fix: doc requirements

.dockerignore

@@ -1,5 +1,3 @@
 dist/
 !dist/traefik
 site/
-vendor/
-.idea/

.github/PULL_REQUEST_TEMPLATE.md

@@ -3,11 +3,11 @@ PLEASE READ THIS MESSAGE.
 
 Documentation fixes or enhancements:
 - for Traefik v1: use branch v1.7
-- for Traefik v2: use branch v2.2
+- for Traefik v2: use branch v2.1
 
 Bug fixes:
 - for Traefik v1: use branch v1.7
-- for Traefik v2: use branch v2.2
+- for Traefik v2: use branch v2.1
 
 Enhancements:
 - for Traefik v1: we only accept bug fixes

.gitignore

@@ -16,4 +16,3 @@
 *.exe
 cover.out
 vendor/
-plugins-storage/

.golangci.toml

@@ -49,12 +49,6 @@
     "wsl", # Too strict
     "gomnd", # Too strict
     "stylecheck", # skip because report issues related to some generated files.
-    "testpackage", # Too strict
-    "goerr113", # Too strict
-    "nestif", # Too many false-positive.
-    "noctx", # Too strict
-    "exhaustive", # Too strict
-    "nlreturn", # Too strict
   ]
 
 [issues]
@@ -68,7 +62,7 @@
   ]
  [[issues.exclude-rules]]
     path = "(.+)_test.go"
-    linters = ["goconst", "funlen", "godot"]
+    linters = ["goconst", "funlen"]
  [[issues.exclude-rules]]
     path = "integration/.+_test.go"
     text = "Error return value of `cmd\\.Process\\.Kill` is not checked"
@@ -101,7 +95,7 @@
     text = "string `traefik` has (\\d) occurrences, make it a constant"
  [[issues.exclude-rules]]
     path = "pkg/server/middleware/middlewares.go"
-    text = "Function 'buildConstructor' has too many statements"
+    text = "Function 'buildConstructor' is too long \\(\\d+ > 230\\)"
  [[issues.exclude-rules]] # FIXME must be fixed
     path = "cmd/context.go"
     text = "S1000: should use a simple channel send/receive instead of `select` with a single case"
@@ -111,6 +105,3 @@
  [[issues.exclude-rules]]
     path = "pkg/tracing/tracing.go"
     text = "printf-like formatting function 'SetErrorWithEvent' should be named 'SetErrorWithEventf'"
- [[issues.exclude-rules]]
-    path = "pkg/log/deprecated.go"
-    linters = ["godot"]

.goreleaser.yml

@@ -7,7 +7,7 @@ before:
 builds:
   - binary: traefik
 
-    main: ./cmd/traefik/
+    main: ./cmd/traefik/traefik.go
     env:
       - CGO_ENABLED=0
     ldflags:

.semaphoreci/setup.sh

@@ -18,9 +18,9 @@ echo ${SHOULD_TEST}
 #if [ -n "$SHOULD_TEST" ]; then sudo -E apt-get -yq update; fi
 #if [ -n "$SHOULD_TEST" ]; then sudo -E apt-get -yq --no-install-suggests --no-install-recommends --force-yes install docker-ce=${DOCKER_VERSION}*; fi
 if [ -n "$SHOULD_TEST" ]; then docker version; fi
-export GO_VERSION=1.13
+export GO_VERSION=1.12
 if [ -f "./go.mod" ]; then GO_VERSION="$(grep '^go .*' go.mod | awk '{print $2}')"; export GO_VERSION; fi
-#if [ "${GO_VERSION}" == '1.15' ]; then export GO_VERSION=1.15rc2; fi
+#if [ "${GO_VERSION}" == '1.13' ]; then export GO_VERSION=1.13rc2; fi
 echo "Selected Go version: ${GO_VERSION}"
 
 if [ -f "./.semaphoreci/golang.sh" ]; then ./.semaphoreci/golang.sh; fi

.semaphoreci/vars

@@ -10,7 +10,7 @@ else
   export VERSION=''
 fi
 
-export CODENAME=picodon
+export CODENAME=cantal
 
 export N_MAKE_JOBS=2
 

.travis.yml

@@ -11,7 +11,7 @@ env:
   global:
     - REPO=$TRAVIS_REPO_SLUG
     - VERSION=$TRAVIS_TAG
-    - CODENAME=picodon
+    - CODENAME=cantal
     - GO111MODULE=on
 
 script:
@@ -30,9 +30,7 @@ before_deploy:
         make release-packages;
       fi;
       curl -sfL https://raw.githubusercontent.com/containous/structor/master/godownloader.sh | bash -s -- -b "${GOPATH}/bin" ${STRUCTOR_VERSION}
-      curl -sSfL https://raw.githubusercontent.com/traefik/mixtus/master/godownloader.sh | sh -s -- -b "${GOPATH}/bin" ${MIXTUS_VERSION}
       structor -o containous -r traefik --dockerfile-url="https://raw.githubusercontent.com/containous/traefik/v1.7/docs.Dockerfile" --menu.js-url="https://raw.githubusercontent.com/containous/structor/master/traefik-menu.js.gotmpl" --rqts-url="https://raw.githubusercontent.com/containous/structor/master/requirements-override.txt" --force-edit-url --exp-branch=master --debug;
-      mixtus --dst-doc-path="./traefik" --dst-owner=traefik --dst-repo-name=doc --git-user-email="30906710+traefiker@users.noreply.github.com" --git-user-name=traefiker --src-doc-path="./site" --src-owner=containous --src-repo-name=traefik;
     fi
 
 deploy:

CHANGELOG.md

@@ -1,346 +1,3 @@
-## [v2.3.0-rc5](https://github.com/containous/traefik/tree/v2.3.0-rc5) (2020-09-07)
-[All Commits](https://github.com/containous/traefik/compare/v2.3.0-rc4...v2.3.0-rc5)
-
-**Enhancements:**
-- **[k8s,k8s/ingress]** Add example for the IngressClass usage ([#7219](https://github.com/containous/traefik/pull/7219) by [SantoDE](https://github.com/SantoDE))
-- **[plugins]** Improve plugins builder. ([#7255](https://github.com/containous/traefik/pull/7255) by [ldez](https://github.com/ldez))
-
-**Bug fixes:**
-- **[pilot,webui]** Add ability to dismiss pilot notification ([#7200](https://github.com/containous/traefik/pull/7200) by [matthieuh](https://github.com/matthieuh))
-
-**Misc:**
-- Merge current v2.2 branch into v2.3 ([#7249](https://github.com/containous/traefik/pull/7249) by [ldez](https://github.com/ldez))
-- Merge current v2.2 branch into v2.3 ([#7218](https://github.com/containous/traefik/pull/7218) by [ldez](https://github.com/ldez))
-
-## [v2.2.11](https://github.com/containous/traefik/tree/v2.2.11) (2020-09-07)
-[All Commits](https://github.com/containous/traefik/compare/v2.2.10...v2.2.11)
-
-**Bug fixes:**
-- **[middleware]** fix: header middleware response writer. ([#7252](https://github.com/containous/traefik/pull/7252) by [ldez](https://github.com/ldez))
-
-**Documentation:**
-- **[healthcheck]** Clarified hostname documentation for load balancer healthcheck ([#7254](https://github.com/containous/traefik/pull/7254) by [AndrewSav](https://github.com/AndrewSav))
-
-## [v2.2.10](https://github.com/containous/traefik/tree/v2.2.10) (2020-09-04)
-[All Commits](https://github.com/containous/traefik/compare/v2.2.7...v2.2.10)
-
-**Bug fixes:**
-- **[acme]** Update go-acme/lego to v4.0.1 ([#7238](https://github.com/containous/traefik/pull/7238) by [ldez](https://github.com/ldez))
-- **[middleware]** Add missing IPStrategy struct tag for YAML ([#7233](https://github.com/containous/traefik/pull/7233) by [kevinpollet](https://github.com/kevinpollet))
-- **[middleware]** Headers response modifier is directly applied by headers middleware ([#7230](https://github.com/containous/traefik/pull/7230) by [juliens](https://github.com/juliens))
-- **[webui]** chore(webui): upgrade nodejs to Node current LTS ([#7125](https://github.com/containous/traefik/pull/7125) by [Slashgear](https://github.com/Slashgear))
-
-**Documentation:**
-- **[docker]** doc: fix dead link. ([#7172](https://github.com/containous/traefik/pull/7172) by [ldez](https://github.com/ldez))
-- **[k8s]** kubernetes-crd: fix whitespace in configuration examples ([#7134](https://github.com/containous/traefik/pull/7134) by [NT-florianernst](https://github.com/NT-florianernst))
-- **[k8s]** doc: replace underscore by hyphen for k8s metadata names. ([#7131](https://github.com/containous/traefik/pull/7131) by [ldez](https://github.com/ldez))
-- **[logs]** doc: added tz section to access log ([#7178](https://github.com/containous/traefik/pull/7178) by [notsureifkevin](https://github.com/notsureifkevin))
-- **[tls]** doc: Minor language improvement in TLS documentation ([#7206](https://github.com/containous/traefik/pull/7206) by [sharmarajdaksh](https://github.com/sharmarajdaksh))
-- doc: fix typo in migration guide ([#7181](https://github.com/containous/traefik/pull/7181) by [ScuttleSE](https://github.com/ScuttleSE))
-- doc: specify HostSNI rule removal only for HTTP routers ([#7237](https://github.com/containous/traefik/pull/7237) by [rtribotte](https://github.com/rtribotte))
-- Reorder migrations for v2 minor upgrades ([#7214](https://github.com/containous/traefik/pull/7214) by [peschmae](https://github.com/peschmae))
-- Harmonize docs ([#7124](https://github.com/containous/traefik/pull/7124) by [matthieuh](https://github.com/matthieuh))
-
-## [v2.2.9](https://github.com/containous/traefik/tree/v2.2.9) (2020-09-04)
-[All Commits](https://github.com/containous/traefik/compare/v2.2.8...v2.2.9)
-
-Release canceled due to a bad tag.
-
-## [v2.3.0-rc4](https://github.com/containous/traefik/tree/v2.3.0-rc4) (2020-08-19)
-[All Commits](https://github.com/containous/traefik/compare/v2.3.0-rc3...v2.3.0-rc4)
-
-**Enhancements:**
-- **[metrics,pilot]** Pilot metrics provider ([#7139](https://github.com/containous/traefik/pull/7139) by [rtribotte](https://github.com/rtribotte))
-
-**Bug fixes:**
-- **[ecs]** Improve region resolution for ECS provider ([#7145](https://github.com/containous/traefik/pull/7145) by [kevinpollet](https://github.com/kevinpollet))
-- **[tracing]** Update jaeger-client-go dependency to v2.25.0 ([#7198](https://github.com/containous/traefik/pull/7198) by [kevinpollet](https://github.com/kevinpollet))
-
-**Documentation:**
-- **[k8s]** docs: add missing apigroup to Kubernetes RBAC ([#7199](https://github.com/containous/traefik/pull/7199) by [kevinpollet](https://github.com/kevinpollet))
-
-**Misc:**
-- Merge current v2.2 branch into v2.3 ([#7175](https://github.com/containous/traefik/pull/7175) by [ldez](https://github.com/ldez))
-- Merge current v2.2 branch into v2.3 ([#7160](https://github.com/containous/traefik/pull/7160) by [ldez](https://github.com/ldez))
-
-## [v2.3.0-rc3](https://github.com/containous/traefik/tree/v2.3.0-rc3) (2020-07-28)
-[All Commits](https://github.com/containous/traefik/compare/v2.3.0-rc2...v2.3.0-rc3)
-
-**Bug fixes:**
-- **[k8s,k8s/ingress]** Support Kubernetes Ingress pathType ([#7087](https://github.com/containous/traefik/pull/7087) by [rtribotte](https://github.com/rtribotte))
-- **[k8s,k8s/ingress]** Use semantic versioning to enable ingress class support ([#7065](https://github.com/containous/traefik/pull/7065) by [kevinpollet](https://github.com/kevinpollet))
-- **[provider]** file parser: skip nil value. ([#7058](https://github.com/containous/traefik/pull/7058) by [ldez](https://github.com/ldez))
-
-**Documentation:**
-- **[ecs]** Fix documentation for ECS ([#7107](https://github.com/containous/traefik/pull/7107) by [mmatur](https://github.com/mmatur))
-- **[k8s]** Add migration documentation for IngressClass ([#7083](https://github.com/containous/traefik/pull/7083) by [kevinpollet](https://github.com/kevinpollet))
-- **[plugins]** Update availability info ([#7060](https://github.com/containous/traefik/pull/7060) by [PCM2](https://github.com/PCM2))
-
-**Misc:**
-- Merge current v2.2 branch into v2.3 ([#7116](https://github.com/containous/traefik/pull/7116) by [ldez](https://github.com/ldez))
-- Merge current v2.2 branch into v2.3 ([#7086](https://github.com/containous/traefik/pull/7086) by [jbdoumenjou](https://github.com/jbdoumenjou))
-
-## [v2.2.8](https://github.com/containous/traefik/tree/v2.2.8) (2020-07-28)
-[All Commits](https://github.com/containous/traefik/compare/v2.2.7...v2.2.8)
-
-**Bug fixes:**
-- **[webui]** fix: clean X-Forwarded-Prefix header for the dashboard. ([#7109](https://github.com/containous/traefik/pull/7109) by [ldez](https://github.com/ldez))
-
-**Documentation:**
-- **[docker]** spelling(docs/content/routing/providers/docker.md) ([#7101](https://github.com/containous/traefik/pull/7101) by [szczot3k](https://github.com/szczot3k))
-- **[k8s]** doc: add name of used key for kubernetes client auth ([#7068](https://github.com/containous/traefik/pull/7068) by [smueller18](https://github.com/smueller18))
-
-## [v2.2.7](https://github.com/containous/traefik/tree/v2.2.7) (2020-07-20)
-[All Commits](https://github.com/containous/traefik/compare/v2.2.6...v2.2.7)
-
-**Bug fixes:**
-- **[server,tls]** fix: drop host port to compare with SNI. ([#7071](https://github.com/containous/traefik/pull/7071) by [ldez](https://github.com/ldez))
-
-## [v2.2.6](https://github.com/containous/traefik/tree/v2.2.6) (2020-07-17)
-[All Commits](https://github.com/containous/traefik/compare/v2.2.5...v2.2.6)
-
-**Bug fixes:**
-- **[logs]** fix: access logs header names filtering is case insensitive ([#6900](https://github.com/containous/traefik/pull/6900) by [mjeanroy](https://github.com/mjeanroy))
-- **[provider]** Get Entrypoints Port Address without protocol for redirect ([#7047](https://github.com/containous/traefik/pull/7047) by [SantoDE](https://github.com/SantoDE))
-- **[tls]** Fix domain fronting ([#7064](https://github.com/containous/traefik/pull/7064) by [juliens](https://github.com/juliens))
-
-**Documentation:**
-- fix: documentation references. ([#7049](https://github.com/containous/traefik/pull/7049) by [ldez](https://github.com/ldez))
-- Add example for entrypoint on one ip address ([#6483](https://github.com/containous/traefik/pull/6483) by [SimonHeimberg](https://github.com/SimonHeimberg))
-
-## [v2.3.0-rc2](https://github.com/containous/traefik/tree/v2.3.0-rc2) (2020-07-15)
-[All Commits](https://github.com/containous/traefik/compare/v2.3.0-rc1...v2.3.0-rc2)
-
-**Misc:**
-- fix: goreleaser build commands.
-
-## [v2.3.0-rc1](https://github.com/containous/traefik/tree/v2.3.0-rc1) (2020-07-15)
-[All Commits](https://github.com/containous/traefik/compare/v2.2.0-rc1...v2.3.0-rc1)
-
-**Enhancements:**
-- **[api]** Add custom ping http code when Traefik is terminating ([#6696](https://github.com/containous/traefik/pull/6696) by [L3o-pold](https://github.com/L3o-pold))
-- **[ecs]** Add AWS ECS provider ([#6749](https://github.com/containous/traefik/pull/6749) by [alekitto](https://github.com/alekitto))
-- **[file]** feat: use parser to load dynamic config from file. ([#6875](https://github.com/containous/traefik/pull/6875) by [ldez](https://github.com/ldez))
-- **[k8s,k8s/crd,k8s/ingress]** Upgrade Client-go to 0.18.2 ([#6779](https://github.com/containous/traefik/pull/6779) by [dtomcej](https://github.com/dtomcej))
-- **[k8s,k8s/ingress]** Add new ingressClass support to ingress provider ([#6831](https://github.com/containous/traefik/pull/6831) by [dtomcej](https://github.com/dtomcej))
-- **[plugins]** Traefik Pilot: plugins support and alert system (EXPERIMENTAL FEATURES) ([#7041](https://github.com/containous/traefik/pull/7041) by [ldez](https://github.com/ldez))
-- **[provider]** Add HTTP Provider ([#6976](https://github.com/containous/traefik/pull/6976) by [kevinpollet](https://github.com/kevinpollet))
-- **[webui]** Add iOS specific icons ([#6946](https://github.com/containous/traefik/pull/6946) by [Heisenberg74](https://github.com/Heisenberg74))
-
-**Bug fixes:**
-- **[k8s,k8s/ingress]** Delete an unnecessary warning log ([#6568](https://github.com/containous/traefik/pull/6568) by [jbdoumenjou](https://github.com/jbdoumenjou))
-- **[middleware]** Allow multiple secure middlewares to operate independently  ([#6604](https://github.com/containous/traefik/pull/6604) by [dtomcej](https://github.com/dtomcej))
-
-**Documentation:**
-- **[middleware]** Fixes config samples regarding forceSlash option ([#6811](https://github.com/containous/traefik/pull/6811) by [volkerw00](https://github.com/volkerw00))
-
-**Misc:**
-- Merge current v2.2 branch into master ([#7052](https://github.com/containous/traefik/pull/7052) by [ldez](https://github.com/ldez))
-- Merge current v2.2 branch into master ([#7022](https://github.com/containous/traefik/pull/7022) by [jbdoumenjou](https://github.com/jbdoumenjou))
-- Merge current v2.2 branch into master ([#6921](https://github.com/containous/traefik/pull/6921) by [jbdoumenjou](https://github.com/jbdoumenjou))
-- Merge current v2.2 branch into master ([#6822](https://github.com/containous/traefik/pull/6822) by [mmatur](https://github.com/mmatur))
-- Merge current v2.2 branch into master ([#6754](https://github.com/containous/traefik/pull/6754) by [ldez](https://github.com/ldez))
-- Merge current v2.2 branch into master ([#6533](https://github.com/containous/traefik/pull/6533) by [ldez](https://github.com/ldez))
-- Merge current v2.2 branch into master ([#6468](https://github.com/containous/traefik/pull/6468) by [ldez](https://github.com/ldez))
-
-## [v2.2.5](https://github.com/containous/traefik/tree/v2.2.5) (2020-07-13)
-[All Commits](https://github.com/containous/traefik/compare/v2.2.4...v2.2.5)
-
-**Bug fixes:**
-- **[k8s,k8s/crd]** fix k8s crd to read contentType middleware into dynamic config ([#7034](https://github.com/containous/traefik/pull/7034) by [johnpekcan](https://github.com/johnpekcan))
-- **[rules,server,tls]** Revert domain fronting fix ([#7039](https://github.com/containous/traefik/pull/7039) by [rtribotte](https://github.com/rtribotte))
-- **[tls]** Fix default value for InsecureSNI when global is not set ([#7037](https://github.com/containous/traefik/pull/7037) by [juliens](https://github.com/juliens))
-
-## [v2.2.4](https://github.com/containous/traefik/tree/v2.2.4) (2020-07-10)
-[All Commits](https://github.com/containous/traefik/compare/v2.2.3...v2.2.4)
-
-**Bug fixes:**
-- **[tls]** Change the default value of insecureSNI ([#7027](https://github.com/containous/traefik/pull/7027) by [jbdoumenjou](https://github.com/jbdoumenjou))
-
-## [v2.2.3](https://github.com/containous/traefik/tree/v2.2.3) (2020-07-09)
-[All Commits](https://github.com/containous/traefik/compare/v2.2.2...v2.2.3)
-
-**Bug fixes:**
-- **[middleware]** Fix panic when using chain middleware. ([#7016](https://github.com/containous/traefik/pull/7016) by [juliens](https://github.com/juliens))
-
-## [v2.2.2](https://github.com/containous/traefik/tree/v2.2.2) (2020-07-08)
-[All Commits](https://github.com/containous/traefik/compare/v2.2.1...v2.2.2)
-
-**Bug fixes:**
-- **[acme]** Update go-acme/lego to v3.8.0 ([#6988](https://github.com/containous/traefik/pull/6988) by [ldez](https://github.com/ldez))
-- **[acme]** Fix triggering multiple concurrent requests to ACME ([#6939](https://github.com/containous/traefik/pull/6939) by [ddtmachado](https://github.com/ddtmachado))
-- **[acme]** Update go-acme/lego to v3.7.0 ([#6792](https://github.com/containous/traefik/pull/6792) by [ldez](https://github.com/ldez))
-- **[acme]** added required quotes to domains config ([#6867](https://github.com/containous/traefik/pull/6867) by [tompson](https://github.com/tompson))
-- **[authentication,logs,middleware]** Provide username in log data on auth failure ([#6827](https://github.com/containous/traefik/pull/6827) by [rtribotte](https://github.com/rtribotte))
-- **[docker]** Use specified network for "container" network mode ([#6763](https://github.com/containous/traefik/pull/6763) by [bjeanes](https://github.com/bjeanes))
-- **[k8s,k8s/crd]** Remove checkStringQuoteValidity in loadIngressRouteConf ([#6775](https://github.com/containous/traefik/pull/6775) by [fefe982](https://github.com/fefe982))
-- **[middleware,websocket]** Fix wss in x-forwarded-proto ([#6752](https://github.com/containous/traefik/pull/6752) by [juliens](https://github.com/juliens))
-- **[middleware]** internal handlers: support for response modifiers ([#6750](https://github.com/containous/traefik/pull/6750) by [mpl](https://github.com/mpl))
-- **[middleware]** Fix ipv6 handling in redirect middleware ([#6902](https://github.com/containous/traefik/pull/6902) by [rtribotte](https://github.com/rtribotte))
-- **[middleware]** refactor X-Forwarded-Proto ([#6863](https://github.com/containous/traefik/pull/6863) by [jcgruenhage](https://github.com/jcgruenhage))
-- **[provider]** Fix race condition issues with provided dynamic configuration ([#6979](https://github.com/containous/traefik/pull/6979) by [kevinpollet](https://github.com/kevinpollet))
-- **[rules,server,tls]** Disable domain fronting ([#7008](https://github.com/containous/traefik/pull/7008) by [rtribotte](https://github.com/rtribotte))
-- **[udp]** Fix mem leak on UDP connections ([#6815](https://github.com/containous/traefik/pull/6815) by [ddtmachado](https://github.com/ddtmachado))
-- **[udp]** Avoid overwriting already received UDP messages ([#6797](https://github.com/containous/traefik/pull/6797) by [cbachert](https://github.com/cbachert))
-- **[webui]** Add missing accessControlAllowOrigin list to middleware view ([#6747](https://github.com/containous/traefik/pull/6747) by [barthez](https://github.com/barthez))
-
-**Documentation:**
-- **[acme]** Fix doc url for Aurora DNS provider ([#6899](https://github.com/containous/traefik/pull/6899) by [rtribotte](https://github.com/rtribotte))
-- **[acme]** Fix acme.md typo ([#6817](https://github.com/containous/traefik/pull/6817) by [juliocc](https://github.com/juliocc))
-- **[acme]** fix certResolver typo ([#6983](https://github.com/containous/traefik/pull/6983) by [DavidBadura](https://github.com/DavidBadura))
-- **[acme]** Fix statement about lego _FILE env var ([#6964](https://github.com/containous/traefik/pull/6964) by [solvaholic](https://github.com/solvaholic))
-- **[acme]** Improve acme CLI options in Let's Encrypt documentation  ([#6762](https://github.com/containous/traefik/pull/6762) by [netoax](https://github.com/netoax))
-- **[docker]** fix a broken link on Docker plugins documentation ([#6908](https://github.com/containous/traefik/pull/6908) by [jbdoumenjou](https://github.com/jbdoumenjou))
-- **[docker]** Fix healthcheck.interval in docs ([#6847](https://github.com/containous/traefik/pull/6847) by [OndrejIT](https://github.com/OndrejIT))
-- **[k8s,k8s/ingress]** Remove redundant paragraph in Kubernetes ingress documentation ([#6806](https://github.com/containous/traefik/pull/6806) by [lpfann](https://github.com/lpfann))
-- **[k8s,k8s/ingress]** Fix sticky cookie ingress annotation doc ([#6938](https://github.com/containous/traefik/pull/6938) by [rtribotte](https://github.com/rtribotte))
-- **[k8s]** fixing typo in Provider KubernetesIngress at Routing documentation ([#6845](https://github.com/containous/traefik/pull/6845) by [sw360cab](https://github.com/sw360cab))
-- **[k8s]** Update kubernetes-crd.md ([#6878](https://github.com/containous/traefik/pull/6878) by [rherrick](https://github.com/rherrick))
-- **[logs]** Fixed incorrect logging parameter in documentation ([#6819](https://github.com/containous/traefik/pull/6819) by [cplewnia](https://github.com/cplewnia))
-- **[logs]** Use "headers" instead of "header" in access log docs ([#6836](https://github.com/containous/traefik/pull/6836) by [bradjones1](https://github.com/bradjones1))
-- **[middleware,k8s/crd]** Fix Headers middleware documentation, usage of proper bool ([#6928](https://github.com/containous/traefik/pull/6928) by [rtribotte](https://github.com/rtribotte))
-- **[middleware]** Improve redirectScheme documentation ([#6769](https://github.com/containous/traefik/pull/6769) by [dtomcej](https://github.com/dtomcej))
-- **[middleware]** Update basicauth.md ([#6967](https://github.com/containous/traefik/pull/6967) by [vitalets](https://github.com/vitalets))
-- Update Dashboard examples and move it after 'Router Rule' section ([#6874](https://github.com/containous/traefik/pull/6874) by [ddtmachado](https://github.com/ddtmachado))
-- Fix log field names in documentation ([#6952](https://github.com/containous/traefik/pull/6952) by [gysel](https://github.com/gysel))
-- Minor fix to Go templating documentation ([#6977](https://github.com/containous/traefik/pull/6977) by [PCM2](https://github.com/PCM2))
-- Add rtribotte to maintainers ([#6936](https://github.com/containous/traefik/pull/6936) by [emilevauge](https://github.com/emilevauge))
-- Update Copyright ([#6795](https://github.com/containous/traefik/pull/6795) by [mmatur](https://github.com/mmatur))
-- fix: dead link. ([#6876](https://github.com/containous/traefik/pull/6876) by [ldez](https://github.com/ldez))
-- Fix v1-> v2 migration: unify domain name in documentation example ([#6904](https://github.com/containous/traefik/pull/6904) by [sinacek](https://github.com/sinacek))
-
-## [v2.2.1](https://github.com/containous/traefik/tree/v2.2.1) (2020-04-29)
-[All Commits](https://github.com/containous/traefik/compare/v2.2.0...v2.2.1)
-
-**Bug fixes:**
-- **[acme]** Update go-acme/lego to v3.6.0 ([#6727](https://github.com/containous/traefik/pull/6727) by [ldez](https://github.com/ldez))
-- **[consulcatalog]** Normalize default names for ConsulCatalog. ([#6593](https://github.com/containous/traefik/pull/6593) by [ldez](https://github.com/ldez))
-- **[internal]** Change the default priority on the router created by the redirect. ([#6588](https://github.com/containous/traefik/pull/6588) by [ldez](https://github.com/ldez))
-- **[k8s,k8s/ingress]** Delete an unnecessary warning log ([#6624](https://github.com/containous/traefik/pull/6624) by [jbdoumenjou](https://github.com/jbdoumenjou))
-- **[middleware]** ratelimit: do not default to ipstrategy too early ([#6713](https://github.com/containous/traefik/pull/6713) by [mpl](https://github.com/mpl))
-- **[rancher,webui]** It's just the one TLS, actually. ([#6606](https://github.com/containous/traefik/pull/6606) by [RealOrangeOne](https://github.com/RealOrangeOne))
-- **[server]** Fix case-sensitive header Sec-Websocket-Version ([#6698](https://github.com/containous/traefik/pull/6698) by [tbrandstetter](https://github.com/tbrandstetter))
-- **[udp]** fix: consider UDP when checking for empty config ([#6683](https://github.com/containous/traefik/pull/6683) by [nrwiersma](https://github.com/nrwiersma))
-- **[websocket]** FIx wS heAder ([#6660](https://github.com/containous/traefik/pull/6660) by [mmatur](https://github.com/mmatur))
-- **[websocket]** Manage case for all Websocket headers ([#6705](https://github.com/containous/traefik/pull/6705) by [mmatur](https://github.com/mmatur))
-- **[webui]** Disable distribution of the WebUI as PWA ([#6717](https://github.com/containous/traefik/pull/6717) by [SantoDE](https://github.com/SantoDE))
-- **[webui]** Add polling for getOverview in toolbar ([#6611](https://github.com/containous/traefik/pull/6611) by [lukashass](https://github.com/lukashass))
-
-**Documentation:**
-- **[api]** Fix documentation about api.insecure defaults ([#6671](https://github.com/containous/traefik/pull/6671) by [thisismydesign](https://github.com/thisismydesign))
-- **[docker,k8s,k8s/ingress,marathon,rancher,sticky-session]** fix: cookie documentation. ([#6745](https://github.com/containous/traefik/pull/6745) by [ldez](https://github.com/ldez))
-- **[file]** Edit code indentation for correct alignment ([#6691](https://github.com/containous/traefik/pull/6691) by [fbruetting](https://github.com/fbruetting))
-- **[healthcheck,k8s,k8s/crd]** Add note about health check in kubernetes ([#6647](https://github.com/containous/traefik/pull/6647) by [mmatur](https://github.com/mmatur))
-- **[k8s,k8s/crd]** docs: Update kubernetes-crd-resource.yml ([#6741](https://github.com/containous/traefik/pull/6741) by [rdxmb](https://github.com/rdxmb))
-- **[k8s,k8s/crd]** doc: improve CRD documentation. ([#6681](https://github.com/containous/traefik/pull/6681) by [ldez](https://github.com/ldez))
-- **[k8s/crd]** doc: add apiVersion for "kind: Middleware" ([#6734](https://github.com/containous/traefik/pull/6734) by [yuyicai](https://github.com/yuyicai))
-- **[k8s/helm]** Update the documentation for helm chart ([#6744](https://github.com/containous/traefik/pull/6744) by [mmatur](https://github.com/mmatur))
-- **[k8s]** Add sentence about the resource namespace and middleware ([#6719](https://github.com/containous/traefik/pull/6719) by [SantoDE](https://github.com/SantoDE))
-- **[kv]** fix KV service docs for http:url and tcp:address ([#6720](https://github.com/containous/traefik/pull/6720) by [bryfry](https://github.com/bryfry))
-- **[logs]** Add Access log chapter for migration v1->v2 ([#6689](https://github.com/containous/traefik/pull/6689) by [MartinKoerner](https://github.com/MartinKoerner))
-- **[middleware]** Update headers.md ([#6675](https://github.com/containous/traefik/pull/6675) by [jamct](https://github.com/jamct))
-- **[middleware]** Doc middleware compress content type ([#6738](https://github.com/containous/traefik/pull/6738) by [rtribotte](https://github.com/rtribotte))
-- **[tracing]** Add link to tracing with elastic ([#6673](https://github.com/containous/traefik/pull/6673) by [collinmutembei](https://github.com/collinmutembei))
-- Added missing text `a yaml file` in Configuration ([#6663](https://github.com/containous/traefik/pull/6663) by [fsoedjede](https://github.com/fsoedjede))
-- Fix typos in the documentation ([#6650](https://github.com/containous/traefik/pull/6650) by [SuperSandro2000](https://github.com/SuperSandro2000))
-- Fix documentation ([#6648](https://github.com/containous/traefik/pull/6648) by [mmatur](https://github.com/mmatur))
-- Fix bad address syntax in Global HTTP to HTTPS redirection v2 TOML ([#6619](https://github.com/containous/traefik/pull/6619) by [Beetix](https://github.com/Beetix))
-- Doc Fix for 2.2 Redirects ([#6595](https://github.com/containous/traefik/pull/6595) by [ajschmidt8](https://github.com/ajschmidt8))
-
-## [v2.2.0](https://github.com/containous/traefik/tree/v2.2.0) (2020-03-25)
-[All Commits](https://github.com/containous/traefik/compare/v2.1.0-rc1...v2.2.0)
-
-**Enhancements:**
-- **[acme,middleware,tls]** Entry point redirection and default routers configuration ([#6417](https://github.com/containous/traefik/pull/6417) by [ldez](https://github.com/ldez))
-- **[consul,etcd,kv,redis,zk]** Add KV store providers (dynamic configuration only) ([#5899](https://github.com/containous/traefik/pull/5899) by [ldez](https://github.com/ldez))
-- **[consulcatalog,docker,marathon,rancher,udp]** Add UDP in providers with labels ([#6327](https://github.com/containous/traefik/pull/6327) by [juliens](https://github.com/juliens))
-- **[docker]** Fix traefik behavior when network_mode is host ([#5698](https://github.com/containous/traefik/pull/5698) by [FuNK3Y](https://github.com/FuNK3Y))
-- **[docker]** Support SSH connection to Docker ([#5969](https://github.com/containous/traefik/pull/5969) by [sh7dm](https://github.com/sh7dm))
-- **[healthcheck]** Do not follow redirects for the health check URLs ([#5147](https://github.com/containous/traefik/pull/5147) by [coder-hugo](https://github.com/coder-hugo))
-- **[k8s,k8s/crd,udp]** Add UDP support in kubernetesCRD provider ([#6348](https://github.com/containous/traefik/pull/6348) by [jbdoumenjou](https://github.com/jbdoumenjou))
-- **[k8s,k8s/crd]** Add TLSStores to Kubernetes CRD ([#6270](https://github.com/containous/traefik/pull/6270) by [dtomcej](https://github.com/dtomcej))
-- **[k8s,k8s/crd]** Add namespace attribute on IngressRouteTCP service ([#6085](https://github.com/containous/traefik/pull/6085) by [jbdoumenjou](https://github.com/jbdoumenjou))
-- **[k8s,k8s/ingress]** Support 'networking.k8s.io/v1beta1' ingress apiVersion ([#6171](https://github.com/containous/traefik/pull/6171) by [ldez](https://github.com/ldez))
-- **[k8s,k8s/ingress]** Update deprecated function call in k8s providers  ([#5241](https://github.com/containous/traefik/pull/5241) by [Wagum](https://github.com/Wagum))
-- **[k8s,k8s/ingress]** Add Ingress annotations support ([#6160](https://github.com/containous/traefik/pull/6160) by [ldez](https://github.com/ldez))
-- **[k8s,k8s/ingress]** systematically call updateIngressStatus ([#6148](https://github.com/containous/traefik/pull/6148) by [mpl](https://github.com/mpl))
-- **[logs,middleware]** Rename the non-exposed field "count" to "size" ([#6048](https://github.com/containous/traefik/pull/6048) by [sylr](https://github.com/sylr))
-- **[logs,middleware]** Add http request scheme to logger ([#6226](https://github.com/containous/traefik/pull/6226) by [valtlfelipe](https://github.com/valtlfelipe))
-- **[logs]** Decrease log level for client related error ([#6204](https://github.com/containous/traefik/pull/6204) by [sylr](https://github.com/sylr))
-- **[metrics]** Add metrics about TLS ([#6255](https://github.com/containous/traefik/pull/6255) by [sylr](https://github.com/sylr))
-- **[middleware]** Add period for rate limiter middleware ([#6055](https://github.com/containous/traefik/pull/6055) by [mpl](https://github.com/mpl))
-- **[middleware]** Let metrics libs handle the atomicity ([#5738](https://github.com/containous/traefik/pull/5738) by [sylr](https://github.com/sylr))
-- **[middleware]** Rework access control origin configuration ([#5996](https://github.com/containous/traefik/pull/5996) by [dtomcej](https://github.com/dtomcej))
-- **[middleware]** Add serial number certificate to forward headers ([#5915](https://github.com/containous/traefik/pull/5915) by [dkijkuit](https://github.com/dkijkuit))
-- **[rancher]** Duration order consistency when multiplying number by time unit ([#5885](https://github.com/containous/traefik/pull/5885) by [maxifom](https://github.com/maxifom))
-- **[server,udp]** UDP support ([#6172](https://github.com/containous/traefik/pull/6172) by [mpl](https://github.com/mpl))
-- **[service]** Use EDF schedule algorithm for WeightedRoundRobin ([#6206](https://github.com/containous/traefik/pull/6206) by [pkumza](https://github.com/pkumza))
-- **[service]** Support mirroring request body ([#6080](https://github.com/containous/traefik/pull/6080) by [dmitriyminer](https://github.com/dmitriyminer))
-- **[tls]** Allow PreferServerCipherSuites as a TLS Option ([#6248](https://github.com/containous/traefik/pull/6248) by [dtomcej](https://github.com/dtomcej))
-- **[tracing]** Update APM client. ([#6152](https://github.com/containous/traefik/pull/6152) by [ldez](https://github.com/ldez))
-- **[tracing]** Elastic APM tracer implementation ([#5870](https://github.com/containous/traefik/pull/5870) by [amine7536](https://github.com/amine7536))
-- **[udp,webui]** WebUI: add udp pages ([#6313](https://github.com/containous/traefik/pull/6313) by [matthieuh](https://github.com/matthieuh))
-- **[webui]** Web UI: Polling on tables ([#5909](https://github.com/containous/traefik/pull/5909) by [matthieuh](https://github.com/matthieuh))
-- **[webui]** Proxy API to Traefik in dev mode ([#5980](https://github.com/containous/traefik/pull/5980) by [sh7dm](https://github.com/sh7dm))
-- **[webui]** Web UI: Table infinite scroll ([#5875](https://github.com/containous/traefik/pull/5875) by [matthieuh](https://github.com/matthieuh))
-- **[webui]** Web UI: Take off logic from generic table component ([#5910](https://github.com/containous/traefik/pull/5910) by [matthieuh](https://github.com/matthieuh))
-- **[webui]** Add dark theme for Web UI ([#6036](https://github.com/containous/traefik/pull/6036) by [sh7dm](https://github.com/sh7dm))
-- Update dependencies ([#6359](https://github.com/containous/traefik/pull/6359) by [ldez](https://github.com/ldez))
-
-**Bug fixes:**
-- **[acme]** Update go-acme/lego to v3.5.0 ([#6491](https://github.com/containous/traefik/pull/6491) by [ldez](https://github.com/ldez))
-- **[authentication,middleware]** digest auth: use RequireAuthStale when appropriate ([#6569](https://github.com/containous/traefik/pull/6569) by [mpl](https://github.com/mpl))
-- **[file]** Revert "Allow fsnotify to reload config files on k8s (or symlinks)" ([#6416](https://github.com/containous/traefik/pull/6416) by [juliens](https://github.com/juliens))
-- **[internal]** Fix entry point redirect behavior ([#6512](https://github.com/containous/traefik/pull/6512) by [ldez](https://github.com/ldez))
-- **[internal]** Router entry points on reload. ([#6444](https://github.com/containous/traefik/pull/6444) by [ldez](https://github.com/ldez))
-- **[k8s,k8s/crd]** Improve kubernetes external name service support ([#6428](https://github.com/containous/traefik/pull/6428) by [rtribotte](https://github.com/rtribotte))
-- **[k8s,k8s/ingress]** fix: Ingress TLS support ([#6504](https://github.com/containous/traefik/pull/6504) by [ldez](https://github.com/ldez))
-- **[k8s,k8s/ingress]** Improvement of the unique name of the router for Ingress. ([#6325](https://github.com/containous/traefik/pull/6325) by [ldez](https://github.com/ldez))
-- **[kv,redis]** Update valkeyrie to fix the support of Redis. ([#6291](https://github.com/containous/traefik/pull/6291) by [ldez](https://github.com/ldez))
-- **[kv]** fix: KV flaky tests. ([#6300](https://github.com/containous/traefik/pull/6300) by [ldez](https://github.com/ldez))
-- **[etcd,kv]** fix: etcd provider name. ([#6212](https://github.com/containous/traefik/pull/6212) by [ldez](https://github.com/ldez))
-- **[middleware]** fix: period field name. ([#6549](https://github.com/containous/traefik/pull/6549) by [ldez](https://github.com/ldez))
-- **[middleware]** fix: custom Host header. ([#6502](https://github.com/containous/traefik/pull/6502) by [ldez](https://github.com/ldez))
-- **[server,udp]** udp: replace concurrently reset timer with ticker ([#6498](https://github.com/containous/traefik/pull/6498) by [mpl](https://github.com/mpl))
-- **[server]** Drop traefik from default entry points. ([#6477](https://github.com/containous/traefik/pull/6477) by [ldez](https://github.com/ldez))
-- **[server]** fix: use MaxInt32. ([#5845](https://github.com/containous/traefik/pull/5845) by [ldez](https://github.com/ldez))
-- **[tracing]** Disable default APM tracer. ([#6410](https://github.com/containous/traefik/pull/6410) by [ldez](https://github.com/ldez))
-- **[udp]** Add missing generated element for UDP. ([#6309](https://github.com/containous/traefik/pull/6309) by [ldez](https://github.com/ldez))
-- **[udp]** Build all UDP services on an entrypoint ([#6329](https://github.com/containous/traefik/pull/6329) by [juliens](https://github.com/juliens))
-
-**Documentation:**
-- **[authentication,middleware]** docs: terminology, replace 'encoded' by 'hashed' ([#6478](https://github.com/containous/traefik/pull/6478) by [debovema](https://github.com/debovema))
-- **[acme]** Doc: fix wrong name of config format ([#6519](https://github.com/containous/traefik/pull/6519) by [Nek-](https://github.com/Nek-))
-- **[docker]** Fix example values for swarmModeRefreshSeconds ([#6460](https://github.com/containous/traefik/pull/6460) by [skjnldsv](https://github.com/skjnldsv))
-- **[k8s,k8s/crd,sticky-session]** docs: clarify multi-levels stickiness ([#6475](https://github.com/containous/traefik/pull/6475) by [mpl](https://github.com/mpl))
-- **[k8s,k8s/crd]** doc: fix terminationDelay word case. ([#6532](https://github.com/containous/traefik/pull/6532) by [ldez](https://github.com/ldez))
-- **[k8s,k8s/crd]** Update the k8s CRD documentation ([#6426](https://github.com/containous/traefik/pull/6426) by [jbdoumenjou](https://github.com/jbdoumenjou))
-- **[k8s,k8s/ingress]** Improve documentation for kubernetes ingress configuration ([#6440](https://github.com/containous/traefik/pull/6440) by [rtribotte](https://github.com/rtribotte))
-- **[k8s/helm]** Update traefik install documentation ([#6466](https://github.com/containous/traefik/pull/6466) by [mmatur](https://github.com/mmatur))
-- **[provider]** Update supported providers list. ([#6190](https://github.com/containous/traefik/pull/6190) by [ldez](https://github.com/ldez))
-- **[tcp,tls]** Specify passthrough for TCP/TLS in its own section ([#6459](https://github.com/containous/traefik/pull/6459) by [mpl](https://github.com/mpl))
-- doc: Use neutral domains. ([#6471](https://github.com/containous/traefik/pull/6471) by [ldez](https://github.com/ldez))
-- doc: fix typo. ([#6472](https://github.com/containous/traefik/pull/6472) by [ldez](https://github.com/ldez))
-- Improve ping documentation. ([#6476](https://github.com/containous/traefik/pull/6476) by [ldez](https://github.com/ldez))
-- Remove  @dduportal from the maintainers team ([#6464](https://github.com/containous/traefik/pull/6464) by [emilevauge](https://github.com/emilevauge))
-- Fix wrong copy/pasted with service name warning ([#6510](https://github.com/containous/traefik/pull/6510) by [Nek-](https://github.com/Nek-))
-- Update migration documentation ([#6447](https://github.com/containous/traefik/pull/6447) by [ldez](https://github.com/ldez))
-- Update version references. ([#6434](https://github.com/containous/traefik/pull/6434) by [ldez](https://github.com/ldez))
-- Fix broken documentation link ([#6430](https://github.com/containous/traefik/pull/6430) by [pbek](https://github.com/pbek))
-
-**Misc:**
-- **[rancher]** Stop using fork of go-rancher-metadata ([#6469](https://github.com/containous/traefik/pull/6469) by [ibuildthecloud](https://github.com/ibuildthecloud))
-- Merge current v2.1 branch into v2.2 ([#6564](https://github.com/containous/traefik/pull/6564) by [ldez](https://github.com/ldez))
-- Merge current v2.1 branch into v2.2 ([#6525](https://github.com/containous/traefik/pull/6525) by [ldez](https://github.com/ldez))
-- Merge current v2.1 branch into v2.2 ([#6516](https://github.com/containous/traefik/pull/6516) by [ldez](https://github.com/ldez))
-- Merge current v2.1 branch into master ([#6429](https://github.com/containous/traefik/pull/6429) by [ldez](https://github.com/ldez))
-- Merge current v2.1 branch into master ([#6409](https://github.com/containous/traefik/pull/6409) by [ldez](https://github.com/ldez))
-- Merge current v2.1 branch into master ([#6302](https://github.com/containous/traefik/pull/6302) by [ldez](https://github.com/ldez))
-- Merge current v2.1 branch into master ([#6216](https://github.com/containous/traefik/pull/6216) by [ldez](https://github.com/ldez))
-- Merge current v2.1 branch into master ([#6138](https://github.com/containous/traefik/pull/6138) by [ldez](https://github.com/ldez))
-- Merge current v2.1 branch into master ([#6004](https://github.com/containous/traefik/pull/6004) by [ldez](https://github.com/ldez))
-- Merge current v2.1 branch into master ([#5933](https://github.com/containous/traefik/pull/5933) by [ldez](https://github.com/ldez))
-
 ## [v2.1.9](https://github.com/containous/traefik/tree/v2.1.9) (2020-03-23)
 [All Commits](https://github.com/containous/traefik/compare/v2.1.8...v2.1.9)
 
@@ -351,46 +8,12 @@ Release canceled due to a bad tag.
 **Documentation:**
 - Fix tab name ([#6543](https://github.com/containous/traefik/pull/6543) by [mavimo](https://github.com/mavimo))
 
-## [v2.2.0-rc4](https://github.com/containous/traefik/tree/v2.2.0-rc4) (2020-03-19)
-[All Commits](https://github.com/containous/traefik/compare/v2.2.0-rc3...v2.2.0-rc4)
-
-**Documentation:**
-- **[acme]** Doc: fix wrong name of config format ([#6519](https://github.com/containous/traefik/pull/6519) by [Nek-](https://github.com/Nek-))
-
-**Misc:**
-- **[middleware]** Merge current v2.1 branch into v2.2 ([#6525](https://github.com/containous/traefik/pull/6525) by [ldez](https://github.com/ldez))
-
 ## [v2.1.8](https://github.com/containous/traefik/tree/v2.1.8) (2020-03-19)
 [All Commits](https://github.com/containous/traefik/compare/v2.1.7...v2.1.8)
 
 **Bug fixes:**
 - **[middleware,metrics]** Fix memory leak in metrics ([#6522](https://github.com/containous/traefik/pull/6522) by [juliens](https://github.com/juliens))
 
-## [v2.2.0-rc3](https://github.com/containous/traefik/tree/v2.2.0-rc3) (2020-03-18)
-[All Commits](https://github.com/containous/traefik/compare/v2.2.0-rc2...v2.2.0-rc3)
-
-**Enhancements:**
-- **[authentication,middleware]** docs: terminology, replace 'encoded' by 'hashed' ([#6478](https://github.com/containous/traefik/pull/6478) by [debovema](https://github.com/debovema))
-
-**Bug fixes:**
-- **[acme]** Update go-acme/lego to v3.5.0 ([#6491](https://github.com/containous/traefik/pull/6491) by [ldez](https://github.com/ldez))
-- **[internal]** Fix entry point redirect behavior ([#6512](https://github.com/containous/traefik/pull/6512) by [ldez](https://github.com/ldez))
-- **[k8s,k8s/ingress]** fix: Ingress TLS support ([#6504](https://github.com/containous/traefik/pull/6504) by [ldez](https://github.com/ldez))
-- **[middleware]** fix: custom Host header. ([#6502](https://github.com/containous/traefik/pull/6502) by [ldez](https://github.com/ldez))
-- **[server,udp]** udp: replace concurrently reset timer with ticker ([#6498](https://github.com/containous/traefik/pull/6498) by [mpl](https://github.com/mpl))
-- **[server]** Drop traefik from default entry points. ([#6477](https://github.com/containous/traefik/pull/6477) by [ldez](https://github.com/ldez))
-
-**Documentation:**
-- **[k8s,k8s/crd,sticky-session]** docs: clarify multi-levels stickiness ([#6475](https://github.com/containous/traefik/pull/6475) by [mpl](https://github.com/mpl))
-- **[k8s/helm]** Update traefik install documentation ([#6466](https://github.com/containous/traefik/pull/6466) by [mmatur](https://github.com/mmatur))
-- Fix wrong copy/pasted with service name warning ([#6510](https://github.com/containous/traefik/pull/6510) by [Nek-](https://github.com/Nek-))
-- Improve ping documentation. ([#6476](https://github.com/containous/traefik/pull/6476) by [ldez](https://github.com/ldez))
-- doc: fix typo. ([#6472](https://github.com/containous/traefik/pull/6472) by [ldez](https://github.com/ldez))
-- doc: Use neutral domains. ([#6471](https://github.com/containous/traefik/pull/6471) by [ldez](https://github.com/ldez))
-
-**Misc:**
-- **[rancher]** Stop using fork of go-rancher-metadata ([#6469](https://github.com/containous/traefik/pull/6469) by [ibuildthecloud](https://github.com/ibuildthecloud))
-
 ## [v2.1.7](https://github.com/containous/traefik/tree/v2.1.7) (2020-03-18)
 [All Commits](https://github.com/containous/traefik/compare/v2.1.6...v2.1.7)
 
@@ -404,86 +27,6 @@ Release canceled due to a bad tag.
 - **[acme]** Added wildcard ACME example ([#6423](https://github.com/containous/traefik/pull/6423) by [Basster](https://github.com/Basster))
 - **[acme]** fix typo ([#6408](https://github.com/containous/traefik/pull/6408) by [hamiltont](https://github.com/hamiltont))
 
-## [v2.2.0-rc2](https://github.com/containous/traefik/tree/v2.2.0-rc2) (2020-03-11)
-[All Commits](https://github.com/containous/traefik/compare/v2.2.0-rc1...v2.2.0-rc2)
-
-**Bug fixes:**
-- **[internal]** Router entry points on reload. ([#6444](https://github.com/containous/traefik/pull/6444) by [ldez](https://github.com/ldez))
-- **[k8s,k8s/crd]** Improve kubernetes external name service support ([#6428](https://github.com/containous/traefik/pull/6428) by [rtribotte](https://github.com/rtribotte))
-
-**Documentation:**
-- **[docker]** Fix example values for swarmModeRefreshSeconds ([#6460](https://github.com/containous/traefik/pull/6460) by [skjnldsv](https://github.com/skjnldsv))
-- **[k8s,k8s/ingress]** Improve documentation for kubernetes ingress configuration ([#6440](https://github.com/containous/traefik/pull/6440) by [rtribotte](https://github.com/rtribotte))
-- **[tcp,tls]** Specify passthrough for TCP/TLS in its own section ([#6459](https://github.com/containous/traefik/pull/6459) by [mpl](https://github.com/mpl))
-- Remove  @dduportal from the maintainers team ([#6464](https://github.com/containous/traefik/pull/6464) by [emilevauge](https://github.com/emilevauge))
-- Update migration documentation ([#6447](https://github.com/containous/traefik/pull/6447) by [ldez](https://github.com/ldez))
-- Update version references. ([#6434](https://github.com/containous/traefik/pull/6434) by [ldez](https://github.com/ldez))
-- Fix broken documentation link ([#6430](https://github.com/containous/traefik/pull/6430) by [pbek](https://github.com/pbek))
-
-## [v2.2.0-rc1](https://github.com/containous/traefik/tree/v2.2.0-rc1) (2020-03-05)
-[All Commits](https://github.com/containous/traefik/compare/v2.1.0-rc1...v2.2.0-rc1)
-
-**Enhancements:**
-- **[acme,middleware,tls]** Entry point redirection and default routers configuration ([#6417](https://github.com/containous/traefik/pull/6417) by [ldez](https://github.com/ldez))
-- **[consul,etcd,kv,redis,zk]** Add KV store providers (dynamic configuration only) ([#5899](https://github.com/containous/traefik/pull/5899) by [ldez](https://github.com/ldez))
-- **[consulcatalog,docker,marathon,rancher,udp]** Add UDP in providers with labels ([#6327](https://github.com/containous/traefik/pull/6327) by [juliens](https://github.com/juliens))
-- **[docker]** Fix traefik behavior when network_mode is host ([#5698](https://github.com/containous/traefik/pull/5698) by [FuNK3Y](https://github.com/FuNK3Y))
-- **[docker]** Support SSH connection to Docker ([#5969](https://github.com/containous/traefik/pull/5969) by [sh7dm](https://github.com/sh7dm))
-- **[healthcheck]** Do not follow redirects for the health check URLs ([#5147](https://github.com/containous/traefik/pull/5147) by [coder-hugo](https://github.com/coder-hugo))
-- **[k8s,k8s/crd,udp]** Add UDP support in kubernetesCRD provider ([#6348](https://github.com/containous/traefik/pull/6348) by [jbdoumenjou](https://github.com/jbdoumenjou))
-- **[k8s,k8s/crd]** Add TLSStores to Kubernetes CRD ([#6270](https://github.com/containous/traefik/pull/6270) by [dtomcej](https://github.com/dtomcej))
-- **[k8s,k8s/crd]** Add namespace attribute on IngressRouteTCP service ([#6085](https://github.com/containous/traefik/pull/6085) by [jbdoumenjou](https://github.com/jbdoumenjou))
-- **[k8s,k8s/ingress]** Support 'networking.k8s.io/v1beta1' ingress apiVersion ([#6171](https://github.com/containous/traefik/pull/6171) by [ldez](https://github.com/ldez))
-- **[k8s,k8s/ingress]** Update deprecated function call in k8s providers  ([#5241](https://github.com/containous/traefik/pull/5241) by [Wagum](https://github.com/Wagum))
-- **[k8s,k8s/ingress]** Add Ingress annotations support ([#6160](https://github.com/containous/traefik/pull/6160) by [ldez](https://github.com/ldez))
-- **[k8s,k8s/ingress]** systematically call updateIngressStatus ([#6148](https://github.com/containous/traefik/pull/6148) by [mpl](https://github.com/mpl))
-- **[logs,middleware]** Rename the non-exposed field "count" to "size" ([#6048](https://github.com/containous/traefik/pull/6048) by [sylr](https://github.com/sylr))
-- **[logs,middleware]** Add http request scheme to logger ([#6226](https://github.com/containous/traefik/pull/6226) by [valtlfelipe](https://github.com/valtlfelipe))
-- **[logs]** Decrease log level for client related error ([#6204](https://github.com/containous/traefik/pull/6204) by [sylr](https://github.com/sylr))
-- **[metrics]** Add metrics about TLS ([#6255](https://github.com/containous/traefik/pull/6255) by [sylr](https://github.com/sylr))
-- **[middleware]** Add period for rate limiter middleware ([#6055](https://github.com/containous/traefik/pull/6055) by [mpl](https://github.com/mpl))
-- **[middleware]** Let metrics libs handle the atomicity ([#5738](https://github.com/containous/traefik/pull/5738) by [sylr](https://github.com/sylr))
-- **[middleware]** Rework access control origin configuration ([#5996](https://github.com/containous/traefik/pull/5996) by [dtomcej](https://github.com/dtomcej))
-- **[middleware]** Add serial number certificate to forward headers ([#5915](https://github.com/containous/traefik/pull/5915) by [dkijkuit](https://github.com/dkijkuit))
-- **[rancher]** Duration order consistency when multiplying number by time unit ([#5885](https://github.com/containous/traefik/pull/5885) by [maxifom](https://github.com/maxifom))
-- **[server,udp]** UDP support ([#6172](https://github.com/containous/traefik/pull/6172) by [mpl](https://github.com/mpl))
-- **[service]** Use EDF schedule algorithm for WeightedRoundRobin ([#6206](https://github.com/containous/traefik/pull/6206) by [pkumza](https://github.com/pkumza))
-- **[service]** Support mirroring request body ([#6080](https://github.com/containous/traefik/pull/6080) by [dmitriyminer](https://github.com/dmitriyminer))
-- **[tls]** Allow PreferServerCipherSuites as a TLS Option ([#6248](https://github.com/containous/traefik/pull/6248) by [dtomcej](https://github.com/dtomcej))
-- **[tracing]** Update APM client. ([#6152](https://github.com/containous/traefik/pull/6152) by [ldez](https://github.com/ldez))
-- **[tracing]** Elastic APM tracer implementation ([#5870](https://github.com/containous/traefik/pull/5870) by [amine7536](https://github.com/amine7536))
-- **[udp,webui]** WebUI: add udp pages ([#6313](https://github.com/containous/traefik/pull/6313) by [matthieuh](https://github.com/matthieuh))
-- **[webui]** Web UI: Polling on tables ([#5909](https://github.com/containous/traefik/pull/5909) by [matthieuh](https://github.com/matthieuh))
-- **[webui]** Proxy API to Traefik in dev mode ([#5980](https://github.com/containous/traefik/pull/5980) by [sh7dm](https://github.com/sh7dm))
-- **[webui]** Web UI: Table infinite scroll ([#5875](https://github.com/containous/traefik/pull/5875) by [matthieuh](https://github.com/matthieuh))
-- **[webui]** Web UI: Take off logic from generic table component ([#5910](https://github.com/containous/traefik/pull/5910) by [matthieuh](https://github.com/matthieuh))
-- **[webui]** Add dark theme for Web UI ([#6036](https://github.com/containous/traefik/pull/6036) by [sh7dm](https://github.com/sh7dm))
-- Update dependencies ([#6359](https://github.com/containous/traefik/pull/6359) by [ldez](https://github.com/ldez))
-
-**Bug fixes:**
-- **[etcd,kv]** fix: etcd provider name. ([#6212](https://github.com/containous/traefik/pull/6212) by [ldez](https://github.com/ldez))
-- **[file]** Revert "Allow fsnotify to reload config files on k8s (or symlinks)" ([#6416](https://github.com/containous/traefik/pull/6416) by [juliens](https://github.com/juliens))
-- **[k8s,k8s/ingress]** Improvement of the unique name of the router for Ingress. ([#6325](https://github.com/containous/traefik/pull/6325) by [ldez](https://github.com/ldez))
-- **[kv,redis]** Update valkeyrie to fix the support of Redis. ([#6291](https://github.com/containous/traefik/pull/6291) by [ldez](https://github.com/ldez))
-- **[kv]** fix: KV flaky tests. ([#6300](https://github.com/containous/traefik/pull/6300) by [ldez](https://github.com/ldez))
-- **[server]** fix: use MaxInt32. ([#5845](https://github.com/containous/traefik/pull/5845) by [ldez](https://github.com/ldez))
-- **[tracing]** Disable default APM tracer. ([#6410](https://github.com/containous/traefik/pull/6410) by [ldez](https://github.com/ldez))
-- **[udp]** Add missing generated element for UDP. ([#6309](https://github.com/containous/traefik/pull/6309) by [ldez](https://github.com/ldez))
-- **[udp]** Build all UDP services on an entrypoint ([#6329](https://github.com/containous/traefik/pull/6329) by [juliens](https://github.com/juliens))
-
-**Documentation:**
-- **[k8s,k8s/crd]** Update the k8s CRD documentation ([#6426](https://github.com/containous/traefik/pull/6426) by [jbdoumenjou](https://github.com/jbdoumenjou))
-- **[provider]** Update supported providers list. ([#6190](https://github.com/containous/traefik/pull/6190) by [ldez](https://github.com/ldez))
-
-**Misc:**
-- Merge current v2.1 branch into master ([#6429](https://github.com/containous/traefik/pull/6429) by [ldez](https://github.com/ldez))
-- Merge current v2.1 branch into master ([#6409](https://github.com/containous/traefik/pull/6409) by [ldez](https://github.com/ldez))
-- Merge current v2.1 branch into master ([#6302](https://github.com/containous/traefik/pull/6302) by [ldez](https://github.com/ldez))
-- Merge current v2.1 branch into master ([#6216](https://github.com/containous/traefik/pull/6216) by [ldez](https://github.com/ldez))
-- Merge current v2.1 branch into master ([#6138](https://github.com/containous/traefik/pull/6138) by [ldez](https://github.com/ldez))
-- Merge current v2.1 branch into master ([#6004](https://github.com/containous/traefik/pull/6004) by [ldez](https://github.com/ldez))
-- Merge current v2.1 branch into master ([#5933](https://github.com/containous/traefik/pull/5933) by [ldez](https://github.com/ldez))
-
 ## [v2.1.6](https://github.com/containous/traefik/tree/v2.1.6) (2020-02-28)
 [All Commits](https://github.com/containous/traefik/compare/v2.1.4...v2.1.6)
 

Makefile

@@ -31,14 +31,11 @@ TRAEFIK_ENVS := \
 
 TRAEFIK_MOUNT := -v "$(CURDIR)/$(BIND_DIR):/go/src/github.com/containous/traefik/$(BIND_DIR)"
 DOCKER_RUN_OPTS := $(TRAEFIK_ENVS) $(TRAEFIK_MOUNT) "$(TRAEFIK_DEV_IMAGE)"
-DOCKER_NON_INTERACTIVE ?= false
-DOCKER_RUN_TRAEFIK := docker run --add-host=host.docker.internal:127.0.0.1 $(INTEGRATION_OPTS) $(if $(DOCKER_NON_INTERACTIVE), , -it) $(DOCKER_RUN_OPTS)
-DOCKER_RUN_TRAEFIK_NOTTY := docker run $(INTEGRATION_OPTS) $(if $(DOCKER_NON_INTERACTIVE), , -i) $(DOCKER_RUN_OPTS)
+DOCKER_RUN_TRAEFIK := docker run $(INTEGRATION_OPTS) -it $(DOCKER_RUN_OPTS)
+DOCKER_RUN_TRAEFIK_NOTTY := docker run $(INTEGRATION_OPTS) -i $(DOCKER_RUN_OPTS)
 
 PRE_TARGET ?= build-dev-image
 
-PLATFORM_URL := $(if $(PLATFORM_URL),$(PLATFORM_URL),"https://pilot.traefik.io")
-
 default: binary
 
 ## Build Dev Docker image
@@ -55,7 +52,7 @@ dist:
 
 ## Build WebUI Docker image
 build-webui-image:
-	docker build -t traefik-webui --build-arg ARG_PLATFORM_URL=$(PLATFORM_URL) -f webui/Dockerfile webui
+	docker build -t traefik-webui -f webui/Dockerfile webui
 
 ## Generate WebUI
 generate-webui: build-webui-image

build.Dockerfile

@@ -1,4 +1,4 @@
-FROM golang:1.15-alpine
+FROM golang:1.14-alpine
 
 RUN apk --update upgrade \
     && apk --no-cache --no-progress add git mercurial bash gcc musl-dev curl tar ca-certificates tzdata \
@@ -19,10 +19,10 @@ RUN mkdir -p /usr/local/bin \
     && chmod +x /usr/local/bin/go-bindata
 
 # Download golangci-lint binary to bin folder in $GOPATH
-RUN curl -sfL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh | bash -s -- -b $GOPATH/bin v1.30.0
+RUN curl -sfL https://install.goreleaser.com/github.com/golangci/golangci-lint.sh | bash -s -- -b $GOPATH/bin v1.23.8
 
-# Download misspell binary to bin folder in $GOPATH
-RUN  curl -sfL https://raw.githubusercontent.com/client9/misspell/master/install-misspell.sh | bash -s -- -b $GOPATH/bin v0.3.4
+# Download golangci-lint and misspell binary to bin folder in $GOPATH
+RUN GO111MODULE=off go get github.com/client9/misspell/cmd/misspell
 
 # Download goreleaser binary to bin folder in $GOPATH
 RUN curl -sfL https://install.goreleaser.com/github.com/goreleaser/goreleaser.sh | sh

cmd/configuration.go

@@ -4,7 +4,7 @@ import (
 	"time"
 
 	"github.com/containous/traefik/v2/pkg/config/static"
-	ptypes "github.com/traefik/paerser/types"
+	"github.com/containous/traefik/v2/pkg/types"
 )
 
 // TraefikCmdConfiguration wraps the static configuration and extra parameters.
@@ -23,7 +23,7 @@ func NewTraefikConfiguration() *TraefikCmdConfiguration {
 			},
 			EntryPoints: make(static.EntryPoints),
 			Providers: &static.Providers{
-				ProvidersThrottleDuration: ptypes.Duration(2 * time.Second),
+				ProvidersThrottleDuration: types.Duration(2 * time.Second),
 			},
 			ServersTransport: &static.ServersTransport{
 				MaxIdleConnsPerHost: 200,

cmd/context.go

@@ -7,7 +7,7 @@ import (
 	"syscall"
 )
 
-// ContextWithSignal creates a context canceled when SIGINT or SIGTERM are notified.
+// ContextWithSignal creates a context canceled when SIGINT or SIGTERM are notified
 func ContextWithSignal(ctx context.Context) context.Context {
 	newCtx, cancel := context.WithCancel(ctx)
 	signals := make(chan os.Signal)

cmd/healthcheck/healthcheck.go

@@ -7,8 +7,8 @@ import (
 	"os"
 	"time"
 
+	"github.com/containous/traefik/v2/pkg/cli"
 	"github.com/containous/traefik/v2/pkg/config/static"
-	"github.com/traefik/paerser/cli"
 )
 
 // NewCmd builds a new HealthCheck command.
@@ -45,7 +45,7 @@ func runCmd(traefikConfiguration *static.Configuration) func(_ []string) error {
 	}
 }
 
-// Do try to do a healthcheck.
+// Do try to do a healthcheck
 func Do(staticConfiguration static.Configuration) (*http.Response, error) {
 	if staticConfiguration.Ping == nil {
 		return nil, errors.New("please enable `ping` to use health check")
@@ -75,5 +75,5 @@ func Do(staticConfiguration static.Configuration) (*http.Response, error) {
 
 	path := "/"
 
-	return client.Head(protocol + "://" + pingEntryPoint.GetAddress() + path + "ping")
+	return client.Head(protocol + "://" + pingEntryPoint.Address + path + "ping")
 }

cmd/traefik/plugins.go

@@ -1,42 +0,0 @@
-package main
-
-import (
-	"github.com/containous/traefik/v2/pkg/config/static"
-	"github.com/containous/traefik/v2/pkg/plugins"
-)
-
-const outputDir = "./plugins-storage/"
-
-func initPlugins(staticCfg *static.Configuration) (*plugins.Client, map[string]plugins.Descriptor, *plugins.DevPlugin, error) {
-	if !isPilotEnabled(staticCfg) || !hasPlugins(staticCfg) {
-		return nil, map[string]plugins.Descriptor{}, nil, nil
-	}
-
-	opts := plugins.ClientOptions{
-		Output: outputDir,
-		Token:  staticCfg.Experimental.Pilot.Token,
-	}
-
-	client, err := plugins.NewClient(opts)
-	if err != nil {
-		return nil, nil, nil, err
-	}
-
-	err = plugins.Setup(client, staticCfg.Experimental.Plugins, staticCfg.Experimental.DevPlugin)
-	if err != nil {
-		return nil, nil, nil, err
-	}
-
-	return client, staticCfg.Experimental.Plugins, staticCfg.Experimental.DevPlugin, nil
-}
-
-func isPilotEnabled(staticCfg *static.Configuration) bool {
-	return staticCfg.Experimental != nil &&
-		staticCfg.Experimental.Pilot != nil &&
-		staticCfg.Experimental.Pilot.Token != ""
-}
-
-func hasPlugins(staticCfg *static.Configuration) bool {
-	return staticCfg.Experimental != nil &&
-		len(staticCfg.Experimental.Plugins) > 0 || staticCfg.Experimental.DevPlugin != nil
-}

cmd/traefik/traefik.go

@@ -7,7 +7,6 @@ import (
 	"net/http"
 	"os"
 	"path/filepath"
-	"sort"
 	"strings"
 	"time"
 
@@ -15,16 +14,13 @@ import (
 	"github.com/containous/traefik/v2/cmd"
 	"github.com/containous/traefik/v2/cmd/healthcheck"
 	cmdVersion "github.com/containous/traefik/v2/cmd/version"
-	tcli "github.com/containous/traefik/v2/pkg/cli"
+	"github.com/containous/traefik/v2/pkg/cli"
 	"github.com/containous/traefik/v2/pkg/collector"
 	"github.com/containous/traefik/v2/pkg/config/dynamic"
-	"github.com/containous/traefik/v2/pkg/config/runtime"
 	"github.com/containous/traefik/v2/pkg/config/static"
 	"github.com/containous/traefik/v2/pkg/log"
 	"github.com/containous/traefik/v2/pkg/metrics"
 	"github.com/containous/traefik/v2/pkg/middlewares/accesslog"
-	"github.com/containous/traefik/v2/pkg/pilot"
-	"github.com/containous/traefik/v2/pkg/plugins"
 	"github.com/containous/traefik/v2/pkg/provider/acme"
 	"github.com/containous/traefik/v2/pkg/provider/aggregator"
 	"github.com/containous/traefik/v2/pkg/provider/traefik"
@@ -38,7 +34,6 @@ import (
 	"github.com/coreos/go-systemd/daemon"
 	assetfs "github.com/elazarl/go-bindata-assetfs"
 	"github.com/sirupsen/logrus"
-	"github.com/traefik/paerser/cli"
 	"github.com/vulcand/oxy/roundrobin"
 )
 
@@ -46,7 +41,7 @@ func main() {
 	// traefik config inits
 	tConfig := cmd.NewTraefikConfiguration()
 
-	loaders := []cli.ResourceLoader{&tcli.FileLoader{}, &tcli.FlagLoader{}, &tcli.EnvLoader{}}
+	loaders := []cli.ResourceLoader{&cli.FileLoader{}, &cli.FlagLoader{}, &cli.EnvLoader{}}
 
 	cmdTraefik := &cli.Command{
 		Name: "traefik",
@@ -121,12 +116,6 @@ func runCmd(staticConfiguration *static.Configuration) error {
 
 	ctx := cmd.ContextWithSignal(context.Background())
 
-	if staticConfiguration.Experimental != nil && staticConfiguration.Experimental.DevPlugin != nil {
-		var cancel context.CancelFunc
-		ctx, cancel = context.WithTimeout(ctx, 30*time.Minute)
-		defer cancel()
-	}
-
 	if staticConfiguration.Ping != nil {
 		staticConfiguration.Ping.WithContext(ctx)
 	}
@@ -188,66 +177,16 @@ func setupServer(staticConfiguration *static.Configuration) (*server.Server, err
 		return nil, err
 	}
 
-	serverEntryPointsUDP, err := server.NewUDPEntryPoints(staticConfiguration.EntryPoints)
-	if err != nil {
-		return nil, err
-	}
-
 	ctx := context.Background()
 	routinesPool := safe.NewPool(ctx)
 
-	metricRegistries := registerMetricClients(staticConfiguration.Metrics)
-
-	var aviator *pilot.Pilot
-	if isPilotEnabled(staticConfiguration) {
-		pilotRegistry := metrics.RegisterPilot()
-
-		aviator = pilot.New(staticConfiguration.Experimental.Pilot.Token, pilotRegistry, routinesPool)
-		routinesPool.GoCtx(func(ctx context.Context) {
-			aviator.Tick(ctx)
-		})
-
-		metricRegistries = append(metricRegistries, pilotRegistry)
-	}
-
-	metricsRegistry := metrics.NewMultiRegistry(metricRegistries)
+	metricsRegistry := registerMetricClients(staticConfiguration.Metrics)
 	accessLog := setupAccessLog(staticConfiguration.AccessLog)
 	chainBuilder := middleware.NewChainBuilder(*staticConfiguration, metricsRegistry, accessLog)
 	managerFactory := service.NewManagerFactory(*staticConfiguration, routinesPool, metricsRegistry)
+	tcpRouterFactory := server.NewTCPRouterFactory(*staticConfiguration, managerFactory, tlsManager, chainBuilder)
 
-	client, plgs, devPlugin, err := initPlugins(staticConfiguration)
-	if err != nil {
-		return nil, err
-	}
-
-	pluginBuilder, err := plugins.NewBuilder(client, plgs, devPlugin)
-	if err != nil {
-		return nil, err
-	}
-
-	routerFactory := server.NewRouterFactory(*staticConfiguration, managerFactory, tlsManager, chainBuilder, pluginBuilder)
-
-	var defaultEntryPoints []string
-	for name, cfg := range staticConfiguration.EntryPoints {
-		protocol, err := cfg.GetProtocol()
-		if err != nil {
-			// Should never happen because Traefik should not start if protocol is invalid.
-			log.WithoutContext().Errorf("Invalid protocol: %v", err)
-		}
-
-		if protocol != "udp" && name != static.DefaultInternalEntryPointName {
-			defaultEntryPoints = append(defaultEntryPoints, name)
-		}
-	}
-
-	sort.Strings(defaultEntryPoints)
-
-	watcher := server.NewConfigurationWatcher(
-		routinesPool,
-		providerAggregator,
-		time.Duration(staticConfiguration.Providers.ProvidersThrottleDuration),
-		defaultEntryPoints,
-	)
+	watcher := server.NewConfigurationWatcher(routinesPool, providerAggregator, time.Duration(staticConfiguration.Providers.ProvidersThrottleDuration))
 
 	watcher.AddListener(func(conf dynamic.Configuration) {
 		ctx := context.Background()
@@ -259,7 +198,7 @@ func setupServer(staticConfiguration *static.Configuration) (*server.Server, err
 		metricsRegistry.LastConfigReloadSuccessGauge().Set(float64(time.Now().Unix()))
 	})
 
-	watcher.AddListener(switchRouter(routerFactory, acmeProviders, serverEntryPointsTCP, serverEntryPointsUDP, aviator))
+	watcher.AddListener(switchRouter(tcpRouterFactory, acmeProviders, serverEntryPointsTCP))
 
 	watcher.AddListener(func(conf dynamic.Configuration) {
 		if metricsRegistry.IsEpEnabled() || metricsRegistry.IsSvcEnabled() {
@@ -290,15 +229,12 @@ func setupServer(staticConfiguration *static.Configuration) (*server.Server, err
 		}
 	})
 
-	return server.NewServer(routinesPool, serverEntryPointsTCP, serverEntryPointsUDP, watcher, chainBuilder, accessLog), nil
+	return server.NewServer(routinesPool, serverEntryPointsTCP, watcher, chainBuilder, accessLog), nil
 }
 
-func switchRouter(routerFactory *server.RouterFactory, acmeProviders []*acme.Provider, serverEntryPointsTCP server.TCPEntryPoints, serverEntryPointsUDP server.UDPEntryPoints, aviator *pilot.Pilot) func(conf dynamic.Configuration) {
+func switchRouter(tcpRouterFactory *server.TCPRouterFactory, acmeProviders []*acme.Provider, serverEntryPointsTCP server.TCPEntryPoints) func(conf dynamic.Configuration) {
 	return func(conf dynamic.Configuration) {
-		rtConf := runtime.NewConfig(conf)
-
-		routers, udpRouters := routerFactory.CreateRouters(rtConf)
-
+		routers := tcpRouterFactory.CreateTCPRouters(conf)
 		for entryPointName, rt := range routers {
 			for _, p := range acmeProviders {
 				if p != nil && p.HTTPChallenge != nil && p.HTTPChallenge.EntryPoint == entryPointName {
@@ -307,17 +243,11 @@ func switchRouter(routerFactory *server.RouterFactory, acmeProviders []*acme.Pro
 				}
 			}
 		}
-
-		if aviator != nil {
-			aviator.SetRuntimeConfiguration(rtConf)
-		}
-
 		serverEntryPointsTCP.Switch(routers)
-		serverEntryPointsUDP.Switch(udpRouters)
 	}
 }
 
-// initACMEProvider creates an acme provider from the ACME part of globalConfiguration.
+// initACMEProvider creates an acme provider from the ACME part of globalConfiguration
 func initACMEProvider(c *static.Configuration, providerAggregator *aggregator.ProviderAggregator, tlsManager *traefiktls.Manager) []*acme.Provider {
 	challengeStore := acme.NewLocalChallengeStore()
 	localStores := map[string]*acme.LocalStore{}
@@ -355,9 +285,9 @@ func initACMEProvider(c *static.Configuration, providerAggregator *aggregator.Pr
 	return resolvers
 }
 
-func registerMetricClients(metricsConfig *types.Metrics) []metrics.Registry {
+func registerMetricClients(metricsConfig *types.Metrics) metrics.Registry {
 	if metricsConfig == nil {
-		return nil
+		return metrics.NewVoidRegistry()
 	}
 
 	var registries []metrics.Registry
@@ -392,7 +322,7 @@ func registerMetricClients(metricsConfig *types.Metrics) []metrics.Registry {
 			metricsConfig.InfluxDB.Address, metricsConfig.InfluxDB.PushInterval)
 	}
 
-	return registries
+	return metrics.NewMultiRegistry(registries)
 }
 
 func setupAccessLog(conf *types.AccessLog) *accesslog.Handler {
@@ -446,7 +376,7 @@ func configureLogging(staticConfiguration *static.Configuration) {
 	if len(logFile) > 0 {
 		dir := filepath.Dir(logFile)
 
-		if err := os.MkdirAll(dir, 0o755); err != nil {
+		if err := os.MkdirAll(dir, 0755); err != nil {
 			log.WithoutContext().Errorf("Failed to create log path %s: %s", dir, err)
 		}
 

cmd/version/version.go

@@ -7,8 +7,8 @@ import (
 	"runtime"
 	"text/template"
 
+	"github.com/containous/traefik/v2/pkg/cli"
 	"github.com/containous/traefik/v2/pkg/version"
-	"github.com/traefik/paerser/cli"
 )
 
 var versionTemplate = `Version:      {{.Version}}
@@ -17,7 +17,7 @@ Go version:   {{.GoVersion}}
 Built:        {{.BuildTime}}
 OS/Arch:      {{.Os}}/{{.Arch}}`
 
-// NewCmd builds a new Version command.
+// NewCmd builds a new Version command
 func NewCmd() *cli.Command {
 	return &cli.Command{
 		Name:          "version",
@@ -33,7 +33,7 @@ func NewCmd() *cli.Command {
 	}
 }
 
-// GetPrint write Printable version.
+// GetPrint write Printable version
 func GetPrint(wr io.Writer) error {
 	tmpl, err := template.New("").Parse(versionTemplate)
 	if err != nil {

docs/check.Dockerfile

@@ -1,5 +1,4 @@
-
-FROM alpine:3.10 as alpine
+FROM alpine:3.15 as alpine
 
 RUN apk --no-cache --no-progress add \
     libcurl \
@@ -9,7 +8,7 @@ RUN apk --no-cache --no-progress add \
     ruby-ffi \
     ruby-json \
     ruby-nokogiri
-RUN gem install html-proofer --version 3.13.0 --no-document -- --use-system-libraries
+RUN gem install html-proofer --version 3.19.3 --no-document -- --use-system-libraries
 
 # After Ruby, some NodeJS YAY!
 RUN apk --no-cache --no-progress add \

docs/content/assets/styles/content.css

@@ -1,70 +0,0 @@
-.md-container {
-  padding-top: 0;
-}
-
-.md-content h1 {
-  color: var(--dark) !important;
-  font-weight: bold !important;
-}
-
-.md-content a {
-  color: var(--blue) !important;
-}
-
-.md-content a:hover {
-  font-weight: bold !important;
-}
-
-.md-typeset p code,
-.md-typeset .codehilite,
-.md-typeset .highlight {
-  background-color: var(--light-blue) !important;
-}
-
-.md-typeset table:not([class]) th {
-  background: var(--dark) !important;
-  color: white !important;
-}
-
-/* Front page image size */
-img[src$='#small'] {
-  width: 150px;
-}
-img[src$='#medium'] {
-  width: 300px;
-}
-
-/* Center table and objects */
-.center,
-img,
-.md-typeset__table {
-  display: block !important;
-  margin: 0 auto;
-}
-
-.md-typeset table:not([class]) tr td:first-child {
-  text-align: left;
-}
-.md-typeset table:not([class]) th:not([align]),
-.md-typeset table:not([class]) td:not([align]) {
-  text-align: center;
-}
-article p:not([class]),
-article ul:not([class]),
-article ol:not([class]) {
-  padding-left: 0.8em !important;
-}
-
-/* Fix for Chrome */
-.md-typeset__table td code {
-  word-break: unset;
-}
-
-.md-typeset__table tr :nth-child(1) {
-  word-wrap: break-word;
-  max-width: 30em;
-}
-
-p {
-  text-align: justify;
-}

docs/content/assets/styles/extra.css

@@ -0,0 +1,63 @@
+@import url('https://fonts.googleapis.com/css?family=Noto+Sans|Noto+Serif');
+
+.md-logo img {
+    background-color: white;
+    border-radius: 50%;
+    width: 30px;
+    height: 30px;
+}
+
+/* Fix for Chrome */
+.md-typeset__table td code {
+    word-break: unset;
+}
+
+.md-typeset__table tr :nth-child(1) {
+    word-wrap: break-word;
+    max-width: 30em;
+}
+
+body {
+    font-family: 'Noto Sans', sans-serif;
+}
+
+h1 {
+    font-weight: bold !important;
+    color: rgba(0,0,0,.9) !important;
+}
+
+h2 {
+    font-weight: bold !important;
+}
+
+h3 {
+    font-weight: bold !important;
+}
+
+.md-typeset h5 {
+    text-transform: none;
+}
+
+figcaption {
+    text-align: center;
+    font-size: 0.8em;
+    font-style: italic;
+    color: #8D909F;
+}
+
+p.subtitle {
+    color: rgba(0,0,0,.54);
+    padding-top: 0;
+    margin-top: -2em;
+    font-weight: bold;
+    font-size: 1.25em;
+}
+
+.markdown-body .task-list-item {
+    list-style-type: none !important;
+}
+
+.markdown-body .task-list-item input[type="checkbox"] {
+    margin: 0 4px 0.25em -20px;
+    vertical-align: middle;
+}

docs/content/assets/styles/footer.css

@@ -1,10 +0,0 @@
-.md-footer-meta {
-  background-color: var(--dark);
-}
-
-.md-footer-privacy-policy {
-  margin: 0 .6rem;
-  padding: .4rem 0;
-  color: hsla(0,0%,100%,.3);
-  font-size: .64rem;
-}

docs/content/assets/styles/header.css

@@ -1,462 +0,0 @@
-@import url('https://fonts.googleapis.com/css?family=Rubik:300i,400,400i,500,500i,700&display=swap');
-
-.wrapper-1200 {
-  width: 100%;
-  max-width: 61rem;
-  margin: 0 auto;
-  padding: 0 .6rem;
-}
-
-@media (max-width: 700px) {
-  .wrapper-1200 {
-    padding: 0 20px;
-  }
-}
-
-.btn-type-1 {
-  outline: none;
-  border: none;
-  background-color: #1e54d5;
-  line-height: 1em;
-  border-radius: 8px;
-  padding: 12px 15px;
-  text-transform: uppercase;
-  letter-spacing: 0.05em;
-  font-size: 1.25rem;
-  background-image: linear-gradient(to top, rgba(0, 0, 0, 0.28) 1%, #1e54d5 99%);
-  font-weight: 500;
-  text-align: center;
-  color: white;
-  transition: all 0.2s;
-}
-
-.button--secondary {
-  outline: none;
-  border: 2px solid #1e54d5 !important;
-  background: transparent;
-  line-height: 1em;
-  border-radius: 8px;
-  padding: 9px 13px;
-  letter-spacing: 0;
-  font-size: 1.3rem;
-  font-weight: 500;
-  text-align: center;
-  color: #1e54d5;
-  transition: all 0.2s;
-  display: inline-block;
-}
-.button--secondary:hover {
-  color: white !important;
-  background: #1e54d5;
-}
-.button--secondary:focus {
-  color: white !important;
-  background: #1e54d5;
-}
-
-.site-header-and-placeholder-wrapper {
-  position: relative;
-  height: 64px;
-}
-
-.site-header {
-  position: fixed;
-  width: 100%;
-  top: 0;
-  left: 0;
-  transition: height 0.1s;
-  z-index: 100;
-  background: white;
-  box-shadow: 0 0 7px 0 #00000021;
-  border-bottom: 1px solid #e2e2e2;
-  height: 64px;
-  display: flex;
-  align-items: center;
-  font-size: 10px;
-  font-family: 'Rubik', -apple-system, 'BlinkMacSystemFont', 'Segoe UI',
-    'Helvetica Neue', sans-serif;
-  color: #06102a;
-  -webkit-tap-highlight-color: rgba(0, 0, 0, 0);
-}
-
-.site-header.scrolled {
-  box-shadow: 0 0 5px 0 #00000028;
-  position: fixed;
-  top: 0;
-  height: 52px;
-}
-.site-header.scrolled .site-header__title a {
-  font-size: 2.2em;
-}
-
-.header-placeholder {
-  background: none;
-  width: 100%;
-  height: 64px;
-  position: absolute;
-}
-.header-placeholder.active {
-  display: block;
-}
-
-.site-header .wrapper-1200 {
-  display: flex;
-  justify-content: space-between;
-  align-items: center;
-}
-.site-header .wrapper-1200 .left {
-  display: flex;
-  align-items: center;
-  justify-content: flex-start;
-}
-
-.site-header__logo {
-  max-width: 145px;
-}
-
-.site-header__title a {
-  color: #06102a;
-  font-size: 2.2em;
-  font-weight: 500;
-  transition: all 0.2s;
-  text-transform: uppercase;
-  letter-spacing: 0.02em;
-}
-
-/* Navigation */
-.site-header__nav .menu-item-wrapper {
-  display: inline-block;
-  padding-left: 30px;
-}
-.site-header__nav .menu-item {
-  color: #06102a;
-  transition: all 0.05s;
-  font-size: 1.45em;
-  line-height: 1em;
-  font-weight: 500;
-}
-.site-header__nav .menu-item:hover {
-  color: #8a959e;
-}
-.site-header__nav .menu-item--with-icon {
-  display: flex;
-  align-items: center;
-  justify-content: flex-start;
-}
-.site-header__nav .menu-item--with-icon .title {
-  margin-right: 3px;
-}
-.site-header__nav .menu-item--with-icon .icon {
-  width: 20px;
-  height: 20px;
-  transition: all 0.1s;
-}
-.site-header__nav .menu-item--with-icon .icon svg {
-  stroke-width: 2.5 !important;
-  width: 100%;
-  height: 100%;
-}
-.site-header__nav .menu-item-wrapper--dropdown {
-  position: relative;
-}
-.site-header__nav .menu-item-wrapper--dropdown:hover .nav-dropdown-menu {
-  display: block;
-}
-.site-header__nav .nav-dropdown-menu {
-  display: none;
-}
-
-.nav-dropdown-menu {
-  position: absolute;
-  z-index: 500;
-  background: transparent;
-}
-
-.nav-dropdown-menu-wrapper {
-  border-radius: 8px;
-  box-shadow: 0 12px 40px 0 rgba(1, 10, 32, 0.24);
-  background: white;
-  margin: 8px 0;
-  overflow: hidden;
-}
-
-/* Products, Solutions dropdown menu */
-.nav-dropdown-menu--products,
-.nav-dropdown-menu--solutions {
-  width: 500px;
-}
-.nav-dropdown-menu--products .nav-dropdown-menu-wrapper,
-.nav-dropdown-menu--solutions .nav-dropdown-menu-wrapper {
-  padding: 20px;
-}
-.nav-dropdown-menu--products .dm-header,
-.nav-dropdown-menu--solutions .dm-header {
-  font-size: 1.1em;
-  font-weight: 500;
-  font-stretch: normal;
-  font-style: normal;
-  line-height: normal;
-  letter-spacing: 3.67px;
-  color: #505769;
-  margin-bottom: 20px;
-  text-transform: uppercase;
-}
-.nav-dropdown-menu--products .dm-item,
-.nav-dropdown-menu--solutions .dm-item {
-  border: none;
-  margin: 0 0 20px;
-  color: #06102a;
-  transition: all 0.1s;
-  position: relative;
-  width: 100%;
-}
-.nav-dropdown-menu--products .dm-item:last-child,
-.nav-dropdown-menu--solutions .dm-item:last-child {
-  margin-bottom: 0;
-}
-.nav-dropdown-menu--products .dm-item .dmi-image,
-.nav-dropdown-menu--solutions .dm-item .dmi-image {
-  width: 118px;
-  height: 92px;
-  position: absolute;
-  background: #f4f4f4;
-  display: flex;
-  align-items: center;
-  justify-content: center;
-  padding: 20px;
-  border-radius: 4px;
-  z-index: 0;
-}
-.nav-dropdown-menu--products .dm-item .dmi-image img,
-.nav-dropdown-menu--solutions .dm-item .dmi-image img {
-  width: 100%;
-}
-.nav-dropdown-menu--products .dm-item .dmi-details,
-.nav-dropdown-menu--solutions .dm-item .dmi-details {
-  padding: 8px 0 10px 135px;
-  width: 100%;
-  background: transparent;
-  display: block;
-  color: #06102a;
-  position: relative;
-  z-index: 1;
-}
-.nav-dropdown-menu--products .dm-item .dmi-details:hover,
-.nav-dropdown-menu--solutions .dm-item .dmi-details:hover {
-  color: #1e54d5;
-}
-.nav-dropdown-menu--products .dm-item .dmi-title,
-.nav-dropdown-menu--solutions .dm-item .dmi-title {
-  font-size: 1.6em;
-  font-weight: 500;
-  margin: 0 0 2px;
-}
-.nav-dropdown-menu--products .dm-item .dmi-description,
-.nav-dropdown-menu--solutions .dm-item .dmi-description {
-  font-size: 1.4em;
-  opacity: 0.7;
-  line-height: 1.6em;
-}
-.nav-dropdown-menu--products .dm-item--traefikee .dmi-image img,
-.nav-dropdown-menu--solutions .dm-item--traefikee .dmi-image img {
-  transform: scale(1.1);
-}
-
-.nav-dropdown-menu--solutions .dm-item .dmi-image {
-  width: 65px;
-  padding: 10px;
-  background: white;
-  height: auto;
-}
-.nav-dropdown-menu--solutions .dm-item .dmi-details {
-  padding: 5px 0 0 80px;
-}
-.nav-dropdown-menu--solutions .dm-item:last-child {
-  margin-bottom: 10px;
-}
-
-/* Dropdown menu: Learn */
-.nav-dropdown-menu--learn {
-  width: 250px;
-}
-.nav-dropdown-menu--company {
-  width: 500px;
-}
-.nav-dropdown-menu--company .nav-dropdown-menu-wrapper {
-  display: grid;
-  grid-template-columns: 50% 50%;
-}
-.nav-dropdown-menu--learn .dm-left,
-.nav-dropdown-menu--company .dm-left {
-  padding: 25px;
-}
-.nav-dropdown-menu--learn .dm-header,
-.nav-dropdown-menu--company .dm-header {
-  font-size: 1.1em;
-  font-weight: 500;
-  font-stretch: normal;
-  font-style: normal;
-  line-height: normal;
-  letter-spacing: 3.67px;
-  color: #505769;
-  margin-bottom: 20px;
-  text-transform: uppercase;
-}
-.nav-dropdown-menu--learn .dm-item,
-.nav-dropdown-menu--company .dm-item {
-  display: block;
-  font-size: 1.6em;
-  font-weight: 500;
-  color: #06102a;
-  margin-bottom: 15px;
-}
-.nav-dropdown-menu--learn .dm-item:last-child,
-.nav-dropdown-menu--company .dm-item:last-child {
-  margin-bottom: 0;
-}
-.nav-dropdown-menu--learn .dm-item:hover,
-.nav-dropdown-menu--company .dm-item:hover {
-  color: #1e54d5;
-}
-
-.dm-preview {
-  background: #edeff4;
-  overflow: hidden;
-  height: 100%;
-  display: flex;
-  flex-direction: column;
-}
-
-.dm-preview__feature-image {
-  overflow: hidden;
-  display: block;
-}
-
-.dm-preview__feature-image img {
-  width: 100%;
-  height: 145px;
-  background: #ffffff no-repeat 50%;
-  object-fit: cover;
-  vertical-align: middle;
-}
-
-.dm-preview__content {
-  padding: 15px;
-  display: flex;
-  justify-content: flex-start;
-  align-items: flex-start;
-  flex-direction: column;
-  flex: 1;
-  position: relative;
-}
-
-.dm-preview__tag {
-  display: block;
-  font-size: 1.2em;
-  color: #db7d11;
-  letter-spacing: 2.5px;
-  font-weight: 500;
-  margin: 0 0;
-  text-transform: uppercase;
-}
-
-.dm-preview__title {
-  font-size: 1.6em;
-  font-weight: 500;
-  line-height: 1.6em;
-  margin: 0;
-  color: #06102a;
-  display: block;
-  flex: 1;
-  position: relative;
-  z-index: 1;
-  padding-bottom: 20px;
-}
-
-.dm-preview .arrow-link {
-  justify-content: flex-start;
-  font-size: 1.4em;
-  position: absolute;
-  bottom: 12px;
-  z-index: 0;
-}
-
-/* Dropdown menu: Company */
-.nav-dropdown-menu--company {
-  width: 450px;
-}
-
-.nav-dropdown-menu--company .dm-right {
-  background: #06102a;
-  display: flex;
-  align-items: center;
-  justify-content: center;
-  flex-direction: column;
-  color: white;
-  padding: 20px;
-}
-.nav-dropdown-menu--company .dm-right p {
-  font-size: 1.6em;
-  font-weight: 500;
-  margin: 0 0 15px;
-  text-align: center;
-}
-.nav-dropdown-menu--company .dm-right a {
-  text-transform: uppercase;
-  line-height: 1.5em;
-  padding: 9px 12px;
-  font-size: 1.2em;
-}
-
-/* Demo */
-.site-header__demo-button .button--secondary {
-  font-size: 1.4em;
-  padding: 8px 12px;
-  border-radius: 6px;
-}
-
-/* Drawer */
-.site-header .drawer {
-  display: none;
-}
-
-@media (max-width: 1060px) {
-  .site-header__nav .menu-item-wrapper {
-    padding-left: 20px;
-  }
-}
-@media (max-width: 980px) {
-  .site-header__nav {
-    display: none;
-  }
-
-  .site-header .drawer {
-    display: block;
-  }
-
-  .site-header .right .site-header__demo-button {
-    display: none;
-  }
-
-  html [data-md-color-primary=indigo] .md-nav--primary .md-nav__title--site {
-    background-color: #06102a;
-  }
-
-  html .md-nav--primary .md-nav__title {
-    padding: 64px .8rem .2rem;
-  }
-
-  .md-search__inner {
-    top: 64px;
-    right: 0;
-  }
-}
-
-.md-header .md-search {
-  margin-left: 12.1rem;
-} 
-
-.site-header__main {
-  display: flex;
-  align-items: center;
-}

docs/content/assets/styles/menu.css

@@ -1,101 +0,0 @@
-.md-nav__link {
-  margin-left: -0.4rem;
-  padding: 0 0.4rem;
-  line-height: 32px;
-  color: var(--dark) !important;
-}
-
-.md-nav__link::after {
-  font-size: 16px;
-  vertical-align: -.25em;
-}
-
-.md-nav__toggle:checked + .md-nav__link,
-.md-nav__link--active,
-.md-nav__link:hover {
-  border-radius: 8px;
-  background-color: var(--light-blue) !important;
-  color: var(--dark) !important;
-  transition: background-color 0.3s ease;
-}
-
-.md-nav__link--active {
-  color: var(--blue) !important;
-  font-weight: bold;
-}
-
-.md-sidebar--primary {
-  background-color: white;
-}
-
-.md-sidebar--secondary .md-nav__title {
-  font-size: 12px;
-  text-transform: uppercase;
-  margin-bottom: 0.4rem;
-  padding: 0;
-}
-
-.md-sidebar--secondary .md-sidebar__scrollwrap {
-  border-radius: 8px;
-  background-color: var(--light-blue) !important;
-}
-
-.md-sidebar--secondary .md-nav__title {
-  padding: 0.8rem 0.4rem 0.8rem;
-}
-
-.md-sidebar--secondary .md-nav__list {
-  padding: 0 0.4rem 0.8rem 1.2rem;
-}
-
-.md-sidebar--secondary .md-sidebar__scrollwrap .md-nav__link {
-  font-weight: 300;
-}
-
-.md-sidebar--secondary
-  .md-sidebar__scrollwrap
-  .md-nav__link[data-md-state='blur'],
-.md-sidebar--secondary .md-sidebar__scrollwrap .md-nav__link:hover {
-  color: var(--blue) !important;
-  font-weight: bold;
-}
-
-.md-sidebar--secondary .md-nav__item {
-  padding: 0 0 0 0.4rem;
-}
-
-.md-sidebar--secondary .md-nav__link {
-  margin-top: 0.225em;
-  padding: 0.1rem 0.2rem;
-}
-
-.md-sidebar--secondary li {
-  list-style-type: disc;
-}
-
-.md-sidebar--secondary .repo_url {
-  padding: 10px 0 14px 0;
-}
-
-
-.md-search__inner {
-  width: inherit;
-  float: inherit;
-}
-
-.md-search__input {
-  margin-bottom: 10px;
-  border-radius: 4px; 
-  background-color: inherit;
-  border: 1px solid rgba(0,0,0,.07);
-}
-
-.md-search__input::placeholder {
-  color: rgba(0,0,0,.07);
-}
-
-@media only screen and (min-width: 60em) {
-  [data-md-toggle=search]:checked~.md-header .md-search__inner {
-    margin-top: 100px;
-  }
-}

docs/content/assets/styles/product-switcher.css

@@ -1,11 +0,0 @@
-.product-switcher {
-  font-size: 10px;
-  font-family: 'Rubik', -apple-system, 'BlinkMacSystemFont', 'Segoe UI',
-    'Helvetica Neue', sans-serif;
-  color: #06102a;
-  -webkit-tap-highlight-color: rgba(0, 0, 0, 0);
-}
-
-.product-switcher img {
-  margin-right: 10px;
-}

docs/content/assets/styles/root.css

@@ -1,10 +0,0 @@
-:root {
-  --dark: #06102a;
-  --blue: #04B5D1;
-  --light-blue: #E4F7FA;
-
-  --input-bg-color: white;
-  --input-color: black;
-  --input-placeholder-color: #bbb;
-  --input-border-color: #dcdcdc;
-}

docs/content/contributing/building-testing.md

@@ -16,8 +16,6 @@ For changes to its dependencies, the `dep` dependency management tool is require
 Run make with the `binary` target.
 This will create binaries for the Linux platform in the `dist` folder.
 
-In case when you run build on CI, you may probably want to run docker in non-interactive mode. To achieve that define `DOCKER_NON_INTERACTIVE=true` environment variable.
-
 ```bash
 $ make binary
 docker build -t traefik-webui -f webui/Dockerfile webui
@@ -30,7 +28,7 @@ Successfully tagged traefik-webui:latest
 [...]
 docker build  -t "traefik-dev:4475--feature-documentation" -f build.Dockerfile .
 Sending build context to Docker daemon    279MB
-Step 1/10 : FROM golang:1.14-alpine
+Step 1/10 : FROM golang:1.13-alpine
  ---> f4bfb3d22bda
 [...]
 Successfully built 5c3c1a911277

docs/content/contributing/maintainers.md

@@ -15,8 +15,8 @@
 * Michaël Matur [@mmatur](https://github.com/mmatur)
 * Gérald Croës [@geraldcroes](https://github.com/geraldcroes)
 * Jean-Baptiste Doumenjou [@jbdoumenjou](https://github.com/jbdoumenjou)
+* Damien Duportal [@dduportal](https://github.com/dduportal)
 * Mathieu Lonjaret [@mpl](https://github.com/mpl)
-* Romain Tribotté [@rtribotte](https://github.com/rtribotte)
 
 ## Contributions Daily Meeting
 

docs/content/getting-started/install-traefik.md

@@ -3,17 +3,17 @@
 You can install Traefik with the following flavors:
 
 * [Use the official Docker image](./#use-the-official-docker-image)
-* [Use the Helm Chart](./#use-the-helm-chart)
+* [(Experimental) Use the Helm Chart](./#use-the-helm-chart)
 * [Use the binary distribution](./#use-the-binary-distribution)
 * [Compile your binary from the sources](./#compile-your-binary-from-the-sources)
 
 ## Use the Official Docker Image
 
-Choose one of the [official Docker images](https://hub.docker.com/_/traefik) and run it with the [sample configuration file](https://raw.githubusercontent.com/containous/traefik/v2.3/traefik.sample.toml):
+Choose one of the [official Docker images](https://hub.docker.com/_/traefik) and run it with the [sample configuration file](https://raw.githubusercontent.com/containous/traefik/v2.1/traefik.sample.toml):
 
 ```bash
 docker run -d -p 8080:8080 -p 80:80 \
-    -v $PWD/traefik.toml:/etc/traefik/traefik.toml traefik:v2.3
+    -v $PWD/traefik.toml:/etc/traefik/traefik.toml traefik:v2.1
 ```
 
 For more details, go to the [Docker provider documentation](../providers/docker.md)
@@ -27,104 +27,67 @@ For more details, go to the [Docker provider documentation](../providers/docker.
 
 ## Use the Helm Chart
 
-!!! warning
+!!! warning "Experimental Helm Chart"
     
-    The Traefik Chart from 
+    Please note that the Helm Chart for Traefik v2 is still experimental.
+    
+    The Traefik Stable Chart from 
     [Helm's default charts repository](https://github.com/helm/charts/tree/master/stable/traefik) is still using [Traefik v1.7](https://docs.traefik.io/v1.7).
 
-Traefik can be installed in Kubernetes using the Helm chart from <https://github.com/containous/traefik-helm-chart>.
+Traefik can be installed in Kubernetes using the v2.0 Helm chart from <https://github.com/containous/traefik-helm-chart>.
 
 Ensure that the following requirements are met:
 
 * Kubernetes 1.14+
-* Helm version 3.x is [installed](https://helm.sh/docs/intro/install/)
+* Helm version 2.x is [installed](https://v2.helm.sh/docs/using_helm/) and initialized with Tiller
 
-Add Traefik's chart repository to Helm:
+Retrieve the latest chart version from the repository:
 
 ```bash
-helm repo add traefik https://containous.github.io/traefik-helm-chart
-```
-
-You can update the chart repository by running:
-
-```bash
-helm repo update
+# Retrieve Chart from the repository
+git clone https://github.com/containous/traefik-helm-chart
 ```
 
 And install it with the `helm` command line:
 
 ```bash
-helm install traefik traefik/traefik
+helm install ./traefik-helm-chart
 ```
 
 !!! tip "Helm Features"
     
-    All [Helm features](https://helm.sh/docs/intro/using_helm/) are supported.
+    All [Helm features](https://v2.helm.sh/docs/using_helm/#using-helm) are supported.
     For instance, installing the chart in a dedicated namespace:
 
     ```bash tab="Install in a Dedicated Namespace"
-    kubectl create ns traefik-v2
     # Install in the namespace "traefik-v2"
     helm install --namespace=traefik-v2 \
-        traefik traefik/traefik
+        ./traefik-helm-chart
     ```
 
 ??? example "Installing with Custom Values"
     
     You can customize the installation by specifying custom values,
-    as with [any helm chart](https://helm.sh/docs/intro/using_helm/#customizing-the-chart-before-installing).
+    as with [any helm chart](https://v2.helm.sh/docs/using_helm/#customizing-the-chart-before-installing).
     {: #helm-custom-values }
     
     The values are not (yet) documented, but are self-explanatory:
     you can look at the [default `values.yaml`](https://github.com/containous/traefik-helm-chart/blob/master/traefik/values.yaml) file to explore possibilities.
     
-    You can also set Traefik command line flags using `additionalArguments`.
     Example of installation with logging set to `DEBUG`:
     
     ```bash tab="Using Helm CLI"
     helm install --namespace=traefik-v2 \
-        --set="additionalArguments={--log.level=DEBUG}" \
-        traefik traefik/traefik
+        --set="logs.loglevel=DEBUG" \
+        ./traefik-helm-chart
     ```
     
     ```yml tab="With a custom values file"
     # File custom-values.yml
-    ## Install with "helm install --values=./custom-values.yml traefik traefik/traefik
-    additionalArguments:
-      - "--log.level=DEBUG"
+    ## Install with "helm install --values=./custom-values.yml ./traefik-helm-chart
+    logs:
+        loglevel: DEBUG
     ```
-    
-### Exposing the Traefik dashboard
-
-This HelmChart does not expose the Traefik dashboard by default, for security concerns.
-Thus, there are multiple ways to expose the dashboard.
-For instance, the dashboard access could be achieved through a port-forward :
-
-```shell
-kubectl port-forward $(kubectl get pods --selector "app.kubernetes.io/name=traefik" --output=name) 9000:9000
-```
-
-Accessible with the url: http://127.0.0.1:9000/dashboard/
-
-Another way would be to apply your own configuration, for instance,
-by defining and applying an IngressRoute CRD (`kubectl apply -f dashboard.yaml`):
-
-```yaml
-# dashboard.yaml
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
-metadata:
-  name: dashboard
-spec:
-  entryPoints:
-    - web
-  routes:
-    - match: Host(`traefik.localhost`) && (PathPrefix(`/dashboard`) || PathPrefix(`/api`))
-      kind: Rule
-      services:
-        - name: api@internal
-          kind: TraefikService
-```
 
 ## Use the Binary Distribution
 

docs/content/getting-started/quick-start.md

@@ -15,7 +15,7 @@ version: '3'
 services:
   reverse-proxy:
     # The official v2 Traefik docker image
-    image: traefik:v2.3
+    image: traefik:v2.1
     # Enables the web UI and tells Traefik to listen to docker
     command: --api.insecure=true --providers.docker
     ports:

docs/content/https/acme.md

@@ -79,7 +79,7 @@ Please check the [configuration examples below](#configuration-examples) for mor
         address = ":443"
     
     [certificatesResolvers.myresolver.acme]
-      email = "your-email@example.com"
+      email = "your-email@your-domain.org"
       storage = "acme.json"
       [certificatesResolvers.myresolver.acme.httpChallenge]
         # used during the challenge
@@ -97,7 +97,7 @@ Please check the [configuration examples below](#configuration-examples) for mor
     certificatesResolvers:
       myresolver:
         acme:
-          email: your-email@example.com
+          email: your-email@your-domain.org
           storage: acme.json
           httpChallenge:
             # used during the challenge
@@ -105,33 +105,33 @@ Please check the [configuration examples below](#configuration-examples) for mor
     ```
     
     ```bash tab="CLI"
-    --entrypoints.web.address=:80
-    --entrypoints.websecure.address=:443
+    --entryPoints.web.address=:80
+    --entryPoints.websecure.address=:443
     # ...
-    --certificatesresolvers.myresolver.acme.email=your-email@example.com
-    --certificatesresolvers.myresolver.acme.storage=acme.json
+    --certificatesResolvers.myresolver.acme.email=your-email@your-domain.org
+    --certificatesResolvers.myresolver.acme.storage=acme.json
     # used during the challenge
-    --certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web
+    --certificatesResolvers.myresolver.acme.httpChallenge.entryPoint=web
     ```
 
 !!! important "Defining a certificates resolver does not result in all routers automatically using it. Each router that is supposed to use the resolver must [reference](../routing/routers/index.md#certresolver) it."
 
 ??? example "Single Domain from Router's Rule Example"
     
-    * A certificate for the domain `example.com` is requested:
+    * A certificate for the domain `company.com` is requested:
 
     --8<-- "content/https/include-acme-single-domain-example.md"
 
 ??? example "Multiple Domains from Router's Rule Example"
  
-    * A certificate for the domains `example.com` (main) and `blog.example.org`
+    * A certificate for the domains `company.com` (main) and `blog.company.org`
       is requested:
     
     --8<-- "content/https/include-acme-multiple-domains-from-rule-example.md"
     
 ??? example "Multiple Domains from Router's `tls.domain` Example"
 
-    * A certificate for the domains `example.com` (main) and `*.example.org` (SAN)
+    * A certificate for the domains `company.com` (main) and `*.company.org` (SAN)
       is requested:
       
     --8<-- "content/https/include-acme-multiple-domains-example.md"
@@ -181,7 +181,7 @@ when using the `TLS-ALPN-01` challenge, Traefik must be reachable by Let's Encry
     
     ```bash tab="CLI"
     # ...
-    --certificatesresolvers.myresolver.acme.tlschallenge=true
+    --certificatesResolvers.myresolver.acme.tlsChallenge=true
     ```
 
 ### `httpChallenge`
@@ -189,7 +189,7 @@ when using the `TLS-ALPN-01` challenge, Traefik must be reachable by Let's Encry
 Use the `HTTP-01` challenge to generate and renew ACME certificates by provisioning an HTTP resource under a well-known URI.
 
 As described on the Let's Encrypt [community forum](https://community.letsencrypt.org/t/support-for-ports-other-than-80-and-443/3419/72),
-when using the `HTTP-01` challenge, `certificatesresolvers.myresolver.acme.httpchallenge.entrypoint` must be reachable by Let's Encrypt through port 80.
+when using the `HTTP-01` challenge, `certificatesResolvers.myresolver.acme.httpChallenge.entryPoint` must be reachable by Let's Encrypt through port 80.
 
 ??? example "Using an EntryPoint Called web for the `httpChallenge`"
 
@@ -224,10 +224,10 @@ when using the `HTTP-01` challenge, `certificatesresolvers.myresolver.acme.httpc
     ```
     
     ```bash tab="CLI"
-    --entrypoints.web.address=:80
-    --entrypoints.websecure.address=:443
+    --entryPoints.web.address=:80
+    --entryPoints.websecure.address=:443
     # ...
-    --certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web
+    --certificatesResolvers.myresolver.acme.httpChallenge.entryPoint=web
     ```
 
 !!! info ""
@@ -261,8 +261,8 @@ Use the `DNS-01` challenge to generate and renew ACME certificates by provisioni
     
     ```bash tab="CLI"
     # ...
-    --certificatesresolvers.myresolver.acme.dnschallenge.provider=digitalocean
-    --certificatesresolvers.myresolver.acme.dnschallenge.delaybeforecheck=0
+    --certificatesResolvers.myresolver.acme.dnsChallenge.provider=digitalocean
+    --certificatesResolvers.myresolver.acme.dnsChallenge.delayBeforeCheck=0
     # ...
     ```
 
@@ -275,29 +275,24 @@ Here is a list of supported `providers`, that can automate the DNS verification,
 along with the required environment variables and their [wildcard & root domain support](#wildcard-domains).
 Do not hesitate to complete it.
 
-Many lego environment variables can be overridden by their respective `_FILE` counterpart, which should have a filepath to a file that contains the secret as its value.
+Every lego environment variable can be overridden by their respective `_FILE` counterpart, which should have a filepath to a file that contains the secret as its value.
 For example, `CF_API_EMAIL_FILE=/run/secrets/traefik_cf-api-email` could be used to provide a Cloudflare API email address as a Docker secret named `traefik_cf-api-email`.
 
-For complete details, refer to your provider's _Additional configuration_ link.
-
 | Provider Name                                               | Provider Code  | Environment Variables                                                                                                                       |                                                                             |
 |-------------------------------------------------------------|----------------|---------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------|
 | [ACME DNS](https://github.com/joohoi/acme-dns)              | `acme-dns`     | `ACME_DNS_API_BASE`, `ACME_DNS_STORAGE_PATH`                                                                                                | [Additional configuration](https://go-acme.github.io/lego/dns/acme-dns)     |
 | [Alibaba Cloud](https://www.alibabacloud.com)               | `alidns`       | `ALICLOUD_ACCESS_KEY`, `ALICLOUD_SECRET_KEY`, `ALICLOUD_REGION_ID`                                                                          | [Additional configuration](https://go-acme.github.io/lego/dns/alidns)       |
-| [ArvanCloud](https://www.arvancloud.com/en)                 | `arvancloud`   | `ARVANCLOUD_API_KEY`                                                                                                                        | [Additional configuration](https://go-acme.github.io/lego/dns/arvancloud)   |
-| [Auroradns](https://www.pcextreme.com/dns-health-checks)    | `auroradns`    | `AURORA_USER_ID`, `AURORA_KEY`, `AURORA_ENDPOINT`                                                                                           | [Additional configuration](https://go-acme.github.io/lego/dns/auroradns)    |
+| [Auroradns](https://www.pcextreme.com/aurora/dns)           | `auroradns`    | `AURORA_USER_ID`, `AURORA_KEY`, `AURORA_ENDPOINT`                                                                                           | [Additional configuration](https://go-acme.github.io/lego/dns/auroradns)    |
 | [Autodns](https://www.internetx.com/domains/autodns/)       | `autodns`      | `AUTODNS_API_USER`, `AUTODNS_API_PASSWORD`                                                                                                  | [Additional configuration](https://go-acme.github.io/lego/dns/autodns)      |
 | [Azure](https://azure.microsoft.com/services/dns/)          | `azure`        | `AZURE_CLIENT_ID`, `AZURE_CLIENT_SECRET`, `AZURE_SUBSCRIPTION_ID`, `AZURE_TENANT_ID`, `AZURE_RESOURCE_GROUP`, `[AZURE_METADATA_ENDPOINT]`   | [Additional configuration](https://go-acme.github.io/lego/dns/azure)        |
 | [Bindman](https://github.com/labbsr0x/bindman-dns-webhook)  | `bindman`      | `BINDMAN_MANAGER_ADDRESS`                                                                                                                   | [Additional configuration](https://go-acme.github.io/lego/dns/bindman)      |
 | [Blue Cat](https://www.bluecatnetworks.com/)                | `bluecat`      | `BLUECAT_SERVER_URL`, `BLUECAT_USER_NAME`, `BLUECAT_PASSWORD`, `BLUECAT_CONFIG_NAME`, `BLUECAT_DNS_VIEW`                                    | [Additional configuration](https://go-acme.github.io/lego/dns/bluecat)      |
 | [Checkdomain](https://www.checkdomain.de/)                  | `checkdomain`  | `CHECKDOMAIN_TOKEN`,                                                                                                                        | [Additional configuration](https://go-acme.github.io/lego/dns/checkdomain/) |
-| [CloudDNS](https://vshosting.eu/)                           | `clouddns`     | `CLOUDDNS_CLIENT_ID`, `CLOUDDNS_EMAIL`, `CLOUDDNS_PASSWORD`                                                                                 | [Additional configuration](https://go-acme.github.io/lego/dns/clouddns)     |
 | [ClouDNS](https://www.cloudns.net/)                         | `cloudns`      | `CLOUDNS_AUTH_ID`, `CLOUDNS_AUTH_PASSWORD`                                                                                                  | [Additional configuration](https://go-acme.github.io/lego/dns/cloudns)      |
 | [Cloudflare](https://www.cloudflare.com)                    | `cloudflare`   | `CF_API_EMAIL`, `CF_API_KEY` [^5] or `CF_DNS_API_TOKEN`, `[CF_ZONE_API_TOKEN]`                                                              | [Additional configuration](https://go-acme.github.io/lego/dns/cloudflare)   |
 | [CloudXNS](https://www.cloudxns.net)                        | `cloudxns`     | `CLOUDXNS_API_KEY`, `CLOUDXNS_SECRET_KEY`                                                                                                   | [Additional configuration](https://go-acme.github.io/lego/dns/cloudxns)     |
 | [ConoHa](https://www.conoha.jp)                             | `conoha`       | `CONOHA_TENANT_ID`, `CONOHA_API_USERNAME`, `CONOHA_API_PASSWORD`                                                                            | [Additional configuration](https://go-acme.github.io/lego/dns/conoha)       |
 | [Constellix](https://constellix.com)                        | `constellix`   | `CONSTELLIX_API_KEY`, `CONSTELLIX_SECRET_KEY`                                                                                               | [Additional configuration](https://go-acme.github.io/lego/dns/constellix)   |
-| [deSEC](https://desec.io)                                   | `desec`        | `DESEC_TOKEN`                                                                                                                               | [Additional configuration](https://go-acme.github.io/lego/dns/desec)        |
 | [DigitalOcean](https://www.digitalocean.com)                | `digitalocean` | `DO_AUTH_TOKEN`                                                                                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/digitalocean) |
 | [DNSimple](https://dnsimple.com)                            | `dnsimple`     | `DNSIMPLE_OAUTH_TOKEN`, `DNSIMPLE_BASE_URL`                                                                                                 | [Additional configuration](https://go-acme.github.io/lego/dns/dnsimple)     |
 | [DNS Made Easy](https://dnsmadeeasy.com)                    | `dnsmadeeasy`  | `DNSMADEEASY_API_KEY`, `DNSMADEEASY_API_SECRET`, `DNSMADEEASY_SANDBOX`                                                                      | [Additional configuration](https://go-acme.github.io/lego/dns/dnsmadeeasy)  |
@@ -306,48 +301,40 @@ For complete details, refer to your provider's _Additional configuration_ link.
 | [DreamHost](https://www.dreamhost.com/)                     | `dreamhost`    | `DREAMHOST_API_KEY`                                                                                                                         | [Additional configuration](https://go-acme.github.io/lego/dns/dreamhost)    |
 | [Duck DNS](https://www.duckdns.org/)                        | `duckdns`      | `DUCKDNS_TOKEN`                                                                                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/duckdns)      |
 | [Dyn](https://dyn.com)                                      | `dyn`          | `DYN_CUSTOMER_NAME`, `DYN_USER_NAME`, `DYN_PASSWORD`                                                                                        | [Additional configuration](https://go-acme.github.io/lego/dns/dyn)          |
-| [Dynu](https://www.dynu.com)                                | `dynu`         | `DYNU_API_KEY`                                                                                                                              | [Additional configuration](https://go-acme.github.io/lego/dns/dynu)         |
 | [EasyDNS](https://easydns.com/)                             | `easydns`      | `EASYDNS_TOKEN`, `EASYDNS_KEY`                                                                                                              | [Additional configuration](https://go-acme.github.io/lego/dns/easydns)      |
-| [EdgeDNS](https://www.akamai.com/)                          | `edgedns`      | `AKAMAI_CLIENT_TOKEN`,  `AKAMAI_CLIENT_SECRET`,  `AKAMAI_ACCESS_TOKEN`                                                                      | [Additional configuration](https://go-acme.github.io/lego/dns/edgedns)      |
 | External Program                                            | `exec`         | `EXEC_PATH`                                                                                                                                 | [Additional configuration](https://go-acme.github.io/lego/dns/exec)         |
 | [Exoscale](https://www.exoscale.com)                        | `exoscale`     | `EXOSCALE_API_KEY`, `EXOSCALE_API_SECRET`, `EXOSCALE_ENDPOINT`                                                                              | [Additional configuration](https://go-acme.github.io/lego/dns/exoscale)     |
-| [Fast DNS](https://www.akamai.com/)                         | `fastdns`      | `AKAMAI_CLIENT_TOKEN`,  `AKAMAI_CLIENT_SECRET`,  `AKAMAI_ACCESS_TOKEN`                                                                      | [Additional configuration](https://go-acme.github.io/lego/dns/edgedns)      |
+| [Fast DNS](https://www.akamai.com/)                         | `fastdns`      | `AKAMAI_CLIENT_TOKEN`,  `AKAMAI_CLIENT_SECRET`,  `AKAMAI_ACCESS_TOKEN`                                                                      | [Additional configuration](https://go-acme.github.io/lego/dns/fastdns)      |
 | [Gandi](https://www.gandi.net)                              | `gandi`        | `GANDI_API_KEY`                                                                                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/gandi)        |
 | [Gandi v5](http://doc.livedns.gandi.net)                    | `gandiv5`      | `GANDIV5_API_KEY`                                                                                                                           | [Additional configuration](https://go-acme.github.io/lego/dns/gandiv5)      |
 | [Glesys](https://glesys.com/)                               | `glesys`       | `GLESYS_API_USER`, `GLESYS_API_KEY`, `GLESYS_DOMAIN`                                                                                        | [Additional configuration](https://go-acme.github.io/lego/dns/glesys)       |
 | [GoDaddy](https://godaddy.com/)                             | `godaddy`      | `GODADDY_API_KEY`, `GODADDY_API_SECRET`                                                                                                     | [Additional configuration](https://go-acme.github.io/lego/dns/godaddy)      |
 | [Google Cloud DNS](https://cloud.google.com/dns/docs/)      | `gcloud`       | `GCE_PROJECT`, Application Default Credentials [^2] [^3], [`GCE_SERVICE_ACCOUNT_FILE`]                                                      | [Additional configuration](https://go-acme.github.io/lego/dns/gcloud)       |
-| [Hetzner](https://hetzner.com)                              | `hetzner`      | `HETZNER_API_KEY`                                                                                                                           | [Additional configuration](https://go-acme.github.io/lego/dns/hetzner)      |
 | [hosting.de](https://www.hosting.de)                        | `hostingde`    | `HOSTINGDE_API_KEY`, `HOSTINGDE_ZONE_NAME`                                                                                                  | [Additional configuration](https://go-acme.github.io/lego/dns/hostingde)    |
 | HTTP request                                                | `httpreq`      | `HTTPREQ_ENDPOINT`, `HTTPREQ_MODE`, `HTTPREQ_USERNAME`, `HTTPREQ_PASSWORD` [^1]                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/httpreq)      |
-| [HyperOne](https://www.hyperone.com)                        | `hyperone`     | `HYPERONE_PASSPORT_LOCATION`, `HYPERONE_LOCATION_ID`                                                                                        | [Additional configuration](https://go-acme.github.io/lego/dns/hyperone)     |
 | [IIJ](https://www.iij.ad.jp/)                               | `iij`          | `IIJ_API_ACCESS_KEY`, `IIJ_API_SECRET_KEY`, `IIJ_DO_SERVICE_CODE`                                                                           | [Additional configuration](https://go-acme.github.io/lego/dns/iij)          |
 | [INWX](https://www.inwx.de/en)                              | `inwx`         | `INWX_USERNAME`, `INWX_PASSWORD`                                                                                                            | [Additional configuration](https://go-acme.github.io/lego/dns/inwx)         |
 | [Joker.com](https://joker.com)                              | `joker`        | `JOKER_API_KEY` or `JOKER_USERNAME`, `JOKER_PASSWORD`                                                                                       | [Additional configuration](https://go-acme.github.io/lego/dns/joker)        |
 | [Lightsail](https://aws.amazon.com/lightsail/)              | `lightsail`    | `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `DNS_ZONE`                                                                                    | [Additional configuration](https://go-acme.github.io/lego/dns/lightsail)    |
-| [Linode v4](https://www.linode.com)                         | `linode`       | `LINODE_TOKEN`                                                                                                                              | [Additional configuration](https://go-acme.github.io/lego/dns/linode)       |
+| [Linode](https://www.linode.com)                            | `linode`       | `LINODE_API_KEY`                                                                                                                            | [Additional configuration](https://go-acme.github.io/lego/dns/linode)       |
+| [Linode v4](https://www.linode.com)                         | `linodev4`     | `LINODE_TOKEN`                                                                                                                              | [Additional configuration](https://go-acme.github.io/lego/dns/linodev4)     |
 | [Liquid Web](https://www.liquidweb.com/)                    | `liquidweb`    | `LIQUID_WEB_PASSWORD`, `LIQUID_WEB_USERNAME`, `LIQUID_WEB_ZONE`                                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/liquidweb)    |
-| [LuaDNS](https://luadns.com)                                | `luadns`       | `LUADNS_API_USERNAME`, `LUADNS_API_TOKEN`                                                                                                   | [Additional configuration](https://go-acme.github.io/lego/dns/luadns)       |
-| manual                                                      | `manual`       | none, but you need to run Traefik interactively [^4], turn on debug log to see instructions and press <kbd>Enter</kbd>.                     |                                                                             |
+| manual                                                      | -              | none, but you need to run Traefik interactively [^4], turn on debug log to see instructions and press <kbd>Enter</kbd>.                     |                                                                             |
 | [MyDNS.jp](https://www.mydns.jp/)                           | `mydnsjp`      | `MYDNSJP_MASTER_ID`, `MYDNSJP_PASSWORD`                                                                                                     | [Additional configuration](https://go-acme.github.io/lego/dns/mydnsjp)      |
-| [Mythic Beasts](https://www.mythic-beasts.com)              | `mythicbeasts` | `MYTHICBEASTS_USER_NAME`, `MYTHICBEASTS_PASSWORD`                                                                                           | [Additional configuration](https://go-acme.github.io/lego/dns/mythicbeasts) |
 | [Namecheap](https://www.namecheap.com)                      | `namecheap`    | `NAMECHEAP_API_USER`, `NAMECHEAP_API_KEY`                                                                                                   | [Additional configuration](https://go-acme.github.io/lego/dns/namecheap)    |
 | [name.com](https://www.name.com/)                           | `namedotcom`   | `NAMECOM_USERNAME`, `NAMECOM_API_TOKEN`, `NAMECOM_SERVER`                                                                                   | [Additional configuration](https://go-acme.github.io/lego/dns/namedotcom)   |
 | [Namesilo](https://www.namesilo.com/)                       | `namesilo`     | `NAMESILO_API_KEY`                                                                                                                          | [Additional configuration](https://go-acme.github.io/lego/dns/namesilo)     |
 | [Netcup](https://www.netcup.eu/)                            | `netcup`       | `NETCUP_CUSTOMER_NUMBER`, `NETCUP_API_KEY`, `NETCUP_API_PASSWORD`                                                                           | [Additional configuration](https://go-acme.github.io/lego/dns/netcup)       |
-| [Netlify](https://www.netlify.com)                          | `netlify`      | `NETLIFY_TOKEN`                                                                                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/netlify)      |
 | [NIFCloud](https://cloud.nifty.com/service/dns.htm)         | `nifcloud`     | `NIFCLOUD_ACCESS_KEY_ID`, `NIFCLOUD_SECRET_ACCESS_KEY`                                                                                      | [Additional configuration](https://go-acme.github.io/lego/dns/nifcloud)     |
-| [NS1](https://ns1.com/)                                     | `ns1`          | `NS1_API_KEY`                                                                                                                               | [Additional configuration](https://go-acme.github.io/lego/dns/ns1)          |
+| [Ns1](https://ns1.com/)                                     | `ns1`          | `NS1_API_KEY`                                                                                                                               | [Additional configuration](https://go-acme.github.io/lego/dns/ns1)          |
 | [Open Telekom Cloud](https://cloud.telekom.de)              | `otc`          | `OTC_DOMAIN_NAME`, `OTC_USER_NAME`, `OTC_PASSWORD`, `OTC_PROJECT_NAME`, `OTC_IDENTITY_ENDPOINT`                                             | [Additional configuration](https://go-acme.github.io/lego/dns/otc)          |
 | [OVH](https://www.ovh.com)                                  | `ovh`          | `OVH_ENDPOINT`, `OVH_APPLICATION_KEY`, `OVH_APPLICATION_SECRET`, `OVH_CONSUMER_KEY`                                                         | [Additional configuration](https://go-acme.github.io/lego/dns/ovh)          |
 | [Openstack Designate](https://docs.openstack.org/designate) | `designate`    | `OS_AUTH_URL`, `OS_USERNAME`, `OS_PASSWORD`, `OS_TENANT_NAME`, `OS_REGION_NAME`                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/designate)    |
 | [Oracle Cloud](https://cloud.oracle.com/home)               | `oraclecloud`  | `OCI_COMPARTMENT_OCID`, `OCI_PRIVKEY_FILE`, `OCI_PRIVKEY_PASS`, `OCI_PUBKEY_FINGERPRINT`, `OCI_REGION`, `OCI_TENANCY_OCID`, `OCI_USER_OCID` | [Additional configuration](https://go-acme.github.io/lego/dns/oraclecloud)  |
 | [PowerDNS](https://www.powerdns.com)                        | `pdns`         | `PDNS_API_KEY`, `PDNS_API_URL`                                                                                                              | [Additional configuration](https://go-acme.github.io/lego/dns/pdns)         |
 | [Rackspace](https://www.rackspace.com/cloud/dns)            | `rackspace`    | `RACKSPACE_USER`, `RACKSPACE_API_KEY`                                                                                                       | [Additional configuration](https://go-acme.github.io/lego/dns/rackspace)    |
-| [reg.ru](https://www.reg.ru)                                | `regru`        | `REGRU_USERNAME`, `REGRU_PASSWORD`                                                                                                          | [Additional configuration](https://go-acme.github.io/lego/dns/regru)        |
 | [RFC2136](https://tools.ietf.org/html/rfc2136)              | `rfc2136`      | `RFC2136_TSIG_KEY`, `RFC2136_TSIG_SECRET`, `RFC2136_TSIG_ALGORITHM`, `RFC2136_NAMESERVER`                                                   | [Additional configuration](https://go-acme.github.io/lego/dns/rfc2136)      |
 | [Route 53](https://aws.amazon.com/route53/)                 | `route53`      | `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, `[AWS_REGION]`, `[AWS_HOSTED_ZONE_ID]` or a configured user/instance IAM profile.             | [Additional configuration](https://go-acme.github.io/lego/dns/route53)      |
-| [RimuHosting](https://rimuhosting.com)                      | `rimuhosting`  | `RIMUHOSTING_API_KEY`                                                                                                                       | [Additional configuration](https://go-acme.github.io/lego/dns/rimuhosting)  |
 | [Sakura Cloud](https://cloud.sakura.ad.jp/)                 | `sakuracloud`  | `SAKURACLOUD_ACCESS_TOKEN`, `SAKURACLOUD_ACCESS_TOKEN_SECRET`                                                                               | [Additional configuration](https://go-acme.github.io/lego/dns/sakuracloud)  |
 | [Scaleway](https://www.scaleway.com)                        | `scaleway`     | `SCALEWAY_API_TOKEN`                                                                                                                        | [Additional configuration](https://go-acme.github.io/lego/dns/scaleway)     |
 | [Selectel](https://selectel.ru/en/)                         | `selectel`     | `SELECTEL_API_TOKEN`                                                                                                                        | [Additional configuration](https://go-acme.github.io/lego/dns/selectel)     |
@@ -358,12 +345,10 @@ For complete details, refer to your provider's _Additional configuration_ link.
 | [Versio](https://www.versio.nl/domeinnamen)                 | `versio`       | `VERSIO_USERNAME`, `VERSIO_PASSWORD`                                                                                                        | [Additional configuration](https://go-acme.github.io/lego/dns/versio)       |
 | [Vscale](https://vscale.io/)                                | `vscale`       | `VSCALE_API_TOKEN`                                                                                                                          | [Additional configuration](https://go-acme.github.io/lego/dns/vscale)       |
 | [VULTR](https://www.vultr.com)                              | `vultr`        | `VULTR_API_KEY`                                                                                                                             | [Additional configuration](https://go-acme.github.io/lego/dns/vultr)        |
-| [Yandex](https://yandex.com)                                | `yandex`       | `YANDEX_PDD_TOKEN`                                                                                                                          | [Additional configuration](https://go-acme.github.io/lego/dns/yandex)       |
 | [Zone.ee](https://www.zone.ee)                              | `zoneee`       | `ZONEEE_API_USER`, `ZONEEE_API_KEY`                                                                                                         | [Additional configuration](https://go-acme.github.io/lego/dns/zoneee)       |
-| [Zonomi](https://zonomi.com)                                | `zonomi`       | `ZONOMI_API_KEY`                                                                                                                            | [Additional configuration](https://go-acme.github.io/lego/dns/zonomi)       |
 
 [^1]: more information about the HTTP message format can be found [here](https://go-acme.github.io/lego/dns/httpreq/)
-[^2]: [providing_credentials_to_your_application](https://cloud.google.com/docs/authentication/production)
+[^2]: [providing_credentials_to_your_application](https://cloud.google.com/docs/authentication/production#providing_credentials_to_your_application)
 [^3]: [google/default.go](https://github.com/golang/oauth2/blob/36a7019397c4c86cf59eeab3bc0d188bac444277/google/default.go#L61-L76)
 [^4]: `docker stack` remark: there is no way to support terminal attached to container when deploying with `docker stack`, so you might need to run container with `docker run -it` to generate certificates using `manual` provider.
 [^5]: The `Global API Key` needs to be used, not the `Origin CA Key`.
@@ -399,7 +384,7 @@ certificatesResolvers:
 
 ```bash tab="CLI"
 # ...
---certificatesresolvers.myresolver.acme.dnschallenge.resolvers=1.1.1.1:53,8.8.8.8:53
+--certificatesResolvers.myresolver.acme.dnsChallenge.resolvers=1.1.1.1:53,8.8.8.8:53
 ```
 
 #### Wildcard Domains
@@ -438,7 +423,7 @@ The CA server to use:
 
     ```bash tab="CLI"
     # ...
-    --certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
+    --certificatesResolvers.myresolver.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory
     # ...
     ```
 
@@ -466,7 +451,7 @@ certificatesResolvers:
 
 ```bash tab="CLI"
 # ...
---certificatesresolvers.myresolver.acme.storage=acme.json
+--certificatesResolvers.myresolver.acme.storage=acme.json
 # ...
 ```
 
@@ -483,38 +468,7 @@ docker run -v "/my/host/acme:/etc/traefik/acme" traefik
 ```
 
 !!! warning
-    For concurrency reasons, this file cannot be shared across multiple instances of Traefik.
-
-### `preferredChain`
-
-_Optional, Default=""_
-
-Preferred chain to use.
-
-If the CA offers multiple certificate chains, prefer the chain with an issuer matching this Subject Common Name.
-If no match, the default offered chain will be used.
-
-```toml tab="File (TOML)"
-[certificatesResolvers.myresolver.acme]
-  # ...
-  preferredChain = "ISRG Root X1"
-  # ...
-```
-
-```yaml tab="File (YAML)"
-certificatesResolvers:
-  myresolver:
-    acme:
-      # ...
-      preferredChain: 'ISRG Root X1'
-      # ...
-```
-
-```bash tab="CLI"
-# ...
---certificatesresolvers.myresolver.acme.preferredChain="ISRG Root X1"
-# ...
-```
+    For concurrency reason, this file cannot be shared across multiple instances of Traefik.
 
 ## Fallback
 

docs/content/https/include-acme-multiple-domains-example.md

@@ -2,23 +2,23 @@
 ```yaml tab="Docker"
 ## Dynamic configuration
 labels:
-  - traefik.http.routers.blog.rule=Host(`example.com`) && Path(`/blog`)
+  - traefik.http.routers.blog.rule=Host(`company.com`) && Path(`/blog`)
   - traefik.http.routers.blog.tls=true
   - traefik.http.routers.blog.tls.certresolver=myresolver
-  - traefik.http.routers.blog.tls.domains[0].main=example.org
-  - traefik.http.routers.blog.tls.domains[0].sans=*.example.org
+  - traefik.http.routers.blog.tls.domains[0].main=company.org
+  - traefik.http.routers.blog.tls.domains[0].sans=*.company.org
 ```
 
 ```yaml tab="Docker (Swarm)"
 ## Dynamic configuration
 deploy:
   labels:
-    - traefik.http.routers.blog.rule=Host(`example.com`) && Path(`/blog`)
+    - traefik.http.routers.blog.rule=Host(`company.com`) && Path(`/blog`)
     - traefik.http.services.blog-svc.loadbalancer.server.port=8080"
     - traefik.http.routers.blog.tls=true
     - traefik.http.routers.blog.tls.certresolver=myresolver
-    - traefik.http.routers.blog.tls.domains[0].main=example.org
-    - traefik.http.routers.blog.tls.domains[0].sans=*.example.org
+    - traefik.http.routers.blog.tls.domains[0].main=company.org
+    - traefik.http.routers.blog.tls.domains[0].sans=*.company.org
 ```
 
 ```yaml tab="Kubernetes"
@@ -30,7 +30,7 @@ spec:
   entryPoints:
     - websecure
   routes:
-  - match: Host(`example.com`) && Path(`/blog`)
+  - match: Host(`company.com`) && Path(`/blog`)
     kind: Rule
     services:
     - name: blog
@@ -38,18 +38,18 @@ spec:
   tls:
     certResolver: myresolver
     domains:
-    - main: example.org
+    - main: company.org
       sans:
-      - '*.example.org'
+      - *.company.org
 ```
 
 ```json tab="Marathon"
 labels: {
-  "traefik.http.routers.blog.rule": "Host(`example.com`) && Path(`/blog`)",
+  "traefik.http.routers.blog.rule": "Host(`company.com`) && Path(`/blog`)",
   "traefik.http.routers.blog.tls": "true",
   "traefik.http.routers.blog.tls.certresolver": "myresolver",
-  "traefik.http.routers.blog.tls.domains[0].main": "example.com",
-  "traefik.http.routers.blog.tls.domains[0].sans": "*.example.com",
+  "traefik.http.routers.blog.tls.domains[0].main": "company.com",
+  "traefik.http.routers.blog.tls.domains[0].sans": "*.company.com",
   "traefik.http.services.blog-svc.loadbalancer.server.port": "8080"
 }
 ```
@@ -57,23 +57,23 @@ labels: {
 ```yaml tab="Rancher"
 ## Dynamic configuration
 labels:
-  - traefik.http.routers.blog.rule=Host(`example.com`) && Path(`/blog`)
+  - traefik.http.routers.blog.rule=Host(`company.com`) && Path(`/blog`)
   - traefik.http.routers.blog.tls=true
   - traefik.http.routers.blog.tls.certresolver=myresolver
-  - traefik.http.routers.blog.tls.domains[0].main=example.org
-  - traefik.http.routers.blog.tls.domains[0].sans=*.example.org
+  - traefik.http.routers.blog.tls.domains[0].main=company.org
+  - traefik.http.routers.blog.tls.domains[0].sans=*.company.org
 ```
 
 ```toml tab="File (TOML)"
 ## Dynamic configuration
 [http.routers]
   [http.routers.blog]
-    rule = "Host(`example.com`) && Path(`/blog`)"
+    rule = "Host(`company.com`) && Path(`/blog`)"
     [http.routers.blog.tls]
       certResolver = "myresolver" # From static configuration
       [[http.routers.blog.tls.domains]]
-        main = "example.org"
-        sans = ["*.example.org"]
+        main = "company.org"
+        sans = ["*.company.org"]
 ```
 
 ```yaml tab="File (YAML)"
@@ -81,11 +81,11 @@ labels:
 http:
   routers:
     blog:
-      rule: "Host(`example.com`) && Path(`/blog`)"
+      rule: "Host(`company.com`) && Path(`/blog`)"
       tls:
         certResolver: myresolver
         domains:
-          - main: "example.org"
+          - main: "company.org"
             sans:
-              - "*.example.org"
+              - "*.company.org"
 ```

docs/content/https/include-acme-multiple-domains-from-rule-example.md

@@ -2,7 +2,7 @@
 ```yaml tab="Docker"
 ## Dynamic configuration
 labels:
-  - traefik.http.routers.blog.rule=(Host(`example.com`) && Path(`/blog`)) || Host(`blog.example.org`)
+  - traefik.http.routers.blog.rule=(Host(`company.com`) && Path(`/blog`)) || Host(`blog.company.org`)
   - traefik.http.routers.blog.tls=true
   - traefik.http.routers.blog.tls.certresolver=myresolver
 ```
@@ -11,7 +11,7 @@ labels:
 ## Dynamic configuration
 deploy:
   labels:
-    - traefik.http.routers.blog.rule=(Host(`example.com`) && Path(`/blog`)) || Host(`blog.example.org`)
+    - traefik.http.routers.blog.rule=(Host(`company.com`) && Path(`/blog`)) || Host(`blog.company.org`)
     - traefik.http.routers.blog.tls=true
     - traefik.http.routers.blog.tls.certresolver=myresolver
     - traefik.http.services.blog-svc.loadbalancer.server.port=8080"
@@ -26,18 +26,18 @@ spec:
   entryPoints:
     - websecure
   routes:
-  - match: (Host(`example.com`) && Path(`/blog`)) || Host(`blog.example.org`)
+  - match: (Host(`company.com`) && Path(`/blog`)) || Host(`blog.company.org`)
     kind: Rule
     services:
     - name: blog
       port: 8080
   tls:
-    certResolver: myresolver
+    certresolver: myresolver
 ```
 
 ```json tab="Marathon"
 labels: {
-  "traefik.http.routers.blog.rule": "(Host(`example.com`) && Path(`/blog`)) || Host(`blog.example.org`)",
+  "traefik.http.routers.blog.rule": "(Host(`company.com`) && Path(`/blog`)) || Host(`blog.company.org`)",
   "traefik.http.routers.blog.tls": "true",
   "traefik.http.routers.blog.tls.certresolver": "myresolver",
   "traefik.http.services.blog-svc.loadbalancer.server.port": "8080"
@@ -47,7 +47,7 @@ labels: {
 ```yaml tab="Rancher"
 ## Dynamic configuration
 labels:
-  - traefik.http.routers.blog.rule=(Host(`example.com`) && Path(`/blog`)) || Host(`blog.example.org`)
+  - traefik.http.routers.blog.rule=(Host(`company.com`) && Path(`/blog`)) || Host(`blog.company.org`)
   - traefik.http.routers.blog.tls=true
   - traefik.http.routers.blog.tls.certresolver=myresolver
 ```
@@ -56,7 +56,7 @@ labels:
 ## Dynamic configuration
 [http.routers]
   [http.routers.blog]
-    rule = "(Host(`example.com`) && Path(`/blog`)) || Host(`blog.example.org`)"
+    rule = "(Host(`company.com`) && Path(`/blog`)) || Host(`blog.company.org`)"
     [http.routers.blog.tls]
       certResolver = "myresolver"
 ```
@@ -66,7 +66,7 @@ labels:
 http:
   routers:
     blog:
-      rule: "(Host(`example.com`) && Path(`/blog`)) || Host(`blog.example.org`)"
+      rule: "(Host(`company.com`) && Path(`/blog`)) || Host(`blog.company.org`)"
       tls:
         certResolver: myresolver
 ```

docs/content/https/include-acme-single-domain-example.md

@@ -2,7 +2,7 @@
 ```yaml tab="Docker"
 ## Dynamic configuration
 labels:
-  - traefik.http.routers.blog.rule=Host(`example.com`) && Path(`/blog`)
+  - traefik.http.routers.blog.rule=Host(`company.com`) && Path(`/blog`)
   - traefik.http.routers.blog.tls=true
   - traefik.http.routers.blog.tls.certresolver=myresolver
 ```
@@ -11,7 +11,7 @@ labels:
 ## Dynamic configuration
 deploy:
   labels:
-    - traefik.http.routers.blog.rule=Host(`example.com`) && Path(`/blog`)
+    - traefik.http.routers.blog.rule=Host(`company.com`) && Path(`/blog`)
     - traefik.http.routers.blog.tls=true
     - traefik.http.routers.blog.tls.certresolver=myresolver
     - traefik.http.services.blog-svc.loadbalancer.server.port=8080"
@@ -26,18 +26,18 @@ spec:
   entryPoints:
     - websecure
   routes:
-  - match: Host(`example.com`) && Path(`/blog`)
+  - match: Host(`company.com`) && Path(`/blog`)
     kind: Rule
     services:
     - name: blog
       port: 8080
   tls:
-    certResolver: myresolver
+    certresolver: myresolver
 ```
 
 ```json tab="Marathon"
 labels: {
-  "traefik.http.routers.blog.rule": "Host(`example.com`) && Path(`/blog`)",
+  "traefik.http.routers.blog.rule": "Host(`company.com`) && Path(`/blog`)",
   "traefik.http.routers.blog.tls": "true",
   "traefik.http.routers.blog.tls.certresolver": "myresolver",
   "traefik.http.services.blog-svc.loadbalancer.server.port": "8080"
@@ -47,7 +47,7 @@ labels: {
 ```yaml tab="Rancher"
 ## Dynamic configuration
 labels:
-  - traefik.http.routers.blog.rule=Host(`example.com`) && Path(`/blog`)
+  - traefik.http.routers.blog.rule=Host(`company.com`) && Path(`/blog`)
   - traefik.http.routers.blog.tls=true
   - traefik.http.routers.blog.tls.certresolver=myresolver
 ```
@@ -56,7 +56,7 @@ labels:
 ## Dynamic configuration
 [http.routers]
   [http.routers.blog]
-  rule = "Host(`example.com`) && Path(`/blog`)"
+  rule = "Host(`company.com`) && Path(`/blog`)"
   [http.routers.blog.tls]
     certResolver = "myresolver"
 ```
@@ -66,7 +66,7 @@ labels:
 http:
   routers:
     blog:
-      rule: "Host(`example.com`) && Path(`/blog`)"
+      rule: "Host(`company.com`) && Path(`/blog`)"
       tls:
         certResolver: myresolver
 ```

docs/content/https/ref-acme.toml

@@ -5,7 +5,7 @@
   #
   # Required
   #
-  email = "test@example.com"
+  email = "test@traefik.io"
 
   # File or key used for certificates storage.
   #
@@ -22,16 +22,6 @@
   #
   # caServer = "https://acme-staging-v02.api.letsencrypt.org/directory"
 
-  # Preferred chain to use.
-  #
-  # If the CA offers multiple certificate chains, prefer the chain with an issuer matching this Subject Common Name.
-  # If no match, the default offered chain will be used.
-  #
-  # Optional
-  # Default: ""
-  #
-  # preferredChain = "ISRG Root X1"
-
   # KeyType to use.
   #
   # Optional

docs/content/https/ref-acme.txt

@@ -4,13 +4,13 @@
 #
 # Required
 #
---certificatesresolvers.myresolver.acme.email=test@example.com
+--certificatesResolvers.myresolver.acme.email=test@traefik.io
 
 # File or key used for certificates storage.
 #
 # Required
 #
---certificatesresolvers.myresolver.acme.storage=acme.json
+--certificatesResolvers.myresolver.acme.storage=acme.json
 
 # CA server to use.
 # Uncomment the line to use Let's Encrypt's staging server,
@@ -19,17 +19,7 @@
 # Optional
 # Default: "https://acme-v02.api.letsencrypt.org/directory"
 #
---certificatesresolvers.myresolver.acme.caserver=https://acme-staging-v02.api.letsencrypt.org/directory
-
-# Preferred chain to use.
-#
-# If the CA offers multiple certificate chains, prefer the chain with an issuer matching this Subject Common Name.
-# If no match, the default offered chain will be used.
-#
-# Optional
-# Default: ""
-#
---certificatesresolvers.myresolver.acme.preferredchain="ISRG Root X1"
+--certificatesResolvers.myresolver.acme.caServer=https://acme-staging-v02.api.letsencrypt.org/directory
 
 # KeyType to use.
 #
@@ -38,38 +28,38 @@
 #
 # Available values : "EC256", "EC384", "RSA2048", "RSA4096", "RSA8192"
 #
---certificatesresolvers.myresolver.acme.keytype=RSA4096
+--certificatesResolvers.myresolver.acme.keyType=RSA4096
 
 # Use a TLS-ALPN-01 ACME challenge.
 #
 # Optional (but recommended)
 #
---certificatesresolvers.myresolver.acme.tlschallenge=true
+--certificatesResolvers.myresolver.acme.tlsChallenge=true
 
 # Use a HTTP-01 ACME challenge.
 #
 # Optional
 #
---certificatesresolvers.myresolver.acme.httpchallenge=true
+--certificatesResolvers.myresolver.acme.httpChallenge=true
 
 # EntryPoint to use for the HTTP-01 challenges.
 #
 # Required
 #
---certificatesresolvers.myresolver.acme.httpchallenge.entrypoint=web
+--certificatesResolvers.myresolver.acme.httpChallenge.entryPoint=web
 
 # Use a DNS-01 ACME challenge rather than HTTP-01 challenge.
 # Note: mandatory for wildcard certificate generation.
 #
 # Optional
 #
---certificatesresolvers.myresolver.acme.dnschallenge=true
+--certificatesResolvers.myresolver.acme.dnsChallenge=true
 
 # DNS provider used.
 #
 # Required
 #
---certificatesresolvers.myresolver.acme.dnschallenge.provider=digitalocean
+--certificatesResolvers.myresolver.acme.dnsChallenge.provider=digitalocean
 
 # By default, the provider will verify the TXT DNS challenge record before letting ACME verify.
 # If delayBeforeCheck is greater than zero, this check is delayed for the configured duration in seconds.
@@ -78,14 +68,14 @@
 # Optional
 # Default: 0
 #
---certificatesresolvers.myresolver.acme.dnschallenge.delaybeforecheck=0
+--certificatesResolvers.myresolver.acme.dnsChallenge.delayBeforeCheck=0
 
 # Use following DNS servers to resolve the FQDN authority.
 #
 # Optional
 # Default: empty
 #
---certificatesresolvers.myresolver.acme.dnschallenge.resolvers=1.1.1.1:53,8.8.8.8:53
+--certificatesResolvers.myresolver.acme.dnsChallenge.resolvers=1.1.1.1:53,8.8.8.8:53
 
 # Disable the DNS propagation checks before notifying ACME that the DNS challenge is ready.
 #
@@ -95,4 +85,4 @@
 # Optional
 # Default: false
 #
---certificatesresolvers.myresolver.acme.dnschallenge.disablepropagationcheck=true
+--certificatesResolvers.myresolver.acme.dnsChallenge.disablePropagationCheck=true

docs/content/https/ref-acme.yaml

@@ -7,7 +7,7 @@ certificatesResolvers:
       #
       # Required
       #
-      email: "test@example.com"
+      email: "test@traefik.io"
 
       # File or key used for certificates storage.
       #
@@ -24,16 +24,6 @@ certificatesResolvers:
       #
       # caServer: "https://acme-staging-v02.api.letsencrypt.org/directory"
 
-      # Preferred chain to use.
-      #
-      # If the CA offers multiple certificate chains, prefer the chain with an issuer matching this Subject Common Name.
-      # If no match, the default offered chain will be used.
-      #
-      # Optional
-      # Default: ""
-      #
-      # preferredChain: 'ISRG Root X1'
-
       # KeyType to use.
       #
       # Optional

docs/content/https/tls.md

@@ -183,9 +183,9 @@ spec:
 
 ### Maximum TLS Version
 
-We discourage the use of this setting to disable TLS1.3.
+We discourages the use of this setting to disable TLS1.3.
 
-The recommended approach is to update the clients to support TLS1.3.
+The right approach is to update the clients to support TLS1.3.
 
 ```toml tab="File (TOML)"
 # Dynamic configuration
@@ -316,8 +316,8 @@ spec:
 
 ### Strict SNI Checking
 
-With strict SNI checking enabled, Traefik won't allow connections from clients
-that do not specify a server_name extension or don't match any certificate configured on the tlsOption.
+With strict SNI checking, Traefik won't allow connections from clients connections
+that do not specify a server_name extension.
 
 ```toml tab="File (TOML)"
 # Dynamic configuration
@@ -347,39 +347,6 @@ spec:
   sniStrict: true
 ```
 
-### Prefer Server Cipher Suites
-
-This option allows the server to choose its most preferred cipher suite instead of the client's.
-Please note that this is enabled automatically when `minVersion` or `maxVersion` are set.
-
-```toml tab="File (TOML)"
-# Dynamic configuration
-
-[tls.options]
-  [tls.options.default]
-    preferServerCipherSuites = true
-```
-
-```yaml tab="File (YAML)"
-# Dynamic configuration
-
-tls:
-  options:
-    default:
-      preferServerCipherSuites: true
-```
-
-```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
-kind: TLSOption
-metadata:
-  name: default
-  namespace: default
-
-spec:
-  preferServerCipherSuites: true
-```
-
 ### Client Authentication (mTLS)
 
 Traefik supports mutual authentication, through the `clientAuth` section.
@@ -428,7 +395,6 @@ metadata:
 
 spec:
   clientAuth:
-    # the CA certificate is extracted from key `tls.ca` of the given secrets.
     secretNames:
       - secretCA
     clientAuthType: RequireAndVerifyClientCert

docs/content/middlewares/basicauth.md

@@ -12,11 +12,9 @@ The BasicAuth middleware is a quick way to restrict access to your services to k
 ```yaml tab="Docker"
 # Declaring the user list
 #
-# Note: when used in docker-compose.yml all dollar signs in the hash need to be doubled for escaping.
+# Note: all dollar signs in the hash need to be doubled for escaping.
 # To create user:password pair, it's possible to use this command:
 # echo $(htpasswd -nb user password) | sed -e s/\\$/\\$\\$/g
-#
-# Also note that dollar signs should NOT be doubled when they not evaluated (e.g. Ansible docker_container module).
 labels:
   - "traefik.http.middlewares.test-auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
 ```
@@ -73,7 +71,7 @@ http:
 
 ### General
 
-Passwords must be hashed using MD5, SHA1, or BCrypt.
+Passwords must be encoded using MD5, SHA1, or BCrypt.
 
 !!! tip 
 
@@ -81,7 +79,7 @@ Passwords must be hashed using MD5, SHA1, or BCrypt.
 
 ### `users`
 
-The `users` option is an array of authorized users. Each user will be declared using the `name:hashed-password` format.
+The `users` option is an array of authorized users. Each user will be declared using the `name:encoded-password` format.
 
 !!! note ""
     
@@ -167,7 +165,7 @@ http:
 
 The `usersFile` option is the path to an external file that contains the authorized users for the middleware.
 
-The file content is a list of `name:hashed-password`.
+The file content is a list of `name:encoded-password`.
 
 !!! note ""
     

docs/content/middlewares/compress.md

@@ -64,9 +64,6 @@ http:
     * The `Accept-Encoding` request header contains `gzip`.
     * The response is not already compressed, i.e. the `Content-Encoding` response header is not already set.
 
-    If Content-Type header is not defined, or empty, the compress middleware will automatically [detect](https://mimesniff.spec.whatwg.org/) a content type. 
-    It will also set accordingly the `Content-Type` header with the detected MIME type.
-    
 ## Configuration Options
 
 ### `excludedContentTypes`

docs/content/middlewares/contenttype.md

@@ -21,9 +21,6 @@ This middleware exists to enable the correct behavior until at least the default
     is still to automatically set the `Content-Type` header.
     Therefore, given the default value of the `autoDetect` option (false),
     simply enabling this middleware for a router switches the router's behavior.
-    
-    The scope of the Content-Type middleware is the MIME type detection done by the core of Traefik (the server part).
-    Therefore, it has no effect against any other `Content-Type` header modifications (e.g.: in another middleware such as compress).
 
 ## Configuration Examples
 

docs/content/middlewares/forwardauth.md

@@ -12,53 +12,53 @@ Otherwise, the response from the authentication server is returned.
 ## Configuration Examples
 
 ```yaml tab="Docker"
-# Forward authentication to example.com
+# Forward authentication to authserver.com
 labels:
-  - "traefik.http.middlewares.test-auth.forwardauth.address=https://example.com/auth"
+  - "traefik.http.middlewares.test-auth.forwardauth.address=https://authserver.com/auth"
 ```
 
 ```yaml tab="Kubernetes"
-# Forward authentication to example.com
+# Forward authentication to authserver.com
 apiVersion: traefik.containo.us/v1alpha1
 kind: Middleware
 metadata:
   name: test-auth
 spec:
   forwardAuth:
-    address: https://example.com/auth
+    address: https://authserver.com/auth
 ```
 
 ```yaml tab="Consul Catalog"
-# Forward authentication to example.com
-- "traefik.http.middlewares.test-auth.forwardauth.address=https://example.com/auth"
+# Forward authentication to authserver.com
+- "traefik.http.middlewares.test-auth.forwardauth.address=https://authserver.com/auth"
 ```
 
 ```json tab="Marathon"
 "labels": {
-  "traefik.http.middlewares.test-auth.forwardauth.address": "https://example.com/auth"
+  "traefik.http.middlewares.test-auth.forwardauth.address": "https://authserver.com/auth"
 }
 ```
 
 ```yaml tab="Rancher"
-# Forward authentication to example.com
+# Forward authentication to authserver.com
 labels:
-  - "traefik.http.middlewares.test-auth.forwardauth.address=https://example.com/auth"
+  - "traefik.http.middlewares.test-auth.forwardauth.address=https://authserver.com/auth"
 ```
 
 ```toml tab="File (TOML)"
-# Forward authentication to example.com
+# Forward authentication to authserver.com
 [http.middlewares]
   [http.middlewares.test-auth.forwardAuth]
-    address = "https://example.com/auth"
+    address = "https://authserver.com/auth"
 ```
 
 ```yaml tab="File (YAML)"
-# Forward authentication to example.com
+# Forward authentication to authserver.com
 http:
   middlewares:
     test-auth:
       forwardAuth:
-        address: "https://example.com/auth"
+        address: "https://authserver.com/auth"
 ```
 
 ## Configuration Options
@@ -69,7 +69,7 @@ The `address` option defines the authentication server address.
 
 ```yaml tab="Docker"
 labels:
-  - "traefik.http.middlewares.test-auth.forwardauth.address=https://example.com/auth"
+  - "traefik.http.middlewares.test-auth.forwardauth.address=https://authserver.com/auth"
 ```
 
 ```yaml tab="Kubernetes"
@@ -79,28 +79,28 @@ metadata:
   name: test-auth
 spec:
   forwardAuth:
-    address: https://example.com/auth 
+    address: https://authserver.com/auth 
 ```
 
 ```yaml tab="Consul Catalog"
-- "traefik.http.middlewares.test-auth.forwardauth.address=https://example.com/auth"
+- "traefik.http.middlewares.test-auth.forwardauth.address=https://authserver.com/auth"
 ```
 
 ```json tab="Marathon"
 "labels": {
-  "traefik.http.middlewares.test-auth.forwardauth.address": "https://example.com/auth"
+  "traefik.http.middlewares.test-auth.forwardauth.address": "https://authserver.com/auth"
 }
 ```
 
 ```yaml tab="Rancher"
 labels:
-  - "traefik.http.middlewares.test-auth.forwardauth.address=https://example.com/auth"
+  - "traefik.http.middlewares.test-auth.forwardauth.address=https://authserver.com/auth"
 ```
 
 ```toml tab="File (TOML)"
 [http.middlewares]
   [http.middlewares.test-auth.forwardAuth]
-    address = "https://example.com/auth"
+    address = "https://authserver.com/auth"
 ```
 
 ```yaml tab="File (YAML)"
@@ -108,7 +108,7 @@ http:
   middlewares:
     test-auth:
       forwardAuth:
-        address: "https://example.com/auth"
+        address: "https://authserver.com/auth"
 ```
 
 ### `trustForwardHeader`
@@ -127,7 +127,7 @@ metadata:
   name: test-auth
 spec:
   forwardAuth:
-    address: https://example.com/auth
+    address: https://authserver.com/auth
     trustForwardHeader: true
 ```
 
@@ -149,7 +149,7 @@ labels:
 ```toml tab="File (TOML)"
 [http.middlewares]
   [http.middlewares.test-auth.forwardAuth]
-    address = "https://example.com/auth"
+    address = "https://authserver.com/auth"
     trustForwardHeader = true
 ```
 
@@ -158,7 +158,7 @@ http:
   middlewares:
     test-auth:
       forwardAuth:
-        address: "https://example.com/auth"
+        address: "https://authserver.com/auth"
         trustForwardHeader: true
 ```
 
@@ -178,7 +178,7 @@ metadata:
   name: test-auth
 spec:
   forwardAuth:
-    address: https://example.com/auth
+    address: https://authserver.com/auth
     authResponseHeaders:
       - X-Auth-User
       - X-Secret
@@ -202,7 +202,7 @@ labels:
 ```toml tab="File (TOML)"
 [http.middlewares]
   [http.middlewares.test-auth.forwardAuth]
-    address = "https://example.com/auth"
+    address = "https://authserver.com/auth"
     authResponseHeaders = ["X-Auth-User", "X-Secret"]
 ```
 
@@ -211,7 +211,7 @@ http:
   middlewares:
     test-auth:
       forwardAuth:
-        address: "https://example.com/auth"
+        address: "https://authserver.com/auth"
         authResponseHeaders:
           - "X-Auth-User"
           - "X-Secret"
@@ -237,7 +237,7 @@ metadata:
   name: test-auth
 spec:
   forwardAuth:
-    address: https://example.com/auth
+    address: https://authserver.com/auth
     tls:
       caSecret: mycasercret
 
@@ -270,7 +270,7 @@ labels:
 ```toml tab="File (TOML)"
 [http.middlewares]
   [http.middlewares.test-auth.forwardAuth]
-    address = "https://example.com/auth"
+    address = "https://authserver.com/auth"
     [http.middlewares.test-auth.forwardAuth.tls]
       ca = "path/to/local.crt"
 ```
@@ -280,7 +280,7 @@ http:
   middlewares:
     test-auth:
       forwardAuth:
-        address: "https://example.com/auth"
+        address: "https://authserver.com/auth"
         tls:
           ca: "path/to/local.crt"
 ```
@@ -306,7 +306,7 @@ metadata:
   name: test-auth
 spec:
   forwardAuth:
-    address: https://example.com/auth
+    address: https://authserver.com/auth
     tls:
       caOptional: true
 ```
@@ -329,7 +329,7 @@ labels:
 ```toml tab="File (TOML)"
 [http.middlewares]
   [http.middlewares.test-auth.forwardAuth]
-    address = "https://example.com/auth"
+    address = "https://authserver.com/auth"
     [http.middlewares.test-auth.forwardAuth.tls]
       caOptional = true
 ```
@@ -339,7 +339,7 @@ http:
   middlewares:
     test-auth:
       forwardAuth:
-        address: "https://example.com/auth"
+        address: "https://authserver.com/auth"
         tls:
           caOptional: true
 ```
@@ -361,7 +361,7 @@ metadata:
   name: test-auth
 spec:
   forwardAuth:
-    address: https://example.com/auth
+    address: https://authserver.com/auth
     tls:
       certSecret: mytlscert
 
@@ -398,7 +398,7 @@ labels:
 ```toml tab="File (TOML)"
 [http.middlewares]
   [http.middlewares.test-auth.forwardAuth]
-    address = "https://example.com/auth"
+    address = "https://authserver.com/auth"
     [http.middlewares.test-auth.forwardAuth.tls]
       cert = "path/to/foo.cert"
       key = "path/to/foo.key"
@@ -409,7 +409,7 @@ http:
   middlewares:
     test-auth:
       forwardAuth:
-        address: "https://example.com/auth"
+        address: "https://authserver.com/auth"
         tls:
           cert: "path/to/foo.cert"
           key: "path/to/foo.key"
@@ -435,7 +435,7 @@ metadata:
   name: test-auth
 spec:
   forwardAuth:
-    address: https://example.com/auth
+    address: https://authserver.com/auth
     tls:
       certSecret: mytlscert
 
@@ -472,7 +472,7 @@ labels:
 ```toml tab="File (TOML)"
 [http.middlewares]
   [http.middlewares.test-auth.forwardAuth]
-    address = "https://example.com/auth"
+    address = "https://authserver.com/auth"
     [http.middlewares.test-auth.forwardAuth.tls]
       cert = "path/to/foo.cert"
       key = "path/to/foo.key"
@@ -483,7 +483,7 @@ http:
   middlewares:
     test-auth:
       forwardAuth:
-        address: "https://example.com/auth"
+        address: "https://authserver.com/auth"
         tls:
           cert: "path/to/foo.cert"
           key: "path/to/foo.key"
@@ -508,7 +508,7 @@ metadata:
   name: test-auth
 spec:
   forwardAuth:
-    address: https://example.com/auth
+    address: https://authserver.com/auth
     tls:
       insecureSkipVerify: true
 ```
@@ -531,7 +531,7 @@ labels:
 ```toml tab="File (TOML)"
 [http.middlewares]
   [http.middlewares.test-auth.forwardAuth]
-    address = "https://example.com/auth"
+    address = "https://authserver.com/auth"
     [http.middlewares.test-auth.forwardAuth.tls]
       insecureSkipVerify: true
 ```
@@ -541,7 +541,7 @@ http:
   middlewares:
     test-auth:
       forwardAuth:
-        address: "https://example.com/auth"
+        address: "https://authserver.com/auth"
         tls:
           insecureSkipVerify: true
 ```

docs/content/middlewares/headers.md

@@ -23,7 +23,7 @@ labels:
 apiVersion: traefik.containo.us/v1alpha1
 kind: Middleware
 metadata:
-  name: testHeader
+  name: test-header
 spec:
   headers:
     customRequestHeaders:
@@ -86,7 +86,7 @@ labels:
 apiVersion: traefik.containo.us/v1alpha1
 kind: Middleware
 metadata:
-  name: testHeader
+  name: test-header
 spec:
   headers:
     customRequestHeaders:
@@ -148,11 +148,11 @@ labels:
 apiVersion: traefik.containo.us/v1alpha1
 kind: Middleware
 metadata:
-  name: testHeader
+  name: test-header
 spec:
   headers:
-    frameDeny: true
-    sslRedirect: true
+    frameDeny: "true"
+    sslRedirect: "true"
 ```
 
 ```yaml tab="Consul Catalog"
@@ -197,7 +197,7 @@ This functionality allows for more advanced security features to quickly be set.
 ```yaml tab="Docker"
 labels:
   - "traefik.http.middlewares.testheader.headers.accesscontrolallowmethods=GET,OPTIONS,PUT"
-  - "traefik.http.middlewares.testheader.headers.accesscontrolalloworiginlist=https://foo.bar.org,https://example.org"
+  - "traefik.http.middlewares.testheader.headers.accesscontrolalloworigin=origin-list-or-null"
   - "traefik.http.middlewares.testheader.headers.accesscontrolmaxage=100"
   - "traefik.http.middlewares.testheader.headers.addvaryheader=true"
 ```
@@ -206,23 +206,21 @@ labels:
 apiVersion: traefik.containo.us/v1alpha1
 kind: Middleware
 metadata:
-  name: testHeader
+  name: test-header
 spec:
   headers:
     accessControlAllowMethods:
       - "GET"
       - "OPTIONS"
       - "PUT"
-    accessControlAllowOriginList:
-      - "https://foo.bar.org"
-      - "https://example.org"
+    accessControlAllowOrigin: "origin-list-or-null"
     accessControlMaxAge: 100
-    addVaryHeader: true
+    addVaryHeader: "true"
 ```
 
 ```yaml tab="Consul Catalog"
 - "traefik.http.middlewares.testheader.headers.accesscontrolallowmethods=GET,OPTIONS,PUT"
-- "traefik.http.middlewares.testheader.headers.accesscontrolalloworiginlist=https://foo.bar.org,https://example.org"
+- "traefik.http.middlewares.testheader.headers.accesscontrolalloworigin=origin-list-or-null"
 - "traefik.http.middlewares.testheader.headers.accesscontrolmaxage=100"
 - "traefik.http.middlewares.testheader.headers.addvaryheader=true"
 ```
@@ -230,7 +228,7 @@ spec:
 ```json tab="Marathon"
 "labels": {
   "traefik.http.middlewares.testheader.headers.accesscontrolallowmethods": "GET,OPTIONS,PUT",
-  "traefik.http.middlewares.testheader.headers.accesscontrolalloworiginlist": "https://foo.bar.org,https://example.org",
+  "traefik.http.middlewares.testheader.headers.accesscontrolalloworigin": "origin-list-or-null",
   "traefik.http.middlewares.testheader.headers.accesscontrolmaxage": "100",
   "traefik.http.middlewares.testheader.headers.addvaryheader": "true"
 }
@@ -239,7 +237,7 @@ spec:
 ```yaml tab="Rancher"
 labels:
   - "traefik.http.middlewares.testheader.headers.accesscontrolallowmethods=GET,OPTIONS,PUT"
-  - "traefik.http.middlewares.testheader.headers.accesscontrolalloworiginlist=https://foo.bar.org,https://example.org"
+  - "traefik.http.middlewares.testheader.headers.accesscontrolalloworigin=origin-list-or-null"
   - "traefik.http.middlewares.testheader.headers.accesscontrolmaxage=100"
   - "traefik.http.middlewares.testheader.headers.addvaryheader=true"
 ```
@@ -248,7 +246,7 @@ labels:
 [http.middlewares]
   [http.middlewares.testHeader.headers]
     accessControlAllowMethods= ["GET", "OPTIONS", "PUT"]
-    accessControlAllowOriginList = ["https://foo.bar.org","https://example.org"]
+    accessControlAllowOrigin = "origin-list-or-null"
     accessControlMaxAge = 100
     addVaryHeader = true
 ```
@@ -262,9 +260,7 @@ http:
           - GET
           - OPTIONS
           - PUT
-        accessControlAllowOriginList:
-          - https://foo.bar.org
-          - https://example.org
+        accessControlAllowOrigin: "origin-list-or-null"
         accessControlMaxAge: 100
         addVaryHeader: true
 ```
@@ -299,22 +295,14 @@ The `accessControlAllowHeaders` indicates which header field names can be used a
 
 The  `accessControlAllowMethods` indicates which methods can be used during requests.
 
-### `accessControlAllowOriginList`
+### `accessControlAllowOrigin`
 
-The `accessControlAllowOriginList` indicates whether a resource can be shared by returning different values.
+The `accessControlAllowOrigin` indicates whether a resource can be shared by returning different values.
+The three options for this value are:
 
-A wildcard origin `*` can also be configured, and will match all requests.
-If this value is set by a backend server, it will be overwritten by Traefik
-
-This value can contains a list of allowed origins.
-
-More information including how to use the settings can be found on:
-
-- [Mozilla.org](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Access-Control-Allow-Origin)
-- [w3](https://fetch.spec.whatwg.org/#http-access-control-allow-origin)
-- [IETF](https://tools.ietf.org/html/rfc6454#section-7.1)
-
-Traefik no longer supports the null value, as it is [no longer recommended as a return value](https://w3c.github.io/webappsec-cors-for-developers/#avoid-returning-access-control-allow-origin-null).
+- `origin-list-or-null`
+- `*`
+- `null`
 
 ### `accessControlExposeHeaders`
 
@@ -322,11 +310,11 @@ The `accessControlExposeHeaders` indicates which headers are safe to expose to t
 
 ### `accessControlMaxAge`
 
-The `accessControlMaxAge` indicates how long (in seconds) a preflight request can be cached.
+The `accessControlMaxAge` indicates how long a preflight request can be cached.
 
 ### `addVaryHeader`
 
-The `addVaryHeader` is used in conjunction with `accessControlAllowOriginList` to determine whether the vary header should be added or modified to demonstrate that server responses can differ based on the value of the origin header.
+The `addVaryHeader` is used in conjunction with `accessControlAllowOrigin` to determine whether the vary header should be added or modified to demonstrate that server responses can differ beased on the value of the origin header.
 
 ### `allowedHosts` 
 

docs/content/middlewares/ipwhitelist.md

@@ -90,7 +90,7 @@ The `depth` option tells Traefik to use the `X-Forwarded-For` header and take th
     apiVersion: traefik.containo.us/v1alpha1
     kind: Middleware
     metadata:
-      name: testIPwhitelist
+      name: test-ipwhitelist
     spec:
       ipWhiteList:
         sourceRange:

docs/content/middlewares/overview.md

@@ -188,7 +188,7 @@ then you'll have to append to the middleware name, the `@` separator, followed b
       entryPoints:
         - web
       routes:
-        - match: Host(`example.com`)
+        - match: Host(`bar.com`)
           kind: Rule
           services:
             - name: whoami

docs/content/middlewares/passtlsclientcert.md

@@ -70,7 +70,6 @@ http:
       - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.notafter=true"
       - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.notbefore=true"
       - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.sans=true"
-      - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.serialnumber=true"
       - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.commonname=true"
       - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.country=true"
       - "traefik.http.middlewares.test-passtlsclientcert.passtlsclientcert.info.subject.domaincomponent=true"
@@ -265,7 +264,7 @@ In the following example, you can see a complete certificate. We will use each p
             Validity
                 Not Before: Dec  6 11:10:16 2018 GMT
                 Not After : Dec  5 11:10:16 2020 GMT
-            Subject: DC=org, DC=cheese, O=Cheese, O=Cheese 2, OU=Simple Signing Section, OU=Simple Signing Section 2, CN=*.example.org, CN=*.example.com, C=FR, C=US, L=TOULOUSE, L=LYON, ST=Cheese org state, ST=Cheese com state/emailAddress=cert@example.org/emailAddress=cert@sexample.com
+            Subject: DC=org, DC=cheese, O=Cheese, O=Cheese 2, OU=Simple Signing Section, OU=Simple Signing Section 2, CN=*.cheese.org, CN=*.cheese.com, C=FR, C=US, L=TOULOUSE, L=LYON, ST=Cheese org state, ST=Cheese com state/emailAddress=cert@cheese.org/emailAddress=cert@scheese.com
             Subject Public Key Info:
                 Public Key Algorithm: rsaEncryption
                     RSA Public-Key: (2048 bit)
@@ -302,7 +301,7 @@ In the following example, you can see a complete certificate. We will use each p
                     keyid:1E:52:A2:E8:54:D5:37:EB:D5:A8:1D:E4:C2:04:1D:37:E2:F7:70:03
     
                 X509v3 Subject Alternative Name: 
-                    DNS:*.example.org, DNS:*.example.net, DNS:*.example.com, IP Address:10.0.1.0, IP Address:10.0.1.2, email:test@example.org, email:test@example.net
+                    DNS:*.cheese.org, DNS:*.cheese.net, DNS:*.cheese.com, IP Address:10.0.1.0, IP Address:10.0.1.2, email:test@cheese.org, email:test@cheese.net
         Signature Algorithm: sha1WithRSAEncryption
              76:6b:05:b0:0e:34:11:b1:83:99:91:dc:ae:1b:e2:08:15:8b:
              16:b2:9b:27:1c:02:ac:b5:df:1b:d0:d0:75:a4:2b:2c:5c:65:
@@ -422,7 +421,7 @@ The value of the header will be an escaped concatenation of all the selected cer
 The following example shows an unescaped result that uses all the available fields: 
 
 ```text
-Subject="DC=org,DC=cheese,C=FR,C=US,ST=Cheese org state,ST=Cheese com state,L=TOULOUSE,L=LYON,O=Cheese,O=Cheese 2,CN=*.example.com";Issuer="DC=org,DC=cheese,C=FR,C=US,ST=Signing State,ST=Signing State 2,L=TOULOUSE,L=LYON,O=Cheese,O=Cheese 2,CN=Simple Signing CA 2";NB="1544094616";NA="1607166616";SAN="*.example.org,*.example.net,*.example.com,test@example.org,test@example.net,10.0.1.0,10.0.1.2"
+Subject="DC=org,DC=cheese,C=FR,C=US,ST=Cheese org state,ST=Cheese com state,L=TOULOUSE,L=LYON,O=Cheese,O=Cheese 2,CN=*.cheese.com";Issuer="DC=org,DC=cheese,C=FR,C=US,ST=Signing State,ST=Signing State 2,L=TOULOUSE,L=LYON,O=Cheese,O=Cheese 2,CN=Simple Signing CA 2";NB="1544094616";NA="1607166616";SAN="*.cheese.org,*.cheese.net,*.cheese.com,test@cheese.org,test@cheese.net,10.0.1.0,10.0.1.2"
 ```
 
 !!! info "Multiple certificates"
@@ -471,19 +470,19 @@ The data are taken from the following certificate part:
 
 ```text
  X509v3 Subject Alternative Name: 
-    DNS:*.example.org, DNS:*.example.net, DNS:*.example.com, IP Address:10.0.1.0, IP Address:10.0.1.2, email:test@example.org, email:test@example.net
+    DNS:*.cheese.org, DNS:*.cheese.net, DNS:*.cheese.com, IP Address:10.0.1.0, IP Address:10.0.1.2, email:test@cheese.org, email:test@cheese.net
 ```
 
 The escape SANs info part will be like:
 
 ```text
-SAN="*.example.org,*.example.net,*.example.com,test@example.org,test@example.net,10.0.1.0,10.0.1.2"
+SAN="*.cheese.org,*.cheese.net,*.cheese.com,test@cheese.org,test@cheese.net,10.0.1.0,10.0.1.2"
 ```
 
 !!! info "multiple values"
 
     All the SANs data are separated by a `,`.
-
+    
 #### `info.subject`
 
 The `info.subject` select the specific client certificate subject details you want to add to the `X-Forwarded-Tls-Client-Cert-Info` header.
@@ -491,7 +490,7 @@ The `info.subject` select the specific client certificate subject details you wa
 The data are taken from the following certificate part :
 
 ```text
-Subject: DC=org, DC=cheese, O=Cheese, O=Cheese 2, OU=Simple Signing Section, OU=Simple Signing Section 2, CN=*.example.org, CN=*.example.com, C=FR, C=US, L=TOULOUSE, L=LYON, ST=Cheese org state, ST=Cheese com state/emailAddress=cert@example.org/emailAddress=cert@sexample.com
+Subject: DC=org, DC=cheese, O=Cheese, O=Cheese 2, OU=Simple Signing Section, OU=Simple Signing Section 2, CN=*.cheese.org, CN=*.cheese.com, C=FR, C=US, L=TOULOUSE, L=LYON, ST=Cheese org state, ST=Cheese com state/emailAddress=cert@cheese.org/emailAddress=cert@scheese.com
 ```
 
 ##### `info.subject.country`
@@ -549,7 +548,7 @@ The data are taken from the subject part with the `CN` key.
 The escape common name info in the subject part will be like :
 
 ```text
-CN=*.example.com
+CN=*.cheese.com
 ```
 
 ##### `info.subject.serialNumber`

docs/content/middlewares/ratelimit.md

@@ -3,7 +3,7 @@
 To Control the Number of Requests Going to a Service
 {: .subtitle }
 
-The RateLimit middleware ensures that services will receive a _fair_ number of requests, and allows one to define what fair is.
+The RateLimit middleware ensures that services will receive a _fair_ number of requests, and allows you define what is fair.
 
 ## Configuration Example
 
@@ -24,8 +24,8 @@ metadata:
   name: test-ratelimit
 spec:
   rateLimit:
-    average: 100
-    burst: 50
+      average: 100
+      burst: 50
 ```
 
 ```yaml tab="Consul Catalog"
@@ -74,32 +74,25 @@ http:
 
 ### `average`
 
-`average` is the maximum rate, by default in requests by second, allowed for the given source.
-
-It defaults to `0`, which means no rate limiting.
-
-The rate is actually defined by dividing `average` by `period`.
-So for a rate below 1 req/s, one needs to define a `period` larger than a second.
+Average is the maximum rate, in requests/s, allowed for the given source.
+It defaults to 0, which means no rate limiting.
 
 ```yaml tab="Docker"
-# 100 reqs/s
 labels:
   - "traefik.http.middlewares.test-ratelimit.ratelimit.average=100"
 ```
 
 ```yaml tab="Kubernetes"
-# 100 reqs/s
 apiVersion: traefik.containo.us/v1alpha1
 kind: Middleware
 metadata:
   name: test-ratelimit
 spec:
   rateLimit:
-    average: 100
+      average: 100
 ```
 
 ```yaml tab="Consul Catalog"
-# 100 reqs/s
 - "traefik.http.middlewares.test-ratelimit.ratelimit.average=100"
 ```
 
@@ -115,14 +108,12 @@ labels:
 ```
 
 ```toml tab="File (TOML)"
-# 100 reqs/s
 [http.middlewares]
   [http.middlewares.test-ratelimit.rateLimit]
     average = 100
 ```
 
 ```yaml tab="File (YAML)"
-# 100 reqs/s
 http:
   middlewares:
     test-ratelimit:
@@ -130,78 +121,10 @@ http:
         average: 100
 ```
 
-### `period`
-
-`period`, in combination with `average`, defines the actual maximum rate, such as:
-
-```go
-r = average / period
-```
-
-It defaults to `1` second.
-
-```yaml tab="Docker"
-# 6 reqs/minute
-labels:
-  - "traefik.http.middlewares.test-ratelimit.ratelimit.average=6"
-  - "traefik.http.middlewares.test-ratelimit.ratelimit.period=1m"
-```
-
-```yaml tab="Kubernetes"
-# 6 reqs/minute
-apiVersion: traefik.containo.us/v1alpha1
-kind: Middleware
-metadata:
-  name: test-ratelimit
-spec:
-  rateLimit:
-    period: 1m
-    average: 6
-```
-
-```yaml tab="Consul Catalog"
-# 6 reqs/minute
-- "traefik.http.middlewares.test-ratelimit.ratelimit.average=6"
-- "traefik.http.middlewares.test-ratelimit.ratelimit.period=1m"
-```
-
-```json tab="Marathon"
-"labels": {
-  "traefik.http.middlewares.test-ratelimit.ratelimit.average": "6",
-  "traefik.http.middlewares.test-ratelimit.ratelimit.period": "1m",
-}
-```
-
-```yaml tab="Rancher"
-# 6 reqs/minute
-labels:
-  - "traefik.http.middlewares.test-ratelimit.ratelimit.average=6"
-  - "traefik.http.middlewares.test-ratelimit.ratelimit.period=1m"
-```
-
-```toml tab="File (TOML)"
-# 6 reqs/minute
-[http.middlewares]
-  [http.middlewares.test-ratelimit.rateLimit]
-    average = 6
-    period = 1m
-```
-
-```yaml tab="File (YAML)"
-# 6 reqs/minute
-http:
-  middlewares:
-    test-ratelimit:
-      rateLimit:
-        average: 6
-        period: 1m
-```
-
 ### `burst`
 
-`burst` is the maximum number of requests allowed to go through in the same arbitrarily small period of time.
-
-It defaults to `1`.
+Burst is the maximum number of requests allowed to go through in the same arbitrarily small period of time.
+It defaults to 1.
 
 ```yaml tab="Docker"
 labels:
@@ -215,7 +138,7 @@ metadata:
   name: test-ratelimit
 spec:
   rateLimit:
-    burst: 100
+      burst: 100
 ```
 
 ```yaml tab="Consul Catalog"

docs/content/middlewares/redirectscheme.md

@@ -208,7 +208,7 @@ metadata:
 spec:
   redirectScheme:
     # ...
-    port: "443"
+    port: 443
 ```
 
 ```yaml tab="Consul Catalog"
@@ -247,7 +247,5 @@ http:
     test-redirectscheme:
       redirectScheme:
         # ...
-        port: "443"
+        port: 443
 ```
-
-!!! info "Port in this configuration is a string, not a numeric value."

docs/content/middlewares/stripprefix.md

@@ -98,7 +98,7 @@ _Optional, Default=true_
 ```yaml tab="Docker"
 labels:
   - "traefik.http.middlewares.example.stripprefix.prefixes=/foobar"
-  - "traefik.http.middlewares.example.stripprefix.forceSlash=false"
+  - "traefik.http.middlewares.example.stripprefix.forceslash=false"
 ```
 
 ```yaml tab="Kubernetes"
@@ -116,7 +116,7 @@ spec:
 ```json tab="Marathon"
 "labels": {
   "traefik.http.middlewares.example.stripprefix.prefixes": "/foobar",
-  "traefik.http.middlewares.example.stripprefix.forceSlash": "false"
+  "traefik.http.middlewares.example.stripprefix.forceslash": "false"
 }
 ```
 

docs/content/migration/v1-to-v2.md

@@ -40,7 +40,7 @@ Then any router can refer to an instance of the wanted middleware.
     ```
 
     ```yaml tab="K8s Ingress"
-    apiVersion: networking.k8s.io/v1beta1
+    apiVersion: extensions/v1beta1
     kind: Ingress
     metadata:
       name: traefik
@@ -50,7 +50,7 @@ Then any router can refer to an instance of the wanted middleware.
         traefik.ingress.kubernetes.io/rule-type: PathPrefix
     spec:
       rules:
-      - host: test.localhost
+      - host: test.locahost
         http:
           paths:
           - path: /test
@@ -97,14 +97,14 @@ Then any router can refer to an instance of the wanted middleware.
 
     ```yaml tab="Docker"
     labels:
-      - "traefik.http.routers.router0.rule=Host(`test.localhost`) && PathPrefix(`/test`)"
+      - "traefik.http.routers.router0.rule=Host(`bar.com`) && PathPrefix(`/test`)"
       - "traefik.http.routers.router0.middlewares=auth"
       - "traefik.http.middlewares.auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
     ```
 
     ```yaml tab="K8s IngressRoute"
     # The definitions below require the definitions for the Middleware and IngressRoute kinds.
-    # https://docs.traefik.io/v2.2/reference/dynamic-configuration/kubernetes-crd/#definitions
+    # https://docs.traefik.io/v2.1/reference/dynamic-configuration/kubernetes-crd/#definitions
     apiVersion: traefik.containo.us/v1alpha1
     kind: Middleware
     metadata:
@@ -205,8 +205,8 @@ Then, a [router's TLS field](../routing/routers/index.md#tls) can refer to one o
           cipherSuites = [
             "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
             "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
-            "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
-            "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
+            "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
+            "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
             "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
             "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
           ]
@@ -216,7 +216,7 @@ Then, a [router's TLS field](../routing/routers/index.md#tls) can refer to one o
     ```
 
     ```bash tab="CLI"
-    --entryPoints='Name:websecure Address::443 TLS:path/to/my.cert,path/to/my.key TLS.MinVersion:VersionTLS12 TLS.CipherSuites:TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'
+    --entryPoints='Name:websecure Address::443 TLS:path/to/my.cert,path/to/my.key TLS.MinVersion:VersionTLS12 TLS.CipherSuites:TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256,TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256'
     ```
 
     !!! info "v2"
@@ -225,7 +225,7 @@ Then, a [router's TLS field](../routing/routers/index.md#tls) can refer to one o
     # dynamic configuration
     [http.routers]
       [http.routers.Router-1]
-        rule = "Host(`example.com`)"
+        rule = "Host(`bar.com`)"
         service = "service-id"
         # will terminate the TLS request
         [http.routers.Router-1.tls]
@@ -241,8 +241,8 @@ Then, a [router's TLS field](../routing/routers/index.md#tls) can refer to one o
         cipherSuites = [
           "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
           "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
-          "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
-          "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
+          "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305",
+          "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305",
           "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
           "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
         ]
@@ -252,7 +252,7 @@ Then, a [router's TLS field](../routing/routers/index.md#tls) can refer to one o
     http:
       routers:
         Router-1:
-          rule: "Host(`example.com`)"
+          rule: "Host(`bar.com`)"
           service: service-id
           # will terminate the TLS request
           tls:
@@ -267,15 +267,15 @@ Then, a [router's TLS field](../routing/routers/index.md#tls) can refer to one o
           minVersion: VersionTLS12
           cipherSuites:
 	        - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
-	        - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
-	        - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
+	        - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
+	        - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
 	        - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
 	        - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
     ```
 
     ```yaml tab="K8s IngressRoute"
     # The definitions below require the definitions for the TLSOption and IngressRoute kinds.
-    # https://docs.traefik.io/v2.2/reference/dynamic-configuration/kubernetes-crd/#definitions
+    # https://docs.traefik.io/v2.1/reference/dynamic-configuration/kubernetes-crd/#definitions
     apiVersion: traefik.containo.us/v1alpha1
     kind: TLSOption
     metadata:
@@ -286,8 +286,8 @@ Then, a [router's TLS field](../routing/routers/index.md#tls) can refer to one o
       minVersion: VersionTLS12
       cipherSuites:
 	    - TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
-	    - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256
-	    - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256
+	    - TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305
+	    - TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305
 	    - TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256
 	    - TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
     
@@ -301,7 +301,7 @@ Then, a [router's TLS field](../routing/routers/index.md#tls) can refer to one o
       entryPoints:
         - web
       routes:
-        - match: Host(`example.com`)
+        - match: Host(`bar.com`)
           kind: Rule
           services:
             - name: whoami
@@ -322,12 +322,9 @@ Then, a [router's TLS field](../routing/routers/index.md#tls) can refer to one o
 ## HTTP to HTTPS Redirection is Now Configured on Routers
 
 Previously on Traefik v1, the redirection was applied on an entry point or on a frontend.
-With Traefik v2 it is applied on an entry point or a [Router](../routing/routers/index.md). 
+With Traefik v2 it is applied on a [Router](../routing/routers/index.md). 
 
-To apply a redirection:
-
-- on an entry point, the [HTTP redirection](../routing/entrypoints.md#redirection) has to be configured.
-- on a router, one of the redirect middlewares, [RedirectRegex](../middlewares/redirectregex.md) or [RedirectScheme](../middlewares/redirectscheme.md), has to be configured and added to the router middlewares list.
+To apply a redirection, one of the redirect middlewares, [RedirectRegex](../middlewares/redirectregex.md) or [RedirectScheme](../middlewares/redirectscheme.md), has to be configured and added to the router middlewares list.
 
 !!! example "Global HTTP to HTTPS redirection"
 
@@ -355,28 +352,97 @@ To apply a redirection:
 
     !!! info "v2"
     
-    ```bash tab="CLI"
-    ## static configuration
+    ```yaml tab="Docker"
+    # ...
+      traefik:
+        image: traefik:v2.1
+        command:
+          - --entrypoints.web.address=:80
+          - --entrypoints.websecure.address=:443
+          - --providers.docker=true
+        ports:
+          - 80:80
+          - 443:443
+        labels:
+          traefik.http.routers.http_catchall.rule: HostRegexp(`{any:.+}`)
+          traefik.http.routers.http_catchall.entrypoints: web
+          traefik.http.routers.http_catchall.middlewares: https_redirect
+          traefik.http.middlewares.https_redirect.redirectscheme.scheme: https
+          traefik.http.middlewares.https_redirect.redirectscheme.permanent: true
+        volumes:
+          - /var/run/docker.sock:/var/run/docker.sock
+    ```
     
-    --entrypoints.web.address=:80
-    --entrypoints.web.http.redirections.entrypoint.to=websecure
-    --entrypoints.web.http.redirections.entrypoint.scheme=https
-    --entrypoints.websecure.address=:443
-    --providers.docker=true
+    ```yaml tab="K8s IngressRoute"
+    # The entry points web (port 80) and websecure (port 443) must be defined the static configuration.
+    apiVersion: traefik.containo.us/v1alpha1
+    kind: IngressRoute
+    metadata:
+      name: http_catchall
+      namespace: traefik
+    spec:
+      entryPoints:
+        - web
+      routes:
+        - match: HostRegexp(`{any:.+}`)
+          kind: Rule
+          services:
+            # any service in the namespace
+            # the service will be never called
+            - name: noop
+              port: 80
+          middlewares:
+            - name: https_redirect
+              # if the Middleware has distinct namespace
+              namespace: traefik
+    
+    ---
+    apiVersion: traefik.containo.us/v1alpha1
+    kind: Middleware 
+    metadata:
+      name: https_redirect
+      namespace: traefik
+    spec:
+      redirectScheme:
+        scheme: https
+        permanent: true
     ```
     
     ```toml tab="File (TOML)"
     # traefik.toml
     ## static configuration
     
-    [entryPoints.web]
-      address = ":80"
-      [entryPoints.web.http.redirections.entryPoint]
-        to = "websecure"
+    [entryPoints]
+      [entryPoints.web]
+        address = 80
+      [entryPoints.websecure]
+        address = 443
+    
+    [providers.file]
+      directory = "/dynamic/"
+    
+    ##--------------------##
+    
+    # /dynamic/redirect.toml
+    ## dynamic configuration
+    
+    [http.routers]
+      [http.routers.http_catchall]
+        entryPoints = ["web"]
+        middlewares = ["https_redirect"]
+        rule = "HostRegexp(`{any:.+}`)"
+        service = "noop"
+    
+    [http.services]
+      # noop service, the URL will be never called
+      [http.services.noop.loadBalancer]
+        [[http.services.noop.loadBalancer.servers]]
+          url = "http://192.168.0.1:1337"
+    
+    [http.middlewares]
+      [http.middlewares.https_redirect.redirectScheme]
         scheme = "https"
-   
-    [entryPoints.websecure]
-      address = ":443"
+        permanent = true
     ```
     
     ```yaml tab="File (YAML)"
@@ -386,14 +452,40 @@ To apply a redirection:
     entryPoints:
       web:
         address: 80
-        http:
-          redirections:
-            entrypoint:
-              to: websecure
-              scheme: https
-    
       websecure:
         address: 443
+    
+    providers:
+      file:
+        directory: /dynamic/
+    
+    ##--------------------##
+    
+    # /dynamic/redirect.yml
+    ## dynamic configuration
+    
+    http:
+      routers:
+        http_catchall:
+          entryPoints:
+            - web
+          middlewares:
+            - https_redirect
+          rule: "HostRegexp(`{any:.+}`)"
+          service: noop
+    
+      services:
+        # noop service, the URL will be never called
+        noop:
+          loadBalancer:
+            servers:
+              - url: http://192.168.0.1:1337
+    
+      middlewares:
+        https_redirect:
+          redirectScheme:
+            scheme: https
+            permanent: true
     ```
 
 !!! example "HTTP to HTTPS redirection per domain"
@@ -401,35 +493,37 @@ To apply a redirection:
     !!! info "v1"
     
     ```toml tab="File (TOML)"
+    # static configuration
+    defaultEntryPoints = ["web", "websecure"]
+    
     [entryPoints]
       [entryPoints.web]
         address = ":80"
+        [entryPoints.web.redirect]
+          entryPoint = "websecure"
 
       [entryPoints.websecure]
         address = ":443"
         [entryPoints.websecure.tls]
-    
-    [file]
-    
-    [frontends]
-      [frontends.frontend1]
-        entryPoints = ["web", "websecure"]
-        [frontends.frontend1.routes]
-          [frontends.frontend1.routes.route0]
-            rule = "Host:example.net"
-        [frontends.frontend1.redirect]
-          entryPoint = "websecure"
+          [[entryPoints.websecure.tls.certificates]]
+            certFile = "examples/traefik.crt"
+            keyFile = "examples/traefik.key"
+    ```
+
+    ```bash tab="CLI"
+    --entrypoints=Name:web Address::80 Redirect.EntryPoint:websecure
+    --entryPoints='Name:websecure Address::443 TLS:path/to/my.cert,path/to/my.key'
     ```
 
     !!! info "v2"
 
     ```yaml tab="Docker"
     labels:
-      traefik.http.routers.app.rule: Host(`example.net`)
+      traefik.http.routers.app.rule: Host(`foo.com`)
       traefik.http.routers.app.entrypoints: web
       traefik.http.routers.app.middlewares: https_redirect
     
-      traefik.http.routers.appsecured.rule: Host(`example.net`)
+      traefik.http.routers.appsecured.rule: Host(`foo.com`)
       traefik.http.routers.appsecured.entrypoints: websecure
       traefik.http.routers.appsecured.tls: true
     
@@ -447,13 +541,13 @@ To apply a redirection:
       entryPoints:
         - web
       routes:
-        - match: Host(`example.net`)
+        - match: Host(`foo.com`)
           kind: Rule
           services:
             - name: whoami
               port: 80
           middlewares:
-            - name: https-redirect
+            - name: https_redirect
     
     ---
     apiVersion: traefik.containo.us/v1alpha1
@@ -476,7 +570,7 @@ To apply a redirection:
     apiVersion: traefik.containo.us/v1alpha1
     kind: Middleware
     metadata:
-      name: https-redirect
+      name: https_redirect
     spec:
       redirectScheme:
         scheme: https
@@ -484,36 +578,69 @@ To apply a redirection:
     ```
 
     ```toml tab="File (TOML)"
+    ## static configuration
+    # traefik.toml
+    
+    [entryPoints.web]
+      address = ":80"
+    
+    [entryPoints.websecure]
+      address = ":443"
+    
+    ##---------------------##
+    
     ## dynamic configuration
     # dynamic-conf.toml
     
     [http.routers]
       [http.routers.router0]
-        rule = "Host(`example.net`)"
+        rule = "Host(`foo.com`)"
         service = "my-service"
         entrypoints = ["web"]
         middlewares = ["https_redirect"]
     
     [http.routers.router1]
-        rule = "Host(`example.net`)"
+        rule = "Host(`foo.com`)"
         service = "my-service"
         entrypoints = ["websecure"]
         [http.routers.router1.tls]
+        
+    [http.services]
+      [[http.services.my-service.loadBalancer.servers]]
+        url = "http://10.10.10.1:80"
+      [[http.services.my-service.loadBalancer.servers]]
+        url = "http://10.10.10.2:80"
     
     [http.middlewares]
       [http.middlewares.https_redirect.redirectScheme]
         scheme = "https"
         permanent = true
+    
+    [[tls.certificates]]
+      certFile = "/path/to/domain.cert"
+      keyFile = "/path/to/domain.key"
     ```
 
     ```yaml tab="File (YAML)"
+    ## static configuration
+    # traefik.yml
+    
+    entryPoints:
+      web:
+        address: ":80"
+    
+      websecure:
+        address: ":443"
+    
+    ##---------------------##
+    
     ## dynamic configuration
     # dynamic-conf.yml
     
     http:
       routers:
         router0:
-          rule: "Host(`example.net`)"
+          rule: "Host(`foo.com`)"
           entryPoints:
             - web
           middlewares:
@@ -521,17 +648,29 @@ To apply a redirection:
           service: my-service
     
         router1:
-          rule: "Host(`example.net`)"
+          rule: "Host(`foo.com`)"
           entryPoints:
             - websecure
           service: my-service
           tls: {}
     
+      services:
+        my-service:
+          loadBalancer:
+            servers:
+              - url: http://10.10.10.1:80
+              - url: http://10.10.10.2:80
+    
       middlewares:
-        https-redirect:
+        https_redirect:
           redirectScheme:
             scheme: https
             permanent: true
+    
+    tls:
+      certificates:
+        - certFile: /app/certs/server/server.pem
+          keyFile: /app/certs/server/server.pem
     ```
 
 ## Strip and Rewrite Path Prefixes
@@ -541,11 +680,11 @@ With the new core notions of v2 (introduced earlier in the section
 transforming the URL path prefix of incoming requests is configured with [middlewares](../middlewares/overview.md),
 after the routing step with [router rule `PathPrefix`](../routing/routers/index.md#rule).
 
-Use Case: Incoming requests to `http://example.org/admin` are forwarded to the webapplication "admin",
+Use Case: Incoming requests to `http://company.org/admin` are forwarded to the webapplication "admin",
 with the path `/admin` stripped, e.g. to `http://<IP>:<port>/`. In this case, you must:
 
-- First, configure a router named `admin` with a rule matching at least the path prefix with the `PathPrefix` keyword,
-- Then, define a middleware of type [`stripprefix`](../middlewares/stripprefix.md), which removes the prefix `/admin`, associated to the router `admin`.
+* First, configure a router named `admin` with a rule matching at least the path prefix with the `PathPrefix` keyword,
+* Then, define a middleware of type [`stripprefix`](../middlewares/stripprefix.md), which removes the prefix `/admin`, associated to the router `admin`.
 
 !!! example "Strip Path Prefix When Forwarding to Backend"
 
@@ -553,7 +692,7 @@ with the path `/admin` stripped, e.g. to `http://<IP>:<port>/`. In this case, yo
 
     ```yaml tab="Docker"
     labels:
-      - "traefik.frontend.rule=Host:example.org;PathPrefixStrip:/admin"
+      - "traefik.frontend.rule=Host:company.org;PathPrefixStrip:/admin"
     ```
 
     ```yaml tab="Kubernetes Ingress"
@@ -566,7 +705,7 @@ with the path `/admin` stripped, e.g. to `http://<IP>:<port>/`. In this case, yo
         traefik.ingress.kubernetes.io/rule-type: PathPrefixStrip
     spec:
       rules:
-      - host: example.org
+      - host: company.org
         http:
           paths:
           - path: /admin
@@ -578,14 +717,14 @@ with the path `/admin` stripped, e.g. to `http://<IP>:<port>/`. In this case, yo
     ```toml tab="File (TOML)"
     [frontends.admin]
       [frontends.admin.routes.admin_1]
-      rule = "Host:example.org;PathPrefixStrip:/admin"
+      rule = "Host:company.org;PathPrefixStrip:/admin"
     ```
 
     !!! info "v2"
 
     ```yaml tab="Docker"
     labels:
-      - "traefik.http.routers.admin.rule=Host(`example.org`) && PathPrefix(`/admin`)"
+      - "traefik.http.routers.admin.rule=Host(`company.org`) && PathPrefix(`/admin`)"
       - "traefik.http.routers.admin.middlewares=admin-stripprefix"
       - "traefik.http.middlewares.admin-stripprefix.stripprefix.prefixes=/admin"
     ```
@@ -601,7 +740,7 @@ with the path `/admin` stripped, e.g. to `http://<IP>:<port>/`. In this case, yo
       entryPoints:
         - web
       routes:
-        - match: Host(`example.org`) && PathPrefix(`/admin`)
+        - match: Host(`company.org`) && PathPrefix(`/admin`)
           kind: Rule
           services:
             - name: admin-svc
@@ -624,7 +763,7 @@ with the path `/admin` stripped, e.g. to `http://<IP>:<port>/`. In this case, yo
     # dynamic-conf.toml
 
     [http.routers.router1]
-        rule = "Host(`example.org`) && PathPrefix(`/admin`)"
+        rule = "Host(`company.org`) && PathPrefix(`/admin`)"
         service = "admin-svc"
         entrypoints = ["web"]
         middlewares = ["admin-stripprefix"]
@@ -647,7 +786,7 @@ with the path `/admin` stripped, e.g. to `http://<IP>:<port>/`. In this case, yo
           service: admin-svc
           middlewares:
             - "admin-stripprefix"
-          rule: "Host(`example.org`) && PathPrefix(`/admin`)"
+          rule: "Host(`company.org`) && PathPrefix(`/admin`)"
 
       middlewares:
         admin-stripprefix:
@@ -662,10 +801,10 @@ with the path `/admin` stripped, e.g. to `http://<IP>:<port>/`. In this case, yo
 
     Instead of removing the path prefix with the [`stripprefix` middleware](../../middlewares/stripprefix/), you can also:
 
-    - Add a path prefix with the [`addprefix` middleware](../../middlewares/addprefix/)
-    - Replace the complete path of the request with the [`replacepath` middleware](../../middlewares/replacepath/)
-    - ReplaceRewrite path using Regexp with the [`replacepathregex` middleware](../../middlewares/replacepathregex/)
-    - And a lot more on the [`middlewares` page](../../middlewares/overview/)
+    * Add a path prefix with the [`addprefix` middleware](../../middlewares/addprefix/)
+    * Replace the complete path of the request with the [`replacepath` middleware](../../middlewares/replacepath/)
+    * ReplaceRewrite path using Regexp with the [`replacepathregex` middleware](../../middlewares/replacepathregex/)
+    * And a lot more on the [`middlewares` page](../../middlewares/overview/)
 
 ## ACME (LetsEncrypt)
 
@@ -688,22 +827,23 @@ with the path `/admin` stripped, e.g. to `http://<IP>:<port>/`. In this case, yo
       [entryPoints.websecure.tls]
     
     [acme]
-      email = "your-email-here@example.com"
+      email = "your-email-here@my-awesome-app.org"
       storage = "acme.json"
       entryPoint = "websecure"
       onHostRule = true
-      [acme.tlsChallenge]
+      [acme.httpChallenge]
+        entryPoint = "web"
     ```
 
     ```bash tab="CLI"
     --defaultentrypoints=websecure,web
     --entryPoints=Name:web Address::80 Redirect.EntryPoint:websecure
     --entryPoints=Name:websecure Address::443 TLS
-    --acme.email=your-email-here@example.com
+    --acme.email=your-email-here@my-awesome-app.org
     --acme.storage=acme.json
     --acme.entryPoint=websecure
     --acme.onHostRule=true
-    --acme.tlschallenge=true
+    --acme.httpchallenge.entrypoint=http
     ```
 
     !!! info "v2"
@@ -716,13 +856,13 @@ with the path `/admin` stripped, e.g. to `http://<IP>:<port>/`. In this case, yo
     
       [entryPoints.websecure]
         address = ":443"
-      [entryPoints.websecure.http.tls]
-        certResolver = "myresolver"
     
     [certificatesResolvers.myresolver.acme]
-      email = "your-email@example.com"
+      email = "your-email@your-domain.org"
       storage = "acme.json"
-      [certificatesResolvers.myresolver.acme.tlsChallenge]
+      [certificatesResolvers.myresolver.acme.httpChallenge]
+        # used during the challenge
+        entryPoint = "web"
     ```
 
     ```yaml tab="File (YAML)"
@@ -732,24 +872,23 @@ with the path `/admin` stripped, e.g. to `http://<IP>:<port>/`. In this case, yo
     
       websecure:
         address: ":443"
-        http:
-          tls:
-            certResolver: myresolver
     
     certificatesResolvers:
       myresolver:
         acme:
-          email: your-email@example.com
+          email: your-email@your-domain.org
           storage: acme.json
-          tlsChallenge: {}
+          httpChallenge:
+            # used during the challenge
+            entryPoint: web
     ```
 
     ```bash tab="CLI"
-    --entrypoints.web.address=:80
-    --entrypoints.websecure.address=:443
-    --certificatesresolvers.myresolver.acme.email=your-email@example.com
-    --certificatesresolvers.myresolver.acme.storage=acme.json
-    --certificatesresolvers.myresolver.acme.tlschallenge=true
+    --entryPoints.web.address=:80
+    --entryPoints.websecure.address=:443
+    --certificatesResolvers.myresolver.acme.email=your-email@your-domain.org
+    --certificatesResolvers.myresolver.acme.storage=acme.json
+    --certificatesResolvers.myresolver.acme.httpChallenge.entryPoint=web
     ```
 
 ## Traefik Logs
@@ -800,13 +939,6 @@ There is no more log configuration at the root level.
     --log.format=json
     ```
 
-## Access Logs
-
-Access Logs are configured in the same way as before.
-
-But all request headers are now filtered out by default in Traefik v2.
-So during migration, you might want to consider enabling some needed fields (see [access log configuration](../observability/access-logs.md)).
-
 ## Tracing
 
 Traefik v2 retains OpenTracing support. The `backend` root option from the v1 is gone, you just have to set your [tracing configuration](../observability/tracing/overview.md).
@@ -1005,11 +1137,14 @@ Each root item has been moved to a related section or removed.
 ## Dashboard
 
 You need to activate the API to access the [dashboard](../operations/dashboard.md).
+As the dashboard access is now secured by default you can either:
 
-To activate the dashboard, you can either:
+* define a  [specific router](../operations/api.md#configuration) with the `api@internal` service and one authentication middleware like the following example
+* or use the [insecure](../operations/api.md#insecure) option of the API
 
-- use the [secure mode](../operations/dashboard.md#secure-mode) with the `api@internal` service like in the following examples
-- or use the [insecure mode](../operations/api.md#insecure)
+!!! info "Dashboard with k8s and dedicated router"
+
+    As `api@internal` is not a Kubernetes service, you have to use the file provider or the `insecure` API option.
 
 !!! example "Activate and access the dashboard"
 
@@ -1043,7 +1178,7 @@ To activate the dashboard, you can either:
     # dynamic configuration
     labels:
       - "traefik.http.routers.api.rule=Host(`traefik.docker.localhost`)"
-      - "traefik.http.routers.api.entrypoints=websecure"
+      - "traefik.http.routers.api.entrypoints=websecured"
       - "traefik.http.routers.api.service=api@internal"
       - "traefik.http.routers.api.middlewares=myAuth"
       - "traefik.http.routers.api.tls"
@@ -1121,28 +1256,28 @@ To activate the dashboard, you can either:
 
 Supported [providers](../providers/overview.md), for now:
 
-- [ ] Azure Service Fabric
-- [x] Consul
-- [x] Consul Catalog
-- [x] Docker
-- [ ] DynamoDB
-- [ ] ECS
-- [x] Etcd
-- [ ] Eureka
-- [x] File
-- [x] Kubernetes Ingress
-- [x] Kubernetes IngressRoute
-- [x] Marathon
-- [ ] Mesos
-- [x] Rancher
-- [x] Redis
-- [x] Rest
-- [x] Zookeeper
+* [ ] Azure Service Fabric
+* [ ] BoltDB
+* [ ] Consul
+* [x] Consul Catalog
+* [x] Docker
+* [ ] DynamoDB
+* [ ] ECS
+* [ ] Etcd
+* [ ] Eureka
+* [x] File
+* [x] Kubernetes Ingress (without annotations)
+* [x] Kubernetes IngressRoute
+* [x] Marathon
+* [ ] Mesos
+* [x] Rancher
+* [x] Rest
+* [ ] Zookeeper
 
 ## Some Tips You Should Know
 
-- Different sources of static configuration (file, CLI flags, ...) cannot be [mixed](../getting-started/configuration-overview.md#the-static-configuration).
-- Now, configuration elements can be referenced between different providers by using the provider namespace notation: `@<provider>`.
+* Different sources of static configuration (file, CLI flags, ...) cannot be [mixed](../getting-started/configuration-overview.md#the-static-configuration).
+* Now, configuration elements can be referenced between different providers by using the provider namespace notation: `@<provider>`.
   For instance, a router named `myrouter` in a File Provider can refer to a service named `myservice` defined in Docker Provider with the following notation: `myservice@docker`.
-- Middlewares are applied in the same order as their declaration in router.
-- If you have any questions feel free to join our [community forum](https://community.containo.us).
+* Middlewares are applied in the same order as their declaration in router.
+* If you have any questions feel free to join our [community forum](https://community.containo.us).

docs/content/migration/v2.md

@@ -61,278 +61,42 @@ rules:
       - traefik.containo.us
     resources:
       - middlewares
-      - ingressroutes
-      - traefikservices
-      - ingressroutetcps
-      - tlsoptions
     verbs:
       - get
       - list
       - watch
-```
-
-After having both resources applied, Traefik will work properly.
-
-## v2.1 to v2.2
-
-### Headers middleware: accessControlAllowOrigin
-
-`accessControlAllowOrigin` is deprecated.
-This field will be removed in future 2.x releases.
-Please configure your allowed origins in `accessControlAllowOriginList` instead.
-
-### Kubernetes CRD
-
-In v2.2, new Kubernetes CRDs called `TLSStore` and `IngressRouteUDP` were added.
-While updating an installation to v2.2,
-one should apply that CRDs, and update the existing `ClusterRole` definition to allow Traefik to use that CRDs.
-
-To add that CRDs and enhance the permissions, following definitions need to be applied to the cluster.
-
-```yaml tab="TLSStore"
-apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
-metadata:
-  name: tlsstores.traefik.containo.us
-
-spec:
-  group: traefik.containo.us
-  version: v1alpha1
-  names:
-    kind: TLSStore
-    plural: tlsstores
-    singular: tlsstore
-  scope: Namespaced
-
-```
-
-```yaml tab="IngressRouteUDP"
-apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
-metadata:
-  name: ingressrouteudps.traefik.containo.us
-
-spec:
-  group: traefik.containo.us
-  version: v1alpha1
-  names:
-    kind: IngressRouteUDP
-    plural: ingressrouteudps
-    singular: ingressrouteudp
-  scope: Namespaced
-
-```
-
-```yaml tab="ClusterRole"
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1beta1
-metadata:
-  name: traefik-ingress-controller
-
-rules:
-  - apiGroups:
-      - ""
-    resources:
-      - services
-      - endpoints
-      - secrets
-    verbs:
-      - get
-      - list
-      - watch
-  - apiGroups:
-      - extensions
-    resources:
-      - ingresses
-    verbs:
-      - get
-      - list
-      - watch
-  - apiGroups:
-      - extensions
-    resources:
-      - ingresses/status
-    verbs:
-      - update
   - apiGroups:
       - traefik.containo.us
     resources:
-      - middlewares
       - ingressroutes
-      - traefikservices
-      - ingressroutetcps
-      - ingressrouteudps
-      - tlsoptions
-      - tlsstores
     verbs:
       - get
       - list
       - watch
-
+  - apiGroups:
+      - traefik.containo.us
+    resources:
+      - ingressroutetcps
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - traefik.containo.us
+    resources:
+      - tlsoptions
+    verbs:
+      - get
+      - list
+      - watch
+  - apiGroups:
+      - traefik.containo.us
+    resources:
+      - traefikservices
+    verbs:
+      - get
+      - list
+      - watch
 ```
 
 After having both resources applied, Traefik will work properly.
-
-### Kubernetes Ingress
-
-To enable HTTPS, it is not sufficient anymore to only rely on a TLS section in the Ingress.
-
-#### Expose an Ingress on 80 and 443
-
-Define the default TLS configuration on the HTTPS entry point. 
-
-```yaml tab="Ingress"
-kind: Ingress
-apiVersion: networking.k8s.io/v1beta1
-metadata:
-  name: example
-
-spec:
-  tls:
-  - secretName: myTlsSecret
-
-  rules:
-  - host: example.com
-    http:
-      paths:
-      - path: "/foo"
-        backend:
-          serviceName: example-com
-          servicePort: 80
-```
-
-Entry points definition and enable Ingress provider:
-
-```yaml tab="File (YAML)"
-# Static configuration
-
-entryPoints:
-  web:
-    address: :80
-  websecure:
-    address: :443
-    http:
-      tls: {}
-
-providers:
-  kubernetesIngress: {}
-```
-
-```toml tab="File (TOML)"
-# Static configuration
-
-[entryPoints.web]
-  address = ":80"
-
-[entryPoints.websecure]
-  address = ":443"
-  [entryPoints.websecure.http]
-    [entryPoints.websecure.http.tls]
-
-[providers.kubernetesIngress]
-```
-
-```bash tab="CLI"
-# Static configuration
-
---entryPoints.web.address=:80
---entryPoints.websecure.address=:443
---entryPoints.websecure.http.tls=true
---providers.kubernetesIngress=true
-```
-
-#### Use TLS only on one Ingress
-
-Define the TLS restriction with annotations.
-
-```yaml tab="Ingress"
-kind: Ingress
-apiVersion: networking.k8s.io/v1beta1
-metadata:
-  name: example-tls
-  annotations:
-    traefik.ingress.kubernetes.io/router.entrypoints: websecure
-    traefik.ingress.kubernetes.io/router.tls: "true"
-
-spec:
-  tls:
-  - secretName: myTlsSecret
-
-  rules:
-  - host: example.com
-    http:
-      paths:
-      - path: ""
-        backend:
-          serviceName: example-com
-          servicePort: 80
-```
-
-Entry points definition and enable Ingress provider:
-
-```yaml tab="File (YAML)"
-# Static configuration
-
-entryPoints:
-  web:
-    address: :80
-  websecure:
-    address: :443
-
-providers:
-  kubernetesIngress: {}
-```
-
-```toml tab="File (TOML)"
-# Static configuration
-
-[entryPoints.web]
-  address = ":80"
-
-[entryPoints.websecure]
-  address = ":443"
-
-[providers.kubernetesIngress]
-```
-
-```bash tab="CLI"
-# Static configuration
-
---entryPoints.web.address=:80
---entryPoints.websecure.address=:443
---providers.kubernetesIngress=true
-```
-
-## v2.2.2 to v2.2.5
-
-### InsecureSNI removal
-
-In `v2.2.2` we introduced a new flag (`insecureSNI`) which was available as a global option to disable domain fronting.
-Since `v2.2.5` this global option has been removed, and you should not use it anymore.
-
-### HostSNI rule matcher removal
-
-In `v2.2.2` we introduced a new rule matcher (`HostSNI`) for HTTP routers which was allowing to match the Server Name Indication at the router level.
-Since `v2.2.5` this rule has been removed for HTTP routers, and you should not use it anymore.
-
-## v2.2 to v2.3
-
-### X.509 CommonName Deprecation
-
-The deprecated, legacy behavior of treating the CommonName field on X.509 certificates as a host name when no Subject Alternative Names are present, is now disabled by default.
-
-It means that if one is using https with your backend servers, and a certificate with only a CommonName,
-Traefik will not try to match the server name indication with the CommonName anymore.
-
-It can be temporarily re-enabled by adding the value `x509ignoreCN=0` to the `GODEBUG` environment variable.
-
-More information: https://golang.org/doc/go1.15#commonname
-
-### File Provider
-
-The file parser has been changed, since v2.3 the unknown options/fields in a dynamic configuration file are treated as errors.
-
-### IngressClass
-
-In `v2.3`, the support of `IngressClass`, which is available since Kubernetes version `1.18`, has been introduced.
-In order to be able to use this new resource the [Kubernetes RBAC](../reference/dynamic-configuration/kubernetes-crd.md#rbac) must be updated. 

docs/content/observability/access-logs.md

@@ -111,9 +111,9 @@ accessLog:
 --accesslog.filters.minduration=10ms
 ```
 
-### Limiting the Fields/Including Headers
+### Limiting the Fields
 
-You can decide to limit the logged fields/headers to a given list with the `fields.names` and `fields.headers` options.
+You can decide to limit the logged fields/headers to a given list with the `fields.names` and `fields.header` options
 
 Each field can be set to:
 
@@ -121,7 +121,7 @@ Each field can be set to:
 - `drop` to drop the value
 - `redact` to replace the value with "redacted"
 
-The `defaultMode` for `fields.headers` is `drop`.
+The `defaultMode` for `fields.header` is `drop`.
 
 ```toml tab="File (TOML)"
 # Limiting the Logs to Specific Fields
@@ -181,10 +181,10 @@ accessLog:
     | `StartUTC`              | The time at which request processing started.                                                                                                                       |
     | `StartLocal`            | The local time at which request processing started.                                                                                                                 |
     | `Duration`              | The total time taken (in nanoseconds) by processing the response, including the origin server's time but not the log writing time.                                  |
-    | `RouterName`            | The name of the Traefik  router.                                                                                                                                    |
-    | `ServiceName`           | The name of the Traefik backend.                                                                                                                                    |
-    | `ServiceURL`            | The URL of the Traefik backend.                                                                                                                                     |
-    | `ServiceAddr`           | The IP:port of the Traefik backend (extracted from `ServiceURL`)                                                                                                    |
+    | `FrontendName`          | The name of the Traefik frontend.                                                                                                                                   |
+    | `BackendName`           | The name of the Traefik backend.                                                                                                                                    |
+    | `BackendURL`            | The URL of the Traefik backend.                                                                                                                                     |
+    | `BackendAddr`           | The IP:port of the Traefik backend (extracted from `BackendURL`)                                                                                                    |
     | `ClientAddr`            | The remote address in its original form (usually IP:port).                                                                                                          |
     | `ClientHost`            | The remote IP address from which the client request was received.                                                                                                   |
     | `ClientPort`            | The remote TCP port from which the client request was received.                                                                                                     |
@@ -217,32 +217,3 @@ This allows the logs to be rotated and processed by an external program, such as
 
 !!! warning
     This does not work on Windows due to the lack of USR signals.
-
-## Time Zones
-
-Traefik will timestamp each log line in UTC time by default.
-
-It is possible to configure the Traefik to timestamp in a specific timezone by ensuring the following configuration has been made in your environment:
-
-1. Provide time zone data to `/etc/localtime` or `/usr/share/zoneinfo` (based on your distribution) or set the environment variable TZ to the desired timezone
-2. Specify the field `StartLocal` by dropping the field named `StartUTC` (available on the default Common Log Format (CLF) as well as JSON)
-
-Example utilizing Docker Compose:
-
-```yaml
-version: "3.7"
-
-services:
-  traefik:
-    image: traefik:v2.2
-    environment:
-      - TZ=US/Alaska
-    command:
-      - --accesslog
-      - --accesslog.fields.names.StartUTC=drop
-      - --providers.docker
-    ports:
-      - 80:80
-    volumes:
-      - /var/run/docker.sock:/var/run/docker.sock
-```

docs/content/observability/tracing/elastic.md

@@ -1,88 +0,0 @@
-# Elastic
-
-To enable the Elastic:
-
-```toml tab="File (TOML)"
-[tracing]
-  [tracing.elastic]
-```
-
-```yaml tab="File (YAML)"
-tracing:
-  elastic: {}
-```
-
-```bash tab="CLI"
---tracing.elastic=true
-```
-
-#### `serverURL`
-
-_Optional, Default="http://localhost:8200"_
-
-APM ServerURL is the URL of the Elastic APM server.
-
-```toml tab="File (TOML)"
-[tracing]
-  [tracing.elastic]
-    serverURL = "http://apm:8200"
-```
-
-```yaml tab="File (YAML)"
-tracing:
-  elastic:
-    serverURL: "http://apm:8200"
-```
-
-```bash tab="CLI"
---tracing.elastic.serverurl="http://apm:8200"
-```
-
-#### `secretToken`
-
-_Optional, Default=""_
-
-APM Secret Token is the token used to connect to Elastic APM Server.
-
-```toml tab="File (TOML)"
-[tracing]
-  [tracing.elastic]
-    secretToken = "mytoken"
-```
-
-```yaml tab="File (YAML)"
-tracing:
-  elastic:
-    secretToken: "mytoken"
-```
-
-```bash tab="CLI"
---tracing.elastic.secrettoken="mytoken"
-```
-
-#### `serviceEnvironment`
-
-_Optional, Default=""_
-
-APM Service Environment is the name of the environment Traefik is deployed in, e.g. `production` or `staging`.
-
-```toml tab="File (TOML)"
-[tracing]
-  [tracing.elastic]
-    serviceEnvironment = "production"
-```
-
-```yaml tab="File (YAML)"
-tracing:
-  elastic:
-    serviceEnvironment: "production"
-```
-
-```bash tab="CLI"
---tracing.elastic.serviceenvironment="production"
-```
-
-### Further
-
-Additional configuration of Elastic APM Go agent can be done using environment variables.
-See [APM Go agent reference](https://www.elastic.co/guide/en/apm/agent/go/current/configuration.html).

docs/content/observability/tracing/jaeger.md

@@ -185,29 +185,6 @@ tracing:
 --tracing.jaeger.traceContextHeaderName=uber-trace-id
 ```
 
-### disableAttemptReconnecting
-
-_Optional, Default=true_
-
-Disable the UDP connection helper that periodically re-resolves the agent's hostname and reconnects if there was a change.
-Enabling the re-resolving of UDP address make the client more robust in Kubernetes deployments.
-
-```toml tab="File (TOML)"
-[tracing]
-  [tracing.jaeger]
-    disableAttemptReconnecting = false
-```
-
-```yaml tab="File (YAML)"
-tracing:
-  jaeger:
-    disableAttemptReconnecting: false
-```
-
-```bash tab="CLI"
---tracing.jaeger.disableAttemptReconnecting=false
-```
-
 ### `collector`
 #### `endpoint`
 

docs/content/observability/tracing/overview.md

@@ -7,14 +7,13 @@ The tracing system allows developers to visualize call flows in their infrastruc
 
 Traefik uses OpenTracing, an open standard designed for distributed tracing.
 
-Traefik supports six tracing backends:
+Traefik supports five tracing backends:
 
 - [Jaeger](./jaeger.md)
 - [Zipkin](./zipkin.md)
 - [Datadog](./datadog.md)
 - [Instana](./instana.md)
 - [Haystack](./haystack.md)
-- [Elastic](./elastic.md)
 
 ## Configuration
 

docs/content/operations/api.md

@@ -50,21 +50,21 @@ And then define a routing configuration on Traefik itself with the
     However, you can also use "path prefix" rule or any combination or rules.
 
     ```bash tab="Host Rule"
-    # Matches http://traefik.example.com, http://traefik.example.com/api
-    # or http://traefik.example.com/hello
-    rule = "Host(`traefik.example.com`)"
+    # Matches http://traefik.domain.com, http://traefik.domain.com/api
+    # or http://traefik.domain.com/hello
+    rule = "Host(`traefik.domain.com`)"
     ```
 
     ```bash tab="Path Prefix Rule"
-    # Matches http://api.traefik.example.com/api or http://example.com/api
-    # but does not match http://api.traefik.example.com/hello
+    # Matches http://api.traefik.domain.com/api or http://domain.com/api
+    # but does not match http://api.traefik.domain.com/hello
     rule = "PathPrefix(`/api`)"
     ```
 
     ```bash tab="Combination of Rules"
-    # Matches http://traefik.example.com/api or http://traefik.example.com/dashboard
-    # but does not match http://traefik.example.com/hello
-    rule = "Host(`traefik.example.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
+    # Matches http://traefik.domain.com/api or http://traefik.domain.com/dashboard
+    # but does not match http://traefik.domain.com/hello
+    rule = "Host(`traefik.domain.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
     ```
 
 ### `insecure`

docs/content/operations/dashboard.md

@@ -72,33 +72,33 @@ to allow defining:
 - A [router rule](#dashboard-router-rule) for accessing the dashboard,
   through Traefik itself (sometimes referred as "Traefik-ception").
 
+??? example "Dashboard Dynamic Configuration Examples"
+    --8<-- "content/operations/include-api-examples.md"
+
 ### Dashboard Router Rule
 
 As underlined in the [documentation for the `api.dashboard` option](./api.md#dashboard),
 the [router rule](../routing/routers/index.md#rule) defined for Traefik must match
 the path prefixes `/api` and `/dashboard`.
 
-We recommend to use a "Host Based rule" as ```Host(`traefik.example.com`)``` to match everything on the host domain,
+We recommend to use a "Host Based rule" as ```Host(`traefik.domain.com`)``` to match everything on the host domain,
 or to make sure that the defined rule captures both prefixes:
 
 ```bash tab="Host Rule"
-# The dashboard can be accessed on http://traefik.example.com/dashboard/
-rule = "Host(`traefik.example.com`)"
+# The dashboard can be accessed on http://traefik.domain.com/dashboard/
+rule = "Host(`traefik.domain.com`)"
 ```
 
 ```bash tab="Path Prefix Rule"
-# The dashboard can be accessed on http://example.com/dashboard/ or http://traefik.example.com/dashboard/
+# The dashboard can be accessed on http://domain.com/dashboard/ or http://traefik.domain.com/dashboard/
 rule = "PathPrefix(`/api`) || PathPrefix(`/dashboard`)"
 ```
 
 ```bash tab="Combination of Rules"
-# The dashboard can be accessed on http://traefik.example.com/dashboard/
-rule = "Host(`traefik.example.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
+# The dashboard can be accessed on http://traefik.domain.com/dashboard/
+rule = "Host(`traefik.domain.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
 ```
 
-??? example "Dashboard Dynamic Configuration Examples"
-    --8<-- "content/operations/include-dashboard-examples.md"
-
 ## Insecure Mode
 
 This mode is not recommended because it does not allow the use of security features.

docs/content/operations/include-api-examples.md

@@ -1,7 +1,7 @@
 ```yaml tab="Docker"
 # Dynamic Configuration
 labels:
-  - "traefik.http.routers.api.rule=Host(`traefik.example.com`)"
+  - "traefik.http.routers.api.rule=Host(`traefik.domain.com`)"
   - "traefik.http.routers.api.service=api@internal"
   - "traefik.http.routers.api.middlewares=auth"
   - "traefik.http.middlewares.auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
@@ -11,7 +11,7 @@ labels:
 # Dynamic Configuration
 deploy:
   labels:
-    - "traefik.http.routers.api.rule=Host(`traefik.example.com`)"
+    - "traefik.http.routers.api.rule=Host(`traefik.domain.com`)"
     - "traefik.http.routers.api.service=api@internal"
     - "traefik.http.routers.api.middlewares=auth"
     - "traefik.http.middlewares.auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
@@ -26,7 +26,7 @@ metadata:
   name: traefik-dashboard
 spec:
   routes:
-  - match: Host(`traefik.example.com`)
+  - match: Host(`traefik.domain.com`)
     kind: Rule
     services:
     - name: api@internal
@@ -45,7 +45,7 @@ spec:
 
 ```yaml tab="Consul Catalog"
 # Dynamic Configuration
-- "traefik.http.routers.api.rule=Host(`traefik.example.com`)"
+- "traefik.http.routers.api.rule=Host(`traefik.domain.com`)"
 - "traefik.http.routers.api.service=api@internal"
 - "traefik.http.routers.api.middlewares=auth"
 - "traefik.http.middlewares.auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
@@ -53,7 +53,7 @@ spec:
 
 ```json tab="Marathon"
 "labels": {
-  "traefik.http.routers.api.rule": "Host(`traefik.example.com`)",
+  "traefik.http.routers.api.rule": "Host(`traefik.domain.com`)",
   "traefik.http.routers.api.service": "api@internal",
   "traefik.http.routers.api.middlewares": "auth",
   "traefik.http.middlewares.auth.basicauth.users": "test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
@@ -63,7 +63,7 @@ spec:
 ```yaml tab="Rancher"
 # Dynamic Configuration
 labels:
-  - "traefik.http.routers.api.rule=Host(`traefik.example.com`)"
+  - "traefik.http.routers.api.rule=Host(`traefik.domain.com`)"
   - "traefik.http.routers.api.service=api@internal"
   - "traefik.http.routers.api.middlewares=auth"
   - "traefik.http.middlewares.auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
@@ -72,7 +72,7 @@ labels:
 ```toml tab="File (TOML)"
 # Dynamic Configuration
 [http.routers.my-api]
-  rule = "Host(`traefik.example.com`)"
+  rule = "Host(`traefik.domain.com`)"
   service = "api@internal"
   middlewares = ["auth"]
 
@@ -88,7 +88,7 @@ labels:
 http:
   routers:
     api:
-      rule: Host(`traefik.example.com`)
+      rule: Host(`traefik.domain.com`)
       service: api@internal
       middlewares:
         - auth

docs/content/operations/include-dashboard-examples.md

@@ -1,101 +0,0 @@
-```yaml tab="Docker"
-# Dynamic Configuration
-labels:
-  - "traefik.http.routers.dashboard.rule=Host(`traefik.example.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
-  - "traefik.http.routers.dashboard.service=api@internal"
-  - "traefik.http.routers.dashboard.middlewares=auth"
-  - "traefik.http.middlewares.auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
-```
-
-```yaml tab="Docker (Swarm)"
-# Dynamic Configuration
-deploy:
-  labels:
-    - "traefik.http.routers.dashboard.rule=Host(`traefik.example.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
-    - "traefik.http.routers.dashboard.service=api@internal"
-    - "traefik.http.routers.dashboard.middlewares=auth"
-    - "traefik.http.middlewares.auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
-    # Dummy service for Swarm port detection. The port can be any valid integer value.
-    - "traefik.http.services.dummy-svc.loadbalancer.server.port=9999"
-```
-
-```yaml tab="Kubernetes CRD"
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRoute
-metadata:
-  name: traefik-dashboard
-spec:
-  routes:
-  - match: Host(`traefik.example.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))
-    kind: Rule
-    services:
-    - name: api@internal
-      kind: TraefikService
-    middlewares:
-      - name: auth
----
-apiVersion: traefik.containo.us/v1alpha1
-kind: Middleware
-metadata:
-  name: auth
-spec:
-  basicAuth:
-    secret: secretName # Kubernetes secret named "secretName"
-```
-
-```yaml tab="Consul Catalog"
-# Dynamic Configuration
-- "traefik.http.routers.dashboard.rule=Host(`traefik.example.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
-- "traefik.http.routers.dashboard.service=api@internal"
-- "traefik.http.routers.dashboard.middlewares=auth"
-- "traefik.http.middlewares.auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
-```
-
-```json tab="Marathon"
-"labels": {
-  "traefik.http.routers.dashboard.rule": "Host(`traefik.example.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))",
-  "traefik.http.routers.dashboard.service": "api@internal",
-  "traefik.http.routers.dashboard.middlewares": "auth",
-  "traefik.http.middlewares.auth.basicauth.users": "test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
-}
-```
-
-```yaml tab="Rancher"
-# Dynamic Configuration
-labels:
-  - "traefik.http.routers.dashboard.rule=Host(`traefik.example.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
-  - "traefik.http.routers.dashboard.service=api@internal"
-  - "traefik.http.routers.dashboard.middlewares=auth"
-  - "traefik.http.middlewares.auth.basicauth.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/,test2:$$apr1$$d9hr9HBB$$4HxwgUir3HP4EsggP/QNo0"
-```
-
-```toml tab="File (TOML)"
-# Dynamic Configuration
-[http.routers.my-api]
-  rule = "Host(`traefik.example.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))"
-  service = "api@internal"
-  middlewares = ["auth"]
-
-[http.middlewares.auth.basicAuth]
-  users = [
-    "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/",
-    "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0",
-  ]
-```
-
-```yaml tab="File (YAML)"
-# Dynamic Configuration
-http:
-  routers:
-    dashboard:
-      rule: Host(`traefik.example.com`) && (PathPrefix(`/api`) || PathPrefix(`/dashboard`))
-      service: api@internal
-      middlewares:
-        - auth
-  middlewares:
-    auth:
-      basicAuth:
-        users:
-          - "test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/"
-          - "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"
-```

docs/content/operations/ping.md

@@ -23,8 +23,7 @@ ping: {}
 
 The `/ping` health-check URL is enabled with the command-line `--ping` or config file option `[ping]`.
 
-The `entryPoint` where the `/ping` is active can be customized with the `entryPoint` option,
-whose default value is `traefik` (port `8080`).
+You can customize the `entryPoint` where the `/ping` is active with the `entryPoint` option (default value: `traefik`)
 
 | Path    | Method        | Description                                                                                         |
 |---------|---------------|-----------------------------------------------------------------------------------------------------|
@@ -35,8 +34,6 @@ whose default value is `traefik` (port `8080`).
 
 ### `entryPoint`
 
-_Optional, Default="traefik"_
-
 Enabling /ping on a dedicated EntryPoint.
 
 ```toml tab="File (TOML)"
@@ -81,28 +78,3 @@ ping:
 ```bash tab="CLI"
 --ping.manualrouting=true
 ```
-
-### `terminatingStatusCode`
-
-_Optional, Default=503_
-
-During the period in which Traefik is gracefully shutting down, the ping handler
-returns a 503 status code by default. If Traefik is behind e.g. a load-balancer
-doing health checks (such as the Kubernetes LivenessProbe), another code might
-be expected as the signal for graceful termination. In which case, the
-terminatingStatusCode can be used to set the code returned by the ping
-handler during termination.
-
-```toml tab="File (TOML)"
-[ping]
-  terminatingStatusCode = 204
-```
-
-```yaml tab="File (YAML)"
-ping:
-  terminatingStatusCode: 204
-```
-
-```bash tab="CLI"
---ping.terminatingStatusCode=204
-```

docs/content/plugins/overview.md

@@ -1,38 +0,0 @@
-# Plugins and Traefik Pilot
-
-Overview
-{: .subtitle}
-
-Traefik Pilot is a software-as-a-service (SaaS) platform that connects to Traefik to extend its capabilities.
-It does this through *plugins*, which are dynamically loaded components that enable new features.
-
-For example, Traefik plugins can add features to modify requests or headers, issue redirects, add authentication, and so on, providing similar functionality to Traefik [middlewares](https://docs.traefik.io/middlewares/overview/).
-
-Traefik Pilot can also monitor connected Traefik instances and issue alerts when one is not responding, or when it is subject to security vulnerabilities.
-
-!!! note "Availability"
-    Plugins are available for Traefik v2.3.0-rc1 and later.
-    
-!!! danger "Experimental Features"
-    Plugins can potentially modify the behavior of Traefik in unforeseen ways.
-    Exercise caution when adding new plugins to production Traefik instances.
-
-## Connecting to Traefik Pilot
-
-Plugins are available when a Traefik instance is connected to Traefik Pilot.
-
-To register a new instance and begin working with plugins, login or create an account at the [Traefik Pilot homepage](https://pilot.traefik.io) and choose **Register New Instance**.
-
-To complete the connection, Traefik Pilot will issue a token that must be added to your Traefik static configuration by following the instructions provided.
-
-!!! note "Enabling Alerts" 
-    Health and security alerts for registered Traefik instances can be enabled from the Preferences in your [Traefik Pilot Profile](https://pilot.traefik.io/profile).
-
-## Creating Plugins
-
-Traefik users can create their own plugins and contribute them to the Traefik Pilot catalog to share them with the community.
-
-Plugins are written in [Go](https://golang.org/) and their code is executed by an [embedded Go interpreter](https://github.com/containous/yaegi).
-There is no need to compile binaries and all plugins are 100% cross-platform.
-
-To learn more and see code for example Traefik plugins, please see the [developer documentation](https://github.com/containous/plugindemo).

docs/content/plugins/using-plugins.md

@@ -1,122 +0,0 @@
-# Using Plugins
-
-Plugins are available to any instance of Traefik v2.3 or later that is [registered](overview.md#connecting-to-traefik-pilot) with Traefik Pilot.
-Plugins are hosted on GitHub, but you can browse plugins to add to your registered Traefik instances from the Traefik Pilot UI.
-
-!!! danger "Experimental Features"
-    Plugins can potentially modify the behavior of Traefik in unforeseen ways.
-    Exercise caution when adding new plugins to production Traefik instances.
-
-## Add a Plugin
-
-To add a new plugin to a Traefik instance, you must modify that instance's static configuration.
-The code to be added is provided by the Traefik Pilot UI when you choose **Install the Plugin**.
-
-In the example below, we add the [`blockpath`](http://github.com/containous/plugin-blockpath) and [`rewritebody`](https://github.com/containous/plugin-rewritebody) plugins:
-
-```toml tab="File (TOML)"
-[entryPoints]
-  [entryPoints.web]
-    address = ":80"
-
-[experimental]
-  [experimental.pilot]
-    token = "xxxxxxxxx"
-
-  [experimental.plugins]
-    [experimental.plugins.block]
-      modulename = "github.com/containous/plugin-blockpath"
-      version = "v0.1.2"
-    [experimental.plugins.rewrite]
-      modulename = "github.com/containous/plugin-rewritebody"
-      version = "v0.2.0"
-```
-
-```yaml tab="File (YAML)"
-entryPoints:
-  web:
-    address: :80
-
-experimental:
-  pilot:
-    token: xxxxxxxxx
-
-  plugins:
-    block:
-      modulename: github.com/containous/plugin-blockpath
-      version: v0.1.2
-    rewrite:
-      modulename: github.com/containous/plugin-rewritebody
-      version: v0.2.0
-```
-
-```bash tab="CLI"
---entryPoints.web.address=:80
---experimental.pilot.token=xxxxxxxxx
---experimental.plugins.block.modulename=github.com/containous/plugin-blockpath
---experimental.plugins.block.version=v0.1.2
---experimental.plugins.rewrite.modulename=github.com/containous/plugin-rewritebody
---experimental.plugins.rewrite.version=v0.2.0
-```
-
-## Configuring Plugins
-
-Some plugins will need to be configured by adding a dynamic configuration.
-For the `bodyrewrite` plugin, for example:
-
-```yaml tab="Docker"
-labels:
-  - "traefik.http.middlewares.my-rewritebody.plugin.rewrite.rewrites[0].regex=example"
-  - "traefik.http.middlewares.my-rewritebody.plugin.rewrite.rewrites[0].replacement=test"
-```
-
-```yaml tab="Kubernetes"
-apiVersion: traefik.containo.us/v1alpha1
-kind: Middleware
-metadata:
-  name: my-rewritebody
-spec:
-  plugin:
-    rewrite:
-      rewrites:
-        - regex: example
-          replacement: test
-```
-
-```yaml tab="Consul Catalog"
-- "traefik.http.middlewares.my-rewritebody.plugin.rewrite.rewrites[0].regex=example"
-- "traefik.http.middlewares.my-rewritebody.plugin.rewrite.rewrites[0].replacement=test"
-```
-
-```json tab="Marathon"
-"labels": {
-  "traefik.http.middlewares.my-rewritebody.plugin.rewrite.rewrites[0].regex": "example",
-  "traefik.http.middlewares.my-rewritebody.plugin.rewrite.rewrites[0].replacement": "test"
-}
-```
-
-```yaml tab="Rancher"
-labels:
-  - "traefik.http.middlewares.my-rewritebody.plugin.rewrite.rewrites[0].regex=example"
-  - "traefik.http.middlewares.my-rewritebody.plugin.rewrite.rewrites[0].replacement=test"
-```
-
-```toml tab="File (TOML)"
-[http.middlewares]
-  [http.middlewares.my-rewritebody.plugin.rewrite]
-    lastModified = true
-    [[http.middlewares.my-rewritebody.plugin.rewrite.rewrites]]
-      regex = "example"
-      replacement = "test"
-```
-
-```yaml tab="File (YAML)"
-http:
-  middlewares:
-    my-rewritebody:
-      plugin:
-        rewrite:
-          rewrites:
-            - regex: example
-              replacement: test
-```

docs/content/providers/consul-catalog.md

@@ -29,7 +29,7 @@ Attach tags to your services and let Traefik do the rest!
     Attaching tags to services
 
     ```yaml
-    - traefik.http.services.my-service.rule=Host(`example.com`)
+    - traefik.http.services.my-service.rule=Host(`mydomain.com`)
     ```
 
 ## Routing Configuration

docs/content/providers/consul.md

@@ -1,216 +0,0 @@
-# Traefik & Consul
-
-A Story of KV store & Containers
-{: .subtitle }
-
-Store your configuration in Consul and let Traefik do the rest!
-
-## Routing Configuration
-
-See the dedicated section in [routing](../routing/providers/kv.md).
-
-## Provider Configuration
-
-### `endpoints`
-
-_Required, Default="127.0.0.1:8500"_
-
-Defines how to access to Consul.
-
-```toml tab="File (TOML)"
-[providers.consul]
-  endpoints = ["127.0.0.1:8500"]
-```
-
-```yaml tab="File (YAML)"
-providers:
-  consul:
-    endpoints:
-      - "127.0.0.1:8500"
-```
-
-```bash tab="CLI"
---providers.consul.endpoints=127.0.0.1:8500
-```
-
-### `rootKey`
-
-Defines the root key of the configuration.
-
-_Required, Default="traefik"_
-
-```toml tab="File (TOML)"
-[providers.consul]
-  rootKey = "traefik"
-```
-
-```yaml tab="File (YAML)"
-providers:
-  consul:
-    rootKey: "traefik"
-```
-
-```bash tab="CLI"
---providers.consul.rootkey=traefik
-```
-
-### `username`
-
-Defines a username to connect with Consul.
-
-_Optional, Default=""_
-
-```toml tab="File (TOML)"
-[providers.consul]
-  # ...
-  username = "foo"
-```
-
-```yaml tab="File (YAML)"
-providers:
-  consul:
-    # ...
-    usename: "foo"
-```
-
-```bash tab="CLI"
---providers.consul.username=foo
-```
-
-### `password`
-
-_Optional, Default=""_
-
-Defines a password to connect with Consul.
-
-```toml tab="File (TOML)"
-[providers.consul]
-  # ...
-  password = "bar"
-```
-
-```yaml tab="File (YAML)"
-providers:
-  consul:
-    # ...
-    password: "bar"
-```
-
-```bash tab="CLI"
---providers.consul.password=foo
-```
-
-### `tls`
-
-_Optional_
-
-#### `tls.ca`
-
-Certificate Authority used for the secured connection to Consul.
-
-```toml tab="File (TOML)"
-[providers.consul.tls]
-  ca = "path/to/ca.crt"
-```
-
-```yaml tab="File (YAML)"
-providers:
-  consul:
-    tls:
-      ca: path/to/ca.crt
-```
-
-```bash tab="CLI"
---providers.consul.tls.ca=path/to/ca.crt
-```
-
-#### `tls.caOptional`
-
-Policy followed for the secured connection with TLS Client Authentication to Consul.
-Requires `tls.ca` to be defined.
-
-- `true`: VerifyClientCertIfGiven
-- `false`: RequireAndVerifyClientCert
-- if `tls.ca` is undefined NoClientCert
-
-```toml tab="File (TOML)"
-[providers.consul.tls]
-  caOptional = true
-```
-
-```yaml tab="File (YAML)"
-providers:
-  consul:
-    tls:
-      caOptional: true
-```
-
-```bash tab="CLI"
---providers.consul.tls.caOptional=true
-```
-
-#### `tls.cert`
-
-Public certificate used for the secured connection to Consul.
-
-```toml tab="File (TOML)"
-[providers.consul.tls]
-  cert = "path/to/foo.cert"
-  key = "path/to/foo.key"
-```
-
-```yaml tab="File (YAML)"
-providers:
-  consul:
-    tls:
-      cert: path/to/foo.cert
-      key: path/to/foo.key
-```
-
-```bash tab="CLI"
---providers.consul.tls.cert=path/to/foo.cert
---providers.consul.tls.key=path/to/foo.key
-```
-
-#### `tls.key`
-
-Private certificate used for the secured connection to Consul.
-
-```toml tab="File (TOML)"
-[providers.consul.tls]
-  cert = "path/to/foo.cert"
-  key = "path/to/foo.key"
-```
-
-```yaml tab="File (YAML)"
-providers:
-  consul:
-    tls:
-      cert: path/to/foo.cert
-      key: path/to/foo.key
-```
-
-```bash tab="CLI"
---providers.consul.tls.cert=path/to/foo.cert
---providers.consul.tls.key=path/to/foo.key
-```
-
-#### `tls.insecureSkipVerify`
-
-If `insecureSkipVerify` is `true`, TLS for the connection to Consul accepts any certificate presented by the server and any host name in that certificate.
-
-```toml tab="File (TOML)"
-[providers.consul.tls]
-  insecureSkipVerify = true
-```
-
-```yaml tab="File (YAML)"
-providers:
-  consul:
-    tls:
-      insecureSkipVerify: true
-```
-
-```bash tab="CLI"
---providers.consul.tls.insecureSkipVerify=true
-```

docs/content/providers/docker.md

@@ -40,7 +40,7 @@ and [Docker Swarm Mode](https://docs.docker.com/engine/swarm/).
       my-container:
         # ...
         labels:
-          - traefik.http.routers.my-container.rule=Host(`example.com`)
+          - traefik.http.routers.my-container.rule=Host(`mydomain.com`)
     ```
 
 ??? example "Configuring Docker Swarm & Deploying / Exposing Services"
@@ -79,13 +79,13 @@ and [Docker Swarm Mode](https://docs.docker.com/engine/swarm/).
       my-container:
         deploy:
           labels:
-            - traefik.http.routers.my-container.rule=Host(`example.com`)
+            - traefik.http.routers.my-container.rule=Host(`mydomain.com`)
             - traefik.http.services.my-container-service.loadbalancer.server.port=8080
     ```
 
 ## Routing Configuration
 
-When using Docker as a [provider](./overview.md),
+When using Docker as a [provider](https://docs.traefik.io/providers/overview/),
 Traefik uses [container labels](https://docs.docker.com/engine/reference/commandline/run/#set-metadata-on-container--l---label---label-file) to retrieve its routing configuration.
 
 See the list of labels in the dedicated [routing](../routing/providers/docker.md) section.
@@ -116,20 +116,6 @@ Ports detection works as follows:
   by using the label `traefik.http.services.<service_name>.loadbalancer.server.port`
   (Read more on this label in the dedicated section in [routing](../routing/providers/docker.md#port)).
 
-### Host networking
-
-When exposing containers that are configured with [host networking](https://docs.docker.com/network/host/),
-the IP address of the host is resolved as follows:
-
-<!-- TODO: verify and document the swarm mode case with container.Node.IPAddress coming from the API -->
-- try a lookup of `host.docker.internal`
-- otherwise fall back to `127.0.0.1`
-
-On Linux, (and until [github.com/moby/moby/pull/40007](https://github.com/moby/moby/pull/40007) is included in a release),
-for `host.docker.internal` to be defined, it should be provided as an `extra_host` to the Traefik container,
-using the `--add-host` flag. For example, to set it to the IP address of the bridge interface (docker0 by default):
-`--add-host=host.docker.internal:172.17.0.1`
-
 ### Docker API Access
 
 Traefik requires access to the docker socket to get its dynamic configuration.
@@ -149,17 +135,16 @@ You can specify which Docker API Endpoint to use with the directive [`endpoint`]
 
     ??? success "Solutions"
 
-        Expose the Docker socket over TCP or SSH, instead of the default Unix socket file.
+        Expose the Docker socket over TCP, instead of the default Unix socket file.
         It allows different implementation levels of the [AAA (Authentication, Authorization, Accounting) concepts](https://en.wikipedia.org/wiki/AAA_(computer_security)), depending on your security assessment:
 
         - Authentication with Client Certificates as described in ["Protect the Docker daemon socket."](https://docs.docker.com/engine/security/https/)
         - Authorize and filter requests to restrict possible actions with [the TecnativaDocker Socket Proxy](https://github.com/Tecnativa/docker-socket-proxy).
-        - Authorization with the [Docker Authorization Plugin Mechanism](https://web.archive.org/web/20190920092526/https://docs.docker.com/engine/extend/plugins_authorization/)
+        - Authorization with the [Docker Authorization Plugin Mechanism](https://docs.docker.com/engine/extend/plugins_authorization/)
         - Accounting at networking level, by exposing the socket only inside a Docker private network, only available for Traefik.
         - Accounting at container level, by exposing the socket on a another container than Traefik's.
           With Swarm mode, it allows scheduling of Traefik on worker nodes, with only the "socket exposer" container on the manager nodes.
         - Accounting at kernel level, by enforcing kernel calls with mechanisms like [SELinux](https://en.wikipedia.org/wiki/Security-Enhanced_Linux), to only allows an identified set of actions for Traefik's process (or the "socket exposer" process).
-        - SSH public key authentication (SSH is supported with Docker > 18.09)
 
     ??? info "More Resources and Examples"
         - ["Paranoid about mounting /var/run/docker.sock?"](https://medium.com/@containeroo/traefik-2-0-paranoid-about-mounting-var-run-docker-sock-22da9cb3e78c)
@@ -199,7 +184,7 @@ Therefore you **must** specify the port to use for communication by using the la
 Docker Swarm Mode follows the same rules as Docker [API Access](#docker-api-access).
 
 As the Swarm API is only exposed on the [manager nodes](https://docs.docker.com/engine/swarm/how-swarm-mode-works/nodes/#manager-nodes), you should schedule Traefik on the Swarm manager nodes by default,
-by deploying Traefik with a constraint on the node's "role":
+by deploying Traefik with a [constraint](https://success.docker.com/article/using-contraints-and-labels-to-control-the-placement-of-containers) on the node's "role":
 
 ```shell tab="With Docker CLI"
 docker service create \
@@ -261,7 +246,7 @@ See the sections [Docker API Access](#docker-api-access) and [Docker Swarm API A
 
     services:
       traefik:
-         image: traefik:v2.3 # The official v2 Traefik docker image
+         image: traefik:v2.1 # The official v2 Traefik docker image
          ports:
            - "80:80"
          volumes:
@@ -288,30 +273,6 @@ See the sections [Docker API Access](#docker-api-access) and [Docker Swarm API A
     # ...
     ```
 
-??? example "Using SSH"
-
-    Using Docker 18.09+ you can connect Traefik to daemon using SSH
-    We specify the SSH host and user in Traefik's configuration file.
-    Note that is server requires public keys for authentication you must have those accessible for user who runs Traefik.
-
-    ```toml tab="File (TOML)"
-    [providers.docker]
-      endpoint = "ssh://traefik@192.168.2.5:2022"
-      # ...
-    ```
-    
-    ```yaml tab="File (YAML)"
-    providers:
-      docker:
-        endpoint: "ssh://traefik@192.168.2.5:2022"
-         # ...
-    ```
-    
-    ```bash tab="CLI"
-    --providers.docker.endpoint=ssh://traefik@192.168.2.5:2022
-    # ...
-    ```
-
 ### `useBindPortIP`
 
 _Optional, Default=false_
@@ -473,19 +434,19 @@ _Optional, Default=15_
 
 ```toml tab="File (TOML)"
 [providers.docker]
-  swarmModeRefreshSeconds = 30
+  swarmModeRefreshSeconds = "30s"
   # ...
 ```
 
 ```yaml tab="File (YAML)"
 providers:
   docker:
-    swarmModeRefreshSeconds: 30
+    swarmModeRefreshSeconds: "30s"
     # ...
 ```
 
 ```bash tab="CLI"
---providers.docker.swarmModeRefreshSeconds=30
+--providers.docker.swarmModeRefreshSeconds=30s
 # ...
 ```
 

docs/content/providers/ecs.md

@@ -1,223 +0,0 @@
-# Traefik & AWS ECS
-
-A Story of Labels & Elastic Containers
-{: .subtitle }
-
-Attach labels to your ECS containers and let Traefik do the rest!
-
-## Configuration Examples
-
-??? example "Configuring ECS provider"
-
-    Enabling the ECS provider:
-    
-    ```toml tab="File (TOML)"
-    [providers.ecs]
-      clusters = ["default"]
-    ```
-    
-    ```yaml tab="File (YAML)"
-    providers:
-      ecs:
-        clusters:
-          - default
-    ```
-    
-    ```bash tab="CLI"
-    --providers.ecs.clusters=default
-    ```
-
-## Policy
-
-Traefik needs the following policy to read ECS information:
-
-```json
-{
-    "Version": "2012-10-17",
-    "Statement": [
-        {
-            "Sid": "TraefikECSReadAccess",
-            "Effect": "Allow",
-            "Action": [
-                "ecs:ListClusters",
-                "ecs:DescribeClusters",
-                "ecs:ListTasks",
-                "ecs:DescribeTasks",
-                "ecs:DescribeContainerInstances",
-                "ecs:DescribeTaskDefinition",
-                "ec2:DescribeInstances"
-            ],
-            "Resource": [
-                "*"
-            ]
-        }
-    ]
-}
-```
-
-## Provider configuration
-
-### `autoDiscoverClusters`
-
-_Optional, Default=false_
-
-```toml tab="File (TOML)"
-[providers.ecs]
-  autoDiscoverClusters = true
-  # ...
-```
-
-```yaml tab="File (YAML)"
-providers:
-  ecs:
-    autoDiscoverClusters: true
-    # ...
-```
-
-```bash tab="CLI"
---providers.ecs.autoDiscoverClusters=true
-# ...
-```
-
-Search for services in clusters list.
-
-- If set to `true` the configured clusters will be ignored and the clusters will be discovered.
-- If set to `false` the services will be discovered only in configured clusters.
-
-### `clusters`
-
-_Optional, Default=["default"]_
-
-```toml tab="File (TOML)"
-[providers.ecs]
-  cluster = ["default"]
-  # ...
-```
-
-```yaml tab="File (YAML)"
-providers:
-  ecs:
-    clusters:
-      - default
-    # ...
-```
-
-```bash tab="CLI"
---providers.ecs.clusters=default
-# ...
-```
-
-Search for services in clusters list.
-
-### `exposedByDefault`
-
-_Optional, Default=true_
-
-```toml tab="File (TOML)"
-[providers.ecs]
-  exposedByDefault = false
-  # ...
-```
-
-```yaml tab="File (YAML)"
-providers:
-  ecs:
-    exposedByDefault: false
-    # ...
-```
-
-```bash tab="CLI"
---providers.ecs.exposedByDefault=false
-# ...
-```
-
-Expose ECS services by default in Traefik.
-If set to false, services that don't have a `traefik.enable=true` label will be ignored from the resulting routing configuration.
-
-### `defaultRule`
-
-_Optional, Default=```Host(`{{ normalize .Name }}`)```_
-
-```toml tab="File (TOML)"
-[providers.ecs]
-  defaultRule = "Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
-  # ...
-```
-
-```yaml tab="File (YAML)"
-providers:
-  ecs:
-    defaultRule: "Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)"
-    # ...
-```
-
-```bash tab="CLI"
---providers.ecs.defaultRule=Host(`{{ .Name }}.{{ index .Labels \"customLabel\"}}`)
-# ...
-```
-
-For a given container if no routing rule was defined by a label, it is defined by this defaultRule instead.
-It must be a valid [Go template](https://golang.org/pkg/text/template/),
-augmented with the [sprig template functions](http://masterminds.github.io/sprig/).
-The service name can be accessed as the `Name` identifier,
-and the template has access to all the labels defined on this container.
-
-### `refreshSeconds`
-
-_Optional, Default=15_
-
-```toml tab="File (TOML)"
-[providers.ecs]
-  refreshSeconds = 15
-  # ...
-```
-
-```yaml tab="File (YAML)"
-providers:
-  ecs:
-    refreshSeconds: 15
-    # ...
-```
-
-```bash tab="CLI"
---providers.ecs.refreshSeconds=15
-# ...
-```
-
-Polling interval (in seconds).
-
-### Credentials
-
-_Optional_
-
-```toml tab="File (TOML)"
-[providers.ecs]
-  region = "us-east-1"
-  accessKeyID = "abc"
-  secretAccessKey = "123"
-```
-
-```yaml tab="File (YAML)"
-providers:
-  ecs:
-    region: us-east-1
-    accessKeyID: "abc"
-    secretAccessKey: "123"
-    # ...
-```
-
-```bash tab="CLI"
---providers.ecs.region="us-east-1"
---providers.ecs.accessKeyID="abc"
---providers.ecs.secretAccessKey="123"
-# ...
-```
-
-If `region` is not provided, it will be resolved from the EC2 metadata endpoint for EC2 tasks. 
-In a FARGATE context it will be resolved from the `AWS_REGION` env variable.
-
-If `accessKeyID` / `secretAccessKey` are not provided, credentials will be resolved in the following order:
-
-- From environment variables `AWS_ACCESS_KEY_ID`, `AWS_SECRET_ACCESS_KEY`, and `AWS_SESSION_TOKEN`.
-- Shared credentials, determined by `AWS_PROFILE` and `AWS_SHARED_CREDENTIALS_FILE`, defaults to default and `~/.aws/credentials`.
-- EC2 instance role or ECS task role

docs/content/providers/etcd.md

@@ -1,216 +0,0 @@
-# Traefik & Etcd
-
-A Story of KV store & Containers
-{: .subtitle }
-
-Store your configuration in Etcd and let Traefik do the rest!
-
-## Routing Configuration
-
-See the dedicated section in [routing](../routing/providers/kv.md).
-
-## Provider Configuration
-
-### `endpoints`
-
-_Required, Default="127.0.0.1:2379"_
-
-Defines how to access to Etcd.
-
-```toml tab="File (TOML)"
-[providers.etcd]
-  endpoints = ["127.0.0.1:2379"]
-```
-
-```yaml tab="File (YAML)"
-providers:
-  etcd:
-    endpoints:
-      - "127.0.0.1:2379"
-```
-
-```bash tab="CLI"
---providers.etcd.endpoints=127.0.0.1:2379
-```
-
-### `rootKey`
-
-Defines the root key of the configuration.
-
-_Required, Default="traefik"_
-
-```toml tab="File (TOML)"
-[providers.etcd]
-  rootKey = "traefik"
-```
-
-```yaml tab="File (YAML)"
-providers:
-  etcd:
-    rootKey: "traefik"
-```
-
-```bash tab="CLI"
---providers.etcd.rootkey=traefik
-```
-
-### `username`
-
-Defines a username to connect with Etcd.
-
-_Optional, Default=""_
-
-```toml tab="File (TOML)"
-[providers.etcd]
-  # ...
-  username = "foo"
-```
-
-```yaml tab="File (YAML)"
-providers:
-  etcd:
-    # ...
-    usename: "foo"
-```
-
-```bash tab="CLI"
---providers.etcd.username=foo
-```
-
-### `password`
-
-_Optional, Default=""_
-
-Defines a password to connect with Etcd.
-
-```toml tab="File (TOML)"
-[providers.etcd]
-  # ...
-  password = "bar"
-```
-
-```yaml tab="File (YAML)"
-providers:
-  etcd:
-    # ...
-    password: "bar"
-```
-
-```bash tab="CLI"
---providers.etcd.password=foo
-```
-
-### `tls`
-
-_Optional_
-
-#### `tls.ca`
-
-Certificate Authority used for the secured connection to Etcd.
-
-```toml tab="File (TOML)"
-[providers.etcd.tls]
-  ca = "path/to/ca.crt"
-```
-
-```yaml tab="File (YAML)"
-providers:
-  etcd:
-    tls:
-      ca: path/to/ca.crt
-```
-
-```bash tab="CLI"
---providers.etcd.tls.ca=path/to/ca.crt
-```
-
-#### `tls.caOptional`
-
-Policy followed for the secured connection with TLS Client Authentication to Etcd.
-Requires `tls.ca` to be defined.
-
-- `true`: VerifyClientCertIfGiven
-- `false`: RequireAndVerifyClientCert
-- if `tls.ca` is undefined NoClientCert
-
-```toml tab="File (TOML)"
-[providers.etcd.tls]
-  caOptional = true
-```
-
-```yaml tab="File (YAML)"
-providers:
-  etcd:
-    tls:
-      caOptional: true
-```
-
-```bash tab="CLI"
---providers.etcd.tls.caOptional=true
-```
-
-#### `tls.cert`
-
-Public certificate used for the secured connection to Etcd.
-
-```toml tab="File (TOML)"
-[providers.etcd.tls]
-  cert = "path/to/foo.cert"
-  key = "path/to/foo.key"
-```
-
-```yaml tab="File (YAML)"
-providers:
-  etcd:
-    tls:
-      cert: path/to/foo.cert
-      key: path/to/foo.key
-```
-
-```bash tab="CLI"
---providers.etcd.tls.cert=path/to/foo.cert
---providers.etcd.tls.key=path/to/foo.key
-```
-
-#### `tls.key`
-
-Private certificate used for the secured connection to Etcd.
-
-```toml tab="File (TOML)"
-[providers.etcd.tls]
-  cert = "path/to/foo.cert"
-  key = "path/to/foo.key"
-```
-
-```yaml tab="File (YAML)"
-providers:
-  etcd:
-    tls:
-      cert: path/to/foo.cert
-      key: path/to/foo.key
-```
-
-```bash tab="CLI"
---providers.etcd.tls.cert=path/to/foo.cert
---providers.etcd.tls.key=path/to/foo.key
-```
-
-#### `tls.insecureSkipVerify`
-
-If `insecureSkipVerify` is `true`, TLS for the connection to Etcd accepts any certificate presented by the server and any host name in that certificate.
-
-```toml tab="File (TOML)"
-[providers.etcd.tls]
-  insecureSkipVerify = true
-```
-
-```yaml tab="File (YAML)"
-providers:
-  etcd:
-    tls:
-      insecureSkipVerify: true
-```
-
-```bash tab="CLI"
---providers.etcd.tls.insecureSkipVerify=true
-```

docs/content/providers/file.md

@@ -47,22 +47,22 @@ You can write one of these mutually exclusive configuration elements:
           middlewares = ["my-basic-auth"]
           service = "service-foo"
           rule = "Path(`/foo`)"
-      
-      # Add the middleware
-      [http.middlewares]    
-        [http.middlewares.my-basic-auth.basicAuth]
-          users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/", 
-                    "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"]
-          usersFile = "etc/traefik/.htpasswd"
-      
-      # Add the service
-      [http.services]
-        [http.services.service-foo]
-          [http.services.service-foo.loadBalancer]
-            [[http.services.service-foo.loadBalancer.servers]]
-              url = "http://foo/"
-            [[http.services.service-foo.loadBalancer.servers]]
-              url = "http://bar/"
+    
+        # Add the middleware
+        [http.middlewares]    
+          [http.middlewares.my-basic-auth.basicAuth]
+            users = ["test:$apr1$H6uskkkW$IgXLP6ewTrSuBkTrqE8wj/", 
+                      "test2:$apr1$d9hr9HBB$4HxwgUir3HP4EsggP/QNo0"]
+            usersFile = "etc/traefik/.htpasswd"
+        
+        # Add the service
+        [http.services]
+          [http.services.service-foo]
+            [http.services.service-foo.loadBalancer]
+              [[http.services.service-foo.loadBalancer.servers]]
+                url = "http://foo/"
+              [[http.services.service-foo.loadBalancer.servers]]
+                url = "http://bar/"
     ```
     
     ```yaml tab="YAML"
@@ -191,14 +191,14 @@ providers:
 ### Go Templating
 
 !!! warning
-    Go Templating only works with dedicated dynamic configuration files.
+    Go Templating only works along with dedicated dynamic configuration files.
     Templating does not work in the Traefik main static configuration file.
 
-Traefik supports using Go templating to automatically generate repetitive portions of configuration files.
-These sections must be valid [Go templates](https://golang.org/pkg/text/template/),
-augmented with the [Sprig template functions](http://masterminds.github.io/sprig/).
+Traefik allows using Go templating,
+it must be a valid [Go template](https://golang.org/pkg/text/template/),
+augmented with the [sprig template functions](http://masterminds.github.io/sprig/).
 
-To illustrate, it's possible to easily define multiple routers, services, and TLS certificates as described in the following examples:
+Thus, it's possible to define easily lot of routers, services and TLS certificates as described in the following examples:
 
 ??? example "Configuring Using Templating"
     
@@ -238,7 +238,7 @@ To illustrate, it's possible to easily define multiple routers, services, and TL
     [[tls.certificates]]
       certFile = "/etc/traefik/cert-{{ $e }}.pem"
       keyFile = "/etc/traefik/cert-{{ $e }}.key"
-      stores = ["my-store-foo-{{ $e }}", "my-store-bar-{{ $e }}"]
+      store = ["my-store-foo-{{ $e }}", "my-store-bar-{{ $e }}"]
     {{ end }}
     
     [tls.config]

docs/content/providers/http.md

@@ -1,189 +0,0 @@
-# Traefik & HTTP
-
-Provide your [dynamic configuration](./overview.md) via an HTTP(s) endpoint and let Traefik do the rest!
-
-## Routing Configuration
-
-The HTTP provider uses the same configuration as the [File Provider](./file.md) in YAML or JSON format.
-
-## Provider Configuration
-
-### `endpoint`
-
-_Required_
-
-Defines the HTTP(s) endpoint to poll.
-
-```toml tab="File (TOML)"
-[providers.http]
-  endpoint = "http://127.0.0.1:9000/api"
-```
-
-```yaml tab="File (YAML)"
-providers:
-  http:
-    endpoint:
-      - "http://127.0.0.1:9000/api"
-```
-
-```bash tab="CLI"
---providers.http.endpoint=http://127.0.0.1:9000/api
-```
-
-### `pollInterval`
-
-_Optional, Default="5s"_
-
-Defines the polling interval.
-
-```toml tab="File (TOML)"
-[providers.http]
-  pollInterval = "5s"
-```
-
-```yaml tab="File (YAML)"
-providers:
-  http:
-    pollInterval: "5s"
-```
-
-```bash tab="CLI"
---providers.http.pollInterval=5s
-```
-
-### `pollTimeout`
-
-_Optional, Default="5s"_
-
-Defines the polling timeout when connecting to the configured endpoint.
-
-```toml tab="File (TOML)"
-[providers.http]
-  pollTimeout = "5s"
-```
-
-```yaml tab="File (YAML)"
-providers:
-  http:
-    pollTimeout: "5s"
-```
-
-```bash tab="CLI"
---providers.http.pollTimeout=5s
-```
-
-### `tls`
-
-_Optional_
-
-#### `tls.ca`
-
-Certificate Authority used for the secured connection to the configured Endpoint.
-
-```toml tab="File (TOML)"
-[providers.http.tls]
-  ca = "path/to/ca.crt"
-```
-
-```yaml tab="File (YAML)"
-providers:
-  http:
-    tls:
-      ca: path/to/ca.crt
-```
-
-```bash tab="CLI"
---providers.http.tls.ca=path/to/ca.crt
-```
-
-#### `tls.caOptional`
-
-Policy followed for the secured connection with TLS Client Authentication to the configured Endpoint.
-Requires `tls.ca` to be defined.
-
-- `true`: VerifyClientCertIfGiven
-- `false`: RequireAndVerifyClientCert
-- if `tls.ca` is undefined NoClientCert
-
-```toml tab="File (TOML)"
-[providers.http.tls]
-  caOptional = true
-```
-
-```yaml tab="File (YAML)"
-providers:
-  http:
-    tls:
-      caOptional: true
-```
-
-```bash tab="CLI"
---providers.http.tls.caOptional=true
-```
-
-#### `tls.cert`
-
-Public certificate used for the secured connection to the configured Endpoint.
-
-```toml tab="File (TOML)"
-[providers.http.tls]
-  cert = "path/to/foo.cert"
-  key = "path/to/foo.key"
-```
-
-```yaml tab="File (YAML)"
-providers:
-  http:
-    tls:
-      cert: path/to/foo.cert
-      key: path/to/foo.key
-```
-
-```bash tab="CLI"
---providers.http.tls.cert=path/to/foo.cert
---providers.http.tls.key=path/to/foo.key
-```
-
-#### `tls.key`
-
-Private certificate used for the secured connection to the configured Endpoint.
-
-```toml tab="File (TOML)"
-[providers.http.tls]
-  cert = "path/to/foo.cert"
-  key = "path/to/foo.key"
-```
-
-```yaml tab="File (YAML)"
-providers:
-  http:
-    tls:
-      cert: path/to/foo.cert
-      key: path/to/foo.key
-```
-
-```bash tab="CLI"
---providers.http.tls.cert=path/to/foo.cert
---providers.http.tls.key=path/to/foo.key
-```
-
-#### `tls.insecureSkipVerify`
-
-If `insecureSkipVerify` is `true`, TLS connection to the configured Endpoint accepts any certificate presented by the 
-server and any host name in that certificate.
-
-```toml tab="File (TOML)"
-[providers.http.tls]
-  insecureSkipVerify = true
-```
-
-```yaml tab="File (YAML)"
-providers:
-  http:
-    tls:
-      insecureSkipVerify: true
-```
-
-```bash tab="CLI"
---providers.http.tls.insecureSkipVerify=true
-```

docs/content/providers/kubernetes-crd.md

@@ -173,7 +173,7 @@ Array of namespaces to watch.
 
 ### `labelselector`
 
-_Optional,Default: empty (process all resources)_
+_Optional,Default: empty (process all Ingresses)_
 
 ```toml tab="File (TOML)"
 [providers.kubernetesCRD]
@@ -192,8 +192,8 @@ providers:
 --providers.kubernetescrd.labelselector="A and not B"
 ```
 
-By default, Traefik processes all resource objects in the configured namespaces.
-A label selector can be defined to filter on specific resource objects only.
+By default, Traefik processes all Ingress objects in the configured namespaces.
+A label selector can be defined to filter on specific Ingress objects only.
 
 See [label-selectors](https://kubernetes.io/docs/concepts/overview/working-with-objects/labels/#label-selectors) for details.
 
@@ -218,10 +218,10 @@ providers:
 --providers.kubernetescrd.ingressclass=traefik-internal
 ```
 
-Value of `kubernetes.io/ingress.class` annotation that identifies resource objects to be processed.
+Value of `kubernetes.io/ingress.class` annotation that identifies Ingress objects to be processed.
 
-If the parameter is non-empty, only resources containing an annotation with the same value are processed.
-Otherwise, resources missing the annotation, having an empty value, or the value `traefik` are processed.
+If the parameter is non-empty, only Ingresses containing an annotation with the same value are processed.
+Otherwise, Ingresses missing the annotation, having an empty value, or the value `traefik` are processed.
 
 ### `throttleDuration`
 

docs/content/providers/kubernetes-ingress.md

@@ -6,11 +6,7 @@ The Kubernetes Ingress Controller.
 The Traefik Kubernetes Ingress provider is a Kubernetes Ingress controller; that is to say,
 it manages access to a cluster services by supporting the [Ingress](https://kubernetes.io/docs/concepts/services-networking/ingress/) specification.
 
-## Routing Configuration
-
-See the dedicated section in [routing](../routing/providers/kubernetes-ingress.md).
-
-## Enabling and Using the Provider
+## Enabling and using the provider
 
 As usual, the provider is enabled through the static configuration:
 
@@ -40,7 +36,7 @@ metadata:
 
 spec:
   rules:
-    - host: example.net
+    - host: foo.com
       http:
         paths:
           - path: /bar
@@ -258,40 +254,6 @@ Value of `kubernetes.io/ingress.class` annotation that identifies Ingress object
 If the parameter is non-empty, only Ingresses containing an annotation with the same value are processed.
 Otherwise, Ingresses missing the annotation, having an empty value, or with the value `traefik` are processed.
 
-!!! info "Kubernetes 1.18+"
-
-    If the Kubernetes cluster version is 1.18+,
-    the new `IngressClass` resource can be leveraged to identify Ingress objects that should be processed.
-    In that case, Traefik will look for an `IngressClass` in the cluster with the controller value equal to *traefik.io/ingress-controller*. 
-    
-    Please see [this article](https://kubernetes.io/blog/2020/04/02/improvements-to-the-ingress-api-in-kubernetes-1.18/) for more information or the example below.
-
-    ```yaml tab="IngressClass"
-    apiVersion: networking.k8s.io/v1beta1
-    kind: IngressClass
-    metadata: 
-      name: traefik-lb
-    spec: 
-      controller: traefik.io/ingress-controller
-    ```
-  
-    ```yaml tab="Ingress"
-    apiVersion: "networking.k8s.io/v1beta1"
-    kind: "Ingress"
-    metadata:
-      name: "example-ingress"
-    spec:
-      ingressClassName: "traefik-lb"
-      rules:
-      - host: "*.example.com"
-        http:
-          paths:
-          - path: "/example"
-            backend:
-              serviceName: "example-service"
-              servicePort: 80
-    ```
-
 ### `ingressEndpoint`
 
 #### `hostname`
@@ -300,7 +262,7 @@ _Optional, Default: empty_
 
 ```toml tab="File (TOML)"
 [providers.kubernetesIngress.ingressEndpoint]
-  hostname = "example.net"
+  hostname = "foo.com"
   # ...
 ```
 
@@ -308,12 +270,12 @@ _Optional, Default: empty_
 providers:
   kubernetesIngress:
     ingressEndpoint:
-      hostname: "example.net"
+      hostname: "foo.com"
     # ...
 ```
 
 ```bash tab="CLI"
---providers.kubernetesingress.ingressendpoint.hostname=example.net
+--providers.kubernetesingress.ingressendpoint.hostname=foo.com
 ```
 
 Hostname used for Kubernetes Ingress endpoints.
@@ -388,7 +350,7 @@ providers:
 --providers.kubernetesingress.throttleDuration=10s
 ```
 
-### Further
+## Further
 
 If one wants to know more about the various aspects of the Ingress spec that Traefik supports,
-many examples of Ingresses definitions are located in the tests [data](https://github.com/containous/traefik/tree/v2.3/pkg/provider/kubernetes/ingress/fixtures) of the Traefik repository.
+many examples of Ingresses definitions are located in the tests [data](https://github.com/containous/traefik/tree/v2.1/pkg/provider/kubernetes/ingress/fixtures) of the Traefik repository.

docs/content/providers/overview.md

@@ -26,19 +26,14 @@ Even if each provider is different, we can categorize them in four groups:
 
 Below is the list of the currently supported providers in Traefik. 
 
-| Provider                              | Type         | Configuration Type         |
-|---------------------------------------|--------------|----------------------------|
-| [Docker](./docker.md)                 | Orchestrator | Label                      |
-| [Kubernetes](./kubernetes-crd.md)     | Orchestrator | Custom Resource or Ingress |
-| [Consul Catalog](./consul-catalog.md) | Orchestrator | Label                      |
-| [Marathon](./marathon.md)             | Orchestrator | Label                      |
-| [Rancher](./rancher.md)               | Orchestrator | Label                      |
-| [File](./file.md)                     | Manual       | TOML/YAML format           |
-| [Consul](./consul.md)                 | KV           | KV                         |
-| [Etcd](./etcd.md)                     | KV           | KV                         |
-| [Redis](./redis.md)                   | KV           | KV                         |
-| [ZooKeeper](./zookeeper.md)           | KV           | KV                         |
-| [HTTP](./http.md)                     | Manual       | JSON format                |
+| Provider                              | Type         | Configuration Type |
+|---------------------------------------|--------------|--------------------|
+| [Docker](./docker.md)                 | Orchestrator | Label              |
+| [Kubernetes](./kubernetes-crd.md)     | Orchestrator | Custom Resource    |
+| [Consul Catalog](./consul-catalog.md) | Orchestrator | Label              |
+| [Marathon](./marathon.md)             | Orchestrator | Label              |
+| [Rancher](./rancher.md)               | Orchestrator | Label              |
+| [File](./file.md)                     | Manual       | TOML/YAML format   |
 
 !!! info "More Providers"
 

docs/content/providers/rancher.md

@@ -35,7 +35,7 @@ Attach labels to your services and let Traefik do the rest!
 
     ```yaml
     labels:
-      - traefik.http.services.my-service.rule=Host(`example.com`)
+      - traefik.http.services.my-service.rule=Host(`mydomain.com`)
     ```
 
 ## Routing Configuration

docs/content/providers/redis.md

@@ -1,216 +0,0 @@
-# Traefik & Redis
-
-A Story of KV store & Containers
-{: .subtitle }
-
-Store your configuration in Redis and let Traefik do the rest!
-
-## Routing Configuration
-
-See the dedicated section in [routing](../routing/providers/kv.md).
-
-## Provider Configuration
-
-### `endpoints`
-
-_Required, Default="127.0.0.1:6379"_
-
-Defines how to access to Redis.
-
-```toml tab="File (TOML)"
-[providers.redis]
-  endpoints = ["127.0.0.1:6379"]
-```
-
-```yaml tab="File (YAML)"
-providers:
-  redis:
-    endpoints:
-      - "127.0.0.1:6379"
-```
-
-```bash tab="CLI"
---providers.redis.endpoints=127.0.0.1:6379
-```
-
-### `rootKey`
-
-Defines the root key of the configuration.
-
-_Required, Default="traefik"_
-
-```toml tab="File (TOML)"
-[providers.redis]
-  rootKey = "traefik"
-```
-
-```yaml tab="File (YAML)"
-providers:
-  redis:
-    rootKey: "traefik"
-```
-
-```bash tab="CLI"
---providers.redis.rootkey=traefik
-```
-
-### `username`
-
-Defines a username to connect with Redis.
-
-_Optional, Default=""_
-
-```toml tab="File (TOML)"
-[providers.redis]
-  # ...
-  username = "foo"
-```
-
-```yaml tab="File (YAML)"
-providers:
-  redis:
-    # ...
-    usename: "foo"
-```
-
-```bash tab="CLI"
---providers.redis.username=foo
-```
-
-### `password`
-
-_Optional, Default=""_
-
-Defines a password to connect with Redis.
-
-```toml tab="File (TOML)"
-[providers.redis]
-  # ...
-  password = "bar"
-```
-
-```yaml tab="File (YAML)"
-providers:
-  redis:
-    # ...
-    password: "bar"
-```
-
-```bash tab="CLI"
---providers.redis.password=foo
-```
-
-### `tls`
-
-_Optional_
-
-#### `tls.ca`
-
-Certificate Authority used for the secured connection to Redis.
-
-```toml tab="File (TOML)"
-[providers.redis.tls]
-  ca = "path/to/ca.crt"
-```
-
-```yaml tab="File (YAML)"
-providers:
-  redis:
-    tls:
-      ca: path/to/ca.crt
-```
-
-```bash tab="CLI"
---providers.redis.tls.ca=path/to/ca.crt
-```
-
-#### `tls.caOptional`
-
-Policy followed for the secured connection with TLS Client Authentication to Redis.
-Requires `tls.ca` to be defined.
-
-- `true`: VerifyClientCertIfGiven
-- `false`: RequireAndVerifyClientCert
-- if `tls.ca` is undefined NoClientCert
-
-```toml tab="File (TOML)"
-[providers.redis.tls]
-  caOptional = true
-```
-
-```yaml tab="File (YAML)"
-providers:
-  redis:
-    tls:
-      caOptional: true
-```
-
-```bash tab="CLI"
---providers.redis.tls.caOptional=true
-```
-
-#### `tls.cert`
-
-Public certificate used for the secured connection to Redis.
-
-```toml tab="File (TOML)"
-[providers.redis.tls]
-  cert = "path/to/foo.cert"
-  key = "path/to/foo.key"
-```
-
-```yaml tab="File (YAML)"
-providers:
-  redis:
-    tls:
-      cert: path/to/foo.cert
-      key: path/to/foo.key
-```
-
-```bash tab="CLI"
---providers.redis.tls.cert=path/to/foo.cert
---providers.redis.tls.key=path/to/foo.key
-```
-
-#### `tls.key`
-
-Private certificate used for the secured connection to Redis.
-
-```toml tab="File (TOML)"
-[providers.redis.tls]
-  cert = "path/to/foo.cert"
-  key = "path/to/foo.key"
-```
-
-```yaml tab="File (YAML)"
-providers:
-  redis:
-    tls:
-      cert: path/to/foo.cert
-      key: path/to/foo.key
-```
-
-```bash tab="CLI"
---providers.redis.tls.cert=path/to/foo.cert
---providers.redis.tls.key=path/to/foo.key
-```
-
-#### `tls.insecureSkipVerify`
-
-If `insecureSkipVerify` is `true`, TLS for the connection to Redis accepts any certificate presented by the server and any host name in that certificate.
-
-```toml tab="File (TOML)"
-[providers.redis.tls]
-  insecureSkipVerify = true
-```
-
-```yaml tab="File (YAML)"
-providers:
-  redis:
-    tls:
-      insecureSkipVerify: true
-```
-
-```bash tab="CLI"
---providers.redis.tls.insecureSkipVerify=true
-```

docs/content/providers/zookeeper.md

@@ -1,216 +0,0 @@
-# Traefik & ZooKeeper
-
-A Story of KV store & Containers
-{: .subtitle }
-
-Store your configuration in ZooKeeper and let Traefik do the rest!
-
-## Routing Configuration
-
-See the dedicated section in [routing](../routing/providers/kv.md).
-
-## Provider Configuration
-
-### `endpoints`
-
-_Required, Default="127.0.0.1:2181"_
-
-Defines how to access to ZooKeeper.
-
-```toml tab="File (TOML)"
-[providers.zooKeeper]
-  endpoints = ["127.0.0.1:2181"]
-```
-
-```yaml tab="File (YAML)"
-providers:
-  zooKeeper:
-    endpoints:
-      - "127.0.0.1:2181"
-```
-
-```bash tab="CLI"
---providers.zookeeper.endpoints=127.0.0.1:2181
-```
-
-### `rootKey`
-
-Defines the root key of the configuration.
-
-_Required, Default="traefik"_
-
-```toml tab="File (TOML)"
-[providers.zooKeeper]
-  rootKey = "traefik"
-```
-
-```yaml tab="File (YAML)"
-providers:
-  zooKeeper:
-    rootKey: "traefik"
-```
-
-```bash tab="CLI"
---providers.zookeeper.rootkey=traefik
-```
-
-### `username`
-
-Defines a username to connect with ZooKeeper.
-
-_Optional, Default=""_
-
-```toml tab="File (TOML)"
-[providers.zooKeeper]
-  # ...
-  username = "foo"
-```
-
-```yaml tab="File (YAML)"
-providers:
-  zooKeeper:
-    # ...
-    usename: "foo"
-```
-
-```bash tab="CLI"
---providers.zookeeper.username=foo
-```
-
-### `password`
-
-_Optional, Default=""_
-
-Defines a password to connect with ZooKeeper.
-
-```toml tab="File (TOML)"
-[providers.zooKeeper]
-  # ...
-  password = "bar"
-```
-
-```yaml tab="File (YAML)"
-providers:
-  zooKeeper:
-    # ...
-    password: "bar"
-```
-
-```bash tab="CLI"
---providers.zookeeper.password=foo
-```
-
-### `tls`
-
-_Optional_
-
-#### `tls.ca`
-
-Certificate Authority used for the secured connection to ZooKeeper.
-
-```toml tab="File (TOML)"
-[providers.zooKeeper.tls]
-  ca = "path/to/ca.crt"
-```
-
-```yaml tab="File (YAML)"
-providers:
-  zooKeeper:
-    tls:
-      ca: path/to/ca.crt
-```
-
-```bash tab="CLI"
---providers.zookeeper.tls.ca=path/to/ca.crt
-```
-
-#### `tls.caOptional`
-
-Policy followed for the secured connection with TLS Client Authentication to ZooKeeper.
-Requires `tls.ca` to be defined.
-
-- `true`: VerifyClientCertIfGiven
-- `false`: RequireAndVerifyClientCert
-- if `tls.ca` is undefined NoClientCert
-
-```toml tab="File (TOML)"
-[providers.zooKeeper.tls]
-  caOptional = true
-```
-
-```yaml tab="File (YAML)"
-providers:
-  zooKeeper:
-    tls:
-      caOptional: true
-```
-
-```bash tab="CLI"
---providers.zookeeper.tls.caOptional=true
-```
-
-#### `tls.cert`
-
-Public certificate used for the secured connection to ZooKeeper.
-
-```toml tab="File (TOML)"
-[providers.zooKeeper.tls]
-  cert = "path/to/foo.cert"
-  key = "path/to/foo.key"
-```
-
-```yaml tab="File (YAML)"
-providers:
-  zooKeeper:
-    tls:
-      cert: path/to/foo.cert
-      key: path/to/foo.key
-```
-
-```bash tab="CLI"
---providers.zookeeper.tls.cert=path/to/foo.cert
---providers.zookeeper.tls.key=path/to/foo.key
-```
-
-#### `tls.key`
-
-Private certificate used for the secured connection to ZooKeeper.
-
-```toml tab="File (TOML)"
-[providers.zooKeeper.tls]
-  cert = "path/to/foo.cert"
-  key = "path/to/foo.key"
-```
-
-```yaml tab="File (YAML)"
-providers:
-  zooKeeper:
-    tls:
-      cert: path/to/foo.cert
-      key: path/to/foo.key
-```
-
-```bash tab="CLI"
---providers.zookeeper.tls.cert=path/to/foo.cert
---providers.zookeeper.tls.key=path/to/foo.key
-```
-
-#### `tls.insecureSkipVerify`
-
-If `insecureSkipVerify` is `true`, TLS for the connection to ZooKeeper accepts any certificate presented by the server and any host name in that certificate.
-
-```toml tab="File (TOML)"
-[providers.zooKeeper.tls]
-  insecureSkipVerify = true
-```
-
-```yaml tab="File (YAML)"
-providers:
-  zooKeeper:
-    tls:
-      insecureSkipVerify: true
-```
-
-```bash tab="CLI"
---providers.zookeeper.tls.insecureSkipVerify=true
-```

docs/content/reference/dynamic-configuration/docker-labels.yml

@@ -34,7 +34,6 @@
 - "traefik.http.middlewares.middleware10.headers.accesscontrolallowheaders=foobar, foobar"
 - "traefik.http.middlewares.middleware10.headers.accesscontrolallowmethods=foobar, foobar"
 - "traefik.http.middlewares.middleware10.headers.accesscontrolalloworigin=foobar"
-- "traefik.http.middlewares.middleware10.headers.accesscontrolalloworiginlist=foobar, foobar"
 - "traefik.http.middlewares.middleware10.headers.accesscontrolexposeheaders=foobar, foobar"
 - "traefik.http.middlewares.middleware10.headers.accesscontrolmaxage=42"
 - "traefik.http.middlewares.middleware10.headers.addvaryheader=true"
@@ -82,7 +81,6 @@
 - "traefik.http.middlewares.middleware13.passtlsclientcert.info.notafter=true"
 - "traefik.http.middlewares.middleware13.passtlsclientcert.info.notbefore=true"
 - "traefik.http.middlewares.middleware13.passtlsclientcert.info.sans=true"
-- "traefik.http.middlewares.middleware13.passtlsclientcert.info.serialnumber=true"
 - "traefik.http.middlewares.middleware13.passtlsclientcert.info.subject.commonname=true"
 - "traefik.http.middlewares.middleware13.passtlsclientcert.info.subject.country=true"
 - "traefik.http.middlewares.middleware13.passtlsclientcert.info.subject.domaincomponent=true"
@@ -91,27 +89,25 @@
 - "traefik.http.middlewares.middleware13.passtlsclientcert.info.subject.province=true"
 - "traefik.http.middlewares.middleware13.passtlsclientcert.info.subject.serialnumber=true"
 - "traefik.http.middlewares.middleware13.passtlsclientcert.pem=true"
-- "traefik.http.middlewares.middleware14.plugin.foobar.foo=bar"
-- "traefik.http.middlewares.middleware15.ratelimit.average=42"
-- "traefik.http.middlewares.middleware15.ratelimit.burst=42"
-- "traefik.http.middlewares.middleware15.ratelimit.period=42"
-- "traefik.http.middlewares.middleware15.ratelimit.sourcecriterion.ipstrategy.depth=42"
-- "traefik.http.middlewares.middleware15.ratelimit.sourcecriterion.ipstrategy.excludedips=foobar, foobar"
-- "traefik.http.middlewares.middleware15.ratelimit.sourcecriterion.requestheadername=foobar"
-- "traefik.http.middlewares.middleware15.ratelimit.sourcecriterion.requesthost=true"
-- "traefik.http.middlewares.middleware16.redirectregex.permanent=true"
-- "traefik.http.middlewares.middleware16.redirectregex.regex=foobar"
-- "traefik.http.middlewares.middleware16.redirectregex.replacement=foobar"
-- "traefik.http.middlewares.middleware17.redirectscheme.permanent=true"
-- "traefik.http.middlewares.middleware17.redirectscheme.port=foobar"
-- "traefik.http.middlewares.middleware17.redirectscheme.scheme=foobar"
-- "traefik.http.middlewares.middleware18.replacepath.path=foobar"
-- "traefik.http.middlewares.middleware19.replacepathregex.regex=foobar"
-- "traefik.http.middlewares.middleware19.replacepathregex.replacement=foobar"
-- "traefik.http.middlewares.middleware20.retry.attempts=42"
-- "traefik.http.middlewares.middleware21.stripprefix.forceslash=true"
-- "traefik.http.middlewares.middleware21.stripprefix.prefixes=foobar, foobar"
-- "traefik.http.middlewares.middleware22.stripprefixregex.regex=foobar, foobar"
+- "traefik.http.middlewares.middleware14.ratelimit.average=42"
+- "traefik.http.middlewares.middleware14.ratelimit.burst=42"
+- "traefik.http.middlewares.middleware14.ratelimit.sourcecriterion.ipstrategy.depth=42"
+- "traefik.http.middlewares.middleware14.ratelimit.sourcecriterion.ipstrategy.excludedips=foobar, foobar"
+- "traefik.http.middlewares.middleware14.ratelimit.sourcecriterion.requestheadername=foobar"
+- "traefik.http.middlewares.middleware14.ratelimit.sourcecriterion.requesthost=true"
+- "traefik.http.middlewares.middleware15.redirectregex.permanent=true"
+- "traefik.http.middlewares.middleware15.redirectregex.regex=foobar"
+- "traefik.http.middlewares.middleware15.redirectregex.replacement=foobar"
+- "traefik.http.middlewares.middleware16.redirectscheme.permanent=true"
+- "traefik.http.middlewares.middleware16.redirectscheme.port=foobar"
+- "traefik.http.middlewares.middleware16.redirectscheme.scheme=foobar"
+- "traefik.http.middlewares.middleware17.replacepath.path=foobar"
+- "traefik.http.middlewares.middleware18.replacepathregex.regex=foobar"
+- "traefik.http.middlewares.middleware18.replacepathregex.replacement=foobar"
+- "traefik.http.middlewares.middleware19.retry.attempts=42"
+- "traefik.http.middlewares.middleware20.stripprefix.forceslash=true"
+- "traefik.http.middlewares.middleware20.stripprefix.prefixes=foobar, foobar"
+- "traefik.http.middlewares.middleware21.stripprefixregex.regex=foobar, foobar"
 - "traefik.http.routers.router0.entrypoints=foobar, foobar"
 - "traefik.http.routers.router0.middlewares=foobar, foobar"
 - "traefik.http.routers.router0.priority=42"
@@ -136,7 +132,6 @@
 - "traefik.http.routers.router1.tls.domains[1].main=foobar"
 - "traefik.http.routers.router1.tls.domains[1].sans=foobar, foobar"
 - "traefik.http.routers.router1.tls.options=foobar"
-- "traefik.http.services.service01.loadbalancer.healthcheck.followredirects=true"
 - "traefik.http.services.service01.loadbalancer.healthcheck.headers.name0=foobar"
 - "traefik.http.services.service01.loadbalancer.healthcheck.headers.name1=foobar"
 - "traefik.http.services.service01.loadbalancer.healthcheck.hostname=foobar"
@@ -145,14 +140,13 @@
 - "traefik.http.services.service01.loadbalancer.healthcheck.port=42"
 - "traefik.http.services.service01.loadbalancer.healthcheck.scheme=foobar"
 - "traefik.http.services.service01.loadbalancer.healthcheck.timeout=foobar"
-- "traefik.http.services.service01.loadbalancer.healthcheck.followredirects=true"
 - "traefik.http.services.service01.loadbalancer.passhostheader=true"
 - "traefik.http.services.service01.loadbalancer.responseforwarding.flushinterval=foobar"
-- "traefik.http.services.service01.loadbalancer.sticky.cookie=true"
+- "traefik.http.services.service01.loadbalancer.sticky=true"
 - "traefik.http.services.service01.loadbalancer.sticky.cookie.httponly=true"
 - "traefik.http.services.service01.loadbalancer.sticky.cookie.name=foobar"
-- "traefik.http.services.service01.loadbalancer.sticky.cookie.samesite=foobar"
 - "traefik.http.services.service01.loadbalancer.sticky.cookie.secure=true"
+- "traefik.http.services.service01.loadbalancer.sticky.cookie.samesite=foobar"
 - "traefik.http.services.service01.loadbalancer.server.port=foobar"
 - "traefik.http.services.service01.loadbalancer.server.scheme=foobar"
 - "traefik.tcp.routers.tcprouter0.entrypoints=foobar, foobar"
@@ -179,8 +173,3 @@
 - "traefik.tcp.routers.tcprouter1.tls.passthrough=true"
 - "traefik.tcp.services.tcpservice01.loadbalancer.terminationdelay=42"
 - "traefik.tcp.services.tcpservice01.loadbalancer.server.port=foobar"
-- "traefik.udp.routers.udprouter0.entrypoints=foobar, foobar"
-- "traefik.udp.routers.udprouter0.service=foobar"
-- "traefik.udp.routers.udprouter1.entrypoints=foobar, foobar"
-- "traefik.udp.routers.udprouter1.service=foobar"
-- "traefik.udp.services.udpservice01.loadbalancer.server.port=foobar"

docs/content/reference/dynamic-configuration/ecs.md

@@ -1,11 +0,0 @@
-# ECS Configuration Reference
-
-Dynamic configuration with ECS provider
-{: .subtitle }
-
-The labels are case insensitive.
-
-```yaml
---8<-- "content/reference/dynamic-configuration/ecs.yml"
---8<-- "content/reference/dynamic-configuration/docker-labels.yml"
-```

docs/content/reference/dynamic-configuration/ecs.yml

@@ -1 +0,0 @@
-- "traefik.enable=true"

docs/content/reference/dynamic-configuration/file.toml

@@ -57,7 +57,6 @@
           interval = "foobar"
           timeout = "foobar"
           hostname = "foobar"
-          followRedirects = true
           [http.services.Service01.loadBalancer.healthCheck.headers]
             name0 = "foobar"
             name1 = "foobar"
@@ -66,7 +65,6 @@
     [http.services.Service02]
       [http.services.Service02.mirroring]
         service = "foobar"
-        maxBodySize = 42
 
         [[http.services.Service02.mirroring.mirrors]]
           name = "foobar"
@@ -150,7 +148,6 @@
         accessControlAllowHeaders = ["foobar", "foobar"]
         accessControlAllowMethods = ["foobar", "foobar"]
         accessControlAllowOrigin = "foobar"
-        accessControlAllowOriginList = ["foobar", "foobar"]
         accessControlExposeHeaders = ["foobar", "foobar"]
         accessControlMaxAge = 42
         addVaryHeader = true
@@ -205,7 +202,6 @@
           notAfter = true
           notBefore = true
           sans = true
-          serialNumber = true
           [http.middlewares.Middleware13.passTLSClientCert.info.subject]
             country = true
             province = true
@@ -223,46 +219,41 @@
             serialNumber = true
             domainComponent = true
     [http.middlewares.Middleware14]
-      [http.middlewares.Middleware14.plugin]
-        [http.middlewares.Middleware14.plugin.PluginConf]
-          foo = "bar"
-    [http.middlewares.Middleware15]
-      [http.middlewares.Middleware15.rateLimit]
+      [http.middlewares.Middleware14.rateLimit]
         average = 42
-        period = 42
         burst = 42
-        [http.middlewares.Middleware15.rateLimit.sourceCriterion]
+        [http.middlewares.Middleware14.rateLimit.sourceCriterion]
           requestHeaderName = "foobar"
           requestHost = true
-          [http.middlewares.Middleware15.rateLimit.sourceCriterion.ipStrategy]
+          [http.middlewares.Middleware14.rateLimit.sourceCriterion.ipStrategy]
             depth = 42
             excludedIPs = ["foobar", "foobar"]
-    [http.middlewares.Middleware16]
-      [http.middlewares.Middleware16.redirectRegex]
+    [http.middlewares.Middleware15]
+      [http.middlewares.Middleware15.redirectRegex]
         regex = "foobar"
         replacement = "foobar"
         permanent = true
-    [http.middlewares.Middleware17]
-      [http.middlewares.Middleware17.redirectScheme]
+    [http.middlewares.Middleware16]
+      [http.middlewares.Middleware16.redirectScheme]
         scheme = "foobar"
         port = "foobar"
         permanent = true
-    [http.middlewares.Middleware18]
-      [http.middlewares.Middleware18.replacePath]
+    [http.middlewares.Middleware17]
+      [http.middlewares.Middleware17.replacePath]
         path = "foobar"
-    [http.middlewares.Middleware19]
-      [http.middlewares.Middleware19.replacePathRegex]
+    [http.middlewares.Middleware18]
+      [http.middlewares.Middleware18.replacePathRegex]
         regex = "foobar"
         replacement = "foobar"
-    [http.middlewares.Middleware20]
-      [http.middlewares.Middleware20.retry]
+    [http.middlewares.Middleware19]
+      [http.middlewares.Middleware19.retry]
         attempts = 42
-    [http.middlewares.Middleware21]
-      [http.middlewares.Middleware21.stripPrefix]
+    [http.middlewares.Middleware20]
+      [http.middlewares.Middleware20.stripPrefix]
         prefixes = ["foobar", "foobar"]
         forceSlash = true
-    [http.middlewares.Middleware22]
-      [http.middlewares.Middleware22.stripPrefixRegex]
+    [http.middlewares.Middleware21]
+      [http.middlewares.Middleware21.stripPrefixRegex]
         regex = ["foobar", "foobar"]
 
 [tcp]
@@ -320,34 +311,6 @@
           name = "foobar"
           weight = 42
 
-[udp]
-  [udp.routers]
-    [udp.routers.UDPRouter0]
-      entryPoints = ["foobar", "foobar"]
-      service = "foobar"
-    [udp.routers.UDPRouter1]
-      entryPoints = ["foobar", "foobar"]
-      service = "foobar"
-  [udp.services]
-    [udp.services.UDPService01]
-      [udp.services.UDPService01.loadBalancer]
-
-        [[udp.services.UDPService01.loadBalancer.servers]]
-          address = "foobar"
-
-        [[udp.services.UDPService01.loadBalancer.servers]]
-          address = "foobar"
-    [udp.services.UDPService02]
-      [udp.services.UDPService02.weighted]
-
-        [[udp.services.UDPService02.weighted.services]]
-          name = "foobar"
-          weight = 42
-
-        [[udp.services.UDPService02.weighted.services]]
-          name = "foobar"
-          weight = 42
-
 [tls]
 
   [[tls.certificates]]
@@ -366,7 +329,6 @@
       cipherSuites = ["foobar", "foobar"]
       curvePreferences = ["foobar", "foobar"]
       sniStrict = true
-      preferServerCipherSuites = true
       [tls.options.Options0.clientAuth]
         caFiles = ["foobar", "foobar"]
         clientAuthType = "foobar"
@@ -376,7 +338,6 @@
       cipherSuites = ["foobar", "foobar"]
       curvePreferences = ["foobar", "foobar"]
       sniStrict = true
-      preferServerCipherSuites = true
       [tls.options.Options1.clientAuth]
         caFiles = ["foobar", "foobar"]
         clientAuthType = "foobar"

docs/content/reference/dynamic-configuration/file.yaml

@@ -63,7 +63,6 @@ http:
           interval: foobar
           timeout: foobar
           hostname: foobar
-          followRedirects: true
           headers:
             name0: foobar
             name1: foobar
@@ -73,7 +72,6 @@ http:
     Service02:
       mirroring:
         service: foobar
-        maxBodySize: 42
         mirrors:
         - name: foobar
           percent: 42
@@ -173,9 +171,6 @@ http:
         - foobar
         - foobar
         accessControlAllowOrigin: foobar
-        accessControlAllowOriginList:
-        - foobar
-        - foobar
         accessControlExposeHeaders:
         - foobar
         - foobar
@@ -222,7 +217,7 @@ http:
       inFlightReq:
         amount: 42
         sourceCriterion:
-          ipStrategy:
+          ipstrategy:
             depth: 42
             excludedIPs:
             - foobar
@@ -252,51 +247,45 @@ http:
             commonName: true
             serialNumber: true
             domainComponent: true
-          serialNumber: true
     Middleware14:
-      plugin:
-        PluginConf:
-          foo = "bar"
-    Middleware15:
       rateLimit:
         average: 42
-        period: 42
         burst: 42
         sourceCriterion:
-          ipStrategy:
+          ipstrategy:
             depth: 42
             excludedIPs:
             - foobar
             - foobar
           requestHeaderName: foobar
           requestHost: true
-    Middleware16:
+    Middleware15:
       redirectRegex:
         regex: foobar
         replacement: foobar
         permanent: true
-    Middleware17:
+    Middleware16:
       redirectScheme:
         scheme: foobar
         port: foobar
         permanent: true
-    Middleware18:
+    Middleware17:
       replacePath:
         path: foobar
-    Middleware19:
+    Middleware18:
       replacePathRegex:
         regex: foobar
         replacement: foobar
-    Middleware20:
+    Middleware19:
       retry:
         attempts: 42
-    Middleware21:
+    Middleware20:
       stripPrefix:
         prefixes:
         - foobar
         - foobar
         forceSlash: true
-    Middleware22:
+    Middleware21:
       stripPrefixRegex:
         regex:
         - foobar
@@ -355,31 +344,6 @@ tcp:
           weight: 42
         - name: foobar
           weight: 42
-udp:
-  routers:
-    UDPRouter0:
-      entryPoints:
-      - foobar
-      - foobar
-      service: foobar
-    UDPRouter1:
-      entryPoints:
-      - foobar
-      - foobar
-      service: foobar
-  services:
-    UDPService01:
-      loadBalancer:
-        servers:
-        - address: foobar
-        - address: foobar
-    UDPService02:
-      weighted:
-        services:
-        - name: foobar
-          weight: 42
-        - name: foobar
-          weight: 42
 tls:
   certificates:
   - certFile: foobar
@@ -408,7 +372,6 @@ tls:
         - foobar
         clientAuthType: foobar
       sniStrict: true
-      preferServerCipherSuites: true
     Options1:
       minVersion: foobar
       maxVersion: foobar
@@ -424,7 +387,6 @@ tls:
         - foobar
         clientAuthType: foobar
       sniStrict: true
-      preferServerCipherSuites: true
   stores:
     Store0:
       defaultCertificate:

docs/content/reference/dynamic-configuration/kubernetes-crd-definition.yml

@@ -42,21 +42,6 @@ spec:
     singular: ingressroutetcp
   scope: Namespaced
 
----
-apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
-metadata:
-  name: ingressrouteudps.traefik.containo.us
-
-spec:
-  group: traefik.containo.us
-  version: v1alpha1
-  names:
-    kind: IngressRouteUDP
-    plural: ingressrouteudps
-    singular: ingressrouteudp
-  scope: Namespaced
-
 ---
 apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition
@@ -72,21 +57,6 @@ spec:
     singular: tlsoption
   scope: Namespaced
 
----
-apiVersion: apiextensions.k8s.io/v1beta1
-kind: CustomResourceDefinition
-metadata:
-  name: tlsstores.traefik.containo.us
-
-spec:
-  group: traefik.containo.us
-  version: v1alpha1
-  names:
-    kind: TLSStore
-    plural: tlsstores
-    singular: tlsstore
-  scope: Namespaced
-
 ---
 apiVersion: apiextensions.k8s.io/v1beta1
 kind: CustomResourceDefinition

docs/content/reference/dynamic-configuration/kubernetes-crd-ingressroutetcp-definition.yml

@@ -0,0 +1,13 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: ingressroutetcps.traefik.containo.us
+
+spec:
+  group: traefik.containo.us
+  version: v1alpha1
+  names:
+    kind: IngressRouteTCP
+    plural: ingressroutetcps
+    singular: ingressroutetcp
+  scope: Namespaced

docs/content/reference/dynamic-configuration/kubernetes-crd-rbac.yml

@@ -16,10 +16,8 @@ rules:
       - watch
   - apiGroups:
       - extensions
-      - networking.k8s.io
     resources:
       - ingresses
-      - ingressclasses
     verbs:
       - get
       - list
@@ -37,9 +35,7 @@ rules:
       - ingressroutes
       - traefikservices
       - ingressroutetcps
-      - ingressrouteudps
       - tlsoptions
-      - tlsstores
     verbs:
       - get
       - list

docs/content/reference/dynamic-configuration/kubernetes-crd-resource.yml

@@ -65,8 +65,6 @@ spec:
     kind: TraefikService
     mirrors:
       - name: s2
-        # Optional
-        maxBodySize: 2000000000
         # Optional, as it is the default value
         kind: Service
         percent: 20
@@ -82,7 +80,7 @@ spec:
     - web
     - websecure
   routes:
-    - match: Host(`example.net`) && PathPrefix(`/bar`)
+    - match: Host(`foo.com`) && PathPrefix(`/bar`)
       kind: Rule
       priority: 12
       # defining several services is possible and allowed, but for now the servers of
@@ -91,11 +89,21 @@ spec:
       services:
         - name: s1
           port: 80
+          healthCheck:
+            path: /health
+            host: baz.com
+            intervalSeconds: 7
+            timeoutSeconds: 60
           # strategy defines the load balancing strategy between the servers. It defaults
           # to Round Robin, and for now only Round Robin is supported anyway.
           strategy: RoundRobin
         - name: s2
           port: 433
+          healthCheck:
+            path: /health
+            host: baz.com
+            intervalSeconds: 7
+            timeoutSeconds: 60
     - match: PathPrefix(`/misc`)
       services:
         - name: s3
@@ -123,7 +131,7 @@ spec:
   tls:
     secretName: supersecret
     options:
-      name: my-tls-option
+      name: myTLSOption
       namespace: default
 
 ---
@@ -137,7 +145,7 @@ spec:
   entryPoints:
     - footcp
   routes:
-    - match: HostSNI(`example.com`)
+    - match: HostSNI(`bar.com`)
       services:
         - name: whoamitcp
           port: 8080
@@ -145,44 +153,5 @@ spec:
     secretName: foosecret
     passthrough: false
     options:
-      name: my-tls-option
+      name: myTLSOption
       namespace: default
-
----
-apiVersion: traefik.containo.us/v1alpha1
-kind: IngressRouteUDP
-metadata:
-  name: ingressrouteudp.crd
-  namespace: default
-
-spec:
-  entryPoints:
-    - footcp
-  routes:
-    - services:
-        - name: whoamiudp
-          port: 8080
-
----
-apiVersion: traefik.containo.us/v1alpha1
-kind: TLSOption
-metadata:
-  name: tlsoption
-  namespace: default
-
-spec:
-  minVersion: foobar
-  maxVersion: foobar
-  cipherSuites:
-    - foobar
-    - foobar
-  curvePreferences:
-    - foobar
-    - foobar
-  clientAuth:
-    caFiles:
-      - foobar
-      - foobar
-    clientAuthType: foobar
-  sniStrict: true
-  preferServerCipherSuites: true

docs/content/reference/dynamic-configuration/kubernetes-crd.yml

@@ -0,0 +1,231 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: ingressroutes.traefik.containo.us
+
+spec:
+  group: traefik.containo.us
+  version: v1alpha1
+  names:
+    kind: IngressRoute
+    plural: ingressroutes
+    singular: ingressroute
+  scope: Namespaced
+
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: middlewares.traefik.containo.us
+spec:
+  group: traefik.containo.us
+  version: v1alpha1
+  names:
+    kind: Middleware
+    plural: middlewares
+    singular: middleware
+  scope: Namespaced
+
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: tlsoptions.traefik.containo.us
+
+spec:
+  group: traefik.containo.us
+  version: v1alpha1
+  names:
+    kind: TLSOption
+    plural: tlsoptions
+    singular: tlsoption
+  scope: Namespaced
+
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: ingressroutetcps.traefik.containo.us
+
+spec:
+  group: traefik.containo.us
+  version: v1alpha1
+  names:
+    kind: IngressRouteTCP
+    plural: ingressroutetcps
+    singular: ingressroutetcp
+  scope: Namespaced
+
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: traefikservices.traefik.containo.us
+
+spec:
+  group: traefik.containo.us
+  version: v1alpha1
+  names:
+    kind: TraefikService
+    plural: traefikservices
+    singular: traefikservice
+  scope: Namespaced
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: TraefikService
+metadata:
+  name: wrr2
+  namespace: default
+
+spec:
+  weighted:
+    services:
+      - name: s1
+        weight: 1
+        port: 80
+        # Optional, as it is the default value
+        kind: Service
+      - name: s3
+        weight: 1
+        port: 80
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: TraefikService
+metadata:
+  name: wrr1
+  namespace: default
+
+spec:
+  weighted:
+    services:
+      - name: wrr2
+        kind: TraefikService
+        weight: 1
+      - name: s3
+        weight: 1
+        port: 80
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: TraefikService
+metadata:
+  name: mirror1
+  namespace: default
+
+spec:
+  mirroring:
+    name: s1
+    port: 80
+    mirrors:
+      - name: s3
+        percent: 20
+        port: 80
+      - name: mirror2
+        kind: TraefikService
+        percent: 20
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: TraefikService
+metadata:
+  name: mirror2
+  namespace: default
+
+spec:
+  mirroring:
+    name: wrr2
+    kind: TraefikService
+    mirrors:
+      - name: s2
+        # Optional, as it is the default value
+        kind: Service
+        percent: 20
+        port: 80
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRoute
+metadata:
+  name: ingressroute
+spec:
+  entryPoints:
+    - web
+    - websecure
+  routes:
+    - match: Host(`foo.com`) && PathPrefix(`/bar`)
+      kind: Rule
+      priority: 12
+      # defining several services is possible and allowed, but for now the servers of
+      # all the services (for a given route) get merged altogether under the same
+      # load-balancing strategy.
+      services:
+        - name: s1
+          port: 80
+          healthCheck:
+            path: /health
+            host: baz.com
+            intervalSeconds: 7
+            timeoutSeconds: 60
+          # strategy defines the load balancing strategy between the servers. It defaults
+          # to Round Robin, and for now only Round Robin is supported anyway.
+          strategy: RoundRobin
+        - name: s2
+          port: 433
+          healthCheck:
+            path: /health
+            host: baz.com
+            intervalSeconds: 7
+            timeoutSeconds: 60
+    - match: PathPrefix(`/misc`)
+      services:
+        - name: s3
+          port: 80
+      middlewares:
+        - name: stripprefix
+        - name: addprefix
+    - match: PathPrefix(`/misc`)
+      services:
+        - name: s3
+          # Optional, as it is the default value
+          kind: Service
+          port: 8443
+          # scheme allow to override the scheme for the service. (ex: https or h2c)
+          scheme: https
+    - match: PathPrefix(`/lb`)
+      services:
+        - name: wrr1
+          kind: TraefikService
+    - match: PathPrefix(`/mirrored`)
+      services:
+        - name: mirror1
+          kind: TraefikService
+  # use an empty tls object for TLS with Let's Encrypt
+  tls:
+    secretName: supersecret
+    options:
+      name: myTLSOption
+      namespace: default
+
+---
+apiVersion: traefik.containo.us/v1alpha1
+kind: IngressRouteTCP
+metadata:
+  name: ingressroutetcp.crd
+  namespace: default
+
+spec:
+  entryPoints:
+    - footcp
+  routes:
+    - match: HostSNI(`bar.com`)
+      services:
+        - name: whoamitcp
+          port: 8080
+  tls:
+    secretName: foosecret
+    passthrough: false
+    options:
+      name: myTLSOption
+      namespace: default

docs/content/reference/dynamic-configuration/kv-ref.md

@@ -1,271 +0,0 @@
-| `traefik/http/middlewares/Middleware00/addPrefix/prefix` | `foobar` |
-| `traefik/http/middlewares/Middleware01/basicAuth/headerField` | `foobar` |
-| `traefik/http/middlewares/Middleware01/basicAuth/realm` | `foobar` |
-| `traefik/http/middlewares/Middleware01/basicAuth/removeHeader` | `true` |
-| `traefik/http/middlewares/Middleware01/basicAuth/users/0` | `foobar` |
-| `traefik/http/middlewares/Middleware01/basicAuth/users/1` | `foobar` |
-| `traefik/http/middlewares/Middleware01/basicAuth/usersFile` | `foobar` |
-| `traefik/http/middlewares/Middleware02/buffering/maxRequestBodyBytes` | `42` |
-| `traefik/http/middlewares/Middleware02/buffering/maxResponseBodyBytes` | `42` |
-| `traefik/http/middlewares/Middleware02/buffering/memRequestBodyBytes` | `42` |
-| `traefik/http/middlewares/Middleware02/buffering/memResponseBodyBytes` | `42` |
-| `traefik/http/middlewares/Middleware02/buffering/retryExpression` | `foobar` |
-| `traefik/http/middlewares/Middleware03/chain/middlewares/0` | `foobar` |
-| `traefik/http/middlewares/Middleware03/chain/middlewares/1` | `foobar` |
-| `traefik/http/middlewares/Middleware04/circuitBreaker/expression` | `foobar` |
-| `traefik/http/middlewares/Middleware05/compress/excludedContentTypes/0` | `foobar` |
-| `traefik/http/middlewares/Middleware05/compress/excludedContentTypes/1` | `foobar` |
-| `traefik/http/middlewares/Middleware06/contentType/autoDetect` | `true` |
-| `traefik/http/middlewares/Middleware07/digestAuth/headerField` | `foobar` |
-| `traefik/http/middlewares/Middleware07/digestAuth/realm` | `foobar` |
-| `traefik/http/middlewares/Middleware07/digestAuth/removeHeader` | `true` |
-| `traefik/http/middlewares/Middleware07/digestAuth/users/0` | `foobar` |
-| `traefik/http/middlewares/Middleware07/digestAuth/users/1` | `foobar` |
-| `traefik/http/middlewares/Middleware07/digestAuth/usersFile` | `foobar` |
-| `traefik/http/middlewares/Middleware08/errors/query` | `foobar` |
-| `traefik/http/middlewares/Middleware08/errors/service` | `foobar` |
-| `traefik/http/middlewares/Middleware08/errors/status/0` | `foobar` |
-| `traefik/http/middlewares/Middleware08/errors/status/1` | `foobar` |
-| `traefik/http/middlewares/Middleware09/forwardAuth/address` | `foobar` |
-| `traefik/http/middlewares/Middleware09/forwardAuth/authResponseHeaders/0` | `foobar` |
-| `traefik/http/middlewares/Middleware09/forwardAuth/authResponseHeaders/1` | `foobar` |
-| `traefik/http/middlewares/Middleware09/forwardAuth/tls/ca` | `foobar` |
-| `traefik/http/middlewares/Middleware09/forwardAuth/tls/caOptional` | `true` |
-| `traefik/http/middlewares/Middleware09/forwardAuth/tls/cert` | `foobar` |
-| `traefik/http/middlewares/Middleware09/forwardAuth/tls/insecureSkipVerify` | `true` |
-| `traefik/http/middlewares/Middleware09/forwardAuth/tls/key` | `foobar` |
-| `traefik/http/middlewares/Middleware09/forwardAuth/trustForwardHeader` | `true` |
-| `traefik/http/middlewares/Middleware10/headers/accessControlAllowCredentials` | `true` |
-| `traefik/http/middlewares/Middleware10/headers/accessControlAllowHeaders/0` | `foobar` |
-| `traefik/http/middlewares/Middleware10/headers/accessControlAllowHeaders/1` | `foobar` |
-| `traefik/http/middlewares/Middleware10/headers/accessControlAllowMethods/0` | `foobar` |
-| `traefik/http/middlewares/Middleware10/headers/accessControlAllowMethods/1` | `foobar` |
-| `traefik/http/middlewares/Middleware10/headers/accessControlAllowOrigin` | `foobar` |
-| `traefik/http/middlewares/Middleware10/headers/accessControlAllowOriginList/0` | `foobar` |
-| `traefik/http/middlewares/Middleware10/headers/accessControlAllowOriginList/1` | `foobar` |
-| `traefik/http/middlewares/Middleware10/headers/accessControlExposeHeaders/0` | `foobar` |
-| `traefik/http/middlewares/Middleware10/headers/accessControlExposeHeaders/1` | `foobar` |
-| `traefik/http/middlewares/Middleware10/headers/accessControlMaxAge` | `42` |
-| `traefik/http/middlewares/Middleware10/headers/addVaryHeader` | `true` |
-| `traefik/http/middlewares/Middleware10/headers/allowedHosts/0` | `foobar` |
-| `traefik/http/middlewares/Middleware10/headers/allowedHosts/1` | `foobar` |
-| `traefik/http/middlewares/Middleware10/headers/browserXssFilter` | `true` |
-| `traefik/http/middlewares/Middleware10/headers/contentSecurityPolicy` | `foobar` |
-| `traefik/http/middlewares/Middleware10/headers/contentTypeNosniff` | `true` |
-| `traefik/http/middlewares/Middleware10/headers/customBrowserXSSValue` | `foobar` |
-| `traefik/http/middlewares/Middleware10/headers/customFrameOptionsValue` | `foobar` |
-| `traefik/http/middlewares/Middleware10/headers/customRequestHeaders/name0` | `foobar` |
-| `traefik/http/middlewares/Middleware10/headers/customRequestHeaders/name1` | `foobar` |
-| `traefik/http/middlewares/Middleware10/headers/customResponseHeaders/name0` | `foobar` |
-| `traefik/http/middlewares/Middleware10/headers/customResponseHeaders/name1` | `foobar` |
-| `traefik/http/middlewares/Middleware10/headers/featurePolicy` | `foobar` |
-| `traefik/http/middlewares/Middleware10/headers/forceSTSHeader` | `true` |
-| `traefik/http/middlewares/Middleware10/headers/frameDeny` | `true` |
-| `traefik/http/middlewares/Middleware10/headers/hostsProxyHeaders/0` | `foobar` |
-| `traefik/http/middlewares/Middleware10/headers/hostsProxyHeaders/1` | `foobar` |
-| `traefik/http/middlewares/Middleware10/headers/isDevelopment` | `true` |
-| `traefik/http/middlewares/Middleware10/headers/publicKey` | `foobar` |
-| `traefik/http/middlewares/Middleware10/headers/referrerPolicy` | `foobar` |
-| `traefik/http/middlewares/Middleware10/headers/sslForceHost` | `true` |
-| `traefik/http/middlewares/Middleware10/headers/sslHost` | `foobar` |
-| `traefik/http/middlewares/Middleware10/headers/sslProxyHeaders/name0` | `foobar` |
-| `traefik/http/middlewares/Middleware10/headers/sslProxyHeaders/name1` | `foobar` |
-| `traefik/http/middlewares/Middleware10/headers/sslRedirect` | `true` |
-| `traefik/http/middlewares/Middleware10/headers/sslTemporaryRedirect` | `true` |
-| `traefik/http/middlewares/Middleware10/headers/stsIncludeSubdomains` | `true` |
-| `traefik/http/middlewares/Middleware10/headers/stsPreload` | `true` |
-| `traefik/http/middlewares/Middleware10/headers/stsSeconds` | `42` |
-| `traefik/http/middlewares/Middleware11/ipWhiteList/ipStrategy/depth` | `42` |
-| `traefik/http/middlewares/Middleware11/ipWhiteList/ipStrategy/excludedIPs/0` | `foobar` |
-| `traefik/http/middlewares/Middleware11/ipWhiteList/ipStrategy/excludedIPs/1` | `foobar` |
-| `traefik/http/middlewares/Middleware11/ipWhiteList/sourceRange/0` | `foobar` |
-| `traefik/http/middlewares/Middleware11/ipWhiteList/sourceRange/1` | `foobar` |
-| `traefik/http/middlewares/Middleware12/inFlightReq/amount` | `42` |
-| `traefik/http/middlewares/Middleware12/inFlightReq/sourceCriterion/ipStrategy/depth` | `42` |
-| `traefik/http/middlewares/Middleware12/inFlightReq/sourceCriterion/ipStrategy/excludedIPs/0` | `foobar` |
-| `traefik/http/middlewares/Middleware12/inFlightReq/sourceCriterion/ipStrategy/excludedIPs/1` | `foobar` |
-| `traefik/http/middlewares/Middleware12/inFlightReq/sourceCriterion/requestHeaderName` | `foobar` |
-| `traefik/http/middlewares/Middleware12/inFlightReq/sourceCriterion/requestHost` | `true` |
-| `traefik/http/middlewares/Middleware13/passTLSClientCert/info/issuer/commonName` | `true` |
-| `traefik/http/middlewares/Middleware13/passTLSClientCert/info/issuer/country` | `true` |
-| `traefik/http/middlewares/Middleware13/passTLSClientCert/info/issuer/domainComponent` | `true` |
-| `traefik/http/middlewares/Middleware13/passTLSClientCert/info/issuer/locality` | `true` |
-| `traefik/http/middlewares/Middleware13/passTLSClientCert/info/issuer/organization` | `true` |
-| `traefik/http/middlewares/Middleware13/passTLSClientCert/info/issuer/province` | `true` |
-| `traefik/http/middlewares/Middleware13/passTLSClientCert/info/issuer/serialNumber` | `true` |
-| `traefik/http/middlewares/Middleware13/passTLSClientCert/info/notAfter` | `true` |
-| `traefik/http/middlewares/Middleware13/passTLSClientCert/info/notBefore` | `true` |
-| `traefik/http/middlewares/Middleware13/passTLSClientCert/info/sans` | `true` |
-| `traefik/http/middlewares/Middleware13/passTLSClientCert/info/serialNumber` | `true` |
-| `traefik/http/middlewares/Middleware13/passTLSClientCert/info/subject/commonName` | `true` |
-| `traefik/http/middlewares/Middleware13/passTLSClientCert/info/subject/country` | `true` |
-| `traefik/http/middlewares/Middleware13/passTLSClientCert/info/subject/domainComponent` | `true` |
-| `traefik/http/middlewares/Middleware13/passTLSClientCert/info/subject/locality` | `true` |
-| `traefik/http/middlewares/Middleware13/passTLSClientCert/info/subject/organization` | `true` |
-| `traefik/http/middlewares/Middleware13/passTLSClientCert/info/subject/province` | `true` |
-| `traefik/http/middlewares/Middleware13/passTLSClientCert/info/subject/serialNumber` | `true` |
-| `traefik/http/middlewares/Middleware13/passTLSClientCert/pem` | `true` |
-| `traefik/http/middlewares/Middleware14/plugin/PluginConf/foo` | `bar` |
-| `traefik/http/middlewares/Middleware15/rateLimit/average` | `42` |
-| `traefik/http/middlewares/Middleware15/rateLimit/burst` | `42` |
-| `traefik/http/middlewares/Middleware15/rateLimit/period` | `42` |
-| `traefik/http/middlewares/Middleware15/rateLimit/sourceCriterion/ipStrategy/depth` | `42` |
-| `traefik/http/middlewares/Middleware15/rateLimit/sourceCriterion/ipStrategy/excludedIPs/0` | `foobar` |
-| `traefik/http/middlewares/Middleware15/rateLimit/sourceCriterion/ipStrategy/excludedIPs/1` | `foobar` |
-| `traefik/http/middlewares/Middleware15/rateLimit/sourceCriterion/requestHeaderName` | `foobar` |
-| `traefik/http/middlewares/Middleware15/rateLimit/sourceCriterion/requestHost` | `true` |
-| `traefik/http/middlewares/Middleware16/redirectRegex/permanent` | `true` |
-| `traefik/http/middlewares/Middleware16/redirectRegex/regex` | `foobar` |
-| `traefik/http/middlewares/Middleware16/redirectRegex/replacement` | `foobar` |
-| `traefik/http/middlewares/Middleware17/redirectScheme/permanent` | `true` |
-| `traefik/http/middlewares/Middleware17/redirectScheme/port` | `foobar` |
-| `traefik/http/middlewares/Middleware17/redirectScheme/scheme` | `foobar` |
-| `traefik/http/middlewares/Middleware18/replacePath/path` | `foobar` |
-| `traefik/http/middlewares/Middleware19/replacePathRegex/regex` | `foobar` |
-| `traefik/http/middlewares/Middleware19/replacePathRegex/replacement` | `foobar` |
-| `traefik/http/middlewares/Middleware20/retry/attempts` | `42` |
-| `traefik/http/middlewares/Middleware21/stripPrefix/forceSlash` | `true` |
-| `traefik/http/middlewares/Middleware21/stripPrefix/prefixes/0` | `foobar` |
-| `traefik/http/middlewares/Middleware21/stripPrefix/prefixes/1` | `foobar` |
-| `traefik/http/middlewares/Middleware22/stripPrefixRegex/regex/0` | `foobar` |
-| `traefik/http/middlewares/Middleware22/stripPrefixRegex/regex/1` | `foobar` |
-| `traefik/http/routers/Router0/entryPoints/0` | `foobar` |
-| `traefik/http/routers/Router0/entryPoints/1` | `foobar` |
-| `traefik/http/routers/Router0/middlewares/0` | `foobar` |
-| `traefik/http/routers/Router0/middlewares/1` | `foobar` |
-| `traefik/http/routers/Router0/priority` | `42` |
-| `traefik/http/routers/Router0/rule` | `foobar` |
-| `traefik/http/routers/Router0/service` | `foobar` |
-| `traefik/http/routers/Router0/tls/certResolver` | `foobar` |
-| `traefik/http/routers/Router0/tls/domains/0/main` | `foobar` |
-| `traefik/http/routers/Router0/tls/domains/0/sans/0` | `foobar` |
-| `traefik/http/routers/Router0/tls/domains/0/sans/1` | `foobar` |
-| `traefik/http/routers/Router0/tls/domains/1/main` | `foobar` |
-| `traefik/http/routers/Router0/tls/domains/1/sans/0` | `foobar` |
-| `traefik/http/routers/Router0/tls/domains/1/sans/1` | `foobar` |
-| `traefik/http/routers/Router0/tls/options` | `foobar` |
-| `traefik/http/routers/Router1/entryPoints/0` | `foobar` |
-| `traefik/http/routers/Router1/entryPoints/1` | `foobar` |
-| `traefik/http/routers/Router1/middlewares/0` | `foobar` |
-| `traefik/http/routers/Router1/middlewares/1` | `foobar` |
-| `traefik/http/routers/Router1/priority` | `42` |
-| `traefik/http/routers/Router1/rule` | `foobar` |
-| `traefik/http/routers/Router1/service` | `foobar` |
-| `traefik/http/routers/Router1/tls/certResolver` | `foobar` |
-| `traefik/http/routers/Router1/tls/domains/0/main` | `foobar` |
-| `traefik/http/routers/Router1/tls/domains/0/sans/0` | `foobar` |
-| `traefik/http/routers/Router1/tls/domains/0/sans/1` | `foobar` |
-| `traefik/http/routers/Router1/tls/domains/1/main` | `foobar` |
-| `traefik/http/routers/Router1/tls/domains/1/sans/0` | `foobar` |
-| `traefik/http/routers/Router1/tls/domains/1/sans/1` | `foobar` |
-| `traefik/http/routers/Router1/tls/options` | `foobar` |
-| `traefik/http/services/Service01/loadBalancer/healthCheck/followRedirects` | `true` |
-| `traefik/http/services/Service01/loadBalancer/healthCheck/headers/name0` | `foobar` |
-| `traefik/http/services/Service01/loadBalancer/healthCheck/headers/name1` | `foobar` |
-| `traefik/http/services/Service01/loadBalancer/healthCheck/hostname` | `foobar` |
-| `traefik/http/services/Service01/loadBalancer/healthCheck/interval` | `foobar` |
-| `traefik/http/services/Service01/loadBalancer/healthCheck/path` | `foobar` |
-| `traefik/http/services/Service01/loadBalancer/healthCheck/port` | `42` |
-| `traefik/http/services/Service01/loadBalancer/healthCheck/scheme` | `foobar` |
-| `traefik/http/services/Service01/loadBalancer/healthCheck/timeout` | `foobar` |
-| `traefik/http/services/Service01/loadBalancer/passHostHeader` | `true` |
-| `traefik/http/services/Service01/loadBalancer/responseForwarding/flushInterval` | `foobar` |
-| `traefik/http/services/Service01/loadBalancer/servers/0/url` | `foobar` |
-| `traefik/http/services/Service01/loadBalancer/servers/1/url` | `foobar` |
-| `traefik/http/services/Service01/loadBalancer/sticky/cookie/httpOnly` | `true` |
-| `traefik/http/services/Service01/loadBalancer/sticky/cookie/name` | `foobar` |
-| `traefik/http/services/Service01/loadBalancer/sticky/cookie/sameSite` | `foobar` |
-| `traefik/http/services/Service01/loadBalancer/sticky/cookie/secure` | `true` |
-| `traefik/http/services/Service02/mirroring/maxBodySize` | `42` |
-| `traefik/http/services/Service02/mirroring/mirrors/0/name` | `foobar` |
-| `traefik/http/services/Service02/mirroring/mirrors/0/percent` | `42` |
-| `traefik/http/services/Service02/mirroring/mirrors/1/name` | `foobar` |
-| `traefik/http/services/Service02/mirroring/mirrors/1/percent` | `42` |
-| `traefik/http/services/Service02/mirroring/service` | `foobar` |
-| `traefik/http/services/Service03/weighted/services/0/name` | `foobar` |
-| `traefik/http/services/Service03/weighted/services/0/weight` | `42` |
-| `traefik/http/services/Service03/weighted/services/1/name` | `foobar` |
-| `traefik/http/services/Service03/weighted/services/1/weight` | `42` |
-| `traefik/http/services/Service03/weighted/sticky/cookie/httpOnly` | `true` |
-| `traefik/http/services/Service03/weighted/sticky/cookie/name` | `foobar` |
-| `traefik/http/services/Service03/weighted/sticky/cookie/sameSite` | `foobar` |
-| `traefik/http/services/Service03/weighted/sticky/cookie/secure` | `true` |
-| `traefik/tcp/routers/TCPRouter0/entryPoints/0` | `foobar` |
-| `traefik/tcp/routers/TCPRouter0/entryPoints/1` | `foobar` |
-| `traefik/tcp/routers/TCPRouter0/rule` | `foobar` |
-| `traefik/tcp/routers/TCPRouter0/service` | `foobar` |
-| `traefik/tcp/routers/TCPRouter0/tls/certResolver` | `foobar` |
-| `traefik/tcp/routers/TCPRouter0/tls/domains/0/main` | `foobar` |
-| `traefik/tcp/routers/TCPRouter0/tls/domains/0/sans/0` | `foobar` |
-| `traefik/tcp/routers/TCPRouter0/tls/domains/0/sans/1` | `foobar` |
-| `traefik/tcp/routers/TCPRouter0/tls/domains/1/main` | `foobar` |
-| `traefik/tcp/routers/TCPRouter0/tls/domains/1/sans/0` | `foobar` |
-| `traefik/tcp/routers/TCPRouter0/tls/domains/1/sans/1` | `foobar` |
-| `traefik/tcp/routers/TCPRouter0/tls/options` | `foobar` |
-| `traefik/tcp/routers/TCPRouter0/tls/passthrough` | `true` |
-| `traefik/tcp/routers/TCPRouter1/entryPoints/0` | `foobar` |
-| `traefik/tcp/routers/TCPRouter1/entryPoints/1` | `foobar` |
-| `traefik/tcp/routers/TCPRouter1/rule` | `foobar` |
-| `traefik/tcp/routers/TCPRouter1/service` | `foobar` |
-| `traefik/tcp/routers/TCPRouter1/tls/certResolver` | `foobar` |
-| `traefik/tcp/routers/TCPRouter1/tls/domains/0/main` | `foobar` |
-| `traefik/tcp/routers/TCPRouter1/tls/domains/0/sans/0` | `foobar` |
-| `traefik/tcp/routers/TCPRouter1/tls/domains/0/sans/1` | `foobar` |
-| `traefik/tcp/routers/TCPRouter1/tls/domains/1/main` | `foobar` |
-| `traefik/tcp/routers/TCPRouter1/tls/domains/1/sans/0` | `foobar` |
-| `traefik/tcp/routers/TCPRouter1/tls/domains/1/sans/1` | `foobar` |
-| `traefik/tcp/routers/TCPRouter1/tls/options` | `foobar` |
-| `traefik/tcp/routers/TCPRouter1/tls/passthrough` | `true` |
-| `traefik/tcp/services/TCPService01/loadBalancer/servers/0/address` | `foobar` |
-| `traefik/tcp/services/TCPService01/loadBalancer/servers/1/address` | `foobar` |
-| `traefik/tcp/services/TCPService01/loadBalancer/terminationDelay` | `42` |
-| `traefik/tcp/services/TCPService02/weighted/services/0/name` | `foobar` |
-| `traefik/tcp/services/TCPService02/weighted/services/0/weight` | `42` |
-| `traefik/tcp/services/TCPService02/weighted/services/1/name` | `foobar` |
-| `traefik/tcp/services/TCPService02/weighted/services/1/weight` | `42` |
-| `traefik/tls/certificates/0/certFile` | `foobar` |
-| `traefik/tls/certificates/0/keyFile` | `foobar` |
-| `traefik/tls/certificates/0/stores/0` | `foobar` |
-| `traefik/tls/certificates/0/stores/1` | `foobar` |
-| `traefik/tls/certificates/1/certFile` | `foobar` |
-| `traefik/tls/certificates/1/keyFile` | `foobar` |
-| `traefik/tls/certificates/1/stores/0` | `foobar` |
-| `traefik/tls/certificates/1/stores/1` | `foobar` |
-| `traefik/tls/options/Options0/cipherSuites/0` | `foobar` |
-| `traefik/tls/options/Options0/cipherSuites/1` | `foobar` |
-| `traefik/tls/options/Options0/clientAuth/caFiles/0` | `foobar` |
-| `traefik/tls/options/Options0/clientAuth/caFiles/1` | `foobar` |
-| `traefik/tls/options/Options0/clientAuth/clientAuthType` | `foobar` |
-| `traefik/tls/options/Options0/curvePreferences/0` | `foobar` |
-| `traefik/tls/options/Options0/curvePreferences/1` | `foobar` |
-| `traefik/tls/options/Options0/maxVersion` | `foobar` |
-| `traefik/tls/options/Options0/minVersion` | `foobar` |
-| `traefik/tls/options/Options0/preferServerCipherSuites` | `true` |
-| `traefik/tls/options/Options0/sniStrict` | `true` |
-| `traefik/tls/options/Options1/cipherSuites/0` | `foobar` |
-| `traefik/tls/options/Options1/cipherSuites/1` | `foobar` |
-| `traefik/tls/options/Options1/clientAuth/caFiles/0` | `foobar` |
-| `traefik/tls/options/Options1/clientAuth/caFiles/1` | `foobar` |
-| `traefik/tls/options/Options1/clientAuth/clientAuthType` | `foobar` |
-| `traefik/tls/options/Options1/curvePreferences/0` | `foobar` |
-| `traefik/tls/options/Options1/curvePreferences/1` | `foobar` |
-| `traefik/tls/options/Options1/maxVersion` | `foobar` |
-| `traefik/tls/options/Options1/minVersion` | `foobar` |
-| `traefik/tls/options/Options1/preferServerCipherSuites` | `true` |
-| `traefik/tls/options/Options1/sniStrict` | `true` |
-| `traefik/tls/stores/Store0/defaultCertificate/certFile` | `foobar` |
-| `traefik/tls/stores/Store0/defaultCertificate/keyFile` | `foobar` |
-| `traefik/tls/stores/Store1/defaultCertificate/certFile` | `foobar` |
-| `traefik/tls/stores/Store1/defaultCertificate/keyFile` | `foobar` |
-| `traefik/udp/routers/UDPRouter0/entryPoints/0` | `foobar` |
-| `traefik/udp/routers/UDPRouter0/entryPoints/1` | `foobar` |
-| `traefik/udp/routers/UDPRouter0/service` | `foobar` |
-| `traefik/udp/routers/UDPRouter1/entryPoints/0` | `foobar` |
-| `traefik/udp/routers/UDPRouter1/entryPoints/1` | `foobar` |
-| `traefik/udp/routers/UDPRouter1/service` | `foobar` |
-| `traefik/udp/services/UDPService01/loadBalancer/servers/0/address` | `foobar` |
-| `traefik/udp/services/UDPService01/loadBalancer/servers/1/address` | `foobar` |
-| `traefik/udp/services/UDPService02/weighted/services/0/name` | `foobar` |
-| `traefik/udp/services/UDPService02/weighted/services/0/weight` | `42` |
-| `traefik/udp/services/UDPService02/weighted/services/1/name` | `foobar` |
-| `traefik/udp/services/UDPService02/weighted/services/1/weight` | `42` |

docs/content/reference/dynamic-configuration/kv.md

@@ -1,8 +0,0 @@
-# KV Configuration Reference
-
-Dynamic configuration with KV stores.
-{: .subtitle }
-
-| Key (Path)                                                                                   | Value       |
-|----------------------------------------------------------------------------------------------|-------------|
---8<-- "content/reference/dynamic-configuration/kv-ref.md"

docs/content/reference/dynamic-configuration/marathon-labels.json

@@ -34,7 +34,6 @@
 "traefik.http.middlewares.middleware10.headers.accesscontrolallowheaders": "foobar, foobar",
 "traefik.http.middlewares.middleware10.headers.accesscontrolallowmethods": "foobar, foobar",
 "traefik.http.middlewares.middleware10.headers.accesscontrolalloworigin": "foobar",
-"traefik.http.middlewares.middleware10.headers.accesscontrolalloworiginlist": "foobar, foobar",
 "traefik.http.middlewares.middleware10.headers.accesscontrolexposeheaders": "foobar, foobar",
 "traefik.http.middlewares.middleware10.headers.accesscontrolmaxage": "42",
 "traefik.http.middlewares.middleware10.headers.addvaryheader": "true",
@@ -82,7 +81,6 @@
 "traefik.http.middlewares.middleware13.passtlsclientcert.info.notafter": "true",
 "traefik.http.middlewares.middleware13.passtlsclientcert.info.notbefore": "true",
 "traefik.http.middlewares.middleware13.passtlsclientcert.info.sans": "true",
-"traefik.http.middlewares.middleware13.passtlsclientcert.info.serialnumber": "true",
 "traefik.http.middlewares.middleware13.passtlsclientcert.info.subject.commonname": "true",
 "traefik.http.middlewares.middleware13.passtlsclientcert.info.subject.country": "true",
 "traefik.http.middlewares.middleware13.passtlsclientcert.info.subject.domaincomponent": "true",
@@ -91,27 +89,25 @@
 "traefik.http.middlewares.middleware13.passtlsclientcert.info.subject.province": "true",
 "traefik.http.middlewares.middleware13.passtlsclientcert.info.subject.serialnumber": "true",
 "traefik.http.middlewares.middleware13.passtlsclientcert.pem": "true",
-"traefik.http.middlewares.middleware14.plugin.foobar.foo": "bar",
-"traefik.http.middlewares.middleware15.ratelimit.average": "42",
-"traefik.http.middlewares.middleware15.ratelimit.burst": "42",
-"traefik.http.middlewares.middleware15.ratelimit.period": "42",
-"traefik.http.middlewares.middleware15.ratelimit.sourcecriterion.ipstrategy.depth": "42",
-"traefik.http.middlewares.middleware15.ratelimit.sourcecriterion.ipstrategy.excludedips": "foobar, foobar",
-"traefik.http.middlewares.middleware15.ratelimit.sourcecriterion.requestheadername": "foobar",
-"traefik.http.middlewares.middleware15.ratelimit.sourcecriterion.requesthost": "true",
-"traefik.http.middlewares.middleware16.redirectregex.permanent": "true",
-"traefik.http.middlewares.middleware16.redirectregex.regex": "foobar",
-"traefik.http.middlewares.middleware16.redirectregex.replacement": "foobar",
-"traefik.http.middlewares.middleware17.redirectscheme.permanent": "true",
-"traefik.http.middlewares.middleware17.redirectscheme.port": "foobar",
-"traefik.http.middlewares.middleware17.redirectscheme.scheme": "foobar",
-"traefik.http.middlewares.middleware18.replacepath.path": "foobar",
-"traefik.http.middlewares.middleware19.replacepathregex.regex": "foobar",
-"traefik.http.middlewares.middleware19.replacepathregex.replacement": "foobar",
-"traefik.http.middlewares.middleware20.retry.attempts": "42",
-"traefik.http.middlewares.middleware21.stripprefix.forceslash": "true",
-"traefik.http.middlewares.middleware21.stripprefix.prefixes": "foobar, foobar",
-"traefik.http.middlewares.middleware22.stripprefixregex.regex": "foobar, foobar",
+"traefik.http.middlewares.middleware14.ratelimit.average": "42",
+"traefik.http.middlewares.middleware14.ratelimit.burst": "42",
+"traefik.http.middlewares.middleware14.ratelimit.sourcecriterion.ipstrategy.depth": "42",
+"traefik.http.middlewares.middleware14.ratelimit.sourcecriterion.ipstrategy.excludedips": "foobar, foobar",
+"traefik.http.middlewares.middleware14.ratelimit.sourcecriterion.requestheadername": "foobar",
+"traefik.http.middlewares.middleware14.ratelimit.sourcecriterion.requesthost": "true",
+"traefik.http.middlewares.middleware15.redirectregex.permanent": "true",
+"traefik.http.middlewares.middleware15.redirectregex.regex": "foobar",
+"traefik.http.middlewares.middleware15.redirectregex.replacement": "foobar",
+"traefik.http.middlewares.middleware16.redirectscheme.permanent": "true",
+"traefik.http.middlewares.middleware16.redirectscheme.port": "foobar",
+"traefik.http.middlewares.middleware16.redirectscheme.scheme": "foobar",
+"traefik.http.middlewares.middleware17.replacepath.path": "foobar",
+"traefik.http.middlewares.middleware18.replacepathregex.regex": "foobar",
+"traefik.http.middlewares.middleware18.replacepathregex.replacement": "foobar",
+"traefik.http.middlewares.middleware19.retry.attempts": "42",
+"traefik.http.middlewares.middleware20.stripprefix.forceslash": "true",
+"traefik.http.middlewares.middleware20.stripprefix.prefixes": "foobar, foobar",
+"traefik.http.middlewares.middleware21.stripprefixregex.regex": "foobar, foobar",
 "traefik.http.routers.router0.entrypoints": "foobar, foobar",
 "traefik.http.routers.router0.middlewares": "foobar, foobar",
 "traefik.http.routers.router0.priority": "42",
@@ -134,7 +130,6 @@
 "traefik.http.routers.router1.tls.domains[1].main": "foobar",
 "traefik.http.routers.router1.tls.domains[1].sans": "foobar, foobar",
 "traefik.http.routers.router1.tls.options": "foobar",
-"traefik.http.services.service01.loadbalancer.healthcheck.followredirects": "true",
 "traefik.http.services.service01.loadbalancer.healthcheck.headers.name0": "foobar",
 "traefik.http.services.service01.loadbalancer.healthcheck.headers.name1": "foobar",
 "traefik.http.services.service01.loadbalancer.healthcheck.hostname": "foobar",
@@ -143,14 +138,12 @@
 "traefik.http.services.service01.loadbalancer.healthcheck.port": "42",
 "traefik.http.services.service01.loadbalancer.healthcheck.scheme": "foobar",
 "traefik.http.services.service01.loadbalancer.healthcheck.timeout": "foobar",
-"traefik.http.services.service01.loadbalancer.healthcheck.followredirects": "true",
 "traefik.http.services.service01.loadbalancer.passhostheader": "true",
 "traefik.http.services.service01.loadbalancer.responseforwarding.flushinterval": "foobar",
-"traefik.http.services.service01.loadbalancer.sticky.cookie": "true",
 "traefik.http.services.service01.loadbalancer.sticky.cookie.httponly": "true",
 "traefik.http.services.service01.loadbalancer.sticky.cookie.name": "foobar",
-"traefik.http.services.service01.loadbalancer.sticky.cookie.samesite": "foobar",
 "traefik.http.services.service01.loadbalancer.sticky.cookie.secure": "true",
+"traefik.http.services.service01.loadbalancer.sticky.cookie.samesite": "foobar",
 "traefik.http.services.service01.loadbalancer.server.port": "foobar",
 "traefik.http.services.service01.loadbalancer.server.scheme": "foobar",
 "traefik.tcp.routers.tcprouter0.entrypoints": "foobar, foobar",
@@ -175,8 +168,3 @@
 "traefik.tcp.routers.tcprouter1.tls.passthrough": "true",
 "traefik.tcp.services.tcpservice01.loadbalancer.terminationdelay": "42",
 "traefik.tcp.services.tcpservice01.loadbalancer.server.port": "foobar",
-"traefik.udp.routers.udprouter0.entrypoints": "foobar, foobar",
-"traefik.udp.routers.udprouter0.service": "foobar",
-"traefik.udp.routers.udprouter1.entrypoints": "foobar, foobar",
-"traefik.udp.routers.udprouter1.service": "foobar",
-"traefik.udp.services.udpservice01.loadbalancer.server.port": "foobar",

docs/content/reference/static-configuration/cli-ref.md

@@ -81,9 +81,6 @@ HTTP challenge EntryPoint
 `--certificatesresolvers.<name>.acme.keytype`:  
 KeyType used for generating certificate private key. Allow value 'EC256', 'EC384', 'RSA2048', 'RSA4096', 'RSA8192'. (Default: ```RSA4096```)
 
-`--certificatesresolvers.<name>.acme.preferredchain`:  
-Preferred chain to use.
-
 `--certificatesresolvers.<name>.acme.storage`:  
 Storage to use. (Default: ```acme.json```)
 
@@ -102,42 +99,6 @@ Trust all forwarded headers. (Default: ```false```)
 `--entrypoints.<name>.forwardedheaders.trustedips`:  
 Trust only forwarded headers from selected IPs.
 
-`--entrypoints.<name>.http`:  
-HTTP configuration.
-
-`--entrypoints.<name>.http.middlewares`:  
-Default middlewares for the routers linked to the entry point.
-
-`--entrypoints.<name>.http.redirections.entrypoint.permanent`:  
-Applies a permanent redirection. (Default: ```true```)
-
-`--entrypoints.<name>.http.redirections.entrypoint.priority`:  
-Priority of the generated router. (Default: ```2147483647```)
-
-`--entrypoints.<name>.http.redirections.entrypoint.scheme`:  
-Scheme used for the redirection. (Default: ```https```)
-
-`--entrypoints.<name>.http.redirections.entrypoint.to`:  
-Targeted entry point of the redirection.
-
-`--entrypoints.<name>.http.tls`:  
-Default TLS configuration for the routers linked to the entry point. (Default: ```false```)
-
-`--entrypoints.<name>.http.tls.certresolver`:  
-Default certificate resolver for the routers linked to the entry point.
-
-`--entrypoints.<name>.http.tls.domains`:  
-Default TLS domains for the routers linked to the entry point.
-
-`--entrypoints.<name>.http.tls.domains[n].main`:  
-Default subject name.
-
-`--entrypoints.<name>.http.tls.domains[n].sans`:  
-Subject alternative names.
-
-`--entrypoints.<name>.http.tls.options`:  
-Default TLS options for the routers linked to the entry point.
-
 `--entrypoints.<name>.proxyprotocol`:  
 Proxy-Protocol configuration. (Default: ```false```)
 
@@ -162,21 +123,6 @@ ReadTimeout is the maximum duration for reading the entire request, including th
 `--entrypoints.<name>.transport.respondingtimeouts.writetimeout`:  
 WriteTimeout is the maximum duration before timing out writes of the response. If zero, no timeout is set. (Default: ```0```)
 
-`--experimental.devplugin.gopath`:  
-plugin's GOPATH.
-
-`--experimental.devplugin.modulename`:  
-plugin's module name.
-
-`--experimental.pilot.token`:  
-Traefik Pilot token.
-
-`--experimental.plugins.<name>.modulename`:  
-plugin's module name.
-
-`--experimental.plugins.<name>.version`:  
-plugin's version.
-
 `--global.checknewversion`:  
 Periodically check if a new version has been released. (Default: ```false```)
 
@@ -297,39 +243,6 @@ EntryPoint (Default: ```traefik```)
 `--ping.manualrouting`:  
 Manual routing (Default: ```false```)
 
-`--ping.terminatingstatuscode`:  
-Terminating status code (Default: ```503```)
-
-`--providers.consul`:  
-Enable Consul backend with default settings. (Default: ```false```)
-
-`--providers.consul.endpoints`:  
-KV store endpoints (Default: ```127.0.0.1:8500```)
-
-`--providers.consul.password`:  
-KV Password
-
-`--providers.consul.rootkey`:  
-Root key used for KV store (Default: ```traefik```)
-
-`--providers.consul.tls.ca`:  
-TLS CA
-
-`--providers.consul.tls.caoptional`:  
-TLS CA.Optional (Default: ```false```)
-
-`--providers.consul.tls.cert`:  
-TLS cert
-
-`--providers.consul.tls.insecureskipverify`:  
-TLS insecure skip verify (Default: ```false```)
-
-`--providers.consul.tls.key`:  
-TLS key
-
-`--providers.consul.username`:  
-KV Username
-
 `--providers.consulcatalog.cache`:  
 Use local agent caching for catalog reads. (Default: ```false```)
 
@@ -435,63 +348,6 @@ Use the ip address from the bound port, rather than from the inner network. (Def
 `--providers.docker.watch`:  
 Watch Docker Swarm events. (Default: ```true```)
 
-`--providers.ecs.accesskeyid`:  
-The AWS credentials access key to use for making requests
-
-`--providers.ecs.autodiscoverclusters`:  
-Auto discover cluster (Default: ```false```)
-
-`--providers.ecs.clusters`:  
-ECS Clusters name (Default: ```default```)
-
-`--providers.ecs.constraints`:  
-Constraints is an expression that Traefik matches against the container's labels to determine whether to create any route for that container.
-
-`--providers.ecs.defaultrule`:  
-Default rule. (Default: ```Host(`{{ normalize .Name }}`)```)
-
-`--providers.ecs.exposedbydefault`:  
-Expose services by default (Default: ```true```)
-
-`--providers.ecs.refreshseconds`:  
-Polling interval (in seconds) (Default: ```15```)
-
-`--providers.ecs.region`:  
-The AWS region to use for requests
-
-`--providers.ecs.secretaccesskey`:  
-The AWS credentials access key to use for making requests
-
-`--providers.etcd`:  
-Enable Etcd backend with default settings. (Default: ```false```)
-
-`--providers.etcd.endpoints`:  
-KV store endpoints (Default: ```127.0.0.1:2379```)
-
-`--providers.etcd.password`:  
-KV Password
-
-`--providers.etcd.rootkey`:  
-Root key used for KV store (Default: ```traefik```)
-
-`--providers.etcd.tls.ca`:  
-TLS CA
-
-`--providers.etcd.tls.caoptional`:  
-TLS CA.Optional (Default: ```false```)
-
-`--providers.etcd.tls.cert`:  
-TLS cert
-
-`--providers.etcd.tls.insecureskipverify`:  
-TLS insecure skip verify (Default: ```false```)
-
-`--providers.etcd.tls.key`:  
-TLS key
-
-`--providers.etcd.username`:  
-KV Username
-
 `--providers.file.debugloggeneratedtemplate`:  
 Enable debug logging of generated configuration template. (Default: ```false```)
 
@@ -504,33 +360,6 @@ Load dynamic configuration from a file.
 `--providers.file.watch`:  
 Watch provider. (Default: ```true```)
 
-`--providers.http`:  
-Enable HTTP backend with default settings. (Default: ```false```)
-
-`--providers.http.endpoint`:  
-Load configuration from this endpoint.
-
-`--providers.http.pollinterval`:  
-Polling interval for endpoint. (Default: ```5```)
-
-`--providers.http.polltimeout`:  
-Polling timeout for endpoint. (Default: ```5```)
-
-`--providers.http.tls.ca`:  
-TLS CA
-
-`--providers.http.tls.caoptional`:  
-TLS CA.Optional (Default: ```false```)
-
-`--providers.http.tls.cert`:  
-TLS cert
-
-`--providers.http.tls.insecureskipverify`:  
-TLS insecure skip verify (Default: ```false```)
-
-`--providers.http.tls.key`:  
-TLS key
-
 `--providers.kubernetescrd`:  
 Enable Kubernetes backend with default settings. (Default: ```false```)
 
@@ -687,72 +516,12 @@ Defines the polling interval in seconds. (Default: ```15```)
 `--providers.rancher.watch`:  
 Watch provider. (Default: ```true```)
 
-`--providers.redis`:  
-Enable Redis backend with default settings. (Default: ```false```)
-
-`--providers.redis.endpoints`:  
-KV store endpoints (Default: ```127.0.0.1:6379```)
-
-`--providers.redis.password`:  
-KV Password
-
-`--providers.redis.rootkey`:  
-Root key used for KV store (Default: ```traefik```)
-
-`--providers.redis.tls.ca`:  
-TLS CA
-
-`--providers.redis.tls.caoptional`:  
-TLS CA.Optional (Default: ```false```)
-
-`--providers.redis.tls.cert`:  
-TLS cert
-
-`--providers.redis.tls.insecureskipverify`:  
-TLS insecure skip verify (Default: ```false```)
-
-`--providers.redis.tls.key`:  
-TLS key
-
-`--providers.redis.username`:  
-KV Username
-
 `--providers.rest`:  
 Enable Rest backend with default settings. (Default: ```false```)
 
 `--providers.rest.insecure`:  
 Activate REST Provider directly on the entryPoint named traefik. (Default: ```false```)
 
-`--providers.zookeeper`:  
-Enable ZooKeeper backend with default settings. (Default: ```false```)
-
-`--providers.zookeeper.endpoints`:  
-KV store endpoints (Default: ```127.0.0.1:2181```)
-
-`--providers.zookeeper.password`:  
-KV Password
-
-`--providers.zookeeper.rootkey`:  
-Root key used for KV store (Default: ```traefik```)
-
-`--providers.zookeeper.tls.ca`:  
-TLS CA
-
-`--providers.zookeeper.tls.caoptional`:  
-TLS CA.Optional (Default: ```false```)
-
-`--providers.zookeeper.tls.cert`:  
-TLS cert
-
-`--providers.zookeeper.tls.insecureskipverify`:  
-TLS insecure skip verify (Default: ```false```)
-
-`--providers.zookeeper.tls.key`:  
-TLS key
-
-`--providers.zookeeper.username`:  
-KV Username
-
 `--serverstransport.forwardingtimeouts.dialtimeout`:  
 The amount of time to wait until a connection to a backend server can be established. If zero, no timeout exists. (Default: ```30```)
 
@@ -801,18 +570,6 @@ Specifies the header name that will be used to store the sampling priority.
 `--tracing.datadog.traceidheadername`:  
 Specifies the header name that will be used to store the trace ID.
 
-`--tracing.elastic`:  
-Settings for Elastic. (Default: ```false```)
-
-`--tracing.elastic.secrettoken`:  
-Set the token used to connect to Elastic APM Server.
-
-`--tracing.elastic.serverurl`:  
-Set the URL of the Elastic APM server.
-
-`--tracing.elastic.serviceenvironment`:  
-Set the name of the environment Traefik is deployed in, e.g. 'production' or 'staging'.
-
 `--tracing.haystack`:  
 Settings for Haystack. (Default: ```false```)
 
@@ -861,9 +618,6 @@ Password for basic http authentication when sending spans to jaeger-collector.
 `--tracing.jaeger.collector.user`:  
 User for basic http authentication when sending spans to jaeger-collector.
 
-`--tracing.jaeger.disableattemptreconnecting`:  
-Disable the periodic re-resolution of the agent's hostname and reconnection if there was a change. (Default: ```true```)
-
 `--tracing.jaeger.gen128bit`:  
 Generate 128 bit span IDs. (Default: ```false```)
 

docs/content/reference/static-configuration/env-ref.md

@@ -81,9 +81,6 @@ HTTP challenge EntryPoint
 `TRAEFIK_CERTIFICATESRESOLVERS_<NAME>_ACME_KEYTYPE`:  
 KeyType used for generating certificate private key. Allow value 'EC256', 'EC384', 'RSA2048', 'RSA4096', 'RSA8192'. (Default: ```RSA4096```)
 
-`TRAEFIK_CERTIFICATESRESOLVERS_<NAME>_ACME_PREFERREDCHAIN`:  
-Preferred chain to use.
-
 `TRAEFIK_CERTIFICATESRESOLVERS_<NAME>_ACME_STORAGE`:  
 Storage to use. (Default: ```acme.json```)
 
@@ -102,42 +99,6 @@ Trust all forwarded headers. (Default: ```false```)
 `TRAEFIK_ENTRYPOINTS_<NAME>_FORWARDEDHEADERS_TRUSTEDIPS`:  
 Trust only forwarded headers from selected IPs.
 
-`TRAEFIK_ENTRYPOINTS_<NAME>_HTTP`:  
-HTTP configuration.
-
-`TRAEFIK_ENTRYPOINTS_<NAME>_HTTP_MIDDLEWARES`:  
-Default middlewares for the routers linked to the entry point.
-
-`TRAEFIK_ENTRYPOINTS_<NAME>_HTTP_REDIRECTIONS_ENTRYPOINT_PERMANENT`:  
-Applies a permanent redirection. (Default: ```true```)
-
-`TRAEFIK_ENTRYPOINTS_<NAME>_HTTP_REDIRECTIONS_ENTRYPOINT_PRIORITY`:  
-Priority of the generated router. (Default: ```2147483647```)
-
-`TRAEFIK_ENTRYPOINTS_<NAME>_HTTP_REDIRECTIONS_ENTRYPOINT_SCHEME`:  
-Scheme used for the redirection. (Default: ```https```)
-
-`TRAEFIK_ENTRYPOINTS_<NAME>_HTTP_REDIRECTIONS_ENTRYPOINT_TO`:  
-Targeted entry point of the redirection.
-
-`TRAEFIK_ENTRYPOINTS_<NAME>_HTTP_TLS`:  
-Default TLS configuration for the routers linked to the entry point. (Default: ```false```)
-
-`TRAEFIK_ENTRYPOINTS_<NAME>_HTTP_TLS_CERTRESOLVER`:  
-Default certificate resolver for the routers linked to the entry point.
-
-`TRAEFIK_ENTRYPOINTS_<NAME>_HTTP_TLS_DOMAINS`:  
-Default TLS domains for the routers linked to the entry point.
-
-`TRAEFIK_ENTRYPOINTS_<NAME>_HTTP_TLS_DOMAINS[n]_MAIN`:  
-Default subject name.
-
-`TRAEFIK_ENTRYPOINTS_<NAME>_HTTP_TLS_DOMAINS[n]_SANS`:  
-Subject alternative names.
-
-`TRAEFIK_ENTRYPOINTS_<NAME>_HTTP_TLS_OPTIONS`:  
-Default TLS options for the routers linked to the entry point.
-
 `TRAEFIK_ENTRYPOINTS_<NAME>_PROXYPROTOCOL`:  
 Proxy-Protocol configuration. (Default: ```false```)
 
@@ -162,21 +123,6 @@ ReadTimeout is the maximum duration for reading the entire request, including th
 `TRAEFIK_ENTRYPOINTS_<NAME>_TRANSPORT_RESPONDINGTIMEOUTS_WRITETIMEOUT`:  
 WriteTimeout is the maximum duration before timing out writes of the response. If zero, no timeout is set. (Default: ```0```)
 
-`TRAEFIK_EXPERIMENTAL_DEVPLUGIN_GOPATH`:  
-plugin's GOPATH.
-
-`TRAEFIK_EXPERIMENTAL_DEVPLUGIN_MODULENAME`:  
-plugin's module name.
-
-`TRAEFIK_EXPERIMENTAL_PILOT_TOKEN`:  
-Traefik Pilot token.
-
-`TRAEFIK_EXPERIMENTAL_PLUGINS_<NAME>_MODULENAME`:  
-plugin's module name.
-
-`TRAEFIK_EXPERIMENTAL_PLUGINS_<NAME>_VERSION`:  
-plugin's version.
-
 `TRAEFIK_GLOBAL_CHECKNEWVERSION`:  
 Periodically check if a new version has been released. (Default: ```false```)
 
@@ -297,12 +243,6 @@ EntryPoint (Default: ```traefik```)
 `TRAEFIK_PING_MANUALROUTING`:  
 Manual routing (Default: ```false```)
 
-`TRAEFIK_PING_TERMINATINGSTATUSCODE`:  
-Terminating status code (Default: ```503```)
-
-`TRAEFIK_PROVIDERS_CONSUL`:  
-Enable Consul backend with default settings. (Default: ```false```)
-
 `TRAEFIK_PROVIDERS_CONSULCATALOG_CACHE`:  
 Use local agent caching for catalog reads. (Default: ```false```)
 
@@ -363,33 +303,6 @@ Forces the read to be fully consistent. (Default: ```false```)
 `TRAEFIK_PROVIDERS_CONSULCATALOG_STALE`:  
 Use stale consistency for catalog reads. (Default: ```false```)
 
-`TRAEFIK_PROVIDERS_CONSUL_ENDPOINTS`:  
-KV store endpoints (Default: ```127.0.0.1:8500```)
-
-`TRAEFIK_PROVIDERS_CONSUL_PASSWORD`:  
-KV Password
-
-`TRAEFIK_PROVIDERS_CONSUL_ROOTKEY`:  
-Root key used for KV store (Default: ```traefik```)
-
-`TRAEFIK_PROVIDERS_CONSUL_TLS_CA`:  
-TLS CA
-
-`TRAEFIK_PROVIDERS_CONSUL_TLS_CAOPTIONAL`:  
-TLS CA.Optional (Default: ```false```)
-
-`TRAEFIK_PROVIDERS_CONSUL_TLS_CERT`:  
-TLS cert
-
-`TRAEFIK_PROVIDERS_CONSUL_TLS_INSECURESKIPVERIFY`:  
-TLS insecure skip verify (Default: ```false```)
-
-`TRAEFIK_PROVIDERS_CONSUL_TLS_KEY`:  
-TLS key
-
-`TRAEFIK_PROVIDERS_CONSUL_USERNAME`:  
-KV Username
-
 `TRAEFIK_PROVIDERS_DOCKER`:  
 Enable Docker backend with default settings. (Default: ```false```)
 
@@ -435,63 +348,6 @@ Use the ip address from the bound port, rather than from the inner network. (Def
 `TRAEFIK_PROVIDERS_DOCKER_WATCH`:  
 Watch Docker Swarm events. (Default: ```true```)
 
-`TRAEFIK_PROVIDERS_ECS_ACCESSKEYID`:  
-The AWS credentials access key to use for making requests
-
-`TRAEFIK_PROVIDERS_ECS_AUTODISCOVERCLUSTERS`:  
-Auto discover cluster (Default: ```false```)
-
-`TRAEFIK_PROVIDERS_ECS_CLUSTERS`:  
-ECS Clusters name (Default: ```default```)
-
-`TRAEFIK_PROVIDERS_ECS_CONSTRAINTS`:  
-Constraints is an expression that Traefik matches against the container's labels to determine whether to create any route for that container.
-
-`TRAEFIK_PROVIDERS_ECS_DEFAULTRULE`:  
-Default rule. (Default: ```Host(`{{ normalize .Name }}`)```)
-
-`TRAEFIK_PROVIDERS_ECS_EXPOSEDBYDEFAULT`:  
-Expose services by default (Default: ```true```)
-
-`TRAEFIK_PROVIDERS_ECS_REFRESHSECONDS`:  
-Polling interval (in seconds) (Default: ```15```)
-
-`TRAEFIK_PROVIDERS_ECS_REGION`:  
-The AWS region to use for requests
-
-`TRAEFIK_PROVIDERS_ECS_SECRETACCESSKEY`:  
-The AWS credentials access key to use for making requests
-
-`TRAEFIK_PROVIDERS_ETCD`:  
-Enable Etcd backend with default settings. (Default: ```false```)
-
-`TRAEFIK_PROVIDERS_ETCD_ENDPOINTS`:  
-KV store endpoints (Default: ```127.0.0.1:2379```)
-
-`TRAEFIK_PROVIDERS_ETCD_PASSWORD`:  
-KV Password
-
-`TRAEFIK_PROVIDERS_ETCD_ROOTKEY`:  
-Root key used for KV store (Default: ```traefik```)
-
-`TRAEFIK_PROVIDERS_ETCD_TLS_CA`:  
-TLS CA
-
-`TRAEFIK_PROVIDERS_ETCD_TLS_CAOPTIONAL`:  
-TLS CA.Optional (Default: ```false```)
-
-`TRAEFIK_PROVIDERS_ETCD_TLS_CERT`:  
-TLS cert
-
-`TRAEFIK_PROVIDERS_ETCD_TLS_INSECURESKIPVERIFY`:  
-TLS insecure skip verify (Default: ```false```)
-
-`TRAEFIK_PROVIDERS_ETCD_TLS_KEY`:  
-TLS key
-
-`TRAEFIK_PROVIDERS_ETCD_USERNAME`:  
-KV Username
-
 `TRAEFIK_PROVIDERS_FILE_DEBUGLOGGENERATEDTEMPLATE`:  
 Enable debug logging of generated configuration template. (Default: ```false```)
 
@@ -504,33 +360,6 @@ Load dynamic configuration from a file.
 `TRAEFIK_PROVIDERS_FILE_WATCH`:  
 Watch provider. (Default: ```true```)
 
-`TRAEFIK_PROVIDERS_HTTP`:  
-Enable HTTP backend with default settings. (Default: ```false```)
-
-`TRAEFIK_PROVIDERS_HTTP_ENDPOINT`:  
-Load configuration from this endpoint.
-
-`TRAEFIK_PROVIDERS_HTTP_POLLINTERVAL`:  
-Polling interval for endpoint. (Default: ```5```)
-
-`TRAEFIK_PROVIDERS_HTTP_POLLTIMEOUT`:  
-Polling timeout for endpoint. (Default: ```5```)
-
-`TRAEFIK_PROVIDERS_HTTP_TLS_CA`:  
-TLS CA
-
-`TRAEFIK_PROVIDERS_HTTP_TLS_CAOPTIONAL`:  
-TLS CA.Optional (Default: ```false```)
-
-`TRAEFIK_PROVIDERS_HTTP_TLS_CERT`:  
-TLS cert
-
-`TRAEFIK_PROVIDERS_HTTP_TLS_INSECURESKIPVERIFY`:  
-TLS insecure skip verify (Default: ```false```)
-
-`TRAEFIK_PROVIDERS_HTTP_TLS_KEY`:  
-TLS key
-
 `TRAEFIK_PROVIDERS_KUBERNETESCRD`:  
 Enable Kubernetes backend with default settings. (Default: ```false```)
 
@@ -687,72 +516,12 @@ Defines the polling interval in seconds. (Default: ```15```)
 `TRAEFIK_PROVIDERS_RANCHER_WATCH`:  
 Watch provider. (Default: ```true```)
 
-`TRAEFIK_PROVIDERS_REDIS`:  
-Enable Redis backend with default settings. (Default: ```false```)
-
-`TRAEFIK_PROVIDERS_REDIS_ENDPOINTS`:  
-KV store endpoints (Default: ```127.0.0.1:6379```)
-
-`TRAEFIK_PROVIDERS_REDIS_PASSWORD`:  
-KV Password
-
-`TRAEFIK_PROVIDERS_REDIS_ROOTKEY`:  
-Root key used for KV store (Default: ```traefik```)
-
-`TRAEFIK_PROVIDERS_REDIS_TLS_CA`:  
-TLS CA
-
-`TRAEFIK_PROVIDERS_REDIS_TLS_CAOPTIONAL`:  
-TLS CA.Optional (Default: ```false```)
-
-`TRAEFIK_PROVIDERS_REDIS_TLS_CERT`:  
-TLS cert
-
-`TRAEFIK_PROVIDERS_REDIS_TLS_INSECURESKIPVERIFY`:  
-TLS insecure skip verify (Default: ```false```)
-
-`TRAEFIK_PROVIDERS_REDIS_TLS_KEY`:  
-TLS key
-
-`TRAEFIK_PROVIDERS_REDIS_USERNAME`:  
-KV Username
-
 `TRAEFIK_PROVIDERS_REST`:  
 Enable Rest backend with default settings. (Default: ```false```)
 
 `TRAEFIK_PROVIDERS_REST_INSECURE`:  
 Activate REST Provider directly on the entryPoint named traefik. (Default: ```false```)
 
-`TRAEFIK_PROVIDERS_ZOOKEEPER`:  
-Enable ZooKeeper backend with default settings. (Default: ```false```)
-
-`TRAEFIK_PROVIDERS_ZOOKEEPER_ENDPOINTS`:  
-KV store endpoints (Default: ```127.0.0.1:2181```)
-
-`TRAEFIK_PROVIDERS_ZOOKEEPER_PASSWORD`:  
-KV Password
-
-`TRAEFIK_PROVIDERS_ZOOKEEPER_ROOTKEY`:  
-Root key used for KV store (Default: ```traefik```)
-
-`TRAEFIK_PROVIDERS_ZOOKEEPER_TLS_CA`:  
-TLS CA
-
-`TRAEFIK_PROVIDERS_ZOOKEEPER_TLS_CAOPTIONAL`:  
-TLS CA.Optional (Default: ```false```)
-
-`TRAEFIK_PROVIDERS_ZOOKEEPER_TLS_CERT`:  
-TLS cert
-
-`TRAEFIK_PROVIDERS_ZOOKEEPER_TLS_INSECURESKIPVERIFY`:  
-TLS insecure skip verify (Default: ```false```)
-
-`TRAEFIK_PROVIDERS_ZOOKEEPER_TLS_KEY`:  
-TLS key
-
-`TRAEFIK_PROVIDERS_ZOOKEEPER_USERNAME`:  
-KV Username
-
 `TRAEFIK_SERVERSTRANSPORT_FORWARDINGTIMEOUTS_DIALTIMEOUT`:  
 The amount of time to wait until a connection to a backend server can be established. If zero, no timeout exists. (Default: ```30```)
 
@@ -801,18 +570,6 @@ Specifies the header name that will be used to store the sampling priority.
 `TRAEFIK_TRACING_DATADOG_TRACEIDHEADERNAME`:  
 Specifies the header name that will be used to store the trace ID.
 
-`TRAEFIK_TRACING_ELASTIC`:  
-Settings for Elastic. (Default: ```false```)
-
-`TRAEFIK_TRACING_ELASTIC_SECRETTOKEN`:  
-Set the token used to connect to Elastic APM Server.
-
-`TRAEFIK_TRACING_ELASTIC_SERVERURL`:  
-Set the URL of the Elastic APM server.
-
-`TRAEFIK_TRACING_ELASTIC_SERVICEENVIRONMENT`:  
-Set the name of the environment Traefik is deployed in, e.g. 'production' or 'staging'.
-
 `TRAEFIK_TRACING_HAYSTACK`:  
 Settings for Haystack. (Default: ```false```)
 
@@ -861,9 +618,6 @@ Password for basic http authentication when sending spans to jaeger-collector.
 `TRAEFIK_TRACING_JAEGER_COLLECTOR_USER`:  
 User for basic http authentication when sending spans to jaeger-collector.
 
-`TRAEFIK_TRACING_JAEGER_DISABLEATTEMPTRECONNECTING`:  
-Disable the periodic re-resolution of the agent's hostname and reconnection if there was a change. (Default: ```true```)
-
 `TRAEFIK_TRACING_JAEGER_GEN128BIT`:  
 Generate 128 bit span IDs. (Default: ```false```)
 

docs/content/reference/static-configuration/file.toml

@@ -28,25 +28,6 @@
     [entryPoints.EntryPoint0.forwardedHeaders]
       insecure = true
       trustedIPs = ["foobar", "foobar"]
-    [entryPoints.EntryPoint0.http]
-      middlewares = ["foobar", "foobar"]
-      [entryPoints.EntryPoint0.http.redirections]
-        [entryPoints.EntryPoint0.http.redirections.entryPoint]
-          to = "foobar"
-          scheme = "foobar"
-          permanent = true
-          priority = 42
-      [entryPoints.EntryPoint0.http.tls]
-        options = "foobar"
-        certResolver = "foobar"
-
-        [[entryPoints.EntryPoint0.http.tls.domains]]
-          main = "foobar"
-          sans = ["foobar", "foobar"]
-
-        [[entryPoints.EntryPoint0.http.tls.domains]]
-          main = "foobar"
-          sans = ["foobar", "foobar"]
 
 [providers]
   providersThrottleDuration = 42
@@ -151,70 +132,6 @@
       [providers.consulCatalog.endpoint.httpAuth]
         username = "foobar"
         password = "foobar"
-  [providers.ecs]
-    constraints = "foobar"
-    exposedByDefault = true
-    refreshSeconds = 42
-    defaultRule = "foobar"
-    clusters = ["foobar", "foobar"]
-    autoDiscoverClusters = true
-    region = "foobar"
-    accessKeyID = "foobar"
-    secretAccessKey = "foobar"
-  [providers.consul]
-    rootKey = "foobar"
-    endpoints = ["foobar", "foobar"]
-    username = "foobar"
-    password = "foobar"
-    [providers.consul.tls]
-      ca = "foobar"
-      caOptional = true
-      cert = "foobar"
-      key = "foobar"
-      insecureSkipVerify = true
-  [providers.etcd]
-    rootKey = "foobar"
-    endpoints = ["foobar", "foobar"]
-    username = "foobar"
-    password = "foobar"
-    [providers.etcd.tls]
-      ca = "foobar"
-      caOptional = true
-      cert = "foobar"
-      key = "foobar"
-      insecureSkipVerify = true
-  [providers.zooKeeper]
-    rootKey = "foobar"
-    endpoints = ["foobar", "foobar"]
-    username = "foobar"
-    password = "foobar"
-    [providers.zooKeeper.tls]
-      ca = "foobar"
-      caOptional = true
-      cert = "foobar"
-      key = "foobar"
-      insecureSkipVerify = true
-  [providers.redis]
-    rootKey = "foobar"
-    endpoints = ["foobar", "foobar"]
-    username = "foobar"
-    password = "foobar"
-    [providers.redis.tls]
-      ca = "foobar"
-      caOptional = true
-      cert = "foobar"
-      key = "foobar"
-      insecureSkipVerify = true
-  [providers.http]
-    endpoint = "foobar"
-    pollInterval = 42
-    pollTimeout = 42
-    [providers.http.tls]
-      ca = "foobar"
-      caOptional = true
-      cert = "foobar"
-      key = "foobar"
-      insecureSkipVerify = true
 
 [api]
   insecure = true
@@ -253,7 +170,6 @@
 [ping]
   entryPoint = "foobar"
   manualRouting = true
-  terminatingStatusCode = 42
 
 [log]
   level = "foobar"
@@ -290,7 +206,6 @@
     gen128Bit = true
     propagation = "foobar"
     traceContextHeaderName = "foobar"
-    disableAttemptReconnecting = true
     [tracing.jaeger.collector]
       endpoint = "foobar"
       user = "foobar"
@@ -321,10 +236,6 @@
     parentIDHeaderName = "foobar"
     spanIDHeaderName = "foobar"
     baggagePrefixHeaderName = "foobar"
-  [tracing.elastic]
-    serverURL = "foobar"
-    secretToken = "foobar"
-    serviceEnvironment = "foobar"
 
 [hostResolver]
   cnameFlattening = true
@@ -336,7 +247,6 @@
     [certificatesResolvers.CertificateResolver0.acme]
       email = "foobar"
       caServer = "foobar"
-      preferredChain = "foobar"
       storage = "foobar"
       keyType = "foobar"
       [certificatesResolvers.CertificateResolver0.acme.dnsChallenge]
@@ -351,7 +261,6 @@
     [certificatesResolvers.CertificateResolver1.acme]
       email = "foobar"
       caServer = "foobar"
-      preferredChain = "foobar"
       storage = "foobar"
       keyType = "foobar"
       [certificatesResolvers.CertificateResolver1.acme.dnsChallenge]
@@ -362,17 +271,3 @@
       [certificatesResolvers.CertificateResolver1.acme.httpChallenge]
         entryPoint = "foobar"
       [certificatesResolvers.CertificateResolver1.acme.tlsChallenge]
-
-[experimental]
-  [experimental.pilot]
-    token = "foobar"
-  [experimental.plugins]
-    [experimental.plugins.Descriptor0]
-      moduleName = "foobar"
-      version = "foobar"
-    [experimental.plugins.Descriptor1]
-      moduleName = "foobar"
-      version = "foobar"
-  [experimental.devPlugin]
-    goPath = "foobar"
-    moduleName = "foobar"

docs/content/reference/static-configuration/file.yaml

@@ -32,28 +32,6 @@ entryPoints:
       trustedIPs:
       - foobar
       - foobar
-    http:
-      redirections:
-        entryPoint:
-          to: foobar
-          scheme: foobar
-          permanent: true
-          priority: 42
-      middlewares:
-      - foobar
-      - foobar
-      tls:
-        options: foobar
-        certResolver: foobar
-        domains:
-        - main: foobar
-          sans:
-          - foobar
-          - foobar
-        - main: foobar
-          sans:
-          - foobar
-          - foobar
 providers:
   providersThrottleDuration: 42
   docker:
@@ -110,7 +88,7 @@ providers:
     - foobar
     labelSelector: foobar
     ingressClass: foobar
-    throttleDuration: 42s
+      throttleDuration: 42s
     ingressEndpoint:
       ip: foobar
       hostname: foobar
@@ -125,7 +103,7 @@ providers:
     - foobar
     labelSelector: foobar
     ingressClass: foobar
-    throttleDuration: 42s
+    throttleDuration: 10s
   rest:
     insecure: true
   rancher:
@@ -161,80 +139,6 @@ providers:
       httpAuth:
         username: foobar
         password: foobar
-  ecs:
-    constraints: foobar
-    exposedByDefault: true
-    refreshSeconds: 42
-    defaultRule: foobar
-    clusters:
-    - foobar
-    - foobar
-    autoDiscoverClusters: true
-    region: foobar
-    accessKeyID: foobar
-    secretAccessKey: foobar
-  consul:
-    rootKey: foobar
-    endpoints:
-    - foobar
-    - foobar
-    username: foobar
-    password: foobar
-    tls:
-      ca: foobar
-      caOptional: true
-      cert: foobar
-      key: foobar
-      insecureSkipVerify: true
-  etcd:
-    rootKey: foobar
-    endpoints:
-    - foobar
-    - foobar
-    username: foobar
-    password: foobar
-    tls:
-      ca: foobar
-      caOptional: true
-      cert: foobar
-      key: foobar
-      insecureSkipVerify: true
-  zooKeeper:
-    rootKey: foobar
-    endpoints:
-    - foobar
-    - foobar
-    username: foobar
-    password: foobar
-    tls:
-      ca: foobar
-      caOptional: true
-      cert: foobar
-      key: foobar
-      insecureSkipVerify: true
-  redis:
-    rootKey: foobar
-    endpoints:
-    - foobar
-    - foobar
-    username: foobar
-    password: foobar
-    tls:
-      ca: foobar
-      caOptional: true
-      cert: foobar
-      key: foobar
-      insecureSkipVerify: true
-  http:
-    endpoint: foobar
-    pollInterval: 42
-    pollTimeout: 42
-    tls:
-      ca: foobar
-      caOptional: true
-      cert: foobar
-      key: foobar
-      insecureSkipVerify: true
 api:
   insecure: true
   dashboard: true
@@ -272,7 +176,6 @@ metrics:
 ping:
   entryPoint: foobar
   manualRouting: true
-  terminatingStatusCode: 42
 log:
   level: foobar
   filePath: foobar
@@ -308,7 +211,6 @@ tracing:
     gen128Bit: true
     propagation: foobar
     traceContextHeaderName: foobar
-    disableAttemptReconnecting: true
     collector:
       endpoint: foobar
       user: foobar
@@ -339,10 +241,6 @@ tracing:
     parentIDHeaderName: foobar
     spanIDHeaderName: foobar
     baggagePrefixHeaderName: foobar
-  elastic:
-    serverURL: foobar
-    secretToken: foobar
-    serviceEnvironment: foobar
 hostResolver:
   cnameFlattening: true
   resolvConfig: foobar
@@ -352,7 +250,6 @@ certificatesResolvers:
     acme:
       email: foobar
       caServer: foobar
-      preferredChain: foobar
       storage: foobar
       keyType: foobar
       dnsChallenge:
@@ -369,7 +266,6 @@ certificatesResolvers:
     acme:
       email: foobar
       caServer: foobar
-      preferredChain: foobar
       storage: foobar
       keyType: foobar
       dnsChallenge:
@@ -382,16 +278,3 @@ certificatesResolvers:
       httpChallenge:
         entryPoint: foobar
       tlsChallenge: {}
-experimental:
-  pilot:
-    token: foobar
-  plugins:
-    Descriptor0:
-      moduleName: foobar
-      version: foobar
-    Descriptor1:
-      moduleName: foobar
-      version: foobar
-  devPlugin:
-    goPath: foobar
-    moduleName: foobar

docs/content/routing/entrypoints.md

@@ -6,8 +6,7 @@ Opening Connections for Incoming Requests
 ![entryPoints](../assets/img/entrypoints.png)
 
 EntryPoints are the network entry points into Traefik.
-They define the port which will receive the packets,
-and whether to listen for TCP or UDP.
+They define the port which will receive the requests (whether HTTP or TCP).
 
 ## Configuration Examples
 
@@ -65,33 +64,12 @@ and whether to listen for TCP or UDP.
     - Two entrypoints are defined: one called `web`, and the other called `websecure`.
     - `web` listens on port `80`, and `websecure` on port `443`. 
 
-??? example "UDP on port 1704"
-
-    ```toml tab="File (TOML)"
-    ## Static configuration
-    [entryPoints]
-      [entryPoints.streaming]
-        address = ":1704/udp"
-    ```
-
-    ```yaml tab="File (YAML)"
-    ## Static configuration
-    entryPoints:
-      streaming:
-        address: ":1704/udp"
-    ```
-
-    ```bash tab="CLI"
-    ## Static configuration
-    --entryPoints.streaming.address=:1704/udp
-    ```
-
 ## Configuration
 
 ### General
 
 EntryPoints are part of the [static configuration](../getting-started/configuration-overview.md#the-static-configuration).
-They can be defined by using a file (TOML or YAML) or CLI arguments.
+You can define them using a toml file, CLI arguments, or a key-value store.
 
 ??? info "See the complete reference for the list of available options"
     
@@ -99,7 +77,7 @@ They can be defined by using a file (TOML or YAML) or CLI arguments.
     ## Static configuration
     [entryPoints]
       [entryPoints.name]
-        address = ":8888" # same as ":8888/tcp"
+        address = ":8888"
         [entryPoints.name.transport]
           [entryPoints.name.transport.lifeCycle]
             requestAcceptGraceTimeout = 42
@@ -120,7 +98,7 @@ They can be defined by using a file (TOML or YAML) or CLI arguments.
     ## Static configuration
     entryPoints:
       name:
-        address: ":8888" # same as ":8888/tcp"
+        address: ":8888"
         transport:
           lifeCycle:
             requestAcceptGraceTimeout: 42
@@ -143,7 +121,7 @@ They can be defined by using a file (TOML or YAML) or CLI arguments.
     
     ```bash tab="CLI"
     ## Static configuration
-    --entryPoints.name.address=:8888 # same as :8888/tcp
+    --entryPoints.name.address=:8888
     --entryPoints.name.transport.lifeCycle.requestAcceptGraceTimeout=42
     --entryPoints.name.transport.lifeCycle.graceTimeOut=42
     --entryPoints.name.transport.respondingTimeouts.readTimeout=42
@@ -155,70 +133,7 @@ They can be defined by using a file (TOML or YAML) or CLI arguments.
     --entryPoints.name.forwardedHeaders.trustedIPs=127.0.0.1,192.168.0.1
     ```
 
-### Address
-
-The address defines the port, and optionally the hostname, on which to listen for incoming connections and packets.
-It also defines the protocol to use (TCP or UDP).
-If no protocol is specified, the default is TCP.
-The format is:
-
-```bash
-[host]:port[/tcp|/udp]
-```
-
-If both TCP and UDP are wanted for the same port, two entryPoints definitions are needed, such as in the example below.
-
-??? example "Both TCP and UDP on Port 3179"
-
-    ```toml tab="File (TOML)"
-    ## Static configuration
-    [entryPoints]
-      [entryPoints.tcpep]
-        address = ":3179"
-      [entryPoints.udpep]
-        address = ":3179/udp"
-    ```
-
-    ```yaml tab="File (YAML)"
-    ## Static configuration
-    entryPoints:
-      tcpep:
-       address: ":3179"
-      udpep:
-       address: ":3179/udp"
-    ```
-
-    ```bash tab="CLI"
-    ## Static configuration
-    --entryPoints.tcpep.address=:3179
-    --entryPoints.udpep.address=:3179/udp
-    ```
-
-??? example "Listen on Specific IP Addresses Only"
-
-    ```toml tab="File (TOML)"
-    [entryPoints.specificIPv4]
-      address = "192.168.2.7:8888"
-    [entryPoints.specificIPv6]
-      address = "[2001:db8::1]:8888"
-    ```
-    
-    ```yaml tab="File (yaml)"
-    entryPoints:
-      specificIPv4:
-        address: "192.168.2.7:8888"
-      specificIPv6:
-        address: "[2001:db8::1]:8888"
-    ```
-    
-    ```bash tab="CLI"
-    entrypoints.specificIPv4.address=192.168.2.7:8888
-    entrypoints.specificIPv6.address=[2001:db8::1]:8888
-    ```
-    
-    Full details for how to specify `address` can be found in [net.Listen](https://golang.org/pkg/net/#Listen) (and [net.Dial](https://golang.org/pkg/net/#Dial)) of the doc for go.
-
-### Forwarded Headers
+### Forwarded Header
 
 You can configure Traefik to trust the forwarded headers information (`X-Forwarded-*`).
 
@@ -287,7 +202,6 @@ You can configure Traefik to trust the forwarded headers information (`X-Forward
 #### `respondingTimeouts`
 
 `respondingTimeouts` are timeouts for incoming requests to the Traefik instance.
-Setting them has no effect for UDP entryPoints.
 
 ??? info "`transport.respondingTimeouts.readTimeout`"
     
@@ -553,274 +467,3 @@ If the Proxy Protocol header is passed, then the version is determined automatic
 
     When queuing Traefik behind another load-balancer, make sure to configure Proxy Protocol on both sides.
     Not doing so could introduce a security risk in your system (enabling request forgery).
-
-## HTTP Options
-
-This whole section is dedicated to options, keyed by entry point, that will apply only to HTTP routing.
-
-### Redirection
-
-??? example "HTTPS redirection (80 to 443)"
-    
-    ```toml tab="File (TOML)"
-    [entryPoints.web]
-      address = ":80"
-      
-      [entryPoints.web.http]
-        [entryPoints.web.http.redirections]
-          [entryPoints.web.http.redirections.entryPoint]
-            to = "websecure"
-            scheme = "https"
-    
-    [entryPoints.websecure]
-      address = ":443"
-    ```
-    
-    ```yaml tab="File (YAML)"
-    entryPoints:
-      web:
-        address: :80
-        http:
-          redirections:
-            entryPoint:
-              to: websecure
-              scheme: https
-    
-      websecure:
-        address: :443
-    ```
-    
-    ```bash tab="CLI"
-    --entrypoints.web.address=:80
-    --entrypoints.web.http.redirections.entryPoint.to=websecure
-    --entrypoints.web.http.redirections.entryPoint.scheme=https
-    --entrypoints.websecure.address=:443
-    ```
-
-#### `entryPoint`
-
-This section is a convenience to enable (permanent) redirecting of all incoming requests on an entry point (e.g. port `80`) to another entry point (e.g. port `443`) or an explicit port (`:443`).
-
-??? info "`entryPoint.to`"
-    
-    _Required_
-    
-    The target element, it can be:
-    
-      - an entry point name (ex: `websecure`)
-      - a port (`:443`)
-      
-    ```toml tab="File (TOML)"
-    [entryPoints.foo]
-      # ...
-      [entryPoints.foo.http.redirections]
-        [entryPoints.foo.http.redirections.entryPoint]
-          to = "websecure"
-    ```
-    
-    ```yaml tab="File (YAML)"
-    entryPoints:
-      foo:
-        # ...
-        http:
-          redirections:
-            entryPoint:
-              to: websecure
-    ```
-    
-    ```bash tab="CLI"
-    --entrypoints.foo.http.redirections.entryPoint.to=websecure
-    ```
-
-??? info "`entryPoint.scheme`"
-    
-    _Optional, Default="https"_
-    
-    The redirection target scheme.
-
-    ```toml tab="File (TOML)"
-    [entryPoints.foo]
-      # ...
-      [entryPoints.foo.http.redirections]
-        [entryPoints.foo.http.redirections.entryPoint]
-          # ...
-          scheme = "https"
-    ```
-    
-    ```yaml tab="File (YAML)"
-    entryPoints:
-      foo:
-        # ...
-        http:
-          redirections:
-            entryPoint:
-              # ...
-              scheme: https
-    ```
-    
-    ```bash tab="CLI"
-    --entrypoints.foo.http.redirections.entryPoint.scheme=https
-    ```
-
-??? info "`entryPoint.permanent`"
-   
-    _Optional, Default=true_
-    
-    To apply a permanent redirection.
-
-    ```toml tab="File (TOML)"
-    [entryPoints.foo]
-      # ...
-      [entryPoints.foo.http.redirections]
-        [entryPoints.foo.http.redirections.entryPoint]
-          # ...
-          permanent = true
-    ```
-    
-    ```yaml tab="File (YAML)"
-    entryPoints:
-      foo:
-        # ...
-        http:
-          redirections:
-            entryPoint:
-              # ...
-              permanent: true
-    ```
-    
-    ```bash tab="CLI"
-    --entrypoints.foo.http.redirections.entrypoint.permanent=true
-    ```
-
-??? info "`entryPoint.priority`"
-  
-    _Optional, Default=1_
-    
-    Priority of the generated router.
-
-    ```toml tab="File (TOML)"
-    [entryPoints.foo]
-      # ...
-      [entryPoints.foo.http.redirections]
-        [entryPoints.foo.http.redirections.entryPoint]
-          # ...
-          priority = 10
-    ```
-    
-    ```yaml tab="File (YAML)"
-    entryPoints:
-      foo:
-        # ...
-        http:
-          redirections:
-            entryPoint:
-              # ...
-              priority: 10
-    ```
-    
-    ```bash tab="CLI"
-    --entrypoints.foo.http.redirections.entrypoint.priority=10
-    ```
-
-### Middlewares
-
-The list of middlewares that are prepended by default to the list of middlewares of each router associated to the named entry point.
-
-```toml tab="File (TOML)"
-[entryPoints.websecure]
-  address = ":443"
-
-  [entryPoints.websecure.http]
-    middlewares = ["auth@file", "strip@file"]
-```
-
-```yaml tab="File (YAML)"
-entryPoints:
-  websecure:
-    address: ':443'
-    http:
-      middlewares:
-        - auth@file
-        - strip@file
-```
-
-```bash tab="CLI"
-entrypoints.websecure.address=:443
-entrypoints.websecure.http.middlewares=auth@file,strip@file
-```
-
-### TLS
-
-This section is about the default TLS configuration applied to all routers associated with the named entry point.
-
-If a TLS section (i.e. any of its fields) is user-defined, then the default configuration does not apply at all.
-
-The TLS section is the same as the [TLS section on HTTP routers](./routers/index.md#tls).
-
-```toml tab="File (TOML)"
-[entryPoints.websecure]
-  address = ":443"
-
-    [entryPoints.websecure.http.tls]
-      options = "foobar"
-      certResolver = "leresolver"
-      [[entryPoints.websecure.http.tls.domains]]
-        main = "example.com"
-        sans = ["foo.example.com", "bar.example.com"]
-      [[entryPoints.websecure.http.tls.domains]]
-        main = "test.com"
-        sans = ["foo.test.com", "bar.test.com"]
-```
-
-```yaml tab="File (YAML)"
-entryPoints:
-  websecure:
-    address: ':443'
-    http:
-      tls:
-        options: foobar
-        certResolver: leresolver
-        domains:
-          - main: example.com
-            sans:
-              - foo.example.com
-              - bar.example.com
-          - main: test.com
-            sans:
-              - foo.test.com
-              - bar.test.com
-```
-
-```bash tab="CLI"
-entrypoints.websecure.address=:443
-entrypoints.websecure.http.tls.options=foobar
-entrypoints.websecure.http.tls.certResolver=leresolver
-entrypoints.websecure.http.tls.domains[0].main=example.com
-entrypoints.websecure.http.tls.domains[0].sans=foo.example.com,bar.example.com
-entrypoints.websecure.http.tls.domains[1].main=test.com
-entrypoints.websecure.http.tls.domains[1].sans=foo.test.com,bar.test.com
-```
-
-??? example "Let's Encrypt"
-    
-    ```toml tab="File (TOML)"
-    [entryPoints.websecure]
-      address = ":443"
-    
-        [entryPoints.websecure.http.tls]
-          certResolver = "leresolver"
-    ```
-    
-    ```yaml tab="File (YAML)"
-    entryPoints:
-      websecure:
-        address: ':443'
-        http:
-          tls:
-            certResolver: leresolver
-    ```
-    
-    ```bash tab="CLI"
-    entrypoints.websecure.address=:443
-    entrypoints.websecure.http.tls.certResolver=leresolver
-    ```

docs/content/routing/overview.md

@@ -66,7 +66,7 @@ Dynamic configuration:
   [http.routers]
      # Define a connection between requests and services
      [http.routers.to-whoami]
-      rule = "Host(`example.com`) && PathPrefix(`/whoami/`)"
+      rule = "Host(`domain`) && PathPrefix(`/whoami/`)"
       # If the rule matches, applies the middleware
       middlewares = ["test-user"]
       # If the rule matches, forward to the whoami service (declared below)
@@ -90,7 +90,7 @@ http:
   routers:
     # Define a connection between requests and services
     to-whoami:
-      rule: "Host(`example.com`) && PathPrefix(`/whoami/`)"
+      rule: "Host(`domain`) && PathPrefix(`/whoami/`)"
        # If the rule matches, applies the middleware
       middlewares:
       - test-user
@@ -122,7 +122,7 @@ http:
     In this example, we've defined routing rules for http requests only.
     Traefik also supports TCP requests. To add [TCP routers](./routers/index.md) and [TCP services](./services/index.md), declare them in a TCP section like in the following.
 
-    ??? example "Adding a TCP route for TLS requests on whoami.example.com"
+    ??? example "Adding a TCP route for TLS requests on whoami.traefik.io"
 
         **Static Configuration**
         
@@ -165,7 +165,7 @@ http:
           [http.routers]
             # Define a connection between requests and services
             [http.routers.to-whoami]
-              rule = "Host(`example.com`) && PathPrefix(`/whoami/`)"
+              rule = "Host(`domain`) && PathPrefix(`/whoami/`)"
               # If the rule matches, applies the middleware
               middlewares = ["test-user"]
               # If the rule matches, forward to the whoami service (declared below)
@@ -185,7 +185,7 @@ http:
         [tcp]
           [tcp.routers]
             [tcp.routers.to-whoami-tcp]
-              rule = "HostSNI(`whoami-tcp.example.com`)"
+              rule = "HostSNI(`whoami-tcp.traefik.io`)"
               service = "whoami-tcp"
               [tcp.routers.to-whoami-tcp.tls]
 
@@ -202,7 +202,7 @@ http:
           routers:
             # Define a connection between requests and services
             to-whoami:
-              rule: Host(`example.com`) && PathPrefix(`/whoami/`)
+              rule: Host(`domain`) && PathPrefix(`/whoami/`)
               # If the rule matches, applies the middleware
               middlewares:
               - test-user
@@ -227,7 +227,7 @@ http:
           routers:
             to-whoami-tcp:
               service: whoami-tcp
-              rule: HostSNI(`whoami-tcp.example.com`)
+              rule: HostSNI(`whoami-tcp.traefik.io`)
 
           services:
             whoami-tcp:

docs/content/routing/providers/consul-catalog.md

@@ -24,14 +24,14 @@ The Service automatically gets a server per instance in this consul Catalog serv
 
 To update the configuration of the Router automatically attached to the service, add tags starting with `traefik.routers.{name-of-your-choice}.` and followed by the option you want to change.
 
-For example, to change the rule, you could add the tag ```traefik.http.routers.my-service.rule=Host(`example.com`)```.
+For example, to change the rule, you could add the tag ```traefik.http.routers.my-service.rule=Host(`mydomain.com`)```.
 
 ??? info "`traefik.http.routers.<router_name>.rule`"
     
     See [rule](../routers/index.md#rule) for more information.
     
     ```yaml
-    traefik.http.routers.myrouter.rule=Host(`example.com`)
+    traefik.http.routers.myrouter.rule=Host(`mydomain.com`)
     ```
 
 ??? info "`traefik.http.routers.<router_name>.entrypoints`"
@@ -79,7 +79,7 @@ For example, to change the rule, you could add the tag ```traefik.http.routers.m
     See [domains](../routers/index.md#domains) for more information.
     
     ```yaml
-    traefik.http.routers.myrouter.tls.domains[0].main=example.org
+    traefik.http.routers.myrouter.tls.domains[0].main=foobar.com
     ```
 
 ??? info "`traefik.http.routers.<router_name>.tls.domains[n].sans`"
@@ -87,7 +87,7 @@ For example, to change the rule, you could add the tag ```traefik.http.routers.m
     See [domains](../routers/index.md#domains) for more information.
     
     ```yaml
-    traefik.http.routers.myrouter.tls.domains[0].sans=test.example.org,dev.example.org
+    traefik.http.routers.myrouter.tls.domains[0].sans=test.foobar.com,dev.foobar.com
     ```
 
 ??? info "`traefik.http.routers.<router_name>.tls.options`"
@@ -150,7 +150,7 @@ you'd add the tag `traefik.http.services.{name-of-your-choice}.loadbalancer.pass
     See [health check](../services/index.md#health-check) for more information.
     
     ```yaml
-    traefik.http.services.myservice.loadbalancer.healthcheck.hostname=example.org
+    traefik.http.services.myservice.loadbalancer.healthcheck.hostname=foobar.com
     ```
 
 ??? info "`traefik.http.services.<service_name>.loadbalancer.healthcheck.interval`"
@@ -193,14 +193,6 @@ you'd add the tag `traefik.http.services.{name-of-your-choice}.loadbalancer.pass
     traefik.http.services.myservice.loadbalancer.healthcheck.timeout=10
     ```
 
-??? info "`traefik.http.services.<service_name>.loadbalancer.healthcheck.followredirects`"
-    
-    See [health check](../services/index.md#health-check) for more information.
-    
-    ```yaml
-    traefik.http.services.myservice.loadbalancer.healthcheck.followredirects=true
-    ```
-
 ??? info "`traefik.http.services.<service_name>.loadbalancer.sticky`"
     
     See [sticky sessions](../services/index.md#sticky-sessions) for more information.
@@ -279,7 +271,7 @@ You can declare TCP Routers and/or Services using tags.
 ??? example "Declaring TCP Routers and Services"
 
     ```yaml
-    traefik.tcp.routers.my-router.rule=HostSNI(`example.com`)
+    traefik.tcp.routers.my-router.rule=HostSNI(`my-host.com`)
     traefik.tcp.routers.my-router.tls=true
     traefik.tcp.services.my-service.loadbalancer.server.port=4123
     ```
@@ -304,7 +296,7 @@ You can declare TCP Routers and/or Services using tags.
     See [rule](../routers/index.md#rule_1) for more information.
     
     ```yaml
-    traefik.tcp.routers.mytcprouter.rule=HostSNI(`example.com`)
+    traefik.tcp.routers.mytcprouter.rule=HostSNI(`myhost.com`)
     ```
 
 ??? info "`traefik.tcp.routers.<router_name>.service`"
@@ -336,7 +328,7 @@ You can declare TCP Routers and/or Services using tags.
     See [domains](../routers/index.md#domains_1) for more information.
     
     ```yaml
-    traefik.tcp.routers.mytcprouter.tls.domains[0].main=example.org
+    traefik.tcp.routers.mytcprouter.tls.domains[0].main=foobar.com
     ```
 
 ??? info "`traefik.tcp.routers.<router_name>.tls.domains[n].sans`"
@@ -344,7 +336,7 @@ You can declare TCP Routers and/or Services using tags.
     See [domains](../routers/index.md#domains_1) for more information.
     
     ```yaml
-    traefik.tcp.routers.mytcprouter.tls.domains[0].sans=test.example.org,dev.example.org
+    traefik.tcp.routers.mytcprouter.tls.domains[0].sans=test.foobar.com,dev.foobar.com
     ```
 
 ??? info "`traefik.tcp.routers.<router_name>.tls.options`"
@@ -381,50 +373,6 @@ You can declare TCP Routers and/or Services using tags.
     traefik.tcp.services.mytcpservice.loadbalancer.terminationdelay=100
     ```
 
-### UDP
-
-You can declare UDP Routers and/or Services using tags.
-
-??? example "Declaring UDP Routers and Services"
-
-    ```yaml
-    traefik.udp.routers.my-router.entrypoints=udp
-    traefik.udp.services.my-service.loadbalancer.server.port=4123
-    ```
-
-!!! warning "UDP and HTTP"
-
-    If you declare a UDP Router/Service, it will prevent Traefik from automatically creating an HTTP Router/Service (like it does by default if no UDP Router/Service is defined).
-    You can declare both a UDP Router/Service and an HTTP Router/Service for the same consul service (but you have to do so manually).
-
-#### UDP Routers
-
-??? info "`traefik.udp.routers.<router_name>.entrypoints`"
-    
-    See [entry points](../routers/index.md#entrypoints_2) for more information.
-    
-    ```yaml
-    traefik.udp.routers.myudprouter.entrypoints=ep1,ep2
-    ```
-
-??? info "`traefik.udp.routers.<router_name>.service`"
-    
-    See [service](../routers/index.md#services_1) for more information.
-    
-    ```yaml
-    traefik.udp.routers.myudprouter.service=myservice
-    ```
-
-#### UDP Services
-
-??? info "`traefik.udp.services.<service_name>.loadbalancer.server.port`"
-    
-    Registers a port of the application.
-    
-    ```yaml
-    traefik.udp.services.myudpservice.loadbalancer.server.port=423
-    ```
-
 ### Specific Provider Options
 
 #### `traefik.enable`

docs/content/routing/providers/crd_ingress_route.yml

@@ -0,0 +1,28 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: ingressroutes.traefik.containo.us
+
+spec:
+  group: traefik.containo.us
+  version: v1alpha1
+  names:
+    kind: IngressRoute
+    plural: ingressroutes
+    singular: ingressroute
+  scope: Namespaced
+
+---
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: ingressroutetcps.traefik.containo.us
+
+spec:
+  group: traefik.containo.us
+  version: v1alpha1
+  names:
+    kind: IngressRouteTCP
+    plural: ingressroutetcps
+    singular: ingressroutetcp
+  scope: Namespaced

docs/content/routing/providers/crd_middlewares.yml

@@ -0,0 +1,13 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: middlewares.traefik.containo.us
+
+spec:
+  group: traefik.containo.us
+  version: v1alpha1
+  names:
+    kind: Middleware
+    plural: middlewares
+    singular: middleware
+  scope: Namespaced

docs/content/routing/providers/crd_tls_option.yml

@@ -0,0 +1,13 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: tlsoptions.traefik.containo.us
+
+spec:
+  group: traefik.containo.us
+  version: v1alpha1
+  names:
+    kind: TLSOption
+    plural: tlsoptions
+    singular: tlsoption
+  scope: Namespaced

docs/content/routing/providers/crd_traefikservice.yml

@@ -0,0 +1,13 @@
+apiVersion: apiextensions.k8s.io/v1beta1
+kind: CustomResourceDefinition
+metadata:
+  name: traefikservices.traefik.containo.us
+
+spec:
+  group: traefik.containo.us
+  version: v1alpha1
+  names:
+    kind: TraefikService
+    plural: traefikservices
+    singular: traefikservice
+  scope: Namespaced

docs/content/routing/providers/docker.md

@@ -34,12 +34,12 @@ Attach labels to your containers and let Traefik do the rest!
       my-container:
         # ...
         labels:
-          - traefik.http.routers.my-container.rule=Host(`example.com`)
+          - traefik.http.routers.my-container.rule=Host(`mydomain.com`)
     ```
 
 ??? example "Specify a Custom Port for the Container"
 
-    Forward requests for `http://example.com` to `http://<private IP of container>:12345`:
+    Forward requests for `http://mydomain.com` to `http://<private IP of container>:12345`:
 
     ```yaml
     version: "3"
@@ -47,7 +47,7 @@ Attach labels to your containers and let Traefik do the rest!
       my-container:
         # ...
         labels:
-          - traefik.http.routers.my-container.rule=Host(`example.com`)
+          - traefik.http.routers.my-container.rule=Host(`mydomain.com`)
           # Tell Traefik to use the port 12345 to connect to `my-container`
           - traefik.http.services.my-service.loadbalancer.server.port=12345
     ```
@@ -94,7 +94,7 @@ Attach labels to your containers and let Traefik do the rest!
       my-container:
         deploy:
           labels:
-            - traefik.http.routers.my-container.rule=Host(`example.com`)
+            - traefik.http.routers.my-container.rule=Host(`mydomain.com`)
             - traefik.http.services.my-container-service.loadbalancer.server.port=8080
     ```
 
@@ -127,7 +127,7 @@ and the router automatically gets a rule defined by `defaultRule` (if no rule fo
 
     ```yaml
     labels:
-      - "traefik.http.routers.myproxy.rule=Host(`example.net`)"
+      - "traefik.http.routers.myproxy.rule=Host(`foo.com`)"
       # service myservice gets automatically assigned to router myproxy
       - "traefik.http.services.myservice.loadbalancer.server.port=80"
     ```
@@ -140,7 +140,7 @@ and the router automatically gets a rule defined by `defaultRule` (if no rule fo
     labels:
       # no service specified or defined and yet one gets automatically created
       # and assigned to router myproxy.
-      - "traefik.http.routers.myproxy.rule=Host(`example.net`)"
+      - "traefik.http.routers.myproxy.rule=Host(`foo.com`)"
     ```
 
 ### Routers
@@ -148,7 +148,7 @@ and the router automatically gets a rule defined by `defaultRule` (if no rule fo
 To update the configuration of the Router automatically attached to the container,
 add labels starting with `traefik.http.routers.<name-of-your-choice>.` and followed by the option you want to change.
 
-For example, to change the rule, you could add the label ```traefik.http.routers.my-container.rule=Host(`example.com`)```.
+For example, to change the rule, you could add the label ```traefik.http.routers.my-container.rule=Host(`mydomain.com`)```.
 
 !!! warning "The character `@` is not authorized in the router name `<router_name>`."
 
@@ -157,7 +157,7 @@ For example, to change the rule, you could add the label ```traefik.http.routers
     See [rule](../routers/index.md#rule) for more information.
 
     ```yaml
-    - "traefik.http.routers.myrouter.rule=Host(`example.com`)"
+    - "traefik.http.routers.myrouter.rule=Host(`mydomain.com`)"
     ```
 
 ??? info "`traefik.http.routers.<router_name>.entrypoints`"
@@ -205,7 +205,7 @@ For example, to change the rule, you could add the label ```traefik.http.routers
     See [domains](../routers/index.md#domains) for more information.
 
     ```yaml
-    - "traefik.http.routers.myrouter.tls.domains[0].main=example.org"
+    - "traefik.http.routers.myrouter.tls.domains[0].main=foobar.com"
     ```
 
 ??? info "`traefik.http.routers.<router_name>.tls.domains[n].sans`"
@@ -213,7 +213,7 @@ For example, to change the rule, you could add the label ```traefik.http.routers
     See [domains](../routers/index.md#domains) for more information.
 
     ```yaml
-    - "traefik.http.routers.myrouter.tls.domains[0].sans=test.example.org,dev.example.org"
+    - "traefik.http.routers.myrouter.tls.domains[0].sans=test.foobar.com,dev.foobar.com"
     ```
 
 ??? info "`traefik.http.routers.<router_name>.tls.options`"
@@ -283,7 +283,7 @@ you'd add the label `traefik.http.services.<name-of-your-choice>.loadbalancer.pa
     See [health check](../services/index.md#health-check) for more information.
 
     ```yaml
-    - "traefik.http.services.myservice.loadbalancer.healthcheck.hostname=example.org"
+    - "traefik.http.services.myservice.loadbalancer.healthcheck.hostname=foobar.com"
     ```
 
 ??? info "`traefik.http.services.<service_name>.loadbalancer.healthcheck.interval`"
@@ -291,7 +291,7 @@ you'd add the label `traefik.http.services.<name-of-your-choice>.loadbalancer.pa
     See [health check](../services/index.md#health-check) for more information.
 
     ```yaml
-    - "traefik.http.services.myservice.loadbalancer.healthcheck.interval=10s"
+    - "traefik.http.services.myservice.loadbalancer.healthcheck.interval=10"
     ```
 
 ??? info "`traefik.http.services.<service_name>.loadbalancer.healthcheck.path`"
@@ -326,20 +326,12 @@ you'd add the label `traefik.http.services.<name-of-your-choice>.loadbalancer.pa
     - "traefik.http.services.myservice.loadbalancer.healthcheck.timeout=10"
     ```
 
-??? info "`traefik.http.services.<service_name>.loadbalancer.healthcheck.followredirects`"
-
-    See [health check](../services/index.md#health-check) for more information.
-
-    ```yaml
-    - "traefik.http.services.myservice.loadbalancer.healthcheck.followredirects=true"
-    ```
-
-??? info "`traefik.http.services.<service_name>.loadbalancer.sticky.cookie`"
+??? info "`traefik.http.services.<service_name>.loadbalancer.sticky`"
 
     See [sticky sessions](../services/index.md#sticky-sessions) for more information.
 
     ```yaml
-    - "traefik.http.services.myservice.loadbalancer.sticky.cookie=true"
+    - "traefik.http.services.myservice.loadbalancer.sticky=true"
     ```
 
 ??? info "`traefik.http.services.<service_name>.loadbalancer.sticky.cookie.httponly`"
@@ -422,7 +414,7 @@ You can declare TCP Routers and/or Services using labels.
          my-container:
            # ...
            labels:
-             - "traefik.tcp.routers.my-router.rule=HostSNI(`example.com`)"
+             - "traefik.tcp.routers.my-router.rule=HostSNI(`my-host.com`)"
              - "traefik.tcp.routers.my-router.tls=true"
              - "traefik.tcp.services.my-service.loadbalancer.server.port=4123"
     ```
@@ -447,7 +439,7 @@ You can declare TCP Routers and/or Services using labels.
     See [rule](../routers/index.md#rule_1) for more information.
 
     ```yaml
-    - "traefik.tcp.routers.mytcprouter.rule=HostSNI(`example.com`)"
+    - "traefik.tcp.routers.mytcprouter.rule=HostSNI(`myhost.com`)"
     ```
 
 ??? info "`traefik.tcp.routers.<router_name>.service`"
@@ -479,7 +471,7 @@ You can declare TCP Routers and/or Services using labels.
     See [domains](../routers/index.md#domains_1) for more information.
 
     ```yaml
-    - "traefik.tcp.routers.mytcprouter.tls.domains[0].main=example.org"
+    - "traefik.tcp.routers.mytcprouter.tls.domains[0].main=foobar.com"
     ```
 
 ??? info "`traefik.tcp.routers.<router_name>.tls.domains[n].sans`"
@@ -487,7 +479,7 @@ You can declare TCP Routers and/or Services using labels.
     See [domains](../routers/index.md#domains_1) for more information.
 
     ```yaml
-    - "traefik.tcp.routers.mytcprouter.tls.domains[0].sans=test.example.org,dev.example.org"
+    - "traefik.tcp.routers.mytcprouter.tls.domains[0].sans=test.foobar.com,dev.foobar.com"
     ```
 
 ??? info "`traefik.tcp.routers.<router_name>.tls.options`"
@@ -524,54 +516,6 @@ You can declare TCP Routers and/or Services using labels.
     - "traefik.tcp.services.mytcpservice.loadbalancer.terminationdelay=100"
     ```
 
-### UDP
-
-You can declare UDP Routers and/or Services using labels.
-
-??? example "Declaring UDP Routers and Services"
-
-    ```yaml
-       services:
-         my-container:
-           # ...
-           labels:
-             - "traefik.udp.routers.my-router.entrypoints=udp"
-             - "traefik.udp.services.my-service.loadbalancer.server.port=4123"
-    ```
-
-!!! warning "UDP and HTTP"
-
-    If you declare a UDP Router/Service, it will prevent Traefik from automatically creating an HTTP Router/Service (like it does by default if no UDP Router/Service is defined).
-    You can declare both a UDP Router/Service and an HTTP Router/Service for the same container (but you have to do so manually).
-
-#### UDP Routers
-
-??? info "`traefik.udp.routers.<router_name>.entrypoints`"
-
-    See [entry points](../routers/index.md#entrypoints_2) for more information.
-
-    ```yaml
-    - "traefik.udp.routers.myudprouter.entrypoints=ep1,ep2"
-    ```
-
-??? info "`traefik.udp.routers.<router_name>.service`"
-
-    See [service](../routers/index.md#services_1) for more information.
-
-    ```yaml
-    - "traefik.udp.routers.myudprouter.service=myservice"
-    ```
-
-#### UDP Services
-
-??? info "`traefik.udp.services.<service_name>.loadbalancer.server.port`"
-
-    Registers a port of the application.
-
-    ```yaml
-    - "traefik.udp.services.myudpservice.loadbalancer.server.port=423"
-    ```
-
 ### Specific Provider Options
 
 #### `traefik.enable`