Prepare release v1.5.1

.travis.yml

@@ -1,6 +1,9 @@
 sudo: required
 dist: trusty
 
+git:
+  depth: false
+
 services:
   - docker
 
@@ -21,22 +24,16 @@ before_deploy:
       sudo -E apt-get -yq update;
       sudo -E apt-get -yq --no-install-suggests --no-install-recommends --force-yes install docker-ce=${DOCKER_VERSION}*;
       docker version;
-      pip install --user -r requirements.txt;
-      make -j${N_MAKE_JOBS} crossbinary-parallel;
-      make image-dirty;
-      mkdocs build --clean;
-      tar cfz dist/traefik-${VERSION}.src.tar.gz --exclude-vcs --exclude dist .;
+      if [ "$TRAVIS_TAG" ]; then
+        make -j${N_MAKE_JOBS} crossbinary-parallel;
+        make image-dirty;
+        tar cfz dist/traefik-${VERSION}.src.tar.gz --exclude-vcs --exclude dist .;
+      fi;
+      curl -sI https://github.com/containous/structor/releases/latest | grep -Fi Location  | tr -d '\r' | sed "s/tag/download/g" | awk -F " " '{ print $2 "/structor_linux-amd64"}' | wget --output-document=$GOPATH/bin/structor -i -;
+      chmod +x $GOPATH/bin/structor;
+      structor -o containous -r traefik --dockerfile-url="https://raw.githubusercontent.com/containous/traefik/master/docs.Dockerfile" --menu.js-url="https://raw.githubusercontent.com/containous/structor/master/traefik-menu.js.gotmpl" --exp-branch=master --debug;
     fi
 deploy:
-  - provider: pages
-    edge: true
-    github_token: ${GITHUB_TOKEN}
-    local_dir: site
-    skip_cleanup: true
-    on:
-      repo: containous/traefik
-      tags: true
-      condition: ${TRAVIS_TAG} =~ ^v[0-9]+\.[0-9]+\.[0-9]+$
   - provider: releases
     api_key: ${GITHUB_TOKEN}
     file: dist/traefik*
@@ -56,3 +53,11 @@ deploy:
     skip_cleanup: true
     on:
       repo: containous/traefik
+  - provider: pages
+    edge: true
+    github_token: ${GITHUB_TOKEN}
+    local_dir: site
+    skip_cleanup: true
+    on:
+      repo: containous/traefik
+      all_branches: true

CHANGELOG.md

@@ -1,5 +1,182 @@
 # Change Log
 
+## [v1.5.1](https://github.com/containous/traefik/tree/v1.5.1) (2018-01-29)
+[All Commits](https://github.com/containous/traefik/compare/v1.5.0...v1.5.1)
+
+**Bug fixes:**
+- **[acme]** Handle undefined entrypoint on ACME config and frontend config ([#2756](https://github.com/containous/traefik/pull/2756) by [Juliens](https://github.com/Juliens))
+- **[k8s]** Fix the k8s redirection template. ([#2748](https://github.com/containous/traefik/pull/2748) by [ldez](https://github.com/ldez))
+- **[middleware]** Change gzipwriter receiver to implement CloseNotifier ([#2766](https://github.com/containous/traefik/pull/2766) by [Juliens](https://github.com/Juliens))
+- **[tls]** Fix domain names in dynamic TLS configuration ([#2768](https://github.com/containous/traefik/pull/2768) by [nmengin](https://github.com/nmengin))
+
+**Documentation:**
+- **[acme]** Add note on redirect for ACME http challenge ([#2767](https://github.com/containous/traefik/pull/2767) by [Juliens](https://github.com/Juliens))
+- **[file]** Enhance file provider documentation. ([#2777](https://github.com/containous/traefik/pull/2777) by [ldez](https://github.com/ldez))
+
+## [v1.5.0](https://github.com/containous/traefik/tree/v1.5.0) (2018-01-23)
+[All Commits](https://github.com/containous/traefik/compare/v1.4.0-rc1...v1.5.0)
+
+**Enhancements:**
+- **[acme,tls]** Rename TLSConfigurations to TLS. ([#2744](https://github.com/containous/traefik/pull/2744) by [ldez](https://github.com/ldez))
+- **[acme,provider,docker,tls]** Make the TLS certificates management dynamic. ([#2233](https://github.com/containous/traefik/pull/2233) by [nmengin](https://github.com/nmengin))
+- **[acme]** Add Let's Encrypt HTTP Challenge ([#2701](https://github.com/containous/traefik/pull/2701) by [Juliens](https://github.com/Juliens))
+- **[acme]** Update github.com/xenolf/lego to 0.4.1 ([#2304](https://github.com/containous/traefik/pull/2304) by [oldmantaiter](https://github.com/oldmantaiter))
+- **[api,healthcheck,metrics,provider,webui]** Split Web into API/Dashboard, ping, metric and Rest Provider ([#2335](https://github.com/containous/traefik/pull/2335) by [Juliens](https://github.com/Juliens))
+- **[authentication]** Pass through certain forward auth negative response headers ([#2127](https://github.com/containous/traefik/pull/2127) by [wheresmysocks](https://github.com/wheresmysocks))
+- **[cluster,consul,file]** Add file to storeconfig ([#2419](https://github.com/containous/traefik/pull/2419) by [emilevauge](https://github.com/emilevauge))
+- **[cluster,provider]** Support Etcd v3, enhance KV support ([#2407](https://github.com/containous/traefik/pull/2407) by [nmengin](https://github.com/nmengin))
+- **[docker,k8s,rancher,webui]** Redirect to another entryPoint per frontend ([#2133](https://github.com/containous/traefik/pull/2133) by [SantoDE](https://github.com/SantoDE))
+- **[docker,k8s,rancher]** Support regex redirect by frontend ([#2570](https://github.com/containous/traefik/pull/2570) by [ldez](https://github.com/ldez))
+- **[docker]** Add Custom header parsing to Docker Provider ([#2030](https://github.com/containous/traefik/pull/2030) by [dtomcej](https://github.com/dtomcej))
+- **[docker]** Docker labels ([#2473](https://github.com/containous/traefik/pull/2473) by [ldez](https://github.com/ldez))
+- **[docker]** Add docker security headers via labels ([#2334](https://github.com/containous/traefik/pull/2334) by [dtomcej](https://github.com/dtomcej))
+- **[docker]** Use Node IP in Swarm Standalone with "host" NetworkMode ([#2274](https://github.com/containous/traefik/pull/2274) by [BlakeMesdag](https://github.com/BlakeMesdag))
+- **[ecs]** ECS provider refactoring ([#2050](https://github.com/containous/traefik/pull/2050) by [mmatur](https://github.com/mmatur))
+- **[ecs]** Add health check label to ECS ([#2421](https://github.com/containous/traefik/pull/2421) by [oldmantaiter](https://github.com/oldmantaiter))
+- **[ecs]** Support Host NetworkMode  for ECS provider  ([#2320](https://github.com/containous/traefik/pull/2320) by [FriggaHel](https://github.com/FriggaHel))
+- **[etcd]** Manage certificates dynamically in kv store ([#2411](https://github.com/containous/traefik/pull/2411) by [dahefanteng](https://github.com/dahefanteng))
+- **[healthcheck]** Use health check for systemd watchdog ([#2283](https://github.com/containous/traefik/pull/2283) by [guilhem](https://github.com/guilhem))
+- **[k8s]** Kubernetes security header annotations ([#2460](https://github.com/containous/traefik/pull/2460) by [dtomcej](https://github.com/dtomcej))
+- **[k8s]** Add labels for `traefik.frontend.entryPoints` & `PassTLSCert` to Kubernetes ([#2324](https://github.com/containous/traefik/pull/2324) by [ryarnyah](https://github.com/ryarnyah))
+- **[k8s]** Only listen to configured k8s namespaces. ([#1895](https://github.com/containous/traefik/pull/1895) by [timoreimann](https://github.com/timoreimann))
+- **[logs,middleware,consul,docker]** Use constants from http package. ([#2425](https://github.com/containous/traefik/pull/2425) by [ldez](https://github.com/ldez))
+- **[logs]** Add json format support for Traefik logs ([#2056](https://github.com/containous/traefik/pull/2056) by [marco-jantke](https://github.com/marco-jantke))
+- **[marathon]** Marathon constraints filtering ([#2388](https://github.com/containous/traefik/pull/2388) by [aantono](https://github.com/aantono))
+- **[marathon]** Remove unused lightMarathonClient. ([#2383](https://github.com/containous/traefik/pull/2383) by [timoreimann](https://github.com/timoreimann))
+- **[metrics]** Add InfluxDB support for traefik metrics ([#2289](https://github.com/containous/traefik/pull/2289) by [adityacs](https://github.com/adityacs))
+- **[middleware]** Added ReplacePathRegex middleware ([#2033](https://github.com/containous/traefik/pull/2033) by [Tiscs](https://github.com/Tiscs))
+- **[middleware]** Fix custom headers replacement ([#2455](https://github.com/containous/traefik/pull/2455) by [mmatur](https://github.com/mmatur))
+- **[oxy]** Resync oxy with original repository ([#2451](https://github.com/containous/traefik/pull/2451) by [Juliens](https://github.com/Juliens))
+- **[provider]** Support template as raw string. ([#2413](https://github.com/containous/traefik/pull/2413) by [ldez](https://github.com/ldez))
+- **[rancher]** Run Rancher tests cases in parallel. ([#2424](https://github.com/containous/traefik/pull/2424) by [ldez](https://github.com/ldez))
+- **[rancher]** Update Rancher API integration to go-rancher client v2. ([#2291](https://github.com/containous/traefik/pull/2291) by [rawmind0](https://github.com/rawmind0))
+- **[servicefabric]** Add Service Fabric Provider ([#2117](https://github.com/containous/traefik/pull/2117) by [lawrencegripper](https://github.com/lawrencegripper))
+- **[tls]** Allow adding optional Client CA files ([#2306](https://github.com/containous/traefik/pull/2306) by [nmengin](https://github.com/nmengin))
+- **[websocket]** Add tests for websocket headers ([#2379](https://github.com/containous/traefik/pull/2379) by [Juliens](https://github.com/Juliens))
+- Upgrade libkermit/compose version ([#2071](https://github.com/containous/traefik/pull/2071) by [nmengin](https://github.com/nmengin))
+- Add proxy protocol tests ([#2325](https://github.com/containous/traefik/pull/2325) by [emilevauge](https://github.com/emilevauge))
+- Register pprof handlers. ([#2428](https://github.com/containous/traefik/pull/2428) by [timoreimann](https://github.com/timoreimann))
+- Rate limiting for frontends ([#2034](https://github.com/containous/traefik/pull/2034) by [bparli](https://github.com/bparli))
+- Stats collection. ([#2447](https://github.com/containous/traefik/pull/2447) by [ldez](https://github.com/ldez))
+- Add request accepting grace period delaying graceful shutdown. ([#1971](https://github.com/containous/traefik/pull/1971) by [timoreimann](https://github.com/timoreimann))
+- Put subcommand in dedicated files. ([#2265](https://github.com/containous/traefik/pull/2265) by [ldez](https://github.com/ldez))
+
+**Bug fixes:**
+- **[acme,docker]** Modify ACME configuration migration into KV store ([#2598](https://github.com/containous/traefik/pull/2598) by [nmengin](https://github.com/nmengin))
+- **[acme,logs]** Modify DEBUG messages to get ACME certificates ([#2685](https://github.com/containous/traefik/pull/2685) by [nmengin](https://github.com/nmengin))
+- **[acme]** Modify the ACME renewing logs level ([#2520](https://github.com/containous/traefik/pull/2520) by [nmengin](https://github.com/nmengin))
+- **[acme]** ACME and corporate proxy. ([#2738](https://github.com/containous/traefik/pull/2738) by [ldez](https://github.com/ldez))
+- **[acme]** Challenge HTTP must ignore deprecated web.path option ([#2719](https://github.com/containous/traefik/pull/2719) by [Juliens](https://github.com/Juliens))
+- **[api]** Fix pprof route order. ([#2523](https://github.com/containous/traefik/pull/2523) by [timoreimann](https://github.com/timoreimann))
+- **[authentication,middleware]** Fix concurrent map writes on digest auth ([#2695](https://github.com/containous/traefik/pull/2695) by [mmatur](https://github.com/mmatur))
+- **[consulcatalog]** Use prefix for sticky and stickiness tags. ([#2624](https://github.com/containous/traefik/pull/2624) by [ldez](https://github.com/ldez))
+- **[consulcatalog]** Fix bad Træfik update on Consul Catalog ([#2573](https://github.com/containous/traefik/pull/2573) by [mmatur](https://github.com/mmatur))
+- **[consulcatalog]** Reload configuration when port change for one service ([#2574](https://github.com/containous/traefik/pull/2574) by [mmatur](https://github.com/mmatur))
+- **[docker,k8s]** Fix Labels/annotation logs and values. ([#2488](https://github.com/containous/traefik/pull/2488) by [ldez](https://github.com/ldez))
+- **[docker,k8s]** Change custom headers separator ([#2509](https://github.com/containous/traefik/pull/2509) by [ldez](https://github.com/ldez))
+- **[docker]** Fix empty IP for backend when dnsrr in Docker swarm mode ([#2490](https://github.com/containous/traefik/pull/2490) by [mmatur](https://github.com/mmatur))
+- **[docker]** Quote template strings ([#2496](https://github.com/containous/traefik/pull/2496) by [dtomcej](https://github.com/dtomcej))
+- **[docker]** Return errors from Docker client.Events ([#2689](https://github.com/containous/traefik/pull/2689) by [BlakeMesdag](https://github.com/BlakeMesdag))
+- **[docker]** Typo in Docker template. ([#2692](https://github.com/containous/traefik/pull/2692) by [ldez](https://github.com/ldez))
+- **[ecs]** Add missing functions for ECS template ([#2312](https://github.com/containous/traefik/pull/2312) by [oldmantaiter](https://github.com/oldmantaiter))
+- **[file,tls]** Send empty configuration from file provider ([#2609](https://github.com/containous/traefik/pull/2609) by [nmengin](https://github.com/nmengin))
+- **[healthcheck]** Fix health check when web is not specified ([#2529](https://github.com/containous/traefik/pull/2529) by [Juliens](https://github.com/Juliens))
+- **[k8s]** Reduce logs with new Kubernetes security annotations ([#2506](https://github.com/containous/traefik/pull/2506) by [ldez](https://github.com/ldez))
+- **[k8s]** Add missing entry points template. ([#2594](https://github.com/containous/traefik/pull/2594) by [ldez](https://github.com/ldez))
+- **[kv]** Fix stickiness bug due to template syntax error ([#2591](https://github.com/containous/traefik/pull/2591) by [dahefanteng](https://github.com/dahefanteng))
+- **[kv]** List entries parsing. ([#2669](https://github.com/containous/traefik/pull/2669) by [ldez](https://github.com/ldez))
+- **[logs]** Fix traefik logs to behave like configured ([#2176](https://github.com/containous/traefik/pull/2176) by [marco-jantke](https://github.com/marco-jantke))
+- **[marathon]** Update go-marathon ([#2585](https://github.com/containous/traefik/pull/2585) by [timoreimann](https://github.com/timoreimann))
+- **[mesos]** Mesos: Use slave.PID.Host as task SlaveIP. ([#2590](https://github.com/containous/traefik/pull/2590) by [nemosupremo](https://github.com/nemosupremo))
+- **[metrics]** Fix breaking change in web metrics ([#2725](https://github.com/containous/traefik/pull/2725) by [Juliens](https://github.com/Juliens))
+- **[metrics]** Do not ignore web params when web.metrics.prometheus is set ([#2499](https://github.com/containous/traefik/pull/2499) by [Juliens](https://github.com/Juliens))
+- **[metrics]** Fix metrics problem on multiple entrypoints ([#2492](https://github.com/containous/traefik/pull/2492) by [Juliens](https://github.com/Juliens))
+- **[metrics]** Fix data races. ([#2287](https://github.com/containous/traefik/pull/2287) by [tcolgate](https://github.com/tcolgate))
+- **[metrics]** Flaky test Influxdb. ([#2386](https://github.com/containous/traefik/pull/2386) by [ldez](https://github.com/ldez))
+- **[middleware,docker,k8s]** Fix custom headers template ([#2621](https://github.com/containous/traefik/pull/2621) by [ldez](https://github.com/ldez))
+- **[middleware]** Don't panic if ResponseWriter does not implement CloseNotify ([#2651](https://github.com/containous/traefik/pull/2651) by [Juliens](https://github.com/Juliens))
+- **[middleware]** GzipResponse must implement CloseNotifier if ResponseWriter implement it ([#2657](https://github.com/containous/traefik/pull/2657) by [Juliens](https://github.com/Juliens))
+- **[middleware]** Fix RawPath handling in addPrefix ([#2560](https://github.com/containous/traefik/pull/2560) by [risdenk](https://github.com/risdenk))
+- **[middleware]** We need to flush the end of the body when retry is streamed ([#2644](https://github.com/containous/traefik/pull/2644) by [Juliens](https://github.com/Juliens))
+- **[provider]** Fix typo in frontend.headers.customresponseheaders label ([#2356](https://github.com/containous/traefik/pull/2356) by [nmandery](https://github.com/nmandery))
+- **[provider]** Fix concurrent provider config reloads ([#2276](https://github.com/containous/traefik/pull/2276) by [marco-jantke](https://github.com/marco-jantke))
+- **[rancher]** Don't reload configuration when rancher server is down ([#2706](https://github.com/containous/traefik/pull/2706) by [wacken89](https://github.com/wacken89))
+- **[rules]** Add non regex pathPrefix ([#2592](https://github.com/containous/traefik/pull/2592) by [emilevauge](https://github.com/emilevauge))
+- **[servicefabric]** Fix backend name for Stateful services. (Service Fabric) ([#2559](https://github.com/containous/traefik/pull/2559) by [ldez](https://github.com/ldez))
+- **[servicefabric]** Fix isHealthy logic. ([#2577](https://github.com/containous/traefik/pull/2577) by [ldez](https://github.com/ldez))
+- **[servicefabric]** Service Fabric 'expose' as boolean. ([#2476](https://github.com/containous/traefik/pull/2476) by [ldez](https://github.com/ldez))
+- **[tls]** Allow deleting dynamically all TLS certificates from an entryPoint ([#2603](https://github.com/containous/traefik/pull/2603) by [nmengin](https://github.com/nmengin))
+- **[websocket]** Disable websocket compression ([#2727](https://github.com/containous/traefik/pull/2727) by [Juliens](https://github.com/Juliens))
+- **[websocket]** Add compression and better error handling ([#2702](https://github.com/containous/traefik/pull/2702) by [Juliens](https://github.com/Juliens))
+- **[websocket]** Use gorilla readMessage and writeMessage instead of just an io.Copy ([#2650](https://github.com/containous/traefik/pull/2650) by [Juliens](https://github.com/Juliens))
+- **[websocket]** RawPath and Transfer TLSConfig in websocket ([#2077](https://github.com/containous/traefik/pull/2077) by [Juliens](https://github.com/Juliens))
+- **[zk]** Change Zookeeper default prefix. ([#2580](https://github.com/containous/traefik/pull/2580) by [ldez](https://github.com/ldez))
+- Fix wrong default entry point and non-existing entry point issue ([#2501](https://github.com/containous/traefik/pull/2501) by [Juliens](https://github.com/Juliens))
+- Fix goroutine leak in throttler logic. ([#2739](https://github.com/containous/traefik/pull/2739) by [timoreimann](https://github.com/timoreimann))
+- Fix timeout integration test ([#2679](https://github.com/containous/traefik/pull/2679) by [ldez](https://github.com/ldez))
+- Fix frontend redirect ([#2544](https://github.com/containous/traefik/pull/2544) by [ldez](https://github.com/ldez))
+- Close ring buffer used in throttling function. ([#2532](https://github.com/containous/traefik/pull/2532) by [timoreimann](https://github.com/timoreimann))
+
+**Documentation:**
+- **[acme]** Improve documentation for Cloudflare API key ([#2558](https://github.com/containous/traefik/pull/2558) by [mmatur](https://github.com/mmatur))
+- **[acme]** Update Let's Encrypt provider list ([#2347](https://github.com/containous/traefik/pull/2347) by [mmatur](https://github.com/mmatur))
+- **[cluster]** Add a clustering example with Docker Swarm ([#2589](https://github.com/containous/traefik/pull/2589) by [jmaitrehenry](https://github.com/jmaitrehenry))
+- **[consul,consulcatalog]** Split Consul and Consul Catalog documentation ([#2654](https://github.com/containous/traefik/pull/2654) by [ldez](https://github.com/ldez))
+- **[consul]** Improve Consul documentation ([#2485](https://github.com/containous/traefik/pull/2485) by [mmatur](https://github.com/mmatur))
+- **[docker/swarm]** Typo in docker.endpoint TCP port. ([#2626](https://github.com/containous/traefik/pull/2626) by [redhandpl](https://github.com/redhandpl))
+- **[docker]** Fix Docker labels documentation render. ([#2505](https://github.com/containous/traefik/pull/2505) by [ldez](https://github.com/ldez))
+- **[docker]** Add a note on how to add label to a docker compose file ([#2611](https://github.com/containous/traefik/pull/2611) by [jmaitrehenry](https://github.com/jmaitrehenry))
+- **[etcd]** Fix typo in examples ([#2446](https://github.com/containous/traefik/pull/2446) by [dahefanteng](https://github.com/dahefanteng))
+- **[k8s]** Add note to Kubernetes RBAC docs about RoleBindings and namespaces ([#2498](https://github.com/containous/traefik/pull/2498) by [jmara](https://github.com/jmara))
+- **[k8s]** k8s guide: Leave note about assumed DaemonSet usage. ([#2634](https://github.com/containous/traefik/pull/2634) by [timoreimann](https://github.com/timoreimann))
+- **[k8s]** Apply various contentual and stylish improvements to the k8s docs. ([#2677](https://github.com/containous/traefik/pull/2677) by [timoreimann](https://github.com/timoreimann))
+- **[k8s]** Document rewrite-target annotation. ([#2676](https://github.com/containous/traefik/pull/2676) by [timoreimann](https://github.com/timoreimann))
+- **[k8s]** Remove obsolete links in k8s docs ([#2465](https://github.com/containous/traefik/pull/2465) by [marco-jantke](https://github.com/marco-jantke))
+- **[k8s]** Document filename parameter for Kubernetes. ([#2464](https://github.com/containous/traefik/pull/2464) by [timoreimann](https://github.com/timoreimann))
+- **[marathon]** Improve Marathon service label documentation. ([#2635](https://github.com/containous/traefik/pull/2635) by [timoreimann](https://github.com/timoreimann))
+- **[metrics]** Add entrypoint in Prometheus doc and remove web on Influxdb doc ([#2452](https://github.com/containous/traefik/pull/2452) by [Juliens](https://github.com/Juliens))
+- **[provider,webui]** Fix redirect problem on dashboard + docs/tests on [web] ([#2686](https://github.com/containous/traefik/pull/2686) by [Juliens](https://github.com/Juliens))
+- **[servicefabric]** Describe 'refreshSecond' configuration. ([#2471](https://github.com/containous/traefik/pull/2471) by [ldez](https://github.com/ldez))
+- **[tls]** Fix doc dynamic certificates ([#2737](https://github.com/containous/traefik/pull/2737) by [emilevauge](https://github.com/emilevauge))
+- **[tls]** Add link to crypto/tls godoc. ([#2470](https://github.com/containous/traefik/pull/2470) by [ldez](https://github.com/ldez))
+- Move rate limit documentation. ([#2588](https://github.com/containous/traefik/pull/2588) by [ldez](https://github.com/ldez))
+- Grammar ([#2562](https://github.com/containous/traefik/pull/2562) by [geraldcroes](https://github.com/geraldcroes))
+- Fix some doc links ([#2731](https://github.com/containous/traefik/pull/2731) by [eldondev](https://github.com/eldondev))
+- Fix broken links and improve ResponseCodeRatio() description ([#2538](https://github.com/containous/traefik/pull/2538) by [mvasin](https://github.com/mvasin))
+- Fix typo in anonymous usage log message. ([#2711](https://github.com/containous/traefik/pull/2711) by [Yggdrasil](https://github.com/Yggdrasil))
+- Fix typos in changelog ([#2387](https://github.com/containous/traefik/pull/2387) by [ferhatelmas](https://github.com/ferhatelmas))
+- Add mmatur to maintainers ([#2303](https://github.com/containous/traefik/pull/2303) by [emilevauge](https://github.com/emilevauge))
+- Add a note about redirection rule to precise how regex/replacement work. ([#2243](https://github.com/containous/traefik/pull/2243) by [nmengin](https://github.com/nmengin))
+- Add docker things for documentation ([#2020](https://github.com/containous/traefik/pull/2020) by [tcoupin](https://github.com/tcoupin))
+- Prepare release v1.5.0-rc5 ([#2707](https://github.com/containous/traefik/pull/2707) by [mmatur](https://github.com/mmatur))
+- Prepare release v1.5.0-rc4 ([#2656](https://github.com/containous/traefik/pull/2656) by [Juliens](https://github.com/Juliens))
+- Prepare release v1.5.0-rc3 ([#2599](https://github.com/containous/traefik/pull/2599) by [ldez](https://github.com/ldez))
+- Prepare release v1.5.0-rc2 ([#2533](https://github.com/containous/traefik/pull/2533) by [ldez](https://github.com/ldez))
+- Prepare release v1.5.0-rc1 ([#2480](https://github.com/containous/traefik/pull/2480) by [ldez](https://github.com/ldez))
+
+**Misc:**
+- **[acme]** dumpcerts.sh: Fix call to "base64" for Alpine ([#2344](https://github.com/containous/traefik/pull/2344) by [nknapp](https://github.com/nknapp))
+- **[acme]** dumpcerts.sh: fixed sed, extracted domain keys ([#2161](https://github.com/containous/traefik/pull/2161) by [sjawhar](https://github.com/sjawhar))
+- **[etcd,kv,tls]** Add tests for TLS dynamic configuration in ETCD3 ([#2606](https://github.com/containous/traefik/pull/2606) by [dahefanteng](https://github.com/dahefanteng))
+- Upgrade libkermit/compose version ([#2074](https://github.com/containous/traefik/pull/2074) by [nmengin](https://github.com/nmengin))
+- Merge v1.4.6 into v1.5  ([#2642](https://github.com/containous/traefik/pull/2642) by [ldez](https://github.com/ldez))
+- Merge v1.4.5 into v1.5 ([#2530](https://github.com/containous/traefik/pull/2530) by [mmatur](https://github.com/mmatur))
+- Merge current v1.4 into master  ([#2479](https://github.com/containous/traefik/pull/2479) by [ldez](https://github.com/ldez))
+- Merge v1.4.3 into master ([#2415](https://github.com/containous/traefik/pull/2415) by [ldez](https://github.com/ldez))
+- Merge v1.4.4 into master ([#2457](https://github.com/containous/traefik/pull/2457) by [ldez](https://github.com/ldez))
+- Merge v1.4.3 into master ([#2406](https://github.com/containous/traefik/pull/2406) by [ldez](https://github.com/ldez))
+- Revert "Merge v1.4.2 into master" ([#2414](https://github.com/containous/traefik/pull/2414) by [ldez](https://github.com/ldez))
+- Merge v1.4.2 into master ([#2358](https://github.com/containous/traefik/pull/2358) by [ldez](https://github.com/ldez))
+- Merge v1.4.1 into master  ([#2318](https://github.com/containous/traefik/pull/2318) by [ldez](https://github.com/ldez))
+- Merge v1.4.0 ([#2271](https://github.com/containous/traefik/pull/2271) by [ldez](https://github.com/ldez))
+- Merge v1.4.0-rc5 into master  ([#2242](https://github.com/containous/traefik/pull/2242) by [ldez](https://github.com/ldez))
+- Merge v1.4.0-rc4 into master ([#2202](https://github.com/containous/traefik/pull/2202) by [ldez](https://github.com/ldez))
+- Merge current v1.4 into master  ([#2469](https://github.com/containous/traefik/pull/2469) by [ldez](https://github.com/ldez))
+- Merge current v1.4 ([#2154](https://github.com/containous/traefik/pull/2154) by [ldez](https://github.com/ldez))
+- Merge v1.4.0-rc3 into master ([#2140](https://github.com/containous/traefik/pull/2140) by [ldez](https://github.com/ldez))
+- Merge v1.4.0-rc2 into master ([#2092](https://github.com/containous/traefik/pull/2092) by [ldez](https://github.com/ldez))
+- Merge current 1.4 ([#2064](https://github.com/containous/traefik/pull/2064) by [ldez](https://github.com/ldez))
+
 ## [v1.5.0-rc5](https://github.com/containous/traefik/tree/v1.5.0-rc5) (2018-01-15)
 [All Commits](https://github.com/containous/traefik/compare/v1.5.0-rc4...v1.5.0-rc5)
 

Gopkg.lock

@@ -89,7 +89,7 @@
   branch = "master"
   name = "github.com/NYTimes/gziphandler"
   packages = ["."]
-  revision = "47ca22a0aeea4c9ceddfb935d818d636d934c312"
+  revision = "289a3b81f5aedc99f8d6eb0f67827c142f1310d8"
 
 [[projects]]
   name = "github.com/Nvveen/Gotty"
@@ -1027,7 +1027,7 @@
     "roundrobin",
     "utils"
   ]
-  revision = "fd0f370c961f6aa304379f4106e76ffe5ed7e97a"
+  revision = "fd6f71c694e2ab8b584c50b98ab4825027feb315"
   source = "https://github.com/containous/oxy.git"
 
 [[projects]]

acme/acme.go

@@ -114,6 +114,20 @@ type Domain struct {
 }
 
 func (a *ACME) init() error {
+	// FIXME temporary fix, waiting for https://github.com/xenolf/lego/pull/478
+	acme.HTTPClient = http.Client{
+		Transport: &http.Transport{
+			Proxy: http.ProxyFromEnvironment,
+			Dial: (&net.Dialer{
+				Timeout:   30 * time.Second,
+				KeepAlive: 30 * time.Second,
+			}).Dial,
+			TLSHandshakeTimeout:   15 * time.Second,
+			ResponseHeaderTimeout: 15 * time.Second,
+			ExpectContinueTimeout: 1 * time.Second,
+		},
+	}
+
 	if a.ACMELogging {
 		acme.Logger = fmtlog.New(os.Stderr, "legolog: ", fmtlog.LstdFlags)
 	} else {

autogen/gentemplates/gen.go

@@ -441,9 +441,9 @@ var _templatesKubernetesTmpl = []byte(`[backends]{{range $backendName, $backend
 
   {{if $frontend.Redirect}}
   [frontends."{{$frontendName}}".redirect]
-  entryPoint = "{{$frontend.RedirectEntryPoint}}"
-  regex = "{{$frontend.RedirectRegex}}"
-  replacement = "{{$frontend.RedirectReplacement}}"
+  entryPoint = "{{$frontend.Redirect.EntryPoint}}"
+  regex = "{{$frontend.Redirect.Regex}}"
+  replacement = "{{$frontend.Redirect.Replacement}}"
   {{end}}
 
   {{ if $frontend.Headers }}
@@ -522,7 +522,7 @@ func templatesKubernetesTmpl() (*asset, error) {
 
 var _templatesKvTmpl = []byte(`{{$frontends := List .Prefix "/frontends/" }}
 {{$backends :=  List .Prefix "/backends/"}}
-{{$tlsconfiguration := List .Prefix "/tlsconfiguration/"}}
+{{$tls := List .Prefix "/tls/"}}
 
 [backends]{{range $backends}}
 {{$backend := .}}
@@ -587,13 +587,13 @@ var _templatesKvTmpl = []byte(`{{$frontends := List .Prefix "/frontends/" }}
         {{end}}
 {{end}}
 
-{{range $tlsconfiguration}}
+{{range $tls}}
 {{$entryPoints := SplitGet . "/entrypoints"}}
-[[tlsConfiguration]]
+[[tls]]
     entryPoints = [{{range $entryPoints}}
       "{{.}}",
     {{end}}]
-    [tlsConfiguration.certificate]
+    [tls.certificate]
         certFile = """{{Get "" . "/certificate" "/certfile"}}"""
         keyFile = """{{Get "" . "/certificate" "/keyfile"}}"""
 {{end}}

cmd/traefik/configuration.go

@@ -61,7 +61,8 @@ func NewTraefikDefaultPointersConfiguration() *TraefikConfiguration {
 	// TODO: Deprecated - default Metrics
 	defaultWeb.Metrics = &types.Metrics{
 		Prometheus: &types.Prometheus{
-			Buckets: types.Buckets{0.1, 0.3, 1.2, 5},
+			Buckets:    types.Buckets{0.1, 0.3, 1.2, 5},
+			EntryPoint: configuration.DefaultInternalEntryPointName,
 		},
 		Datadog: &types.Datadog{
 			Address:      "localhost:8125",
@@ -220,7 +221,7 @@ func NewTraefikDefaultPointersConfiguration() *TraefikConfiguration {
 	defaultMetrics := types.Metrics{
 		Prometheus: &types.Prometheus{
 			Buckets:    types.Buckets{0.1, 0.3, 1.2, 5},
-			EntryPoint: "traefik",
+			EntryPoint: configuration.DefaultInternalEntryPointName,
 		},
 		Datadog: &types.Datadog{
 			Address:      "localhost:8125",

cmd/traefik/traefik.go

@@ -142,6 +142,7 @@ func run(globalConfiguration *configuration.GlobalConfiguration, configFile stri
 	http.DefaultTransport.(*http.Transport).Proxy = http.ProxyFromEnvironment
 
 	globalConfiguration.SetEffectiveConfiguration(configFile)
+	globalConfiguration.ValidateConfiguration()
 
 	jsonConf, _ := json.Marshal(globalConfiguration)
 	log.Infof("Traefik version %s built on %s", version.Version, version.BuildDate)
@@ -261,14 +262,14 @@ func stats(globalConfiguration *configuration.GlobalConfiguration) {
 Stats collection is enabled.
 Many thanks for contributing to Traefik's improvement by allowing us to receive anonymous information from your configuration.
 Help us improve Traefik by leaving this feature on :)
-More details on: https://docs.traefik.io/basic/#collected-data
+More details on: https://docs.traefik.io/basics/#collected-data
 `)
 		collect(globalConfiguration)
 	} else {
 		log.Info(`
 Stats collection is disabled.
 Help us improve Traefik by turning this feature on :)
-More details on: https://docs.traefik.io/basic/#collected-data
+More details on: https://docs.traefik.io/basics/#collected-data
 `)
 	}
 }

configuration/configuration.go

@@ -259,6 +259,19 @@ func (gc *GlobalConfiguration) SetEffectiveConfiguration(configFile string) {
 	}
 }
 
+// ValidateConfiguration validate that configuration is coherent
+func (gc *GlobalConfiguration) ValidateConfiguration() {
+	if gc.ACME != nil {
+		if _, ok := gc.EntryPoints[gc.ACME.EntryPoint]; !ok {
+			log.Fatalf("Unknown entrypoint %q for ACME configuration", gc.ACME.EntryPoint)
+		} else {
+			if gc.EntryPoints[gc.ACME.EntryPoint].TLS == nil {
+				log.Fatalf("Entrypoint without TLS %q for ACME configuration", gc.ACME.EntryPoint)
+			}
+		}
+	}
+}
+
 // DefaultEntryPoints holds default entry points
 type DefaultEntryPoints []string
 

docs/archive.md

@@ -1,23 +0,0 @@
-## Current versions documentation
-
-- [Latest stable](https://docs.traefik.io)
-
-## Future version documentation
-
-- [Experimental](https://master--traefik-docs.netlify.com/)
-
-## Previous versions documentation
-
-- [v1.5 aka Cancoillotte](http://v1-5.archive.docs.traefik.io/) 
-
-- [v1.4 aka Roquefort](http://v1-4.archive.docs.traefik.io/) 
-
-- [v1.3 aka Raclette](http://v1-3.archive.docs.traefik.io/)
-
-- [v1.2 aka Morbier](http://v1-2.archive.docs.traefik.io/)
-
-- [v1.1 aka Camembert](http://v1-1.archive.docs.traefik.io/)
-
-## More
-
-[Change log](https://github.com/containous/traefik/blob/master/CHANGELOG.md)

docs/basics.md

@@ -612,6 +612,7 @@ Those data help us prioritize our developments and focus on what's more importan
 ### What ?
 
 Once a day (the first call begins 10 minutes after the start of Træfik), we collect:
+
 - the Træfik version
 - a hash of the configuration
 - an **anonymous version** of the static configuration:

docs/configuration/acme.md

@@ -186,6 +186,9 @@ docker run -v "/my/host/acme:/etc/traefik/acme" traefik
 
 Use `HTTP-01` challenge to generate/renew ACME certificates.
 
+The redirection is fully compatible with the HTTP-01 challenge.
+You can use redirection with HTTP-01 challenge without problem.
+
 ```toml
 [acme]
 # ...

docs/configuration/backends/file.md

@@ -1,6 +1,140 @@
 # File Backends
 
-Like any other reverse proxy, Træfik can be configured with a file.
+Træfik can be configured with a file.
+
+## Reference
+
+```toml
+# Backends
+[backends]
+
+  [backends.backend1]
+
+    [backends.backend1.servers]
+      [backends.backend1.servers.server0]
+        url = "http://10.10.10.1:80"
+        weight = 1
+      [backends.backend1.servers.server1]
+        url = "http://10.10.10.2:80"
+        weight = 2
+      # ...
+
+    [backends.backend1.circuitBreaker]
+      expression = "NetworkErrorRatio() > 0.5"
+
+    [backends.backend1.loadBalancer]
+      method = "drr"
+      [backends.backend1.loadBalancer.stickiness]
+        cookieName = "foobar"
+
+    [backends.backend1.maxConn]
+      amount = 10
+      extractorfunc = "request.host"
+
+    [backends.backend1.healthCheck]
+      path = "/health"
+      port = 88
+      interval = "30s"
+
+  [backends.backend2]
+    # ...
+
+# Frontends
+[frontends]
+
+  [frontends.frontend1]
+    entryPoints = ["http", "https"]
+    backend = "backend1"
+    passHostHeader = true
+    passTLSCert = true
+    priority = 42
+    basicAuth = [
+      "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
+      "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0",
+    ]
+    whitelistSourceRange = ["10.42.0.0/16", "152.89.1.33/32", "afed:be44::/16"]
+
+    [frontends.frontend1.routes]
+      [frontends.frontend1.routes.route0]
+        rule = "Host:test.localhost"
+      [frontends.frontend1.routes.Route1]
+        rule = "Method:GET"
+      # ...
+
+    [frontends.frontend1.headers]
+      allowedHosts = ["foobar", "foobar"]
+      hostsProxyHeaders = ["foobar", "foobar"]
+      SSLRedirect = true
+      SSLTemporaryRedirect = true
+      SSLHost = "foobar"
+      STSSeconds = 42
+      STSIncludeSubdomains = true
+      STSPreload = true
+      forceSTSHeader = true
+      frameDeny = true
+      customFrameOptionsValue = "foobar"
+      contentTypeNosniff = true
+      browserXSSFilter = true
+      contentSecurityPolicy = "foobar"
+      publicKey = "foobar"
+      referrerPolicy = "foobar"
+      isDevelopment = true
+      [frontends.frontend1.headers.customRequestHeaders]
+        X-Foo-Bar-01 = "foobar"
+        X-Foo-Bar-02 = "foobar"
+        # ...
+      [frontends.frontend1.headers.customResponseHeaders]
+        X-Foo-Bar-03 = "foobar"
+        X-Foo-Bar-04 = "foobar"
+        # ...
+      [frontends.frontend1.headers.SSLProxyHeaders]
+        X-Foo-Bar-05 = "foobar"
+        X-Foo-Bar-06 = "foobar"
+        # ...
+
+    [frontends.frontend1.errors]
+      [frontends.frontend1.errors.errorPage0]
+        status = ["500-599"]
+        backend = "error"
+        query = "/{status}.html"
+      [frontends.frontend1.errors.errorPage1]
+        status = ["404", "403"]
+        backend = "error"
+        query = "/{status}.html"
+      # ...
+
+    [frontends.frontend1.ratelimit]
+      extractorfunc = "client.ip"
+        [frontends.frontend1.ratelimit.rateset.rateset1]
+          period = "10s"
+          average = 100
+          burst = 200
+        [frontends.frontend1.ratelimit.rateset.rateset2]
+          period = "3s"
+          average = 5
+          burst = 10
+        # ...
+
+    [frontends.frontend1.redirect]
+      entryPoint = "https"
+      regex = "^http://localhost/(.*)"
+      replacement = "http://mydomain/$1"
+
+  [frontends.frontend2]
+    # ...
+
+# HTTPS certificates
+[[tls]]
+  entryPoints = ["https"]
+  [tls.certificate]
+    certFile = "path/to/my.cert"
+    keyFile = "path/to/my.key"
+
+[[tls]]
+  # ...
+```
+
+## Configuration mode
 
 You have three choices:
 
@@ -12,7 +146,7 @@ To enable the file backend, you must either pass the `--file` option to the Træ
 
 The configuration file allows managing both backends/frontends and HTTPS certificates (which are not [Let's Encrypt](https://letsencrypt.org) certificates generated through Træfik).
 
-## Simple
+### Simple
 
 Add your configuration at the end of the global configuration file `traefik.toml`:
 
@@ -21,167 +155,93 @@ defaultEntryPoints = ["http", "https"]
 
 [entryPoints]
   [entryPoints.http]
-  address = ":80"
-    [entryPoints.http.redirect]
-    entryPoint = "https"
+    # ...
   [entryPoints.https]
-  address = ":443"
-    [entryPoints.https.tls]
-      [[entryPoints.https.tls.certificates]]
-      certFile = "integration/fixtures/https/snitest.org.cert"
-      keyFile = "integration/fixtures/https/snitest.org.key"
+    # ...
 
 [file]
 
 # rules
 [backends]
   [backends.backend1]
-    [backends.backend1.circuitbreaker]
-    expression = "NetworkErrorRatio() > 0.5"
-    [backends.backend1.servers.server1]
-    url = "http://172.17.0.2:80"
-    weight = 10
-    [backends.backend1.servers.server2]
-    url = "http://172.17.0.3:80"
-    weight = 1
+    # ...
   [backends.backend2]
-    [backends.backend2.maxconn]
-    amount = 10
-    extractorfunc = "request.host"
-    [backends.backend2.LoadBalancer]
-    method = "drr"
-    [backends.backend2.servers.server1]
-    url = "http://172.17.0.4:80"
-    weight = 1
-    [backends.backend2.servers.server2]
-    url = "http://172.17.0.5:80"
-    weight = 2
+    # ...
 
 [frontends]
   [frontends.frontend1]
-  backend = "backend2"
-    [frontends.frontend1.routes.test_1]
-    rule = "Host:test.localhost"
-
+  # ...
   [frontends.frontend2]
-  backend = "backend1"
-  passHostHeader = true
-  priority = 10
-
-  # restrict access to this frontend to the specified list of IPv4/IPv6 CIDR Nets
-  # an unset or empty list allows all Source-IPs to access
-  # if one of the Net-Specifications are invalid, the whole list is invalid
-  # and allows all Source-IPs to access.
-  whitelistSourceRange = ["10.42.0.0/16", "152.89.1.33/32", "afed:be44::/16"]
-
-  entrypoints = ["https"] # overrides defaultEntryPoints
-    [frontends.frontend2.routes.test_1]
-    rule = "Host:{subdomain:[a-z]+}.localhost"
-
+  # ...
   [frontends.frontend3]
-  entrypoints = ["http", "https"] # overrides defaultEntryPoints
-  backend = "backend2"
-  rule = "Path:/test"
+  # ...
 
 # HTTPS certificate
-[[tlsConfiguration]]
-entryPoints = ["https"]
-  [tlsConfiguration.certificate]
-    certFile = "integration/fixtures/https/snitest.com.cert"
-    keyFile = "integration/fixtures/https/snitest.com.key"
+[[tls]]
+  # ...
+
+[[tls]]
+  # ...
 ```
 
 !!! note
     adding certificates directly to the entrypoint is still maintained but certificates declared in this way cannot be managed dynamically.
     It's recommended to use the file provider to declare certificates.
 
-## Rules in a Separate File
+### Rules in a Separate File
 
 Put your rules in a separate file, for example `rules.toml`:
 
 ```toml
 # traefik.toml
+defaultEntryPoints = ["http", "https"]
+
 [entryPoints]
   [entryPoints.http]
-  address = ":80"
-    [entryPoints.http.redirect]
-      entryPoint = "https"
+    # ...
   [entryPoints.https]
-  address = ":443"
-    [entryPoints.https.tls]
+    # ...
 
 [file]
-filename = "rules.toml"
+  filename = "rules.toml"
 ```
 
 ```toml
 # rules.toml
 [backends]
   [backends.backend1]
-    [backends.backend1.circuitbreaker]
-    expression = "NetworkErrorRatio() > 0.5"
-    [backends.backend1.servers.server1]
-    url = "http://172.17.0.2:80"
-    weight = 10
-    [backends.backend1.servers.server2]
-    url = "http://172.17.0.3:80"
-    weight = 1
+    # ...
   [backends.backend2]
-    [backends.backend2.maxconn]
-    amount = 10
-    extractorfunc = "request.host"
-    [backends.backend2.LoadBalancer]
-    method = "drr"
-    [backends.backend2.servers.server1]
-    url = "http://172.17.0.4:80"
-    weight = 1
-    [backends.backend2.servers.server2]
-    url = "http://172.17.0.5:80"
-    weight = 2
+    # ...
 
 [frontends]
   [frontends.frontend1]
-  backend = "backend2"
-    [frontends.frontend1.routes.test_1]
-    rule = "Host:test.localhost"
+  # ...
   [frontends.frontend2]
-  backend = "backend1"
-  passHostHeader = true
-  priority = 10
-  entrypoints = ["https"] # overrides defaultEntryPoints
-    [frontends.frontend2.routes.test_1]
-    rule = "Host:{subdomain:[a-z]+}.localhost"
+  # ...
   [frontends.frontend3]
-  entrypoints = ["http", "https"] # overrides defaultEntryPoints
-  backend = "backend2"
-  rule = "Path:/test"
-  
-# HTTPS certificate
-[[tlsConfiguration]]
-  entryPoints = ["https"]
-  [tlsConfiguration.certificate]
-    certFile = "integration/fixtures/https/snitest.com.cert"
-    keyFile = "integration/fixtures/https/snitest.com.key"
+  # ...
 
-[[tlsConfiguration]]
-  entryPoints = ["https"]
-  [[tlsConfiguration.certificates]]
-  certFile = "integration/fixtures/https/snitest.org.cert"
-  keyFile = "integration/fixtures/https/snitest.org.key"
+# HTTPS certificate
+[[tls]]
+  # ...
+
+[[tls]]
+  # ...
 ```
 
-## Multiple `.toml` Files
+### Multiple `.toml` Files
 
 You could have multiple `.toml` files in a directory (and recursively in its sub-directories):
 
 ```toml
 [file]
-directory = "/path/to/config/"
+  directory = "/path/to/config/"
 ```
 
 If you want Træfik to watch file changes automatically, just add:
 
 ```toml
 [file]
-watch = true
+  watch = true
 ```

docs/configuration/commons.md

@@ -285,21 +285,17 @@ Multiple sets of rates can be added to each frontend, but the time periods must
 ```toml
 [frontends]
     [frontends.frontend1]
-    passHostHeader = true
-    entrypoints = ["http"]
-    backend = "backend1"
-        [frontends.frontend1.routes.test_1]
-        rule = "Path:/"
-    [frontends.frontend1.ratelimit]
-    extractorfunc = "client.ip"
-        [frontends.frontend1.ratelimit.rateset.rateset1]
-        period = "10s"
-        average = 100
-        burst = 200
-        [frontends.frontend1.ratelimit.rateset.rateset2]
-        period = "3s"
-        average = 5
-        burst = 10
+      # ...
+      [frontends.frontend1.ratelimit]
+        extractorfunc = "client.ip"
+          [frontends.frontend1.ratelimit.rateset.rateset1]
+            period = "10s"
+            average = 100
+            burst = 200
+          [frontends.frontend1.ratelimit.rateset.rateset2]
+            period = "3s"
+            average = 5
+            burst = 10
 ```
 
 In the above example, frontend1 is configured to limit requests by the client's ip address.  

docs/configuration/entrypoints.md

@@ -1,5 +1,72 @@
 # Entry Points Definition
 
+## Reference
+
+```toml
+[entryPoints]
+  [entryPoints.http]
+    address = ":80"
+    whitelistSourceRange = ["10.42.0.0/16", "152.89.1.33/32", "afed:be44::/16"]
+    compress = true
+
+    [entryPoints.http.tls]
+      minVersion = "VersionTLS12"
+      cipherSuites = ["TLS_RSA_WITH_AES_256_GCM_SHA384"]
+      [[entryPoints.http.tls.certificates]]
+        certFile = "path/to/my.cert"
+        keyFile = "path/to/my.key"
+      [[entryPoints.http.tls.certificates]]
+        certFile = "path/to/other.cert"
+        keyFile = "path/to/other.key"
+      # ...
+      [entryPoints.http.tls.clientCA]
+        files = ["path/to/ca1.crt", "path/to/ca2.crt"]
+        optional = false
+
+    [entryPoints.http.redirect]
+      entryPoint = "https"
+      regex = "^http://localhost/(.*)"
+      replacement = "http://mydomain/$1"
+      permanent = true
+
+    [entryPoints.http.auth]
+      headerField = "X-WebAuth-User"
+      [entryPoints.http.auth.basic]
+        users = [
+          "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
+          "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0",
+        ]
+        usersFile = "/path/to/.htpasswd"
+      [entryPoints.http.auth.digest]
+        users = [
+          "test:traefik:a2688e031edb4be6a3797f3882655c05",
+          "test2:traefik:518845800f9e2bfb1f1f740ec24f074e",
+        ]
+        usersFile = "/path/to/.htdigest"
+      [entryPoints.http.auth.forward]
+        address = "https://authserver.com/auth"
+        trustForwardHeader = true
+        [entryPoints.http.auth.forward.tls]
+          ca =  [ "path/to/local.crt"]
+          caOptional = true
+          cert = "path/to/foo.cert"
+          key = "path/to/foo.key"
+          insecureSkipVerify = true
+
+    [entryPoints.http.proxyProtocol]
+      insecure = true
+      trustedIPs = ["10.10.10.1", "10.10.10.2"]
+
+    [entryPoints.http.forwardedHeaders]
+      trustedIPs = ["10.10.10.1", "10.10.10.2"]
+
+  [entryPoints.https]
+    # ...
+```
+
+
+## Basic
+
 ```toml
 # Entrypoints definition
 #
@@ -55,6 +122,8 @@ To redirect an entrypoint rewriting the URL.
 
 ## TLS
 
+### Static Certificates
+
 Define an entrypoint with SNI support.
 
 ```toml
@@ -70,6 +139,12 @@ Define an entrypoint with SNI support.
 !!! note
     If an empty TLS configuration is done, default self-signed certificates are generated.
 
+
+### Dynamic Certificates
+
+If you need to add or remove TLS certificates while Traefik is started, Dynamic TLS certificates are supported using the [file provider](/configuration/backends/file).
+
+
 ## TLS Mutual Authentication
 
 TLS Mutual Authentication can be `optional` or not.
@@ -154,7 +229,7 @@ Otherwise, the response from the auth server is returned.
     # To enable forward auth on an entrypoint
     [entryPoints.http.auth.forward]
     address = "https://authserver.com/auth"
-    
+
     # Trust existing X-Forwarded-* headers.
     # Useful with another reverse proxy in front of Traefik.
     #
@@ -162,7 +237,7 @@ Otherwise, the response from the auth server is returned.
     # Default: false
     #
     trustForwardHeader = true
-    
+
     # Enable forward auth TLS connection.
     #
     # Optional
@@ -226,7 +301,7 @@ Only IPs in `trustedIPs` will lead to remote client address replacement: you sho
 
 !!! danger
     When queuing Træfik behind another load-balancer, be sure to carefully configure Proxy Protocol on both sides.
-    Otherwise, it could introduce a security risk in your system by forging requests. 
+    Otherwise, it could introduce a security risk in your system by forging requests.
 
 ```toml
 [entryPoints]

docs/user-guide/kv-config.md

@@ -274,14 +274,14 @@ Here is the toml configuration we would like to store in the store :
   backend = "backend2"
   rule = "Path:/test"
 
-[[tlsConfiguration]]
+[[tls]]
 entryPoints = ["https"]
-  [tlsConfiguration.certificate]
+  [tls.certificate]
     certFile = "path/to/your.cert"
     keyFile = "path/to/your.key"
-[[tlsConfiguration]]
+[[tls]]
 entryPoints = ["https","other-https"]
-  [tlsConfiguration.certificate]
+  [tls.certificate]
     certFile = """-----BEGIN CERTIFICATE-----
                       <cert file content>
                       -----END CERTIFICATE-----"""
@@ -335,19 +335,19 @@ And there, the same dynamic configuration in a KV Store (using `prefix = "traefi
 
 - certificate 1
 
-| Key                                                | Value              |
-|----------------------------------------------------|--------------------|
-| `/traefik/tlsconfiguration/1/entrypoints`          | `https`            |
-| `/traefik/tlsconfiguration/1/certificate/certfile` | `path/to/your.cert`|
-| `/traefik/tlsconfiguration/1/certificate/keyfile`  | `path/to/your.key` |
+| Key                                   | Value              |
+|---------------------------------------|--------------------|
+| `/traefik/tls/1/entrypoints`          | `https`            |
+| `/traefik/tls/1/certificate/certfile` | `path/to/your.cert`|
+| `/traefik/tls/1/certificate/keyfile`  | `path/to/your.key` |
 
 - certificate 2
 
-| Key                                                | Value                 |
-|----------------------------------------------------|-----------------------|
-| `/traefik/tlsconfiguration/2/entrypoints`          | `https,other-https`   |
-| `/traefik/tlsconfiguration/2/certificate/certfile` | `<cert file content>` |
-| `/traefik/tlsconfiguration/2/certificate/certfile` | `<key file content>`  |
+| Key                                   | Value                 |
+|---------------------------------------|-----------------------|
+| `/traefik/tls/2/entrypoints`          | `https,other-https`   |
+| `/traefik/tls/2/certificate/certfile` | `<cert file content>` |
+| `/traefik/tls/2/certificate/certfile` | `<key file content>`  |
 
 ### Atomic configuration changes
 
@@ -408,7 +408,7 @@ Here, we have a 50% balance between the `http://172.17.0.3:80` and the `http://1
 ## Store configuration in Key-value store
 
 !!! note
-    Don't forget to [setup the connection between Træfik and Key-value store](/user-guide/kv-config/#launch-trfk).
+    Don't forget to [setup the connection between Træfik and Key-value store](/user-guide/kv-config/#launch-trfik).
 
 The static Træfik configuration in a key-value store can be automatically created and updated, using the [`storeconfig` subcommand](/basics/#commands).
 
@@ -416,7 +416,7 @@ The static Træfik configuration in a key-value store can be automatically creat
 traefik storeconfig [flags] ...
 ```
 This command is here only to automate the [process which upload the configuration into the Key-value store](/user-guide/kv-config/#upload-the-configuration-in-the-key-value-store).
-Træfik will not start but the [static configuration](/basics/#static-trfk-configuration) will be uploaded into the Key-value store.  
+Træfik will not start but the [static configuration](/basics/#static-trfik-configuration) will be uploaded into the Key-value store.  
 
 If you configured ACME (Let's Encrypt), your registration account and your certificates will also be uploaded.
 

examples/consul-config.sh

@@ -26,11 +26,11 @@ curl -i -H "Accept: application/json" -X PUT -d "Path:/test"                  ht
 
 
 # certificate 1
-curl -i -H "Accept: application/json" -X PUT -d "https"                  http://localhost:8500/v1/kv/traefik/tlsconfiguration/pair1/entrypoints
-curl -i -H "Accept: application/json" -X PUT -d "/tmp/test1.crt"                  http://localhost:8500/v1/kv/traefik/tlsconfiguration/pair1/certificate/certfile
-curl -i -H "Accept: application/json" -X PUT -d "/tmp/test1.key"                  http://localhost:8500/v1/kv/traefik/tlsconfiguration/pair1/certificate/keyfile
+curl -i -H "Accept: application/json" -X PUT -d "https"                  http://localhost:8500/v1/kv/traefik/tls/pair1/entrypoints
+curl -i -H "Accept: application/json" -X PUT -d "/tmp/test1.crt"                  http://localhost:8500/v1/kv/traefik/tls/pair1/certificate/certfile
+curl -i -H "Accept: application/json" -X PUT -d "/tmp/test1.key"                  http://localhost:8500/v1/kv/traefik/tls/pair1/certificate/keyfile
 
 # certificate 2
-curl -i -H "Accept: application/json" -X PUT -d "http,https"                  http://localhost:8500/v1/kv/traefik/tlsconfiguration/pair2/entrypoints
-curl -i -H "Accept: application/json" -X PUT -d "/tmp/test2.crt"                  http://localhost:8500/v1/kv/traefik/tlsconfiguration/pair2/certificate/certfile
-curl -i -H "Accept: application/json" -X PUT -d "/tmp/test2.key"                  http://localhost:8500/v1/kv/traefik/tlsconfiguration/pair2/certificate/keyfile
+curl -i -H "Accept: application/json" -X PUT -d "http,https"                  http://localhost:8500/v1/kv/traefik/tls/pair2/entrypoints
+curl -i -H "Accept: application/json" -X PUT -d "/tmp/test2.crt"                  http://localhost:8500/v1/kv/traefik/tls/pair2/certificate/certfile
+curl -i -H "Accept: application/json" -X PUT -d "/tmp/test2.key"                  http://localhost:8500/v1/kv/traefik/tls/pair2/certificate/keyfile

examples/etcd-config.sh

@@ -28,14 +28,14 @@ function insert_etcd2_data() {
     curl -i -H "Accept: application/json" -X PUT -d value="Path:/test"                  http://localhost:2379/v2/keys/traefik/frontends/frontend2/routes/test_2/rule
 
     # certificate 1
-    curl -i -H "Accept: application/json" -X PUT -d value="https"                       http://localhost:2379/v2/keys/traefik/tlsconfiguration/pair1/entrypoints
-    curl -i -H "Accept: application/json" -X PUT -d value="/tmp/test1.crt"              http://localhost:2379/v2/keys/traefik/tlsconfiguration/pair1/certificate/certfile
-    curl -i -H "Accept: application/json" -X PUT -d value="/tmp/test1.key"              http://localhost:2379/v2/keys/traefik/tlsconfiguration/pair1/certificate/keyfile
+    curl -i -H "Accept: application/json" -X PUT -d value="https"                       http://localhost:2379/v2/keys/traefik/tls/pair1/entrypoints
+    curl -i -H "Accept: application/json" -X PUT -d value="/tmp/test1.crt"              http://localhost:2379/v2/keys/traefik/tls/pair1/certificate/certfile
+    curl -i -H "Accept: application/json" -X PUT -d value="/tmp/test1.key"              http://localhost:2379/v2/keys/traefik/tls/pair1/certificate/keyfile
 
     # certificate 2
-    curl -i -H "Accept: application/json" -X PUT -d value="http,https"                  http://localhost:2379/v2/keys/traefik/tlsconfiguration/pair2/entrypoints
-    curl -i -H "Accept: application/json" -X PUT -d value="/tmp/test2.crt"              http://localhost:2379/v2/keys/traefik/tlsconfiguration/pair2/certificate/certfile
-    curl -i -H "Accept: application/json" -X PUT -d value="/tmp/test2.key"              http://localhost:2379/v2/keys/traefik/tlsconfiguration/pair2/certificate/keyfile
+    curl -i -H "Accept: application/json" -X PUT -d value="http,https"                  http://localhost:2379/v2/keys/traefik/tls/pair2/entrypoints
+    curl -i -H "Accept: application/json" -X PUT -d value="/tmp/test2.crt"              http://localhost:2379/v2/keys/traefik/tls/pair2/certificate/certfile
+    curl -i -H "Accept: application/json" -X PUT -d value="/tmp/test2.key"              http://localhost:2379/v2/keys/traefik/tls/pair2/certificate/keyfile
 }
 
 #
@@ -71,14 +71,14 @@ function insert_etcd3_data() {
     docker container run --rm -ti -e ETCDCTL_DIAL_="TIMEOUT 10s" -e ETCDCTL_API="3" tenstartups/etcdctl --endpoints=[$etcd_ip:2379] put "/traefik/frontends/frontend2/routes/test_2/rule" "Path:/test"
 
     # certificate 1
-    docker container run --rm -ti -e ETCDCTL_DIAL_="TIMEOUT 10s" -e ETCDCTL_API="3" tenstartups/etcdctl --endpoints=[$etcd_ip:2379] put "/traefik/tlsconfiguration/pair1/entrypoints" "https"
-    docker container run --rm -ti -e ETCDCTL_DIAL_="TIMEOUT 10s" -e ETCDCTL_API="3" tenstartups/etcdctl --endpoints=[$etcd_ip:2379] put "/traefik/tlsconfiguration/pair1/certificate/certfile" "/tmp/test1.crt"
-    docker container run --rm -ti -e ETCDCTL_DIAL_="TIMEOUT 10s" -e ETCDCTL_API="3" tenstartups/etcdctl --endpoints=[$etcd_ip:2379] put "/traefik/tlsconfiguration/pair1/certificate/keyfile" "/tmp/test1.key"
+    docker container run --rm -ti -e ETCDCTL_DIAL_="TIMEOUT 10s" -e ETCDCTL_API="3" tenstartups/etcdctl --endpoints=[$etcd_ip:2379] put "/traefik/tls/pair1/entrypoints" "https"
+    docker container run --rm -ti -e ETCDCTL_DIAL_="TIMEOUT 10s" -e ETCDCTL_API="3" tenstartups/etcdctl --endpoints=[$etcd_ip:2379] put "/traefik/tls/pair1/certificate/certfile" "/tmp/test1.crt"
+    docker container run --rm -ti -e ETCDCTL_DIAL_="TIMEOUT 10s" -e ETCDCTL_API="3" tenstartups/etcdctl --endpoints=[$etcd_ip:2379] put "/traefik/tls/pair1/certificate/keyfile" "/tmp/test1.key"
 
     # certificate 2
-    docker container run --rm -ti -e ETCDCTL_DIAL_="TIMEOUT 10s" -e ETCDCTL_API="3" tenstartups/etcdctl --endpoints=[$etcd_ip:2379] put "/traefik/tlsconfiguration/pair2/entrypoints" "https"
-    docker container run --rm -ti -e ETCDCTL_DIAL_="TIMEOUT 10s" -e ETCDCTL_API="3" tenstartups/etcdctl --endpoints=[$etcd_ip:2379] put "/traefik/tlsconfiguration/pair2/certificate/certfile" "/tmp/test2.crt"
-    docker container run --rm -ti -e ETCDCTL_DIAL_="TIMEOUT 10s" -e ETCDCTL_API="3" tenstartups/etcdctl --endpoints=[$etcd_ip:2379] put "/traefik/tlsconfiguration/pair2/certificate/keyfile" "/tmp/test2.key"
+    docker container run --rm -ti -e ETCDCTL_DIAL_="TIMEOUT 10s" -e ETCDCTL_API="3" tenstartups/etcdctl --endpoints=[$etcd_ip:2379] put "/traefik/tls/pair2/entrypoints" "https"
+    docker container run --rm -ti -e ETCDCTL_DIAL_="TIMEOUT 10s" -e ETCDCTL_API="3" tenstartups/etcdctl --endpoints=[$etcd_ip:2379] put "/traefik/tls/pair2/certificate/certfile" "/tmp/test2.crt"
+    docker container run --rm -ti -e ETCDCTL_DIAL_="TIMEOUT 10s" -e ETCDCTL_API="3" tenstartups/etcdctl --endpoints=[$etcd_ip:2379] put "/traefik/tls/pair2/certificate/keyfile" "/tmp/test2.key"
 }
 
 function show_usage() {

integration/acme_test.go

@@ -92,6 +92,16 @@ func (s *AcmeSuite) TestOnHostRuleRetrieveAcmeCertificateHTTP01(c *check.C) {
 	s.retrieveAcmeCertificate(c, testCase)
 }
 
+// Test OnHostRule option with none provided certificate and challenge HTTP-01 and web path
+func (s *AcmeSuite) TestOnHostRuleRetrieveAcmeCertificateHTTP01WithPath(c *check.C) {
+	testCase := AcmeTestCase{
+		traefikConfFilePath: "fixtures/acme/acme_http01_web.toml",
+		onDemand:            false,
+		domainToCheck:       acmeDomain}
+
+	s.retrieveAcmeCertificate(c, testCase)
+}
+
 // Test OnDemand option with a wildcard provided certificate
 func (s *AcmeSuite) TestOnDemandRetrieveAcmeCertificateWithWildcard(c *check.C) {
 	testCase := AcmeTestCase{

integration/basic_test.go

@@ -336,3 +336,25 @@ func (s *SimpleSuite) TestWithUnexistingEntrypoint(c *check.C) {
 	err = try.GetRequest("http://127.0.0.1:8000/whoami", 1*time.Second, try.StatusCodeIs(http.StatusOK))
 	c.Assert(err, checker.IsNil)
 }
+
+func (s *SimpleSuite) TestMetricsPrometheusDefaultEntrypoint(c *check.C) {
+
+	s.createComposeProject(c, "base")
+	s.composeProject.Start(c)
+
+	cmd, output := s.traefikCmd("--defaultEntryPoints=http", "--entryPoints=Name:http Address::8000", "--web", "--web.metrics.prometheus.buckets=0.1,0.3,1.2,5.0", "--docker", "--debug")
+	defer output(c)
+
+	err := cmd.Start()
+	c.Assert(err, checker.IsNil)
+	defer cmd.Process.Kill()
+
+	err = try.GetRequest("http://127.0.0.1:8080/api/providers", 1*time.Second, try.BodyContains("PathPrefix"))
+	c.Assert(err, checker.IsNil)
+
+	err = try.GetRequest("http://127.0.0.1:8000/whoami", 1*time.Second, try.StatusCodeIs(http.StatusOK))
+	c.Assert(err, checker.IsNil)
+
+	err = try.GetRequest("http://127.0.0.1:8080/metrics", 1*time.Second, try.StatusCodeIs(http.StatusOK))
+	c.Assert(err, checker.IsNil)
+}

integration/consul_test.go

@@ -564,15 +564,15 @@ func (s *ConsulSuite) TestSNIDynamicTlsConfig(c *check.C) {
 	}
 
 	tlsconfigure1 := map[string]string{
-		"traefik/tlsconfiguration/snitestcom/entrypoints":          "https",
-		"traefik/tlsconfiguration/snitestcom/certificate/keyfile":  string(snitestComKey),
-		"traefik/tlsconfiguration/snitestcom/certificate/certfile": string(snitestComCert),
+		"traefik/tls/snitestcom/entrypoints":          "https",
+		"traefik/tls/snitestcom/certificate/keyfile":  string(snitestComKey),
+		"traefik/tls/snitestcom/certificate/certfile": string(snitestComCert),
 	}
 
 	tlsconfigure2 := map[string]string{
-		"traefik/tlsconfiguration/snitestorg/entrypoints":          "https",
-		"traefik/tlsconfiguration/snitestorg/certificate/keyfile":  string(snitestOrgKey),
-		"traefik/tlsconfiguration/snitestorg/certificate/certfile": string(snitestOrgCert),
+		"traefik/tls/snitestorg/entrypoints":          "https",
+		"traefik/tls/snitestorg/certificate/keyfile":  string(snitestOrgKey),
+		"traefik/tls/snitestorg/certificate/certfile": string(snitestOrgCert),
 	}
 
 	// config backends,frontends and first tls keypair
@@ -613,7 +613,7 @@ func (s *ConsulSuite) TestSNIDynamicTlsConfig(c *check.C) {
 
 	// wait for consul
 	err = try.Do(60*time.Second, func() error {
-		_, err := s.kv.Get("traefik/tlsconfiguration/snitestcom/certificate/keyfile", nil)
+		_, err := s.kv.Get("traefik/tls/snitestcom/certificate/keyfile", nil)
 		return err
 	})
 	c.Assert(err, checker.IsNil)
@@ -642,7 +642,7 @@ func (s *ConsulSuite) TestSNIDynamicTlsConfig(c *check.C) {
 
 	// wait for consul
 	err = try.Do(60*time.Second, func() error {
-		_, err := s.kv.Get("traefik/tlsconfiguration/snitestorg/certificate/keyfile", nil)
+		_, err := s.kv.Get("traefik/tls/snitestorg/certificate/keyfile", nil)
 		return err
 	})
 	c.Assert(err, checker.IsNil)

integration/etcd3_test.go

@@ -474,15 +474,15 @@ func (s *Etcd3Suite) TestSNIDynamicTlsConfig(c *check.C) {
 	}
 
 	tlsconfigure1 := map[string]string{
-		"/traefik/tlsconfiguration/snitestcom/entrypoints":          "https",
-		"/traefik/tlsconfiguration/snitestcom/certificate/keyfile":  string(snitestComKey),
-		"/traefik/tlsconfiguration/snitestcom/certificate/certfile": string(snitestComCert),
+		"/traefik/tls/snitestcom/entrypoints":          "https",
+		"/traefik/tls/snitestcom/certificate/keyfile":  string(snitestComKey),
+		"/traefik/tls/snitestcom/certificate/certfile": string(snitestComCert),
 	}
 
 	tlsconfigure2 := map[string]string{
-		"/traefik/tlsconfiguration/snitestorg/entrypoints":          "https",
-		"/traefik/tlsconfiguration/snitestorg/certificate/keyfile":  string(snitestOrgKey),
-		"/traefik/tlsconfiguration/snitestorg/certificate/certfile": string(snitestOrgCert),
+		"/traefik/tls/snitestorg/entrypoints":          "https",
+		"/traefik/tls/snitestorg/certificate/keyfile":  string(snitestOrgKey),
+		"/traefik/tls/snitestorg/certificate/certfile": string(snitestOrgCert),
 	}
 
 	// config backends,frontends and first tls keypair
@@ -523,7 +523,7 @@ func (s *Etcd3Suite) TestSNIDynamicTlsConfig(c *check.C) {
 
 	// wait for etcd
 	err = try.Do(60*time.Second, func() error {
-		_, err := s.kv.Get("/traefik/tlsconfiguration/snitestcom/certificate/keyfile", nil)
+		_, err := s.kv.Get("/traefik/tls/snitestcom/certificate/keyfile", nil)
 		return err
 	})
 	c.Assert(err, checker.IsNil)
@@ -557,7 +557,7 @@ func (s *Etcd3Suite) TestSNIDynamicTlsConfig(c *check.C) {
 
 	// wait for etcd
 	err = try.Do(60*time.Second, func() error {
-		_, err := s.kv.Get("/traefik/tlsconfiguration/snitestorg/certificate/keyfile", nil)
+		_, err := s.kv.Get("/traefik/tls/snitestorg/certificate/keyfile", nil)
 		return err
 	})
 	c.Assert(err, checker.IsNil)
@@ -609,9 +609,9 @@ func (s *Etcd3Suite) TestDeleteSNIDynamicTlsConfig(c *check.C) {
 	}
 
 	tlsconfigure1 := map[string]string{
-		"/traefik/tlsconfiguration/snitestcom/entrypoints":          "https",
-		"/traefik/tlsconfiguration/snitestcom/certificate/keyfile":  string(snitestComKey),
-		"/traefik/tlsconfiguration/snitestcom/certificate/certfile": string(snitestComCert),
+		"/traefik/tls/snitestcom/entrypoints":          "https",
+		"/traefik/tls/snitestcom/certificate/keyfile":  string(snitestComKey),
+		"/traefik/tls/snitestcom/certificate/certfile": string(snitestComCert),
 	}
 
 	// config backends,frontends and first tls keypair
@@ -637,7 +637,7 @@ func (s *Etcd3Suite) TestDeleteSNIDynamicTlsConfig(c *check.C) {
 
 	// wait for etcd
 	err = try.Do(60*time.Second, func() error {
-		_, err := s.kv.Get("/traefik/tlsconfiguration/snitestcom/certificate/keyfile", nil)
+		_, err := s.kv.Get("/traefik/tls/snitestcom/certificate/keyfile", nil)
 		return err
 	})
 	c.Assert(err, checker.IsNil)

integration/etcd_test.go

@@ -490,15 +490,15 @@ func (s *EtcdSuite) TestSNIDynamicTlsConfig(c *check.C) {
 	}
 
 	tlsconfigure1 := map[string]string{
-		"/traefik/tlsconfiguration/snitestcom/entrypoints":          "https",
-		"/traefik/tlsconfiguration/snitestcom/certificate/keyfile":  string(snitestComKey),
-		"/traefik/tlsconfiguration/snitestcom/certificate/certfile": string(snitestComCert),
+		"/traefik/tls/snitestcom/entrypoints":          "https",
+		"/traefik/tls/snitestcom/certificate/keyfile":  string(snitestComKey),
+		"/traefik/tls/snitestcom/certificate/certfile": string(snitestComCert),
 	}
 
 	tlsconfigure2 := map[string]string{
-		"/traefik/tlsconfiguration/snitestorg/entrypoints":          "https",
-		"/traefik/tlsconfiguration/snitestorg/certificate/keyfile":  string(snitestOrgKey),
-		"/traefik/tlsconfiguration/snitestorg/certificate/certfile": string(snitestOrgCert),
+		"/traefik/tls/snitestorg/entrypoints":          "https",
+		"/traefik/tls/snitestorg/certificate/keyfile":  string(snitestOrgKey),
+		"/traefik/tls/snitestorg/certificate/certfile": string(snitestOrgCert),
 	}
 
 	// config backends,frontends and first tls keypair
@@ -539,7 +539,7 @@ func (s *EtcdSuite) TestSNIDynamicTlsConfig(c *check.C) {
 
 	// wait for etcd
 	err = try.Do(60*time.Second, func() error {
-		_, err := s.kv.Get("/traefik/tlsconfiguration/snitestcom/certificate/keyfile", nil)
+		_, err := s.kv.Get("/traefik/tls/snitestcom/certificate/keyfile", nil)
 		return err
 	})
 	c.Assert(err, checker.IsNil)
@@ -573,7 +573,7 @@ func (s *EtcdSuite) TestSNIDynamicTlsConfig(c *check.C) {
 
 	// wait for etcd
 	err = try.Do(60*time.Second, func() error {
-		_, err := s.kv.Get("/traefik/tlsconfiguration/snitestorg/certificate/keyfile", nil)
+		_, err := s.kv.Get("/traefik/tls/snitestorg/certificate/keyfile", nil)
 		return err
 	})
 	c.Assert(err, checker.IsNil)

integration/fixtures/acme/acme_http01_web.toml

@@ -0,0 +1,38 @@
+logLevel = "DEBUG"
+
+defaultEntryPoints = ["http", "https"]
+
+[entryPoints]
+  [entryPoints.http]
+  address = ":5002"
+  [entryPoints.https]
+  address = ":5001"
+    [entryPoints.https.tls]
+
+
+[web]
+path="/traefik"
+
+[acme]
+email = "test@traefik.io"
+storage = "/dev/null"
+entryPoint = "https"
+onDemand = {{.OnDemand}}
+OnHostRule = {{.OnHostRule}}
+caServer = "http://{{.BoulderHost}}:4000/directory"
+[acme.httpchallenge]
+entrypoint="http"
+
+[file]
+
+[backends]
+  [backends.backend]
+    [backends.backend.servers.server1]
+    url = "http://127.0.0.1:9010"
+
+
+[frontends]
+  [frontends.frontend]
+  backend = "backend"
+    [frontends.frontend.routes.test]
+    rule = "Host:traefik.acme.wtf"

integration/fixtures/acme/certificates.toml

@@ -9,8 +9,8 @@
     [frontends.frontend.routes.test]
     rule = "Host:traefik.acme.wtf"
 
-[[tlsConfiguration]]
+[[tls]]
 entryPoints = ["https"]
-    [tlsConfiguration.certificate]
+    [tls.certificate]
      certFile = "fixtures/acme/ssl/wildcard.crt"
      keyFile = "fixtures/acme/ssl/wildcard.key"

integration/fixtures/https/dynamic_https.toml

@@ -16,9 +16,9 @@
     [frontends.frontend2.routes.test_2]
     rule = "Host:snitest.org"
 
-[[tlsConfiguration]]
+[[tls]]
 entryPoints = ["https"]
-  [tlsConfiguration.certificate]
+  [tls.certificate]
     certFile = """-----BEGIN CERTIFICATE-----
 MIIC/zCCAeegAwIBAgIJALAYHG/vGqWEMA0GCSqGSIb3DQEBBQUAMBYxFDASBgNV
 BAMMC3NuaXRlc3Qub3JnMB4XDTE1MTEyMzIyMDU0NFoXDTI1MTEyMDIyMDU0NFow

integration/https_test.go

@@ -624,7 +624,7 @@ func modifyCertificateConfFileContent(c *check.C, certFileName, confFileName, en
 	// If certificate file is not provided, just truncate the configuration file
 	if len(certFileName) > 0 {
 		tlsConf := types.Configuration{
-			TLSConfiguration: []*traefikTls.Configuration{
+			TLS: []*traefikTls.Configuration{
 				{
 					Certificate: &traefikTls.Certificate{
 						CertFile: traefikTls.FileOrContent("fixtures/https/" + certFileName + ".cert"),

mkdocs.yml

@@ -100,4 +100,3 @@ pages:
     - 'gRPC Example': 'user-guide/grpc.md'
     - 'Traefik cluster example with Swarm': 'user-guide/cluster-docker-consul.md'
   - Benchmarks: benchmarks.md
-  - 'Archive': 'archive.md'

provider/file/file.go

@@ -186,7 +186,7 @@ func loadFileConfigFromDirectory(directory string, configuration *types.Configur
 			}
 		}
 
-		for _, conf := range c.TLSConfiguration {
+		for _, conf := range c.TLS {
 			if _, exists := configTLSMaps[conf]; exists {
 				log.Warnf("TLS Configuration %v already configured, skipping", conf)
 			} else {
@@ -196,7 +196,7 @@ func loadFileConfigFromDirectory(directory string, configuration *types.Configur
 
 	}
 	for conf := range configTLSMaps {
-		configuration.TLSConfiguration = append(configuration.TLSConfiguration, conf)
+		configuration.TLS = append(configuration.TLS, conf)
 	}
 	return configuration, nil
 }

provider/file/file_test.go

@@ -26,7 +26,7 @@ func TestProvideSingleFileAndWatch(t *testing.T) {
 		tempDir, "simple.toml",
 		createFrontendConfiguration(expectedNumFrontends),
 		createBackendConfiguration(expectedNumBackends),
-		createTLSConfiguration(expectedNumTLSConf))
+		createTLS(expectedNumTLSConf))
 
 	configurationChan, signal := createConfigurationRoutine(t, &expectedNumFrontends, &expectedNumBackends, &expectedNumTLSConf)
 
@@ -45,7 +45,7 @@ func TestProvideSingleFileAndWatch(t *testing.T) {
 		tempDir, "simple.toml",
 		createFrontendConfiguration(expectedNumFrontends),
 		createBackendConfiguration(expectedNumBackends),
-		createTLSConfiguration(expectedNumTLSConf))
+		createTLS(expectedNumTLSConf))
 
 	err = waitForSignal(signal, 2*time.Second, "single frontend, backend, TLS configuration")
 	assert.NoError(t, err)
@@ -63,7 +63,7 @@ func TestProvideSingleFileAndNotWatch(t *testing.T) {
 		tempDir, "simple.toml",
 		createFrontendConfiguration(expectedNumFrontends),
 		createBackendConfiguration(expectedNumBackends),
-		createTLSConfiguration(expectedNumTLSConf))
+		createTLS(expectedNumTLSConf))
 
 	configurationChan, signal := createConfigurationRoutine(t, &expectedNumFrontends, &expectedNumBackends, &expectedNumTLSConf)
 
@@ -82,7 +82,7 @@ func TestProvideSingleFileAndNotWatch(t *testing.T) {
 		tempDir, "simple.toml",
 		createFrontendConfiguration(expectedNumFrontends),
 		createBackendConfiguration(expectedNumBackends),
-		createTLSConfiguration(expectedNumTLSConf))
+		createTLS(expectedNumTLSConf))
 
 	// Must fail because we don't watch the changes
 	err = waitForSignal(signal, 2*time.Second, "single frontend, backend and TLS configuration")
@@ -99,7 +99,7 @@ func TestProvideDirectoryAndWatch(t *testing.T) {
 
 	tempFile1 := createRandomFile(t, tempDir, createFrontendConfiguration(expectedNumFrontends))
 	tempFile2 := createRandomFile(t, tempDir, createBackendConfiguration(expectedNumBackends))
-	tempFile3 := createRandomFile(t, tempDir, createTLSConfiguration(expectedNumTLSConf))
+	tempFile3 := createRandomFile(t, tempDir, createTLS(expectedNumTLSConf))
 
 	configurationChan, signal := createConfigurationRoutine(t, &expectedNumFrontends, &expectedNumBackends, &expectedNumTLSConf)
 
@@ -145,7 +145,7 @@ func TestProvideDirectoryAndNotWatch(t *testing.T) {
 
 	createRandomFile(t, tempDir, createFrontendConfiguration(expectedNumFrontends))
 	tempFile2 := createRandomFile(t, tempDir, createBackendConfiguration(expectedNumBackends))
-	createRandomFile(t, tempTLSDir, createTLSConfiguration(expectedNumTLSConf))
+	createRandomFile(t, tempTLSDir, createTLS(expectedNumTLSConf))
 
 	configurationChan, signal := createConfigurationRoutine(t, &expectedNumFrontends, &expectedNumBackends, &expectedNumTLSConf)
 
@@ -167,7 +167,7 @@ func TestProvideDirectoryAndNotWatch(t *testing.T) {
 
 }
 
-func createConfigurationRoutine(t *testing.T, expectedNumFrontends *int, expectedNumBackends *int, expectedNumTLSConfigurations *int) (chan types.ConfigMessage, chan interface{}) {
+func createConfigurationRoutine(t *testing.T, expectedNumFrontends *int, expectedNumBackends *int, expectedNumTLSes *int) (chan types.ConfigMessage, chan interface{}) {
 	configurationChan := make(chan types.ConfigMessage)
 	signal := make(chan interface{})
 
@@ -177,7 +177,7 @@ func createConfigurationRoutine(t *testing.T, expectedNumFrontends *int, expecte
 			assert.Equal(t, "file", data.ProviderName)
 			assert.Len(t, data.Configuration.Frontends, *expectedNumFrontends)
 			assert.Len(t, data.Configuration.Backends, *expectedNumBackends)
-			assert.Len(t, data.Configuration.TLSConfiguration, *expectedNumTLSConfigurations)
+			assert.Len(t, data.Configuration.TLS, *expectedNumTLSes)
 			signal <- nil
 		}
 	})
@@ -297,13 +297,13 @@ func createBackendConfiguration(n int) string {
 	return conf
 }
 
-// createTLSConfiguration Helper
-func createTLSConfiguration(n int) string {
+// createTLS Helper
+func createTLS(n int) string {
 	var conf string
 	for i := 1; i <= n; i++ {
-		conf += fmt.Sprintf(`[[TLSConfiguration]]
+		conf += fmt.Sprintf(`[[TLS]]
 	EntryPoints = ["https"]
-	[TLSConfiguration.Certificate]
+	[TLS.Certificate]
 	CertFile = "integration/fixtures/https/snitest%[1]d.com.cert"
 	KeyFile = "integration/fixtures/https/snitest%[1]d.com.key"
 `, i)

provider/rancher/api.go

@@ -91,19 +91,24 @@ func (p *Provider) apiProvide(configurationChan chan<- types.ConfigMessage, pool
 					for {
 						select {
 						case <-ticker.C:
+							checkAPI, errAPI := rancherClient.ApiKey.List(withoutPagination)
 
-							log.Debugf("Refreshing new Data from Provider API")
-							var stacks = listRancherStacks(rancherClient)
-							var services = listRancherServices(rancherClient)
-							var container = listRancherContainer(rancherClient)
+							if errAPI != nil {
+								log.Errorf("Cannot establish connection: %+v, Rancher API return: %+v; Skipping refresh Data from Rancher API.", errAPI, checkAPI)
+							} else {
+								log.Debugf("Refreshing new Data from Rancher API")
+								stacks := listRancherStacks(rancherClient)
+								services := listRancherServices(rancherClient)
+								container := listRancherContainer(rancherClient)
 
-							rancherData := parseAPISourcedRancherData(stacks, services, container)
+								rancherData := parseAPISourcedRancherData(stacks, services, container)
 
-							configuration := p.loadRancherConfig(rancherData)
-							if configuration != nil {
-								configurationChan <- types.ConfigMessage{
-									ProviderName:  "rancher",
-									Configuration: configuration,
+								configuration := p.loadRancherConfig(rancherData)
+								if configuration != nil {
+									configurationChan <- types.ConfigMessage{
+										ProviderName:  "rancher",
+										Configuration: configuration,
+									}
 								}
 							}
 						case <-stop:

script/test-integration

@@ -4,7 +4,7 @@ set -e
 export SCRIPTDIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" && pwd )"
 export DEST=.
 
-TESTFLAGS="${TESTFLAGS} -test.timeout=9m -check.v"
+TESTFLAGS="${TESTFLAGS} -test.timeout=20m -check.v"
 
 if [ -n "$VERBOSE" ]; then
     TESTFLAGS="${TESTFLAGS} -v"

server/server.go

@@ -66,6 +66,7 @@ type Server struct {
 	stopChan                      chan bool
 	providers                     []provider.Provider
 	currentConfigurations         safe.Safe
+	providerConfigUpdateMap       map[string]chan types.ConfigMessage
 	globalConfiguration           configuration.GlobalConfiguration
 	accessLoggerMiddleware        *accesslog.LogHandler
 	routinesPool                  *safe.Pool
@@ -105,6 +106,7 @@ func NewServer(globalConfiguration configuration.GlobalConfiguration) *Server {
 	server.configureSignals()
 	currentConfigurations := make(types.Configurations)
 	server.currentConfigurations.Set(currentConfigurations)
+	server.providerConfigUpdateMap = make(map[string]chan types.ConfigMessage)
 	server.globalConfiguration = globalConfiguration
 	if server.globalConfiguration.API != nil {
 		server.globalConfiguration.API.CurrentConfigurations = &server.currentConfigurations
@@ -350,25 +352,25 @@ func (s *Server) listenProviders(stop chan bool) {
 }
 
 func (s *Server) preLoadConfiguration(configMsg types.ConfigMessage) {
-	providerConfigUpdateMap := map[string]chan types.ConfigMessage{}
 	providersThrottleDuration := time.Duration(s.globalConfiguration.ProvidersThrottleDuration)
 	s.defaultConfigurationValues(configMsg.Configuration)
 	currentConfigurations := s.currentConfigurations.Get().(types.Configurations)
 	jsonConf, _ := json.Marshal(configMsg.Configuration)
 	log.Debugf("Configuration received from provider %s: %s", configMsg.ProviderName, string(jsonConf))
-	if configMsg.Configuration == nil || configMsg.Configuration.Backends == nil && configMsg.Configuration.Frontends == nil && configMsg.Configuration.TLSConfiguration == nil {
+	if configMsg.Configuration == nil || configMsg.Configuration.Backends == nil && configMsg.Configuration.Frontends == nil && configMsg.Configuration.TLS == nil {
 		log.Infof("Skipping empty Configuration for provider %s", configMsg.ProviderName)
 	} else if reflect.DeepEqual(currentConfigurations[configMsg.ProviderName], configMsg.Configuration) {
 		log.Infof("Skipping same configuration for provider %s", configMsg.ProviderName)
 	} else {
-		if _, ok := providerConfigUpdateMap[configMsg.ProviderName]; !ok {
-			providerConfigUpdate := make(chan types.ConfigMessage)
-			providerConfigUpdateMap[configMsg.ProviderName] = providerConfigUpdate
+		providerConfigUpdateCh, ok := s.providerConfigUpdateMap[configMsg.ProviderName]
+		if !ok {
+			providerConfigUpdateCh = make(chan types.ConfigMessage)
+			s.providerConfigUpdateMap[configMsg.ProviderName] = providerConfigUpdateCh
 			s.routinesPool.Go(func(stop chan bool) {
-				throttleProviderConfigReload(providersThrottleDuration, s.configurationValidatedChan, providerConfigUpdate, stop)
+				throttleProviderConfigReload(providersThrottleDuration, s.configurationValidatedChan, providerConfigUpdateCh, stop)
 			})
 		}
-		providerConfigUpdateMap[configMsg.ProviderName] <- configMsg
+		providerConfigUpdateCh <- configMsg
 	}
 }
 
@@ -460,8 +462,8 @@ func (s *Server) loadHTTPSConfiguration(configurations types.Configurations) (ma
 	newEPCertificates := make(map[string]*traefikTls.DomainsCertificates)
 	// Get all certificates
 	for _, configuration := range configurations {
-		if configuration.TLSConfiguration != nil && len(configuration.TLSConfiguration) > 0 {
-			if err := traefikTls.SortTLSConfigurationPerEntryPoints(configuration.TLSConfiguration, newEPCertificates); err != nil {
+		if configuration.TLS != nil && len(configuration.TLS) > 0 {
+			if err := traefikTls.SortTLSPerEntryPoints(configuration.TLS, newEPCertificates); err != nil {
 				return nil, err
 			}
 		}
@@ -671,31 +673,27 @@ func (s *Server) createTLSConfig(entryPointName string, tlsOption *traefikTls.TL
 	}
 
 	if s.globalConfiguration.ACME != nil {
-		if _, ok := s.serverEntryPoints[s.globalConfiguration.ACME.EntryPoint]; ok {
-			if entryPointName == s.globalConfiguration.ACME.EntryPoint {
-				checkOnDemandDomain := func(domain string) bool {
-					routeMatch := &mux.RouteMatch{}
-					router := router.GetHandler()
-					match := router.Match(&http.Request{URL: &url.URL{}, Host: domain}, routeMatch)
-					if match && routeMatch.Route != nil {
-						return true
-					}
-					return false
+		if entryPointName == s.globalConfiguration.ACME.EntryPoint {
+			checkOnDemandDomain := func(domain string) bool {
+				routeMatch := &mux.RouteMatch{}
+				router := router.GetHandler()
+				match := router.Match(&http.Request{URL: &url.URL{}, Host: domain}, routeMatch)
+				if match && routeMatch.Route != nil {
+					return true
 				}
-				if s.leadership == nil {
-					err := s.globalConfiguration.ACME.CreateLocalConfig(config, &s.serverEntryPoints[entryPointName].certs, checkOnDemandDomain)
-					if err != nil {
-						return nil, err
-					}
-				} else {
-					err := s.globalConfiguration.ACME.CreateClusterConfig(s.leadership, config, &s.serverEntryPoints[entryPointName].certs, checkOnDemandDomain)
-					if err != nil {
-						return nil, err
-					}
+				return false
+			}
+			if s.leadership == nil {
+				err := s.globalConfiguration.ACME.CreateLocalConfig(config, &s.serverEntryPoints[entryPointName].certs, checkOnDemandDomain)
+				if err != nil {
+					return nil, err
+				}
+			} else {
+				err := s.globalConfiguration.ACME.CreateClusterConfig(s.leadership, config, &s.serverEntryPoints[entryPointName].certs, checkOnDemandDomain)
+				if err != nil {
+					return nil, err
 				}
 			}
-		} else {
-			return nil, errors.New("Unknown entrypoint " + s.globalConfiguration.ACME.EntryPoint + " for ACME configuration")
 		}
 	} else {
 		config.GetCertificate = s.serverEntryPoints[entryPointName].getCertificate
@@ -758,7 +756,9 @@ func (s *Server) addInternalPublicRoutes(entryPointName string, router *mux.Rout
 	if s.globalConfiguration.Ping != nil && s.globalConfiguration.Ping.EntryPoint != "" && s.globalConfiguration.Ping.EntryPoint == entryPointName {
 		s.globalConfiguration.Ping.AddRoutes(router)
 	}
+}
 
+func (s *Server) addACMERoutes(entryPointName string, router *mux.Router) {
 	if s.globalConfiguration.ACME != nil && s.globalConfiguration.ACME.HTTPChallenge != nil && s.globalConfiguration.ACME.HTTPChallenge.EntryPoint == entryPointName {
 		s.globalConfiguration.ACME.AddRoutes(router)
 	}
@@ -839,6 +839,9 @@ func (s *Server) buildInternalRouter(entryPointName, path string, internalMiddle
 	internalMuxRouter.Walk(wrapRoute(internalMiddlewares))
 
 	s.addInternalPublicRoutes(entryPointName, internalMuxSubrouter)
+
+	s.addACMERoutes(entryPointName, internalMuxRouter)
+
 	return internalMuxRouter
 }
 
@@ -918,23 +921,23 @@ func (s *Server) loadConfig(configurations types.Configurations, globalConfigura
 
 			log.Debugf("Creating frontend %s", frontendName)
 
+			var frontendEntryPoints []string
+			for _, entryPointName := range frontend.EntryPoints {
+				if _, ok := serverEntryPoints[entryPointName]; !ok {
+					log.Errorf("Undefined entrypoint '%s' for frontend %s", entryPointName, frontendName)
+				} else {
+					frontendEntryPoints = append(frontendEntryPoints, entryPointName)
+				}
+			}
+			frontend.EntryPoints = frontendEntryPoints
+
 			if len(frontend.EntryPoints) == 0 {
-				log.Errorf("No entrypoint defined for frontend %s, defaultEntryPoints:%s", frontendName, globalConfiguration.DefaultEntryPoints)
+				log.Errorf("No entrypoint defined for frontend %s", frontendName)
 				log.Errorf("Skipping frontend %s...", frontendName)
 				continue frontend
 			}
-			var failedEntrypoints int
 			for _, entryPointName := range frontend.EntryPoints {
 				log.Debugf("Wiring frontend %s to entryPoint %s", frontendName, entryPointName)
-				if _, ok := serverEntryPoints[entryPointName]; !ok {
-					log.Errorf("Undefined entrypoint '%s' for frontend %s", entryPointName, frontendName)
-					failedEntrypoints++
-					if failedEntrypoints == len(frontend.EntryPoints) {
-						log.Errorf("Skipping frontend %s...", frontendName)
-						continue frontend
-					}
-					continue
-				}
 
 				newServerRoute := &serverRoute{route: serverEntryPoints[entryPointName].httpRouter.GetHandler().NewRoute().Name(frontendName)}
 				for routeName, route := range frontend.Routes {

server/server_test.go

@@ -463,7 +463,7 @@ func TestServerLoadConfigHealthCheckOptions(t *testing.T) {
 								HealthCheck: healthCheck,
 							},
 						},
-						TLSConfiguration: []*tls.Configuration{
+						TLS: []*tls.Configuration{
 							{
 								Certificate: &tls.Certificate{
 									CertFile: localhostCert,
@@ -644,7 +644,7 @@ func TestServerLoadConfigEmptyBasicAuth(t *testing.T) {
 					},
 				},
 			},
-			TLSConfiguration: []*tls.Configuration{
+			TLS: []*tls.Configuration{
 				{
 					Certificate: &tls.Certificate{
 						CertFile: localhostCert,

templates/kubernetes.tmpl

@@ -37,9 +37,9 @@
 
   {{if $frontend.Redirect}}
   [frontends."{{$frontendName}}".redirect]
-  entryPoint = "{{$frontend.RedirectEntryPoint}}"
-  regex = "{{$frontend.RedirectRegex}}"
-  replacement = "{{$frontend.RedirectReplacement}}"
+  entryPoint = "{{$frontend.Redirect.EntryPoint}}"
+  regex = "{{$frontend.Redirect.Regex}}"
+  replacement = "{{$frontend.Redirect.Replacement}}"
   {{end}}
 
   {{ if $frontend.Headers }}

templates/kv.tmpl

@@ -1,6 +1,6 @@
 {{$frontends := List .Prefix "/frontends/" }}
 {{$backends :=  List .Prefix "/backends/"}}
-{{$tlsconfiguration := List .Prefix "/tlsconfiguration/"}}
+{{$tls := List .Prefix "/tls/"}}
 
 [backends]{{range $backends}}
 {{$backend := .}}
@@ -65,13 +65,13 @@
         {{end}}
 {{end}}
 
-{{range $tlsconfiguration}}
+{{range $tls}}
 {{$entryPoints := SplitGet . "/entrypoints"}}
-[[tlsConfiguration]]
+[[tls]]
     entryPoints = [{{range $entryPoints}}
       "{{.}}",
     {{end}}]
-    [tlsConfiguration.certificate]
+    [tls.certificate]
         certFile = """{{Get "" . "/certificate" "/certfile"}}"""
         keyFile = """{{Get "" . "/certificate" "/keyfile"}}"""
 {{end}}

tls/certificate.go

@@ -144,7 +144,12 @@ func (c *Certificate) AppendCertificates(certs map[string]*DomainsCertificates,
 	certKey := parsedCert.Subject.CommonName
 	if parsedCert.DNSNames != nil {
 		sort.Strings(parsedCert.DNSNames)
-		certKey += fmt.Sprintf("%s,%s", parsedCert.Subject.CommonName, strings.Join(parsedCert.DNSNames, ","))
+		for _, dnsName := range parsedCert.DNSNames {
+			if dnsName != parsedCert.Subject.CommonName {
+				certKey += fmt.Sprintf(",%s", dnsName)
+			}
+		}
+
 	}
 
 	certExists := false

tls/tls.go

@@ -86,8 +86,8 @@ func (r *RootCAs) Type() string {
 	return "rootcas"
 }
 
-// SortTLSConfigurationPerEntryPoints converts TLS configuration sorted by Certificates into TLS configuration sorted by EntryPoints
-func SortTLSConfigurationPerEntryPoints(configurations []*Configuration, epConfiguration map[string]*DomainsCertificates) error {
+// SortTLSPerEntryPoints converts TLS configuration sorted by Certificates into TLS configuration sorted by EntryPoints
+func SortTLSPerEntryPoints(configurations []*Configuration, epConfiguration map[string]*DomainsCertificates) error {
 	if epConfiguration == nil {
 		epConfiguration = make(map[string]*DomainsCertificates)
 	}

types/types.go

@@ -197,9 +197,9 @@ type Configurations map[string]*Configuration
 
 // Configuration of a provider.
 type Configuration struct {
-	Backends         map[string]*Backend         `json:"backends,omitempty"`
-	Frontends        map[string]*Frontend        `json:"frontends,omitempty"`
-	TLSConfiguration []*traefikTls.Configuration `json:"tlsConfiguration,omitempty"`
+	Backends  map[string]*Backend         `json:"backends,omitempty"`
+	Frontends map[string]*Frontend        `json:"frontends,omitempty"`
+	TLS       []*traefikTls.Configuration `json:"tls,omitempty"`
 }
 
 // ConfigMessage hold configuration information exchanged between parts of traefik.

vendor/github.com/NYTimes/gziphandler/gzip.go

@@ -88,7 +88,7 @@ type GzipResponseWriterWithCloseNotify struct {
 	*GzipResponseWriter
 }
 
-func (w *GzipResponseWriterWithCloseNotify) CloseNotify() <-chan bool {
+func (w GzipResponseWriterWithCloseNotify) CloseNotify() <-chan bool {
 	return w.ResponseWriter.(http.CloseNotifier).CloseNotify()
 }
 

vendor/github.com/vulcand/oxy/forward/fwd.go

@@ -283,8 +283,6 @@ func (f *httpForwarder) serveWebSocket(w http.ResponseWriter, req *http.Request,
 
 	dialer := websocket.DefaultDialer
 
-	dialer.EnableCompression = strings.Contains(req.Header.Get("Sec-Websocket-Extensions"), "permessage-deflate")
-
 	if outReq.URL.Scheme == "wss" && f.tlsClientConfig != nil {
 		dialer.TLSClientConfig = f.tlsClientConfig.Clone()
 		// WebSocket is only in http/1.1
@@ -326,8 +324,6 @@ func (f *httpForwarder) serveWebSocket(w http.ResponseWriter, req *http.Request,
 		return true
 	}}
 
-	upgrader.EnableCompression = strings.Contains(resp.Header.Get("Sec-Websocket-Extensions"), "permessage-deflate")
-
 	utils.RemoveHeaders(resp.Header, WebsocketUpgradeHeaders...)
 
 	underlyingConn, err := upgrader.Upgrade(w, req, resp.Header)