Merge pull request #235 from containous/refactor-hot-reload

Refactor hot reload

.gitignore

@@ -8,3 +8,4 @@ traefik.toml
 *.test
 vendor/
 static/
+glide.lock

README.md

@@ -1,5 +1,7 @@
-![Træfɪk](http://traefik.github.io/traefik.logo.svg  "Træfɪk")
-___
+
+<p align="center">
+<img src="http://traefik.github.io/traefik.logo.svg" alt="Træfɪk" title="Træfɪk" />
+</p>
 
 [![Build Status](https://travis-ci.org/containous/traefik.svg?branch=master)](https://travis-ci.org/containous/traefik)
 [![License](https://img.shields.io/badge/license-MIT-blue.svg?style=flat-square)](https://github.com/containous/traefik/blob/master/LICENSE.md)
@@ -14,13 +16,14 @@ It supports several backends ([Docker :whale:](https://www.docker.com/), [Mesos/
 
 ## Features
 
+- It's fast
 - No dependency hell, single binary made with go
 - Simple json Rest API
 - Simple TOML file configuration
 - Multiple backends supported: Docker, Mesos/Marathon, Consul, Etcd, and more to come
 - Watchers for backends, can listen change in backends to apply a new configuration automatically
 - Hot-reloading of configuration. No need to restart the process
-- Graceful shutdown http connections during hot-reloads
+- Graceful shutdown http connections
 - Circuit breakers on backends
 - Round Robin, rebalancer load-balancers
 - Rest Metrics

cmd.go

@@ -45,9 +45,11 @@ var arguments = struct {
 	dockerTLS     bool
 	marathon      bool
 	consul        bool
+	consulTLS     bool
 	consulCatalog bool
 	zookeeper     bool
 	etcd          bool
+	etcdTLS       bool
 	boltdb        bool
 }{
 	GlobalConfiguration{
@@ -55,14 +57,22 @@ var arguments = struct {
 		Docker: &provider.Docker{
 			TLS: &provider.DockerTLS{},
 		},
-		File:          &provider.File{},
-		Web:           &WebProvider{},
-		Marathon:      &provider.Marathon{},
-		Consul:        &provider.Consul{},
+		File:     &provider.File{},
+		Web:      &WebProvider{},
+		Marathon: &provider.Marathon{},
+		Consul: &provider.Consul{
+			Kv: provider.Kv{
+				TLS: &provider.KvTLS{},
+			},
+		},
 		ConsulCatalog: &provider.ConsulCatalog{},
 		Zookeeper:     &provider.Zookepper{},
-		Etcd:          &provider.Etcd{},
-		Boltdb:        &provider.BoltDb{},
+		Etcd: &provider.Etcd{
+			Kv: provider.Kv{
+				TLS: &provider.KvTLS{},
+			},
+		},
+		Boltdb: &provider.BoltDb{},
 	},
 	false,
 	false,
@@ -74,6 +84,8 @@ var arguments = struct {
 	false,
 	false,
 	false,
+	false,
+	false,
 }
 
 func init() {
@@ -114,13 +126,17 @@ func init() {
 	traefikCmd.PersistentFlags().StringVar(&arguments.Marathon.Filename, "marathon.filename", "", "Override default configuration template. For advanced users :)")
 	traefikCmd.PersistentFlags().StringVar(&arguments.Marathon.Endpoint, "marathon.endpoint", "http://127.0.0.1:8080", "Marathon server endpoint. You can also specify multiple endpoint for Marathon")
 	traefikCmd.PersistentFlags().StringVar(&arguments.Marathon.Domain, "marathon.domain", "", "Default domain used")
-	traefikCmd.PersistentFlags().StringVar(&arguments.Marathon.NetworkInterface, "marathon.networkInterface", "eth0", "Network interface used to call Marathon web services. Needed in case of multiple network interfaces")
 
 	traefikCmd.PersistentFlags().BoolVar(&arguments.consul, "consul", false, "Enable Consul backend")
 	traefikCmd.PersistentFlags().BoolVar(&arguments.Consul.Watch, "consul.watch", true, "Watch provider")
 	traefikCmd.PersistentFlags().StringVar(&arguments.Consul.Filename, "consul.filename", "", "Override default configuration template. For advanced users :)")
-	traefikCmd.PersistentFlags().StringVar(&arguments.Consul.Endpoint, "consul.endpoint", "127.0.0.1:8500", "Consul server endpoint")
+	traefikCmd.PersistentFlags().StringVar(&arguments.Consul.Endpoint, "consul.endpoint", "127.0.0.1:8500", "Comma sepparated Consul server endpoints")
 	traefikCmd.PersistentFlags().StringVar(&arguments.Consul.Prefix, "consul.prefix", "/traefik", "Prefix used for KV store")
+	traefikCmd.PersistentFlags().BoolVar(&arguments.consulTLS, "consul.tls", false, "Enable Consul TLS support")
+	traefikCmd.PersistentFlags().StringVar(&arguments.Consul.TLS.CA, "consul.tls.ca", "", "TLS CA")
+	traefikCmd.PersistentFlags().StringVar(&arguments.Consul.TLS.Cert, "consul.tls.cert", "", "TLS cert")
+	traefikCmd.PersistentFlags().StringVar(&arguments.Consul.TLS.Key, "consul.tls.key", "", "TLS key")
+	traefikCmd.PersistentFlags().BoolVar(&arguments.Consul.TLS.InsecureSkipVerify, "consul.tls.insecureSkipVerify", false, "TLS insecure skip verify")
 
 	traefikCmd.PersistentFlags().BoolVar(&arguments.consulCatalog, "consulCatalog", false, "Enable Consul catalog backend")
 	traefikCmd.PersistentFlags().StringVar(&arguments.ConsulCatalog.Domain, "consulCatalog.domain", "", "Default domain used")
@@ -129,14 +145,19 @@ func init() {
 	traefikCmd.PersistentFlags().BoolVar(&arguments.zookeeper, "zookeeper", false, "Enable Zookeeper backend")
 	traefikCmd.PersistentFlags().BoolVar(&arguments.Zookeeper.Watch, "zookeeper.watch", true, "Watch provider")
 	traefikCmd.PersistentFlags().StringVar(&arguments.Zookeeper.Filename, "zookeeper.filename", "", "Override default configuration template. For advanced users :)")
-	traefikCmd.PersistentFlags().StringVar(&arguments.Zookeeper.Endpoint, "zookeeper.endpoint", "127.0.0.1:2181", "Zookeeper server endpoint")
+	traefikCmd.PersistentFlags().StringVar(&arguments.Zookeeper.Endpoint, "zookeeper.endpoint", "127.0.0.1:2181", "Comma sepparated Zookeeper server endpoints")
 	traefikCmd.PersistentFlags().StringVar(&arguments.Zookeeper.Prefix, "zookeeper.prefix", "/traefik", "Prefix used for KV store")
 
 	traefikCmd.PersistentFlags().BoolVar(&arguments.etcd, "etcd", false, "Enable Etcd backend")
 	traefikCmd.PersistentFlags().BoolVar(&arguments.Etcd.Watch, "etcd.watch", true, "Watch provider")
 	traefikCmd.PersistentFlags().StringVar(&arguments.Etcd.Filename, "etcd.filename", "", "Override default configuration template. For advanced users :)")
-	traefikCmd.PersistentFlags().StringVar(&arguments.Etcd.Endpoint, "etcd.endpoint", "127.0.0.1:4001", "Etcd server endpoint")
+	traefikCmd.PersistentFlags().StringVar(&arguments.Etcd.Endpoint, "etcd.endpoint", "127.0.0.1:4001", "Comma sepparated Etcd server endpoints")
 	traefikCmd.PersistentFlags().StringVar(&arguments.Etcd.Prefix, "etcd.prefix", "/traefik", "Prefix used for KV store")
+	traefikCmd.PersistentFlags().BoolVar(&arguments.etcdTLS, "etcd.tls", false, "Enable Etcd TLS support")
+	traefikCmd.PersistentFlags().StringVar(&arguments.Etcd.TLS.CA, "etcd.tls.ca", "", "TLS CA")
+	traefikCmd.PersistentFlags().StringVar(&arguments.Etcd.TLS.Cert, "etcd.tls.cert", "", "TLS cert")
+	traefikCmd.PersistentFlags().StringVar(&arguments.Etcd.TLS.Key, "etcd.tls.key", "", "TLS key")
+	traefikCmd.PersistentFlags().BoolVar(&arguments.Etcd.TLS.InsecureSkipVerify, "etcd.tls.insecureSkipVerify", false, "TLS insecure skip verify")
 
 	traefikCmd.PersistentFlags().BoolVar(&arguments.boltdb, "boltdb", false, "Enable Boltdb backend")
 	traefikCmd.PersistentFlags().BoolVar(&arguments.Boltdb.Watch, "boltdb.watch", true, "Watch provider")

configuration.go

@@ -222,6 +222,9 @@ func LoadConfiguration() *GlobalConfiguration {
 	if arguments.marathon {
 		viper.Set("marathon", arguments.Marathon)
 	}
+	if !arguments.consulTLS {
+		arguments.Consul.TLS = nil
+	}
 	if arguments.consul {
 		viper.Set("consul", arguments.Consul)
 	}
@@ -231,6 +234,9 @@ func LoadConfiguration() *GlobalConfiguration {
 	if arguments.zookeeper {
 		viper.Set("zookeeper", arguments.Zookeeper)
 	}
+	if !arguments.etcdTLS {
+		arguments.Etcd.TLS = nil
+	}
 	if arguments.etcd {
 		viper.Set("etcd", arguments.Etcd)
 	}

docs/index.md

@@ -37,7 +37,9 @@ Frontends can be defined using the following rules:
 - `Host`: Host adds a matcher for the URL host. It accepts a template with zero or more URL variables enclosed by `{}`. Variables can define an optional regexp pattern to be matched: `www.traefik.io`, `{subdomain:[a-z]+}.traefik.io`
 - `Methods`: Methods adds a matcher for HTTP methods. It accepts a sequence of one or more methods to be matched, e.g.: `GET`, `POST`, `PUT`
 - `Path`: Path adds a matcher for the URL path. It accepts a template with zero or more URL variables enclosed by `{}`. The template must start with a `/`. For exemple `/products/` `/articles/{category}/{id:[0-9]+}`
+- `PathStrip`: Same as `Path` but strip the given prefix from the request URL's Path.
 - `PathPrefix`: PathPrefix adds a matcher for the URL path prefix. This matches if the given template is a prefix of the full URL path.
+- `PathPrefixStrip`: Same as `PathPrefix` but strip the given prefix from the request URL's Path.
 
 
  A frontend is a set of rules that forwards the incoming http traffic to a backend.
@@ -106,9 +108,14 @@ Flags:
       --boltdb.watch                         Watch provider (default true)
   -c, --configFile string                    Configuration file to use (TOML, JSON, YAML, HCL).
       --consul                               Enable Consul backend
-      --consul.endpoint string               Consul server endpoint (default "127.0.0.1:8500")
+      --consul.endpoint string               Comma sepparated Consul server endpoints (default "127.0.0.1:8500")
       --consul.filename string               Override default configuration template. For advanced users :)
       --consul.prefix string                 Prefix used for KV store (default "/traefik")
+      --consul.tls                           Enable Consul TLS support
+      --consul.tls.ca string                 TLS CA
+      --consul.tls.cert string               TLS cert
+      --consul.tls.insecureSkipVerify        TLS insecure skip verify
+      --consul.tls.key string                TLS key
       --consul.watch                         Watch provider (default true)
       --consulCatalog                        Enable Consul catalog backend
       --consulCatalog.domain string          Default domain used
@@ -126,9 +133,14 @@ Flags:
       --docker.watch                         Watch provider (default true)
       --entryPoints value                    Entrypoints definition using format: --entryPoints='Name:http Address::8000 Redirect.EntryPoint:https' --entryPoints='Name:https Address::4442 TLS:tests/traefik.crt,tests/traefik.key'
       --etcd                                 Enable Etcd backend
-      --etcd.endpoint string                 Etcd server endpoint (default "127.0.0.1:4001")
+      --etcd.endpoint string                 Comma sepparated Etcd server endpoints (default "127.0.0.1:4001")
       --etcd.filename string                 Override default configuration template. For advanced users :)
       --etcd.prefix string                   Prefix used for KV store (default "/traefik")
+      --etcd.tls                             Enable Etcd TLS support
+      --etcd.tls.ca string                   TLS CA
+      --etcd.tls.cert string                 TLS cert
+      --etcd.tls.insecureSkipVerify          TLS insecure skip verify
+      --etcd.tls.key string                  TLS key
       --etcd.watch                           Watch provider (default true)
       --file                                 Enable File backend
       --file.filename string                 Override default configuration template. For advanced users :)
@@ -139,10 +151,8 @@ Flags:
       --marathon.domain string               Default domain used
       --marathon.endpoint string             Marathon server endpoint. You can also specify multiple endpoint for Marathon (default "http://127.0.0.1:8080")
       --marathon.filename string             Override default configuration template. For advanced users :)
-      --marathon.networkInterface string     Network interface used to call Marathon web services. Needed in case of multiple network interfaces (default "eth0")
       --marathon.watch                       Watch provider (default true)
       --maxIdleConnsPerHost int              If non-zero, controls the maximum idle (keep-alive) to keep per-host.  If zero, DefaultMaxIdleConnsPerHost is used
-  -p, --port string                          Reverse proxy port (default ":80")
       --providersThrottleDuration duration   Backends throttle duration: minimum duration between 2 events from providers before applying a new configuration. It avoids unnecessary reloads if multiples events are sent in a short amount of time. (default 2s)
       --traefikLogsFile string               Traefik logs file (default "log/traefik.log")
       --web                                  Enable Web backend
@@ -151,7 +161,7 @@ Flags:
       --web.keyFile string                   SSL certificate
       --web.readOnly                         Enable read only API
       --zookeeper                            Enable Zookeeper backend
-      --zookeeper.endpoint string            Zookeeper server endpoint (default "127.0.0.1:2181")
+      --zookeeper.endpoint string            Comma sepparated Zookeeper server endpoints (default "127.0.0.1:2181")
       --zookeeper.filename string            Override default configuration template. For advanced users :)
       --zookeeper.prefix string              Prefix used for KV store (default "/traefik")
       --zookeeper.watch                      Watch provider (default true)
@@ -629,12 +639,6 @@ Træfɪk can be configured to use Marathon as a backend configuration:
 #
 endpoint = "http://127.0.0.1:8080"
 
-# Network interface used to call Marathon web services. Needed in case of multiple network interfaces.
-# Optional
-# Default: "eth0"
-#
-networkInterface = "eth0"
-
 # Enable watch Marathon changes
 #
 # Optional
@@ -722,6 +726,16 @@ prefix = "traefik"
 # Optional
 #
 # filename = "consul.tmpl"
+
+# Enable consul TLS connection
+#
+# Optional
+#
+# [consul.tls]
+# ca = "/etc/ssl/ca.crt"
+# cert = "/etc/ssl/consul.crt"
+# key = "/etc/ssl/consul.key"
+# insecureskipverify = true
 ```
 
 The Keys-Values structure should look (using `prefix = "/traefik"`):
@@ -803,6 +817,16 @@ Træfɪk can be configured to use Etcd as a backend configuration:
 # Optional
 #
 # filename = "etcd.tmpl"
+
+# Enable etcd TLS connection
+#
+# Optional
+#
+# [etcd.tls]
+# ca = "/etc/ssl/ca.crt"
+# cert = "/etc/ssl/etcd.crt"
+# key = "/etc/ssl/etcd.key"
+# insecureskipverify = true
 ```
 
 The Keys-Values structure should look (using `prefix = "/traefik"`):

glide.yaml

@@ -57,7 +57,7 @@ import:
   - package: github.com/flynn/go-shlex
     ref:     3f9db97f856818214da2e1057f8ad84803971cff
   - package: github.com/fsouza/go-dockerclient
-    ref:     0239034d42f665efa17fd77c39f891c2f9f32922
+    ref:     a49c8269a6899cae30da1f8a4b82e0ce945f9967
   - package: github.com/boltdb/bolt
     ref:     51f99c862475898df9773747d3accd05a7ca33c1
   - package: gopkg.in/mgo.v2

integration/etcd_test.go

@@ -0,0 +1,27 @@
+package main
+
+import (
+	"net/http"
+	"os/exec"
+	"time"
+
+	"fmt"
+	checker "github.com/vdemeester/shakers"
+	check "gopkg.in/check.v1"
+)
+
+func (s *EtcdSuite) TestSimpleConfiguration(c *check.C) {
+	cmd := exec.Command(traefikBinary, "--configFile=fixtures/etcd/simple.toml")
+	err := cmd.Start()
+	c.Assert(err, checker.IsNil)
+	defer cmd.Process.Kill()
+
+	time.Sleep(1000 * time.Millisecond)
+	// TODO validate : run on 80
+	resp, err := http.Get("http://127.0.0.1:8000/")
+
+	// Expected no response as we did not configure anything
+	c.Assert(resp, checker.IsNil)
+	c.Assert(err, checker.NotNil)
+	c.Assert(err.Error(), checker.Contains, fmt.Sprintf("getsockopt: connection refused"))
+}

integration/fixtures/etcd/simple.toml

@@ -0,0 +1,10 @@
+defaultEntryPoints = ["http"]
+
+[entryPoints]
+  [entryPoints.http]
+  address = ":8000"
+
+logLevel = "DEBUG"
+
+[etcd]
+  endpoint = "127.0.0.1:4003,127.0.0.1:4002,127.0.0.1:4001"

integration/integration_test.go

@@ -29,6 +29,7 @@ func init() {
 	check.Suite(&DockerSuite{})
 	check.Suite(&ConsulSuite{})
 	check.Suite(&ConsulCatalogSuite{})
+	check.Suite(&EtcdSuite{})
 	check.Suite(&MarathonSuite{})
 }
 
@@ -50,6 +51,13 @@ func (s *ConsulSuite) SetUpSuite(c *check.C) {
 	s.createComposeProject(c, "consul")
 }
 
+// Etcd test suites (using libcompose)
+type EtcdSuite struct{ BaseSuite }
+
+func (s *EtcdSuite) SetUpSuite(c *check.C) {
+	s.createComposeProject(c, "etcd")
+}
+
 // Marathon test suites (using libcompose)
 type MarathonSuite struct{ BaseSuite }
 

integration/resources/compose/etcd.yml

@@ -0,0 +1,30 @@
+etcd1:
+  image: quay.io/coreos/etcd:v2.2.0
+  net: "host"
+  command: >
+    --name etcd1
+    --listen-peer-urls http://localhost:7001
+    --listen-client-urls http://localhost:4001
+    --initial-advertise-peer-urls http://localhost:7001
+    --advertise-client-urls http://localhost:4001
+    --initial-cluster etcd1=http://localhost:7001,etcd2=http://localhost:7002,etcd3=http://localhost:7003
+etcd2:
+  image: quay.io/coreos/etcd:v2.2.0
+  net: "host"
+  command: >
+    --name etcd2
+    --listen-peer-urls http://localhost:7002
+    --listen-client-urls http://localhost:4002
+    --initial-advertise-peer-urls http://localhost:7002
+    --advertise-client-urls http://localhost:4002
+    --initial-cluster etcd1=http://localhost:7001,etcd2=http://localhost:7002,etcd3=http://localhost:7003
+etcd3:
+  image: quay.io/coreos/etcd:v2.2.0
+  net: "host"
+  command: >
+    --name etcd3
+    --listen-peer-urls http://localhost:7003
+    --listen-client-urls http://localhost:4003
+    --initial-advertise-peer-urls http://localhost:7003
+    --advertise-client-urls http://localhost:4003
+    --initial-cluster etcd1=http://localhost:7001,etcd2=http://localhost:7002,etcd3=http://localhost:7003

middlewares/StripPrefix.go

@@ -0,0 +1,22 @@
+package middlewares
+
+import (
+	"net/http"
+	"strings"
+)
+
+// StripPrefix is a middleware used to strip prefix from an URL request
+type StripPrefix struct {
+	Handler http.Handler
+	Prefix  string
+}
+
+func (s *StripPrefix) ServeHTTP(w http.ResponseWriter, r *http.Request) {
+	if p := strings.TrimPrefix(r.URL.Path, s.Prefix); len(p) < len(r.URL.Path) {
+		r.URL.Path = p
+		r.RequestURI = r.URL.RequestURI()
+		s.Handler.ServeHTTP(w, r)
+	} else {
+		http.NotFound(w, r)
+	}
+}

middlewares/handlerSwitcher.go

@@ -0,0 +1,40 @@
+package middlewares
+
+import (
+	"github.com/gorilla/mux"
+	"net/http"
+	"sync"
+)
+
+// HandlerSwitcher allows hot switching of http.ServeMux
+type HandlerSwitcher struct {
+	handler     *mux.Router
+	handlerLock *sync.Mutex
+}
+
+// NewHandlerSwitcher builds a new instance of HandlerSwitcher
+func NewHandlerSwitcher(newHandler *mux.Router) (hs *HandlerSwitcher) {
+	return &HandlerSwitcher{
+		handler:     newHandler,
+		handlerLock: &sync.Mutex{},
+	}
+}
+
+func (hs *HandlerSwitcher) ServeHTTP(rw http.ResponseWriter, r *http.Request) {
+	hs.handlerLock.Lock()
+	handlerBackup := hs.handler
+	hs.handlerLock.Unlock()
+	handlerBackup.ServeHTTP(rw, r)
+}
+
+// GetHandler returns the current http.ServeMux
+func (hs *HandlerSwitcher) GetHandler() (newHandler *mux.Router) {
+	return hs.handler
+}
+
+// UpdateHandler safely updates the current http.ServeMux with a new one
+func (hs *HandlerSwitcher) UpdateHandler(newHandler *mux.Router) {
+	hs.handlerLock.Lock()
+	hs.handler = newHandler
+	defer hs.handlerLock.Unlock()
+}

provider/docker_test.go

@@ -676,7 +676,11 @@ func TestDockerLoadDockerConfig(t *testing.T) {
 						Ports: map[docker.Port][]docker.PortBinding{
 							"80/tcp": {},
 						},
-						IPAddress: "127.0.0.1",
+						Networks: map[string]docker.ContainerNetwork{
+							"bridgde": {
+								IPAddress: "127.0.0.1",
+							},
+						},
 					},
 				},
 			},
@@ -718,7 +722,11 @@ func TestDockerLoadDockerConfig(t *testing.T) {
 						Ports: map[docker.Port][]docker.PortBinding{
 							"80/tcp": {},
 						},
-						IPAddress: "127.0.0.1",
+						Networks: map[string]docker.ContainerNetwork{
+							"bridgde": {
+								IPAddress: "127.0.0.1",
+							},
+						},
 					},
 				},
 				{
@@ -732,7 +740,11 @@ func TestDockerLoadDockerConfig(t *testing.T) {
 						Ports: map[docker.Port][]docker.PortBinding{
 							"80/tcp": {},
 						},
-						IPAddress: "127.0.0.1",
+						Networks: map[string]docker.ContainerNetwork{
+							"bridgde": {
+								IPAddress: "127.0.0.1",
+							},
+						},
 					},
 				},
 			},

provider/kv.go

@@ -2,6 +2,10 @@
 package provider
 
 import (
+	"crypto/tls"
+	"crypto/x509"
+	"fmt"
+	"io/ioutil"
 	"strings"
 	"text/template"
 	"time"
@@ -18,18 +22,55 @@ type Kv struct {
 	BaseProvider `mapstructure:",squash"`
 	Endpoint     string
 	Prefix       string
+	TLS          *KvTLS
 	storeType    store.Backend
 	kvclient     store.Store
 }
 
+// KvTLS holds TLS specific configurations
+type KvTLS struct {
+	CA                 string
+	Cert               string
+	Key                string
+	InsecureSkipVerify bool
+}
+
 func (provider *Kv) provide(configurationChan chan<- types.ConfigMessage) error {
+	storeConfig := &store.Config{
+		ConnectionTimeout: 30 * time.Second,
+		Bucket:            "traefik",
+	}
+
+	if provider.TLS != nil {
+		caPool := x509.NewCertPool()
+
+		if provider.TLS.CA != "" {
+			ca, err := ioutil.ReadFile(provider.TLS.CA)
+
+			if err != nil {
+				return fmt.Errorf("Failed to read CA. %s", err)
+			}
+
+			caPool.AppendCertsFromPEM(ca)
+		}
+
+		cert, err := tls.LoadX509KeyPair(provider.TLS.Cert, provider.TLS.Key)
+
+		if err != nil {
+			return fmt.Errorf("Failed to load keypair. %s", err)
+		}
+
+		storeConfig.TLS = &tls.Config{
+			Certificates:       []tls.Certificate{cert},
+			RootCAs:            caPool,
+			InsecureSkipVerify: provider.TLS.InsecureSkipVerify,
+		}
+	}
+
 	kv, err := libkv.NewStore(
 		provider.storeType,
-		[]string{provider.Endpoint},
-		&store.Config{
-			ConnectionTimeout: 30 * time.Second,
-			Bucket:            "traefik",
-		},
+		strings.Split(provider.Endpoint, ","),
+		storeConfig,
 	)
 	if err != nil {
 		return err

provider/marathon.go

@@ -17,13 +17,12 @@ import (
 
 // Marathon holds configuration of the Marathon provider.
 type Marathon struct {
-	BaseProvider     `mapstructure:",squash"`
-	Endpoint         string
-	Domain           string
-	NetworkInterface string
-	Basic            *MarathonBasic
-	TLS              *tls.Config
-	marathonClient   marathon.Marathon
+	BaseProvider   `mapstructure:",squash"`
+	Endpoint       string
+	Domain         string
+	Basic          *MarathonBasic
+	TLS            *tls.Config
+	marathonClient marathon.Marathon
 }
 
 // MarathonBasic holds basic authentication specific configurations
@@ -42,7 +41,7 @@ type lightMarathonClient interface {
 func (provider *Marathon) Provide(configurationChan chan<- types.ConfigMessage) error {
 	config := marathon.NewDefaultConfig()
 	config.URL = provider.Endpoint
-	config.EventsInterface = provider.NetworkInterface
+	config.EventsTransport = marathon.EventsTransportSSE
 	if provider.Basic != nil {
 		config.HTTPBasicAuthUser = provider.Basic.HTTPBasicAuthUser
 		config.HTTPBasicPassword = provider.Basic.HTTPBasicPassword
@@ -61,7 +60,7 @@ func (provider *Marathon) Provide(configurationChan chan<- types.ConfigMessage)
 	update := make(marathon.EventsChannel, 5)
 	if provider.Watch {
 		if err := client.AddEventsListener(update, marathon.EVENTS_APPLICATIONS); err != nil {
-			log.Errorf("Failed to register for subscriptions, %s", err)
+			log.Errorf("Failed to register for events, %s", err)
 		} else {
 			go func() {
 				for {

script/deploy.sh

@@ -31,9 +31,9 @@ git push --follow-tags -u origin master
 
 # create docker image emilevauge/traefik (compatibility)
 docker login -e $DOCKER_EMAIL -u $DOCKER_USER -p $DOCKER_PASS
-docker push ${REPO,,}:latest
-docker tag ${REPO,,}:latest ${REPO,,}:${VERSION}
-docker push ${REPO,,}:${VERSION}
+docker push emilevauge/traefik:latest
+docker tag emilevauge/traefik:latest emilevauge/traefik:${VERSION}
+docker push emilevauge/traefik:${VERSION}
 
 cd ..
 rm -Rf traefik-library-image/

server.go

@@ -7,6 +7,16 @@ import (
 	"crypto/tls"
 	"encoding/json"
 	"errors"
+	"net/http"
+	"net/url"
+	"os"
+	"os/signal"
+	"reflect"
+	"regexp"
+	"sort"
+	"sync"
+	"syscall"
+	"time"
 
 	log "github.com/Sirupsen/logrus"
 	"github.com/codegangsta/negroni"
@@ -18,16 +28,6 @@ import (
 	"github.com/mailgun/oxy/cbreaker"
 	"github.com/mailgun/oxy/forward"
 	"github.com/mailgun/oxy/roundrobin"
-	"net/http"
-	"net/url"
-	"os"
-	"os/signal"
-	"reflect"
-	"regexp"
-	"sort"
-	"sync"
-	"syscall"
-	"time"
 )
 
 var oxyLogger = &OxyLogger{}
@@ -48,7 +48,7 @@ type Server struct {
 
 type serverEntryPoint struct {
 	httpServer *manners.GracefulServer
-	httpRouter *mux.Router
+	httpRouter *middlewares.HandlerSwitcher
 }
 
 // NewServer returns an initialized Server.
@@ -82,7 +82,7 @@ func (server *Server) Start() {
 // Stop stops the server
 func (server *Server) Stop() {
 	for _, serverEntryPoint := range server.serverEntryPoints {
-		serverEntryPoint.httpServer.Close()
+		serverEntryPoint.httpServer.BlockingClose()
 	}
 	server.stopChan <- true
 }
@@ -142,22 +142,23 @@ func (server *Server) listenConfigurations() {
 				server.serverLock.Lock()
 				for newServerEntryPointName, newServerEntryPoint := range newServerEntryPoints {
 					currentServerEntryPoint := server.serverEntryPoints[newServerEntryPointName]
-					server.currentConfigurations = newConfigurations
-					currentServerEntryPoint.httpRouter = newServerEntryPoint.httpRouter
-					oldServer := currentServerEntryPoint.httpServer
-					newsrv, err := server.prepareServer(currentServerEntryPoint.httpRouter, server.globalConfiguration.EntryPoints[newServerEntryPointName], oldServer, server.loggerMiddleware, metrics)
-					if err != nil {
-						log.Fatal("Error preparing server: ", err)
-					}
-					go server.startServer(newsrv, server.globalConfiguration)
-					currentServerEntryPoint.httpServer = newsrv
-					server.serverEntryPoints[newServerEntryPointName] = currentServerEntryPoint
-					time.Sleep(1 * time.Second)
-					if oldServer != nil {
-						log.Info("Stopping old server")
-						oldServer.Close()
+					if currentServerEntryPoint.httpServer == nil {
+						newsrv, err := server.prepareServer(newServerEntryPoint.httpRouter, server.globalConfiguration.EntryPoints[newServerEntryPointName], nil, server.loggerMiddleware, metrics)
+						if err != nil {
+							log.Fatal("Error preparing server: ", err)
+						}
+						go server.startServer(newsrv, server.globalConfiguration)
+						currentServerEntryPoint.httpServer = newsrv
+						currentServerEntryPoint.httpRouter = newServerEntryPoint.httpRouter
+						server.serverEntryPoints[newServerEntryPointName] = currentServerEntryPoint
+						log.Infof("Created new Handler: %p", newServerEntryPoint.httpRouter.GetHandler())
+					} else {
+						handlerSwitcher := currentServerEntryPoint.httpRouter
+						handlerSwitcher.UpdateHandler(newServerEntryPoint.httpRouter.GetHandler())
+						log.Infof("Created new Handler: %p", newServerEntryPoint.httpRouter.GetHandler())
 					}
 				}
+				server.currentConfigurations = newConfigurations
 				server.serverLock.Unlock()
 			} else {
 				log.Error("Error loading new configuration, aborted ", err)
@@ -264,7 +265,7 @@ func (server *Server) startServer(srv *manners.GracefulServer, globalConfigurati
 	log.Info("Server stopped")
 }
 
-func (server *Server) prepareServer(router *mux.Router, entryPoint *EntryPoint, oldServer *manners.GracefulServer, middlewares ...negroni.Handler) (*manners.GracefulServer, error) {
+func (server *Server) prepareServer(router http.Handler, entryPoint *EntryPoint, oldServer *manners.GracefulServer, middlewares ...negroni.Handler) (*manners.GracefulServer, error) {
 	log.Info("Preparing server")
 	// middlewares
 	var negroni = negroni.New()
@@ -303,7 +304,7 @@ func (server *Server) buildEntryPoints(globalConfiguration GlobalConfiguration)
 	for entryPointName := range globalConfiguration.EntryPoints {
 		router := server.buildDefaultHTTPRouter()
 		serverEntryPoints[entryPointName] = serverEntryPoint{
-			httpRouter: router,
+			httpRouter: middlewares.NewHandlerSwitcher(router),
 		}
 	}
 	return serverEntryPoints
@@ -332,14 +333,14 @@ func (server *Server) loadConfig(configurations configs, globalConfiguration Glo
 				if _, ok := serverEntryPoints[entryPointName]; !ok {
 					return nil, errors.New("Undefined entrypoint: " + entryPointName)
 				}
-				newRoute := serverEntryPoints[entryPointName].httpRouter.NewRoute().Name(frontendName)
+				newRoute := serverEntryPoints[entryPointName].httpRouter.GetHandler().NewRoute().Name(frontendName)
 				for routeName, route := range frontend.Routes {
 					log.Debugf("Creating route %s %s:%s", routeName, route.Rule, route.Value)
-					newRouteReflect, err := invoke(newRoute, route.Rule, route.Value)
+					route, err := getRoute(newRoute, route.Rule, route.Value)
 					if err != nil {
 						return nil, err
 					}
-					newRoute = newRouteReflect[0].Interface().(*mux.Route)
+					newRoute = route
 				}
 				entryPoint := globalConfiguration.EntryPoints[entryPointName]
 				if entryPoint.Redirect != nil {
@@ -399,7 +400,7 @@ func (server *Server) loadConfig(configurations configs, globalConfiguration Glo
 					} else {
 						log.Debugf("Reusing backend %s", frontend.Backend)
 					}
-					newRoute.Handler(backends[frontend.Backend])
+					server.wireFrontendBackend(frontend.Routes, newRoute, backends[frontend.Backend])
 				}
 				err := newRoute.GetError()
 				if err != nil {
@@ -411,13 +412,39 @@ func (server *Server) loadConfig(configurations configs, globalConfiguration Glo
 	return serverEntryPoints, nil
 }
 
+func (server *Server) wireFrontendBackend(routes map[string]types.Route, newRoute *mux.Route, handler http.Handler) {
+	// strip prefix
+	var strip bool
+	for _, route := range routes {
+		switch route.Rule {
+		case "PathStrip":
+			newRoute.Handler(&middlewares.StripPrefix{
+				Prefix:  route.Value,
+				Handler: handler,
+			})
+			strip = true
+			break
+		case "PathPrefixStrip":
+			newRoute.Handler(&middlewares.StripPrefix{
+				Prefix:  route.Value,
+				Handler: handler,
+			})
+			strip = true
+			break
+		}
+	}
+	if !strip {
+		newRoute.Handler(handler)
+	}
+}
+
 func (server *Server) loadEntryPointConfig(entryPointName string, entryPoint *EntryPoint) (http.Handler, error) {
 	regex := entryPoint.Redirect.Regex
 	replacement := entryPoint.Redirect.Replacement
 	if len(entryPoint.Redirect.EntryPoint) > 0 {
 		regex = "^(?:https?:\\/\\/)?([\\da-z\\.-]+)(?::\\d+)(.*)$"
 		if server.globalConfiguration.EntryPoints[entryPoint.Redirect.EntryPoint] == nil {
-			return nil, errors.New("Unkown entrypoint " + entryPoint.Redirect.EntryPoint)
+			return nil, errors.New("Unknown entrypoint " + entryPoint.Redirect.EntryPoint)
 		}
 		protocol := "http"
 		if server.globalConfiguration.EntryPoints[entryPoint.Redirect.EntryPoint].TLS != nil {
@@ -443,9 +470,28 @@ func (server *Server) loadEntryPointConfig(entryPointName string, entryPoint *En
 func (server *Server) buildDefaultHTTPRouter() *mux.Router {
 	router := mux.NewRouter()
 	router.NotFoundHandler = http.HandlerFunc(notFoundHandler)
+	router.StrictSlash(true)
 	return router
 }
 
+func getRoute(any interface{}, rule string, value ...interface{}) (*mux.Route, error) {
+	switch rule {
+	case "PathStrip":
+		rule = "Path"
+	case "PathPrefixStrip":
+		rule = "PathPrefix"
+	}
+	inputs := make([]reflect.Value, len(value))
+	for i := range value {
+		inputs[i] = reflect.ValueOf(value[i])
+	}
+	method := reflect.ValueOf(any).MethodByName(rule)
+	if method.IsValid() {
+		return method.Call(inputs)[0].Interface().(*mux.Route), nil
+	}
+	return nil, errors.New("Method not found: " + rule)
+}
+
 func sortedFrontendNamesForConfig(configuration *types.Configuration) []string {
 	keys := []string{}
 

templates/docker.tmpl

@@ -1,6 +1,6 @@
 [backends]{{range .Containers}}
     [backends.backend-{{getBackend .}}.servers.server-{{.Name | replace "/" "" | replace "." "-"}}]
-    url = "{{getProtocol .}}://{{.NetworkSettings.IPAddress}}:{{getPort .}}"
+    url = "{{getProtocol .}}://{{range $i := .NetworkSettings.Networks}}{{if $i}}{{.IPAddress}}{{end}}{{end}}:{{getPort .}}"
     weight = {{getWeight .}}
 {{end}}
 

traefik.sample.toml

@@ -206,12 +206,6 @@
 #
 # endpoint = "http://127.0.0.1:8080"
 
-# Network interface used to call Marathon web services. Needed in case of multiple network interfaces.
-# Optional
-# Default: "eth0"
-#
-# networkInterface = "eth0"
-
 # Enable watch Marathon changes
 #
 # Optional
@@ -281,6 +275,16 @@
 #
 # filename = "consul.tmpl"
 
+# Enable consul TLS connection
+#
+# Optional
+#
+# [consul.tls]
+# ca = "/etc/ssl/ca.crt"
+# cert = "/etc/ssl/consul.crt"
+# key = "/etc/ssl/consul.key"
+# insecureskipverify = true
+
 
 ################################################################
 # Etcd configuration backend
@@ -316,6 +320,16 @@
 #
 # filename = "etcd.tmpl"
 
+# Enable etcd TLS connection
+#
+# Optional
+#
+# [etcd.tls]
+# ca = "/etc/ssl/ca.crt"
+# cert = "/etc/ssl/etcd.crt"
+# key = "/etc/ssl/etcd.key"
+# insecureskipverify = true
+
 
 ################################################################
 # Zookeeper configuration backend

utils.go

@@ -1,23 +0,0 @@
-/*
-Copyright
-*/
-package main
-
-import (
-	"errors"
-	"reflect"
-)
-
-// Invoke calls the specified method with the specified arguments on the specified interface.
-// It uses the go(lang) reflect package.
-func invoke(any interface{}, name string, args ...interface{}) ([]reflect.Value, error) {
-	inputs := make([]reflect.Value, len(args))
-	for i := range args {
-		inputs[i] = reflect.ValueOf(args[i])
-	}
-	method := reflect.ValueOf(any).MethodByName(name)
-	if method.IsValid() {
-		return method.Call(inputs), nil
-	}
-	return nil, errors.New("Method not found: " + name)
-}