Merge pull request #251 from sample/master

Add defaultExpose option to marathon section

.gitignore

@@ -7,4 +7,4 @@ traefik
 traefik.toml
 *.test
 vendor/
-static/
+static/

.travis.yml

@@ -1,6 +1,10 @@
+branches:
+  except:
+    - /^v\d\.\d\.\d.*$/
+    
 env:
   REPO: $TRAVIS_REPO_SLUG
-  VERSION: v1.0.alpha.$TRAVIS_COMMIT
+  VERSION: v1.0.0-beta.$TRAVIS_BUILD_NUMBER
 
 sudo: required
 

README.md

@@ -1,5 +1,7 @@
-![Træfɪk](http://traefik.github.io/traefik.logo.svg  "Træfɪk")
-___
+
+<p align="center">
+<img src="http://traefik.github.io/traefik.logo.svg" alt="Træfɪk" title="Træfɪk" />
+</p>
 
 [![Build Status](https://travis-ci.org/containous/traefik.svg?branch=master)](https://travis-ci.org/containous/traefik)
 [![License](https://img.shields.io/badge/license-MIT-blue.svg?style=flat-square)](https://github.com/containous/traefik/blob/master/LICENSE.md)
@@ -14,13 +16,14 @@ It supports several backends ([Docker :whale:](https://www.docker.com/), [Mesos/
 
 ## Features
 
+- [It's fast](docs/index.md#benchmarks)
 - No dependency hell, single binary made with go
 - Simple json Rest API
 - Simple TOML file configuration
 - Multiple backends supported: Docker, Mesos/Marathon, Consul, Etcd, and more to come
 - Watchers for backends, can listen change in backends to apply a new configuration automatically
 - Hot-reloading of configuration. No need to restart the process
-- Graceful shutdown http connections during hot-reloads
+- Graceful shutdown http connections
 - Circuit breakers on backends
 - Round Robin, rebalancer load-balancers
 - Rest Metrics

build.Dockerfile

@@ -24,6 +24,7 @@ RUN ln -s /usr/local/bin/docker-${DOCKER_VERSION} /usr/local/bin/docker
 WORKDIR /go/src/github.com/containous/traefik
 
 COPY glide.yaml glide.yaml
-RUN glide up --quick
+COPY glide.lock glide.lock
+RUN glide install
 
 COPY . /go/src/github.com/containous/traefik

cmd.go

@@ -45,9 +45,11 @@ var arguments = struct {
 	dockerTLS     bool
 	marathon      bool
 	consul        bool
+	consulTLS     bool
 	consulCatalog bool
 	zookeeper     bool
 	etcd          bool
+	etcdTLS       bool
 	boltdb        bool
 }{
 	GlobalConfiguration{
@@ -55,14 +57,22 @@ var arguments = struct {
 		Docker: &provider.Docker{
 			TLS: &provider.DockerTLS{},
 		},
-		File:          &provider.File{},
-		Web:           &WebProvider{},
-		Marathon:      &provider.Marathon{},
-		Consul:        &provider.Consul{},
+		File:     &provider.File{},
+		Web:      &WebProvider{},
+		Marathon: &provider.Marathon{},
+		Consul: &provider.Consul{
+			Kv: provider.Kv{
+				TLS: &provider.KvTLS{},
+			},
+		},
 		ConsulCatalog: &provider.ConsulCatalog{},
 		Zookeeper:     &provider.Zookepper{},
-		Etcd:          &provider.Etcd{},
-		Boltdb:        &provider.BoltDb{},
+		Etcd: &provider.Etcd{
+			Kv: provider.Kv{
+				TLS: &provider.KvTLS{},
+			},
+		},
+		Boltdb: &provider.BoltDb{},
 	},
 	false,
 	false,
@@ -74,6 +84,8 @@ var arguments = struct {
 	false,
 	false,
 	false,
+	false,
+	false,
 }
 
 func init() {
@@ -114,13 +126,18 @@ func init() {
 	traefikCmd.PersistentFlags().StringVar(&arguments.Marathon.Filename, "marathon.filename", "", "Override default configuration template. For advanced users :)")
 	traefikCmd.PersistentFlags().StringVar(&arguments.Marathon.Endpoint, "marathon.endpoint", "http://127.0.0.1:8080", "Marathon server endpoint. You can also specify multiple endpoint for Marathon")
 	traefikCmd.PersistentFlags().StringVar(&arguments.Marathon.Domain, "marathon.domain", "", "Default domain used")
-	traefikCmd.PersistentFlags().StringVar(&arguments.Marathon.NetworkInterface, "marathon.networkInterface", "eth0", "Network interface used to call Marathon web services. Needed in case of multiple network interfaces")
+	traefikCmd.PersistentFlags().BoolVar(&arguments.Marathon.ExposedByDefault, "marathon.exposedByDefault", true, "Expose Marathon apps by default")
 
 	traefikCmd.PersistentFlags().BoolVar(&arguments.consul, "consul", false, "Enable Consul backend")
 	traefikCmd.PersistentFlags().BoolVar(&arguments.Consul.Watch, "consul.watch", true, "Watch provider")
 	traefikCmd.PersistentFlags().StringVar(&arguments.Consul.Filename, "consul.filename", "", "Override default configuration template. For advanced users :)")
-	traefikCmd.PersistentFlags().StringVar(&arguments.Consul.Endpoint, "consul.endpoint", "127.0.0.1:8500", "Consul server endpoint")
+	traefikCmd.PersistentFlags().StringVar(&arguments.Consul.Endpoint, "consul.endpoint", "127.0.0.1:8500", "Comma sepparated Consul server endpoints")
 	traefikCmd.PersistentFlags().StringVar(&arguments.Consul.Prefix, "consul.prefix", "/traefik", "Prefix used for KV store")
+	traefikCmd.PersistentFlags().BoolVar(&arguments.consulTLS, "consul.tls", false, "Enable Consul TLS support")
+	traefikCmd.PersistentFlags().StringVar(&arguments.Consul.TLS.CA, "consul.tls.ca", "", "TLS CA")
+	traefikCmd.PersistentFlags().StringVar(&arguments.Consul.TLS.Cert, "consul.tls.cert", "", "TLS cert")
+	traefikCmd.PersistentFlags().StringVar(&arguments.Consul.TLS.Key, "consul.tls.key", "", "TLS key")
+	traefikCmd.PersistentFlags().BoolVar(&arguments.Consul.TLS.InsecureSkipVerify, "consul.tls.insecureSkipVerify", false, "TLS insecure skip verify")
 
 	traefikCmd.PersistentFlags().BoolVar(&arguments.consulCatalog, "consulCatalog", false, "Enable Consul catalog backend")
 	traefikCmd.PersistentFlags().StringVar(&arguments.ConsulCatalog.Domain, "consulCatalog.domain", "", "Default domain used")
@@ -129,14 +146,19 @@ func init() {
 	traefikCmd.PersistentFlags().BoolVar(&arguments.zookeeper, "zookeeper", false, "Enable Zookeeper backend")
 	traefikCmd.PersistentFlags().BoolVar(&arguments.Zookeeper.Watch, "zookeeper.watch", true, "Watch provider")
 	traefikCmd.PersistentFlags().StringVar(&arguments.Zookeeper.Filename, "zookeeper.filename", "", "Override default configuration template. For advanced users :)")
-	traefikCmd.PersistentFlags().StringVar(&arguments.Zookeeper.Endpoint, "zookeeper.endpoint", "127.0.0.1:2181", "Zookeeper server endpoint")
+	traefikCmd.PersistentFlags().StringVar(&arguments.Zookeeper.Endpoint, "zookeeper.endpoint", "127.0.0.1:2181", "Comma sepparated Zookeeper server endpoints")
 	traefikCmd.PersistentFlags().StringVar(&arguments.Zookeeper.Prefix, "zookeeper.prefix", "/traefik", "Prefix used for KV store")
 
 	traefikCmd.PersistentFlags().BoolVar(&arguments.etcd, "etcd", false, "Enable Etcd backend")
 	traefikCmd.PersistentFlags().BoolVar(&arguments.Etcd.Watch, "etcd.watch", true, "Watch provider")
 	traefikCmd.PersistentFlags().StringVar(&arguments.Etcd.Filename, "etcd.filename", "", "Override default configuration template. For advanced users :)")
-	traefikCmd.PersistentFlags().StringVar(&arguments.Etcd.Endpoint, "etcd.endpoint", "127.0.0.1:4001", "Etcd server endpoint")
+	traefikCmd.PersistentFlags().StringVar(&arguments.Etcd.Endpoint, "etcd.endpoint", "127.0.0.1:4001", "Comma sepparated Etcd server endpoints")
 	traefikCmd.PersistentFlags().StringVar(&arguments.Etcd.Prefix, "etcd.prefix", "/traefik", "Prefix used for KV store")
+	traefikCmd.PersistentFlags().BoolVar(&arguments.etcdTLS, "etcd.tls", false, "Enable Etcd TLS support")
+	traefikCmd.PersistentFlags().StringVar(&arguments.Etcd.TLS.CA, "etcd.tls.ca", "", "TLS CA")
+	traefikCmd.PersistentFlags().StringVar(&arguments.Etcd.TLS.Cert, "etcd.tls.cert", "", "TLS cert")
+	traefikCmd.PersistentFlags().StringVar(&arguments.Etcd.TLS.Key, "etcd.tls.key", "", "TLS key")
+	traefikCmd.PersistentFlags().BoolVar(&arguments.Etcd.TLS.InsecureSkipVerify, "etcd.tls.insecureSkipVerify", false, "TLS insecure skip verify")
 
 	traefikCmd.PersistentFlags().BoolVar(&arguments.boltdb, "boltdb", false, "Enable Boltdb backend")
 	traefikCmd.PersistentFlags().BoolVar(&arguments.Boltdb.Watch, "boltdb.watch", true, "Watch provider")

configuration.go

@@ -222,6 +222,9 @@ func LoadConfiguration() *GlobalConfiguration {
 	if arguments.marathon {
 		viper.Set("marathon", arguments.Marathon)
 	}
+	if !arguments.consulTLS {
+		arguments.Consul.TLS = nil
+	}
 	if arguments.consul {
 		viper.Set("consul", arguments.Consul)
 	}
@@ -231,6 +234,9 @@ func LoadConfiguration() *GlobalConfiguration {
 	if arguments.zookeeper {
 		viper.Set("zookeeper", arguments.Zookeeper)
 	}
+	if !arguments.etcdTLS {
+		arguments.Etcd.TLS = nil
+	}
 	if arguments.etcd {
 		viper.Set("etcd", arguments.Etcd)
 	}

contrib/systemd/traefik.service

@@ -2,5 +2,5 @@
 Description=Traefik
 
 [Service]
-ExecStart=/usr/bin/traefik /etc/traefik.toml
+ExecStart=/usr/bin/traefik --configFile=/etc/traefik.toml
 Restart=on-failure

docs/index.md

@@ -37,7 +37,9 @@ Frontends can be defined using the following rules:
 - `Host`: Host adds a matcher for the URL host. It accepts a template with zero or more URL variables enclosed by `{}`. Variables can define an optional regexp pattern to be matched: `www.traefik.io`, `{subdomain:[a-z]+}.traefik.io`
 - `Methods`: Methods adds a matcher for HTTP methods. It accepts a sequence of one or more methods to be matched, e.g.: `GET`, `POST`, `PUT`
 - `Path`: Path adds a matcher for the URL path. It accepts a template with zero or more URL variables enclosed by `{}`. The template must start with a `/`. For exemple `/products/` `/articles/{category}/{id:[0-9]+}`
+- `PathStrip`: Same as `Path` but strip the given prefix from the request URL's Path.
 - `PathPrefix`: PathPrefix adds a matcher for the URL path prefix. This matches if the given template is a prefix of the full URL path.
+- `PathPrefixStrip`: Same as `PathPrefix` but strip the given prefix from the request URL's Path.
 
 
  A frontend is a set of rules that forwards the incoming http traffic to a backend.
@@ -106,9 +108,14 @@ Flags:
       --boltdb.watch                         Watch provider (default true)
   -c, --configFile string                    Configuration file to use (TOML, JSON, YAML, HCL).
       --consul                               Enable Consul backend
-      --consul.endpoint string               Consul server endpoint (default "127.0.0.1:8500")
+      --consul.endpoint string               Comma sepparated Consul server endpoints (default "127.0.0.1:8500")
       --consul.filename string               Override default configuration template. For advanced users :)
       --consul.prefix string                 Prefix used for KV store (default "/traefik")
+      --consul.tls                           Enable Consul TLS support
+      --consul.tls.ca string                 TLS CA
+      --consul.tls.cert string               TLS cert
+      --consul.tls.insecureSkipVerify        TLS insecure skip verify
+      --consul.tls.key string                TLS key
       --consul.watch                         Watch provider (default true)
       --consulCatalog                        Enable Consul catalog backend
       --consulCatalog.domain string          Default domain used
@@ -126,9 +133,14 @@ Flags:
       --docker.watch                         Watch provider (default true)
       --entryPoints value                    Entrypoints definition using format: --entryPoints='Name:http Address::8000 Redirect.EntryPoint:https' --entryPoints='Name:https Address::4442 TLS:tests/traefik.crt,tests/traefik.key'
       --etcd                                 Enable Etcd backend
-      --etcd.endpoint string                 Etcd server endpoint (default "127.0.0.1:4001")
+      --etcd.endpoint string                 Comma sepparated Etcd server endpoints (default "127.0.0.1:4001")
       --etcd.filename string                 Override default configuration template. For advanced users :)
       --etcd.prefix string                   Prefix used for KV store (default "/traefik")
+      --etcd.tls                             Enable Etcd TLS support
+      --etcd.tls.ca string                   TLS CA
+      --etcd.tls.cert string                 TLS cert
+      --etcd.tls.insecureSkipVerify          TLS insecure skip verify
+      --etcd.tls.key string                  TLS key
       --etcd.watch                           Watch provider (default true)
       --file                                 Enable File backend
       --file.filename string                 Override default configuration template. For advanced users :)
@@ -139,10 +151,8 @@ Flags:
       --marathon.domain string               Default domain used
       --marathon.endpoint string             Marathon server endpoint. You can also specify multiple endpoint for Marathon (default "http://127.0.0.1:8080")
       --marathon.filename string             Override default configuration template. For advanced users :)
-      --marathon.networkInterface string     Network interface used to call Marathon web services. Needed in case of multiple network interfaces (default "eth0")
       --marathon.watch                       Watch provider (default true)
       --maxIdleConnsPerHost int              If non-zero, controls the maximum idle (keep-alive) to keep per-host.  If zero, DefaultMaxIdleConnsPerHost is used
-  -p, --port string                          Reverse proxy port (default ":80")
       --providersThrottleDuration duration   Backends throttle duration: minimum duration between 2 events from providers before applying a new configuration. It avoids unnecessary reloads if multiples events are sent in a short amount of time. (default 2s)
       --traefikLogsFile string               Traefik logs file (default "log/traefik.log")
       --web                                  Enable Web backend
@@ -151,7 +161,7 @@ Flags:
       --web.keyFile string                   SSL certificate
       --web.readOnly                         Enable read only API
       --zookeeper                            Enable Zookeeper backend
-      --zookeeper.endpoint string            Zookeeper server endpoint (default "127.0.0.1:2181")
+      --zookeeper.endpoint string            Comma sepparated Zookeeper server endpoints (default "127.0.0.1:2181")
       --zookeeper.filename string            Override default configuration template. For advanced users :)
       --zookeeper.prefix string              Prefix used for KV store (default "/traefik")
       --zookeeper.watch                      Watch provider (default true)
@@ -629,12 +639,6 @@ Træfɪk can be configured to use Marathon as a backend configuration:
 #
 endpoint = "http://127.0.0.1:8080"
 
-# Network interface used to call Marathon web services. Needed in case of multiple network interfaces.
-# Optional
-# Default: "eth0"
-#
-networkInterface = "eth0"
-
 # Enable watch Marathon changes
 #
 # Optional
@@ -722,6 +726,16 @@ prefix = "traefik"
 # Optional
 #
 # filename = "consul.tmpl"
+
+# Enable consul TLS connection
+#
+# Optional
+#
+# [consul.tls]
+# ca = "/etc/ssl/ca.crt"
+# cert = "/etc/ssl/consul.crt"
+# key = "/etc/ssl/consul.key"
+# insecureskipverify = true
 ```
 
 The Keys-Values structure should look (using `prefix = "/traefik"`):
@@ -803,6 +817,16 @@ Træfɪk can be configured to use Etcd as a backend configuration:
 # Optional
 #
 # filename = "etcd.tmpl"
+
+# Enable etcd TLS connection
+#
+# Optional
+#
+# [etcd.tls]
+# ca = "/etc/ssl/ca.crt"
+# cert = "/etc/ssl/etcd.crt"
+# key = "/etc/ssl/etcd.key"
+# insecureskipverify = true
 ```
 
 The Keys-Values structure should look (using `prefix = "/traefik"`):
@@ -1038,128 +1062,71 @@ Note that Træfɪk *will not watch for key changes in the `/traefik_configuratio
 
 ## <a id="benchmarks"></a> Benchmarks
 
-Here are some early Benchmarks between Nginx and Træfɪk acting as simple load balancers between two servers.
+Here are some early Benchmarks between Nginx, HA-Proxy and Træfɪk acting as simple load balancers between two servers.
 
 - Nginx:
 
 ```sh
-$ docker run -d -e VIRTUAL_HOST=test1.localhost emilevauge/whoami
-$ docker run -d -e VIRTUAL_HOST=test1.localhost emilevauge/whoami
+$ docker run -d -e VIRTUAL_HOST=test.nginx.localhost emilevauge/whoami
+$ docker run -d -e VIRTUAL_HOST=test.nginx.localhost emilevauge/whoami
 $ docker run --log-driver=none -d -p 80:80 -v /var/run/docker.sock:/tmp/docker.sock:ro jwilder/nginx-proxy
-$ ab -n 20000 -c 20  -r http://test1.localhost/
-This is ApacheBench, Version 2.3 <$Revision: 1528965 $>
-Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
-Licensed to The Apache Software Foundation, http://www.apache.org/
+$ wrk -t12 -c400 -d60s -H "Host: test.nginx.localhost" --latency http://127.0.0.1:80
+Running 1m test @ http://127.0.0.1:80
+  12 threads and 400 connections
+  Thread Stats   Avg      Stdev     Max   +/- Stdev
+    Latency   162.61ms  203.34ms   1.72s    91.07%
+    Req/Sec   277.57    107.67   790.00     67.53%
+  Latency Distribution
+     50%  128.19ms
+     75%  218.22ms
+     90%  342.12ms
+     99%    1.08s 
+  197991 requests in 1.00m, 82.32MB read
+  Socket errors: connect 0, read 0, write 0, timeout 18
+Requests/sec:   3296.04
+Transfer/sec:      1.37MB
+```
 
-Benchmarking test1.localhost (be patient)
-Completed 2000 requests
-Completed 4000 requests
-Completed 6000 requests
-Completed 8000 requests
-Completed 10000 requests
-Completed 12000 requests
-Completed 14000 requests
-Completed 16000 requests
-Completed 18000 requests
-Completed 20000 requests
-Finished 20000 requests
+- HA-Proxy:
 
-
-Server Software:        nginx/1.9.2
-Server Hostname:        test1.localhost
-Server Port:            80
-
-Document Path:          /
-Document Length:        287 bytes
-
-Concurrency Level:      20
-Time taken for tests:   5.874 seconds
-Complete requests:      20000
-Failed requests:        0
-Total transferred:      8900000 bytes
-HTML transferred:       5740000 bytes
-Requests per second:    3404.97 [#/sec] (mean)
-Time per request:       5.874 [ms] (mean)
-Time per request:       0.294 [ms] (mean, across all concurrent requests)
-Transfer rate:          1479.70 [Kbytes/sec] received
-
-Connection Times (ms)
-              min  mean[+/-sd] median   max
-Connect:        0    0   0.1      0       2
-Processing:     0    6   2.4      6      35
-Waiting:        0    5   2.3      5      33
-Total:          0    6   2.4      6      36
-
-Percentage of the requests served within a certain time (ms)
-  50%      6
-  66%      6
-  75%      7
-  80%      7
-  90%      9
-  95%     10
-  98%     12
-  99%     13
- 100%     36 (longest request)
+```
+$ docker run -d --name web1 -e VIRTUAL_HOST=test.haproxy.localhost emilevauge/whoami
+$ docker run -d --name web2 -e VIRTUAL_HOST=test.haproxy.localhost emilevauge/whoami
+$ docker run -d -p 80:80 --link web1:web1 --link web2:web2 dockercloud/haproxy
+$ wrk -t12 -c400 -d60s -H "Host: test.haproxy.localhost" --latency http://127.0.0.1:80
+Running 1m test @ http://127.0.0.1:80
+  12 threads and 400 connections
+  Thread Stats   Avg      Stdev     Max   +/- Stdev
+    Latency   158.08ms  187.88ms   1.75s    89.61%
+    Req/Sec   281.33    120.47     0.98k    65.88%
+  Latency Distribution
+     50%  121.77ms
+     75%  227.10ms
+     90%  351.98ms
+     99%    1.01s 
+  200462 requests in 1.00m, 59.65MB read
+Requests/sec:   3337.66
+Transfer/sec:      0.99MB
 ```
 
 - Træfɪk:
 
 ```sh
-docker run -d -l traefik.backend=test1 -l traefik.frontend.rule=Host -l traefik.frontend.value=test1.docker.localhost emilevauge/whoami
-docker run -d -l traefik.backend=test1 -l traefik.frontend.rule=Host -l traefik.frontend.value=test1.docker.localhost emilevauge/whoami
-docker run -d -p 8080:8080 -p 80:80 -v $PWD/traefik.toml:/traefik.toml -v /var/run/docker.sock:/var/run/docker.sock containous/traefik
-$ ab -n 20000 -c 20  -r http://test1.docker.localhost/
-This is ApacheBench, Version 2.3 <$Revision: 1528965 $>
-Copyright 1996 Adam Twiss, Zeus Technology Ltd, http://www.zeustech.net/
-Licensed to The Apache Software Foundation, http://www.apache.org/
-
-Benchmarking test1.docker.localhost (be patient)
-Completed 2000 requests
-Completed 4000 requests
-Completed 6000 requests
-Completed 8000 requests
-Completed 10000 requests
-Completed 12000 requests
-Completed 14000 requests
-Completed 16000 requests
-Completed 18000 requests
-Completed 20000 requests
-Finished 20000 requests
-
-
-Server Software:        .
-Server Hostname:        test1.docker.localhost
-Server Port:            80
-
-Document Path:          /
-Document Length:        312 bytes
-
-Concurrency Level:      20
-Time taken for tests:   6.545 seconds
-Complete requests:      20000
-Failed requests:        0
-Total transferred:      8600000 bytes
-HTML transferred:       6240000 bytes
-Requests per second:    3055.60 [#/sec] (mean)
-Time per request:       6.545 [ms] (mean)
-Time per request:       0.327 [ms] (mean, across all concurrent requests)
-Transfer rate:          1283.11 [Kbytes/sec] received
-
-Connection Times (ms)
-              min  mean[+/-sd] median   max
-Connect:        0    0   0.2      0       7
-Processing:     1    6   2.2      6      22
-Waiting:        1    6   2.1      6      21
-Total:          1    7   2.2      6      22
-
-Percentage of the requests served within a certain time (ms)
-  50%      6
-  66%      7
-  75%      8
-  80%      8
-  90%      9
-  95%     10
-  98%     11
-  99%     13
- 100%     22 (longest request)
+$ docker run -d -l traefik.backend=test1 -l traefik.frontend.rule=Host -l traefik.frontend.value=test.traefik.localhost emilevauge/whoami
+$ docker run -d -l traefik.backend=test1 -l traefik.frontend.rule=Host -l traefik.frontend.value=test.traefik.localhost emilevauge/whoami
+$ docker run -d -p 8080:8080 -p 80:80 -v $PWD/traefik.toml:/traefik.toml -v /var/run/docker.sock:/var/run/docker.sock containous/traefik
+$ wrk -t12 -c400 -d60s -H "Host: test.traefik.localhost" --latency http://127.0.0.1:80
+Running 1m test @ http://127.0.0.1:80
+  12 threads and 400 connections
+  Thread Stats   Avg      Stdev     Max   +/- Stdev
+    Latency   132.93ms  121.89ms   1.20s    66.62%
+    Req/Sec   280.95    104.88   740.00     68.26%
+  Latency Distribution
+     50%  128.71ms
+     75%  214.15ms
+     90%  281.45ms
+     99%  498.44ms
+  200734 requests in 1.00m, 80.02MB read
+Requests/sec:   3340.13
+Transfer/sec:      1.33MB
 ```

glide.lock

@@ -0,0 +1,256 @@
+hash: 2a18c9cab231b5e108c666641c2436da3d9a1a0d9d1c586948af94271a47b317
+updated: 2016-03-15T23:01:22.853471291+01:00
+imports:
+- name: github.com/alecthomas/template
+  version: b867cc6ab45cece8143cfcc6fc9c77cf3f2c23c0
+- name: github.com/alecthomas/units
+  version: 6b4e7dc5e3143b85ea77909c72caf89416fc2915
+- name: github.com/boltdb/bolt
+  version: 51f99c862475898df9773747d3accd05a7ca33c1
+- name: github.com/BurntSushi/toml
+  version: bd2bdf7f18f849530ef7a1c29a4290217cab32a1
+- name: github.com/BurntSushi/ty
+  version: 6add9cd6ad42d389d6ead1dde60b4ad71e46fd74
+  subpackages:
+  - fun
+- name: github.com/cenkalti/backoff
+  version: 4dc77674aceaabba2c7e3da25d4c823edfb73f99
+- name: github.com/codahale/hdrhistogram
+  version: 954f16e8b9ef0e5d5189456aa4c1202758e04f17
+- name: github.com/codegangsta/cli
+  version: bf4a526f48af7badd25d2cb02d587e1b01be3b50
+- name: github.com/codegangsta/negroni
+  version: c7477ad8e330bef55bf1ebe300cf8aa67c492d1b
+- name: github.com/containous/oxy
+  version: 0b5b371bce661385d35439204298fa6fb5db5463
+  subpackages:
+  - cbreaker
+  - forward
+  - memmetrics
+  - roundrobin
+  - utils
+- name: github.com/coreos/go-etcd
+  version: cc90c7b091275e606ad0ca7102a23fb2072f3f5e
+  subpackages:
+  - etcd
+- name: github.com/davecgh/go-spew
+  version: 5215b55f46b2b919f50a1df0eaa5886afe4e3b3d
+  subpackages:
+  - spew
+- name: github.com/docker/distribution
+  version: 9038e48c3b982f8e82281ea486f078a73731ac4e
+- name: github.com/docker/docker
+  version: f39987afe8d611407887b3094c03d6ba6a766a67
+  subpackages:
+  - autogen
+  - api
+  - cliconfig
+  - daemon/network
+  - graph/tags
+  - image
+  - opts
+  - pkg/archive
+  - pkg/fileutils
+  - pkg/homedir
+  - pkg/httputils
+  - pkg/ioutils
+  - pkg/jsonmessage
+  - pkg/mflag
+  - pkg/nat
+  - pkg/parsers
+  - pkg/pools
+  - pkg/promise
+  - pkg/random
+  - pkg/stdcopy
+  - pkg/stringid
+  - pkg/symlink
+  - pkg/system
+  - pkg/tarsum
+  - pkg/term
+  - pkg/timeutils
+  - pkg/tlsconfig
+  - pkg/ulimit
+  - pkg/units
+  - pkg/urlutil
+  - pkg/useragent
+  - pkg/version
+  - registry
+  - runconfig
+  - utils
+  - volume
+- name: github.com/docker/libcompose
+  version: d3089811c119a211469a9cc93caea684d937e5d3
+  subpackages:
+  - docker
+  - logger
+  - lookup
+  - project
+  - utils
+- name: github.com/docker/libkv
+  version: 3732f7ff1b56057c3158f10bceb1e79133025373
+  subpackages:
+  - store
+  - store/boltdb
+  - store/consul
+  - store/etcd
+  - store/zookeeper
+- name: github.com/docker/libtrust
+  version: 9cbd2a1374f46905c68a4eb3694a130610adc62a
+- name: github.com/donovanhide/eventsource
+  version: d8a3071799b98cacd30b6da92f536050ccfe6da4
+- name: github.com/elazarl/go-bindata-assetfs
+  version: d5cac425555ca5cf00694df246e04f05e6a55150
+- name: github.com/flynn/go-shlex
+  version: 3f9db97f856818214da2e1057f8ad84803971cff
+- name: github.com/fsouza/go-dockerclient
+  version: a49c8269a6899cae30da1f8a4b82e0ce945f9967
+  subpackages:
+  - external/github.com/docker/docker/opts
+  - external/github.com/docker/docker/pkg/archive
+  - external/github.com/docker/docker/pkg/fileutils
+  - external/github.com/docker/docker/pkg/homedir
+  - external/github.com/docker/docker/pkg/stdcopy
+  - external/github.com/hashicorp/go-cleanhttp
+  - external/github.com/Sirupsen/logrus
+  - external/github.com/docker/docker/pkg/idtools
+  - external/github.com/docker/docker/pkg/ioutils
+  - external/github.com/docker/docker/pkg/pools
+  - external/github.com/docker/docker/pkg/promise
+  - external/github.com/docker/docker/pkg/system
+  - external/github.com/docker/docker/pkg/longpath
+  - external/github.com/opencontainers/runc/libcontainer/user
+  - external/golang.org/x/sys/unix
+  - external/golang.org/x/net/context
+  - external/github.com/docker/go-units
+- name: github.com/gambol99/go-marathon
+  version: ade11d1dc2884ee1f387078fc28509559b6235d1
+- name: github.com/golang/glog
+  version: fca8c8854093a154ff1eb580aae10276ad6b1b5f
+- name: github.com/google/go-querystring
+  version: 6bb77fe6f42b85397288d4f6f67ac72f8f400ee7
+  subpackages:
+  - query
+- name: github.com/gorilla/context
+  version: 215affda49addc4c8ef7e2534915df2c8c35c6cd
+- name: github.com/gorilla/handlers
+  version: 40694b40f4a928c062f56849989d3e9cd0570e5f
+- name: github.com/gorilla/mux
+  version: f15e0c49460fd49eebe2bcc8486b05d1bef68d3a
+- name: github.com/gorilla/websocket
+  version: e2e3d8414d0fbae04004f151979f4e27c6747fe7
+- name: github.com/hashicorp/consul
+  version: de080672fee9e6104572eeea89eccdca135bb918
+  subpackages:
+  - api
+- name: github.com/hashicorp/hcl
+  version: 567a5d1c4878a4ac8c198c730fd15f978b0529c7
+  subpackages:
+  - hcl/ast
+  - hcl/parser
+  - hcl/token
+  - json/parser
+  - hcl/scanner
+  - hcl/strconv
+  - json/scanner
+  - json/token
+- name: github.com/inconshreveable/mousetrap
+  version: 76626ae9c91c4f2a10f34cad8ce83ea42c93bb75
+- name: github.com/kr/pretty
+  version: e6ac2fc51e89a3249e82157fa0bb7a18ef9dd5bb
+- name: github.com/kr/text
+  version: bb797dc4fb8320488f47bf11de07a733d7233e1f
+- name: github.com/magiconair/properties
+  version: 497d0afefddf378f9ffb3c89db6a326985908519
+- name: github.com/mailgun/log
+  version: 44874009257d4d47ba9806f1b7f72a32a015e4d8
+- name: github.com/mailgun/manners
+  version: fada45142db3f93097ca917da107aa3fad0ffcb5
+- name: github.com/mailgun/oxy
+  version: 8aaf36279137ac04ace3792a4f86098631b27d5a
+  subpackages:
+  - cbreaker
+- name: github.com/mailgun/predicate
+  version: cb0bff91a7ab7cf7571e661ff883fc997bc554a3
+- name: github.com/mailgun/timetools
+  version: fd192d755b00c968d312d23f521eb0cdc6f66bd0
+- name: github.com/mitchellh/mapstructure
+  version: d2dd0262208475919e1a362f675cfc0e7c10e905
+- name: github.com/opencontainers/runc
+  version: 4ab132458fc3e9dbeea624153e0331952dc4c8d5
+  subpackages:
+  - libcontainer/user
+- name: github.com/pmezard/go-difflib
+  version: d8ed2627bdf02c080bf22230dbb337003b7aba2d
+  subpackages:
+  - difflib
+- name: github.com/samalba/dockerclient
+  version: cfb489c624b635251a93e74e1e90eb0959c5367f
+- name: github.com/samuel/go-zookeeper
+  version: fa6674abf3f4580b946a01bf7a1ce4ba8766205b
+  subpackages:
+  - zk
+- name: github.com/Sirupsen/logrus
+  version: 418b41d23a1bf978c06faea5313ba194650ac088
+- name: github.com/spf13/cast
+  version: ee7b3e0353166ab1f3a605294ac8cd2b77953778
+- name: github.com/spf13/cobra
+  version: 1bacefc9a216c93293e670067bd159a64b4d72c3
+  subpackages:
+  - cobra
+- name: github.com/spf13/jwalterweatherman
+  version: 33c24e77fb80341fe7130ee7c594256ff08ccc46
+- name: github.com/spf13/pflag
+  version: 7f60f83a2c81bc3c3c0d5297f61ddfa68da9d3b7
+- name: github.com/spf13/viper
+  version: a212099cbe6fbe8d07476bfda8d2d39b6ff8f325
+- name: github.com/stretchr/objx
+  version: cbeaeb16a013161a98496fad62933b1d21786672
+- name: github.com/stretchr/testify
+  version: 6fe211e493929a8aac0469b93f28b1d0688a9a3a
+  subpackages:
+  - mock
+  - assert
+- name: github.com/thoas/stats
+  version: 54ed61c2b47e263ae2f01b86837b0c4bd1da28e8
+- name: github.com/unrolled/render
+  version: 26b4e3aac686940fe29521545afad9966ddfc80c
+- name: github.com/vdemeester/shakers
+  version: 8fe734f75f3a70b651cbfbf8a55a009da09e8dc5
+- name: github.com/vulcand/oxy
+  version: 8aaf36279137ac04ace3792a4f86098631b27d5a
+  subpackages:
+  - memmetrics
+  - utils
+- name: github.com/vulcand/predicate
+  version: cb0bff91a7ab7cf7571e661ff883fc997bc554a3
+- name: github.com/vulcand/route
+  version: cb89d787ddbb1c5849a7ac9f79004c1fd12a4a32
+- name: github.com/vulcand/vulcand
+  version: 475540bb016702d5b7cc4674e37f48ee3e144a69
+  subpackages:
+  - plugin/rewrite
+  - plugin
+  - router
+- name: github.com/wendal/errors
+  version: f66c77a7882b399795a8987ebf87ef64a427417e
+- name: golang.org/x/net
+  version: d9558e5c97f85372afee28cf2b6059d7d3818919
+  subpackages:
+  - context
+- name: golang.org/x/sys
+  version: eb2c74142fd19a79b3f237334c7384d5167b1b46
+  subpackages:
+  - unix
+- name: gopkg.in/alecthomas/kingpin.v2
+  version: 639879d6110b1b0409410c7b737ef0bb18325038
+- name: gopkg.in/check.v1
+  version: 11d3bc7aa68e238947792f30573146a3231fc0f1
+- name: gopkg.in/fsnotify.v1
+  version: 96c060f6a6b7e0d6f75fddd10efeaca3e5d1bcb0
+- name: gopkg.in/mgo.v2
+  version: 22287bab4379e1fbf6002fb4eb769888f3fb224c
+  subpackages:
+  - bson
+- name: gopkg.in/yaml.v2
+  version: 7ad95dd0798a40da1ccdff6dff35fd177b5edf40
+devImports: []

glide.yaml

@@ -8,8 +8,8 @@ import:
     ref:     9038e48c3b982f8e82281ea486f078a73731ac4e
   - package: github.com/mailgun/log
     ref:     44874009257d4d47ba9806f1b7f72a32a015e4d8
-  - package: github.com/mailgun/oxy
-    ref:     547c334d658398c05b346c0b79d8f47ba2e1473b
+  - package: github.com/containous/oxy
+    ref:     0b5b371bce661385d35439204298fa6fb5db5463
     subpackages:
       - cbreaker
       - forward
@@ -57,7 +57,7 @@ import:
   - package: github.com/flynn/go-shlex
     ref:     3f9db97f856818214da2e1057f8ad84803971cff
   - package: github.com/fsouza/go-dockerclient
-    ref:     0239034d42f665efa17fd77c39f891c2f9f32922
+    ref:     a49c8269a6899cae30da1f8a4b82e0ce945f9967
   - package: github.com/boltdb/bolt
     ref:     51f99c862475898df9773747d3accd05a7ca33c1
   - package: gopkg.in/mgo.v2

integration/etcd_test.go

@@ -0,0 +1,27 @@
+package main
+
+import (
+	"net/http"
+	"os/exec"
+	"time"
+
+	"fmt"
+	checker "github.com/vdemeester/shakers"
+	check "gopkg.in/check.v1"
+)
+
+func (s *EtcdSuite) TestSimpleConfiguration(c *check.C) {
+	cmd := exec.Command(traefikBinary, "--configFile=fixtures/etcd/simple.toml")
+	err := cmd.Start()
+	c.Assert(err, checker.IsNil)
+	defer cmd.Process.Kill()
+
+	time.Sleep(1000 * time.Millisecond)
+	// TODO validate : run on 80
+	resp, err := http.Get("http://127.0.0.1:8000/")
+
+	// Expected no response as we did not configure anything
+	c.Assert(resp, checker.IsNil)
+	c.Assert(err, checker.NotNil)
+	c.Assert(err.Error(), checker.Contains, fmt.Sprintf("getsockopt: connection refused"))
+}

integration/fixtures/etcd/simple.toml

@@ -0,0 +1,10 @@
+defaultEntryPoints = ["http"]
+
+[entryPoints]
+  [entryPoints.http]
+  address = ":8000"
+
+logLevel = "DEBUG"
+
+[etcd]
+  endpoint = "127.0.0.1:4003,127.0.0.1:4002,127.0.0.1:4001"

integration/integration_test.go

@@ -29,6 +29,7 @@ func init() {
 	check.Suite(&DockerSuite{})
 	check.Suite(&ConsulSuite{})
 	check.Suite(&ConsulCatalogSuite{})
+	check.Suite(&EtcdSuite{})
 	check.Suite(&MarathonSuite{})
 }
 
@@ -50,6 +51,13 @@ func (s *ConsulSuite) SetUpSuite(c *check.C) {
 	s.createComposeProject(c, "consul")
 }
 
+// Etcd test suites (using libcompose)
+type EtcdSuite struct{ BaseSuite }
+
+func (s *EtcdSuite) SetUpSuite(c *check.C) {
+	s.createComposeProject(c, "etcd")
+}
+
 // Marathon test suites (using libcompose)
 type MarathonSuite struct{ BaseSuite }
 

integration/resources/compose/etcd.yml

@@ -0,0 +1,30 @@
+etcd1:
+  image: quay.io/coreos/etcd:v2.2.0
+  net: "host"
+  command: >
+    --name etcd1
+    --listen-peer-urls http://localhost:7001
+    --listen-client-urls http://localhost:4001
+    --initial-advertise-peer-urls http://localhost:7001
+    --advertise-client-urls http://localhost:4001
+    --initial-cluster etcd1=http://localhost:7001,etcd2=http://localhost:7002,etcd3=http://localhost:7003
+etcd2:
+  image: quay.io/coreos/etcd:v2.2.0
+  net: "host"
+  command: >
+    --name etcd2
+    --listen-peer-urls http://localhost:7002
+    --listen-client-urls http://localhost:4002
+    --initial-advertise-peer-urls http://localhost:7002
+    --advertise-client-urls http://localhost:4002
+    --initial-cluster etcd1=http://localhost:7001,etcd2=http://localhost:7002,etcd3=http://localhost:7003
+etcd3:
+  image: quay.io/coreos/etcd:v2.2.0
+  net: "host"
+  command: >
+    --name etcd3
+    --listen-peer-urls http://localhost:7003
+    --listen-client-urls http://localhost:4003
+    --initial-advertise-peer-urls http://localhost:7003
+    --advertise-client-urls http://localhost:4003
+    --initial-cluster etcd1=http://localhost:7001,etcd2=http://localhost:7002,etcd3=http://localhost:7003

middlewares/StripPrefix.go

@@ -0,0 +1,22 @@
+package middlewares
+
+import (
+	"net/http"
+	"strings"
+)
+
+// StripPrefix is a middleware used to strip prefix from an URL request
+type StripPrefix struct {
+	Handler http.Handler
+	Prefix  string
+}
+
+func (s *StripPrefix) ServeHTTP(w http.ResponseWriter, r *http.Request) {
+	if p := strings.TrimPrefix(r.URL.Path, s.Prefix); len(p) < len(r.URL.Path) {
+		r.URL.Path = p
+		r.RequestURI = r.URL.RequestURI()
+		s.Handler.ServeHTTP(w, r)
+	} else {
+		http.NotFound(w, r)
+	}
+}

middlewares/cbreaker.go

@@ -3,7 +3,7 @@ package middlewares
 import (
 	"net/http"
 
-	"github.com/mailgun/oxy/cbreaker"
+	"github.com/containous/oxy/cbreaker"
 )
 
 // CircuitBreaker holds the oxy circuit breaker.

middlewares/handlerSwitcher.go

@@ -0,0 +1,40 @@
+package middlewares
+
+import (
+	"github.com/gorilla/mux"
+	"net/http"
+	"sync"
+)
+
+// HandlerSwitcher allows hot switching of http.ServeMux
+type HandlerSwitcher struct {
+	handler     *mux.Router
+	handlerLock *sync.Mutex
+}
+
+// NewHandlerSwitcher builds a new instance of HandlerSwitcher
+func NewHandlerSwitcher(newHandler *mux.Router) (hs *HandlerSwitcher) {
+	return &HandlerSwitcher{
+		handler:     newHandler,
+		handlerLock: &sync.Mutex{},
+	}
+}
+
+func (hs *HandlerSwitcher) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
+	hs.handlerLock.Lock()
+	handlerBackup := hs.handler
+	hs.handlerLock.Unlock()
+	handlerBackup.ServeHTTP(rw, r)
+}
+
+// GetHandler returns the current http.ServeMux
+func (hs *HandlerSwitcher) GetHandler() (newHandler *mux.Router) {
+	return hs.handler
+}
+
+// UpdateHandler safely updates the current http.ServeMux with a new one
+func (hs *HandlerSwitcher) UpdateHandler(newHandler *mux.Router) {
+	hs.handlerLock.Lock()
+	hs.handler = newHandler
+	defer hs.handlerLock.Unlock()
+}

middlewares/websocket.go

@@ -1,52 +0,0 @@
-package middlewares
-
-import (
-	"net/http"
-	"strings"
-	"time"
-
-	log "github.com/Sirupsen/logrus"
-	"github.com/mailgun/oxy/roundrobin"
-)
-
-// WebsocketUpgrader holds Websocket configuration.
-type WebsocketUpgrader struct {
-	rr *roundrobin.RoundRobin
-}
-
-// NewWebsocketUpgrader returns a new WebsocketUpgrader.
-func NewWebsocketUpgrader(rr *roundrobin.RoundRobin) *WebsocketUpgrader {
-	wu := WebsocketUpgrader{
-		rr: rr,
-	}
-	return &wu
-}
-
-func (u *WebsocketUpgrader) ServeHTTP(w http.ResponseWriter, req *http.Request) {
-	// If request is websocket, serve with golang websocket server to do protocol handshake
-	if strings.Join(req.Header["Upgrade"], "") == "websocket" {
-		start := time.Now().UTC()
-		url, err := u.rr.NextServer()
-		if err != nil {
-			log.Errorf("Can't round robin in websocket middleware")
-			return
-		}
-		log.Debugf("Websocket forward to %s", url.String())
-		NewProxy(url).ServeHTTP(w, req)
-
-		if req.TLS != nil {
-			log.Debugf("Round trip: %v, duration: %v tls:version: %x, tls:resume:%t, tls:csuite:%x, tls:server:%v",
-				req.URL, time.Now().UTC().Sub(start),
-				req.TLS.Version,
-				req.TLS.DidResume,
-				req.TLS.CipherSuite,
-				req.TLS.ServerName)
-		} else {
-			log.Debugf("Round trip: %v, duration: %v",
-				req.URL, time.Now().UTC().Sub(start))
-		}
-
-		return
-	}
-	u.rr.ServeHTTP(w, req)
-}

middlewares/websocketproxy.go

@@ -1,179 +0,0 @@
-package middlewares
-
-import (
-	"io"
-	"net"
-	"net/http"
-	"net/url"
-	"strings"
-
-	log "github.com/Sirupsen/logrus"
-	"github.com/gorilla/websocket"
-)
-
-// Original developpement made by https://github.com/koding/websocketproxy
-var (
-	// DefaultUpgrader specifies the parameters for upgrading an HTTP
-	// connection to a WebSocket connection.
-	DefaultUpgrader = &websocket.Upgrader{
-		ReadBufferSize:  1024,
-		WriteBufferSize: 1024,
-	}
-
-	// DefaultDialer is a dialer with all fields set to the default zero values.
-	DefaultDialer = websocket.DefaultDialer
-)
-
-// WebsocketProxy is an HTTP Handler that takes an incoming WebSocket
-// connection and proxies it to another server.
-type WebsocketProxy struct {
-	// Backend returns the backend URL which the proxy uses to reverse proxy
-	// the incoming WebSocket connection. Request is the initial incoming and
-	// unmodified request.
-	Backend func(*http.Request) *url.URL
-
-	// Upgrader specifies the parameters for upgrading a incoming HTTP
-	// connection to a WebSocket connection. If nil, DefaultUpgrader is used.
-	Upgrader *websocket.Upgrader
-
-	//  Dialer contains options for connecting to the backend WebSocket server.
-	//  If nil, DefaultDialer is used.
-	Dialer *websocket.Dialer
-}
-
-// ProxyHandler returns a new http.Handler interface that reverse proxies the
-// request to the given target.
-func ProxyHandler(target *url.URL) http.Handler {
-	return http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) {
-		NewProxy(target).ServeHTTP(rw, req)
-	})
-}
-
-// NewProxy returns a new Websocket reverse proxy that rewrites the
-// URL's to the scheme, host and base path provider in target.
-func NewProxy(target *url.URL) *WebsocketProxy {
-	backend := func(r *http.Request) *url.URL {
-		// Shallow copy
-		u := *target
-		u.Fragment = r.URL.Fragment
-		u.Path = r.URL.Path
-		u.RawQuery = r.URL.RawQuery
-		rurl := u.String()
-		if strings.HasPrefix(rurl, "http") {
-			u.Scheme = "ws"
-		}
-		if strings.HasPrefix(rurl, "https") {
-			u.Scheme = "wss"
-		}
-		return &u
-	}
-	return &WebsocketProxy{Backend: backend}
-}
-
-// ServeHTTP implements the http.Handler that proxies WebSocket connections.
-func (w *WebsocketProxy) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
-	if w.Backend == nil {
-		log.Errorf("Websocketproxy: backend function is not defined")
-		http.Error(rw, "Backend not found", http.StatusInternalServerError)
-		http.NotFound(rw, req)
-		return
-	}
-
-	backendURL := w.Backend(req)
-	if backendURL == nil {
-		log.Errorf("Websocketproxy: backend URL is nil")
-		http.Error(rw, "Backend URL is nil", http.StatusInternalServerError)
-		return
-	}
-
-	dialer := w.Dialer
-	if w.Dialer == nil {
-		dialer = DefaultDialer
-	}
-
-	// Pass headers from the incoming request to the dialer to forward them to
-	// the final destinations.
-	requestHeader := http.Header{}
-	requestHeader.Add("Origin", req.Header.Get("Origin"))
-	for _, prot := range req.Header[http.CanonicalHeaderKey("Sec-WebSocket-Protocol")] {
-		requestHeader.Add("Sec-WebSocket-Protocol", prot)
-	}
-	for _, cookie := range req.Header[http.CanonicalHeaderKey("Cookie")] {
-		requestHeader.Add("Cookie", cookie)
-	}
-	for _, auth := range req.Header[http.CanonicalHeaderKey("Authorization")] {
-		requestHeader.Add("Authorization", auth)
-	}
-
-	// Pass X-Forwarded-For headers too, code below is a part of
-	// httputil.ReverseProxy. See http://en.wikipedia.org/wiki/X-Forwarded-For
-	// for more information
-	// TODO: use RFC7239 http://tools.ietf.org/html/rfc7239
-	if clientIP, _, err := net.SplitHostPort(req.RemoteAddr); err == nil {
-		// If we aren't the first proxy retain prior
-		// X-Forwarded-For information as a comma+space
-		// separated list and fold multiple headers into one.
-		if prior, ok := req.Header["X-Forwarded-For"]; ok {
-			clientIP = strings.Join(prior, ", ") + ", " + clientIP
-		}
-		requestHeader.Set("X-Forwarded-For", clientIP)
-	}
-
-	// Set the originating protocol of the incoming HTTP request. The SSL might
-	// be terminated on our site and because we doing proxy adding this would
-	// be helpful for applications on the backend.
-	requestHeader.Set("X-Forwarded-Proto", "http")
-	if req.TLS != nil {
-		requestHeader.Set("X-Forwarded-Proto", "https")
-	}
-
-	//frontend Origin != backend Origin
-	requestHeader.Del("Origin")
-
-	// Connect to the backend URL, also pass the headers we get from the requst
-	// together with the Forwarded headers we prepared above.
-	// TODO: support multiplexing on the same backend connection instead of
-	// opening a new TCP connection time for each request. This should be
-	// optional:
-	// http://tools.ietf.org/html/draft-ietf-hybi-websocket-multiplexing-01
-	connBackend, resp, err := dialer.Dial(backendURL.String(), requestHeader)
-	if err != nil {
-		log.Errorf("Websocketproxy: couldn't dial to remote backend url %s, %s, %+v", backendURL.String(), err, resp)
-		http.Error(rw, "Remote backend unreachable", http.StatusBadGateway)
-		return
-	}
-	defer connBackend.Close()
-
-	upgrader := w.Upgrader
-	if w.Upgrader == nil {
-		upgrader = DefaultUpgrader
-	}
-
-	// Only pass those headers to the upgrader.
-	upgradeHeader := http.Header{}
-	upgradeHeader.Set("Sec-WebSocket-Protocol",
-		resp.Header.Get(http.CanonicalHeaderKey("Sec-WebSocket-Protocol")))
-	upgradeHeader.Set("Set-Cookie",
-		resp.Header.Get(http.CanonicalHeaderKey("Set-Cookie")))
-
-	// Now upgrade the existing incoming request to a WebSocket connection.
-	// Also pass the header that we gathered from the Dial handshake.
-	connPub, err := upgrader.Upgrade(rw, req, upgradeHeader)
-	if err != nil {
-		log.Errorf("Websocketproxy: couldn't upgrade %s", err)
-		http.NotFound(rw, req)
-		return
-	}
-	defer connPub.Close()
-
-	errc := make(chan error, 2)
-	cp := func(dst io.Writer, src io.Reader) {
-		_, err := io.Copy(dst, src)
-		errc <- err
-	}
-
-	// Start our proxy now, everything is ready...
-	go cp(connBackend.UnderlyingConn(), connPub.UnderlyingConn())
-	go cp(connPub.UnderlyingConn(), connBackend.UnderlyingConn())
-	<-errc
-}

provider/docker_test.go

@@ -676,7 +676,11 @@ func TestDockerLoadDockerConfig(t *testing.T) {
 						Ports: map[docker.Port][]docker.PortBinding{
 							"80/tcp": {},
 						},
-						IPAddress: "127.0.0.1",
+						Networks: map[string]docker.ContainerNetwork{
+							"bridgde": {
+								IPAddress: "127.0.0.1",
+							},
+						},
 					},
 				},
 			},
@@ -718,7 +722,11 @@ func TestDockerLoadDockerConfig(t *testing.T) {
 						Ports: map[docker.Port][]docker.PortBinding{
 							"80/tcp": {},
 						},
-						IPAddress: "127.0.0.1",
+						Networks: map[string]docker.ContainerNetwork{
+							"bridgde": {
+								IPAddress: "127.0.0.1",
+							},
+						},
 					},
 				},
 				{
@@ -732,7 +740,11 @@ func TestDockerLoadDockerConfig(t *testing.T) {
 						Ports: map[docker.Port][]docker.PortBinding{
 							"80/tcp": {},
 						},
-						IPAddress: "127.0.0.1",
+						Networks: map[string]docker.ContainerNetwork{
+							"bridgde": {
+								IPAddress: "127.0.0.1",
+							},
+						},
 					},
 				},
 			},

provider/kv.go

@@ -2,6 +2,10 @@
 package provider
 
 import (
+	"crypto/tls"
+	"crypto/x509"
+	"fmt"
+	"io/ioutil"
 	"strings"
 	"text/template"
 	"time"
@@ -18,18 +22,76 @@ type Kv struct {
 	BaseProvider `mapstructure:",squash"`
 	Endpoint     string
 	Prefix       string
+	TLS          *KvTLS
 	storeType    store.Backend
 	kvclient     store.Store
 }
 
+// KvTLS holds TLS specific configurations
+type KvTLS struct {
+	CA                 string
+	Cert               string
+	Key                string
+	InsecureSkipVerify bool
+}
+
+func (provider *Kv) watchKv(configurationChan chan<- types.ConfigMessage, prefix string) {
+	for {
+		chanKeys, err := provider.kvclient.WatchTree(provider.Prefix, make(chan struct{}) /* stop chan */)
+		if err != nil {
+			log.Errorf("Failed to WatchTree %s", err)
+			continue
+		}
+
+		for range chanKeys {
+			configuration := provider.loadConfig()
+			if configuration != nil {
+				configurationChan <- types.ConfigMessage{
+					ProviderName:  string(provider.storeType),
+					Configuration: configuration,
+				}
+			}
+		}
+		log.Warnf("Intermittent failure to WatchTree KV. Retrying.")
+	}
+}
+
 func (provider *Kv) provide(configurationChan chan<- types.ConfigMessage) error {
+	storeConfig := &store.Config{
+		ConnectionTimeout: 30 * time.Second,
+		Bucket:            "traefik",
+	}
+
+	if provider.TLS != nil {
+		caPool := x509.NewCertPool()
+
+		if provider.TLS.CA != "" {
+			ca, err := ioutil.ReadFile(provider.TLS.CA)
+
+			if err != nil {
+				return fmt.Errorf("Failed to read CA. %s", err)
+			}
+
+			caPool.AppendCertsFromPEM(ca)
+		}
+
+		cert, err := tls.LoadX509KeyPair(provider.TLS.Cert, provider.TLS.Key)
+
+		if err != nil {
+			return fmt.Errorf("Failed to load keypair. %s", err)
+		}
+
+		storeConfig.TLS = &tls.Config{
+			Certificates:       []tls.Certificate{cert},
+			RootCAs:            caPool,
+			InsecureSkipVerify: provider.TLS.InsecureSkipVerify,
+		}
+	}
+
 	kv, err := libkv.NewStore(
 		provider.storeType,
-		[]string{provider.Endpoint},
-		&store.Config{
-			ConnectionTimeout: 30 * time.Second,
-			Bucket:            "traefik",
-		},
+		strings.Split(provider.Endpoint, ","),
+		storeConfig,
 	)
 	if err != nil {
 		return err
@@ -39,24 +101,7 @@ func (provider *Kv) provide(configurationChan chan<- types.ConfigMessage) error
 	}
 	provider.kvclient = kv
 	if provider.Watch {
-		stopCh := make(chan struct{})
-		chanKeys, err := kv.WatchTree(provider.Prefix, stopCh)
-		if err != nil {
-			return err
-		}
-		go func() {
-			for {
-				<-chanKeys
-				configuration := provider.loadConfig()
-				if configuration != nil {
-					configurationChan <- types.ConfigMessage{
-						ProviderName:  string(provider.storeType),
-						Configuration: configuration,
-					}
-				}
-				defer close(stopCh)
-			}
-		}()
+		go provider.watchKv(configurationChan, provider.Prefix)
 	}
 	configuration := provider.loadConfig()
 	configurationChan <- types.ConfigMessage{

provider/kv_test.go

@@ -2,8 +2,10 @@ package provider
 
 import (
 	"errors"
+	"github.com/containous/traefik/types"
 	"strings"
 	"testing"
+	"time"
 
 	"github.com/docker/libkv/store"
 	"reflect"
@@ -231,10 +233,60 @@ func TestKvLast(t *testing.T) {
 	}
 }
 
+type KvMock struct {
+	Kv
+}
+
+func (provider *KvMock) loadConfig() *types.Configuration {
+	return nil
+}
+
+func TestKvWatchTree(t *testing.T) {
+	returnedChans := make(chan chan []*store.KVPair)
+	provider := &KvMock{
+		Kv{
+			kvclient: &Mock{
+				WatchTreeMethod: func() <-chan []*store.KVPair {
+					c := make(chan []*store.KVPair, 10)
+					returnedChans <- c
+					return c
+				},
+			},
+		},
+	}
+
+	configChan := make(chan types.ConfigMessage)
+	go provider.watchKv(configChan, "prefix")
+
+	select {
+	case c1 := <-returnedChans:
+		c1 <- []*store.KVPair{}
+		<-configChan
+		close(c1) // WatchTree chans can close due to error
+	case <-time.After(1 * time.Second):
+		t.Fatalf("Failed to create a new WatchTree chan")
+	}
+
+	select {
+	case c2 := <-returnedChans:
+		c2 <- []*store.KVPair{}
+		<-configChan
+	case <-time.After(1 * time.Second):
+		t.Fatalf("Failed to create a new WatchTree chan")
+	}
+
+	select {
+	case _ = <-configChan:
+		t.Fatalf("configChan should be empty")
+	default:
+	}
+}
+
 // Extremely limited mock store so we can test initialization
 type Mock struct {
-	Error   bool
-	KVPairs []*store.KVPair
+	Error           bool
+	KVPairs         []*store.KVPair
+	WatchTreeMethod func() <-chan []*store.KVPair
 }
 
 func (s *Mock) Put(key string, value []byte, opts *store.WriteOptions) error {
@@ -269,7 +321,7 @@ func (s *Mock) Watch(key string, stopCh <-chan struct{}) (<-chan *store.KVPair,
 
 // WatchTree mock
 func (s *Mock) WatchTree(prefix string, stopCh <-chan struct{}) (<-chan []*store.KVPair, error) {
-	return nil, errors.New("WatchTree not supported")
+	return s.WatchTreeMethod(), nil
 }
 
 // NewLock mock

provider/marathon.go

@@ -20,7 +20,7 @@ type Marathon struct {
 	BaseProvider     `mapstructure:",squash"`
 	Endpoint         string
 	Domain           string
-	NetworkInterface string
+	ExposedByDefault bool
 	Basic            *MarathonBasic
 	TLS              *tls.Config
 	marathonClient   marathon.Marathon
@@ -42,7 +42,7 @@ type lightMarathonClient interface {
 func (provider *Marathon) Provide(configurationChan chan<- types.ConfigMessage) error {
 	config := marathon.NewDefaultConfig()
 	config.URL = provider.Endpoint
-	config.EventsInterface = provider.NetworkInterface
+	config.EventsTransport = marathon.EventsTransportSSE
 	if provider.Basic != nil {
 		config.HTTPBasicAuthUser = provider.Basic.HTTPBasicAuthUser
 		config.HTTPBasicPassword = provider.Basic.HTTPBasicPassword
@@ -61,7 +61,7 @@ func (provider *Marathon) Provide(configurationChan chan<- types.ConfigMessage)
 	update := make(marathon.EventsChannel, 5)
 	if provider.Watch {
 		if err := client.AddEventsListener(update, marathon.EVENTS_APPLICATIONS); err != nil {
-			log.Errorf("Failed to register for subscriptions, %s", err)
+			log.Errorf("Failed to register for events, %s", err)
 		} else {
 			go func() {
 				for {
@@ -116,7 +116,7 @@ func (provider *Marathon) loadMarathonConfig() *types.Configuration {
 
 	//filter tasks
 	filteredTasks := fun.Filter(func(task marathon.Task) bool {
-		return taskFilter(task, applications)
+		return taskFilter(task, applications, provider.ExposedByDefault)
 	}, tasks.Tasks).([]marathon.Task)
 
 	//filter apps
@@ -141,7 +141,7 @@ func (provider *Marathon) loadMarathonConfig() *types.Configuration {
 	return configuration
 }
 
-func taskFilter(task marathon.Task, applications *marathon.Applications) bool {
+func taskFilter(task marathon.Task, applications *marathon.Applications, exposedByDefaultFlag bool) bool {
 	if len(task.Ports) == 0 {
 		log.Debug("Filtering marathon task without port %s", task.AppID)
 		return false
@@ -151,7 +151,8 @@ func taskFilter(task marathon.Task, applications *marathon.Applications) bool {
 		log.Errorf("Unable to get marathon application from task %s", task.AppID)
 		return false
 	}
-	if application.Labels["traefik.enable"] == "false" {
+
+	if !isApplicationEnabled(application, exposedByDefaultFlag) {
 		log.Debugf("Filtering disabled marathon task %s", task.AppID)
 		return false
 	}
@@ -228,6 +229,10 @@ func getApplication(task marathon.Task, apps []marathon.Application) (marathon.A
 	return marathon.Application{}, errors.New("Application not found: " + task.AppID)
 }
 
+func isApplicationEnabled(application marathon.Application, exposedByDefault bool) bool {
+	return exposedByDefault && application.Labels["traefik.enable"] != "false" || application.Labels["traefik.enable"] == "true"
+}
+
 func (provider *Marathon) getLabel(application marathon.Application, label string) (string, error) {
 	for key, value := range application.Labels {
 		if key == label {

provider/marathon_test.go

@@ -110,8 +110,9 @@ func TestMarathonLoadConfig(t *testing.T) {
 	for _, c := range cases {
 		fakeClient := newFakeClient(c.applicationsError, c.applications, c.tasksError, c.tasks)
 		provider := &Marathon{
-			Domain:         "docker.localhost",
-			marathonClient: fakeClient,
+			Domain:           "docker.localhost",
+			ExposedByDefault: true,
+			marathonClient:   fakeClient,
 		}
 		actualConfig := provider.loadMarathonConfig()
 		if c.expectedNil {
@@ -132,22 +133,25 @@ func TestMarathonLoadConfig(t *testing.T) {
 
 func TestMarathonTaskFilter(t *testing.T) {
 	cases := []struct {
-		task         marathon.Task
-		applications *marathon.Applications
-		expected     bool
+		task             marathon.Task
+		applications     *marathon.Applications
+		expected         bool
+		exposedByDefault bool
 	}{
 		{
-			task:         marathon.Task{},
-			applications: &marathon.Applications{},
-			expected:     false,
+			task:             marathon.Task{},
+			applications:     &marathon.Applications{},
+			expected:         false,
+			exposedByDefault: true,
 		},
 		{
 			task: marathon.Task{
 				AppID: "test",
 				Ports: []int{80},
 			},
-			applications: &marathon.Applications{},
-			expected:     false,
+			applications:     &marathon.Applications{},
+			expected:         false,
+			exposedByDefault: true,
 		},
 		{
 			task: marathon.Task{
@@ -161,7 +165,8 @@ func TestMarathonTaskFilter(t *testing.T) {
 					},
 				},
 			},
-			expected: false,
+			expected:         false,
+			exposedByDefault: true,
 		},
 		{
 			task: marathon.Task{
@@ -176,7 +181,8 @@ func TestMarathonTaskFilter(t *testing.T) {
 					},
 				},
 			},
-			expected: false,
+			expected:         false,
+			exposedByDefault: true,
 		},
 		{
 			task: marathon.Task{
@@ -194,7 +200,8 @@ func TestMarathonTaskFilter(t *testing.T) {
 					},
 				},
 			},
-			expected: false,
+			expected:         false,
+			exposedByDefault: true,
 		},
 		{
 			task: marathon.Task{
@@ -212,7 +219,8 @@ func TestMarathonTaskFilter(t *testing.T) {
 					},
 				},
 			},
-			expected: true,
+			expected:         true,
+			exposedByDefault: true,
 		},
 		{
 			task: marathon.Task{
@@ -230,7 +238,8 @@ func TestMarathonTaskFilter(t *testing.T) {
 					},
 				},
 			},
-			expected: false,
+			expected:         false,
+			exposedByDefault: true,
 		},
 		{
 			task: marathon.Task{
@@ -248,7 +257,8 @@ func TestMarathonTaskFilter(t *testing.T) {
 					},
 				},
 			},
-			expected: true,
+			expected:         true,
+			exposedByDefault: true,
 		},
 		{
 			task: marathon.Task{
@@ -266,7 +276,8 @@ func TestMarathonTaskFilter(t *testing.T) {
 					},
 				},
 			},
-			expected: false,
+			expected:         false,
+			exposedByDefault: true,
 		},
 		{
 			task: marathon.Task{
@@ -285,7 +296,8 @@ func TestMarathonTaskFilter(t *testing.T) {
 					},
 				},
 			},
-			expected: false,
+			expected:         false,
+			exposedByDefault: true,
 		},
 		{
 			task: marathon.Task{
@@ -303,7 +315,8 @@ func TestMarathonTaskFilter(t *testing.T) {
 					},
 				},
 			},
-			expected: false,
+			expected:         false,
+			exposedByDefault: true,
 		},
 		{
 			task: marathon.Task{
@@ -326,7 +339,8 @@ func TestMarathonTaskFilter(t *testing.T) {
 					},
 				},
 			},
-			expected: false,
+			expected:         false,
+			exposedByDefault: true,
 		},
 		{
 			task: marathon.Task{
@@ -352,7 +366,8 @@ func TestMarathonTaskFilter(t *testing.T) {
 					},
 				},
 			},
-			expected: false,
+			expected:         false,
+			exposedByDefault: true,
 		},
 		{
 			task: marathon.Task{
@@ -367,7 +382,8 @@ func TestMarathonTaskFilter(t *testing.T) {
 					},
 				},
 			},
-			expected: true,
+			expected:         true,
+			exposedByDefault: true,
 		},
 		{
 			task: marathon.Task{
@@ -390,12 +406,67 @@ func TestMarathonTaskFilter(t *testing.T) {
 					},
 				},
 			},
-			expected: true,
+			expected:         true,
+			exposedByDefault: true,
+		},
+		{
+			task: marathon.Task{
+				AppID: "disable-default-expose",
+				Ports: []int{80},
+			},
+			applications: &marathon.Applications{
+				Apps: []marathon.Application{
+					{
+						ID:    "disable-default-expose",
+						Ports: []int{80},
+					},
+				},
+			},
+			expected:         false,
+			exposedByDefault: false,
+		},
+		{
+			task: marathon.Task{
+				AppID: "disable-default-expose-disable-in-label",
+				Ports: []int{80},
+			},
+			applications: &marathon.Applications{
+				Apps: []marathon.Application{
+					{
+						ID:    "disable-default-expose-disable-in-label",
+						Ports: []int{80},
+						Labels: map[string]string{
+							"traefik.enable": "false",
+						},
+					},
+				},
+			},
+			expected:         false,
+			exposedByDefault: false,
+		},
+		{
+			task: marathon.Task{
+				AppID: "disable-default-expose-enable-in-label",
+				Ports: []int{80},
+			},
+			applications: &marathon.Applications{
+				Apps: []marathon.Application{
+					{
+						ID:    "disable-default-expose-enable-in-label",
+						Ports: []int{80},
+						Labels: map[string]string{
+							"traefik.enable": "true",
+						},
+					},
+				},
+			},
+			expected:         true,
+			exposedByDefault: false,
 		},
 	}
 
 	for _, c := range cases {
-		actual := taskFilter(c.task, c.applications)
+		actual := taskFilter(c.task, c.applications, c.exposedByDefault)
 		if actual != c.expected {
 			t.Fatalf("expected %v, got %v", c.expected, actual)
 		}

script/deploy.sh

@@ -31,9 +31,10 @@ git push --follow-tags -u origin master
 
 # create docker image emilevauge/traefik (compatibility)
 docker login -e $DOCKER_EMAIL -u $DOCKER_USER -p $DOCKER_PASS
-docker push ${REPO,,}:latest
-docker tag ${REPO,,}:latest ${REPO,,}:${VERSION}
-docker push ${REPO,,}:${VERSION}
+docker tag containous/traefik emilevauge/traefik:latest
+docker push emilevauge/traefik:latest
+docker tag emilevauge/traefik:latest emilevauge/traefik:${VERSION}
+docker push emilevauge/traefik:${VERSION}
 
 cd ..
 rm -Rf traefik-library-image/

server.go

@@ -7,17 +7,6 @@ import (
 	"crypto/tls"
 	"encoding/json"
 	"errors"
-
-	log "github.com/Sirupsen/logrus"
-	"github.com/codegangsta/negroni"
-	"github.com/containous/traefik/middlewares"
-	"github.com/containous/traefik/provider"
-	"github.com/containous/traefik/types"
-	"github.com/gorilla/mux"
-	"github.com/mailgun/manners"
-	"github.com/mailgun/oxy/cbreaker"
-	"github.com/mailgun/oxy/forward"
-	"github.com/mailgun/oxy/roundrobin"
 	"net/http"
 	"net/url"
 	"os"
@@ -28,6 +17,17 @@ import (
 	"sync"
 	"syscall"
 	"time"
+
+	log "github.com/Sirupsen/logrus"
+	"github.com/codegangsta/negroni"
+	"github.com/containous/oxy/cbreaker"
+	"github.com/containous/oxy/forward"
+	"github.com/containous/oxy/roundrobin"
+	"github.com/containous/traefik/middlewares"
+	"github.com/containous/traefik/provider"
+	"github.com/containous/traefik/types"
+	"github.com/gorilla/mux"
+	"github.com/mailgun/manners"
 )
 
 var oxyLogger = &OxyLogger{}
@@ -48,7 +48,7 @@ type Server struct {
 
 type serverEntryPoint struct {
 	httpServer *manners.GracefulServer
-	httpRouter *mux.Router
+	httpRouter *middlewares.HandlerSwitcher
 }
 
 // NewServer returns an initialized Server.
@@ -82,7 +82,7 @@ func (server *Server) Start() {
 // Stop stops the server
 func (server *Server) Stop() {
 	for _, serverEntryPoint := range server.serverEntryPoints {
-		serverEntryPoint.httpServer.Close()
+		serverEntryPoint.httpServer.BlockingClose()
 	}
 	server.stopChan <- true
 }
@@ -142,22 +142,23 @@ func (server *Server) listenConfigurations() {
 				server.serverLock.Lock()
 				for newServerEntryPointName, newServerEntryPoint := range newServerEntryPoints {
 					currentServerEntryPoint := server.serverEntryPoints[newServerEntryPointName]
-					server.currentConfigurations = newConfigurations
-					currentServerEntryPoint.httpRouter = newServerEntryPoint.httpRouter
-					oldServer := currentServerEntryPoint.httpServer
-					newsrv, err := server.prepareServer(currentServerEntryPoint.httpRouter, server.globalConfiguration.EntryPoints[newServerEntryPointName], oldServer, server.loggerMiddleware, metrics)
-					if err != nil {
-						log.Fatal("Error preparing server: ", err)
-					}
-					go server.startServer(newsrv, server.globalConfiguration)
-					currentServerEntryPoint.httpServer = newsrv
-					server.serverEntryPoints[newServerEntryPointName] = currentServerEntryPoint
-					time.Sleep(1 * time.Second)
-					if oldServer != nil {
-						log.Info("Stopping old server")
-						oldServer.Close()
+					if currentServerEntryPoint.httpServer == nil {
+						newsrv, err := server.prepareServer(newServerEntryPoint.httpRouter, server.globalConfiguration.EntryPoints[newServerEntryPointName], nil, server.loggerMiddleware, metrics)
+						if err != nil {
+							log.Fatal("Error preparing server: ", err)
+						}
+						go server.startServer(newsrv, server.globalConfiguration)
+						currentServerEntryPoint.httpServer = newsrv
+						currentServerEntryPoint.httpRouter = newServerEntryPoint.httpRouter
+						server.serverEntryPoints[newServerEntryPointName] = currentServerEntryPoint
+						log.Infof("Created new Handler: %p", newServerEntryPoint.httpRouter.GetHandler())
+					} else {
+						handlerSwitcher := currentServerEntryPoint.httpRouter
+						handlerSwitcher.UpdateHandler(newServerEntryPoint.httpRouter.GetHandler())
+						log.Infof("Created new Handler: %p", newServerEntryPoint.httpRouter.GetHandler())
 					}
 				}
+				server.currentConfigurations = newConfigurations
 				server.serverLock.Unlock()
 			} else {
 				log.Error("Error loading new configuration, aborted ", err)
@@ -264,7 +265,7 @@ func (server *Server) startServer(srv *manners.GracefulServer, globalConfigurati
 	log.Info("Server stopped")
 }
 
-func (server *Server) prepareServer(router *mux.Router, entryPoint *EntryPoint, oldServer *manners.GracefulServer, middlewares ...negroni.Handler) (*manners.GracefulServer, error) {
+func (server *Server) prepareServer(router http.Handler, entryPoint *EntryPoint, oldServer *manners.GracefulServer, middlewares ...negroni.Handler) (*manners.GracefulServer, error) {
 	log.Info("Preparing server")
 	// middlewares
 	var negroni = negroni.New()
@@ -303,7 +304,7 @@ func (server *Server) buildEntryPoints(globalConfiguration GlobalConfiguration)
 	for entryPointName := range globalConfiguration.EntryPoints {
 		router := server.buildDefaultHTTPRouter()
 		serverEntryPoints[entryPointName] = serverEntryPoint{
-			httpRouter: router,
+			httpRouter: middlewares.NewHandlerSwitcher(router),
 		}
 	}
 	return serverEntryPoints
@@ -332,14 +333,14 @@ func (server *Server) loadConfig(configurations configs, globalConfiguration Glo
 				if _, ok := serverEntryPoints[entryPointName]; !ok {
 					return nil, errors.New("Undefined entrypoint: " + entryPointName)
 				}
-				newRoute := serverEntryPoints[entryPointName].httpRouter.NewRoute().Name(frontendName)
+				newRoute := serverEntryPoints[entryPointName].httpRouter.GetHandler().NewRoute().Name(frontendName)
 				for routeName, route := range frontend.Routes {
 					log.Debugf("Creating route %s %s:%s", routeName, route.Rule, route.Value)
-					newRouteReflect, err := invoke(newRoute, route.Rule, route.Value)
+					route, err := getRoute(newRoute, route.Rule, route.Value)
 					if err != nil {
 						return nil, err
 					}
-					newRoute = newRouteReflect[0].Interface().(*mux.Route)
+					newRoute = route
 				}
 				entryPoint := globalConfiguration.EntryPoints[entryPointName]
 				if entryPoint.Redirect != nil {
@@ -378,7 +379,7 @@ func (server *Server) loadConfig(configurations configs, globalConfiguration Glo
 							}
 						case types.Wrr:
 							log.Debugf("Creating load-balancer wrr")
-							lb = middlewares.NewWebsocketUpgrader(rr)
+							lb = rr
 							for serverName, server := range configuration.Backends[frontend.Backend].Servers {
 								url, err := url.Parse(server.URL)
 								if err != nil {
@@ -399,7 +400,7 @@ func (server *Server) loadConfig(configurations configs, globalConfiguration Glo
 					} else {
 						log.Debugf("Reusing backend %s", frontend.Backend)
 					}
-					newRoute.Handler(backends[frontend.Backend])
+					server.wireFrontendBackend(frontend.Routes, newRoute, backends[frontend.Backend])
 				}
 				err := newRoute.GetError()
 				if err != nil {
@@ -411,13 +412,39 @@ func (server *Server) loadConfig(configurations configs, globalConfiguration Glo
 	return serverEntryPoints, nil
 }
 
+func (server *Server) wireFrontendBackend(routes map[string]types.Route, newRoute *mux.Route, handler http.Handler) {
+	// strip prefix
+	var strip bool
+	for _, route := range routes {
+		switch route.Rule {
+		case "PathStrip":
+			newRoute.Handler(&middlewares.StripPrefix{
+				Prefix:  route.Value,
+				Handler: handler,
+			})
+			strip = true
+			break
+		case "PathPrefixStrip":
+			newRoute.Handler(&middlewares.StripPrefix{
+				Prefix:  route.Value,
+				Handler: handler,
+			})
+			strip = true
+			break
+		}
+	}
+	if !strip {
+		newRoute.Handler(handler)
+	}
+}
+
 func (server *Server) loadEntryPointConfig(entryPointName string, entryPoint *EntryPoint) (http.Handler, error) {
 	regex := entryPoint.Redirect.Regex
 	replacement := entryPoint.Redirect.Replacement
 	if len(entryPoint.Redirect.EntryPoint) > 0 {
-		regex = "^(?:https?:\\/\\/)?([\\da-z\\.-]+)(?::\\d+)(.*)$"
+		regex = "^(?:https?:\\/\\/)?([\\da-z\\.-]+)(?::\\d+)?(.*)$"
 		if server.globalConfiguration.EntryPoints[entryPoint.Redirect.EntryPoint] == nil {
-			return nil, errors.New("Unkown entrypoint " + entryPoint.Redirect.EntryPoint)
+			return nil, errors.New("Unknown entrypoint " + entryPoint.Redirect.EntryPoint)
 		}
 		protocol := "http"
 		if server.globalConfiguration.EntryPoints[entryPoint.Redirect.EntryPoint].TLS != nil {
@@ -443,9 +470,28 @@ func (server *Server) loadEntryPointConfig(entryPointName string, entryPoint *En
 func (server *Server) buildDefaultHTTPRouter() *mux.Router {
 	router := mux.NewRouter()
 	router.NotFoundHandler = http.HandlerFunc(notFoundHandler)
+	router.StrictSlash(true)
 	return router
 }
 
+func getRoute(any interface{}, rule string, value ...interface{}) (*mux.Route, error) {
+	switch rule {
+	case "PathStrip":
+		rule = "Path"
+	case "PathPrefixStrip":
+		rule = "PathPrefix"
+	}
+	inputs := make([]reflect.Value, len(value))
+	for i := range value {
+		inputs[i] = reflect.ValueOf(value[i])
+	}
+	method := reflect.ValueOf(any).MethodByName(rule)
+	if method.IsValid() {
+		return method.Call(inputs)[0].Interface().(*mux.Route), nil
+	}
+	return nil, errors.New("Method not found: " + rule)
+}
+
 func sortedFrontendNamesForConfig(configuration *types.Configuration) []string {
 	keys := []string{}
 

templates/docker.tmpl

@@ -1,6 +1,6 @@
 [backends]{{range .Containers}}
     [backends.backend-{{getBackend .}}.servers.server-{{.Name | replace "/" "" | replace "." "-"}}]
-    url = "{{getProtocol .}}://{{.NetworkSettings.IPAddress}}:{{getPort .}}"
+    url = "{{getProtocol .}}://{{range $i := .NetworkSettings.Networks}}{{if $i}}{{.IPAddress}}{{end}}{{end}}:{{getPort .}}"
     weight = {{getWeight .}}
 {{end}}
 

traefik.sample.toml

@@ -206,12 +206,6 @@
 #
 # endpoint = "http://127.0.0.1:8080"
 
-# Network interface used to call Marathon web services. Needed in case of multiple network interfaces.
-# Optional
-# Default: "eth0"
-#
-# networkInterface = "eth0"
-
 # Enable watch Marathon changes
 #
 # Optional
@@ -281,6 +275,16 @@
 #
 # filename = "consul.tmpl"
 
+# Enable consul TLS connection
+#
+# Optional
+#
+# [consul.tls]
+# ca = "/etc/ssl/ca.crt"
+# cert = "/etc/ssl/consul.crt"
+# key = "/etc/ssl/consul.key"
+# insecureskipverify = true
+
 
 ################################################################
 # Etcd configuration backend
@@ -316,6 +320,16 @@
 #
 # filename = "etcd.tmpl"
 
+# Enable etcd TLS connection
+#
+# Optional
+#
+# [etcd.tls]
+# ca = "/etc/ssl/ca.crt"
+# cert = "/etc/ssl/etcd.crt"
+# key = "/etc/ssl/etcd.key"
+# insecureskipverify = true
+
 
 ################################################################
 # Zookeeper configuration backend

utils.go

@@ -1,23 +0,0 @@
-/*
-Copyright
-*/
-package main
-
-import (
-	"errors"
-	"reflect"
-)
-
-// Invoke calls the specified method with the specified arguments on the specified interface.
-// It uses the go(lang) reflect package.
-func invoke(any interface{}, name string, args ...interface{}) ([]reflect.Value, error) {
-	inputs := make([]reflect.Value, len(args))
-	for i := range args {
-		inputs[i] = reflect.ValueOf(args[i])
-	}
-	method := reflect.ValueOf(any).MethodByName(name)
-	if method.IsValid() {
-		return method.Call(inputs), nil
-	}
-	return nil, errors.New("Method not found: " + name)
-}