Prepare release v2.2.0-rc4

Merge branch v2.1 into v2.2
Prepare release v2.1.8
2020-03-19 18:10:05 +01:00 · 2020-03-19 17:53:34 +01:00 · 2020-03-19 15:46:04 +01:00 · 2020-03-19 13:48:04 +01:00 · 2020-03-19 00:32:03 +01:00 · 2020-03-18 18:58:04 +01:00
75 changed files with 1209 additions and 505 deletions
--- a/.goreleaser.yml
+++ b/.goreleaser.yml
@@ -34,8 +34,10 @@ builds:
        goarch: 386
      - goos: openbsd
        goarch: arm
+      - goos: openbsd
+        goarch: arm64
      - goos: freebsd
-        goarch: arm
+        goarch: arm64

 changelog:
  skip: true
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,3 +1,56 @@
+## [v2.2.0-rc4](https://github.com/containous/traefik/tree/v2.2.0-rc4) (2020-03-19)
+[All Commits](https://github.com/containous/traefik/compare/v2.2.0-rc3...v2.2.0-rc4)
+
+**Documentation:**
+- **[acme]** Doc: fix wrong name of config format ([#6519](https://github.com/containous/traefik/pull/6519) by [Nek-](https://github.com/Nek-))
+
+**Misc:**
+- **[middleware]** Merge current v2.1 branch into v2.2 ([#6525](https://github.com/containous/traefik/pull/6525) by [ldez](https://github.com/ldez))
+
+## [v2.1.8](https://github.com/containous/traefik/tree/v2.1.8) (2020-03-19)
+[All Commits](https://github.com/containous/traefik/compare/v2.1.7...v2.1.8)
+
+**Bug fixes:**
+- **[middleware,metrics]** Fix memory leak in metrics ([#6522](https://github.com/containous/traefik/pull/6522) by [juliens](https://github.com/juliens))
+
+## [v2.2.0-rc3](https://github.com/containous/traefik/tree/v2.2.0-rc3) (2020-03-18)
+[All Commits](https://github.com/containous/traefik/compare/v2.2.0-rc2...v2.2.0-rc3)
+
+**Enhancements:**
+- **[authentication,middleware]** docs: terminology, replace &#39;encoded&#39; by &#39;hashed&#39; ([#6478](https://github.com/containous/traefik/pull/6478) by [debovema](https://github.com/debovema))
+
+**Bug fixes:**
+- **[acme]** Update go-acme/lego to v3.5.0 ([#6491](https://github.com/containous/traefik/pull/6491) by [ldez](https://github.com/ldez))
+- **[internal]** Fix entry point redirect behavior ([#6512](https://github.com/containous/traefik/pull/6512) by [ldez](https://github.com/ldez))
+- **[k8s,k8s/ingress]** fix: Ingress TLS support ([#6504](https://github.com/containous/traefik/pull/6504) by [ldez](https://github.com/ldez))
+- **[middleware]** fix: custom Host header. ([#6502](https://github.com/containous/traefik/pull/6502) by [ldez](https://github.com/ldez))
+- **[server,udp]** udp: replace concurrently reset timer with ticker ([#6498](https://github.com/containous/traefik/pull/6498) by [mpl](https://github.com/mpl))
+- **[server]** Drop traefik from default entry points. ([#6477](https://github.com/containous/traefik/pull/6477) by [ldez](https://github.com/ldez))
+
+**Documentation:**
+- **[k8s,k8s/crd,sticky-session]** docs: clarify multi-levels stickiness ([#6475](https://github.com/containous/traefik/pull/6475) by [mpl](https://github.com/mpl))
+- **[k8s/helm]** Update traefik install documentation ([#6466](https://github.com/containous/traefik/pull/6466) by [mmatur](https://github.com/mmatur))
+- Fix wrong copy/pasted with service name warning ([#6510](https://github.com/containous/traefik/pull/6510) by [Nek-](https://github.com/Nek-))
+- Improve ping documentation. ([#6476](https://github.com/containous/traefik/pull/6476) by [ldez](https://github.com/ldez))
+- doc: fix typo. ([#6472](https://github.com/containous/traefik/pull/6472) by [ldez](https://github.com/ldez))
+- doc: Use neutral domains. ([#6471](https://github.com/containous/traefik/pull/6471) by [ldez](https://github.com/ldez))
+
+**Misc:**
+- **[rancher]** Stop using fork of go-rancher-metadata ([#6469](https://github.com/containous/traefik/pull/6469) by [ibuildthecloud](https://github.com/ibuildthecloud))
+
+## [v2.1.7](https://github.com/containous/traefik/tree/v2.1.7) (2020-03-18)
+[All Commits](https://github.com/containous/traefik/compare/v2.1.6...v2.1.7)
+
+**Bug fixes:**
+- **[logs,middleware]** Access log field quotes. ([#6484](https://github.com/containous/traefik/pull/6484) by [ldez](https://github.com/ldez))
+- **[metrics]** fix statsd scale for duration based metrics ([#6054](https://github.com/containous/traefik/pull/6054) by [ddtmachado](https://github.com/ddtmachado))
+- **[middleware]** Added support for replacement containing escaped characters ([#6413](https://github.com/containous/traefik/pull/6413) by [rtribotte](https://github.com/rtribotte))
+
+**Documentation:**
+- **[acme,docker]** Add some missing doc. ([#6422](https://github.com/containous/traefik/pull/6422) by [ldez](https://github.com/ldez))
+- **[acme]** Added wildcard ACME example ([#6423](https://github.com/containous/traefik/pull/6423) by [Basster](https://github.com/Basster))
+- **[acme]** fix typo ([#6408](https://github.com/containous/traefik/pull/6408) by [hamiltont](https://github.com/hamiltont))
+
 ## [v2.2.0-rc2](https://github.com/containous/traefik/tree/v2.2.0-rc2) (2020-03-11)
 [All Commits](https://github.com/containous/traefik/compare/v2.2.0-rc1...v2.2.0-rc2)

--- a/cmd/traefik/traefik.go
+++ b/cmd/traefik/traefik.go
@@ -200,7 +200,7 @@ func setupServer(staticConfiguration *static.Configuration) (*server.Server, err
 			log.WithoutContext().Errorf("Invalid protocol: %v", err)
 		}

-		if protocol != "udp" {
+		if protocol != "udp" && name != static.DefaultInternalEntryPointName {
 			defaultEntryPoints = append(defaultEntryPoints, name)
 		}
 	}
--- a/docs/content/getting-started/install-traefik.md
+++ b/docs/content/getting-started/install-traefik.md
@@ -3,7 +3,7 @@
 You can install Traefik with the following flavors:

 * [Use the official Docker image](./#use-the-official-docker-image)
-* [(Experimental) Use the Helm Chart](./#use-the-helm-chart)
+* [Use the Helm Chart](./#use-the-helm-chart)
 * [Use the binary distribution](./#use-the-binary-distribution)
 * [Compile your binary from the sources](./#compile-your-binary-from-the-sources)

@@ -27,48 +27,52 @@ For more details, go to the [Docker provider documentation](../providers/docker.

 ## Use the Helm Chart

-!!! warning "Experimental Helm Chart"
+!!! warning
    
-    Please note that the Helm Chart for Traefik v2 is still experimental.
-    
-    The Traefik Stable Chart from 
+    The Traefik Chart from 
    [Helm's default charts repository](https://github.com/helm/charts/tree/master/stable/traefik) is still using [Traefik v1.7](https://docs.traefik.io/v1.7).

-Traefik can be installed in Kubernetes using the v2.0 Helm chart from <https://github.com/containous/traefik-helm-chart>.
+Traefik can be installed in Kubernetes using the Helm chart from <https://github.com/containous/traefik-helm-chart>.

 Ensure that the following requirements are met:

 * Kubernetes 1.14+
-* Helm version 2.x is [installed](https://v2.helm.sh/docs/using_helm/) and initialized with Tiller
+* Helm version 3.x is [installed](https://helm.sh/docs/intro/install/)

-Retrieve the latest chart version from the repository:
+Add Traefik's chart repository to Helm:

 ```bash
-# Retrieve Chart from the repository
-git clone https://github.com/containous/traefik-helm-chart
+helm repo add traefik https://containous.github.io/traefik-helm-chart
+```
+
+You can update the chart repository by running:
+
+```bash
+helm repo update
 ```

 And install it with the `helm` command line:

 ```bash
-helm install ./traefik-helm-chart
+helm install traefik traefik/traefik
 ```

 !!! tip "Helm Features"
    
-    All [Helm features](https://v2.helm.sh/docs/using_helm/#using-helm) are supported.
+    All [Helm features](https://helm.sh/docs/intro/using_helm/) are supported.
    For instance, installing the chart in a dedicated namespace:

    ```bash tab="Install in a Dedicated Namespace"
+    kubectl create ns traefik-v2
    # Install in the namespace "traefik-v2"
    helm install --namespace=traefik-v2 \
-        ./traefik-helm-chart
+        traefik traefik/traefik
    ```

 ??? example "Installing with Custom Values"
    
    You can customize the installation by specifying custom values,
-    as with [any helm chart](https://v2.helm.sh/docs/using_helm/#customizing-the-chart-before-installing).
+    as with [any helm chart](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing).
    {: #helm-custom-values }
    
    The values are not (yet) documented, but are self-explanatory:
@@ -79,12 +83,12 @@ helm install ./traefik-helm-chart
    ```bash tab="Using Helm CLI"
    helm install --namespace=traefik-v2 \
        --set="logs.loglevel=DEBUG" \
-        ./traefik-helm-chart
+        traefik traefik/traefik
    ```
    
    ```yml tab="With a custom values file"
    # File custom-values.yml
-    ## Install with "helm install --values=./custom-values.yml ./traefik-helm-chart
+    ## Install with "helm install --values=./custom-values.yml traefik traefik/traefik
    logs:
        loglevel: DEBUG
    ```
--- a/docs/content/https/acme.md
+++ b/docs/content/https/acme.md
@@ -79,7 +79,7 @@ Please check the [configuration examples below](#configuration-examples) for mor
        address = ":443"
    
    [certificatesResolvers.myresolver.acme]
-      email = "your-email@your-domain.org"
+      email = "your-email@example.com"
      storage = "acme.json"
      [certificatesResolvers.myresolver.acme.httpChallenge]
        # used during the challenge
@@ -97,7 +97,7 @@ Please check the [configuration examples below](#configuration-examples) for mor
    certificatesResolvers:
      myresolver:
        acme:
-          email: your-email@your-domain.org
+          email: your-email@example.com
          storage: acme.json
          httpChallenge:
            # used during the challenge
@@ -108,7 +108,7 @@ Please check the [configuration examples below](#configuration-examples) for mor
    --entryPoints.web.address=:80
    --entryPoints.websecure.address=:443
    # ...
-    --certificatesResolvers.myresolver.acme.email=your-email@your-domain.org
+    --certificatesResolvers.myresolver.acme.email=your-email@example.com
    --certificatesResolvers.myresolver.acme.storage=acme.json
    # used during the challenge
    --certificatesResolvers.myresolver.acme.httpChallenge.entryPoint=web
@@ -118,20 +118,20 @@ Please check the [configuration examples below](#configuration-examples) for mor

 ??? example "Single Domain from Router's Rule Example"
    
-    * A certificate for the domain `company.com` is requested:
+    * A certificate for the domain `example.com` is requested:

    --8<-- "content/https/include-acme-single-domain-example.md"

 ??? example "Multiple Domains from Router's Rule Example"
 
-    * A certificate for the domains `company.com` (main) and `blog.company.org`
+    * A certificate for the domains `example.com` (main) and `blog.example.org`
      is requested:
    
    --8<-- "content/https/include-acme-multiple-domains-from-rule-example.md"
    
 ??? example "Multiple Domains from Router's `tls.domain` Example"

-    * A certificate for the domains `company.com` (main) and `*.company.org` (SAN)
+    * A certificate for the domains `example.com` (main) and `*.example.org` (SAN)
      is requested:
      
    --8<-- "content/https/include-acme-multiple-domains-example.md"
@@ -301,6 +301,7 @@ For example, `CF_API_EMAIL_FILE=/run/secrets/traefik_cf-api-email` could be used
 | [DreamHost](https://www.dreamhost.com/)                     | `dreamhost`    | `DREAMHOST_API_KEY`                                                                                                                         | [Additional configuration](https://go-acme.github.io/lego/dns/dreamhost)    |
 | [Duck DNS](https://www.duckdns.org/)                        | `duckdns`      | `DUCKDNS_TOKEN`                                                                                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/duckdns)      |
 | [Dyn](https://dyn.com)                                      | `dyn`          | `DYN_CUSTOMER_NAME`, `DYN_USER_NAME`, `DYN_PASSWORD`                                                                                        | [Additional configuration](https://go-acme.github.io/lego/dns/dyn)          |
+| [Dynu](https://www.dynu.com)                                | `dynu`         | `DYNU_API_KEY`                                                                                                                              | [Additional configuration](https://go-acme.github.io/lego/dns/dynu)         |
 | [EasyDNS](https://easydns.com/)                             | `easydns`      | `EASYDNS_TOKEN`, `EASYDNS_KEY`                                                                                                              | [Additional configuration](https://go-acme.github.io/lego/dns/easydns)      |
 | External Program                                            | `exec`         | `EXEC_PATH`                                                                                                                                 | [Additional configuration](https://go-acme.github.io/lego/dns/exec)         |
 | [Exoscale](https://www.exoscale.com)                        | `exoscale`     | `EXOSCALE_API_KEY`, `EXOSCALE_API_SECRET`, `EXOSCALE_ENDPOINT`                                                                              | [Additional configuration](https://go-acme.github.io/lego/dns/exoscale)     |
@@ -333,8 +334,10 @@ For example, `CF_API_EMAIL_FILE=/run/secrets/traefik_cf-api-email` could be used
 | [Oracle Cloud](https://cloud.oracle.com/home)               | `oraclecloud`  | `OCI_COMPARTMENT_OCID`, `OCI_PRIVKEY_FILE`, `OCI_PRIVKEY_PASS`, `OCI_PUBKEY_FINGERPRINT`, `OCI_REGION`, `OCI_TENANCY_OCID`, `OCI_USER_OCID` | [Additional configuration](https://go-acme.github.io/lego/dns/oraclecloud)  |
 | [PowerDNS](https://www.powerdns.com)                        | `pdns`         | `PDNS_API_KEY`, `PDNS_API_URL`                                                                                                              | [Additional configuration](https://go-acme.github.io/lego/dns/pdns)         |
 | [Rackspace](https://www.rackspace.com/cloud/dns)            | `rackspace`    | `RACKSPACE_USER`, `RACKSPACE_API_KEY`                                                                                                       | [Additional configuration](https://go-acme.github.io/lego/dns/rackspace)    |
+| [reg.ru](https://www.reg.ru)                                | `regru`        | `REGRU_USERNAME`, `REGRU_PASSWORD`                                                                                                          | [Additional configuration](https://go-acme.github.io/lego/dns/regru)        |
 | [RFC2136](https://tools.ietf.org/html/rfc2136)              | `rfc2136`      | `RFC2136_TSIG_KEY`, `RFC2136_TSIG_SECRET`, `RFC2136_TSIG_ALGORITHM`, `RFC2136_NAMESERVER`                                                   | [Additional configuration](https://go-acme.github.io/lego/dns/rfc2136)      |
 | [Route 53](https://aws.amazon.com/route53/)                 | `route53`      | `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `[AWS_REGION]`, `[AWS_HOSTED_ZONE_ID]` or a configured user/instance IAM profile.             | [Additional configuration](https://go-acme.github.io/lego/dns/route53)      |
+| [RimuHosting](https://rimuhosting.com)                      | `rimuhosting`  | `RIMUHOSTING_API_KEY`                                                                                                                       | [Additional configuration](https://go-acme.github.io/lego/dns/rimuhosting)  |
 | [Sakura Cloud](https://cloud.sakura.ad.jp/)                 | `sakuracloud`  | `SAKURACLOUD_ACCESS_TOKEN`, `SAKURACLOUD_ACCESS_TOKEN_SECRET`                                                                               | [Additional configuration](https://go-acme.github.io/lego/dns/sakuracloud)  |
 | [Scaleway](https://www.scaleway.com)                        | `scaleway`     | `SCALEWAY_API_TOKEN`                                                                                                                        | [Additional configuration](https://go-acme.github.io/lego/dns/scaleway)     |
 | [Selectel](https://selectel.ru/en/)                         | `selectel`     | `SELECTEL_API_TOKEN`                                                                                                                        | [Additional configuration](https://go-acme.github.io/lego/dns/selectel)     |
@@ -346,6 +349,7 @@ For example, `CF_API_EMAIL_FILE=/run/secrets/traefik_cf-api-email` could be used
 | [Vscale](https://vscale.io/)                                | `vscale`       | `VSCALE_API_TOKEN`                                                                                                                          | [Additional configuration](https://go-acme.github.io/lego/dns/vscale)       |
 | [VULTR](https://www.vultr.com)                              | `vultr`        | `VULTR_API_KEY`                                                                                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/vultr)        |
 | [Zone.ee](https://www.zone.ee)                              | `zoneee`       | `ZONEEE_API_USER`, `ZONEEE_API_KEY`                                                                                                         | [Additional configuration](https://go-acme.github.io/lego/dns/zoneee)       |
+| [Zonomi](https://zonomi.com)                                | `zonomi`       | `ZONOMI_API_KEY`                                                                                                                            | [Additional configuration](https://go-acme.github.io/lego/dns/zonomi)       |

 [^1]: more information about the HTTP message format can be found [here](https://go-acme.github.io/lego/dns/httpreq/)
 [^2]: [providing_credentials_to_your_application](https://cloud.google.com/docs/authentication/production#providing_credentials_to_your_application)
--- a/docs/content/https/include-acme-multiple-domains-example.md
+++ b/docs/content/https/include-acme-multiple-domains-example.md
@@ -2,23 +2,23 @@
 ```yaml tab="Docker"
 ## Dynamic configuration
 labels:
-  - traefik.http.routers.blog.rule=Host(`company.com`) && Path(`/blog`)
+  - traefik.http.routers.blog.rule=Host(`example.com`) && Path(`/blog`)
  - traefik.http.routers.blog.tls=true
  - traefik.http.routers.blog.tls.certresolver=myresolver
-  - traefik.http.routers.blog.tls.domains[0].main=company.org
-  - traefik.http.routers.blog.tls.domains[0].sans=*.company.org
+  - traefik.http.routers.blog.tls.domains[0].main=example.org
+  - traefik.http.routers.blog.tls.domains[0].sans=*.example.org
 ```

 ```yaml tab="Docker (Swarm)"
 ## Dynamic configuration
 deploy:
  labels:
-    - traefik.http.routers.blog.rule=Host(`company.com`) && Path(`/blog`)
+    - traefik.http.routers.blog.rule=Host(`example.com`) && Path(`/blog`)
    - traefik.http.services.blog-svc.loadbalancer.server.port=8080"
    - traefik.http.routers.blog.tls=true
    - traefik.http.routers.blog.tls.certresolver=myresolver
-    - traefik.http.routers.blog.tls.domains[0].main=company.org
-    - traefik.http.routers.blog.tls.domains[0].sans=*.company.org
+    - traefik.http.routers.blog.tls.domains[0].main=example.org
+    - traefik.http.routers.blog.tls.domains[0].sans=*.example.org
 ```

 ```yaml tab="Kubernetes"
@@ -30,7 +30,7 @@ spec:
  entryPoints:
    - websecure
  routes:
-  - match: Host(`company.com`) && Path(`/blog`)
+  - match: Host(`example.com`) && Path(`/blog`)
    kind: Rule
    services:
    - name: blog
@@ -38,18 +38,18 @@ spec:
  tls:
    certResolver: myresolver
    domains:
-    - main: company.org
+    - main: example.org
      sans:
-      - *.company.org
+      - *.example.org
 ```

 ```json tab="Marathon"
 labels: {
-  "traefik.http.routers.blog.rule": "Host(`company.com`) && Path(`/blog`)",
+  "traefik.http.routers.blog.rule": "Host(`example.com`) && Path(`/blog`)",
  "traefik.http.routers.blog.tls": "true",
  "traefik.http.routers.blog.tls.certresolver": "myresolver",
-  "traefik.http.routers.blog.tls.domains[0].main": "company.com",
-  "traefik.http.routers.blog.tls.domains[0].sans": "*.company.com",
+  "traefik.http.routers.blog.tls.domains[0].main": "example.com",
+  "traefik.http.routers.blog.tls.domains[0].sans": "*.example.com",
  "traefik.http.services.blog-svc.loadbalancer.server.port": "8080"
 }
 ```
@@ -57,23 +57,23 @@ labels: {
 ```yaml tab="Rancher"
 ## Dynamic configuration
 labels:
-  - traefik.http.routers.blog.rule=Host(`company.com`) && Path(`/blog`)
+  - traefik.http.routers.blog.rule=Host(`example.com`) && Path(`/blog`)
  - traefik.http.routers.blog.tls=true
  - traefik.http.routers.blog.tls.certresolver=myresolver
-  - traefik.http.routers.blog.tls.domains[0].main=company.org
-  - traefik.http.routers.blog.tls.domains[0].sans=*.company.org
+  - traefik.http.routers.blog.tls.domains[0].main=example.org
+  - traefik.http.routers.blog.tls.domains[0].sans=*.example.org
 ```

 ```toml tab="File (TOML)"
 ## Dynamic configuration
 [http.routers]
  [http.routers.blog]
-    rule = "Host(`company.com`) && Path(`/blog`)"
+    rule = "Host(`example.com`) && Path(`/blog`)"
    [http.routers.blog.tls]
      certResolver = "myresolver" # From static configuration
      [[http.routers.blog.tls.domains]]
-        main = "company.org"
-        sans = ["*.company.org"]
+        main = "example.org"
+        sans = ["*.example.org"]
 ```

 ```yaml tab="File (YAML)"
@@ -81,11 +81,11 @@ labels:
 http:
  routers:
    blog:
-      rule: "Host(`company.com`) && Path(`/blog`)"
+      rule: "Host(`example.com`) && Path(`/blog`)"
      tls:
        certResolver: myresolver
        domains:
-          - main: "company.org"
+          - main: "example.org"
            sans:
-              - "*.company.org"
+              - "*.example.org"
 ```
--- a/docs/content/https/include-acme-multiple-domains-from-rule-example.md
+++ b/docs/content/https/include-acme-multiple-domains-from-rule-example.md
@@ -2,7 +2,7 @@
 ```yaml tab="Docker"
 ## Dynamic configuration
 labels:
-  - traefik.http.routers.blog.rule=(Host(`company.com`) && Path(`/blog`)) || Host(`blog.company.org`)
+  - traefik.http.routers.blog.rule=(Host(`example.com`) && Path(`/blog`)) || Host(`blog.example.org`)
  - traefik.http.routers.blog.tls=true
  - traefik.http.routers.blog.tls.certresolver=myresolver
 ```
@@ -11,7 +11,7 @@ labels:
 ## Dynamic configuration
 deploy:
  labels:
-    - traefik.http.routers.blog.rule=(Host(`company.com`) && Path(`/blog`)) || Host(`blog.company.org`)
+    - traefik.http.routers.blog.rule=(Host(`example.com`) && Path(`/blog`)) || Host(`blog.example.org`)
    - traefik.http.routers.blog.tls=true
    - traefik.http.routers.blog.tls.certresolver=myresolver
    - traefik.http.services.blog-svc.loadbalancer.server.port=8080"
@@ -26,7 +26,7 @@ spec:
  entryPoints:
    - websecure
  routes:
-  - match: (Host(`company.com`) && Path(`/blog`)) || Host(`blog.company.org`)
+  - match: (Host(`example.com`) && Path(`/blog`)) || Host(`blog.example.org`)
    kind: Rule
    services:
    - name: blog
@@ -37,7 +37,7 @@ spec:

 ```json tab="Marathon"
 labels: {
-  "traefik.http.routers.blog.rule": "(Host(`company.com`) && Path(`/blog`)) || Host(`blog.company.org`)",
+  "traefik.http.routers.blog.rule": "(Host(`example.com`) && Path(`/blog`)) || Host(`blog.example.org`)",
  "traefik.http.routers.blog.tls": "true",
  "traefik.http.routers.blog.tls.certresolver": "myresolver",
  "traefik.http.services.blog-svc.loadbalancer.server.port": "8080"
@@ -47,7 +47,7 @@ labels: {
 ```yaml tab="Rancher"
 ## Dynamic configuration
 labels:
-  - traefik.http.routers.blog.rule=(Host(`company.com`) && Path(`/blog`)) || Host(`blog.company.org`)
+  - traefik.http.routers.blog.rule=(Host(`example.com`) && Path(`/blog`)) || Host(`blog.example.org`)
  - traefik.http.routers.blog.tls=true
  - traefik.http.routers.blog.tls.certresolver=myresolver
 ```
@@ -56,7 +56,7 @@ labels:
 ## Dynamic configuration
 [http.routers]
  [http.routers.blog]
-    rule = "(Host(`company.com`) && Path(`/blog`)) || Host(`blog.company.org`)"
+    rule = "(Host(`example.com`) && Path(`/blog`)) || Host(`blog.example.org`)"
    [http.routers.blog.tls]
      certResolver = "myresolver"
 ```
@@ -66,7 +66,7 @@ labels:
 http:
  routers:
    blog:
-      rule: "(Host(`company.com`) && Path(`/blog`)) || Host(`blog.company.org`)"
+      rule: "(Host(`example.com`) && Path(`/blog`)) || Host(`blog.example.org`)"
      tls:
        certResolver: myresolver
 ```
--- a/docs/content/https/include-acme-single-domain-example.md
+++ b/docs/content/https/include-acme-single-domain-example.md
@@ -2,7 +2,7 @@
 ```yaml tab="Docker"
 ## Dynamic configuration
 labels:
-  - traefik.http.routers.blog.rule=Host(`company.com`) && Path(`/blog`)
+  - traefik.http.routers.blog.rule=Host(`example.com`) && Path(`/blog`)
  - traefik.http.routers.blog.tls=true
  - traefik.http.routers.blog.tls.certresolver=myresolver
 ```
@@ -11,7 +11,7 @@ labels:
 ## Dynamic configuration
 deploy:
  labels:
-    - traefik.http.routers.blog.rule=Host(`company.com`) && Path(`/blog`)
+    - traefik.http.routers.blog.rule=Host(`example.com`) && Path(`/blog`)
    - traefik.http.routers.blog.tls=true
    - traefik.http.routers.blog.tls.certresolver=myresolver
    - traefik.http.services.blog-svc.loadbalancer.server.port=8080"
@@ -26,7 +26,7 @@ spec:
  entryPoints:
    - websecure
  routes:
-  - match: Host(`company.com`) && Path(`/blog`)
+  - match: Host(`example.com`) && Path(`/blog`)
    kind: Rule
    services:
    - name: blog
@@ -37,7 +37,7 @@ spec:

 ```json tab="Marathon"
 labels: {
-  "traefik.http.routers.blog.rule": "Host(`company.com`) && Path(`/blog`)",
+  "traefik.http.routers.blog.rule": "Host(`example.com`) && Path(`/blog`)",
  "traefik.http.routers.blog.tls": "true",
  "traefik.http.routers.blog.tls.certresolver": "myresolver",
  "traefik.http.services.blog-svc.loadbalancer.server.port": "8080"
@@ -47,16 +47,16 @@ labels: {
 ```yaml tab="Rancher"
 ## Dynamic configuration
 labels:
-  - traefik.http.routers.blog.rule=Host(`company.com`) && Path(`/blog`)
+  - traefik.http.routers.blog.rule=Host(`example.com`) && Path(`/blog`)
  - traefik.http.routers.blog.tls=true
  - traefik.http.routers.blog.tls.certresolver=myresolver
 ```

-```toml tab="Single Domain"
+```toml tab="File (TOML)"
 ## Dynamic configuration
 [http.routers]
  [http.routers.blog]
-  rule = "Host(`company.com`) && Path(`/blog`)"
+  rule = "Host(`example.com`) && Path(`/blog`)"
  [http.routers.blog.tls]
    certResolver = "myresolver"
 ```
@@ -66,7 +66,7 @@ labels:
 http:
  routers:
    blog:
-      rule: "Host(`company.com`) && Path(`/blog`)"
+      rule: "Host(`example.com`) && Path(`/blog`)"
      tls:
        certResolver: myresolver
 ```
--- a/docs/content/https/ref-acme.toml
+++ b/docs/content/https/ref-acme.toml
@@ -5,7 +5,7 @@
  #
  # Required
  #
-  email = "test@traefik.io"
+  email = "test@example.com"

  # File or key used for certificates storage.
  #
--- a/docs/content/https/ref-acme.txt
+++ b/docs/content/https/ref-acme.txt
@@ -4,7 +4,7 @@
 #
 # Required
 #
--certificatesResolvers.myresolver.acme.email=test@traefik.io
+--certificatesResolvers.myresolver.acme.email=test@example.com

 # File or key used for certificates storage.
 #
--- a/docs/content/https/ref-acme.yaml
+++ b/docs/content/https/ref-acme.yaml
@@ -7,7 +7,7 @@ certificatesResolvers:
      #
      # Required
      #
-      email: "test@traefik.io"
+      email: "test@example.com"

      # File or key used for certificates storage.
      #
--- a/docs/content/middlewares/basicauth.md
+++ b/docs/content/middlewares/basicauth.md
@@ -71,7 +71,7 @@ http:

 ### General

-Passwords must be encoded using MD5, SHA1, or BCrypt.
+Passwords must be hashed using MD5, SHA1, or BCrypt.

 !!! tip 

@@ -79,7 +79,7 @@ Passwords must be encoded using MD5, SHA1, or BCrypt.

 ### `users`

-The `users` option is an array of authorized users. Each user will be declared using the `name:encoded-password` format.
+The `users` option is an array of authorized users. Each user will be declared using the `name:hashed-password` format.

 !!! note ""
    
@@ -165,7 +165,7 @@ http:

 The `usersFile` option is the path to an external file that contains the authorized users for the middleware.

-The file content is a list of `name:encoded-password`.
+The file content is a list of `name:hashed-password`.

 !!! note ""
    
--- a/docs/content/middlewares/forwardauth.md
+++ b/docs/content/middlewares/forwardauth.md
@@ -12,53 +12,53 @@ Otherwise, the response from the authentication server is returned.
 ## Configuration Examples

 ```yaml tab="Docker"
-# Forward authentication to authserver.com
+# Forward authentication to example.com
 labels:
-  - "traefik.http.middlewares.test-auth.forwardauth.address=https://authserver.com/auth"
+  - "traefik.http.middlewares.test-auth.forwardauth.address=https://example.com/auth"
 ```

 ```yaml tab="Kubernetes"
-# Forward authentication to authserver.com
+# Forward authentication to example.com
 apiVersion: traefik.containo.us/v1alpha1
 kind: Middleware
 metadata:
  name: test-auth
 spec:
  forwardAuth:
-    address: https://authserver.com/auth
+    address: https://example.com/auth
 ```

 ```yaml tab="Consul Catalog"
-# Forward authentication to authserver.com
- "traefik.http.middlewares.test-auth.forwardauth.address=https://authserver.com/auth"
+# Forward authentication to example.com
+- "traefik.http.middlewares.test-auth.forwardauth.address=https://example.com/auth"
 ```

 ```json tab="Marathon"
 "labels": {
-  "traefik.http.middlewares.test-auth.forwardauth.address": "https://authserver.com/auth"
+  "traefik.http.middlewares.test-auth.forwardauth.address": "https://example.com/auth"
 }
 ```

 ```yaml tab="Rancher"
-# Forward authentication to authserver.com
+# Forward authentication to example.com
 labels:
-  - "traefik.http.middlewares.test-auth.forwardauth.address=https://authserver.com/auth"
+  - "traefik.http.middlewares.test-auth.forwardauth.address=https://example.com/auth"
 ```

 ```toml tab="File (TOML)"
-# Forward authentication to authserver.com
+# Forward authentication to example.com
 [http.middlewares]
  [http.middlewares.test-auth.forwardAuth]
-    address = "https://authserver.com/auth"
+    address = "https://example.com/auth"
 ```

 ```yaml tab="File (YAML)"
-# Forward authentication to authserver.com
+# Forward authentication to example.com
 http:
  middlewares:
    test-auth:
      forwardAuth:
-        address: "https://authserver.com/auth"
+        address: "https://example.com/auth"
 ```

 ## Configuration Options
@@ -69,7 +69,7 @@ The `address` option defines the authentication server address.

 ```yaml tab="Docker"
 labels:
-  - "traefik.http.middlewares.test-auth.forwardauth.address=https://authserver.com/auth"
+  - "traefik.http.middlewares.test-auth.forwardauth.address=https://example.com/auth"
 ```

 ```yaml tab="Kubernetes"
@@ -79,28 +79,28 @@ metadata:
  name: test-auth
 spec:
  forwardAuth:
-    address: https://authserver.com/auth 
+    address: https://example.com/auth 
 ```

 ```yaml tab="Consul Catalog"
- "traefik.http.middlewares.test-auth.forwardauth.address=https://authserver.com/auth"
+- "traefik.http.middlewares.test-auth.forwardauth.address=https://example.com/auth"
 ```

 ```json tab="Marathon"
 "labels": {
-  "traefik.http.middlewares.test-auth.forwardauth.address": "https://authserver.com/auth"
+  "traefik.http.middlewares.test-auth.forwardauth.address": "https://example.com/auth"
 }
 ```

 ```yaml tab="Rancher"
 labels:
-  - "traefik.http.middlewares.test-auth.forwardauth.address=https://authserver.com/auth"
+  - "traefik.http.middlewares.test-auth.forwardauth.address=https://example.com/auth"
 ```

 ```toml tab="File (TOML)"
 [http.middlewares]
  [http.middlewares.test-auth.forwardAuth]
-    address = "https://authserver.com/auth"
+    address = "https://example.com/auth"
 ```

 ```yaml tab="File (YAML)"
@@ -108,7 +108,7 @@ http:
  middlewares:
    test-auth:
      forwardAuth:
-        address: "https://authserver.com/auth"
+        address: "https://example.com/auth"
 ```

 ### `trustForwardHeader`
@@ -127,7 +127,7 @@ metadata:
  name: test-auth
 spec:
  forwardAuth:
-    address: https://authserver.com/auth
+    address: https://example.com/auth
    trustForwardHeader: true
 ```

@@ -149,7 +149,7 @@ labels:
 ```toml tab="File (TOML)"
 [http.middlewares]
  [http.middlewares.test-auth.forwardAuth]
-    address = "https://authserver.com/auth"
+    address = "https://example.com/auth"
    trustForwardHeader = true
 ```

@@ -158,7 +158,7 @@ http:
  middlewares:
    test-auth:
      forwardAuth:
-        address: "https://authserver.com/auth"
+        address: "https://example.com/auth"
        trustForwardHeader: true
 ```

@@ -178,7 +178,7 @@ metadata:
  name: test-auth
 spec:
  forwardAuth:
-    address: https://authserver.com/auth
+    address: https://example.com/auth
    authResponseHeaders:
      - X-Auth-User
      - X-Secret
@@ -202,7 +202,7 @@ labels:
 ```toml tab="File (TOML)"
 [http.middlewares]
  [http.middlewares.test-auth.forwardAuth]
-    address = "https://authserver.com/auth"
+    address = "https://example.com/auth"
    authResponseHeaders = ["X-Auth-User", "X-Secret"]
 ```

@@ -211,7 +211,7 @@ http:
  middlewares:
    test-auth:
      forwardAuth:
-        address: "https://authserver.com/auth"
+        address: "https://example.com/auth"
        authResponseHeaders:
          - "X-Auth-User"
          - "X-Secret"
@@ -237,7 +237,7 @@ metadata:
  name: test-auth
 spec:
  forwardAuth:
-    address: https://authserver.com/auth
+    address: https://example.com/auth
    tls:
      caSecret: mycasercret

@@ -270,7 +270,7 @@ labels:
 ```toml tab="File (TOML)"
 [http.middlewares]
  [http.middlewares.test-auth.forwardAuth]
-    address = "https://authserver.com/auth"
+    address = "https://example.com/auth"
    [http.middlewares.test-auth.forwardAuth.tls]
      ca = "path/to/local.crt"
 ```
@@ -280,7 +280,7 @@ http:
  middlewares:
    test-auth:
      forwardAuth:
-        address: "https://authserver.com/auth"
+        address: "https://example.com/auth"
        tls:
          ca: "path/to/local.crt"
 ```
@@ -306,7 +306,7 @@ metadata:
  name: test-auth
 spec:
  forwardAuth:
-    address: https://authserver.com/auth
+    address: https://example.com/auth
    tls:
      caOptional: true
 ```
@@ -329,7 +329,7 @@ labels:
 ```toml tab="File (TOML)"
 [http.middlewares]
  [http.middlewares.test-auth.forwardAuth]
-    address = "https://authserver.com/auth"
+    address = "https://example.com/auth"
    [http.middlewares.test-auth.forwardAuth.tls]
      caOptional = true
 ```
@@ -339,7 +339,7 @@ http:
  middlewares:
    test-auth:
      forwardAuth:
-        address: "https://authserver.com/auth"
+        address: "https://example.com/auth"
        tls:
          caOptional: true
 ```
@@ -361,7 +361,7 @@ metadata:
  name: test-auth
 spec:
  forwardAuth:
-    address: https://authserver.com/auth
+    address: https://example.com/auth
    tls:
      certSecret: mytlscert

@@ -398,7 +398,7 @@ labels:
 ```toml tab="File (TOML)"
 [http.middlewares]
  [http.middlewares.test-auth.forwardAuth]
-    address = "https://authserver.com/auth"
+    address = "https://example.com/auth"
    [http.middlewares.test-auth.forwardAuth.tls]
      cert = "path/to/foo.cert"
      key = "path/to/foo.key"
@@ -409,7 +409,7 @@ http:
  middlewares:
    test-auth:
      forwardAuth:
-        address: "https://authserver.com/auth"
+        address: "https://example.com/auth"
        tls:
          cert: "path/to/foo.cert"
          key: "path/to/foo.key"
@@ -435,7 +435,7 @@ metadata:
  name: test-auth
 spec:
  forwardAuth:
-    address: https://authserver.com/auth
+    address: https://example.com/auth
    tls:
      certSecret: mytlscert

@@ -472,7 +472,7 @@ labels:
 ```toml tab="File (TOML)"
 [http.middlewares]
  [http.middlewares.test-auth.forwardAuth]
-    address = "https://authserver.com/auth"
+    address = "https://example.com/auth"
    [http.middlewares.test-auth.forwardAuth.tls]
      cert = "path/to/foo.cert"
      key = "path/to/foo.key"
@@ -483,7 +483,7 @@ http:
  middlewares:
    test-auth:
      forwardAuth:
-        address: "https://authserver.com/auth"
+        address: "https://example.com/auth"
        tls:
          cert: "path/to/foo.cert"
          key: "path/to/foo.key"
@@ -508,7 +508,7 @@ metadata:
  name: test-auth
 spec:
  forwardAuth:
-    address: https://authserver.com/auth
+    address: https://example.com/auth
    tls:
      insecureSkipVerify: true
 ```
@@ -531,7 +531,7 @@ labels:
 ```toml tab="File (TOML)"
 [http.middlewares]
  [http.middlewares.test-auth.forwardAuth]
-    address = "https://authserver.com/auth"
+    address = "https://example.com/auth"
    [http.middlewares.test-auth.forwardAuth.tls]
      insecureSkipVerify: true
 ```
@@ -541,7 +541,7 @@ http:
  middlewares:
    test-auth:
      forwardAuth:
-        address: "https://authserver.com/auth"
+        address: "https://example.com/auth"
        tls:
          insecureSkipVerify: true
 ```
--- a/docs/content/middlewares/overview.md
+++ b/docs/content/middlewares/overview.md
@@ -188,7 +188,7 @@ then you'll have to append to the middleware name, the `@` separator, followed b
      entryPoints:
        - web
      routes:
-        - match: Host(`bar.com`)
+        - match: Host(`example.com`)
          kind: Rule
          services:
            - name: whoami
--- a/docs/content/middlewares/passtlsclientcert.md
+++ b/docs/content/middlewares/passtlsclientcert.md
@@ -265,7 +265,7 @@ In the following example, you can see a complete certificate. We will use each p
            Validity
                Not Before: Dec  6 11:10:16 2018 GMT
                Not After : Dec  5 11:10:16 2020 GMT
-            Subject: DC=org, DC=cheese, O=Cheese, O=Cheese 2, OU=Simple Signing Section, OU=Simple Signing Section 2, CN=*.cheese.org, CN=*.cheese.com, C=FR, C=US, L=TOULOUSE, L=LYON, ST=Cheese org state, ST=Cheese com state/emailAddress=cert@cheese.org/emailAddress=cert@scheese.com
+            Subject: DC=org, DC=cheese, O=Cheese, O=Cheese 2, OU=Simple Signing Section, OU=Simple Signing Section 2, CN=*.example.org, CN=*.example.com, C=FR, C=US, L=TOULOUSE, L=LYON, ST=Cheese org state, ST=Cheese com state/emailAddress=cert@example.org/emailAddress=cert@sexample.com
            Subject Public Key Info:
                Public Key Algorithm: rsaEncryption
                    RSA Public-Key: (2048 bit)
@@ -302,7 +302,7 @@ In the following example, you can see a complete certificate. We will use each p
                    keyid:1E:52:A2:E8:54:D5:37:EB:D5:A8:1D:E4:C2:04:1D:37:E2:F7:70:03
    
                X509v3 Subject Alternative Name: 
-                    DNS:*.cheese.org, DNS:*.cheese.net, DNS:*.cheese.com, IP Address:10.0.1.0, IP Address:10.0.1.2, email:test@cheese.org, email:test@cheese.net
+                    DNS:*.example.org, DNS:*.example.net, DNS:*.example.com, IP Address:10.0.1.0, IP Address:10.0.1.2, email:test@example.org, email:test@example.net
        Signature Algorithm: sha1WithRSAEncryption
             76:6b:05:b0:0e:34:11:b1:83:99:91:dc:ae:1b:e2:08:15:8b:
             16:b2:9b:27:1c:02:ac:b5:df:1b:d0:d0:75:a4:2b:2c:5c:65:
@@ -422,7 +422,7 @@ The value of the header will be an escaped concatenation of all the selected cer
 The following example shows an unescaped result that uses all the available fields: 

 ```text
-Subject="DC=org,DC=cheese,C=FR,C=US,ST=Cheese org state,ST=Cheese com state,L=TOULOUSE,L=LYON,O=Cheese,O=Cheese 2,CN=*.cheese.com";Issuer="DC=org,DC=cheese,C=FR,C=US,ST=Signing State,ST=Signing State 2,L=TOULOUSE,L=LYON,O=Cheese,O=Cheese 2,CN=Simple Signing CA 2";NB="1544094616";NA="1607166616";SAN="*.cheese.org,*.cheese.net,*.cheese.com,test@cheese.org,test@cheese.net,10.0.1.0,10.0.1.2"
+Subject="DC=org,DC=cheese,C=FR,C=US,ST=Cheese org state,ST=Cheese com state,L=TOULOUSE,L=LYON,O=Cheese,O=Cheese 2,CN=*.example.com";Issuer="DC=org,DC=cheese,C=FR,C=US,ST=Signing State,ST=Signing State 2,L=TOULOUSE,L=LYON,O=Cheese,O=Cheese 2,CN=Simple Signing CA 2";NB="1544094616";NA="1607166616";SAN="*.example.org,*.example.net,*.example.com,test@example.org,test@example.net,10.0.1.0,10.0.1.2"
 ```

 !!! info "Multiple certificates"
@@ -471,13 +471,13 @@ The data are taken from the following certificate part:

 ```text
 X509v3 Subject Alternative Name: 
-    DNS:*.cheese.org, DNS:*.cheese.net, DNS:*.cheese.com, IP Address:10.0.1.0, IP Address:10.0.1.2, email:test@cheese.org, email:test@cheese.net
+    DNS:*.example.org, DNS:*.example.net, DNS:*.example.com, IP Address:10.0.1.0, IP Address:10.0.1.2, email:test@example.org, email:test@example.net
 ```

 The escape SANs info part will be like:

 ```text
-SAN="*.cheese.org,*.cheese.net,*.cheese.com,test@cheese.org,test@cheese.net,10.0.1.0,10.0.1.2"
+SAN="*.example.org,*.example.net,*.example.com,test@example.org,test@example.net,10.0.1.0,10.0.1.2"
 ```

 !!! info "multiple values"
@@ -491,7 +491,7 @@ The `info.subject` select the specific client certificate subject details you wa
 The data are taken from the following certificate part :

 ```text
-Subject: DC=org, DC=cheese, O=Cheese, O=Cheese 2, OU=Simple Signing Section, OU=Simple Signing Section 2, CN=*.cheese.org, CN=*.cheese.com, C=FR, C=US, L=TOULOUSE, L=LYON, ST=Cheese org state, ST=Cheese com state/emailAddress=cert@cheese.org/emailAddress=cert@scheese.com
+Subject: DC=org, DC=cheese, O=Cheese, O=Cheese 2, OU=Simple Signing Section, OU=Simple Signing Section 2, CN=*.example.org, CN=*.example.com, C=FR, C=US, L=TOULOUSE, L=LYON, ST=Cheese org state, ST=Cheese com state/emailAddress=cert@example.org/emailAddress=cert@sexample.com
 ```

 ##### `info.subject.country`
@@ -549,7 +549,7 @@ The data are taken from the subject part with the `CN` key.
 The escape common name info in the subject part will be like :

 ```text
-CN=*.cheese.com
+CN=*.example.com
 ```

 ##### `info.subject.serialNumber`
--- a/docs/content/migration/v1-to-v2.md
+++ b/docs/content/migration/v1-to-v2.md
@@ -97,7 +97,7 @@ Then any router can refer to an instance of the wanted middleware.

    ```yaml tab="Docker"
    labels:
-      - "traefik.http.routers.router0.rule=Host(`bar.com`) && PathPrefix(`/test`)"
+      - "traefik.http.routers.router0.rule=Host(`example.com`) && PathPrefix(`/test`)"
      - "traefik.http.routers.router0.middlewares=auth"
      - "traefik.http.middlewares.auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
    ```
@@ -225,7 +225,7 @@ Then, a [router's TLS field](../routing/routers/index.md#tls) can refer to one o
    # dynamic configuration
    [http.routers]
      [http.routers.Router-1]
-        rule = "Host(`bar.com`)"
+        rule = "Host(`example.com`)"
        service = "service-id"
        # will terminate the TLS request
        [http.routers.Router-1.tls]
@@ -252,7 +252,7 @@ Then, a [router's TLS field](../routing/routers/index.md#tls) can refer to one o
    http:
      routers:
        Router-1:
-          rule: "Host(`bar.com`)"
+          rule: "Host(`example.com`)"
          service: service-id
          # will terminate the TLS request
          tls:
@@ -301,7 +301,7 @@ Then, a [router's TLS field](../routing/routers/index.md#tls) can refer to one o
      entryPoints:
        - web
      routes:
-        - match: Host(`bar.com`)
+        - match: Host(`example.com`)
          kind: Rule
          services:
            - name: whoami
@@ -416,7 +416,7 @@ To apply a redirection:
        entryPoints = ["web", "websecure"]
        [frontends.frontend1.routes]
          [frontends.frontend1.routes.route0]
-            rule = "Host:foo.com"
+            rule = "Host:example.net"
        [frontends.frontend1.redirect]
          entryPoint = "websecure"
    ```
@@ -425,11 +425,11 @@ To apply a redirection:

    ```yaml tab="Docker"
    labels:
-      traefik.http.routers.app.rule: Host(`foo.com`)
+      traefik.http.routers.app.rule: Host(`example.net`)
      traefik.http.routers.app.entrypoints: web
      traefik.http.routers.app.middlewares: https_redirect
    
-      traefik.http.routers.appsecured.rule: Host(`foo.com`)
+      traefik.http.routers.appsecured.rule: Host(`example.net`)
      traefik.http.routers.appsecured.entrypoints: websecure
      traefik.http.routers.appsecured.tls: true
    
@@ -447,7 +447,7 @@ To apply a redirection:
      entryPoints:
        - web
      routes:
-        - match: Host(`foo.com`)
+        - match: Host(`example.net`)
          kind: Rule
          services:
            - name: whoami
@@ -489,13 +489,13 @@ To apply a redirection:
    
    [http.routers]
      [http.routers.router0]
-        rule = "Host(`foo.com`)"
+        rule = "Host(`example.net`)"
        service = "my-service"
        entrypoints = ["web"]
        middlewares = ["https_redirect"]
    
    [http.routers.router1]
-        rule = "Host(`foo.com`)"
+        rule = "Host(`example.net`)"
        service = "my-service"
        entrypoints = ["websecure"]
        [http.routers.router1.tls]
@@ -513,7 +513,7 @@ To apply a redirection:
    http:
      routers:
        router0:
-          rule: "Host(`foo.com`)"
+          rule: "Host(`example.net`)"
          entryPoints:
            - web
          middlewares:
@@ -521,7 +521,7 @@ To apply a redirection:
          service: my-service
    
        router1:
-          rule: "Host(`foo.com`)"
+          rule: "Host(`example.net`)"
          entryPoints:
            - websecure
          service: my-service
@@ -541,7 +541,7 @@ With the new core notions of v2 (introduced earlier in the section
 transforming the URL path prefix of incoming requests is configured with [middlewares](../middlewares/overview.md),
 after the routing step with [router rule `PathPrefix`](../routing/routers/index.md#rule).

-Use Case: Incoming requests to `http://company.org/admin` are forwarded to the webapplication "admin",
+Use Case: Incoming requests to `http://example.org/admin` are forwarded to the webapplication "admin",
 with the path `/admin` stripped, e.g. to `http://<IP>:<port>/`. In this case, you must:

 - First, configure a router named `admin` with a rule matching at least the path prefix with the `PathPrefix` keyword,
@@ -553,7 +553,7 @@ with the path `/admin` stripped, e.g. to `http://<IP>:<port>/`. In this case, yo

    ```yaml tab="Docker"
    labels:
-      - "traefik.frontend.rule=Host:company.org;PathPrefixStrip:/admin"
+      - "traefik.frontend.rule=Host:example.org;PathPrefixStrip:/admin"
    ```

    ```yaml tab="Kubernetes Ingress"
@@ -566,7 +566,7 @@ with the path `/admin` stripped, e.g. to `http://<IP>:<port>/`. In this case, yo
        traefik.ingress.kubernetes.io/rule-type: PathPrefixStrip
    spec:
      rules:
-      - host: company.org
+      - host: example.org
        http:
          paths:
          - path: /admin
@@ -578,14 +578,14 @@ with the path `/admin` stripped, e.g. to `http://<IP>:<port>/`. In this case, yo
    ```toml tab="File (TOML)"
    [frontends.admin]
      [frontends.admin.routes.admin_1]
-      rule = "Host:company.org;PathPrefixStrip:/admin"
+      rule = "Host:example.org;PathPrefixStrip:/admin"
    ```

    !!! info "v2"

    ```yaml tab="Docker"
    labels:
-      - "traefik.http.routers.admin.rule=Host(`company.org`) && PathPrefix(`/admin`)"
+      - "traefik.http.routers.admin.rule=Host(`example.org`) && PathPrefix(`/admin`)"
      - "traefik.http.routers.admin.middlewares=admin-stripprefix"
      - "traefik.http.middlewares.admin-stripprefix.stripprefix.prefixes=/admin"
    ```
@@ -601,7 +601,7 @@ with the path `/admin` stripped, e.g. to `http://<IP>:<port>/`. In this case, yo
      entryPoints:
        - web
      routes:
-        - match: Host(`company.org`) && PathPrefix(`/admin`)
+        - match: Host(`example.org`) && PathPrefix(`/admin`)
          kind: Rule
          services:
            - name: admin-svc
@@ -623,7 +623,7 @@ with the path `/admin` stripped, e.g. to `http://<IP>:<port>/`. In this case, yo
    # dynamic-conf.toml

    [http.routers.router1]
-        rule = "Host(`company.org`) && PathPrefix(`/admin`)"
+        rule = "Host(`example.org`) && PathPrefix(`/admin`)"
        service = "admin-svc"
        entrypoints = ["web"]
        middlewares = ["admin-stripprefix"]
@@ -646,7 +646,7 @@ with the path `/admin` stripped, e.g. to `http://<IP>:<port>/`. In this case, yo
          service: admin-svc
          middlewares:
            - "admin-stripprefix"
-          rule: "Host(`company.org`) && PathPrefix(`/admin`)"
+          rule: "Host(`example.org`) && PathPrefix(`/admin`)"

      middlewares:
        admin-stripprefix:
@@ -687,7 +687,7 @@ with the path `/admin` stripped, e.g. to `http://<IP>:<port>/`. In this case, yo
      [entryPoints.websecure.tls]
    
    [acme]
-      email = "your-email-here@my-awesome-app.org"
+      email = "your-email-here@example.com"
      storage = "acme.json"
      entryPoint = "websecure"
      onHostRule = true
@@ -698,7 +698,7 @@ with the path `/admin` stripped, e.g. to `http://<IP>:<port>/`. In this case, yo
    --defaultentrypoints=websecure,web
    --entryPoints=Name:web Address::80 Redirect.EntryPoint:websecure
    --entryPoints=Name:websecure Address::443 TLS
-    --acme.email=your-email-here@my-awesome-app.org
+    --acme.email=your-email-here@example.com
    --acme.storage=acme.json
    --acme.entryPoint=websecure
    --acme.onHostRule=true
@@ -719,7 +719,7 @@ with the path `/admin` stripped, e.g. to `http://<IP>:<port>/`. In this case, yo
        certResolver = "myresolver"
    
    [certificatesResolvers.myresolver.acme]
-      email = "your-email@your-domain.org"
+      email = "your-email@example.com"
      storage = "acme.json"
      [certificatesResolvers.myresolver.acme.tlsChallenge]
    ```
@@ -738,7 +738,7 @@ with the path `/admin` stripped, e.g. to `http://<IP>:<port>/`. In this case, yo
    certificatesResolvers:
      myresolver:
        acme:
-          email: your-email@your-domain.org
+          email: your-email@example.com
          storage: acme.json
          tlsChallenge: {}
    ```
@@ -746,7 +746,7 @@ with the path `/admin` stripped, e.g. to `http://<IP>:<port>/`. In this case, yo
    ```bash tab="CLI"
    --entrypoints.web.address=:80
    --entrypoints.websecure.address=:443
-    --certificatesresolvers.myresolver.acme.email=your-email@your-domain.org
+    --certificatesresolvers.myresolver.acme.email=your-email@example.com
    --certificatesresolvers.myresolver.acme.storage=acme.json
    --certificatesresolvers.myresolver.acme.tlschallenge=true
    ```
--- a/docs/content/migration/v2.md
+++ b/docs/content/migration/v2.md
@@ -172,3 +172,133 @@ rules:
 ```

 After having both resources applied, Traefik will work properly.
+
+### Kubernetes Ingress
+
+To enable HTTPS, it is not sufficient anymore to only rely on a TLS section in the Ingress.
+
+#### Expose an Ingress on 80 and 443
+
+Define the default TLS configuration on the HTTPS entry point. 
+
+```yaml tab="Ingress"
+kind: Ingress
+apiVersion: networking.k8s.io/v1beta1
+metadata:
+  name: example
+
+spec:
+  tls:
+  - secretName: myTlsSecret
+
+  rules:
+  - host: example.com
+    http:
+      paths:
+      - path: "/foo"
+        backend:
+          serviceName: example-com
+          servicePort: 80
+```
+
+Entry points definition and enable Ingress provider:
+
+```yaml tab="File (YAML)"
+# Static configuration
+
+entryPoints:
+  web:
+    address: :80
+  websecure:
+    address: :443
+    http:
+      tls: {}
+
+providers:
+  kubernetesIngress: {}
+```
+
+```toml tab="File (TOML)"
+# Static configuration
+
+[entryPoints.web]
+  address = ":80"
+
+[entryPoints.websecure]
+  address = ":443"
+  [entryPoints.websecure.http]
+    [entryPoints.websecure.http.tls]
+
+[providers.kubernetesIngress]
+```
+
+```bash tab="CLI"
+# Static configuration
+
+--entryPoints.web.address=:80
+--entryPoints.websecure.address=:443
+--entryPoints.websecure.http.tls=true
+--providers.kubernetesIngress=true
+```
+
+#### Use TLS only on one Ingress
+
+Define the TLS restriction with annotations.
+
+```yaml tab="Ingress"
+kind: Ingress
+apiVersion: networking.k8s.io/v1beta1
+metadata:
+  name: example-tls
+  annotations:
+    traefik.ingress.kubernetes.io/router.entrypoints: websecure
+    traefik.ingress.kubernetes.io/router.tls: "true"
+
+spec:
+  tls:
+  - secretName: myTlsSecret
+
+  rules:
+  - host: example.com
+    http:
+      paths:
+      - path: ""
+        backend:
+          serviceName: example-com
+          servicePort: 80
+```
+
+Entry points definition and enable Ingress provider:
+
+```yaml tab="File (YAML)"
+# Static configuration
+
+entryPoints:
+  web:
+    address: :80
+  websecure:
+    address: :443
+
+providers:
+  kubernetesIngress: {}
+```
+
+```toml tab="File (TOML)"
+# Static configuration
+
+[entryPoints.web]
+  address = ":80"
+
+[entryPoints.websecure]
+  address = ":443"
+
+[providers.kubernetesIngress]
+```
+
+```bash tab="CLI"
+# Static configuration
+
+--entryPoints.web.address=:80
+--entryPoints.websecure.address=:443
+--providers.kubernetesIngress=true
+```
--- a/docs/content/observability/access-logs.md
+++ b/docs/content/observability/access-logs.md
@@ -35,7 +35,7 @@ If the given format is unsupported, the default (CLF) is used instead.
 !!! info "Common Log Format"
    
    ```html
-    <remote_IP_address> - <client_user_name_if_available> [<timestamp>] "<request_method> <request_path> <request_protocol>" <origin_server_HTTP_status> <origin_server_content_size> "<request_referrer>" "<request_user_agent>" <number_of_requests_received_since_Traefik_started> "<Traefik_frontend_name>" "<Traefik_backend_URL>" <request_duration_in_ms>ms 
+    <remote_IP_address> - <client_user_name_if_available> [<timestamp>] "<request_method> <request_path> <request_protocol>" <origin_server_HTTP_status> <origin_server_content_size> "<request_referrer>" "<request_user_agent>" <number_of_requests_received_since_Traefik_started> "<Traefik_router_name>" "<Traefik_server_URL>" <request_duration_in_ms>ms
    ```

 ### `bufferingSize`
--- a/docs/content/operations/api.md
+++ b/docs/content/operations/api.md
@@ -50,21 +50,21 @@ And then define a routing configuration on Traefik itself with the
    However, you can also use "path prefix" rule or any combination or rules.

    ```bash tab="Host Rule"
-    # Matches http://traefik.domain.com, http://traefik.domain.com/api
-    # or http://traefik.domain.com/hello
-    rule = "Host(`traefik.domain.com`)"
+    # Matches http://traefik.example.com, http://traefik.example.com/api
+    # or http://traefik.example.com/hello
+    rule = "Host(`traefik.example.com`)"
    ```

    ```bash tab="Path Prefix Rule"
-    # Matches http://api.traefik.domain.com/api or http://domain.com/api
-    # but does not match http://api.traefik.domain.com/hello
+    # Matches http://api.traefik.example.com/api or http://example.com/api
+    # but does not match http://api.traefik.example.com/hello
    rule = "PathPrefix(`/api`)"
    ```

    ```bash tab="Combination of Rules"
-    # Matches http://traefik.domain.com/api or http://traefik.domain.com/dashboard
-    # but does not match http://traefik.domain.com/hello
-    rule = "Host(`traefik.domain.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
+    # Matches http://traefik.example.com/api or http://traefik.example.com/dashboard
+    # but does not match http://traefik.example.com/hello
+    rule = "Host(`traefik.example.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
    ```

 ### `insecure`
--- a/docs/content/operations/dashboard.md
+++ b/docs/content/operations/dashboard.md
@@ -81,22 +81,22 @@ As underlined in the [documentation for the `api.dashboard` option](./api.md#das
 the [router rule](../routing/routers/index.md#rule) defined for Traefik must match
 the path prefixes `/api` and `/dashboard`.

-We recommend to use a "Host Based rule" as ```Host(`traefik.domain.com`)``` to match everything on the host domain,
+We recommend to use a "Host Based rule" as ```Host(`traefik.example.com`)``` to match everything on the host domain,
 or to make sure that the defined rule captures both prefixes:

 ```bash tab="Host Rule"
-# The dashboard can be accessed on http://traefik.domain.com/dashboard/
-rule = "Host(`traefik.domain.com`)"
+# The dashboard can be accessed on http://traefik.example.com/dashboard/
+rule = "Host(`traefik.example.com`)"
 ```

 ```bash tab="Path Prefix Rule"
-# The dashboard can be accessed on http://domain.com/dashboard/ or http://traefik.domain.com/dashboard/
+# The dashboard can be accessed on http://example.com/dashboard/ or http://traefik.example.com/dashboard/
 rule = "PathPrefix(`/api`) || PathPrefix(`/dashboard`)"
 ```

 ```bash tab="Combination of Rules"
-# The dashboard can be accessed on http://traefik.domain.com/dashboard/
-rule = "Host(`traefik.domain.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
+# The dashboard can be accessed on http://traefik.example.com/dashboard/
+rule = "Host(`traefik.example.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
 ```

 ## Insecure Mode
--- a/docs/content/operations/include-api-examples.md
+++ b/docs/content/operations/include-api-examples.md
@@ -1,7 +1,7 @@
 ```yaml tab="Docker"
 # Dynamic Configuration
 labels:
-  - "traefik.http.routers.api.rule=Host(`traefik.domain.com`)"
+  - "traefik.http.routers.api.rule=Host(`traefik.example.com`)"
  - "traefik.http.routers.api.service=api@internal"
  - "traefik.http.routers.api.middlewares=auth"
  - "traefik.http.middlewares.auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
@@ -11,7 +11,7 @@ labels:
 # Dynamic Configuration
 deploy:
  labels:
-    - "traefik.http.routers.api.rule=Host(`traefik.domain.com`)"
+    - "traefik.http.routers.api.rule=Host(`traefik.example.com`)"
    - "traefik.http.routers.api.service=api@internal"
    - "traefik.http.routers.api.middlewares=auth"
    - "traefik.http.middlewares.auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
@@ -26,7 +26,7 @@ metadata:
  name: traefik-dashboard
 spec:
  routes:
-  - match: Host(`traefik.domain.com`)
+  - match: Host(`traefik.example.com`)
    kind: Rule
    services:
    - name: api@internal
@@ -45,7 +45,7 @@ spec:

 ```yaml tab="Consul Catalog"
 # Dynamic Configuration
- "traefik.http.routers.api.rule=Host(`traefik.domain.com`)"
+- "traefik.http.routers.api.rule=Host(`traefik.example.com`)"
 - "traefik.http.routers.api.service=api@internal"
 - "traefik.http.routers.api.middlewares=auth"
 - "traefik.http.middlewares.auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
@@ -53,7 +53,7 @@ spec:

 ```json tab="Marathon"
 "labels": {
-  "traefik.http.routers.api.rule": "Host(`traefik.domain.com`)",
+  "traefik.http.routers.api.rule": "Host(`traefik.example.com`)",
  "traefik.http.routers.api.service": "api@internal",
  "traefik.http.routers.api.middlewares": "auth",
  "traefik.http.middlewares.auth.basicauth.users": "test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
@@ -63,7 +63,7 @@ spec:
 ```yaml tab="Rancher"
 # Dynamic Configuration
 labels:
-  - "traefik.http.routers.api.rule=Host(`traefik.domain.com`)"
+  - "traefik.http.routers.api.rule=Host(`traefik.example.com`)"
  - "traefik.http.routers.api.service=api@internal"
  - "traefik.http.routers.api.middlewares=auth"
  - "traefik.http.middlewares.auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
@@ -72,7 +72,7 @@ labels:
 ```toml tab="File (TOML)"
 # Dynamic Configuration
 [http.routers.my-api]
-  rule = "Host(`traefik.domain.com`)"
+  rule = "Host(`traefik.example.com`)"
  service = "api@internal"
  middlewares = ["auth"]

@@ -88,7 +88,7 @@ labels:
 http:
  routers:
    api:
-      rule: Host(`traefik.domain.com`)
+      rule: Host(`traefik.example.com`)
      service: api@internal
      middlewares:
        - auth
--- a/docs/content/operations/ping.md
+++ b/docs/content/operations/ping.md
@@ -23,7 +23,8 @@ ping: {}

 The `/ping` health-check URL is enabled with the command-line `--ping` or config file option `[ping]`.

-You can customize the `entryPoint` where the `/ping` is active with the `entryPoint` option (default value: `traefik`)
+The `entryPoint` where the `/ping` is active can be customized with the `entryPoint` option,
+whose default value is `traefik` (port `8080`).

 | Path    | Method        | Description                                                                                         |
 |---------|---------------|-----------------------------------------------------------------------------------------------------|
@@ -34,6 +35,8 @@ You can customize the `entryPoint` where the `/ping` is active with the `entryPo

 ### `entryPoint`

+_Optional, Default="traefik"_
+
 Enabling /ping on a dedicated EntryPoint.

 ```toml tab="File (TOML)"
--- a/docs/content/providers/consul-catalog.md
+++ b/docs/content/providers/consul-catalog.md
@@ -29,7 +29,7 @@ Attach tags to your services and let Traefik do the rest!
    Attaching tags to services

    ```yaml
-    - traefik.http.services.my-service.rule=Host(`mydomain.com`)
+    - traefik.http.services.my-service.rule=Host(`example.com`)
    ```

 ## Routing Configuration
--- a/docs/content/providers/docker.md
+++ b/docs/content/providers/docker.md
@@ -40,7 +40,7 @@ and [Docker Swarm Mode](https://docs.docker.com/engine/swarm/).
      my-container:
        # ...
        labels:
-          - traefik.http.routers.my-container.rule=Host(`mydomain.com`)
+          - traefik.http.routers.my-container.rule=Host(`example.com`)
    ```

 ??? example "Configuring Docker Swarm & Deploying / Exposing Services"
@@ -79,13 +79,13 @@ and [Docker Swarm Mode](https://docs.docker.com/engine/swarm/).
      my-container:
        deploy:
          labels:
-            - traefik.http.routers.my-container.rule=Host(`mydomain.com`)
+            - traefik.http.routers.my-container.rule=Host(`example.com`)
            - traefik.http.services.my-container-service.loadbalancer.server.port=8080
    ```

 ## Routing Configuration

-When using Docker as a [provider](https://docs.traefik.io/providers/overview/),
+When using Docker as a [provider](./overview.md),
 Traefik uses [container labels](https://docs.docker.com/engine/reference/commandline/run/#set-metadata-on-container--l---label---label-file) to retrieve its routing configuration.

 See the list of labels in the dedicated [routing](../routing/providers/docker.md) section.
--- a/docs/content/providers/kubernetes-ingress.md
+++ b/docs/content/providers/kubernetes-ingress.md
@@ -40,7 +40,7 @@ metadata:

 spec:
  rules:
-    - host: foo.com
+    - host: example.net
      http:
        paths:
          - path: /bar
@@ -266,7 +266,7 @@ _Optional, Default: empty_

 ```toml tab="File (TOML)"
 [providers.kubernetesIngress.ingressEndpoint]
-  hostname = "foo.com"
+  hostname = "example.net"
  # ...
 ```

@@ -274,12 +274,12 @@ _Optional, Default: empty_
 providers:
  kubernetesIngress:
    ingressEndpoint:
-      hostname: "foo.com"
+      hostname: "example.net"
    # ...
 ```

 ```bash tab="CLI"
--providers.kubernetesingress.ingressendpoint.hostname=foo.com
+--providers.kubernetesingress.ingressendpoint.hostname=example.net
 ```

 Hostname used for Kubernetes Ingress endpoints.
--- a/docs/content/providers/rancher.md
+++ b/docs/content/providers/rancher.md
@@ -35,7 +35,7 @@ Attach labels to your services and let Traefik do the rest!

    ```yaml
    labels:
-      - traefik.http.services.my-service.rule=Host(`mydomain.com`)
+      - traefik.http.services.my-service.rule=Host(`example.com`)
    ```

 ## Routing Configuration
--- a/docs/content/reference/dynamic-configuration/kubernetes-crd-resource.yml
+++ b/docs/content/reference/dynamic-configuration/kubernetes-crd-resource.yml
@@ -82,7 +82,7 @@ spec:
    - web
    - websecure
  routes:
-    - match: Host(`foo.com`) && PathPrefix(`/bar`)
+    - match: Host(`example.net`) && PathPrefix(`/bar`)
      kind: Rule
      priority: 12
      # defining several services is possible and allowed, but for now the servers of
@@ -147,7 +147,7 @@ spec:
  entryPoints:
    - footcp
  routes:
-    - match: HostSNI(`bar.com`)
+    - match: HostSNI(`example.com`)
      services:
        - name: whoamitcp
          port: 8080
--- a/docs/content/reference/static-configuration/cli-ref.md
+++ b/docs/content/reference/static-configuration/cli-ref.md
@@ -105,6 +105,12 @@ HTTP configuration.
 `--entrypoints.<name>.http.middlewares`:  
 Default middlewares for the routers linked to the entry point.

+`--entrypoints.<name>.http.redirections.entrypoint.permanent`:  
+Applied a permanent redirection. Defaults to true. (Default: ```true```)
+
+`--entrypoints.<name>.http.redirections.entrypoint.priority`:  
+Priority of the generated router. Defaults to 1. (Default: ```1```)
+
 `--entrypoints.<name>.http.redirections.entrypoint.scheme`:  
 Scheme used for the redirection. Defaults to https. (Default: ```https```)

--- a/docs/content/reference/static-configuration/env-ref.md
+++ b/docs/content/reference/static-configuration/env-ref.md
@@ -105,6 +105,12 @@ HTTP configuration.
 `TRAEFIK_ENTRYPOINTS_<NAME>_HTTP_MIDDLEWARES`:  
 Default middlewares for the routers linked to the entry point.

+`TRAEFIK_ENTRYPOINTS_<NAME>_HTTP_REDIRECTIONS_ENTRYPOINT_PERMANENT`:  
+Applied a permanent redirection. Defaults to true. (Default: ```true```)
+
+`TRAEFIK_ENTRYPOINTS_<NAME>_HTTP_REDIRECTIONS_ENTRYPOINT_PRIORITY`:  
+Priority of the generated router. Defaults to 1. (Default: ```1```)
+
 `TRAEFIK_ENTRYPOINTS_<NAME>_HTTP_REDIRECTIONS_ENTRYPOINT_SCHEME`:  
 Scheme used for the redirection. Defaults to https. (Default: ```https```)

--- a/docs/content/reference/static-configuration/file.toml
+++ b/docs/content/reference/static-configuration/file.toml
@@ -34,6 +34,8 @@
        [entryPoints.EntryPoint0.http.redirections.entryPoint]
          to = "foobar"
          scheme = "foobar"
+          permanent = true
+          priority = 42
      [entryPoints.EntryPoint0.http.tls]
        options = "foobar"
        certResolver = "foobar"
--- a/docs/content/reference/static-configuration/file.yaml
+++ b/docs/content/reference/static-configuration/file.yaml
@@ -37,6 +37,8 @@ entryPoints:
        entryPoint:
          to: foobar
          scheme: foobar
+          permanent: true
+          priority: 42
      middlewares:
      - foobar
      - foobar
--- a/docs/content/routing/entrypoints.md
+++ b/docs/content/routing/entrypoints.md
@@ -560,7 +560,7 @@ This whole section is dedicated to options, keyed by entry point, that will appl
          redirections:
            entryPoint:
              to: websecure
-              https: true
+              scheme: https
    
      websecure:
        address: :443
@@ -575,20 +575,23 @@ This whole section is dedicated to options, keyed by entry point, that will appl

 #### `entryPoint`

-This section is a convenience to enable (permanent) redirecting of all incoming requests on an entry point (e.g. port `80`) to another entry point (e.g. port `443`).
+This section is a convenience to enable (permanent) redirecting of all incoming requests on an entry point (e.g. port `80`) to another entry point (e.g. port `443`) or an explicit port (`:443`).

 ??? info "`entryPoint.to`"
    
    _Required_
    
-    The target entry point.
-
+    The target element, it can be:
+    
+      - an entry point name (ex: `websecure`)
+      - a port (`:443`)
+      
    ```toml tab="File (TOML)"
    [entryPoints.foo]
      # ...
      [entryPoints.foo.http.redirections]
        [entryPoints.foo.http.redirections.entryPoint]
-          to = "bar"
+          to = "websecure"
    ```
    
    ```yaml tab="File (YAML)"
@@ -598,7 +601,7 @@ This section is a convenience to enable (permanent) redirecting of all incoming
        http:
          redirections:
            entryPoint:
-              to: bar
+              to: websecure
    ```
    
    ```bash tab="CLI"
@@ -607,7 +610,7 @@ This section is a convenience to enable (permanent) redirecting of all incoming

 ??? info "`entryPoint.scheme`"
    
-    _Optional, Default="http"_
+    _Optional, Default="https"_
    
    The redirection target scheme.

@@ -635,6 +638,66 @@ This section is a convenience to enable (permanent) redirecting of all incoming
    --entrypoints.foo.http.redirections.entryPoint.scheme=https
    ```

+??? info "`entryPoint.permanent`"
+   
+    _Optional, Default=true_
+    
+    To apply a permanent redirection.
+
+    ```toml tab="File (TOML)"
+    [entryPoints.foo]
+      # ...
+      [entryPoints.foo.http.redirections]
+        [entryPoints.foo.http.redirections.entryPoint]
+          # ...
+          permanent = true
+    ```
+    
+    ```yaml tab="File (YAML)"
+    entryPoints:
+      foo:
+        # ...
+        http:
+          redirections:
+            entryPoint:
+              # ...
+              permanent: true
+    ```
+    
+    ```bash tab="CLI"
+    --entrypoints.foo.http.redirections.entrypoint.permanent=true
+    ```
+
+??? info "`entryPoint.priority`"
+  
+    _Optional, Default=1_
+    
+    Priority of the generated router.
+
+    ```toml tab="File (TOML)"
+    [entryPoints.foo]
+      # ...
+      [entryPoints.foo.http.redirections]
+        [entryPoints.foo.http.redirections.entryPoint]
+          # ...
+          priority = 10
+    ```
+    
+    ```yaml tab="File (YAML)"
+    entryPoints:
+      foo:
+        # ...
+        http:
+          redirections:
+            entryPoint:
+              # ...
+              priority: 10
+    ```
+    
+    ```bash tab="CLI"
+    --entrypoints.foo.http.redirections.entrypoint.priority=10
+    ```
+
 ### Middlewares

 The list of middlewares that are prepended by default to the list of middlewares of each router associated to the named entry point.
--- a/docs/content/routing/overview.md
+++ b/docs/content/routing/overview.md
@@ -66,7 +66,7 @@ Dynamic configuration:
  [http.routers]
     # Define a connection between requests and services
     [http.routers.to-whoami]
-      rule = "Host(`domain`) && PathPrefix(`/whoami/`)"
+      rule = "Host(`example.com`) && PathPrefix(`/whoami/`)"
      # If the rule matches, applies the middleware
      middlewares = ["test-user"]
      # If the rule matches, forward to the whoami service (declared below)
@@ -90,7 +90,7 @@ http:
  routers:
    # Define a connection between requests and services
    to-whoami:
-      rule: "Host(`domain`) && PathPrefix(`/whoami/`)"
+      rule: "Host(`example.com`) && PathPrefix(`/whoami/`)"
       # If the rule matches, applies the middleware
      middlewares:
      - test-user
@@ -122,7 +122,7 @@ http:
    In this example, we've defined routing rules for http requests only.
    Traefik also supports TCP requests. To add [TCP routers](./routers/index.md) and [TCP services](./services/index.md), declare them in a TCP section like in the following.

-    ??? example "Adding a TCP route for TLS requests on whoami.traefik.io"
+    ??? example "Adding a TCP route for TLS requests on whoami.example.com"

        **Static Configuration**
        
@@ -165,7 +165,7 @@ http:
          [http.routers]
            # Define a connection between requests and services
            [http.routers.to-whoami]
-              rule = "Host(`domain`) && PathPrefix(`/whoami/`)"
+              rule = "Host(`example.com`) && PathPrefix(`/whoami/`)"
              # If the rule matches, applies the middleware
              middlewares = ["test-user"]
              # If the rule matches, forward to the whoami service (declared below)
@@ -185,7 +185,7 @@ http:
        [tcp]
          [tcp.routers]
            [tcp.routers.to-whoami-tcp]
-              rule = "HostSNI(`whoami-tcp.traefik.io`)"
+              rule = "HostSNI(`whoami-tcp.example.com`)"
              service = "whoami-tcp"
              [tcp.routers.to-whoami-tcp.tls]

@@ -202,7 +202,7 @@ http:
          routers:
            # Define a connection between requests and services
            to-whoami:
-              rule: Host(`domain`) && PathPrefix(`/whoami/`)
+              rule: Host(`example.com`) && PathPrefix(`/whoami/`)
              # If the rule matches, applies the middleware
              middlewares:
              - test-user
@@ -227,7 +227,7 @@ http:
          routers:
            to-whoami-tcp:
              service: whoami-tcp
-              rule: HostSNI(`whoami-tcp.traefik.io`)
+              rule: HostSNI(`whoami-tcp.example.com`)

          services:
            whoami-tcp:
--- a/docs/content/routing/providers/consul-catalog.md
+++ b/docs/content/routing/providers/consul-catalog.md
@@ -24,14 +24,14 @@ The Service automatically gets a server per instance in this consul Catalog serv

 To update the configuration of the Router automatically attached to the service, add tags starting with `traefik.routers.{name-of-your-choice}.` and followed by the option you want to change.

-For example, to change the rule, you could add the tag ```traefik.http.routers.my-service.rule=Host(`mydomain.com`)```.
+For example, to change the rule, you could add the tag ```traefik.http.routers.my-service.rule=Host(`example.com`)```.

 ??? info "`traefik.http.routers.<router_name>.rule`"
    
    See [rule](../routers/index.md#rule) for more information.
    
    ```yaml
-    traefik.http.routers.myrouter.rule=Host(`mydomain.com`)
+    traefik.http.routers.myrouter.rule=Host(`example.com`)
    ```

 ??? info "`traefik.http.routers.<router_name>.entrypoints`"
@@ -79,7 +79,7 @@ For example, to change the rule, you could add the tag ```traefik.http.routers.m
    See [domains](../routers/index.md#domains) for more information.
    
    ```yaml
-    traefik.http.routers.myrouter.tls.domains[0].main=foobar.com
+    traefik.http.routers.myrouter.tls.domains[0].main=example.org
    ```

 ??? info "`traefik.http.routers.<router_name>.tls.domains[n].sans`"
@@ -87,7 +87,7 @@ For example, to change the rule, you could add the tag ```traefik.http.routers.m
    See [domains](../routers/index.md#domains) for more information.
    
    ```yaml
-    traefik.http.routers.myrouter.tls.domains[0].sans=test.foobar.com,dev.foobar.com
+    traefik.http.routers.myrouter.tls.domains[0].sans=test.example.org,dev.example.org
    ```

 ??? info "`traefik.http.routers.<router_name>.tls.options`"
@@ -150,7 +150,7 @@ you'd add the tag `traefik.http.services.{name-of-your-choice}.loadbalancer.pass
    See [health check](../services/index.md#health-check) for more information.
    
    ```yaml
-    traefik.http.services.myservice.loadbalancer.healthcheck.hostname=foobar.com
+    traefik.http.services.myservice.loadbalancer.healthcheck.hostname=example.org
    ```

 ??? info "`traefik.http.services.<service_name>.loadbalancer.healthcheck.interval`"
@@ -271,7 +271,7 @@ You can declare TCP Routers and/or Services using tags.
 ??? example "Declaring TCP Routers and Services"

    ```yaml
-    traefik.tcp.routers.my-router.rule=HostSNI(`my-host.com`)
+    traefik.tcp.routers.my-router.rule=HostSNI(`example.com`)
    traefik.tcp.routers.my-router.tls=true
    traefik.tcp.services.my-service.loadbalancer.server.port=4123
    ```
@@ -296,7 +296,7 @@ You can declare TCP Routers and/or Services using tags.
    See [rule](../routers/index.md#rule_1) for more information.
    
    ```yaml
-    traefik.tcp.routers.mytcprouter.rule=HostSNI(`myhost.com`)
+    traefik.tcp.routers.mytcprouter.rule=HostSNI(`example.com`)
    ```

 ??? info "`traefik.tcp.routers.<router_name>.service`"
@@ -328,7 +328,7 @@ You can declare TCP Routers and/or Services using tags.
    See [domains](../routers/index.md#domains_1) for more information.
    
    ```yaml
-    traefik.tcp.routers.mytcprouter.tls.domains[0].main=foobar.com
+    traefik.tcp.routers.mytcprouter.tls.domains[0].main=example.org
    ```

 ??? info "`traefik.tcp.routers.<router_name>.tls.domains[n].sans`"
@@ -336,7 +336,7 @@ You can declare TCP Routers and/or Services using tags.
    See [domains](../routers/index.md#domains_1) for more information.
    
    ```yaml
-    traefik.tcp.routers.mytcprouter.tls.domains[0].sans=test.foobar.com,dev.foobar.com
+    traefik.tcp.routers.mytcprouter.tls.domains[0].sans=test.example.org,dev.example.org
    ```

 ??? info "`traefik.tcp.routers.<router_name>.tls.options`"
--- a/docs/content/routing/providers/docker.md
+++ b/docs/content/routing/providers/docker.md
@@ -34,12 +34,12 @@ Attach labels to your containers and let Traefik do the rest!
      my-container:
        # ...
        labels:
-          - traefik.http.routers.my-container.rule=Host(`mydomain.com`)
+          - traefik.http.routers.my-container.rule=Host(`example.com`)
    ```

 ??? example "Specify a Custom Port for the Container"

-    Forward requests for `http://mydomain.com` to `http://<private IP of container>:12345`:
+    Forward requests for `http://example.com` to `http://<private IP of container>:12345`:

    ```yaml
    version: "3"
@@ -47,7 +47,7 @@ Attach labels to your containers and let Traefik do the rest!
      my-container:
        # ...
        labels:
-          - traefik.http.routers.my-container.rule=Host(`mydomain.com`)
+          - traefik.http.routers.my-container.rule=Host(`example.com`)
          # Tell Traefik to use the port 12345 to connect to `my-container`
          - traefik.http.services.my-service.loadbalancer.server.port=12345
    ```
@@ -94,7 +94,7 @@ Attach labels to your containers and let Traefik do the rest!
      my-container:
        deploy:
          labels:
-            - traefik.http.routers.my-container.rule=Host(`mydomain.com`)
+            - traefik.http.routers.my-container.rule=Host(`example.com`)
            - traefik.http.services.my-container-service.loadbalancer.server.port=8080
    ```

@@ -127,7 +127,7 @@ and the router automatically gets a rule defined by `defaultRule` (if no rule fo

    ```yaml
    labels:
-      - "traefik.http.routers.myproxy.rule=Host(`foo.com`)"
+      - "traefik.http.routers.myproxy.rule=Host(`example.net`)"
      # service myservice gets automatically assigned to router myproxy
      - "traefik.http.services.myservice.loadbalancer.server.port=80"
    ```
@@ -140,7 +140,7 @@ and the router automatically gets a rule defined by `defaultRule` (if no rule fo
    labels:
      # no service specified or defined and yet one gets automatically created
      # and assigned to router myproxy.
-      - "traefik.http.routers.myproxy.rule=Host(`foo.com`)"
+      - "traefik.http.routers.myproxy.rule=Host(`example.net`)"
    ```

 ### Routers
@@ -148,7 +148,7 @@ and the router automatically gets a rule defined by `defaultRule` (if no rule fo
 To update the configuration of the Router automatically attached to the container,
 add labels starting with `traefik.http.routers.<name-of-your-choice>.` and followed by the option you want to change.

-For example, to change the rule, you could add the label ```traefik.http.routers.my-container.rule=Host(`mydomain.com`)```.
+For example, to change the rule, you could add the label ```traefik.http.routers.my-container.rule=Host(`example.com`)```.

 !!! warning "The character `@` is not authorized in the router name `<router_name>`."

@@ -157,7 +157,7 @@ For example, to change the rule, you could add the label ```traefik.http.routers
    See [rule](../routers/index.md#rule) for more information.

    ```yaml
-    - "traefik.http.routers.myrouter.rule=Host(`mydomain.com`)"
+    - "traefik.http.routers.myrouter.rule=Host(`example.com`)"
    ```

 ??? info "`traefik.http.routers.<router_name>.entrypoints`"
@@ -205,7 +205,7 @@ For example, to change the rule, you could add the label ```traefik.http.routers
    See [domains](../routers/index.md#domains) for more information.

    ```yaml
-    - "traefik.http.routers.myrouter.tls.domains[0].main=foobar.com"
+    - "traefik.http.routers.myrouter.tls.domains[0].main=example.org"
    ```

 ??? info "`traefik.http.routers.<router_name>.tls.domains[n].sans`"
@@ -213,7 +213,7 @@ For example, to change the rule, you could add the label ```traefik.http.routers
    See [domains](../routers/index.md#domains) for more information.

    ```yaml
-    - "traefik.http.routers.myrouter.tls.domains[0].sans=test.foobar.com,dev.foobar.com"
+    - "traefik.http.routers.myrouter.tls.domains[0].sans=test.example.org,dev.example.org"
    ```

 ??? info "`traefik.http.routers.<router_name>.tls.options`"
@@ -283,7 +283,7 @@ you'd add the label `traefik.http.services.<name-of-your-choice>.loadbalancer.pa
    See [health check](../services/index.md#health-check) for more information.

    ```yaml
-    - "traefik.http.services.myservice.loadbalancer.healthcheck.hostname=foobar.com"
+    - "traefik.http.services.myservice.loadbalancer.healthcheck.hostname=example.org"
    ```

 ??? info "`traefik.http.services.<service_name>.loadbalancer.healthcheck.interval`"
@@ -414,7 +414,7 @@ You can declare TCP Routers and/or Services using labels.
         my-container:
           # ...
           labels:
-             - "traefik.tcp.routers.my-router.rule=HostSNI(`my-host.com`)"
+             - "traefik.tcp.routers.my-router.rule=HostSNI(`example.com`)"
             - "traefik.tcp.routers.my-router.tls=true"
             - "traefik.tcp.services.my-service.loadbalancer.server.port=4123"
    ```
@@ -439,7 +439,7 @@ You can declare TCP Routers and/or Services using labels.
    See [rule](../routers/index.md#rule_1) for more information.

    ```yaml
-    - "traefik.tcp.routers.mytcprouter.rule=HostSNI(`myhost.com`)"
+    - "traefik.tcp.routers.mytcprouter.rule=HostSNI(`example.com`)"
    ```

 ??? info "`traefik.tcp.routers.<router_name>.service`"
@@ -471,7 +471,7 @@ You can declare TCP Routers and/or Services using labels.
    See [domains](../routers/index.md#domains_1) for more information.

    ```yaml
-    - "traefik.tcp.routers.mytcprouter.tls.domains[0].main=foobar.com"
+    - "traefik.tcp.routers.mytcprouter.tls.domains[0].main=example.org"
    ```

 ??? info "`traefik.tcp.routers.<router_name>.tls.domains[n].sans`"
@@ -479,7 +479,7 @@ You can declare TCP Routers and/or Services using labels.
    See [domains](../routers/index.md#domains_1) for more information.

    ```yaml
-    - "traefik.tcp.routers.mytcprouter.tls.domains[0].sans=test.foobar.com,dev.foobar.com"
+    - "traefik.tcp.routers.mytcprouter.tls.domains[0].sans=test.example.org,dev.example.org"
    ```

 ??? info "`traefik.tcp.routers.<router_name>.tls.options`"
--- a/docs/content/routing/providers/kubernetes-crd.md
+++ b/docs/content/routing/providers/kubernetes-crd.md
@@ -321,7 +321,7 @@ Register the `IngressRoute` [kind](../../reference/dynamic-configuration/kuberne
        - foo
      routes:                           # [2]
      - kind: Rule
-        match: Host(`test.domain.com`)  # [3]
+        match: Host(`test.example.com`) # [3]
        priority: 10                    # [4]
        middlewares:                    # [5]
        - name: middleware1             # [6]
@@ -349,10 +349,10 @@ Register the `IngressRoute` [kind](../../reference/dynamic-configuration/kuberne
          namespace: default            # [13]
        certResolver: foo               # [14]
        domains:                        # [15]
-        - main: foo.com                 # [16]
+        - main: example.net             # [16]
          sans:                         # [17]
-          - a.foo.com
-          - b.foo.com
+          - a.example.net
+          - b.example.net
    ```

 | Ref  | Attribute                  | Purpose                                                                                                                                                                                                                  |
@@ -389,7 +389,7 @@ Register the `IngressRoute` [kind](../../reference/dynamic-configuration/kuberne
        - web
      routes:
      - kind: Rule
-        match: Host(`test.domain.com`)
+        match: Host(`test.example.com`)
        middlewares:
        - name: middleware1
          namespace: default
@@ -413,10 +413,10 @@ Register the `IngressRoute` [kind](../../reference/dynamic-configuration/kuberne
      tls:
        certResolver: foo
        domains:
-        - main: foo.com
+        - main: example.net
          sans:
-          - a.foo.com
-          - b.foo.com
+          - a.example.net
+          - b.example.net
        options:
          name: opt
          namespace: default
@@ -494,7 +494,7 @@ Register the `IngressRoute` [kind](../../reference/dynamic-configuration/kuberne
            - foo
        
          routes:
-          - match: Host(`foo.com`)
+          - match: Host(`example.net`)
            kind: Rule
            services:
            - name: external-svc
@@ -524,7 +524,7 @@ Register the `IngressRoute` [kind](../../reference/dynamic-configuration/kuberne
            - foo
        
          routes:
-          - match: Host(`foo.com`)
+          - match: Host(`example.net`)
            kind: Rule
            services:
            - name: external-svc
@@ -555,7 +555,7 @@ Register the `IngressRoute` [kind](../../reference/dynamic-configuration/kuberne
            - foo
        
          routes:
-          - match: Host(`foo.com`)
+          - match: Host(`example.net`)
            kind: Rule
            services:
            - name: external-svc
@@ -605,7 +605,7 @@ Register the `Middleware` [kind](../../reference/dynamic-configuration/kubernete
      entryPoints:
        - web
      routes:
-      - match: Host(`bar.com`) && PathPrefix(`/stripit`)
+      - match: Host(`example.com`) && PathPrefix(`/stripit`)
        kind: Rule
        services:
        - name: whoami
@@ -646,7 +646,6 @@ referencing services in the [`IngressRoute`](#kind-ingressroute) objects, or rec
 * services [Weighted Round Robin](#weighted-round-robin) load balancing.
 * services [mirroring](#mirroring).

-
 #### Server Load Balancing

 More information in the dedicated server [load balancing](../services/index.md#load-balancing) section.
@@ -664,7 +663,7 @@ More information in the dedicated server [load balancing](../services/index.md#l
      entryPoints:
        - web
      routes:
-      - match: Host(`bar.com`) && PathPrefix(`/foo`)
+      - match: Host(`example.com`) && PathPrefix(`/foo`)
        kind: Rule
        services:
        - name: svc1
@@ -720,7 +719,7 @@ More information in the dedicated [Weighted Round Robin](../services/index.md#we
      entryPoints:
        - web
      routes:
-      - match: Host(`bar.com`) && PathPrefix(`/foo`)
+      - match: Host(`example.com`) && PathPrefix(`/foo`)
        kind: Rule
        services:
        - name: wrr1
@@ -827,7 +826,7 @@ More information in the dedicated [mirroring](../services/index.md#mirroring-ser
      entryPoints:
        - web
      routes:
-      - match: Host(`bar.com`) && PathPrefix(`/foo`)
+      - match: Host(`example.com`) && PathPrefix(`/foo`)
        kind: Rule
        services:
        - name: mirror1
@@ -916,6 +915,154 @@ More information in the dedicated [mirroring](../services/index.md#mirroring-ser
    
    Specifying a namespace attribute in this case would not make any sense, and will be ignored (except if the provider is `kubernetescrd`).

+#### Stickiness and load-balancing
+
+As explained in the section about [Sticky sessions](../../services/#sticky-sessions), for stickiness to work all the way,
+it must be specified at each load-balancing level.
+
+For instance, in the example below, there is a first level of load-balancing because there is a (Weighted Round Robin) load-balancing of the two `whoami` services,
+and there is a second level because each whoami service is a `replicaset` and is thus handled as a load-balancer of servers.
+
+??? "Stickiness on two load-balancing levels"
+
+    ```yaml tab="IngressRoute"
+    apiVersion: traefik.containo.us/v1alpha1
+    kind: IngressRoute
+    metadata:
+      name: ingressroutebar
+      namespace: default
+
+    spec:
+      entryPoints:
+        - web
+      routes:
+      - match: Host(`example.com`) && PathPrefix(`/foo`)
+        kind: Rule
+        services:
+        - name: wrr1
+          namespace: default
+          kind: TraefikService
+    ```
+
+    ```yaml tab="Weighted Round Robin"
+    apiVersion: traefik.containo.us/v1alpha1
+    kind: TraefikService
+    metadata:
+      name: wrr1
+      namespace: default
+
+    spec:
+      weighted:
+        services:
+          - name: whoami1
+            kind: Service
+            port: 80
+            weight: 1
+            sticky:
+              cookie:
+                name: lvl2
+          - name: whoami2
+            kind: Service
+            weight: 1
+            port: 80
+            sticky:
+              cookie:
+                name: lvl2
+        sticky:
+          cookie:
+            name: lvl1
+    ```
+
+    ```yaml tab="K8s Service"
+    apiVersion: v1
+    kind: Service
+    metadata:
+      name: whoami1
+
+    spec:
+      ports:
+        - protocol: TCP
+          name: web
+          port: 80
+      selector:
+        app: whoami1
+
+    ---
+    apiVersion: v1
+    kind: Service
+    metadata:
+      name: whoami2
+
+    spec:
+      ports:
+        - protocol: TCP
+          name: web
+          port: 80
+      selector:
+        app: whoami2
+    ```
+
+    ```yaml tab="Deployment (to illustrate replicas)"
+    kind: Deployment
+    apiVersion: apps/v1
+    metadata:
+      namespace: default
+      name: whoami1
+      labels:
+        app: whoami1
+
+    spec:
+      replicas: 2
+      selector:
+        matchLabels:
+          app: whoami1
+      template:
+        metadata:
+          labels:
+            app: whoami1
+        spec:
+          containers:
+            - name: whoami1
+              image: containous/whoami
+              ports:
+                - name: web
+                  containerPort: 80
+
+    ---
+    kind: Deployment
+    apiVersion: apps/v1
+    metadata:
+      namespace: default
+      name: whoami2
+      labels:
+        app: whoami2
+
+    spec:
+      replicas: 2
+      selector:
+        matchLabels:
+          app: whoami2
+      template:
+        metadata:
+          labels:
+            app: whoami2
+        spec:
+          containers:
+            - name: whoami2
+              image: containous/whoami
+              ports:
+                - name: web
+                  containerPort: 80
+    ```
+
+    To keep a session open with the same server, the client would then need to specify the two levels within the cookie for each request, e.g. with curl:
+
+    ```bash
+    curl -H Host:example.com -b "lvl1=default-whoami1-80; lvl2=http://10.42.0.6:80" http://localhost:8000/foo
+    ```
+
+    assuming `10.42.0.6` is the IP address of one of the replicas (a pod then) of the `whoami1` service.
+
 ### Kind `IngressRouteTCP`

 `IngressRouteTCP` is the CRD implementation of a [Traefik TCP router](../routers/index.md#configuring-tcp-routers).
@@ -947,10 +1094,10 @@ Register the `IngressRouteTCP` [kind](../../reference/dynamic-configuration/kube
          namespace: default        # [13]
        certResolver: foo           # [14]
        domains:                    # [15]
-        - main: foo.com             # [16]
+        - main: example.net         # [16]
          sans:                     # [17]
-          - a.foo.com
-          - b.foo.com
+          - a.example.net
+          - b.example.net
        passthrough: false          # [18]
    ```

@@ -1001,10 +1148,10 @@ Register the `IngressRouteTCP` [kind](../../reference/dynamic-configuration/kube
      tls:
        certResolver: foo
        domains:
-        - main: foo.com
+        - main: example.net
          sans:
-          - a.foo.com
-          - b.foo.com
+          - a.example.net
+          - b.example.net
        options:
          name: opt
          namespace: default
@@ -1192,7 +1339,7 @@ Register the `IngressRouteUDP` [kind](../../reference/dynamic-configuration/kube
          port: 8081
          weight: 10
    ```
-    
+
 ### Kind: `TLSOption`

 `TLSOption` is the CRD implementation of a [Traefik "TLS Option"](../../https/tls.md#tls-options).
@@ -1269,7 +1416,7 @@ or referencing TLS options in the [`IngressRoute`](#kind-ingressroute) / [`Ingre
      entryPoints:
        - web
      routes:
-      - match: Host(`bar.com`) && PathPrefix(`/stripit`)
+      - match: Host(`example.com`) && PathPrefix(`/stripit`)
        kind: Rule
        services:
        - name: whoami
@@ -1366,7 +1513,7 @@ or referencing TLS stores in the [`IngressRoute`](#kind-ingressroute) / [`Ingres
      entryPoints:
        - web
      routes:
-      - match: Host(`bar.com`) && PathPrefix(`/stripit`)
+      - match: Host(`example.com`) && PathPrefix(`/stripit`)
        kind: Rule
        services:
        - name: whoami
@@ -1386,6 +1533,7 @@ or referencing TLS stores in the [`IngressRoute`](#kind-ingressroute) / [`Ingres
      tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCi0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0=
      tls.key: LS0tLS1CRUdJTiBQUklWQVRFIEtFWS0tLS0tCi0tLS0tRU5EIFBSSVZBVEUgS0VZLS0tLS0=
    ```
+
 ## Further

 Also see the [full example](../../user-guides/crd-acme/index.md) with Let's Encrypt.
--- a/docs/content/routing/providers/kubernetes-ingress.md
+++ b/docs/content/routing/providers/kubernetes-ingress.md
@@ -70,7 +70,7 @@ which in turn will create the resulting routers, services, handlers, etc.
    
    spec:
      rules:
-        - host: mydomain.com
+        - host: example.com
          http:
            paths:
              - path: /bar
@@ -202,7 +202,7 @@ which in turn will create the resulting routers, services, handlers, etc.
    See [middlewares](../routers/index.md#middlewares) and [middlewares overview](../../middlewares/overview.md) for more information.

    ```yaml
-    traefik.ingress.kubernetes.io/router.middlewares: auth@file,prefix@kuberntes-crd,cb@file
+    traefik.ingress.kubernetes.io/router.middlewares: auth@file,prefix@kuberntescrd,cb@file
    ```

 ??? info "`traefik.ingress.kubernetes.io/router.priority`"
@@ -245,7 +245,7 @@ which in turn will create the resulting routers, services, handlers, etc.
    See [domains](../routers/index.md#domains) for more information.

    ```yaml
-    traefik.ingress.kubernetes.io/router.tls.domains.0.main: foobar.com
+    traefik.ingress.kubernetes.io/router.tls.domains.0.main: example.org
    ```

 ??? info "`traefik.ingress.kubernetes.io/router.tls.domains.n.sans`"
@@ -253,7 +253,7 @@ which in turn will create the resulting routers, services, handlers, etc.
    See [domains](../routers/index.md#domains) for more information.

    ```yaml
-    traefik.ingress.kubernetes.io/router.tls.domains.0.sans: test.foobar.com,dev.foobar.com
+    traefik.ingress.kubernetes.io/router.tls.domains.0.sans: test.example.org,dev.example.org
    ```

 ??? info "`traefik.ingress.kubernetes.io/router.tls.options`"
@@ -351,7 +351,7 @@ and will connect via TLS automatically.
    
    spec:
      rules:
-      - host: foo.com
+      - host: example.net
        http:
          paths:
          - path: /bar
--- a/docs/content/routing/providers/kv.md
+++ b/docs/content/routing/providers/kv.md
@@ -20,7 +20,7 @@ A Story of key & values
    
    | Key (Path)                           | Value                      |
    |--------------------------------------|----------------------------|
-    | `traefik/http/routers/myrouter/rule` | ```Host(`mydomain.com`)``` |
+    | `traefik/http/routers/myrouter/rule` | ```Host(`example.com`)```  |

 ??? info "`traefik/http/routers/<router_name>/entrypoints`"

@@ -69,18 +69,18 @@ A Story of key & values

    See [domains](../routers/index.md#domains) for more information.

-    | Key (Path)                                         | Value        |
-    |----------------------------------------------------|--------------|
-    | `traefik/http/routers/myrouter/tls/domains/0/main` | `foobar.com` |
+    | Key (Path)                                         | Value         |
+    |----------------------------------------------------|---------------|
+    | `traefik/http/routers/myrouter/tls/domains/0/main` | `example.org` |
    
 ??? info "`traefik/http/routers/<router_name>/tls/domains/<n>/sans/<n>`"

    See [domains](../routers/index.md#domains) for more information.

-    | Key (Path)                                           | Value             |
-    |------------------------------------------------------|-------------------|
-    | `traefik/http/routers/myrouter/tls/domains/0/sans/0` | `test.foobar.com` |
-    | `traefik/http/routers/myrouter/tls/domains/0/sans/1` | `dev.foobar.com`  |
+    | Key (Path)                                           | Value              |
+    |------------------------------------------------------|--------------------|
+    | `traefik/http/routers/myrouter/tls/domains/0/sans/0` | `test.example.org` |
+    | `traefik/http/routers/myrouter/tls/domains/0/sans/1` | `dev.example.org`  |
    
 ??? info "`traefik/http/routers/<router_name>/tls/options`"

@@ -138,9 +138,9 @@ A Story of key & values

    See [health check](../services/index.md#health-check) for more information.

-    | Key (Path)                                                          | Value        |
-    |---------------------------------------------------------------------|--------------|
-    | `traefik/http/services/myservice/loadbalancer/healthcheck/hostname` | `foobar.com` |
+    | Key (Path)                                                          | Value         |
+    |---------------------------------------------------------------------|---------------|
+    | `traefik/http/services/myservice/loadbalancer/healthcheck/hostname` | `example.org` |

 ??? info "`traefik/http/services/<service_name>/loadbalancer/healthcheck/interval`"

@@ -301,7 +301,7 @@ You can declare TCP Routers and/or Services using KV.

    | Key (Path)                           | Value                        |
    |--------------------------------------|------------------------------|
-    | `traefik/tcp/routers/my-router/rule` | ```HostSNI(`my-host.com`)``` |  
+    | `traefik/tcp/routers/my-router/rule` | ```HostSNI(`example.com`)``` |  

 ??? info "`traefik/tcp/routers/<router_name>/service`"

@@ -331,18 +331,18 @@ You can declare TCP Routers and/or Services using KV.

    See [domains](../routers/index.md#domains_1) for more information.

-    | Key (Path)                                           | Value        |
-    |------------------------------------------------------|--------------|
-    | `traefik/tcp/routers/mytcprouter/tls/domains/0/main` | `foobar.com` |
+    | Key (Path)                                           | Value         |
+    |------------------------------------------------------|---------------|
+    | `traefik/tcp/routers/mytcprouter/tls/domains/0/main` | `example.org` |
        
 ??? info "`traefik/tcp/routers/<router_name>/tls/domains/<n>/sans`"

    See [domains](../routers/index.md#domains_1) for more information.

-    | Key (Path)                                             | Value             |
-    |--------------------------------------------------------|-------------------|
-    | `traefik/tcp/routers/mytcprouter/tls/domains/0/sans/0` | `test.foobar.com` |
-    | `traefik/tcp/routers/mytcprouter/tls/domains/0/sans/1` | `dev.foobar.com`  |
+    | Key (Path)                                             | Value              |
+    |--------------------------------------------------------|--------------------|
+    | `traefik/tcp/routers/mytcprouter/tls/domains/0/sans/0` | `test.example.org` |
+    | `traefik/tcp/routers/mytcprouter/tls/domains/0/sans/1` | `dev.example.org`  |
    
 ??? info "`traefik/tcp/routers/<router_name>/tls/options`"

--- a/docs/content/routing/providers/marathon.md
+++ b/docs/content/routing/providers/marathon.md
@@ -29,7 +29,7 @@ and the router automatically gets a rule defined by defaultRule (if no rule for

    ```json
    labels: {
-      "traefik.http.routers.myproxy.rule": "Host(`foo.com`)",
+      "traefik.http.routers.myproxy.rule": "Host(`example.net`)",
      "traefik.http.services.myservice.loadbalancer.server.port": "80"
    }
    ```
@@ -41,7 +41,7 @@ and the router automatically gets a rule defined by defaultRule (if no rule for

    ```json
    labels: {
-      "traefik.http.routers.myproxy.rule": "Host(`foo.com`)"
+      "traefik.http.routers.myproxy.rule": "Host(`example.net`)"
 	}
    ```

@@ -50,7 +50,7 @@ and the router automatically gets a rule defined by defaultRule (if no rule for
 To update the configuration of the Router automatically attached to the application,
 add labels starting with `traefik.http.routers.{router-name-of-your-choice}.` and followed by the option you want to change.

-For example, to change the routing rule, you could add the label ```"traefik.http.routers.routername.rule": "Host(`mydomain.com`)"```.
+For example, to change the routing rule, you could add the label ```"traefik.http.routers.routername.rule": "Host(`example.com`)"```.

 !!! warning "The character `@` is not authorized in the router name `<router_name>`."

@@ -59,7 +59,7 @@ For example, to change the routing rule, you could add the label ```"traefik.htt
    See [rule](../routers/index.md#rule) for more information. 
    
    ```json
-    "traefik.http.routers.myrouter.rule": "Host(`mydomain.com`)"
+    "traefik.http.routers.myrouter.rule": "Host(`example.com`)"
    ```

 ??? info "`traefik.http.routers.<router_name>.entrypoints`"
@@ -107,7 +107,7 @@ For example, to change the routing rule, you could add the label ```"traefik.htt
    See [domains](../routers/index.md#domains) for more information.
    
    ```json
-    "traefik.http.routers.myrouter.tls.domains[0].main": "foobar.com"
+    "traefik.http.routers.myrouter.tls.domains[0].main": "example.org"
    ```

 ??? info "`traefik.http.routers.<router_name>.tls.domains[n].sans`"
@@ -115,7 +115,7 @@ For example, to change the routing rule, you could add the label ```"traefik.htt
    See [domains](../routers/index.md#domains) for more information.
    
    ```json
-    "traefik.http.routers.myrouter.tls.domains[0].sans": "test.foobar.com,dev.foobar.com"
+    "traefik.http.routers.myrouter.tls.domains[0].sans": "test.example.org,dev.example.org"
    ```

 ??? info "`traefik.http.routers.<router_name>.tls.options`"
@@ -181,7 +181,7 @@ For example, to change the passHostHeader behavior, you'd add the label `"traefi
    See [health check](../services/index.md#health-check) for more information.
    
    ```json
-    "traefik.http.services.myservice.loadbalancer.healthcheck.hostname": "foobar.com"
+    "traefik.http.services.myservice.loadbalancer.healthcheck.hostname": "example.org"
    ```

 ??? info "`traefik.http.services.<service_name>.loadbalancer.healthcheck.interval`"
@@ -308,7 +308,7 @@ You can declare TCP Routers and/or Services using labels.
 	{
 		...
 		"labels": {
-			"traefik.tcp.routers.my-router.rule": "HostSNI(`my-host.com`)",
+			"traefik.tcp.routers.my-router.rule": "HostSNI(`example.com`)",
 			"traefik.tcp.routers.my-router.tls": "true",
 			"traefik.tcp.services.my-service.loadbalancer.server.port": "4123"
 		}
@@ -336,7 +336,7 @@ You can declare TCP Routers and/or Services using labels.
    See [rule](../routers/index.md#rule_1) for more information.
    
    ```json
-    "traefik.tcp.routers.mytcprouter.rule": "HostSNI(`myhost.com`)"
+    "traefik.tcp.routers.mytcprouter.rule": "HostSNI(`example.com`)"
    ```

 ??? info "`traefik.tcp.routers.<router_name>.service`"
@@ -368,7 +368,7 @@ You can declare TCP Routers and/or Services using labels.
    See [domains](../routers/index.md#domains_1) for more information.
    
    ```json
-    "traefik.tcp.routers.mytcprouter.tls.domains[0].main": "foobar.com"
+    "traefik.tcp.routers.mytcprouter.tls.domains[0].main": "example.org"
    ```

 ??? info "`traefik.tcp.routers.<router_name>.tls.domains[n].sans`"
@@ -376,7 +376,7 @@ You can declare TCP Routers and/or Services using labels.
    See [domains](../routers/index.md#domains_1) for more information.
    
    ```json
-    "traefik.tcp.routers.mytcprouter.tls.domains[0].sans": "test.foobar.com,dev.foobar.com"
+    "traefik.tcp.routers.mytcprouter.tls.domains[0].sans": "test.example.org,dev.example.org"
    ```

 ??? info "`traefik.tcp.routers.<router_name>.tls.options`"
--- a/docs/content/routing/providers/rancher.md
+++ b/docs/content/routing/providers/rancher.md
@@ -35,7 +35,7 @@ The Service automatically gets a server per container in this rancher service, a

    ```yaml
    labels:
-      - "traefik.http.routers.myproxy.rule=Host(`foo.com`)"
+      - "traefik.http.routers.myproxy.rule=Host(`example.net`)"
      # service myservice gets automatically assigned to router myproxy
      - "traefik.http.services.myservice.loadbalancer.server.port=80"
    ```
@@ -48,14 +48,14 @@ The Service automatically gets a server per container in this rancher service, a
    labels:
      # no service specified or defined and yet one gets automatically created
      # and assigned to router myproxy.
-      - "traefik.http.routers.myproxy.rule=Host(`foo.com`)"
+      - "traefik.http.routers.myproxy.rule=Host(`example.net`)"
    ```

 ### Routers

 To update the configuration of the Router automatically attached to the container, add labels starting with `traefik.routers.{name-of-your-choice}.` and followed by the option you want to change.

-For example, to change the rule, you could add the label ```traefik.http.routers.my-container.rule=Host(`mydomain.com`)```.
+For example, to change the rule, you could add the label ```traefik.http.routers.my-container.rule=Host(`example.com`)```.

 !!! warning "The character `@` is not authorized in the router name `<router_name>`."

@@ -64,7 +64,7 @@ For example, to change the rule, you could add the label ```traefik.http.routers
    See [rule](../routers/index.md#rule) for more information. 
    
    ```yaml
-    - "traefik.http.routers.myrouter.rule=Host(`mydomain.com`)"
+    - "traefik.http.routers.myrouter.rule=Host(`example.com`)"
    ```

 ??? info "`traefik.http.routers.<router_name>.entrypoints`"
@@ -112,7 +112,7 @@ For example, to change the rule, you could add the label ```traefik.http.routers
    See [domains](../routers/index.md#domains) for more information.
    
    ```yaml
-    - "traefik.http.routers.myrouter.tls.domains[0].main=foobar.com"
+    - "traefik.http.routers.myrouter.tls.domains[0].main=example.org"
    ```

 ??? info "`traefik.http.routers.<router_name>.tls.domains[n].sans`"
@@ -120,7 +120,7 @@ For example, to change the rule, you could add the label ```traefik.http.routers
    See [domains](../routers/index.md#domains) for more information.
    
    ```yaml
-    - "traefik.http.routers.myrouter.tls.domains[0].sans=test.foobar.com,dev.foobar.com"
+    - "traefik.http.routers.myrouter.tls.domains[0].sans=test.example.org,dev.example.org"
    ```

 ??? info "`traefik.http.routers.<router_name>.tls.options`"
@@ -187,7 +187,7 @@ you'd add the label `traefik.http.services.{name-of-your-choice}.loadbalancer.pa
    See [health check](../services/index.md#health-check) for more information.
    
    ```yaml
-    - "traefik.http.services.myservice.loadbalancer.healthcheck.hostname=foobar.com"
+    - "traefik.http.services.myservice.loadbalancer.healthcheck.hostname=example.org"
    ```

 ??? info "`traefik.http.services.<service_name>.loadbalancer.healthcheck.interval`"
@@ -314,7 +314,7 @@ You can declare TCP Routers and/or Services using labels.
         my-container:
           # ...
           labels:
-             - "traefik.tcp.routers.my-router.rule=HostSNI(`my-host.com`)"
+             - "traefik.tcp.routers.my-router.rule=HostSNI(`example.com`)"
             - "traefik.tcp.routers.my-router.tls=true"
             - "traefik.tcp.services.my-service.loadbalancer.server.port=4123"
    ```
@@ -339,7 +339,7 @@ You can declare TCP Routers and/or Services using labels.
    See [rule](../routers/index.md#rule_1) for more information.
    
    ```yaml
-    - "traefik.tcp.routers.mytcprouter.rule=HostSNI(`myhost.com`)"
+    - "traefik.tcp.routers.mytcprouter.rule=HostSNI(`example.com`)"
    ```

 ??? info "`traefik.tcp.routers.<router_name>.service`"
@@ -371,7 +371,7 @@ You can declare TCP Routers and/or Services using labels.
    See [domains](../routers/index.md#domains_1) for more information.
    
    ```yaml
-    - "traefik.tcp.routers.mytcprouter.tls.domains[0].main=foobar.com"
+    - "traefik.tcp.routers.mytcprouter.tls.domains[0].main=example.org"
    ```

 ??? info "`traefik.tcp.routers.<router_name>.tls.domains[n].sans`"
@@ -379,7 +379,7 @@ You can declare TCP Routers and/or Services using labels.
    See [domains](../routers/index.md#domains_1) for more information.
    
    ```yaml
-    - "traefik.tcp.routers.mytcprouter.tls.domains[0].sans=test.foobar.com,dev.foobar.com"
+    - "traefik.tcp.routers.mytcprouter.tls.domains[0].sans=test.example.org,dev.example.org"
    ```

 ??? info "`traefik.tcp.routers.<router_name>.tls.options`"
--- a/docs/content/routing/routers/index.md
+++ b/docs/content/routing/routers/index.md
@@ -101,7 +101,7 @@ If you want to limit the router scope to a set of entry points, set the `entryPo
    [http.routers]
      [http.routers.Router-1]
        # By default, routers listen to every entry points
-        rule = "Host(`traefik.io`)"
+        rule = "Host(`example.com`)"
        service = "service-1"
    ```
    
@@ -111,7 +111,7 @@ If you want to limit the router scope to a set of entry points, set the `entryPo
      routers:
        Router-1:
          # By default, routers listen to every entry points
-          rule: "Host(`traefik.io`)"
+          rule: "Host(`example.com`)"
          service: "service-1"
    ```
    
@@ -156,7 +156,7 @@ If you want to limit the router scope to a set of entry points, set the `entryPo
      [http.routers.Router-1]
        # won't listen to entry point web
        entryPoints = ["websecure", "other"]
-        rule = "Host(`traefik.io`)"
+        rule = "Host(`example.com`)"
        service = "service-1"
    ```
    
@@ -169,7 +169,7 @@ If you want to limit the router scope to a set of entry points, set the `entryPo
          entryPoints:
            - "websecure"
            - "other"
-          rule: "Host(`traefik.io`)"
+          rule: "Host(`example.com`)"
          service: "service-1"
    ```

@@ -214,30 +214,30 @@ If the rule is verified, the router becomes active, calls middlewares, and then
    
    Single quotes `'` are not accepted as values are [Golang's String Literals](https://golang.org/ref/spec#String_literals).

-!!! example "Host is traefik.io"
+!!! example "Host is example.com"

    ```toml
-    rule = "Host(`traefik.io`)"
+    rule = "Host(`example.com`)"
    ```

-!!! example "Host is traefik.io OR Host is containo.us AND path is /traefik"
+!!! example "Host is example.com OR Host is example.org AND path is /traefik"

    ```toml
-    rule = "Host(`traefik.io`) || (Host(`containo.us`) && Path(`/traefik`))"
+    rule = "Host(`example.com`) || (Host(`example.org`) && Path(`/traefik`))"
    ```

 The table below lists all the available matchers:

-| Rule                                                                 | Description                                                                                                    |
-|----------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------|
-| ```Headers(`key`, `value`)```                                        | Check if there is a key `key`defined in the headers, with the value `value`                                    |
-| ```HeadersRegexp(`key`, `regexp`)```                                 | Check if there is a key `key`defined in the headers, with a value that matches the regular expression `regexp` |
-| ```Host(`domain-1`, ...)```                                          | Check if the request domain targets one of the given `domains`.                                                |
-| ```HostRegexp(`traefik.io`, `{subdomain:[a-z]+}.traefik.io`, ...)``` | Check if the request domain matches the given `regexp`.                                                        |
-| ```Method(`GET`, ...)```                                             | Check if the request method is one of the given `methods` (`GET`, `POST`, `PUT`, `DELETE`, `PATCH`)            |
-| ```Path(`/path`, `/articles/{category}/{id:[0-9]+}`, ...)```         | Match exact request path. It accepts a sequence of literal and regular expression paths.                       |
-| ```PathPrefix(`/products/`, `/articles/{category}/{id:[0-9]+}`)```   | Match request prefix path. It accepts a sequence of literal and regular expression prefix paths.               |
-| ```Query(`foo=bar`, `bar=baz`)```                                    | Match Query String parameters. It accepts a sequence of key=value pairs.                                      |
+| Rule                                                                   | Description                                                                                                    |
+|------------------------------------------------------------------------|----------------------------------------------------------------------------------------------------------------|
+| ```Headers(`key`, `value`)```                                          | Check if there is a key `key`defined in the headers, with the value `value`                                    |
+| ```HeadersRegexp(`key`, `regexp`)```                                   | Check if there is a key `key`defined in the headers, with a value that matches the regular expression `regexp` |
+| ```Host(`example.com`, ...)```                                         | Check if the request domain targets one of the given `domains`.                                                |
+| ```HostRegexp(`example.com`, `{subdomain:[a-z]+}.example.com`, ...)``` | Check if the request domain matches the given `regexp`.                                                        |
+| ```Method(`GET`, ...)```                                               | Check if the request method is one of the given `methods` (`GET`, `POST`, `PUT`, `DELETE`, `PATCH`)            |
+| ```Path(`/path`, `/articles/{category}/{id:[0-9]+}`, ...)```           | Match exact request path. It accepts a sequence of literal and regular expression paths.                       |
+| ```PathPrefix(`/products/`, `/articles/{category}/{id:[0-9]+}`)```     | Match request prefix path. It accepts a sequence of literal and regular expression prefix paths.               |
+| ```Query(`foo=bar`, `bar=baz`)```                                      | Match Query String parameters. It accepts a sequence of key=value pairs.                                       |

 !!! important "Regexp Syntax"

@@ -386,7 +386,7 @@ but there are exceptions for label-based providers.
 See the specific [docker](../providers/docker.md#service-definition), [rancher](../providers/rancher.md#service-definition),
 or [marathon](../providers/marathon.md#service-definition) documentation.

-!!! warning "The character `@` is not authorized in the middleware name."
+!!! warning "The character `@` is not authorized in the service name."

 !!! important "HTTP routers can only target HTTP services (not TCP services)."

@@ -580,7 +580,7 @@ http:
 ```

 !!! info "Multiple Hosts in a Rule"
-    The rule ```Host(`test1.traefik.io`,`test2.traefik.io`)``` will request a certificate with the main domain `test1.traefik.io` and SAN `test2.traefik.io`.
+    The rule ```Host(`test1.example.com`,`test2.example.com`)``` will request a certificate with the main domain `test1.example.com` and SAN `test2.example.com`.

 #### `domains`

@@ -654,7 +654,7 @@ If you want to limit the router scope to a set of entry points, set the entry po
    [tcp.routers]
      [tcp.routers.Router-1]
        # By default, routers listen to every entrypoints
-        rule = "HostSNI(`traefik.io`)"
+        rule = "HostSNI(`example.com`)"
        service = "service-1"
        # will route TLS requests (and ignore non tls requests)
        [tcp.routers.Router-1.tls]
@@ -667,7 +667,7 @@ If you want to limit the router scope to a set of entry points, set the entry po
      routers:
        Router-1:
          # By default, routers listen to every entrypoints
-          rule: "HostSNI(`traefik.io`)"
+          rule: "HostSNI(`example.com`)"
          service: "service-1"
          # will route TLS requests (and ignore non tls requests)
          tls: {}
@@ -716,7 +716,7 @@ If you want to limit the router scope to a set of entry points, set the entry po
      [tcp.routers.Router-1]
        # won't listen to entry point web
        entryPoints = ["websecure", "other"]
-        rule = "HostSNI(`traefik.io`)"
+        rule = "HostSNI(`example.com`)"
        service = "service-1"
        # will route TLS requests (and ignore non tls requests)
        [tcp.routers.Router-1.tls]
@@ -731,7 +731,7 @@ If you want to limit the router scope to a set of entry points, set the entry po
          entryPoints:
            - "websecure"
            - "other"
-          rule: "HostSNI(`traefik.io`)"
+          rule: "HostSNI(`example.com`)"
          service: "service-1"
          # will route TLS requests (and ignore non tls requests)
          tls: {}
--- a/docs/content/routing/services/index.md
+++ b/docs/content/routing/services/index.md
@@ -167,8 +167,12 @@ For now, only round robin load balancing is supported:

 #### Sticky sessions

-When sticky sessions are enabled, a cookie is set on the initial request to track which server handles the first response.
-On subsequent requests, the client is forwarded to the same server.
+When sticky sessions are enabled, a cookie is set on the initial request and response to let the client know which server handles the first response.
+On subsequent requests, to keep the session alive with the same server, the client should resend the same cookie.
+
+!!! info "Stickiness on multiple levels"
+
+    When chaining or mixing load-balancers (e.g. a load-balancer of servers is one of the "children" of a load-balancer of services), for stickiness to work all the way, the option needs to be specified at all required levels. Which means the client needs to send a cookie with as many key/value pairs as there are sticky levels.

 !!! info "Stickiness & Unhealthy Servers"

@@ -226,6 +230,80 @@ On subsequent requests, the client is forwarded to the same server.
                httpOnly: true
    ```

+??? example "Setting Stickiness on all the required levels -- Using the [File Provider](../../providers/file.md)"
+
+    ```toml tab="TOML"
+    ## Dynamic configuration
+    [http.services]
+      [http.services.wrr1]
+        [http.services.wrr1.weighted.sticky.cookie]
+          name = "lvl1"
+        [[http.services.wrr1.weighted.services]]
+          name = "whoami1"
+          weight = 1
+        [[http.services.wrr1.weighted.services]]
+          name = "whoami2"
+          weight = 1
+
+      [http.services.whoami1]
+        [http.services.whoami1.loadBalancer]
+          [http.services.whoami1.loadBalancer.sticky.cookie]
+            name = "lvl2"
+          [[http.services.whoami1.loadBalancer.servers]]
+            url = "http://127.0.0.1:8081"
+          [[http.services.whoami1.loadBalancer.servers]]
+            url = "http://127.0.0.1:8082"
+
+      [http.services.whoami2]
+        [http.services.whoami2.loadBalancer]
+          [http.services.whoami2.loadBalancer.sticky.cookie]
+            name = "lvl2"
+          [[http.services.whoami2.loadBalancer.servers]]
+            url = "http://127.0.0.1:8083"
+          [[http.services.whoami2.loadBalancer.servers]]
+            url = "http://127.0.0.1:8084"
+    ```
+
+    ```yaml tab="YAML"
+    ## Dynamic configuration
+    http:
+      services:
+        wrr1:
+          weighted:
+            sticky:
+              cookie:
+                name: lvl1
+            services:
+              - name: whoami1
+                weight: 1
+              - name: whoami2
+                weight: 1
+
+        whoami1:
+          loadBalancer:
+            sticky:
+              cookie:
+                name: lvl2
+            servers:
+              - url: http://127.0.0.1:8081
+              - url: http://127.0.0.1:8082
+
+        whoami2:
+          loadBalancer:
+            sticky:
+              cookie:
+                name: lvl2
+            servers:
+              - url: http://127.0.0.1:8083
+              - url: http://127.0.0.1:8084
+    ```
+
+    To keep a session open with the same server, the client would then need to specify the two levels within the cookie for each request, e.g. with curl:
+    
+    ```
+    curl -b "lvl1=whoami1; lvl2=http://127.0.0.1:8081" http://localhost:8000
+    ```
+
 #### Health Check

 Configure health check to remove unhealthy servers from the load balancing rotation.
--- a/docs/content/user-guides/crd-acme/04-ingressroutes.yml
+++ b/docs/content/user-guides/crd-acme/04-ingressroutes.yml
@@ -7,7 +7,7 @@ spec:
  entryPoints:
    - web
  routes:
-  - match: Host(`your.domain.com`) && PathPrefix(`/notls`)
+  - match: Host(`your.example.com`) && PathPrefix(`/notls`)
    kind: Rule
    services:
    - name: whoami
@@ -23,7 +23,7 @@ spec:
  entryPoints:
    - websecure
  routes:
-  - match: Host(`your.domain.com`) && PathPrefix(`/tls`)
+  - match: Host(`your.example.com`) && PathPrefix(`/tls`)
    kind: Rule
    services:
    - name: whoami
--- a/docs/content/user-guides/crd-acme/index.md
+++ b/docs/content/user-guides/crd-acme/index.md
@@ -97,11 +97,11 @@ Give it a few seconds for the ACME TLS challenge to complete, and you should the
 Both with or (just for fun, do not do that in production) without TLS:

 ```bash
-curl [-k] https://your.domain.com/tls
+curl [-k] https://your.example.com/tls
 ```

 ```bash
-curl [-k] http://your.domain.com:8000/notls
+curl http://your.example.com:8000/notls
 ```

 Note that you'll have to use `-k` as long as you're using the staging server of Let's Encrypt, since it is not an authorized certificate authority on systems where it hasn't been manually added.
--- a/docs/content/user-guides/docker-compose/acme-dns/docker-compose.yml
+++ b/docs/content/user-guides/docker-compose/acme-dns/docker-compose.yml
@@ -15,7 +15,7 @@ services:
      - "--certificatesresolvers.myresolver.acme.dnschallenge=true"
      - "--certificatesresolvers.myresolver.acme.dnschallenge.provider=ovh"
      #- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
-      - "--certificatesresolvers.myresolver.acme.email=postmaster@mydomain.com"
+      - "--certificatesresolvers.myresolver.acme.email=postmaster@example.com"
      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
    ports:
      - "80:80"
@@ -35,6 +35,6 @@ services:
    container_name: "simple-service"
    labels:
      - "traefik.enable=true"
-      - "traefik.http.routers.whoami.rule=Host(`whoami.mydomain.com`)"
+      - "traefik.http.routers.whoami.rule=Host(`whoami.example.com`)"
      - "traefik.http.routers.whoami.entrypoints=websecure"
      - "traefik.http.routers.whoami.tls.certresolver=myresolver"
--- a/docs/content/user-guides/docker-compose/acme-dns/docker-compose_secrets.yml
+++ b/docs/content/user-guides/docker-compose/acme-dns/docker-compose_secrets.yml
@@ -25,7 +25,7 @@ services:
      - "--certificatesresolvers.myresolver.acme.dnschallenge=true"
      - "--certificatesresolvers.myresolver.acme.dnschallenge.provider=ovh"
      #- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
-      - "--certificatesresolvers.myresolver.acme.email=postmaster@mydomain.com"
+      - "--certificatesresolvers.myresolver.acme.email=postmaster@example.com"
      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
    ports:
      - "80:80"
@@ -50,6 +50,6 @@ services:
    container_name: "simple-service"
    labels:
      - "traefik.enable=true"
-      - "traefik.http.routers.whoami.rule=Host(`whoami.mydomain.com`)"
+      - "traefik.http.routers.whoami.rule=Host(`whoami.example.com`)"
      - "traefik.http.routers.whoami.entrypoints=websecure"
      - "traefik.http.routers.whoami.tls.certresolver=myresolver"
--- a/docs/content/user-guides/docker-compose/acme-dns/index.md
+++ b/docs/content/user-guides/docker-compose/acme-dns/index.md
@@ -32,8 +32,8 @@ For the DNS challenge, you'll need:
      - "OVH_CONSUMER_KEY=[YOUR_OWN_VALUE]"
    ```

- Replace `postmaster@mydomain.com` by your **own email** within the `certificatesresolvers.myresolver.acme.email` command line argument of the `traefik` service.
- Replace `whoami.mydomain.com` by your **own domain** within the `traefik.http.routers.whoami.rule` label of the `whoami` service.
+- Replace `postmaster@example.com` by your **own email** within the `certificatesresolvers.myresolver.acme.email` command line argument of the `traefik` service.
+- Replace `whoami.example.com` by your **own domain** within the `traefik.http.routers.whoami.rule` label of the `whoami` service.
 - Optionally uncomment the following lines if you want to test/debug: 

 	```yaml
@@ -73,7 +73,7 @@ command:
  # Tell which provider to use
  - "--certificatesresolvers.myresolver.acme.dnschallenge.provider=ovh"
  # The email to provide to let's encrypt
-  - "--certificatesresolvers.myresolver.acme.email=postmaster@mydomain.com"
+  - "--certificatesresolvers.myresolver.acme.email=postmaster@example.com"
 ```

 - We provide the required configuration to our provider via environment variables: 
@@ -141,7 +141,7 @@ The point is to manage those secret files by another mean, and read them from th

 !!! Note

-    Still think about changing `postmaster@mydomain.com` & `whoami.mydomain.com` by your own values.
+    Still think about changing `postmaster@example.com` & `whoami.example.com` by your own values.

 Let's explain a bit what we just did:

--- a/docs/content/user-guides/docker-compose/acme-http/docker-compose.yml
+++ b/docs/content/user-guides/docker-compose/acme-http/docker-compose.yml
@@ -15,7 +15,7 @@ services:
      - "--certificatesresolvers.myresolver.acme.httpchallenge=true"
      - "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
      #- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
-      - "--certificatesresolvers.myresolver.acme.email=postmaster@mydomain.com"
+      - "--certificatesresolvers.myresolver.acme.email=postmaster@example.com"
      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
    ports:
      - "80:80"
@@ -30,6 +30,6 @@ services:
    container_name: "simple-service"
    labels:
      - "traefik.enable=true"
-      - "traefik.http.routers.whoami.rule=Host(`whoami.mydomain.com`)"
+      - "traefik.http.routers.whoami.rule=Host(`whoami.example.com`)"
      - "traefik.http.routers.whoami.entrypoints=websecure"
      - "traefik.http.routers.whoami.tls.certresolver=myresolver"
--- a/docs/content/user-guides/docker-compose/acme-http/index.md
+++ b/docs/content/user-guides/docker-compose/acme-http/index.md
@@ -18,8 +18,8 @@ For the HTTP challenge you will need:
 --8<-- "content/user-guides/docker-compose/acme-http/docker-compose.yml"
 ```

- Replace `postmaster@mydomain.com` by your **own email** within the `certificatesresolvers.myresolver.acme.email` command line argument of the `traefik` service.
- Replace `whoami.mydomain.com` by your **own domain** within the `traefik.http.routers.whoami.rule` label of the `whoami` service.
+- Replace `postmaster@example.com` by your **own email** within the `certificatesresolvers.myresolver.acme.email` command line argument of the `traefik` service.
+- Replace `whoami.example.com` by your **own domain** within the `traefik.http.routers.whoami.rule` label of the `whoami` service.
 - Optionally uncomment the following lines if you want to test/debug:

 	```yaml
@@ -59,7 +59,7 @@ command:
  # Tell it to use our predefined entrypoint named "web"
  - "--certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web"
  # The email to provide to let's encrypt
-  - "--certificatesresolvers.myresolver.acme.email=postmaster@mydomain.com"
+  - "--certificatesresolvers.myresolver.acme.email=postmaster@example.com"
 ```

 - We add a volume to store our certificates:
--- a/docs/content/user-guides/docker-compose/acme-tls/docker-compose.yml
+++ b/docs/content/user-guides/docker-compose/acme-tls/docker-compose.yml
@@ -13,7 +13,7 @@ services:
      - "--entrypoints.websecure.address=:443"
      - "--certificatesresolvers.myresolver.acme.tlschallenge=true"
      #- "--certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory"
-      - "--certificatesresolvers.myresolver.acme.email=postmaster@mydomain.com"
+      - "--certificatesresolvers.myresolver.acme.email=postmaster@example.com"
      - "--certificatesresolvers.myresolver.acme.storage=/letsencrypt/acme.json"
    ports:
      - "443:443"
@@ -27,6 +27,6 @@ services:
    container_name: "simple-service"
    labels:
      - "traefik.enable=true"
-      - "traefik.http.routers.whoami.rule=Host(`whoami.mydomain.com`)"
+      - "traefik.http.routers.whoami.rule=Host(`whoami.example.com`)"
      - "traefik.http.routers.whoami.entrypoints=websecure"
      - "traefik.http.routers.whoami.tls.certresolver=myresolver"
--- a/docs/content/user-guides/docker-compose/acme-tls/index.md
+++ b/docs/content/user-guides/docker-compose/acme-tls/index.md
@@ -18,8 +18,8 @@ For the TLS challenge you will need:
 --8<-- "content/user-guides/docker-compose/acme-tls/docker-compose.yml"
 ```

- Replace `postmaster@mydomain.com` by your **own email** within the `certificatesresolvers.myresolver.acme.email` command line argument of the `traefik` service.
- Replace `whoami.mydomain.com` by your **own domain** within the `traefik.http.routers.whoami.rule` label of the `whoami` service.
+- Replace `postmaster@example.com` by your **own email** within the `certificatesresolvers.myresolver.acme.email` command line argument of the `traefik` service.
+- Replace `whoami.example.com` by your **own domain** within the `traefik.http.routers.whoami.rule` label of the `whoami` service.
 - Optionally uncomment the following lines if you want to test/debug:

 	```yaml
--- a/go.mod
+++ b/go.mod
@@ -36,11 +36,11 @@ require (
 	github.com/fatih/structs v1.1.0
 	github.com/flynn/go-shlex v0.0.0-20150515145356-3f9db97f8568 // indirect
 	github.com/gambol99/go-marathon v0.0.0-20180614232016-99a156b96fb2
-	github.com/go-acme/lego/v3 v3.4.0
+	github.com/go-acme/lego/v3 v3.5.0
 	github.com/go-check/check v0.0.0-00010101000000-000000000000
 	github.com/go-kit/kit v0.9.0
 	github.com/gogo/protobuf v1.3.0 // indirect
-	github.com/golang/protobuf v1.3.3
+	github.com/golang/protobuf v1.3.4
 	github.com/google/go-github/v28 v28.1.1
 	github.com/googleapis/gnostic v0.1.0 // indirect
 	github.com/gorilla/mux v1.7.3
@@ -70,7 +70,7 @@ require (
 	github.com/pmezard/go-difflib v1.0.0
 	github.com/prometheus/client_golang v1.1.0
 	github.com/prometheus/client_model v0.0.0-20190812154241-14fe0d1b01d4
-	github.com/rancher/go-rancher-metadata v0.0.0-00010101000000-000000000000
+	github.com/rancher/go-rancher-metadata v0.0.0-20200311180630-7f4c936a06ac
 	github.com/sirupsen/logrus v1.4.2
 	github.com/stretchr/testify v1.5.1
 	github.com/stvp/go-udp-testing v0.0.0-20191102171040-06b61409b154
@@ -85,10 +85,9 @@ require (
 	github.com/vulcand/predicate v1.1.0
 	go.elastic.co/apm v1.7.0
 	go.elastic.co/apm/module/apmot v1.7.0
-	golang.org/x/crypto v0.0.0-20200221231518-2aa609cf4a9d // indirect
-	golang.org/x/net v0.0.0-20200222125558-5a598a2470a0
+	golang.org/x/net v0.0.0-20200301022130-244492dfa37a
 	golang.org/x/time v0.0.0-20191024005414-555d28b269f0
-	google.golang.org/grpc v1.23.1
+	google.golang.org/grpc v1.27.1
 	gopkg.in/DataDog/dd-trace-go.v1 v1.19.0
 	gopkg.in/fsnotify.v1 v1.4.7
 	gopkg.in/jcmturner/goidentity.v3 v3.0.0 // indirect
@@ -110,5 +109,4 @@ replace (
 	github.com/gorilla/mux => github.com/containous/mux v0.0.0-20181024131434-c33f32e26898
 	github.com/mailgun/minheap => github.com/containous/minheap v0.0.0-20190809180810-6e71eb837595
 	github.com/mailgun/multibuf => github.com/containous/multibuf v0.0.0-20190809014333-8b6c9a7e6bba
-	github.com/rancher/go-rancher-metadata => github.com/containous/go-rancher-metadata v0.0.0-20190402144056-c6a65f8b7a28
 )
--- a/go.sum
+++ b/go.sum
@@ -8,10 +8,21 @@ cloud.google.com/go v0.45.1/go.mod h1:RpBamKRgapWJb87xiFSdk4g1CME7QZg3uwTez+TSTj
 cloud.google.com/go v0.46.3/go.mod h1:a6bKKbmY7er1mI7TEI4lsAkts/mkhTSZK8w33B4RAg0=
 cloud.google.com/go v0.50.0 h1:0E3eE8MX426vUOs7aHfI7aN1BrIzzzf4ccKCSfSjGmc=
 cloud.google.com/go v0.50.0/go.mod h1:r9sluTvynVuxRIOHXQEHMFffphuXHOMZMycpNR5e6To=
+cloud.google.com/go v0.52.0/go.mod h1:pXajvRH/6o3+F9jDHZWQ5PbGhn+o8w9qiu/CffaVdO4=
+cloud.google.com/go v0.53.0/go.mod h1:fp/UouUEsRkN6ryDKNW/Upv/JBKnv6WDthjR6+vze6M=
+cloud.google.com/go v0.54.0 h1:3ithwDMr7/3vpAMXiH+ZQnYbuIsh+OPhUPMFC9enmn0=
+cloud.google.com/go v0.54.0/go.mod h1:1rq2OEkV3YMf6n/9ZvGWI3GWw0VoqH/1x2nd8Is/bPc=
 cloud.google.com/go/bigquery v1.0.1/go.mod h1:i/xbL2UlR5RvWAURpBYZTtm/cXjCha9lbfbpx4poX+o=
+cloud.google.com/go/bigquery v1.3.0/go.mod h1:PjpwJnslEMmckchkHFfq+HTD2DmtT67aNFKH1/VBDHE=
+cloud.google.com/go/bigquery v1.4.0/go.mod h1:S8dzgnTigyfTmLBfrtrhyYhwRxG72rYxvftPBK2Dvzc=
 cloud.google.com/go/datastore v1.0.0/go.mod h1:LXYbyblFSglQ5pkeyhO+Qmw7ukd3C+pD7TKLgZqpHYE=
+cloud.google.com/go/datastore v1.1.0/go.mod h1:umbIZjpQpHh4hmRpGhH4tLFup+FVzqBi1b3c64qFpCk=
 cloud.google.com/go/pubsub v1.0.1/go.mod h1:R0Gpsv3s54REJCy4fxDixWD93lHJMoZTyQ2kNxGRt3I=
+cloud.google.com/go/pubsub v1.1.0/go.mod h1:EwwdRX2sKPjnvnqCa270oGRyludottCI76h+R3AArQw=
+cloud.google.com/go/pubsub v1.2.0/go.mod h1:jhfEVHT8odbXTkndysNHCcx0awwzvfOlguIAii9o8iA=
 cloud.google.com/go/storage v1.0.0/go.mod h1:IhtSnM/ZTZV8YYJWCY8RULGVqBDmpoyjwiyrjsg+URw=
+cloud.google.com/go/storage v1.5.0/go.mod h1:tpKbwo567HUNpVclU5sGELwQWBDZ8gh0ZeosJ0Rtdos=
+cloud.google.com/go/storage v1.6.0/go.mod h1:N7U0C8pVQ/+NIKOBQyamJIeKQKkZ+mxpohlUTyfDhBk=
 contrib.go.opencensus.io/exporter/ocagent v0.4.12 h1:jGFvw3l57ViIVEPKKEUXPcLYIXJmQxLUh6ey1eJhwyc=
 contrib.go.opencensus.io/exporter/ocagent v0.4.12/go.mod h1:450APlNTSR6FrvC3CTRqYosuDstRB9un7SOx2k/9ckA=
 dmitri.shuralyov.com/gpu/mtl v0.0.0-20190408044501-666a987793e9/go.mod h1:H6x//7gZCb22OMCxBHrMx7a5I7Hp++hsVxbQ4BYO7hU=
@@ -90,8 +101,8 @@ github.com/VividCortex/gohistogram v1.0.0 h1:6+hBz+qvs0JOrrNhhmR7lFxo5sINxBCGXrd
 github.com/VividCortex/gohistogram v1.0.0/go.mod h1:Pf5mBqqDxYaXu3hDrrU+w6nw50o/4+TcAqDqk/vUH7g=
 github.com/abronan/valkeyrie v0.0.0-20200127174252-ef4277a138cd h1:UlQRt3CZdeD+WfDamDtdDDOu84CYbGIh9/B28TgzCZk=
 github.com/abronan/valkeyrie v0.0.0-20200127174252-ef4277a138cd/go.mod h1:2RUNONRAQ8bS1QcVJF3dYO/faiEro6NAAIQ6CqBkpD0=
-github.com/akamai/AkamaiOPEN-edgegrid-golang v0.9.0 h1:rXPPPxDA4GCPN0YWwyVHMzcxVpVg8gai2uGhJ3VqOSs=
-github.com/akamai/AkamaiOPEN-edgegrid-golang v0.9.0/go.mod h1:zpDJeKyp9ScW4NNrbdr+Eyxvry3ilGPewKoXw3XGN1k=
+github.com/akamai/AkamaiOPEN-edgegrid-golang v0.9.8 h1:6rJvj+NXjjauunLeS7uGy891F1cuAwsWKa9iGzTjz1s=
+github.com/akamai/AkamaiOPEN-edgegrid-golang v0.9.8/go.mod h1:aVvklgKsPENRkl29bNwrHISa1F+YLGTHArMxZMBqWM8=
 github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc=
 github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf/go.mod h1:ybxpYRFXyAe+OPACYpWeL0wqObRcbAqCMya13uyzqw0=
 github.com/aliyun/alibaba-cloud-sdk-go v0.0.0-20190808125512-07798873deee h1:NYqDBPkhVYt68W3yoGoRRi32i3MLx2ey7SFkJ1v/UI0=
@@ -123,6 +134,10 @@ github.com/cenkalti/backoff/v4 v4.0.0 h1:6VeaLF9aI+MAUQ95106HwWzYZgJJpZ4stumjj6R
 github.com/cenkalti/backoff/v4 v4.0.0/go.mod h1:eEew/i+1Q6OrCDZh3WiXYv3+nJwBASZ8Bog/87DQnVg=
 github.com/census-instrumentation/opencensus-proto v0.2.0 h1:LzQXZOgg4CQfE6bFvXGM30YZL1WW/M337pXml+GrcZ4=
 github.com/census-instrumentation/opencensus-proto v0.2.0/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
+github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU=
+github.com/chzyer/logex v1.1.10/go.mod h1:+Ywpsq7O8HXn0nuIou7OrIPyXbp3wmkHB+jjWRnGsAI=
+github.com/chzyer/readline v0.0.0-20180603132655-2972be24d48e/go.mod h1:nSuG5e5PlCu98SY8svDHJxuZscDgtXS6KTTbou5AhLI=
+github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMnBNeIyt5eFwwo7qiLfzFZmjNmxjkiQlU=
 github.com/circonus-labs/circonus-gometrics v2.3.1+incompatible/go.mod h1:nmEj6Dob7S7YxXgwXpfOuvO54S+tGdZdw9fuRZt25Ag=
 github.com/circonus-labs/circonusllhist v0.1.3/go.mod h1:kMXHVDlOchFAehlya5ePtbp5jckzBHf4XRpQvBOLI+I=
 github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw=
@@ -149,8 +164,6 @@ github.com/containous/check v0.0.0-20170915194414-ca0bf163426a h1:8esAQaPKjfntQR
 github.com/containous/check v0.0.0-20170915194414-ca0bf163426a/go.mod h1:eQOqZ7GoFsLxI7jFKLs7+Nv2Rm1x4FyK8d2NV+yGjwQ=
 github.com/containous/go-http-auth v0.4.1-0.20180112153951-65b0cdae8d7f h1:AgXgJSqQmsiNFW268OGe/y7Mn4jiCWaMUk05qser3Bo=
 github.com/containous/go-http-auth v0.4.1-0.20180112153951-65b0cdae8d7f/go.mod h1:dCmRGidPSLagL8D/2u7yIO6Y/8D/yuYX9EdKrnrhpCA=
-github.com/containous/go-rancher-metadata v0.0.0-20190402144056-c6a65f8b7a28 h1:YBo7nuGRif2QvUvqJuAEp8trX+5jnFj/8iAPJDe5U4k=
-github.com/containous/go-rancher-metadata v0.0.0-20190402144056-c6a65f8b7a28/go.mod h1:YTAhdMF+tmHPGF7v0uZJ22+XNY/jz1ZYdBCeTZnsrYU=
 github.com/containous/minheap v0.0.0-20190809180810-6e71eb837595 h1:aPspFRO6b94To3gl4yTDOEtpjFwXI7V2W+z0JcNljQ4=
 github.com/containous/minheap v0.0.0-20190809180810-6e71eb837595/go.mod h1:+lHFbEasIiQVGzhVDVw/cn0ZaOzde2OwNncp1NhXV4c=
 github.com/containous/multibuf v0.0.0-20190809014333-8b6c9a7e6bba h1:PhR03pep+5eO/9BSvCY9RyG8rjogB3uYS4X/WBYNTT8=
@@ -227,6 +240,8 @@ github.com/emicklei/go-restful v0.0.0-20170410110728-ff4f55a20633/go.mod h1:otzb
 github.com/emicklei/go-restful v2.9.5+incompatible h1:spTtZBk5DYEvbxMVutUuTyh1Ao2r4iyvLdACqsl/Ljk=
 github.com/emicklei/go-restful v2.9.5+incompatible/go.mod h1:otzb+WCGbkyDHkqmQmT5YD2WR4BBwUdeQoFo8l/7tVs=
 github.com/envoyproxy/go-control-plane v0.6.9/go.mod h1:SBwIajubJHhxtWwsL9s8ss4safvEdbitLhGGK48rN6g=
+github.com/envoyproxy/go-control-plane v0.9.1-0.20191026205805-5f8ba28d4473/go.mod h1:YTl/9mNaCwkRvm6d1a2C3ymFceY/DCBVvsKhRF0iEA4=
+github.com/envoyproxy/protoc-gen-validate v0.1.0/go.mod h1:iSmxcyjqTsJpI2R4NaDN7+kN2VEUnK/pcBlmesArF7c=
 github.com/evanphx/json-patch v4.2.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
 github.com/evanphx/json-patch v4.5.0+incompatible h1:ouOWdg56aJriqS0huScTkVXPC5IcNrDCXZ6OoTAWu7M=
 github.com/evanphx/json-patch v4.5.0+incompatible/go.mod h1:50XU6AFN0ol/bzJsmQLiYLvXMP4fmwYFNcr97nuDLSk=
@@ -246,14 +261,14 @@ github.com/gambol99/go-marathon v0.0.0-20180614232016-99a156b96fb2/go.mod h1:GLy
 github.com/ghodss/yaml v0.0.0-20150909031657-73d445a93680/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
 github.com/ghodss/yaml v1.0.0 h1:wQHKEahhL6wmXdzwWG11gIVCkOv05bNOh+Rxn0yngAk=
 github.com/ghodss/yaml v1.0.0/go.mod h1:4dBDuWmgqj2HViK6kFavaiC9ZROes6MMH2rRYeMEF04=
-github.com/go-acme/lego/v3 v3.4.0 h1:deB9NkelA+TfjGHVw8J7iKl/rMtffcGMWSMmptvMv0A=
-github.com/go-acme/lego/v3 v3.4.0/go.mod h1:xYbLDuxq3Hy4bMUT1t9JIuz6GWIWb3m5X+TeTHYaT7M=
+github.com/go-acme/lego/v3 v3.5.0 h1:/0+NJQK+hNwRznhCi+19lbEa4xufhe7wJZOVd5j486s=
+github.com/go-acme/lego/v3 v3.5.0/go.mod h1:TXodhTGOiWEqXDdgrzBoCtJ5R4L9lfOE68CTM0KGkT0=
 github.com/go-cmd/cmd v1.0.5/go.mod h1:y8q8qlK5wQibcw63djSl/ntiHUHXHGdCkPk0j4QeW4s=
 github.com/go-errors/errors v1.0.1 h1:LUHzmkK3GUKUrL/1gfBUxAHzcev3apQlezX/+O7ma6w=
 github.com/go-errors/errors v1.0.1/go.mod h1:f4zRHt4oKfwPJE5k8C9vpYG+aDHdBFUsgrm6/TyX73Q=
+github.com/go-gl/glfw v0.0.0-20190409004039-e6da0acd62b1/go.mod h1:vR7hzQXu2zJy9AVAgeJqvqgH9Q5CA+iKCZ2gyEVpxRU=
 github.com/go-gl/glfw/v3.3/glfw v0.0.0-20191125211704-12ad95a8df72/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
-github.com/go-ini/ini v1.44.0 h1:8+SRbfpRFlIunpSum4BEf1ClTtVjOgKzgBv9pHFkI6w=
-github.com/go-ini/ini v1.44.0/go.mod h1:ByCAeIL28uOIIG0E3PJtZPDL8WnHpFKFOtgjp+3Ies8=
+github.com/go-gl/glfw/v3.3/glfw v0.0.0-20200222043503-6f7a984d4dc4/go.mod h1:tQ2UAYgL5IevRw8kRxooKSPJfGvJ9fJQFa0TUsXzTg8=
 github.com/go-kit/kit v0.8.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
 github.com/go-kit/kit v0.9.0 h1:wDJmvq38kDhkVxi50ni9ykkdUr1PKgqKOoi01fa0Mdk=
 github.com/go-kit/kit v0.9.0/go.mod h1:xBxKIO96dXMWWy0MnWVtmwkA9/13aqxPnvrjFYMA2as=
@@ -297,11 +312,17 @@ github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903 h1:LbsanbbD6LieF
 github.com/golang/groupcache v0.0.0-20160516000752-02826c3e7903/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6 h1:ZgQEtGgCBiWRM39fZuwSd1LwSqqSW0hOdXCYYDX0R3I=
 github.com/golang/groupcache v0.0.0-20190702054246-869f871628b6/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/groupcache v0.0.0-20191227052852-215e87163ea7/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
+github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e h1:1r7pUrabqp18hOBcwBwiTsbnFeTZHV9eER/QT5JVZxY=
+github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc=
 github.com/golang/mock v1.1.1/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
 github.com/golang/mock v1.2.0 h1:28o5sBqPkBsMGnC6b4MvE2TzSr5/AT4c/1fLqVGIwlk=
 github.com/golang/mock v1.2.0/go.mod h1:oTYuIxOrZwtPieC+H1uAHpcLFnEyAGVDL/k47Jfbm0A=
 github.com/golang/mock v1.3.1 h1:qGJ6qTW+x6xX/my+8YUVl4WNpX9B7+/l2tRsHGZ7f2s=
 github.com/golang/mock v1.3.1/go.mod h1:sBzyDLLjw3U8JLTeZvSv8jJB+tU5PVekmnlKIyFUx0Y=
+github.com/golang/mock v1.4.0/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
+github.com/golang/mock v1.4.1 h1:ocYkMQY5RrXTYgXl7ICpV0IXwlEQGwKIsery4gyXa1U=
+github.com/golang/mock v1.4.1/go.mod h1:UOMv5ysSaYNkG+OFQykRIcU/QvvxJf3p21QfJ2Bt3cw=
 github.com/golang/protobuf v0.0.0-20161109072736-4bd1920723d7/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.2.0/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.1 h1:YF8+flBXS5eO826T4nzqPrxfhQThhXl0YzfuUPu4SBg=
@@ -310,6 +331,8 @@ github.com/golang/protobuf v1.3.2 h1:6nsPYzhq5kReh6QImI3k5qWzO4PEbvbIW2cwSfR/6xs
 github.com/golang/protobuf v1.3.2/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U=
 github.com/golang/protobuf v1.3.3 h1:gyjaxf+svBWX08ZjK86iN9geUJF0H6gp2IRKX6Nf6/I=
 github.com/golang/protobuf v1.3.3/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
+github.com/golang/protobuf v1.3.4 h1:87PNWwrRvUSnqS4dlcBU/ftvOIBep4sYuBLlh6rX2wk=
+github.com/golang/protobuf v1.3.4/go.mod h1:vzj43D7+SQXF/4pzW/hwtAqwc6iTitCiVSaWz5lYuqw=
 github.com/golang/snappy v0.0.0-20180518054509-2e65f85255db/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
 github.com/golang/snappy v0.0.1 h1:Qgr9rKW7uDUkrbSmQeiDsGa8SjGyCOGtuasMWwvp2P4=
 github.com/golang/snappy v0.0.1/go.mod h1:/XxbfmMg8lxefKM7IXC3fBNl/7bRcc72aCRzEWrmP2Q=
@@ -321,6 +344,8 @@ github.com/google/go-cmp v0.3.0 h1:crn/baboCvb5fXaQ0IJ1SGTsTVrWpDsCWC8EGETZijY=
 github.com/google/go-cmp v0.3.0/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
 github.com/google/go-cmp v0.3.1 h1:Xye71clBPdm5HgqGwUkwhbynsUJZhDbS20FvLhQ2izg=
 github.com/google/go-cmp v0.3.1/go.mod h1:8QqcDgzrUqlUb/G2PQTWiueGozuR1884gddMywk6iLU=
+github.com/google/go-cmp v0.4.0 h1:xsAVV57WRhGj6kEIi8ReJzQlHHqcBYCElAvkovg3B/4=
+github.com/google/go-cmp v0.4.0/go.mod h1:v8dTdLbMG2kIc/vJvl+f65V22dbkXbowE6jgT/gNBxE=
 github.com/google/go-github/v28 v28.1.1 h1:kORf5ekX5qwXO2mGzXXOjMe/g6ap8ahVe0sBEulhSxo=
 github.com/google/go-github/v28 v28.1.1/go.mod h1:bsqJWQX05omyWVmc00nEUql9mhQyv38lDZ8kPZcQVoM=
 github.com/google/go-querystring v1.0.0 h1:Xkwi/a1rcvNg1PPYe5vI8GbeBY/jrVuDX5ASuANWTrk=
@@ -331,6 +356,9 @@ github.com/google/gofuzz v1.0.0/go.mod h1:dBl0BpW6vV/+mYPU4Po3pmUjxk6FQPldtuIdl/
 github.com/google/martian v2.1.0+incompatible/go.mod h1:9I4somxYTbIHy5NJKHRl3wXiIaQGbYVAs8BPL6v8lEs=
 github.com/google/pprof v0.0.0-20181206194817-3ea8567a2e57/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
 github.com/google/pprof v0.0.0-20190515194954-54271f7e092f/go.mod h1:zfwlbNMJ+OItoe0UupaVj+oy1omPYYDuagoSzA8v9mc=
+github.com/google/pprof v0.0.0-20191218002539-d4f498aebedc/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
+github.com/google/pprof v0.0.0-20200212024743-f11f1df84d12/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
+github.com/google/pprof v0.0.0-20200229191704-1ebb73c60ed3/go.mod h1:ZgVRPoUq/hfqzAqh7sHMqb3I9Rq5C59dIz2SbBwJ4eM=
 github.com/google/renameio v0.1.0/go.mod h1:KWCgfxg9yswjAJkECMjeO8J8rahYeXnNhOm40UhjYkI=
 github.com/google/uuid v1.1.1 h1:Gkbcsh/GbpXz7lPftLA3P6TYMwjCLYm83jiFQZF/3gY=
 github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo=
@@ -398,9 +426,8 @@ github.com/hashicorp/go-version v1.2.0 h1:3vNe/fWF5CBgRIguda1meWhsZHy3m8gCJ5wx+d
 github.com/hashicorp/go-version v1.2.0/go.mod h1:fltr4n8CU8Ke44wwGCBoEymUuxUHl09ZGVZPK5anwXA=
 github.com/hashicorp/go.net v0.0.1/go.mod h1:hjKkEWcCURg++eb33jQU7oqQcI9XDCnUzHA0oac0k90=
 github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
+github.com/hashicorp/golang-lru v0.5.1 h1:0hERBMJE1eitiLkihrMvRVBYAkpHzc/J3QdDN+dAcgU=
 github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8=
-github.com/hashicorp/golang-lru v0.5.3 h1:YPkqC67at8FYaadspW/6uE0COsBxS2656RLEr8Bppgk=
-github.com/hashicorp/golang-lru v0.5.3/go.mod h1:iADmTwqILo4mZ8BN3D2Q6+9jd8WM5uGBxy+E8yxSoD4=
 github.com/hashicorp/logutils v1.0.0/go.mod h1:QIAnNjmIWmVIIkWDTG1z5v++HQmx9WQRO+LraFDTW64=
 github.com/hashicorp/mdns v1.0.0/go.mod h1:tL+uN++7HEJ6SQLQ2/p+z2pH24WQKWjBPkE0mNTz8vQ=
 github.com/hashicorp/memberlist v0.1.3/go.mod h1:ajVTdAv/9Im8oMAAj5G31PhhMCZJV2pPBoIllUwCN7I=
@@ -412,6 +439,7 @@ github.com/hpcloud/tail v1.0.0 h1:nfCOvKYfkgYP8hkirhJocXT2+zOD8yUNjXaWfTlyFKI=
 github.com/hpcloud/tail v1.0.0/go.mod h1:ab1qPbhIpdTxEkNHXyeSf5vhxWSCs/tWer42PpOxQnU=
 github.com/huandu/xstrings v1.2.0 h1:yPeWdRnmynF7p+lLYz0H2tthW9lqhMJrQV/U7yy4wX0=
 github.com/huandu/xstrings v1.2.0/go.mod h1:DvyZB1rfVYsBIigL8HwpZgxHwXozlTgGqn63UyNX5k4=
+github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc=
 github.com/iij/doapi v0.0.0-20190504054126-0bbf12d6d7df h1:MZf03xP9WdakyXhOWuAD5uPK3wHh96wCsqe3hCMKh8E=
 github.com/iij/doapi v0.0.0-20190504054126-0bbf12d6d7df/go.mod h1:QMZY7/J/KSQEhKWFeDesPjMj+wCHReeknARU3wqlyN4=
 github.com/imdario/mergo v0.3.5 h1:JboBksRwiiAJWvIYJVo46AfV+IAIKZpfrSzVKj42R4Q=
@@ -438,6 +466,7 @@ github.com/json-iterator/go v1.1.7/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/u
 github.com/json-iterator/go v1.1.8 h1:QiWkFLKq0T7mpzwOTu6BzNDbfTE8OLrYhVKYMLF46Ok=
 github.com/json-iterator/go v1.1.8/go.mod h1:KdQUCv79m/52Kvf8AW2vK1V8akMuk1QjK/uOdHXbAo4=
 github.com/jstemmer/go-junit-report v0.0.0-20190106144839-af01ea7f8024/go.mod h1:6v2b51hI/fHJwM22ozAgKL4VKDeJcHhJFhtBdhmNjmU=
+github.com/jstemmer/go-junit-report v0.9.1/go.mod h1:Brl9GWCQeLvo8nXZwPNNblvFj/XSXhF0NWZEnDohbsk=
 github.com/jtolds/gls v4.20.0+incompatible h1:xdiiI2gbIgH/gLH7ADydsJ1uDOEzR8yvV7C0MuV77Wo=
 github.com/jtolds/gls v4.20.0+incompatible/go.mod h1:QJZ7F/aHp+rZTRtaJ1ow/lLfFfVYBRgL+9YlvaHOwJU=
 github.com/julienschmidt/httprouter v1.2.0/go.mod h1:SYymIcj16QtmaHHD7aYtjjsJG7VTCxuUUipMqKk8s4w=
@@ -493,8 +522,6 @@ github.com/mattn/go-tty v0.0.0-20180219170247-931426f7535a/go.mod h1:XPvLUNfbS4f
 github.com/matttproud/golang_protobuf_extensions v1.0.1 h1:4hp9jkHxhMHkqkrB3Ix0jegS5sx/RkqARlsWZ6pIwiU=
 github.com/matttproud/golang_protobuf_extensions v1.0.1/go.mod h1:D8He9yQNgCq6Z5Ld7szi9bcBfOoFv/3dc6xSMkL2PC0=
 github.com/miekg/dns v1.0.14/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg=
-github.com/miekg/dns v1.1.15 h1:CSSIDtllwGLMoA6zjdKnaE6Tx6eVUxQ29LUgGetiDCI=
-github.com/miekg/dns v1.1.15/go.mod h1:W1PPwlIAgtquWBMBEV9nkV9Cazfe8ScdGz/Lj7v3Nrg=
 github.com/miekg/dns v1.1.27 h1:aEH/kqUzUxGJ/UHcEKdJY+ugH6WEzsEBBSPa8zuy1aM=
 github.com/miekg/dns v1.1.27/go.mod h1:KNUDUusw/aVsxyTYZM1oqvCicbwhgbNgztCETuNZ7xM=
 github.com/mitchellh/cli v1.0.0/go.mod h1:hNIlj7HEI86fIcpObd7a0FcrxTWetlwJDGcceTlRvqc=
@@ -531,8 +558,8 @@ github.com/namedotcom/go v0.0.0-20180403034216-08470befbe04 h1:o6uBwrhM5C8Ll3MAA
 github.com/namedotcom/go v0.0.0-20180403034216-08470befbe04/go.mod h1:5sN+Lt1CaY4wsPvgQH/jsuJi4XO2ssZbdsIizr4CVC8=
 github.com/nbio/st v0.0.0-20140626010706-e9e8d9816f32 h1:W6apQkHrMkS0Muv8G/TipAy/FJl/rCYT0+EuS8+Z0z4=
 github.com/nbio/st v0.0.0-20140626010706-e9e8d9816f32/go.mod h1:9wM+0iRr9ahx58uYLpLIr5fm8diHn0JbqRycJi6w0Ms=
-github.com/nrdcg/auroradns v1.0.0 h1:b+NpSqNG6HzMqX2ohGQe4Q/G0WQq8pduWCiZ19vdLY8=
-github.com/nrdcg/auroradns v1.0.0/go.mod h1:6JPXKzIRzZzMqtTDgueIhTi6rFf1QvYE/HzqidhOhjw=
+github.com/nrdcg/auroradns v1.0.1 h1:m/kBq83Xvy3cU261MOknd8BdnOk12q4lAWM+kOdsC2Y=
+github.com/nrdcg/auroradns v1.0.1/go.mod h1:y4pc0i9QXYlFCWrhWrUSIETnZgrf4KuwjDIWmmXo3JI=
 github.com/nrdcg/dnspod-go v0.4.0 h1:c/jn1mLZNKF3/osJ6mz3QPxTudvPArXTjpkmYj0uK6U=
 github.com/nrdcg/dnspod-go v0.4.0/go.mod h1:vZSoFSFeQVm2gWLMkyX61LZ8HI3BaqtHZWgPTGKr6KQ=
 github.com/nrdcg/goinwx v0.6.1 h1:AJnjoWPELyCtofhGcmzzcEMFd9YdF2JB/LgutWsWt/s=
@@ -628,6 +655,8 @@ github.com/prometheus/procfs v0.0.3/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDa
 github.com/prometheus/procfs v0.0.5 h1:3+auTFlqw+ZaQYJARz6ArODtkaIwtvBTx3N2NehQlL8=
 github.com/prometheus/procfs v0.0.5/go.mod h1:4A/X28fw3Fc593LaREMrKMqOKvUAntwMDaekg4FpcdQ=
 github.com/rainycape/memcache v0.0.0-20150622160815-1031fa0ce2f2/go.mod h1:7tZKcyumwBO6qip7RNQ5r77yrssm9bfCowcLEBcU5IA=
+github.com/rancher/go-rancher-metadata v0.0.0-20200311180630-7f4c936a06ac h1:wBGhHdXKICZmvAPWS8gQoMyOWDH7QAi9bU4Z1nDWnFU=
+github.com/rancher/go-rancher-metadata v0.0.0-20200311180630-7f4c936a06ac/go.mod h1:67sLWL17mVlO1HFROaTBmU71NB4R8UNCesFHhg0f6LQ=
 github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a h1:9ZKAASQSHhDYGoxY8uLVpewe1GDZ2vu2Tr/vTdVAkFQ=
 github.com/rcrowley/go-metrics v0.0.0-20181016184325-3113b8401b8a/go.mod h1:bCqnVzQkZxMG4s8nGwiZ5l3QUCyqpo9Y+/ZMZ9VjZe4=
 github.com/remyoudompheng/bigfft v0.0.0-20170806203942-52369c62f446/go.mod h1:uYEyJGbgTkfkS4+E/PavXkNJcbFIpEtjt2B0KDQ5+9M=
@@ -654,6 +683,8 @@ github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d h1:zE9ykE
 github.com/smartystreets/assertions v0.0.0-20180927180507-b2de0cb4f26d/go.mod h1:OnSkiWE9lh6wB0YB77sQom3nweQdgAjqCqsofrRNTgc=
 github.com/smartystreets/goconvey v0.0.0-20190330032615-68dc04aab96a h1:pa8hGb/2YqsZKovtsgrwcDH1RZhVbTKCjLp47XpqCDs=
 github.com/smartystreets/goconvey v0.0.0-20190330032615-68dc04aab96a/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
+github.com/smartystreets/goconvey v1.6.4 h1:fv0U8FUIMPNf1L9lnHLvLhgicrIVChEkdzIKYqbNC9s=
+github.com/smartystreets/goconvey v1.6.4/go.mod h1:syvi0/a8iFYH4r/RixwvyeAJjdLS9QV7WQ/tjFTllLA=
 github.com/soheilhy/cmux v0.1.4 h1:0HKaf1o97UwFjHH9o5XsHUOF+tqmdA7KEzXLpiyaw0E=
 github.com/soheilhy/cmux v0.1.4/go.mod h1:IM3LyeVVIOuxMH7sFAkER9+bJ4dT7Ms6E4xg4kGIyLM=
 github.com/spf13/afero v1.2.2/go.mod h1:9ZxEEn6pIJ8Rxe320qSDBk6AsU0r9pR7Q4OcevTdifk=
@@ -714,8 +745,8 @@ github.com/xeipuuv/gojsonpointer v0.0.0-20180127040702-4e3ac2762d5f/go.mod h1:N2
 github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHovont7NscjpAxXsDA8S8BMYve8Y5+7cuRE7R0=
 github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415/go.mod h1:GwrjFmJcFw6At/Gs6z4yjiIwzuJ1/+UwLxMQDVQXShQ=
 github.com/xeipuuv/gojsonschema v0.0.0-20180618132009-1d523034197f/go.mod h1:5yf86TLmAcydyeJq5YvxkGPE2fm/u4myDekKRoLuqhs=
-github.com/xeipuuv/gojsonschema v1.1.0 h1:ngVtJC9TY/lg0AA/1k48FYhBrhRoFlEmWzsehpNAaZg=
-github.com/xeipuuv/gojsonschema v1.1.0/go.mod h1:5yf86TLmAcydyeJq5YvxkGPE2fm/u4myDekKRoLuqhs=
+github.com/xeipuuv/gojsonschema v1.2.0 h1:LhYJRs+L4fBtjZUfuSZIKGeVu0QRy8e5Xi7D17UxZ74=
+github.com/xeipuuv/gojsonschema v1.2.0/go.mod h1:anYRn/JVcOK2ZgGU+IjEV4nwlhoK5sQluxsYJ78Id3Y=
 github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2 h1:eY9dn8+vbi4tKz5Qo6v2eYzo7kUS51QINcR5jNpbZS8=
 github.com/xiang90/probing v0.0.0-20190116061207-43a291ad63a2/go.mod h1:UETIi67q53MR2AWcXfiuqkDkRtnGDLqkBTpCHuJHxtU=
 go.elastic.co/apm v1.7.0 h1:vd4ncfZ/Y2GIsWW7aFR4uQdqmfUbuHfUhglqOqEwrUI=
@@ -736,6 +767,9 @@ go.opencensus.io v0.21.0 h1:mU6zScU4U1YAFPHEHYk+3JC4SY7JxgkqS10ZOSyksNg=
 go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU=
 go.opencensus.io v0.22.0 h1:C9hSCOW830chIVkdja34wa6Ky+IzWllkUinR+BtRZd4=
 go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8=
+go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
+go.opencensus.io v0.22.3 h1:8sGtKOrtQqkN1bp2AtX+misvLIlOmsEsNd+9NIcPEm8=
+go.opencensus.io v0.22.3/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw=
 go.uber.org/atomic v1.3.2 h1:2Oa65PReHzfn29GpvgsYwloV9AVFHPDk8tYxt2c2tr4=
 go.uber.org/atomic v1.3.2/go.mod h1:gD2HeocX3+yG+ygLZcrzQJaqmWj9AIm7n08wl/qW/PE=
 go.uber.org/atomic v1.4.0 h1:cxzIVoETapQEqDhQu3QfnvXAV4AlzcvUCxkVUFw3+EU=
@@ -760,8 +794,8 @@ golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4 h1:HuIa8hRrWRSrqYzx1qI49N
 golang.org/x/crypto v0.0.0-20190701094942-4def268fd1a4/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20190820162420-60c769a6c586/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
 golang.org/x/crypto v0.0.0-20191011191535-87dc89f01550/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI=
-golang.org/x/crypto v0.0.0-20200221231518-2aa609cf4a9d h1:1ZiEyfaQIg3Qh0EoqpwAakHVhecoE5wlSg5GjnafJGw=
-golang.org/x/crypto v0.0.0-20200221231518-2aa609cf4a9d/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
+golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073 h1:xMPOj6Pz6UipU1wXLkrtqpHbR0AVFnyPEQq/wRWz9lM=
+golang.org/x/crypto v0.0.0-20200302210943-78000ba7a073/go.mod h1:LzIPMQfyMNhhGPhUkYOs5KpL4U8rLKemX1yGLhDgUto=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190125153040-c74c464bbbf2/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
@@ -769,8 +803,14 @@ golang.org/x/exp v0.0.0-20190312203227-4b39c73a6495 h1:I6A9Ag9FpEKOjcKrRNjQkPHaw
 golang.org/x/exp v0.0.0-20190312203227-4b39c73a6495/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
 golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8=
 golang.org/x/exp v0.0.0-20190829153037-c13cbed26979/go.mod h1:86+5VVa7VpoJ4kLfm080zCjGlMRFzhUhsZKEZO7MGek=
+golang.org/x/exp v0.0.0-20191030013958-a1ab85dbe136/go.mod h1:JXzH8nQsPlswgeRAPE3MuO9GYsAcnJvJ4vnMwN/5qkY=
 golang.org/x/exp v0.0.0-20191129062945-2f5052295587 h1:5Uz0rkjCFu9BC9gCRN7EkwVvhNyQgGWb8KNJrPwBoHY=
 golang.org/x/exp v0.0.0-20191129062945-2f5052295587/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
+golang.org/x/exp v0.0.0-20191227195350-da58074b4299/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
+golang.org/x/exp v0.0.0-20200119233911-0405dc783f0a/go.mod h1:2RIsYlXP63K8oxa1u096TMicItID8zy7Y6sNkU49FU4=
+golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EHIKF9dgMWnmCNThgcyBT1FY9mM=
+golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6 h1:QE6XYQK6naiK1EPAe1g/ILLxN5RBoH5xkJk3CqlMI/Y=
+golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU=
 golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js=
 golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
@@ -779,12 +819,18 @@ golang.org/x/lint v0.0.0-20190301231843-5614ed5bae6f/go.mod h1:UVdnD1Gm6xHRNCYTk
 golang.org/x/lint v0.0.0-20190313153728-d0100b6bd8b3/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
 golang.org/x/lint v0.0.0-20190409202823-959b441ac422/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
 golang.org/x/lint v0.0.0-20190909230951-414d861bb4ac/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
+golang.org/x/lint v0.0.0-20190930215403-16217165b5de/go.mod h1:6SW0HCj/g11FgYtHlgUYUwCkIfeOF89ocIRzGO/8vkc=
 golang.org/x/lint v0.0.0-20191125180803-fdd1cda4f05f/go.mod h1:5qLYkcX4OjUUV8bRuDixDT3tpyyb+LUpUlRWLxfhWrs=
+golang.org/x/lint v0.0.0-20200130185559-910be7a94367/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
+golang.org/x/lint v0.0.0-20200302205851-738671d3881b/go.mod h1:3xt1FjdF8hUf6vQPIChWIBhFzV8gjjsPE/fR3IyQdNY=
 golang.org/x/mobile v0.0.0-20190312151609-d3739f865fa6/go.mod h1:z+o9i4GpDbdi3rU15maQ/Ox0txvL9dWGYEHz965HBQE=
 golang.org/x/mobile v0.0.0-20190719004257-d2bd2a29d028/go.mod h1:E/iHnbuqvinMTCcRqshq8CkpyQDoeVncDDYHnLhea+o=
 golang.org/x/mod v0.0.0-20190513183733-4bf6d317e70e/go.mod h1:mXi4GBBbnImb6dmsKGUJ2LatrhH/nqhxcFungHvyanc=
 golang.org/x/mod v0.1.0/go.mod h1:0QHyrYULN0/3qlju5TqG8bIK38QM8yzMo5ekMj3DlcY=
 golang.org/x/mod v0.1.1-0.20191105210325-c90efee705ee/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
+golang.org/x/mod v0.1.1-0.20191107180719-034126e5016b/go.mod h1:QqPTAvyqsEbceGzBzNggFXnrqF1CaUcvgkdR5Ot7KZg=
+golang.org/x/mod v0.2.0 h1:KU7oHjnv3XNWfa5COkzUifxZmxp1TyI7ImMXqFxLwvQ=
+golang.org/x/mod v0.2.0/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA=
 golang.org/x/net v0.0.0-20170114055629-f2499483f923/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180611182652-db08ff08e862/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
 golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4=
@@ -811,14 +857,21 @@ golang.org/x/net v0.0.0-20190923162816-aa69164e4478/go.mod h1:z5CRVTTTmAJ677TzLL
 golang.org/x/net v0.0.0-20190930134127-c5a3c61f89f3 h1:6KET3Sqa7fkVfD63QnAM81ZeYg5n4HwApOJkufONnHA=
 golang.org/x/net v0.0.0-20190930134127-c5a3c61f89f3/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20191004110552-13f9640d40b9/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
-golang.org/x/net v0.0.0-20191027093000-83d349e8ac1a h1:Yu34BogBivvmu7SAzHHaB9nZWH5D1C+z3F1jyIaYZSQ=
-golang.org/x/net v0.0.0-20191027093000-83d349e8ac1a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20191209160850-c0dbc17a3553/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200114155413-6afb5195e5aa/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200202094626-16171245cfb2/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/net v0.0.0-20200222125558-5a598a2470a0 h1:MsuvTghUPjX762sGLnGsxC3HM0B5r83wEtYcYR8/vRs=
 golang.org/x/net v0.0.0-20200222125558-5a598a2470a0/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200226121028-0de0cce0169b/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
+golang.org/x/net v0.0.0-20200301022130-244492dfa37a h1:GuSPYbZzB5/dcLNCwLQLsg3obCJtX9IJhpXkvY7kzk0=
+golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s=
 golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U=
 golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45 h1:SVwTIAaPC2U/AvvLNZ2a7OVsmBpC8L5BlwK1whH3hm0=
 golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
+golang.org/x/oauth2 v0.0.0-20191202225959-858c2ad4c8b6/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
+golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d h1:TzXSXBo42m9gQenoE3b9BGiEpg5IG2JkU5FkPIawgtw=
+golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw=
 golang.org/x/sync v0.0.0-20180314180146-1d60e4601c6f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181108010431-42b317875d0f/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
 golang.org/x/sync v0.0.0-20181221193216-37e7f081c4d4/go.mod h1:RxMgew5VJxzue5/jJTE5uejpjVlOe/izrB70Jof72aM=
@@ -856,10 +909,20 @@ golang.org/x/sys v0.0.0-20190826190057-c7b8b68b1456/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20190916202348-b4ddaad3f8a3/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20190924154521-2837fb4f24fe h1:6fAMxZRR6sl1Uq8U61gxU+kPTs2tR8uOySCbBP7BN/M=
 golang.org/x/sys v0.0.0-20190924154521-2837fb4f24fe/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191001151750-bb3f8db39f24/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191025021431-6c3a3bfe00ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e h1:9vRrk9YW2BTzLP0VCB9ZDjU4cPqkg+IDWL7XgxA1yxQ=
 golang.org/x/sys v0.0.0-20191204072324-ce4227a45e2e/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20191228213918-04cbcbbfeed8/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200113162924-86b910548bc1/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200122134326-e047566fdf82/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200202164722-d101bd2416d5/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200212091648-12a6c2dcc1e4/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200223170610-d5e6a3e2c0ae/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
+golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527 h1:uYVVQ9WP/Ds2ROhcaGPeIdVq0RIXVLwsHlnvJ+cT1So=
+golang.org/x/sys v0.0.0-20200302150141-5c8b2ff67527/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs=
 golang.org/x/text v0.0.0-20160726164857-2910a502d2bf/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
+golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2 h1:tW2bmiBqwgJj/UpqtC8EpXEZVYOwU0yG4iWbprSVAcs=
@@ -896,14 +959,30 @@ golang.org/x/tools v0.0.0-20190816200558-6889da9d5479/go.mod h1:b+2E5dAYhXwXZwtn
 golang.org/x/tools v0.0.0-20190911174233-4f2ddba30aff/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20190920225731-5eefd052ad72/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191012152004-8de300cfc20a/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191113191852-77e3bb0ad9e7/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191115202509-3a792d9c32b2/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191119224855-298f0cb1881e/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191125144606-a911d9008d1f/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
+golang.org/x/tools v0.0.0-20191130070609-6e064ea0cf2d/go.mod h1:b+2E5dAYhXwXZwtnZ6UAqBI28+e2cm9otk0dWdXHAEo=
 golang.org/x/tools v0.0.0-20191216052735-49a3e744a425/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
 golang.org/x/tools v0.0.0-20191216173652-a0e659d51361 h1:RIIXAeV6GvDBuADKumTODatUqANFZ+5BPMnzsy4hulY=
 golang.org/x/tools v0.0.0-20191216173652-a0e659d51361/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20191227053925-7b8e75db28f4/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200117161641-43d50277825c/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200122220014-bf1340f18c4a/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200130002326-2f3ba24bd6e7/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200204074204-1cc6d1ef6c74/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200207183749-b753a1ba74fa/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200212150539-ea181f53ac56/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200224181240-023911ca70b2/go.mod h1:TB2adYChydJhpapKDTa4BR/hXlZSLoq2Wpct/0txZ28=
+golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb h1:iKlO7ROJc6SttHKlxzwGytRtBUqX4VARrNTgP2YLX5M=
+golang.org/x/tools v0.0.0-20200304193943-95d2e580d8eb/go.mod h1:o4KQGtdN14AW+yjsvvwRTJJuXz8XRtIHtEnmAXLyFUw=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7 h1:9zdDQZ7Thm29KFXgAX/+yaf3eVbP7djjWp/dXAppNCc=
 golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898 h1:/atklqdjdhuosWIl6AIbOeHJjicWYPqR9bpxqxYG2pA=
 golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543 h1:E7g+9GITq07hpfrRu66IVDexMakfv52eLZ2CXBWiKr4=
+golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0=
 gonum.org/v1/gonum v0.0.0-20190331200053-3d26580ed485 h1:OB/uP/Puiu5vS5QMRPrXCDWUPb+kt8f1KW8oQzFejQw=
 gonum.org/v1/gonum v0.0.0-20190331200053-3d26580ed485/go.mod h1:2ltnJ7xHfj0zHS40VVPYEAAMTa3ZGguvHGBSJeRWqE0=
 gonum.org/v1/netlib v0.0.0-20190313105609-8cb42192e0e0/go.mod h1:wa6Ws7BG/ESfp6dHfk7C6KdzKA7wR7u/rKwOGE66zvw=
@@ -915,14 +994,22 @@ google.golang.org/api v0.7.0/go.mod h1:WtwebWUNSVBH/HAw79HIFXZNqEvBhG+Ra+ax0hx3E
 google.golang.org/api v0.8.0 h1:VGGbLNyPF7dvYHhcUGYBBGCRDDK0RRJAI6KCvo0CL+E=
 google.golang.org/api v0.8.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
 google.golang.org/api v0.9.0/go.mod h1:o4eAsZoiT+ibD93RtjEohWalFOjRDx6CVaqeizhEnKg=
+google.golang.org/api v0.13.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
 google.golang.org/api v0.14.0 h1:uMf5uLi4eQMRrMKhCplNik4U4H8Z6C1br3zOtAa/aDE=
 google.golang.org/api v0.14.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
+google.golang.org/api v0.15.0/go.mod h1:iLdEw5Ide6rF15KTC1Kkl0iskquN2gFfn9o9XIsbkAI=
+google.golang.org/api v0.17.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
+google.golang.org/api v0.18.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
+google.golang.org/api v0.20.0 h1:jz2KixHX7EcCPiQrySzPdnYT7DbINAypCqKZ1Z7GM40=
+google.golang.org/api v0.20.0/go.mod h1:BwFmGc8tA3vsd7r/7kR8DY7iEEGSU04BFxCo5jP/sfE=
 google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM=
 google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.5.0 h1:KxkO13IPW4Lslp2bz+KHP2E3gtFlrIGNThxkZQ3g+4c=
 google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4=
 google.golang.org/appengine v1.6.1 h1:QzqyMA1tlu6CgqCDUtU9V+ZKhLFT2dkJuANu5QaxI3I=
 google.golang.org/appengine v1.6.1/go.mod h1:i06prIuMbXzDqacNJfV5OdTW448YApPu5ww/cMBSeb0=
+google.golang.org/appengine v1.6.5 h1:tycE03LOZYQNhDpS27tcQdAzLCVMaj7QT2SXxebnpCM=
+google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc=
 google.golang.org/genproto v0.0.0-20180817151627-c66870c02cf8/go.mod h1:JiN7NxoALGmiZfu7CAH4rXhgtRTLTxftemlI0sWmxmc=
 google.golang.org/genproto v0.0.0-20190307195333-5fe7a883aa19/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
 google.golang.org/genproto v0.0.0-20190418145605-e7d98fc518a7/go.mod h1:VzzqZJRnGkLBvHegQrXjBqPurQTc5/KpmUdxsrq26oE=
@@ -932,8 +1019,18 @@ google.golang.org/genproto v0.0.0-20190502173448-54afdca5d873/go.mod h1:VzzqZJRn
 google.golang.org/genproto v0.0.0-20190801165951-fa694d86fc64/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
 google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55/go.mod h1:DMBHOl98Agz4BDEuKkezgsaosCRResVns1a3J2ZsMNc=
 google.golang.org/genproto v0.0.0-20190911173649-1774047e7e51/go.mod h1:IbNlFCBrqXvoKpeg0TB2l7cyZUmoaFKYIwrEpbDKLA8=
+google.golang.org/genproto v0.0.0-20191108220845-16a3f7862a1a/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
+google.golang.org/genproto v0.0.0-20191115194625-c23dd37a84c9/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
 google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1 h1:aQktFqmDE2yjveXJlVIfslDFmFnUXSqG0i6KRcJAeMc=
 google.golang.org/genproto v0.0.0-20191216164720-4f79533eabd1/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
+google.golang.org/genproto v0.0.0-20191230161307-f3c370f40bfb/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
+google.golang.org/genproto v0.0.0-20200115191322-ca5a22157cba/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
+google.golang.org/genproto v0.0.0-20200122232147-0452cf42e150/go.mod h1:n3cpQtvxv34hfy77yVDNjmbRyujviMdxYliBSkLhpCc=
+google.golang.org/genproto v0.0.0-20200204135345-fa8e72b47b90/go.mod h1:GmwEX6Z4W5gMy59cAlVYjN9JhxgbQH6Gn+gFDQe2lzA=
+google.golang.org/genproto v0.0.0-20200212174721-66ed5ce911ce/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200224152610-e50cd9704f63/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
+google.golang.org/genproto v0.0.0-20200305110556-506484158171 h1:xes2Q2k+d/+YNXVw0FpZkIDJiaux4OVrRKXRAzH6A0U=
+google.golang.org/genproto v0.0.0-20200305110556-506484158171/go.mod h1:55QSHmfGQM9UVYDPBsyGGes0y52j32PQ3BqQfXhyH3c=
 google.golang.org/grpc v1.17.0/go.mod h1:6QZJwpn2B+Zp71q/5VxRsJ6NXXVCE5NRUHRo+f3cWCs=
 google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
 google.golang.org/grpc v1.19.1/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c=
@@ -943,8 +1040,11 @@ google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiq
 google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM=
 google.golang.org/grpc v1.22.1 h1:/7cs52RnTJmD43s3uxzlq2U7nqVTd/37viQwMrMNlOM=
 google.golang.org/grpc v1.22.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
-google.golang.org/grpc v1.23.1 h1:q4XQuHFC6I28BKZpo6IYyb3mNO+l7lSOxRuYTCiDfXk=
-google.golang.org/grpc v1.23.1/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
+google.golang.org/grpc v1.23.0/go.mod h1:Y5yQAOtifL1yxbo5wqy6BxZv8vAUGQwXBOALyacEbxg=
+google.golang.org/grpc v1.26.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
+google.golang.org/grpc v1.27.0/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
+google.golang.org/grpc v1.27.1 h1:zvIju4sqAGvwKspUQOhwnpcqSbzi7/H6QomNNjTL4sk=
+google.golang.org/grpc v1.27.1/go.mod h1:qbnxyOmOxrQa7FizSgH+ReBfzJrCY1pSN7KXBS8abTk=
 gopkg.in/DataDog/dd-trace-go.v1 v1.19.0 h1:aFSFd6oDMdvPYiToGqTv7/ERA6QrPhGaXSuueRCaM88=
 gopkg.in/DataDog/dd-trace-go.v1 v1.19.0/go.mod h1:DVp8HmDh8PuTu2Z0fVVlBsyWaC++fzwVCaGWylTe3tg=
 gopkg.in/alecthomas/kingpin.v2 v2.2.6/go.mod h1:FMv+mEhP44yOT+4EoQTLFTRgOQ1FBLkstjWtayDeSgw=
@@ -959,8 +1059,8 @@ gopkg.in/h2non/gock.v1 v1.0.15/go.mod h1:sX4zAkdYX1TRGJ2JY156cFspQn4yRWn6p9EMdOD
 gopkg.in/inf.v0 v0.9.1 h1:73M5CoZyi3ZLMOyDlQh031Cx6N9NDJ2Vvfl76EDAgDc=
 gopkg.in/inf.v0 v0.9.1/go.mod h1:cWUDdTG/fYaXco+Dcufb5Vnc6Gp2YChqWtbxRZE0mXw=
 gopkg.in/ini.v1 v1.42.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
-gopkg.in/ini.v1 v1.44.0 h1:YRJzTUp0kSYWUVFF5XAbDFfyiqwsl0Vb9R8TVP5eRi0=
-gopkg.in/ini.v1 v1.44.0/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
+gopkg.in/ini.v1 v1.51.1 h1:GyboHr4UqMiLUybYjd22ZjQIKEJEpgtLXtuGbR21Oho=
+gopkg.in/ini.v1 v1.51.1/go.mod h1:pNLf8WUiyNEtQjuu5G5vTm06TEv9tsIgeAvK8hOrP4k=
 gopkg.in/jcmturner/aescts.v1 v1.0.1 h1:cVVZBK2b1zY26haWB4vbBiZrfFQnfbTVrE3xZq6hrEw=
 gopkg.in/jcmturner/aescts.v1 v1.0.1/go.mod h1:nsR8qBOg+OucoIW+WMhB3GspUQXq9XorLnQb9XtvcOo=
 gopkg.in/jcmturner/dnsutils.v1 v1.0.1 h1:cIuC1OLRGZrld+16ZJvvZxVJeKPsvd5eUIvxfoN5hSM=
@@ -996,6 +1096,7 @@ honnef.co/go/tools v0.0.0-20190106161140-3f1c8253044a/go.mod h1:rf3lG4BRIbNafJWh
 honnef.co/go/tools v0.0.0-20190418001031-e561f6794a2a/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.0-20190523083050-ea95bdfd59fc/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=
 honnef.co/go/tools v0.0.1-2019.2.3/go.mod h1:a3bituU0lyd329TUQxRnasdCoJDkEUEAqEt0JzvZhAg=
+honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k=
 howett.net/plist v0.0.0-20181124034731-591f970eefbb h1:jhnBjNi9UFpfpl8YZhA9CrOqpnJdvzuiHsl/dnxl11M=
 howett.net/plist v0.0.0-20181124034731-591f970eefbb/go.mod h1:vMygbs4qMhSZSc4lCUl2OEE+rDiIIJAIdR4m7MiMcm0=
 k8s.io/api v0.17.3 h1:XAm3PZp3wnEdzekNkcmj/9Y1zdmQYJ1I4GKSBBZ8aG0=
@@ -1026,6 +1127,8 @@ modernc.org/xc v1.0.0/go.mod h1:mRNCo0bvLjGhHO9WsyuKVU4q0ceiDDDoEeWDJHrNx8I=
 mvdan.cc/xurls/v2 v2.1.0 h1:KaMb5GLhlcSX+e+qhbRJODnUUBvlw01jt4yrjFIHAuA=
 mvdan.cc/xurls/v2 v2.1.0/go.mod h1:5GrSd9rOnKOpZaji1OZLYL/yeAAtGDlo/cFe+8K5n8E=
 rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8=
+rsc.io/quote/v3 v3.1.0/go.mod h1:yEA65RcK8LyAZtP9Kv3t0HmxON59tX3rD+tICJqUlj0=
+rsc.io/sampler v1.3.0/go.mod h1:T1hPZKmBbMNahiBKFy5HrXp6adAjACjK9JXDnKaTXpA=
 sigs.k8s.io/structured-merge-diff v0.0.0-20190525122527-15d366b2352e/go.mod h1:wWxsB5ozmmv/SG7nM11ayaAW51xMvak/t1r0CSlcokI=
 sigs.k8s.io/yaml v1.1.0 h1:4A07+ZFc2wgJwo8YNlQpr1rVlgUDlxXHhPJciaPY5gs=
 sigs.k8s.io/yaml v1.1.0/go.mod h1:UJmg0vDUVViEyp3mgSv9WPwZCDxu4rQW1olrI1uml+o=
--- a/integration/testdata/rawdata-ingress.json
+++ b/integration/testdata/rawdata-ingress.json
@@ -30,28 +30,23 @@
 		},
 		"test-ingress-default-whoami-test-whoami@kubernetes": {
 			"entryPoints": [
-				"traefik",
 				"web"
 			],
 			"service": "default-whoami-http",
 			"rule": "Host(`whoami.test`) \u0026\u0026 PathPrefix(`/whoami`)",
 			"status": "enabled",
 			"using": [
-				"traefik",
 				"web"
 			]
 		},
 		"test-ingress-https-default-whoami-test-https-whoami@kubernetes": {
 			"entryPoints": [
-				"traefik",
 				"web"
 			],
 			"service": "default-whoami-http",
 			"rule": "Host(`whoami.test.https`) \u0026\u0026 PathPrefix(`/whoami`)",
-			"tls": {},
 			"status": "enabled",
 			"using": [
-				"traefik",
 				"web"
 			]
 		}
--- a/integration/udp_test.go
+++ b/integration/udp_test.go
@@ -101,7 +101,7 @@ func (s *UDPSuite) TestWRR(c *check.C) {

 	select {
 	case <-stop:
-	case <-time.Tick(time.Second * 5):
+	case <-time.Tick(5 * time.Second):
 		c.Error("Timeout")
 	}
 }
--- a/pkg/config/static/entrypoints.go
+++ b/pkg/config/static/entrypoints.go
@@ -60,13 +60,17 @@ type Redirections struct {

 // RedirectEntryPoint is the definition of an entry point redirection.
 type RedirectEntryPoint struct {
-	To     string `description:"Targeted entry point of the redirection." json:"to,omitempty" toml:"to,omitempty" yaml:"to,omitempty"`
-	Scheme string `description:"Scheme used for the redirection. Defaults to https." json:"https,omitempty" toml:"https,omitempty" yaml:"https,omitempty"`
+	To        string `description:"Targeted entry point of the redirection." json:"to,omitempty" toml:"to,omitempty" yaml:"to,omitempty"`
+	Scheme    string `description:"Scheme used for the redirection. Defaults to https." json:"https,omitempty" toml:"https,omitempty" yaml:"https,omitempty"`
+	Permanent bool   `description:"Applied a permanent redirection. Defaults to true." json:"permanent,omitempty" toml:"permanent,omitempty" yaml:"permanent,omitempty"`
+	Priority  int    `description:"Priority of the generated router. Defaults to 1." json:"priority,omitempty" toml:"priority,omitempty" yaml:"priority,omitempty"`
 }

 // SetDefaults sets the default values.
 func (r *RedirectEntryPoint) SetDefaults() {
 	r.Scheme = "https"
+	r.Permanent = true
+	r.Priority = 1
 }

 // TLSConfig is the default TLS configuration for all the routers associated to the concerned entry point.
--- a/pkg/config/static/static_config.go
+++ b/pkg/config/static/static_config.go
@@ -180,14 +180,14 @@ type Providers struct {
 // SetEffectiveConfiguration adds missing configuration parameters derived from existing ones.
 // It also takes care of maintaining backwards compatibility.
 func (c *Configuration) SetEffectiveConfiguration() {
+	// Creates the default entry point if needed
 	if len(c.EntryPoints) == 0 {
 		ep := &EntryPoint{Address: ":80"}
 		ep.SetDefaults()
-		c.EntryPoints = EntryPoints{
-			"http": ep,
-		}
+		c.EntryPoints = EntryPoints{"http": ep}
 	}

+	// Creates the internal traefik entry point if needed
 	if (c.API != nil && c.API.Insecure) ||
 		(c.Ping != nil && !c.Ping.ManualRouting && c.Ping.EntryPoint == DefaultInternalEntryPointName) ||
 		(c.Metrics != nil && c.Metrics.Prometheus != nil && !c.Metrics.Prometheus.ManualRouting && c.Metrics.Prometheus.EntryPoint == DefaultInternalEntryPointName) ||
--- a/pkg/metrics/metrics.go
+++ b/pkg/metrics/metrics.go
@@ -213,36 +213,29 @@ func (r *standardRegistry) ServiceServerUpGauge() metrics.Gauge {
 // used when producing observations without explicitly setting the observed value.
 type ScalableHistogram interface {
 	With(labelValues ...string) ScalableHistogram
-	StartAt(t time.Time)
 	Observe(v float64)
-	ObserveDuration()
+	ObserveFromStart(start time.Time)
 }

 // HistogramWithScale is a histogram that will convert its observed value to the specified unit.
 type HistogramWithScale struct {
 	histogram metrics.Histogram
 	unit      time.Duration
-	start     time.Time
 }

 // With implements ScalableHistogram.
 func (s *HistogramWithScale) With(labelValues ...string) ScalableHistogram {
-	s.histogram = s.histogram.With(labelValues...)
-	return s
+	h, _ := NewHistogramWithScale(s.histogram.With(labelValues...), s.unit)
+	return h
 }

-// StartAt implements ScalableHistogram.
-func (s *HistogramWithScale) StartAt(t time.Time) {
-	s.start = t
-}
-
-// ObserveDuration implements ScalableHistogram.
-func (s *HistogramWithScale) ObserveDuration() {
+// ObserveFromStart implements ScalableHistogram.
+func (s *HistogramWithScale) ObserveFromStart(start time.Time) {
 	if s.unit <= 0 {
 		return
 	}

-	d := float64(time.Since(s.start).Nanoseconds()) / float64(s.unit)
+	d := float64(time.Since(start).Nanoseconds()) / float64(s.unit)
 	if d < 0 {
 		d = 0
 	}
@@ -273,17 +266,10 @@ func NewMultiHistogram(h ...ScalableHistogram) MultiHistogram {
 	return MultiHistogram(h)
 }

-// StartAt implements ScalableHistogram.
-func (h MultiHistogram) StartAt(t time.Time) {
+// ObserveFromStart implements ScalableHistogram.
+func (h MultiHistogram) ObserveFromStart(start time.Time) {
 	for _, histogram := range h {
-		histogram.StartAt(t)
-	}
-}
-
-// ObserveDuration implements ScalableHistogram.
-func (h MultiHistogram) ObserveDuration() {
-	for _, histogram := range h {
-		histogram.ObserveDuration()
+		histogram.ObserveFromStart(start)
 	}
 }

--- a/pkg/metrics/metrics_test.go
+++ b/pkg/metrics/metrics_test.go
@@ -19,9 +19,9 @@ func TestScalableHistogram(t *testing.T) {

 	ticker := time.NewTicker(500 * time.Millisecond)
 	<-ticker.C
-	sh.StartAt(time.Now())
+	start := time.Now()
 	<-ticker.C
-	sh.ObserveDuration()
+	sh.ObserveFromStart(start)

 	var b bytes.Buffer
 	h.Print(&b)
@@ -99,9 +99,7 @@ func (c *histogramMock) With(labelValues ...string) ScalableHistogram {

 func (c *histogramMock) Start() {}

-func (c *histogramMock) StartAt(t time.Time) {}
-
-func (c *histogramMock) ObserveDuration() {}
+func (c *histogramMock) ObserveFromStart(t time.Time) {}

 func (c *histogramMock) Observe(v float64) {
 	c.lastHistogramValue = v
--- a/pkg/middlewares/accesslog/logger_formatters.go
+++ b/pkg/middlewares/accesslog/logger_formatters.go
@@ -45,8 +45,8 @@ func (f *CommonLogFormatter) Format(entry *logrus.Entry) ([]byte, error) {
 		toLog(entry.Data, "request_Referer", `"-"`, true),
 		toLog(entry.Data, "request_User-Agent", `"-"`, true),
 		toLog(entry.Data, RequestCount, defaultValue, true),
-		toLog(entry.Data, RouterName, defaultValue, true),
-		toLog(entry.Data, ServiceURL, defaultValue, true),
+		toLog(entry.Data, RouterName, `"-"`, true),
+		toLog(entry.Data, ServiceURL, `"-"`, true),
 		elapsedMillis)

 	return b.Bytes(), err
--- a/pkg/middlewares/accesslog/logger_formatters_test.go
+++ b/pkg/middlewares/accesslog/logger_formatters_test.go
@@ -36,7 +36,7 @@ func TestCommonLogFormatter_Format(t *testing.T) {
 				RouterName:             "",
 				ServiceURL:             "",
 			},
-			expectedLog: `10.0.0.1 - Client [10/Nov/2009:23:00:00 +0000] "GET /foo http" - - "-" "-" 0 - - 123000ms
+			expectedLog: `10.0.0.1 - Client [10/Nov/2009:23:00:00 +0000] "GET /foo http" - - "-" "-" 0 "-" "-" 123000ms
 `,
 		},
 		{
--- a/pkg/middlewares/accesslog/logger_test.go
+++ b/pkg/middlewares/accesslog/logger_test.go
@@ -497,7 +497,7 @@ func TestNewLogHandlerOutputStdout(t *testing.T) {
 					DefaultMode: "drop",
 				},
 			},
-			expectedLog: `- - - [-] "- - -" - - "testReferer" "testUserAgent" - - - 0ms`,
+			expectedLog: `- - - [-] "- - -" - - "testReferer" "testUserAgent" - "-" "-" 0ms`,
 		},
 		{
 			desc: "Default mode drop with override",
@@ -512,7 +512,7 @@ func TestNewLogHandlerOutputStdout(t *testing.T) {
 					},
 				},
 			},
-			expectedLog: `- - TestUser [-] "- - -" - - "testReferer" "testUserAgent" - - - 0ms`,
+			expectedLog: `- - TestUser [-] "- - -" - - "testReferer" "testUserAgent" - "-" "-" 0ms`,
 		},
 		{
 			desc: "Default mode drop with header dropped",
@@ -530,7 +530,7 @@ func TestNewLogHandlerOutputStdout(t *testing.T) {
 					},
 				},
 			},
-			expectedLog: `- - TestUser [-] "- - -" - - "-" "-" - - - 0ms`,
+			expectedLog: `- - TestUser [-] "- - -" - - "-" "-" - "-" "-" 0ms`,
 		},
 		{
 			desc: "Default mode drop with header redacted",
@@ -548,7 +548,7 @@ func TestNewLogHandlerOutputStdout(t *testing.T) {
 					},
 				},
 			},
-			expectedLog: `- - TestUser [-] "- - -" - - "REDACTED" "REDACTED" - - - 0ms`,
+			expectedLog: `- - TestUser [-] "- - -" - - "REDACTED" "REDACTED" - "-" "-" 0ms`,
 		},
 		{
 			desc: "Default mode drop with header redacted",
@@ -569,7 +569,7 @@ func TestNewLogHandlerOutputStdout(t *testing.T) {
 					},
 				},
 			},
-			expectedLog: `- - TestUser [-] "- - -" - - "REDACTED" "testUserAgent" - - - 0ms`,
+			expectedLog: `- - TestUser [-] "- - -" - - "REDACTED" "testUserAgent" - "-" "-" 0ms`,
 		},
 	}

--- a/pkg/middlewares/headers/headers.go
+++ b/pkg/middlewares/headers/headers.go
@@ -165,9 +165,14 @@ func (s *Header) ServeHTTP(rw http.ResponseWriter, req *http.Request) {
 func (s *Header) modifyCustomRequestHeaders(req *http.Request) {
 	// Loop through Custom request headers
 	for header, value := range s.headers.CustomRequestHeaders {
-		if value == "" {
+		switch {
+		case value == "":
 			req.Header.Del(header)
-		} else {
+
+		case strings.EqualFold(header, "Host"):
+			req.Host = value
+
+		default:
 			req.Header.Set(header, value)
 		}
 	}
--- a/pkg/middlewares/headers/headers_test.go
+++ b/pkg/middlewares/headers/headers_test.go
@@ -33,6 +33,50 @@ func TestCustomRequestHeader(t *testing.T) {
 	assert.Equal(t, "test_request", req.Header.Get("X-Custom-Request-Header"))
 }

+func TestCustomRequestHeader_Host(t *testing.T) {
+	emptyHandler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {})
+
+	testCases := []struct {
+		desc            string
+		customHeaders   map[string]string
+		expectedHost    string
+		expectedURLHost string
+	}{
+		{
+			desc:            "standard Host header",
+			customHeaders:   map[string]string{},
+			expectedHost:    "example.org",
+			expectedURLHost: "example.org",
+		},
+		{
+			desc: "custom Host header",
+			customHeaders: map[string]string{
+				"Host": "example.com",
+			},
+			expectedHost:    "example.com",
+			expectedURLHost: "example.org",
+		},
+	}
+
+	for _, test := range testCases {
+		t.Run(test.desc, func(t *testing.T) {
+			header := NewHeader(emptyHandler, dynamic.Headers{
+				CustomRequestHeaders: test.customHeaders,
+			})
+
+			res := httptest.NewRecorder()
+			req, err := http.NewRequest(http.MethodGet, "http://example.org/foo", nil)
+			require.NoError(t, err)
+
+			header.ServeHTTP(res, req)
+
+			assert.Equal(t, http.StatusOK, res.Code)
+			assert.Equal(t, test.expectedHost, req.Host)
+			assert.Equal(t, test.expectedURLHost, req.URL.Host)
+		})
+	}
+}
+
 func TestCustomRequestHeaderEmptyValue(t *testing.T) {
 	emptyHandler := http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {})

--- a/pkg/middlewares/metrics/metrics.go
+++ b/pkg/middlewares/metrics/metrics.go
@@ -103,11 +103,9 @@ func (m *metricsMiddleware) ServeHTTP(rw http.ResponseWriter, req *http.Request)
 	labels = append(labels, "code", strconv.Itoa(recorder.getCode()))

 	histograms := m.reqDurationHistogram.With(labels...)
-	histograms.StartAt(start)
+	histograms.ObserveFromStart(start)

 	m.reqsCounter.With(labels...).Add(1)
-
-	histograms.ObserveDuration()
 }

 func getRequestProtocol(req *http.Request) string {
--- a/pkg/provider/kubernetes/crd/traefik/v1alpha1/ingressroute.go
+++ b/pkg/provider/kubernetes/crd/traefik/v1alpha1/ingressroute.go
@@ -1,9 +1,6 @@
 package v1alpha1

 import (
-	"errors"
-	"fmt"
-
 	"github.com/containous/traefik/v2/pkg/config/dynamic"
 	"github.com/containous/traefik/v2/pkg/types"
 	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
@@ -82,30 +79,6 @@ type LoadBalancerSpec struct {
 	Weight *int `json:"weight,omitempty"`
 }

-// IsServersLB reports whether lb is a load-balancer of servers
-// (as opposed to a traefik load-balancer of services).
-func (lb LoadBalancerSpec) IsServersLB() (bool, error) {
-	if lb.Name == "" {
-		return false, errors.New("missing Name field in service")
-	}
-	if lb.Kind == "" || lb.Kind == "Service" {
-		return true, nil
-	}
-	if lb.Kind != "TraefikService" {
-		return false, fmt.Errorf("invalid kind value: %v", lb.Kind)
-	}
-	if lb.Port != 0 ||
-		lb.Scheme != "" ||
-		lb.HealthCheck != nil ||
-		lb.Strategy != "" ||
-		lb.PassHostHeader != nil ||
-		lb.ResponseForwarding != nil ||
-		lb.Sticky != nil {
-		return false, fmt.Errorf("service of kind %v is incompatible with Kubernetes Service related fields", lb.Kind)
-	}
-	return false, nil
-}
-
 // Service defines an upstream to proxy traffic.
 type Service struct {
 	LoadBalancerSpec
--- a/pkg/provider/kubernetes/ingress/fixtures/TLS-support_ingress.yml
+++ b/pkg/provider/kubernetes/ingress/fixtures/TLS-support_ingress.yml
@@ -3,6 +3,8 @@ apiVersion: networking.k8s.io/v1beta1
 metadata:
  name: ""
  namespace: testing
+  annotations:
+    traefik.ingress.kubernetes.io/router.tls: "true"

 spec:
  tls:
--- a/pkg/provider/kubernetes/ingress/kubernetes.go
+++ b/pkg/provider/kubernetes/ingress/kubernetes.go
@@ -265,10 +265,10 @@ func (p *Provider) loadConfigurationFromIngresses(ctx context.Context, client Cl

 				serviceName := provider.Normalize(ingress.Namespace + "-" + pa.Backend.ServiceName + "-" + pa.Backend.ServicePort.String())
 				conf.HTTP.Services[serviceName] = service
-				conf.HTTP.Services[serviceName] = service

 				routerKey := strings.TrimPrefix(provider.Normalize(ingress.Name+"-"+ingress.Namespace+"-"+rule.Host+pa.Path), "-")
-				conf.HTTP.Routers[routerKey] = loadRouter(ingress, rule, pa, rtConfig, serviceName)
+
+				conf.HTTP.Routers[routerKey] = loadRouter(rule, pa, rtConfig, serviceName)
 			}
 		}
 	}
@@ -526,7 +526,7 @@ func getProtocol(portSpec corev1.ServicePort, portName string, svcConfig *Servic
 	return protocol
 }

-func loadRouter(ingress *v1beta1.Ingress, rule v1beta1.IngressRule, pa v1beta1.HTTPIngressPath, rtConfig *RouterConfig, serviceName string) *dynamic.Router {
+func loadRouter(rule v1beta1.IngressRule, pa v1beta1.HTTPIngressPath, rtConfig *RouterConfig, serviceName string) *dynamic.Router {
 	var rules []string
 	if len(rule.Host) > 0 {
 		rules = []string{buildHostRule(rule.Host)}
@@ -546,11 +546,6 @@ func loadRouter(ingress *v1beta1.Ingress, rule v1beta1.IngressRule, pa v1beta1.H
 		Service: serviceName,
 	}

-	if len(ingress.Spec.TLS) > 0 {
-		// TLS enabled for this ingress, add TLS router
-		rt.TLS = &dynamic.RouterTLSConfig{}
-	}
-
 	if rtConfig != nil && rtConfig.Router != nil {
 		rt.Priority = rtConfig.Router.Priority
 		rt.EntryPoints = rtConfig.Router.EntryPoints
--- a/pkg/provider/traefik/fixtures/redirection_port.json
+++ b/pkg/provider/traefik/fixtures/redirection_port.json
@@ -0,0 +1,30 @@
+{
+  "http": {
+    "routers": {
+      "web-to-443": {
+        "entryPoints": [
+          "web"
+        ],
+        "middlewares": [
+          "redirect-web-to-443"
+        ],
+        "service": "noop@internal",
+        "rule": "HostRegexp(`{host:.+}`)"
+      }
+    },
+    "middlewares": {
+      "redirect-web-to-443": {
+        "redirectScheme": {
+          "scheme": "https",
+          "port": "443",
+          "permanent": true
+        }
+      }
+    },
+    "services": {
+      "noop": {}
+    }
+  },
+  "tcp": {},
+  "tls": {}
+}
--- a/pkg/provider/traefik/internal.go
+++ b/pkg/provider/traefik/internal.go
@@ -5,6 +5,7 @@ import (
 	"fmt"
 	"math"
 	"net"
+	"regexp"

 	"github.com/containous/traefik/v2/pkg/config/dynamic"
 	"github.com/containous/traefik/v2/pkg/config/static"
@@ -14,6 +15,8 @@ import (
 	"github.com/containous/traefik/v2/pkg/tls"
 )

+const defaultInternalEntryPointName = "traefik"
+
 var _ provider.Provider = (*Provider)(nil)

 // Provider is a provider.Provider implementation that provides the internal routers.
@@ -28,9 +31,11 @@ func New(staticCfg static.Configuration) *Provider {

 // Provide allows the provider to provide configurations to traefik using the given configuration channel.
 func (i *Provider) Provide(configurationChan chan<- dynamic.Message, _ *safe.Pool) error {
+	ctx := log.With(context.Background(), log.Str(log.ProviderName, "internal"))
+
 	configurationChan <- dynamic.Message{
 		ProviderName:  "internal",
-		Configuration: i.createConfiguration(),
+		Configuration: i.createConfiguration(ctx),
 	}

 	return nil
@@ -41,7 +46,7 @@ func (i *Provider) Init() error {
 	return nil
 }

-func (i *Provider) createConfiguration() *dynamic.Configuration {
+func (i *Provider) createConfiguration(ctx context.Context) *dynamic.Configuration {
 	cfg := &dynamic.Configuration{
 		HTTP: &dynamic.HTTPConfiguration{
 			Routers:     make(map[string]*dynamic.Router),
@@ -64,20 +69,33 @@ func (i *Provider) createConfiguration() *dynamic.Configuration {
 	i.restConfiguration(cfg)
 	i.prometheusConfiguration(cfg)
 	i.entryPointModels(cfg)
-	i.redirection(cfg)
+	i.redirection(ctx, cfg)

 	cfg.HTTP.Services["noop"] = &dynamic.Service{}

 	return cfg
 }

-func (i *Provider) redirection(cfg *dynamic.Configuration) {
+func (i *Provider) redirection(ctx context.Context, cfg *dynamic.Configuration) {
 	for name, ep := range i.staticCfg.EntryPoints {
-		if ep.HTTP.Redirections == nil || ep.HTTP.Redirections.EntryPoint == nil {
+		if ep.HTTP.Redirections == nil {
 			continue
 		}

+		logger := log.FromContext(log.With(ctx, log.Str(log.EntryPointName, name)))
+
 		def := ep.HTTP.Redirections
+		if def.EntryPoint == nil || def.EntryPoint.To == "" {
+			logger.Error("Unable to create redirection: the entry point or the port is missing")
+			continue
+		}
+
+		port, err := i.getRedirectPort(name, def)
+		if err != nil {
+			logger.Error(err)
+			continue
+		}
+
 		rtName := provider.Normalize(name + "-to-" + def.EntryPoint.To)
 		mdName := "redirect-" + rtName

@@ -86,12 +104,7 @@ func (i *Provider) redirection(cfg *dynamic.Configuration) {
 			EntryPoints: []string{name},
 			Middlewares: []string{mdName},
 			Service:     "noop@internal",
-		}
-
-		port, err := i.getEntryPointPort(name, def)
-		if err != nil {
-			log.FromContext(context.Background()).WithField(log.EntryPointName, name).Error(err)
-			continue
+			Priority:    def.EntryPoint.Priority,
 		}

 		cfg.HTTP.Routers[rtName] = rt
@@ -100,7 +113,7 @@ func (i *Provider) redirection(cfg *dynamic.Configuration) {
 			RedirectScheme: &dynamic.RedirectScheme{
 				Scheme:    def.EntryPoint.Scheme,
 				Port:      port,
-				Permanent: true,
+				Permanent: def.EntryPoint.Permanent,
 			},
 		}

@@ -108,6 +121,36 @@ func (i *Provider) redirection(cfg *dynamic.Configuration) {
 	}
 }

+func (i *Provider) getRedirectPort(name string, def *static.Redirections) (string, error) {
+	exp := regexp.MustCompile(`^:(\d+)$`)
+
+	if exp.MatchString(def.EntryPoint.To) {
+		_, port, err := net.SplitHostPort(def.EntryPoint.To)
+		if err != nil {
+			return "", fmt.Errorf("invalid port value: %w", err)
+		}
+
+		return port, nil
+	}
+
+	return i.getEntryPointPort(name, def)
+}
+
+func (i *Provider) getEntryPointPort(name string, def *static.Redirections) (string, error) {
+	dst, ok := i.staticCfg.EntryPoints[def.EntryPoint.To]
+	if !ok {
+		return "", fmt.Errorf("'to' entry point field references a non-existing entry point: %s", def.EntryPoint.To)
+	}
+
+	_, port, err := net.SplitHostPort(dst.Address)
+	if err != nil {
+		return "", fmt.Errorf("invalid entry point %q address %q: %v",
+			name, i.staticCfg.EntryPoints[def.EntryPoint.To].Address, err)
+	}
+
+	return port, nil
+}
+
 func (i *Provider) entryPointModels(cfg *dynamic.Configuration) {
 	for name, ep := range i.staticCfg.EntryPoints {
 		if len(ep.HTTP.Middlewares) == 0 && ep.HTTP.TLS == nil {
@@ -137,7 +180,7 @@ func (i *Provider) apiConfiguration(cfg *dynamic.Configuration) {

 	if i.staticCfg.API.Insecure {
 		cfg.HTTP.Routers["api"] = &dynamic.Router{
-			EntryPoints: []string{"traefik"},
+			EntryPoints: []string{defaultInternalEntryPointName},
 			Service:     "api@internal",
 			Priority:    math.MaxInt32 - 1,
 			Rule:        "PathPrefix(`/api`)",
@@ -145,7 +188,7 @@ func (i *Provider) apiConfiguration(cfg *dynamic.Configuration) {

 		if i.staticCfg.API.Dashboard {
 			cfg.HTTP.Routers["dashboard"] = &dynamic.Router{
-				EntryPoints: []string{"traefik"},
+				EntryPoints: []string{defaultInternalEntryPointName},
 				Service:     "dashboard@internal",
 				Priority:    math.MaxInt32 - 2,
 				Rule:        "PathPrefix(`/`)",
@@ -166,7 +209,7 @@ func (i *Provider) apiConfiguration(cfg *dynamic.Configuration) {

 		if i.staticCfg.API.Debug {
 			cfg.HTTP.Routers["debug"] = &dynamic.Router{
-				EntryPoints: []string{"traefik"},
+				EntryPoints: []string{defaultInternalEntryPointName},
 				Service:     "api@internal",
 				Priority:    math.MaxInt32 - 1,
 				Rule:        "PathPrefix(`/debug`)",
@@ -205,7 +248,7 @@ func (i *Provider) restConfiguration(cfg *dynamic.Configuration) {

 	if i.staticCfg.Providers.Rest.Insecure {
 		cfg.HTTP.Routers["rest"] = &dynamic.Router{
-			EntryPoints: []string{"traefik"},
+			EntryPoints: []string{defaultInternalEntryPointName},
 			Service:     "rest@internal",
 			Priority:    math.MaxInt32,
 			Rule:        "PathPrefix(`/api/providers`)",
@@ -231,18 +274,3 @@ func (i *Provider) prometheusConfiguration(cfg *dynamic.Configuration) {

 	cfg.HTTP.Services["prometheus"] = &dynamic.Service{}
 }
-
-func (i *Provider) getEntryPointPort(name string, def *static.Redirections) (string, error) {
-	dst, ok := i.staticCfg.EntryPoints[def.EntryPoint.To]
-	if !ok {
-		return "", fmt.Errorf("'to' entry point field references a non-existing entry point: %s", name)
-	}
-
-	_, port, err := net.SplitHostPort(dst.Address)
-	if err != nil {
-		return "", fmt.Errorf("invalid entry point %q address %q: %v",
-			name, i.staticCfg.EntryPoints[def.EntryPoint.To].Address, err)
-	}
-
-	return port, nil
-}
--- a/pkg/provider/traefik/internal_test.go
+++ b/pkg/provider/traefik/internal_test.go
@@ -1,6 +1,7 @@
 package traefik

 import (
+	"context"
 	"encoding/json"
 	"flag"
 	"io/ioutil"
@@ -196,8 +197,30 @@ func Test_createConfiguration(t *testing.T) {
 						HTTP: static.HTTPConfig{
 							Redirections: &static.Redirections{
 								EntryPoint: &static.RedirectEntryPoint{
-									To:     "websecure",
-									Scheme: "https",
+									To:        "websecure",
+									Scheme:    "https",
+									Permanent: true,
+								},
+							},
+						},
+					},
+					"websecure": {
+						Address: ":443",
+					},
+				},
+			},
+		}, {
+			desc: "redirection_port.json",
+			staticCfg: static.Configuration{
+				EntryPoints: map[string]*static.EntryPoint{
+					"web": {
+						Address: ":80",
+						HTTP: static.HTTPConfig{
+							Redirections: &static.Redirections{
+								EntryPoint: &static.RedirectEntryPoint{
+									To:        ":443",
+									Scheme:    "https",
+									Permanent: true,
 								},
 							},
 						},
@@ -217,7 +240,7 @@ func Test_createConfiguration(t *testing.T) {

 			provider := Provider{staticCfg: test.staticCfg}

-			cfg := provider.createConfiguration()
+			cfg := provider.createConfiguration(context.Background())

 			filename := filepath.Join("fixtures", test.desc)

--- a/pkg/server/server_entrypoint_tcp_test.go
+++ b/pkg/server/server_entrypoint_tcp_test.go
@@ -84,7 +84,7 @@ func testShutdown(t *testing.T, router *tcp.Router) {
 	request, err := http.NewRequest(http.MethodHead, "http://127.0.0.1:8082", nil)
 	require.NoError(t, err)

-	time.Sleep(time.Millisecond * 100)
+	time.Sleep(100 * time.Millisecond)

 	// We need to do a write on the conn before the shutdown to make it "exist".
 	// Because the connection indeed exists as far as TCP is concerned,
@@ -104,7 +104,7 @@ func testShutdown(t *testing.T, router *tcp.Router) {
 		loopConn, err := net.Dial("tcp", epAddr)
 		if err == nil {
 			loopConn.Close()
-			time.Sleep(time.Millisecond * 100)
+			time.Sleep(100 * time.Millisecond)
 			continue
 		}
 		if !strings.HasSuffix(err.Error(), "connection refused") && !strings.HasSuffix(err.Error(), "reset by peer") {
@@ -135,7 +135,7 @@ func startEntrypoint(entryPoint *TCPEntryPoint, router *tcp.Router) (net.Conn, e
 	for i := 0; i < 10; i++ {
 		conn, err = net.Dial("tcp", entryPoint.listener.Addr().String())
 		if err != nil {
-			time.Sleep(time.Millisecond * 100)
+			time.Sleep(100 * time.Millisecond)
 			continue
 		}
 		epStarted = true
@@ -150,7 +150,7 @@ func startEntrypoint(entryPoint *TCPEntryPoint, router *tcp.Router) (net.Conn, e
 func TestReadTimeoutWithoutFirstByte(t *testing.T) {
 	epConfig := &static.EntryPointsTransport{}
 	epConfig.SetDefaults()
-	epConfig.RespondingTimeouts.ReadTimeout = types.Duration(time.Second * 2)
+	epConfig.RespondingTimeouts.ReadTimeout = types.Duration(2 * time.Second)

 	entryPoint, err := NewTCPEntryPoint(context.Background(), &static.EntryPoint{
 		Address:          ":0",
@@ -178,7 +178,7 @@ func TestReadTimeoutWithoutFirstByte(t *testing.T) {
 	select {
 	case err := <-errChan:
 		require.Equal(t, io.EOF, err)
-	case <-time.Tick(time.Second * 5):
+	case <-time.Tick(5 * time.Second):
 		t.Error("Timeout while read")
 	}
 }
@@ -186,7 +186,7 @@ func TestReadTimeoutWithoutFirstByte(t *testing.T) {
 func TestReadTimeoutWithFirstByte(t *testing.T) {
 	epConfig := &static.EntryPointsTransport{}
 	epConfig.SetDefaults()
-	epConfig.RespondingTimeouts.ReadTimeout = types.Duration(time.Second * 2)
+	epConfig.RespondingTimeouts.ReadTimeout = types.Duration(2 * time.Second)

 	entryPoint, err := NewTCPEntryPoint(context.Background(), &static.EntryPoint{
 		Address:          ":0",
@@ -217,7 +217,7 @@ func TestReadTimeoutWithFirstByte(t *testing.T) {
 	select {
 	case err := <-errChan:
 		require.Equal(t, io.EOF, err)
-	case <-time.Tick(time.Second * 5):
+	case <-time.Tick(5 * time.Second):
 		t.Error("Timeout while read")
 	}
 }
--- a/pkg/server/server_entrypoint_udp_test.go
+++ b/pkg/server/server_entrypoint_udp_test.go
@@ -92,7 +92,7 @@ func TestShutdownUDPConn(t *testing.T) {

 	select {
 	case <-doneChan:
-	case <-time.Tick(time.Second * 5):
+	case <-time.Tick(10 * time.Second):
 		// In case we introduce a regression that would make the test wait forever.
 		t.Fatal("Timeout during shutdown")
 	}
--- a/pkg/udp/conn.go
+++ b/pkg/udp/conn.go
@@ -14,7 +14,9 @@ const closeRetryInterval = 500 * time.Millisecond

 // connTimeout determines how long to wait on an idle session,
 // before releasing all resources related to that session.
-const connTimeout = time.Second * 3
+const connTimeout = 3 * time.Second
+
+var timeoutTicker = connTimeout / 10

 var errClosedListener = errors.New("udp: listener closed")

@@ -175,7 +177,7 @@ func (l *Listener) newConn(rAddr net.Addr) *Conn {
 		readCh:    make(chan []byte),
 		sizeCh:    make(chan int),
 		doneCh:    make(chan struct{}),
-		timer:     time.NewTimer(connTimeout),
+		ticker:    time.NewTicker(timeoutTicker),
 	}
 }

@@ -189,7 +191,10 @@ type Conn struct {
 	sizeCh    chan int    // to synchronize with the end of a Read
 	msgs      [][]byte    // to store data from listener, to be consumed by Reads

-	timer    *time.Timer // for timeouts
+	muActivity   sync.RWMutex
+	lastActivity time.Time // the last time the session saw either read or write activity
+
+	ticker   *time.Ticker // for timeouts
 	doneOnce sync.Once
 	doneCh   chan struct{}
 }
@@ -204,9 +209,15 @@ func (c *Conn) readLoop() {
 			select {
 			case msg := <-c.receiveCh:
 				c.msgs = append(c.msgs, msg)
-			case <-c.timer.C:
-				c.Close()
-				return
+			case <-c.ticker.C:
+				c.muActivity.RLock()
+				deadline := c.lastActivity.Add(connTimeout)
+				c.muActivity.RUnlock()
+				if time.Now().After(deadline) {
+					c.Close()
+					return
+				}
+				continue
 			}
 		}

@@ -218,9 +229,14 @@ func (c *Conn) readLoop() {
 			c.sizeCh <- n
 		case msg := <-c.receiveCh:
 			c.msgs = append(c.msgs, msg)
-		case <-c.timer.C:
-			c.Close()
-			return
+		case <-c.ticker.C:
+			c.muActivity.RLock()
+			deadline := c.lastActivity.Add(connTimeout)
+			c.muActivity.RUnlock()
+			if time.Now().After(deadline) {
+				c.Close()
+				return
+			}
 		}
 	}
 }
@@ -230,7 +246,9 @@ func (c *Conn) Read(p []byte) (int, error) {
 	select {
 	case c.readCh <- p:
 		n := <-c.sizeCh
-		c.timer.Reset(connTimeout)
+		c.muActivity.Lock()
+		c.lastActivity = time.Now()
+		c.muActivity.Unlock()
 		return n, nil
 	case <-c.doneCh:
 		return 0, io.EOF
@@ -244,7 +262,9 @@ func (c *Conn) Write(p []byte) (n int, err error) {
 		return 0, io.EOF
 	}

-	c.timer.Reset(connTimeout)
+	c.muActivity.Lock()
+	c.lastActivity = time.Now()
+	c.muActivity.Unlock()
 	return l.pConn.WriteTo(p, c.rAddr)
 }

@@ -261,5 +281,6 @@ func (c *Conn) Close() error {
 	c.listener.mu.Lock()
 	defer c.listener.mu.Unlock()
 	delete(c.listener.conns, c.rAddr.String())
+	c.ticker.Stop()
 	return nil
 }
--- a/pkg/udp/conn_test.go
+++ b/pkg/udp/conn_test.go
@@ -43,7 +43,7 @@ func TestListenNotBlocking(t *testing.T) {
 				require.NoError(t, err)

 				// This should not block second call
-				time.Sleep(time.Second * 10)
+				time.Sleep(10 * time.Second)
 			}()
 		}
 	}()
@@ -148,7 +148,7 @@ func testTimeout(t *testing.T, withRead bool) {

 	assert.Equal(t, 10, len(ln.conns))

-	time.Sleep(3 * time.Second)
+	time.Sleep(4 * time.Second)
 	assert.Equal(t, 0, len(ln.conns))
 }

@@ -239,7 +239,7 @@ func TestShutdown(t *testing.T) {

 	select {
 	case <-doneChan:
-	case <-time.Tick(time.Second * 5):
+	case <-time.Tick(5 * time.Second):
 		// In case we introduce a regression that would make the test wait forever.
 		t.Fatal("Timeout during shutdown")
 	}
Author	SHA1	Message	Date
Ludovic Fernandez	da8451c637	Prepare release v2.2.0-rc4	2020-03-19 18:10:05 +01:00
Fernandez Ludovic	f54b8d8847	Merge branch v2.1 into v2.2	2020-03-19 17:53:34 +01:00
Ludovic Fernandez	f4fb758629	Prepare release v2.1.8	2020-03-19 15:46:04 +01:00
Julien Salleyron	b40fa61783	Fix memory leak in metrics Co-authored-by: Ludovic Fernandez <ldez@users.noreply.github.com>	2020-03-19 13:48:04 +01:00
Maxime Veber	94cd9e5337	Doc: fix wrong name of config format	2020-03-19 00:32:03 +01:00
Ludovic Fernandez	15c9fc4051	Prepare release v2.2.0-rc3	2020-03-18 18:58:04 +01:00
Fernandez Ludovic	2b28607a4e	Merge remote-tracking branch 'upstream/v2.1' into v2.2	2020-03-18 18:16:08 +01:00
Fernandez Ludovic	683d5d5a48	chore: skip openbsd/freebsd arm64	2020-03-18 17:21:20 +01:00
Ludovic Fernandez	4f92ef5fa9	Prepare release v2.1.7	2020-03-18 15:50:05 +01:00
Ludovic Fernandez	44221fba49	Fix entry point redirect behavior	2020-03-18 15:48:04 +01:00
mpl	63d7ed74f1	udp: replace concurrently reset timer with ticker Co-authored-by: Julien Salleyron <julien.salleyron@gmail.com>	2020-03-18 14:50:06 +01:00
Ludovic Fernandez	9012f2d6b1	fix: Ingress TLS support Co-authored-by: Julien Salleyron <julien@containo.us>	2020-03-18 13:30:04 +01:00
Ludovic Fernandez	09224e4b04	fix: custom Host header.	2020-03-18 00:54:04 +01:00
Maxime Veber	668e6fd610	Fix wrong copy/pasted with service name warning	2020-03-18 00:32:04 +01:00
Ludovic Fernandez	62c3025a76	Access log field quotes.	2020-03-17 12:36:04 +01:00
mpl	6e92c20edb	docs: clarify multi-levels stickiness	2020-03-17 12:34:04 +01:00
Ludovic Fernandez	60de577a5f	Update go-acme/lego to v3.5.0	2020-03-16 17:28:05 +01:00
Ludovic Fernandez	af58faafae	Drop traefik from default entry points.	2020-03-16 16:54:04 +01:00
Ludovic Fernandez	5adf74e6ce	doc: Use neutral domains.	2020-03-13 22:50:05 +01:00
Ludovic Fernandez	f4007a342c	Improve ping documentation.	2020-03-13 18:12:04 +01:00
Mathieu Debove	672234aaea	docs: terminology, replace 'encoded' by 'hashed'	2020-03-13 17:30:04 +01:00
Ludovic Fernandez	f19eebd3cc	doc: fix typo.	2020-03-12 09:48:04 +01:00
Darren Shepherd	37fb5298a0	Stop using fork of go-rancher-metadata	2020-03-12 00:00:04 +01:00
Michael	4280af4844	Update traefik install documentation	2020-03-11 18:28:05 +01:00