disables TLS certificate verification when communicating with the authorization server. <br /> Useful for testing purposes but strongly discouraged for production. (More information [here](#clientconfig)) | ""      | No       |
-| `clientConfig.timeoutSeconds` | Defines the time before giving up requests to the authorization server.   | 5       | No       |
-| `clientConfig.maxRetries` | Defines the number of retries for requests to authorization server that fail. | 3       | No       |
-| `forwardAuthorization` | Defines whether the authorization header will be forwarded or stripped from a request after it has been approved by the middleware. | false   | No       |
-| `forwardHeaders` | Defines the HTTP headers to add to requests and populates them with values extracted from the access token claims returned by the authorization server. <br /> Claims to be forwarded that are not found in the JWT result in empty headers. <br /> The `forwardHeaders` option can only be used with JWT-formatted token. | []      | No       |
-| `tokenSource.header`           | Defines the header name containing the secret sent by the client.<br />At least one `tokenSource`option must be set.| ""      | No       |
-| `tokenSource.headerAuthScheme` | Defines the scheme when using `Authorization` as header name. <br /> Check out the `Authorization` header [documentation](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Authorization#syntax).<br />At least one `tokenSource`option must be set. | ""      | No       |
-| `tokenSource.query`            | Defines the query parameter name containing the secret sent by the client.<br />At least one `tokenSource`option must be set.| ""      | No       |
-| `tokenSource.cookie`           | Defines the cookie name containing the secret sent by the client.<br />At least one `tokenSource`option must be set.| ""      | No       |
-| `usernameClaim` | Defines the claim that will be evaluated to populate the `clientusername` in the access logs. <br /> The `usernameClaim` option can only be used with JWT-formatted token.| ""      | No       |
+| <a id="opt-claims" href="#opt-claims" title="#opt-claims">`claims`</a> | Defines the claims to validate in order to authorize the request. <br /> The `claims` option can only be used with JWT-formatted token.  (More information [here](#claims)) | ""      | No       |
+| <a id="opt-clientConfig-url" href="#opt-clientConfig-url" title="#opt-clientConfig-url">`clientConfig.url`</a> | Defines the introspection endpoint URL. It must include the scheme and path. | ""      | Yes      |
+| <a id="opt-clientConfig-headers" href="#opt-clientConfig-headers" title="#opt-clientConfig-headers">`clientConfig.headers`</a> | Defines the headers to send in every introspection request. Values can be plain strings or a valid [Go template](https://pkg.go.dev/text/template). <br /> Currently, a variable of type [`Request`](https://pkg.go.dev/net/http#Request) corresponding to the request being introspected is accessible in templates. | ""      | No       |
+| <a id="opt-clientConfig-tokenTypeHint" href="#opt-clientConfig-tokenTypeHint" title="#opt-clientConfig-tokenTypeHint">`clientConfig.tokenTypeHint`</a> | Defines the type of token being introspected, sent as a hint to the introspection server. <br /> Please refer to the [official documentation](https://tools.ietf.org/html/rfc7662) for more details. | ""      | No       |
+| <a id="opt-clientConfig-tls-ca" href="#opt-clientConfig-tls-ca" title="#opt-clientConfig-tls-ca">`clientConfig.tls.ca`</a> | PEM-encoded certificate bundle or a URN referencing a secret containing the certificate bundle used to establish a TLS connection with the authorization server  (More information [here](#clientconfig)) | ""      | No       |
+| <a id="opt-clientConfig-tls-cert" href="#opt-clientConfig-tls-cert" title="#opt-clientConfig-tls-cert">`clientConfig.tls.cert`</a> | PEM-encoded certificate or a URN referencing a secret containing the certificate used to establish a TLS connection with the Vault server (More information [here](#clientconfig)) | ""      | No       |
+| <a id="opt-clientConfig-tls-key" href="#opt-clientConfig-tls-key" title="#opt-clientConfig-tls-key">`clientConfig.tls.key`</a> | PEM-encoded key or a URN referencing a secret containing the key used to establish a TLS connection with the Vault server. (More information [here](#clientconfig)) | ""      | No       |
+| <a id="opt-clientConfig-tls-insecureSkipVerify" href="#opt-clientConfig-tls-insecureSkipVerify" title="#opt-clientConfig-tls-insecureSkipVerify">`clientConfig.tls.insecureSkipVerify`</a> | Disables TLS certificate verification when communicating with the authorization server. <br /> Useful for testing purposes but strongly discouraged for production. (More information [here](#clientconfig)) | ""      | No       |
+| <a id="opt-clientConfig-timeoutSeconds" href="#opt-clientConfig-timeoutSeconds" title="#opt-clientConfig-timeoutSeconds">`clientConfig.timeoutSeconds`</a> | Defines the time before giving up requests to the authorization server.   | 5       | No       |
+| <a id="opt-clientConfig-maxRetries" href="#opt-clientConfig-maxRetries" title="#opt-clientConfig-maxRetries">`clientConfig.maxRetries`</a> | Defines the number of retries for requests to authorization server that fail. | 3       | No       |
+| <a id="opt-forwardAuthorization" href="#opt-forwardAuthorization" title="#opt-forwardAuthorization">`forwardAuthorization`</a> | Defines whether the authorization header will be forwarded or stripped from a request after it has been approved by the middleware. | false   | No       |
+| <a id="opt-forwardHeaders" href="#opt-forwardHeaders" title="#opt-forwardHeaders">`forwardHeaders`</a> | Defines the HTTP headers to add to requests and populates them with values extracted from the access token claims returned by the authorization server. <br /> Claims to be forwarded that are not found in the JWT result in empty headers. <br /> The `forwardHeaders` option can only be used with JWT-formatted token. | []      | No       |
+| <a id="opt-tokenSource-header" href="#opt-tokenSource-header" title="#opt-tokenSource-header">`tokenSource.header`</a> | Defines the header name containing the secret sent by the client.<br />At least one `tokenSource`option must be set.| ""      | No       |
+| <a id="opt-tokenSource-headerAuthScheme" href="#opt-tokenSource-headerAuthScheme" title="#opt-tokenSource-headerAuthScheme">`tokenSource.headerAuthScheme`</a> | Defines the scheme when using `Authorization` as header name. <br /> Check out the `Authorization` header [documentation](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Authorization#syntax).<br />At least one `tokenSource`option must be set. | ""      | No       |
+| <a id="opt-tokenSource-query" href="#opt-tokenSource-query" title="#opt-tokenSource-query">`tokenSource.query`</a> | Defines the query parameter name containing the secret sent by the client.<br />At least one `tokenSource`option must be set.| ""      | No       |
+| <a id="opt-tokenSource-cookie" href="#opt-tokenSource-cookie" title="#opt-tokenSource-cookie">`tokenSource.cookie`</a> | Defines the cookie name containing the secret sent by the client.<br />At least one `tokenSource`option must be set.| ""      | No       |
+| <a id="opt-usernameClaim" href="#opt-usernameClaim" title="#opt-usernameClaim">`usernameClaim`</a> | Defines the claim that will be evaluated to populate the `clientusername` in the access logs. <br /> The `usernameClaim` option can only be used with JWT-formatted token.| ""      | No       |

 ### claims

@@ -66,20 +66,20 @@ The following functions are supported in `claims`:

 | Function          | Description        | Example        |
 |-------------------|--------------------|-----------------|
-| Equals            | Validates the equality of the value in `key` with `value`.                     | Equals(\`grp\`, \`admin\`)                   |
-| Prefix            | Validates the value in `key` has the prefix of `value`.                        | Prefix(\`referrer\`, \`http://example.com\`) |
-| Contains (string) | Validates the value in `key` contains `value`.                                 | Contains(\`referrer\`, \`/foo/\`)            |
-| Contains (array)  | Validates the `key` array contains the `value`.                                | Contains(\`areas\`, \`home\`)                |
-| SplitContains     | Validates the value in `key` contains the `value` once split by the separator. | SplitContains(\`scope\`, \` \`, \`writer\`)  |
-| OneOf             | Validates the `key` array contains one of the `values`.                        | OneOf(\`areas\`, \`office\`, \`lab\`)        |
+| <a id="opt-Equals" href="#opt-Equals" title="#opt-Equals">Equals</a> | Validates the equality of the value in `key` with `value`.                     | Equals(\`grp\`, \`admin\`)                   |
+| <a id="opt-Prefix" href="#opt-Prefix" title="#opt-Prefix">Prefix</a> | Validates the value in `key` has the prefix of `value`.                        | Prefix(\`referrer\`, \`http://example.com\`) |
+| <a id="opt-Contains-string" href="#opt-Contains-string" title="#opt-Contains-string">Contains (string)</a> | Validates the value in `key` contains `value`.                                 | Contains(\`referrer\`, \`/foo/\`)            |
+| <a id="opt-Contains-array" href="#opt-Contains-array" title="#opt-Contains-array">Contains (array)</a> | Validates the `key` array contains the `value`.                                | Contains(\`areas\`, \`home\`)                |
+| <a id="opt-SplitContains" href="#opt-SplitContains" title="#opt-SplitContains">SplitContains</a> | Validates the value in `key` contains the `value` once split by the separator. | SplitContains(\`scope\`, \` \`, \`writer\`)  |
+| <a id="opt-OneOf" href="#opt-OneOf" title="#opt-OneOf">OneOf</a> | Validates the `key` array contains one of the `values`.                        | OneOf(\`areas\`, \`office\`, \`lab\`)        |

 All functions can be joined by boolean operands. The supported operands are:

 | Operand | Description        | Example        |
 |---------|--------------------|-----------------|
-| &&      | Compares two functions and returns true only if both evaluate to true. | Equals(\`grp\`, \`admin\`) && Equals(\`active\`, \`true\`)   |
-| \|\|    | Compares two functions and returns true if either evaluate to true.    | Equals(\`grp\`, \`admin\`) \|\| Equals(\`active\`, \`true\`) |
-| !       | Returns false if the function is true, otherwise returns true.         | !Equals(\`grp\`, \`testers\`)                                |
+| <a id="opt-row" href="#opt-row" title="#opt-row">&&</a> | Compares two functions and returns true only if both evaluate to true. | Equals(\`grp\`, \`admin\`) && Equals(\`active\`, \`true\`)   |
+| <a id="opt-row-2" href="#opt-row-2" title="#opt-row-2">\|\|</a> | Compares two functions and returns true if either evaluate to true.    | Equals(\`grp\`, \`admin\`) \|\| Equals(\`active\`, \`true\`) |
+| <a id="opt-row-3" href="#opt-row-3" title="#opt-row-3">!</a> | Returns false if the function is true, otherwise returns true.         | !Equals(\`grp\`, \`testers\`)                                |

 All examples will return true for the following data structure:

--- a/docs/content/reference/routing-configuration/http/middlewares/oidc.md
+++ b/docs/content/reference/routing-configuration/http/middlewares/oidc.md
@@ -60,61 +60,61 @@ stringData:

 | Field | Description | Default | Required |
 |:------|:------------|:--------|:---------|
-| `issuer` | Defines the URL to the OpenID Connect provider (for example, `https://accounts.google.com`). <br /> It should point to the server which provides the OpenID Connect configuration. | "" | Yes |
-| `redirectUrl` | Defines the URL used by the OpenID Connect provider to redirect back to the middleware once the authorization is complete. (More information [here](#redirecturl)) | "" | Yes |
-| `clientID`     | Defines the unique client identifier for an account on the OpenID Connect provider, must be set when the `clientSecret` option is set. (More information [here](#clientid-clientsecret)) | ""      | Yes       |
-| `clientSecret` | Defines the unique client secret for an account on the OpenID Connect provider, must be set when the `clientID` option is set. (More information [here](#clientid-clientsecret)) | ""      | Yes       |
-| `claims` | Defines the claims to validate in order to authorize the request. <br /> The `claims` option can only be used with JWT-formatted token.  (More information [here](#claims)) | ""      | No       |
-| `usernameClaim` | Defines the claim that will be evaluated to populate the `clientusername` in the access logs. <br /> The `usernameClaim` option can only be used with JWT-formatted token.| ""      | No       |
-| `forwardHeaders` | Defines the HTTP headers to add to requests and populates them with values extracted from the access token claims returned by the authorization server. <br /> Claims to be forwarded that are not found in the JWT result in empty headers. <br /> The `forwardHeaders` option can only be used with JWT-formatted token. | []      | No       |
-| `clientConfig.tls.ca` | PEM-encoded certificate bundle or a URN referencing a secret containing the certificate bundle used to establish a TLS connection with the authorization server  (More information [here](#clientconfig)) | ""      | No       |
-| `clientConfig.tls.cert` | PEM-encoded certificate or a URN referencing a secret containing the certificate used to establish a TLS connection with the Vault server (More information [here](#clientconfig)) | ""      | No       |
-| `clientConfig.tls.key`  | PEM-encoded key or a URN referencing a secret containing the key used to establish a TLS connection with the Vault server. (More information [here](#clientconfig)) | ""      | No       |
-| `clientConfig.tls.insecureSkipVerify` | Disables TLS certificate verification when communicating with the authorization server. <br /> Useful for testing purposes but strongly discouraged for production. (More information [here](#clientconfig)) | ""      | No       |
-| `clientConfig.timeoutSeconds` | Defines the time before giving up requests to the authorization server.   | 5       | No       |
-| `clientConfig.maxRetries` | Defines the number of retries for requests to authorization server that fail. | 3       | No       |
-| `pkce` | Defines the Proof Key for Code Exchange as described in [RFC 7636](https://datatracker.ietf.org/doc/html/rfc7636). | false | No |
-| `discoveryParams` | A map of arbitrary query parameters to be added to the openid-configuration well-known URI during the discovery mechanism. | "" | No |
-| `scopes` | The scopes to request. Must include `openid`. | openid | No |
-| `authParams` | A map of the arbitrary query parameters to be passed to the Authentication Provider. <br />When a `prompt` key is set to an empty string in the AuthParams,the prompt parameter is not added to the OAuth2 authorization URL Which means the user won't be prompted for consent.| "" | No |
-| `disableLogin` | Disables redirections to the authentication provider <br /> This can be useful for protecting APIs where redirecting to a login page is undesirable. | false | No |
-| `loginUrl` | Defines the URL used to start authorization when needed. <br /> All other requests that are not already authorized will return a 401 Unauthorized. When left empty, all requests can start authorization. <br /> It can be a path (`/login` for example), a host and a path (`example.com/login`) or a complete URL (`https://example.com/login`). <br /> Only `http` and `https` schemes are supported.| "" | No |
-| `logoutUrl` |Defines the URL on which the session should be deleted in order to log users out. <br /> It can be a path (`/logout` for example), a host and a path (`example.com/logout`) or a complete URL (`https://example.com/logout`). <br /> Only `http` and `https` schemes are supported.| "" | No |
-| `postLoginRedirectUrl` |If set and used in conjunction with `loginUrl`, the middleware will redirect to this URL after successful login. <br /> It can be a path (`/after/login` for example), a host and a path (`example.com/after/login`) or a complete URL (`https://example.com/after/login`). <br /> Only `http` and `https` schemes are supported. | "" | No |
-| `postLogoutRedirectUrl` | If set and used in conjunction with `logoutUrl`, the middleware will redirect to this URL after logout. <br /> It can be a path (`/after/logout` for example), a host and a path (`example.com/after/logout`) or a complete URL (`https://example.com/after/logout`). <br /> Only `http` and `https` schemes are supported. | "" | No |
-| `backchannelLogoutUrl` | Defines the URL called by the OIDC provider when a user logs out (see https://openid.net/specs/openid-connect-rpinitiated-1_0.html#OpenID.BackChannel). <br /> It can be a path (`/backchannel-logout` for example), a host and a path (`example.com/backchannel-logout`) or a complete URL (`https://example.com/backchannel-logout`). <br /> Only `http` and `https` schemes are supported. <br /> This feature is currently in an experimental state and has been tested exclusively with the Keycloak OIDC provider. | "" | No |
-| `backchannelLogoutSessionsRequired` | This specifies whether the OIDC provider includes the sid (session ID) Claim in the Logout Token to identify the user session (see https://openid.net/specs/openid-connect-backchannel-1_0.html#BCRegistration). <br/> If omitted, the default value is false. <br /> This feature is currently in an experimental state and has been tested exclusively with the Keycloak OIDC provider. | false | No |
-| `stateCookie.name` | Defines the name of the state cookie. |"`MIDDLEWARE_NAME`-state" | No |
-| `stateCookie.path` | Defines the URL path that must exist in the requested URL in order to send the Cookie header. <br /> The `%x2F` ('/') character is considered a directory separator, and subdirectories will match as well. <br /> For example, if `stateCookie.path` is set to `/docs`, these paths will match: `/docs`,`/docs/web/`,`/docs/web/http`.| "/" | No |
-| `stateCookie.domain` | Defines the hosts that are allowed to receive the cookie. <br />If specified, then subdomains are always included. <br /> For example, if it is set to `example.com`, then cookies are included on subdomains like `api.example.com`. | "" | No |
-| `stateCookie.maxAge` |Defines the number of seconds after which the state cookie should expire. <br />  A zero or negative number will expire the cookie immediately. | 600 | No |
-| `stateCookie.sameSite` | Informsbrowsers how they should handle the state cookie on cross-site requests. <br /> Setting it to `lax` or `strict` can provide some protection against cross-site request forgery attacks ([CSRF](https://developer.mozilla.org/en-US/docs/Glossary/CSRF)). <br /> More information [here](#samesite---accepted-values). | lax | No |
-| `stateCookie.httpOnly` | Forbids JavaScript from accessing the cookie. <br /> For example, through the `Document.cookie` property, the `XMLHttpRequest` API, or the `Request` API. <br /> This mitigates attacks against cross-site scripting ([XSS](https://developer.mozilla.org/en-US/docs/Glossary/XSS)). | true | No |
-| `stateCookie.secure` | Defines whether the state cookie is only sent to the server when a request is made with the `https` scheme. | false | No |
-| `session.name` | The name of the session cookie. |"`MIDDLEWARE_NAME`-session"| No |
-| `session.path` | Defines the URL path that must exist in the requested URL in order to send the Cookie header. <br />The `%x2F` ('/'') character is considered a directory separator, and subdirectories will match as well. <br /> For example, if `stateCookie.path` is set to `/docs`, these paths will match: `/docs`,`/docs/web/`,`/docs/web/http`.| "/" | No |
-| `session.domain` | Specifies the hosts that are allowed to receive the cookie. If specified, then subdomains are always included. If specified, then subdomains are always included. <br /> For example, if it is set to `example.com`, then cookies are included on subdomains like `api.example.com`.| "" | No |
-| `session.expiry` | Number of seconds after which the session should expire. A zero or negative number is **prohibited**. | 86400 (24h) | No |
-| `session.sliding` | Forces the middleware to renew the session cookie each time an authenticated request is received. | true | No |
-| `session.refresh` | Enables the access token refresh when it expires. | true | No |
-| `session.sameSite` | Inform browsers how they should handle the session cookie on cross-site requests. <br /> Setting it to `lax` or `strict` can provide some protection against cross-site request forgery attacks ([CSRF](https://developer.mozilla.org/en-US/docs/Glossary/CSRF)). <br /> More information [here](#samesite---accepted-values). | lax | No |
-| `session.httpOnly` | Forbids JavaScript from accessing the cookie. <br /> For example, through the `Document.cookie` property, the `XMLHttpRequest` API, or the `Request` API. <br /> This mitigates attacks against cross-site scripting ([XSS](https://developer.mozilla.org/en-US/docs/Glossary/XSS)). | true | No |
-| `session.secure` | Defines whether the session cookie is only sent to the server when a request is made with the `https` scheme. | false | No |
-| `session.store.redis.endpoints`              | Endpoints of the Redis instances to connect to (example: `redis.traefik-hub.svc.cluster.local:6379`) | "" | Yes      |
-| `session.store.redis.username`               | The username Traefik Hub will use to connect to Redis                                                | "" | No       |
-| `session.store.redis.password`               | The password Traefik Hub will use to connect to Redis                                                | "" | No       |
-| `session.store.redis.database`               | The database Traefik Hub will use to sore information (default: `0`)                                 | "" | No       |
-| `session.store.redis.cluster`                | Enable Redis Cluster                                                                                 | "" | No       |
-| `session.store.redis.tls.caBundle`           | Custom CA bundle                                                                                     | "" | No       |
-| `session.store.redis.tls.cert`               | TLS certificate                                                                                      | "" | No       |
-| `session.store.redis.tls.key`                | TLS key                                                                                              | "" | No       |
-| `session.store.redis.tls.insecureSkipVerify` | Allow skipping the TLS verification                                                                  | "" | No       |
-| `session.store.redis.sentinel.masterSet`     | Name of the set of main nodes to use for main selection. Required when using Sentinel.               | "" | No       |
-| `session.store.redis.sentinel.username`      | Username to use for sentinel authentication (can be different from `username`)                       | "" | No       |
-| `session.store.redis.sentinel.password`      | Password to use for sentinel authentication (can be different from `password`)                       | "" | No       |
-| `csrf` | When enabled, a CSRF cookie, named `traefikee-csrf-token`, is bound to the OIDC session to protect service from CSRF attacks. <br /> It is based on the [Signed Double Submit Cookie](https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html#signed-double-submit-cookie) implementation as defined by the OWASP Foundation.<br />Moreinformation [here](#csrf). | "" | No |
-| `csrf.secure` | Defines whether the CSRF cookie is only sent to the server when a request is made with the `https` scheme. | false | No |
-| `csrf.headerName` | Defines the name of the header used to send the CSRF token value received previously in the CSRF cookie. | TraefikHub-Csrf-Token | No |
+| <a id="opt-issuer" href="#opt-issuer" title="#opt-issuer">`issuer`</a> | Defines the URL to the OpenID Connect provider (for example, `https://accounts.google.com`). <br /> It should point to the server which provides the OpenID Connect configuration. | "" | Yes |
+| <a id="opt-redirectUrl" href="#opt-redirectUrl" title="#opt-redirectUrl">`redirectUrl`</a> | Defines the URL used by the OpenID Connect provider to redirect back to the middleware once the authorization is complete. (More information [here](#redirecturl)) | "" | Yes |
+| <a id="opt-clientID" href="#opt-clientID" title="#opt-clientID">`clientID`</a> | Defines the unique client identifier for an account on the OpenID Connect provider, must be set when the `clientSecret` option is set. (More information [here](#clientid-clientsecret)) | ""      | Yes       |
+| <a id="opt-clientSecret" href="#opt-clientSecret" title="#opt-clientSecret">`clientSecret`</a> | Defines the unique client secret for an account on the OpenID Connect provider, must be set when the `clientID` option is set. (More information [here](#clientid-clientsecret)) | ""      | Yes       |
+| <a id="opt-claims" href="#opt-claims" title="#opt-claims">`claims`</a> | Defines the claims to validate in order to authorize the request. <br /> The `claims` option can only be used with JWT-formatted token.  (More information [here](#claims)) | ""      | No       |
+| <a id="opt-usernameClaim" href="#opt-usernameClaim" title="#opt-usernameClaim">`usernameClaim`</a> | Defines the claim that will be evaluated to populate the `clientusername` in the access logs. <br /> The `usernameClaim` option can only be used with JWT-formatted token.| ""      | No       |
+| <a id="opt-forwardHeaders" href="#opt-forwardHeaders" title="#opt-forwardHeaders">`forwardHeaders`</a> | Defines the HTTP headers to add to requests and populates them with values extracted from the access token claims returned by the authorization server. <br /> Claims to be forwarded that are not found in the JWT result in empty headers. <br /> The `forwardHeaders` option can only be used with JWT-formatted token. | []      | No       |
+| <a id="opt-clientConfig-tls-ca" href="#opt-clientConfig-tls-ca" title="#opt-clientConfig-tls-ca">`clientConfig.tls.ca`</a> | PEM-encoded certificate bundle or a URN referencing a secret containing the certificate bundle used to establish a TLS connection with the authorization server  (More information [here](#clientconfig)) | ""      | No       |
+| <a id="opt-clientConfig-tls-cert" href="#opt-clientConfig-tls-cert" title="#opt-clientConfig-tls-cert">`clientConfig.tls.cert`</a> | PEM-encoded certificate or a URN referencing a secret containing the certificate used to establish a TLS connection with the Vault server (More information [here](#clientconfig)) | ""      | No       |
+| <a id="opt-clientConfig-tls-key" href="#opt-clientConfig-tls-key" title="#opt-clientConfig-tls-key">`clientConfig.tls.key`</a> | PEM-encoded key or a URN referencing a secret containing the key used to establish a TLS connection with the Vault server. (More information [here](#clientconfig)) | ""      | No       |
+| <a id="opt-clientConfig-tls-insecureSkipVerify" href="#opt-clientConfig-tls-insecureSkipVerify" title="#opt-clientConfig-tls-insecureSkipVerify">`clientConfig.tls.insecureSkipVerify`</a> | Disables TLS certificate verification when communicating with the authorization server. <br /> Useful for testing purposes but strongly discouraged for production. (More information [here](#clientconfig)) | ""      | No       |
+| <a id="opt-clientConfig-timeoutSeconds" href="#opt-clientConfig-timeoutSeconds" title="#opt-clientConfig-timeoutSeconds">`clientConfig.timeoutSeconds`</a> | Defines the time before giving up requests to the authorization server.   | 5       | No       |
+| <a id="opt-clientConfig-maxRetries" href="#opt-clientConfig-maxRetries" title="#opt-clientConfig-maxRetries">`clientConfig.maxRetries`</a> | Defines the number of retries for requests to authorization server that fail. | 3       | No       |
+| <a id="opt-pkce" href="#opt-pkce" title="#opt-pkce">`pkce`</a> | Defines the Proof Key for Code Exchange as described in [RFC 7636](https://datatracker.ietf.org/doc/html/rfc7636). | false | No |
+| <a id="opt-discoveryParams" href="#opt-discoveryParams" title="#opt-discoveryParams">`discoveryParams`</a> | A map of arbitrary query parameters to be added to the openid-configuration well-known URI during the discovery mechanism. | "" | No |
+| <a id="opt-scopes" href="#opt-scopes" title="#opt-scopes">`scopes`</a> | The scopes to request. Must include `openid`. | openid | No |
+| <a id="opt-authParams" href="#opt-authParams" title="#opt-authParams">`authParams`</a> | A map of the arbitrary query parameters to be passed to the Authentication Provider. <br />When a `prompt` key is set to an empty string in the AuthParams,the prompt parameter is not added to the OAuth2 authorization URL Which means the user won't be prompted for consent.| "" | No |
+| <a id="opt-disableLogin" href="#opt-disableLogin" title="#opt-disableLogin">`disableLogin`</a> | Disables redirections to the authentication provider <br /> This can be useful for protecting APIs where redirecting to a login page is undesirable. | false | No |
+| <a id="opt-loginUrl" href="#opt-loginUrl" title="#opt-loginUrl">`loginUrl`</a> | Defines the URL used to start authorization when needed. <br /> All other requests that are not already authorized will return a 401 Unauthorized. When left empty, all requests can start authorization. <br /> It can be a path (`/login` for example), a host and a path (`example.com/login`) or a complete URL (`https://example.com/login`). <br /> Only `http` and `https` schemes are supported.| "" | No |
+| <a id="opt-logoutUrl" href="#opt-logoutUrl" title="#opt-logoutUrl">`logoutUrl`</a> |Defines the URL on which the session should be deleted in order to log users out. <br /> It can be a path (`/logout` for example), a host and a path (`example.com/logout`) or a complete URL (`https://example.com/logout`). <br /> Only `http` and `https` schemes are supported.| "" | No |
+| <a id="opt-postLoginRedirectUrl" href="#opt-postLoginRedirectUrl" title="#opt-postLoginRedirectUrl">`postLoginRedirectUrl`</a> |If set and used in conjunction with `loginUrl`, the middleware will redirect to this URL after successful login. <br /> It can be a path (`/after/login` for example), a host and a path (`example.com/after/login`) or a complete URL (`https://example.com/after/login`). <br /> Only `http` and `https` schemes are supported. | "" | No |
+| <a id="opt-postLogoutRedirectUrl" href="#opt-postLogoutRedirectUrl" title="#opt-postLogoutRedirectUrl">`postLogoutRedirectUrl`</a> | If set and used in conjunction with `logoutUrl`, the middleware will redirect to this URL after logout. <br /> It can be a path (`/after/logout` for example), a host and a path (`example.com/after/logout`) or a complete URL (`https://example.com/after/logout`). <br /> Only `http` and `https` schemes are supported. | "" | No |
+| <a id="opt-backchannelLogoutUrl" href="#opt-backchannelLogoutUrl" title="#opt-backchannelLogoutUrl">`backchannelLogoutUrl`</a> | Defines the URL called by the OIDC provider when a user logs out (see https://openid.net/specs/openid-connect-rpinitiated-1_0.html#OpenID.BackChannel). <br /> It can be a path (`/backchannel-logout` for example), a host and a path (`example.com/backchannel-logout`) or a complete URL (`https://example.com/backchannel-logout`). <br /> Only `http` and `https` schemes are supported. <br /> This feature is currently in an experimental state and has been tested exclusively with the Keycloak OIDC provider. | "" | No |
+| <a id="opt-backchannelLogoutSessionsRequired" href="#opt-backchannelLogoutSessionsRequired" title="#opt-backchannelLogoutSessionsRequired">`backchannelLogoutSessionsRequired`</a> | This specifies whether the OIDC provider includes the sid (session ID) Claim in the Logout Token to identify the user session (see https://openid.net/specs/openid-connect-backchannel-1_0.html#BCRegistration). <br/> If omitted, the default value is false. <br /> This feature is currently in an experimental state and has been tested exclusively with the Keycloak OIDC provider. | false | No |
+| <a id="opt-stateCookie-name" href="#opt-stateCookie-name" title="#opt-stateCookie-name">`stateCookie.name`</a> | Defines the name of the state cookie. |"`MIDDLEWARE_NAME`-state" | No |
+| <a id="opt-stateCookie-path" href="#opt-stateCookie-path" title="#opt-stateCookie-path">`stateCookie.path`</a> | Defines the URL path that must exist in the requested URL in order to send the Cookie header. <br /> The `%x2F` ('/') character is considered a directory separator, and subdirectories will match as well. <br /> For example, if `stateCookie.path` is set to `/docs`, these paths will match: `/docs`,`/docs/web/`,`/docs/web/http`.| "/" | No |
+| <a id="opt-stateCookie-domain" href="#opt-stateCookie-domain" title="#opt-stateCookie-domain">`stateCookie.domain`</a> | Defines the hosts that are allowed to receive the cookie. <br />If specified, then subdomains are always included. <br /> For example, if it is set to `example.com`, then cookies are included on subdomains like `api.example.com`. | "" | No |
+| <a id="opt-stateCookie-maxAge" href="#opt-stateCookie-maxAge" title="#opt-stateCookie-maxAge">`stateCookie.maxAge`</a> |Defines the number of seconds after which the state cookie should expire. <br />  A zero or negative number will expire the cookie immediately. | 600 | No |
+| <a id="opt-stateCookie-sameSite" href="#opt-stateCookie-sameSite" title="#opt-stateCookie-sameSite">`stateCookie.sameSite`</a> | Informsbrowsers how they should handle the state cookie on cross-site requests. <br /> Setting it to `lax` or `strict` can provide some protection against cross-site request forgery attacks ([CSRF](https://developer.mozilla.org/en-US/docs/Glossary/CSRF)). <br /> More information [here](#samesite---accepted-values). | lax | No |
+| <a id="opt-stateCookie-httpOnly" href="#opt-stateCookie-httpOnly" title="#opt-stateCookie-httpOnly">`stateCookie.httpOnly`</a> | Forbids JavaScript from accessing the cookie. <br /> For example, through the `Document.cookie` property, the `XMLHttpRequest` API, or the `Request` API. <br /> This mitigates attacks against cross-site scripting ([XSS](https://developer.mozilla.org/en-US/docs/Glossary/XSS)). | true | No |
+| <a id="opt-stateCookie-secure" href="#opt-stateCookie-secure" title="#opt-stateCookie-secure">`stateCookie.secure`</a> | Defines whether the state cookie is only sent to the server when a request is made with the `https` scheme. | false | No |
+| <a id="opt-session-name" href="#opt-session-name" title="#opt-session-name">`session.name`</a> | The name of the session cookie. |"`MIDDLEWARE_NAME`-session"| No |
+| <a id="opt-session-path" href="#opt-session-path" title="#opt-session-path">`session.path`</a> | Defines the URL path that must exist in the requested URL in order to send the Cookie header. <br />The `%x2F` ('/'') character is considered a directory separator, and subdirectories will match as well. <br /> For example, if `stateCookie.path` is set to `/docs`, these paths will match: `/docs`,`/docs/web/`,`/docs/web/http`.| "/" | No |
+| <a id="opt-session-domain" href="#opt-session-domain" title="#opt-session-domain">`session.domain`</a> | Specifies the hosts that are allowed to receive the cookie. If specified, then subdomains are always included. If specified, then subdomains are always included. <br /> For example, if it is set to `example.com`, then cookies are included on subdomains like `api.example.com`.| "" | No |
+| <a id="opt-session-expiry" href="#opt-session-expiry" title="#opt-session-expiry">`session.expiry`</a> | Number of seconds after which the session should expire. A zero or negative number is **prohibited**. | 86400 (24h) | No |
+| <a id="opt-session-sliding" href="#opt-session-sliding" title="#opt-session-sliding">`session.sliding`</a> | Forces the middleware to renew the session cookie each time an authenticated request is received. | true | No |
+| <a id="opt-session-refresh" href="#opt-session-refresh" title="#opt-session-refresh">`session.refresh`</a> | Enables the access token refresh when it expires. | true | No |
+| <a id="opt-session-sameSite" href="#opt-session-sameSite" title="#opt-session-sameSite">`session.sameSite`</a> | Inform browsers how they should handle the session cookie on cross-site requests. <br /> Setting it to `lax` or `strict` can provide some protection against cross-site request forgery attacks ([CSRF](https://developer.mozilla.org/en-US/docs/Glossary/CSRF)). <br /> More information [here](#samesite---accepted-values). | lax | No |
+| <a id="opt-session-httpOnly" href="#opt-session-httpOnly" title="#opt-session-httpOnly">`session.httpOnly`</a> | Forbids JavaScript from accessing the cookie. <br /> For example, through the `Document.cookie` property, the `XMLHttpRequest` API, or the `Request` API. <br /> This mitigates attacks against cross-site scripting ([XSS](https://developer.mozilla.org/en-US/docs/Glossary/XSS)). | true | No |
+| <a id="opt-session-secure" href="#opt-session-secure" title="#opt-session-secure">`session.secure`</a> | Defines whether the session cookie is only sent to the server when a request is made with the `https` scheme. | false | No |
+| <a id="opt-session-store-redis-endpoints" href="#opt-session-store-redis-endpoints" title="#opt-session-store-redis-endpoints">`session.store.redis.endpoints`</a> | Endpoints of the Redis instances to connect to (example: `redis.traefik-hub.svc.cluster.local:6379`) | "" | Yes      |
+| <a id="opt-session-store-redis-username" href="#opt-session-store-redis-username" title="#opt-session-store-redis-username">`session.store.redis.username`</a> | The username Traefik Hub will use to connect to Redis                                                | "" | No       |
+| <a id="opt-session-store-redis-password" href="#opt-session-store-redis-password" title="#opt-session-store-redis-password">`session.store.redis.password`</a> | The password Traefik Hub will use to connect to Redis                                                | "" | No       |
+| <a id="opt-session-store-redis-database" href="#opt-session-store-redis-database" title="#opt-session-store-redis-database">`session.store.redis.database`</a> | The database Traefik Hub will use to sore information (default: `0`)                                 | "" | No       |
+| <a id="opt-session-store-redis-cluster" href="#opt-session-store-redis-cluster" title="#opt-session-store-redis-cluster">`session.store.redis.cluster`</a> | Enable Redis Cluster                                                                                 | "" | No       |
+| <a id="opt-session-store-redis-tls-caBundle" href="#opt-session-store-redis-tls-caBundle" title="#opt-session-store-redis-tls-caBundle">`session.store.redis.tls.caBundle`</a> | Custom CA bundle                                                                                     | "" | No       |
+| <a id="opt-session-store-redis-tls-cert" href="#opt-session-store-redis-tls-cert" title="#opt-session-store-redis-tls-cert">`session.store.redis.tls.cert`</a> | TLS certificate                                                                                      | "" | No       |
+| <a id="opt-session-store-redis-tls-key" href="#opt-session-store-redis-tls-key" title="#opt-session-store-redis-tls-key">`session.store.redis.tls.key`</a> | TLS key                                                                                              | "" | No       |
+| <a id="opt-session-store-redis-tls-insecureSkipVerify" href="#opt-session-store-redis-tls-insecureSkipVerify" title="#opt-session-store-redis-tls-insecureSkipVerify">`session.store.redis.tls.insecureSkipVerify`</a> | Allow skipping the TLS verification                                                                  | "" | No       |
+| <a id="opt-session-store-redis-sentinel-masterSet" href="#opt-session-store-redis-sentinel-masterSet" title="#opt-session-store-redis-sentinel-masterSet">`session.store.redis.sentinel.masterSet`</a> | Name of the set of main nodes to use for main selection. Required when using Sentinel.               | "" | No       |
+| <a id="opt-session-store-redis-sentinel-username" href="#opt-session-store-redis-sentinel-username" title="#opt-session-store-redis-sentinel-username">`session.store.redis.sentinel.username`</a> | Username to use for sentinel authentication (can be different from `username`)                       | "" | No       |
+| <a id="opt-session-store-redis-sentinel-password" href="#opt-session-store-redis-sentinel-password" title="#opt-session-store-redis-sentinel-password">`session.store.redis.sentinel.password`</a> | Password to use for sentinel authentication (can be different from `password`)                       | "" | No       |
+| <a id="opt-csrf" href="#opt-csrf" title="#opt-csrf">`csrf`</a> | When enabled, a CSRF cookie, named `traefikee-csrf-token`, is bound to the OIDC session to protect service from CSRF attacks. <br /> It is based on the [Signed Double Submit Cookie](https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html#signed-double-submit-cookie) implementation as defined by the OWASP Foundation.<br />Moreinformation [here](#csrf). | "" | No |
+| <a id="opt-csrf-secure" href="#opt-csrf-secure" title="#opt-csrf-secure">`csrf.secure`</a> | Defines whether the CSRF cookie is only sent to the server when a request is made with the `https` scheme. | false | No |
+| <a id="opt-csrf-headerName" href="#opt-csrf-headerName" title="#opt-csrf-headerName">`csrf.headerName`</a> | Defines the name of the header used to send the CSRF token value received previously in the CSRF cookie. | TraefikHub-Csrf-Token | No |

 ### redirectUrl

@@ -154,19 +154,19 @@ See the following examples.

 | Request URL | RedirectURL| Result |
 |:------------|:-----------|:-------|
-| `http://expl.co` | `/cback` | `http://expl.co/cback`  |
+| <a id="opt-httpexpl-co" href="#opt-httpexpl-co" title="#opt-httpexpl-co">`http://expl.co`</a> | `/cback` | `http://expl.co/cback`  |

 #### Inherit the Protocol from the Request and Uses the Redirecturl’s Domain and Path

 | Request URL | RedirectURL| Result |
 |:------------|:-----------|:-------|
-| `https://scur.co` | `expl.co/cback`| `https://expl.co/cback` |
+| <a id="opt-httpsscur-co" href="#opt-httpsscur-co" title="#opt-httpsscur-co">`https://scur.co`</a> | `expl.co/cback`| `https://expl.co/cback` |

 #### Replace the Request URL with the Redirect URL since It Is an Absolute URL

 | Request URL | RedirectURL| Result |
 |:------------|:-----------|:-------|
-| `https://scur.co` | `http://expl.co/cback` | `http://expl.co/cback` |
+| <a id="opt-httpsscur-co-2" href="#opt-httpsscur-co-2" title="#opt-httpsscur-co-2">`https://scur.co`</a> | `http://expl.co/cback` | `http://expl.co/cback` |

 !!! note "Supported Schemes"

@@ -205,20 +205,20 @@ The following functions are supported in `claims`:

 | Function          | Description        | Example        |
 |-------------------|--------------------|-----------------|
-| Equals            | Validates the equality of the value in `key` with `value`.                     | Equals(\`grp\`, \`admin\`)                   |
-| Prefix            | Validates the value in `key` has the prefix of `value`.                        | Prefix(\`referrer\`, \`http://example.com\`) |
-| Contains (string) | Validates the value in `key` contains `value`.                                 | Contains(\`referrer\`, \`/foo/\`)            |
-| Contains (array)  | Validates the `key` array contains the `value`.                                | Contains(\`areas\`, \`home\`)                |
-| SplitContains     | Validates the value in `key` contains the `value` once split by the separator. | SplitContains(\`scope\`, \` \`, \`writer\`)  |
-| OneOf             | Validates the `key` array contains one of the `values`.                        | OneOf(\`areas\`, \`office\`, \`lab\`)        |
+| <a id="opt-Equals" href="#opt-Equals" title="#opt-Equals">Equals</a> | Validates the equality of the value in `key` with `value`.                     | Equals(\`grp\`, \`admin\`)                   |
+| <a id="opt-Prefix" href="#opt-Prefix" title="#opt-Prefix">Prefix</a> | Validates the value in `key` has the prefix of `value`.                        | Prefix(\`referrer\`, \`http://example.com\`) |
+| <a id="opt-Contains-string" href="#opt-Contains-string" title="#opt-Contains-string">Contains (string)</a> | Validates the value in `key` contains `value`.                                 | Contains(\`referrer\`, \`/foo/\`)            |
+| <a id="opt-Contains-array" href="#opt-Contains-array" title="#opt-Contains-array">Contains (array)</a> | Validates the `key` array contains the `value`.                                | Contains(\`areas\`, \`home\`)                |
+| <a id="opt-SplitContains" href="#opt-SplitContains" title="#opt-SplitContains">SplitContains</a> | Validates the value in `key` contains the `value` once split by the separator. | SplitContains(\`scope\`, \` \`, \`writer\`)  |
+| <a id="opt-OneOf" href="#opt-OneOf" title="#opt-OneOf">OneOf</a> | Validates the `key` array contains one of the `values`.                        | OneOf(\`areas\`, \`office\`, \`lab\`)        |

 All functions can be joined by boolean operands. The supported operands are:

 | Operand | Description        | Example        |
 |---------|--------------------|-----------------|
-| &&      | Compares two functions and returns true only if both evaluate to true. | Equals(\`grp\`, \`admin\`) && Equals(\`active\`, \`true\`)   |
-| \|\|    | Compares two functions and returns true if either evaluate to true.    | Equals(\`grp\`, \`admin\`) \|\| Equals(\`active\`, \`true\`) |
-| !       | Returns false if the function is true, otherwise returns true.         | !Equals(\`grp\`, \`testers\`)                                |
+| <a id="opt-row" href="#opt-row" title="#opt-row">&&</a> | Compares two functions and returns true only if both evaluate to true. | Equals(\`grp\`, \`admin\`) && Equals(\`active\`, \`true\`)   |
+| <a id="opt-row-2" href="#opt-row-2" title="#opt-row-2">\|\|</a> | Compares two functions and returns true if either evaluate to true.    | Equals(\`grp\`, \`admin\`) \|\| Equals(\`active\`, \`true\`) |
+| <a id="opt-row-3" href="#opt-row-3" title="#opt-row-3">!</a> | Returns false if the function is true, otherwise returns true.         | !Equals(\`grp\`, \`testers\`)                                |

 All examples will return true for the following data structure:

@@ -279,9 +279,9 @@ If the `key` contains a `\`, it needs to be doubled `\\`.

    | Example                                   | Description                                                                    |
    | ----------------------------------------- | ------------------------------------------------------------------------------ |
-    | Equals(\`id_token.grp\`, \`admin\`)            | Checks if the value of claim `grp` in the ID token is `admin`.            |
-    | Prefix(\`access_token.referrer\`, \`http://example.com\`)            | Checks if the value of claim `referrer` in the access token is prefixed by `http://example.com\`.|
-    | OneOf(\`areas\`, \`office\`, \`lab\`) | Checks if the value of claim `areas` in the ID token is `office` or `labs`.                                 |
+    | <a id="opt-Equalsid-token-grp-admin" href="#opt-Equalsid-token-grp-admin" title="#opt-Equalsid-token-grp-admin">Equals(\`id_token.grp\`, \`admin\`)</a> | Checks if the value of claim `grp` in the ID token is `admin`.            |
+    | <a id="opt-Prefixaccess-token-referrer-httpexample-com" href="#opt-Prefixaccess-token-referrer-httpexample-com" title="#opt-Prefixaccess-token-referrer-httpexample-com">Prefix(\`access_token.referrer\`, \`http://example.com\`)</a> | Checks if the value of claim `referrer` in the access token is prefixed by `http://example.com\`.|
+    | <a id="opt-OneOfareas-office-lab" href="#opt-OneOfareas-office-lab" title="#opt-OneOfareas-office-lab">OneOf(\`areas\`, \`office\`, \`lab\`)</a> | Checks if the value of claim `areas` in the ID token is `office` or `labs`.                                 |

 ### clientConfig

--- a/docs/content/reference/routing-configuration/http/middlewares/opa.md
+++ b/docs/content/reference/routing-configuration/http/middlewares/opa.md
@@ -64,9 +64,9 @@ spec:

 | Field    | Description   | Default | Required        |
 |:---------|-----------------------|:--------|:----------------------------|
-| `policy` | Path or the content of a [policy file](https://www.openpolicyagent.org/docs/v0.66.0/kubernetes-primer/#writing-policies). | ""      | No (one of `policy` or `bundlePath` must be set) |
-| `bundlePath` | The `bundlePath` option should contain the path to an OPA [bundle](https://www.openpolicyagent.org/docs/v0.66.0/management-bundles/). | ""      | No (one of `policy` or `bundlePath` must be set) |
-| `allow` | The `allow` option sets the expression to evaluate that determines if the request should be authorized. | ""      | No (one of `allow` or `forwardHeaders` must be set) |
-| `forwardHeaders` | The `forwardHeaders` option sets the HTTP headers to add to requests and populates them with the result of the given expression. | ""      | No (one of `allow` or `forwardHeaders` must be set) |   
+| <a id="opt-policy" href="#opt-policy" title="#opt-policy">`policy`</a> | Path or the content of a [policy file](https://www.openpolicyagent.org/docs/v0.66.0/kubernetes-primer/#writing-policies). | ""      | No (one of `policy` or `bundlePath` must be set) |
+| <a id="opt-bundlePath" href="#opt-bundlePath" title="#opt-bundlePath">`bundlePath`</a> | The `bundlePath` option should contain the path to an OPA [bundle](https://www.openpolicyagent.org/docs/v0.66.0/management-bundles/). | ""      | No (one of `policy` or `bundlePath` must be set) |
+| <a id="opt-allow" href="#opt-allow" title="#opt-allow">`allow`</a> | The `allow` option sets the expression to evaluate that determines if the request should be authorized. | ""      | No (one of `allow` or `forwardHeaders` must be set) |
+| <a id="opt-forwardHeaders" href="#opt-forwardHeaders" title="#opt-forwardHeaders">`forwardHeaders`</a> | The `forwardHeaders` option sets the HTTP headers to add to requests and populates them with the result of the given expression. | ""      | No (one of `allow` or `forwardHeaders` must be set) |   

 {!traefik-for-business-applications.md!}
--- a/docs/content/reference/routing-configuration/http/middlewares/overview.md
+++ b/docs/content/reference/routing-configuration/http/middlewares/overview.md
@@ -20,29 +20,29 @@ Middlewares that use the same protocol can be combined into chains to fit every

 | Middleware                                | Purpose                                           | Area                        |
 |-------------------------------------------|---------------------------------------------------|-----------------------------|
-| [AddPrefix](addprefix.md)                 | Adds a Path Prefix                                | Path Modifier               |
-| [BasicAuth](basicauth.md)                 | Adds Basic Authentication                         | Security, Authentication    |
-| [Buffering](buffering.md)                 | Buffers the request/response                      | Request Lifecycle           |
-| [Chain](chain.md)                         | Combines multiple pieces of middleware            | Misc                        |
-| [CircuitBreaker](circuitbreaker.md)       | Prevents calling unhealthy services               | Request Lifecycle           |
-| [Compress](compress.md)                   | Compresses the response                           | Content Modifier            |
-| [ContentType](contenttype.md)             | Handles Content-Type auto-detection               | Misc                        |
-| [DigestAuth](digestauth.md)               | Adds Digest Authentication                        | Security, Authentication    |
-| [Errors](errorpages.md)                   | Defines custom error pages                        | Request Lifecycle           |
-| [ForwardAuth](forwardauth.md)             | Delegates Authentication                          | Security, Authentication    |
-| [GrpcWeb](grpcweb.md)                     | Converts gRPC Web requests to HTTP/2 gRPC requests.                           | Request                   |
-| [Headers](headers.md)                     | Adds / Updates headers                            | Security                    |
-| [IPAllowList](ipallowlist.md)             | Limits the allowed client IPs                     | Security, Request lifecycle |
-| [InFlightReq](inflightreq.md)             | Limits the number of simultaneous connections     | Security, Request lifecycle |
-| [PassTLSClientCert](passtlsclientcert.md) | Adds Client Certificates in a Header              | Security                    |
-| [RateLimit](ratelimit.md)                 | Limits the call frequency                         | Security, Request lifecycle |
-| [RedirectScheme](redirectscheme.md)       | Redirects based on scheme                         | Request lifecycle           |
-| [RedirectRegex](redirectregex.md)         | Redirects based on regex                          | Request lifecycle           |
-| [ReplacePath](replacepath.md)             | Changes the path of the request                   | Path Modifier               |
-| [ReplacePathRegex](replacepathregex.md)   | Changes the path of the request                   | Path Modifier               |
-| [Retry](retry.md)                         | Automatically retries in case of error            | Request lifecycle           |
-| [StripPrefix](stripprefix.md)             | Changes the path of the request                   | Path Modifier               |
-| [StripPrefixRegex](stripprefixregex.md)   | Changes the path of the request                   | Path Modifier               |
+| <a id="opt-AddPrefix" href="#opt-AddPrefix" title="#opt-AddPrefix">[AddPrefix](addprefix.md)</a> | Adds a Path Prefix                                | Path Modifier               |
+| <a id="opt-BasicAuth" href="#opt-BasicAuth" title="#opt-BasicAuth">[BasicAuth](basicauth.md)</a> | Adds Basic Authentication                         | Security, Authentication    |
+| <a id="opt-Buffering" href="#opt-Buffering" title="#opt-Buffering">[Buffering](buffering.md)</a> | Buffers the request/response                      | Request Lifecycle           |
+| <a id="opt-Chain" href="#opt-Chain" title="#opt-Chain">[Chain](chain.md)</a> | Combines multiple pieces of middleware            | Misc                        |
+| <a id="opt-CircuitBreaker" href="#opt-CircuitBreaker" title="#opt-CircuitBreaker">[CircuitBreaker](circuitbreaker.md)</a> | Prevents calling unhealthy services               | Request Lifecycle           |
+| <a id="opt-Compress" href="#opt-Compress" title="#opt-Compress">[Compress](compress.md)</a> | Compresses the response                           | Content Modifier            |
+| <a id="opt-ContentType" href="#opt-ContentType" title="#opt-ContentType">[ContentType](contenttype.md)</a> | Handles Content-Type auto-detection               | Misc                        |
+| <a id="opt-DigestAuth" href="#opt-DigestAuth" title="#opt-DigestAuth">[DigestAuth](digestauth.md)</a> | Adds Digest Authentication                        | Security, Authentication    |
+| <a id="opt-Errors" href="#opt-Errors" title="#opt-Errors">[Errors](errorpages.md)</a> | Defines custom error pages                        | Request Lifecycle           |
+| <a id="opt-ForwardAuth" href="#opt-ForwardAuth" title="#opt-ForwardAuth">[ForwardAuth](forwardauth.md)</a> | Delegates Authentication                          | Security, Authentication    |
+| <a id="opt-GrpcWeb" href="#opt-GrpcWeb" title="#opt-GrpcWeb">[GrpcWeb](grpcweb.md)</a> | Converts gRPC Web requests to HTTP/2 gRPC requests.                           | Request                   |
+| <a id="opt-Headers" href="#opt-Headers" title="#opt-Headers">[Headers](headers.md)</a> | Adds / Updates headers                            | Security                    |
+| <a id="opt-IPAllowList" href="#opt-IPAllowList" title="#opt-IPAllowList">[IPAllowList](ipallowlist.md)</a> | Limits the allowed client IPs                     | Security, Request lifecycle |
+| <a id="opt-InFlightReq" href="#opt-InFlightReq" title="#opt-InFlightReq">[InFlightReq](inflightreq.md)</a> | Limits the number of simultaneous connections     | Security, Request lifecycle |
+| <a id="opt-PassTLSClientCert" href="#opt-PassTLSClientCert" title="#opt-PassTLSClientCert">[PassTLSClientCert](passtlsclientcert.md)</a> | Adds Client Certificates in a Header              | Security                    |
+| <a id="opt-RateLimit" href="#opt-RateLimit" title="#opt-RateLimit">[RateLimit](ratelimit.md)</a> | Limits the call frequency                         | Security, Request lifecycle |
+| <a id="opt-RedirectScheme" href="#opt-RedirectScheme" title="#opt-RedirectScheme">[RedirectScheme](redirectscheme.md)</a> | Redirects based on scheme                         | Request lifecycle           |
+| <a id="opt-RedirectRegex" href="#opt-RedirectRegex" title="#opt-RedirectRegex">[RedirectRegex](redirectregex.md)</a> | Redirects based on regex                          | Request lifecycle           |
+| <a id="opt-ReplacePath" href="#opt-ReplacePath" title="#opt-ReplacePath">[ReplacePath](replacepath.md)</a> | Changes the path of the request                   | Path Modifier               |
+| <a id="opt-ReplacePathRegex" href="#opt-ReplacePathRegex" title="#opt-ReplacePathRegex">[ReplacePathRegex](replacepathregex.md)</a> | Changes the path of the request                   | Path Modifier               |
+| <a id="opt-Retry" href="#opt-Retry" title="#opt-Retry">[Retry](retry.md)</a> | Automatically retries in case of error            | Request lifecycle           |
+| <a id="opt-StripPrefix" href="#opt-StripPrefix" title="#opt-StripPrefix">[StripPrefix](stripprefix.md)</a> | Changes the path of the request                   | Path Modifier               |
+| <a id="opt-StripPrefixRegex" href="#opt-StripPrefixRegex" title="#opt-StripPrefixRegex">[StripPrefixRegex](stripprefixregex.md)</a> | Changes the path of the request                   | Path Modifier               |

 ## Community Middlewares

--- a/Show More
+++ b/Show More
Author	SHA1	Message	Date
Romain	bb10b9df91	Prepare release v3.5.6	2025-11-07 14:40:05 +01:00
Romain	b1834122a1	Prepare release v3.5.5	2025-11-07 14:16:04 +01:00
kevinpollet	12887f992a	Merge branch v2.11 into v3.5	2025-11-07 11:59:54 +01:00
Kevin Pollet	effca0a603	Update letsencrypt/pebble to use ghcr image	2025-11-07 11:58:04 +01:00
Romain	4e3022628d	Filter unknown nodes with file and env for the deprecation loader Co-authored-by: Kevin Pollet <pollet.kevin@gmail.com>	2025-11-04 17:00:06 +01:00
Ludovic Fernandez	e1e350f5aa	Bump github.com/go-acme/lego/v4 to v4.28.0	2025-11-04 11:32:05 +01:00
Sheddy	1d8cd5a89b	Add missing ACME options and clean up table for more visibility	2025-11-03 09:14:04 +01:00
Antoine Aflalo	c4c3968109	Fix default encodings in compress middleware	2025-10-31 09:24:04 +01:00
Sheddy	2e2fe7a817	Update Configuration Overview Page	2025-10-30 14:22:04 +01:00
Romain	06f401d472	Prepare release v3.5.4	2025-10-28 11:44:04 +01:00
kevinpollet	3b9eaed9c9	Merge branch v2.11 into v3.5	2025-10-28 09:54:03 +01:00
Romain	998868450f	Prepare release v2.11.30	2025-10-28 09:44:04 +01:00
Daniel Peinhopf	8914057766	Add missing reference docs for statusRewrites in errors middleware	2025-10-27 10:52:04 +01:00
Asaf Mesika	e1b6668a84	Clarify health check requirement for server status metric	2025-10-27 10:34:04 +01:00
Michel Loiseleur	e67fbcc5c2	Add API basePath documentation and fix broken links	2025-10-27 10:20:05 +01:00
Germain Lefebvre	ea3e08ec3b	Fix metric name to metrics.otlp.grpc.insecure	2025-10-27 09:34:04 +01:00
Romain	f3ecfa82bc	Mitigate TestShutdown flakyness	2025-10-23 14:30:05 +02:00
Ludovic Fernandez	5e2b393ceb	Fix Hetzner env var name inside documentation	2025-10-23 11:36:04 +02:00
Romain	0880cc672f	Mitigate TestShutdownUDPConn flakyness	2025-10-23 11:28:04 +02:00
iraj jelodari	822f349fa1	Fix typo in TLS certificate generation description	2025-10-23 09:16:04 +02:00
homersimpsons	6c4dfaa56e	Fix anchors in basic auth configuration options	2025-10-20 16:38:04 +02:00
Ludovic Fernandez	ecf08b91a3	Bump github.com/go-acme/lego/v4 to v4.27.0	2025-10-20 16:22:06 +02:00
Evgenii Domashenkin	b4847d74bc	Do not fail when pod is not found in K8sAttributesDetector	2025-10-20 15:24:05 +02:00
Landry Benguigui	6e0012cb0a	fix: enable stdio logging when otlp is enabled	2025-10-17 16:06:06 +02:00
Landry Benguigui	862116c050	Remove flaky TestReadLoopMaxDataSize	2025-10-17 15:16:10 +02:00
Nicolas Mengin	3a7d331967	Merge TLSOption/TLSStore CRD documentation page	2025-10-17 14:54:04 +02:00
Kevin Pollet	9dfcded534	Bump github.com/kvtools/etcdv3 to v1.0.3	2025-10-16 17:48:04 +02:00
Kevin Pollet	ffd82c92cb	Fix KV key name used to check if connection is alive	2025-10-16 16:50:05 +02:00
romain	f7e59510b4	Merge branch v2.11 into v3.5	2025-10-14 17:15:54 +02:00
Romain	835899f4bc	Replace internal dead links	2025-10-14 16:26:05 +02:00
Kevin Pollet	34d7091f31	Bump github.com/quic-go/quic-go to v0.55.0	2025-10-14 15:48:05 +02:00
Xuetao Li	0ea8cbdfbf	Clarify log.filePath behavior in documentation	2025-10-14 10:18:05 +02:00
Michel Loiseleur	c18ba96f87	Align documentation on default otlp endpoint	2025-10-14 09:26:44 +02:00
Romain	cc1cb77abb	Clean and avoid collisions of anchors in option tables	2025-10-13 11:34:04 +02:00
Kevin Pollet	b04759a80b	Bump golang.org/x/net to v0.46.0	2025-10-10 17:22:04 +02:00
MaBu	b2f9996fa4	Fix markdown rendering for table anchors	2025-10-10 14:16:04 +02:00
Romain	fe730d3ad9	Make the staple updates continuous	2025-10-10 12:10:05 +02:00
shreealt	c948417866	Rename traefik_tls_certs_not_after_milliseconds to traefik_tls_certs_not_after_seconds	2025-10-10 11:10:05 +02:00
GreyXor	b61df559d2	Bump github.com/quic-go/quic-go to v0.55.0	2025-10-10 10:40:45 +02:00
Kevin Pollet	2a3b696d85	Fix provider option descriptions	2025-10-07 14:38:05 +01:00
Romain	5688b1777d	Fix wrong references to router's pages	2025-10-06 15:42:08 +01:00
Kevin Pollet	c61fb89d3f	Use k8s.ResourceEventHandler for Gateway API provider	2025-10-06 07:58:04 +01:00
Michael	c5ed376d5f	fix: otel not working without USER	2025-10-03 13:48:04 +01:00
Martin Saldinger	ad566ee9ef	Fix PreserveRequestMethod casing	2025-10-03 13:10:04 +01:00
Simon A. Eugster	83b28270a4	Fix heading levels and add links	2025-10-03 09:52:04 +01:00
Hannah Kim	8441c476f1	Bump gopkg.in/DataDog/dd-trace-go.v1 to v1.74.6	2025-10-03 09:44:04 +01:00
Ludovic Fernandez	5f415615eb	Bump github.com/go-acme/lego/v4 to v4.26.0	2025-10-03 09:42:04 +01:00
Romain	5dfb832921	Update OpenTelemetry to v1.38.0 and semantic conventions to v1.37.0	2025-10-03 09:04:04 +01:00
Romain	5878238077	Add dedicated pages for routers and fix doc links in CRDs	2025-10-02 16:32:04 +01:00
shreealt	614ba391fa	Fix incorrect addInternals configuration option	2025-10-02 15:54:05 +01:00
Stefan Ortgies	92d06b733c	Fix swam code example	2025-10-02 15:34:04 +01:00
Ryan Bruntz	98121cb081	Fix link for accesslog.fields.names in documentation	2025-10-02 09:00:04 +01:00
Miro Michalicka	52fa989d00	Fix typo in ingressroute.md from pirority to priority	2025-10-02 08:08:04 +01:00
Massimiliano D.	6aaae0e6f7	Fix version display regression	2025-09-30 14:42:04 +01:00
Paweł Czochański	b0a6c40c33	Document rejectStatusCode	2025-09-30 10:28:04 +01:00
Sheddy	7c30752d21	chore: fix incorrect option and lint page	2025-09-29 14:16:08 +01:00
Asger Hautop Drewsen	284d665aa0	docs: Format more HTTP headers as code	2025-09-29 13:50:04 +01:00
Romain	5ab001b55b	Prepare release v3.5.3	2025-09-26 09:46:03 +01:00
Darkangeel_hd	7e3dbc22f7	Fix typo in rules and priority documentation	2025-09-23 08:22:06 +01:00
Sheddy	53df34e070	docs: add govern section	2025-09-22 13:38:05 +01:00
Evgenii Domashenkin	e4f0f7be35	ServersTransport: set minimum MaxIdleConnsPerHost=-1	2025-09-22 10:54:04 +01:00
Massimiliano D.	2580d0f95c	Update hub-button-app to use a local script Co-authored-by: Firespray-31 <147506444+Firespray-31@users.noreply.github.com>	2025-09-22 09:00:44 +01:00
Romain	5df4c270a7	Use client conn to build the proxy protocol header Co-authored-by: Simon Delicata <simon.delicata@free.fr>	2025-09-19 10:36:05 +02:00
Nicolas Mengin	660acf3b42	Create Traefik Service CRD sub-resource documentation page.	2025-09-17 14:56:06 +02:00
Harold Ozouf	fed86bd816	Refactor plugins system	2025-09-16 16:16:07 +02:00
Matteo Bongiovanni	ffd01fc88a	Fix conflict in IngressRouteTCP documentation	2025-09-16 10:50:05 +02:00
Nicolas Mengin	27a820950a	Reorganize the menu entries	2025-09-12 10:02:05 +02:00
Mark Ormesher	f9f825163a	fix config examples in entrypoints.md	2025-09-12 09:44:04 +02:00
Michel Loiseleur	cff924f4fd	Fix broken links in documentation	2025-09-11 14:48:04 +02:00
Sheddy	01bc0a0a0a	Add New Secure Section to the Documentation	2025-09-11 09:44:04 +02:00
Nicolas Mengin	c294b87a45	Add an anchor on the options names.	2025-09-09 17:26:05 +02:00