Merge current v2.3 branch into master

2020-10-23 14:29:22 +02:00 · 2020-10-23 14:29:22 +02:00 · 4fccde84bd
commit 4fccde84bd
parent edb15a9346 ea459e9af0
26 changed files with 634 additions and 423 deletions
--- a/.gitignore
+++ b/.gitignore
@ -17,3 +17,4 @@
 cover.out
 vendor/
 plugins-storage/
 traefik_changelog.md
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -1,3 +1,23 @@
 ## [v2.3.2](https://github.com/traefik/traefik/tree/v2.3.2) (2020-10-19)
 [All Commits](https://github.com/traefik/traefik/compare/v2.3.1...v2.3.2)
 **Bug fixes:**
 - **[acme]** fix: restrict protocol for TLS Challenge. ([#7400](https://github.com/traefik/traefik/pull/7400) by [ldez](https://github.com/ldez))
 - **[acme]** fix: use provider keytype instead of account keytype. ([#7387](https://github.com/traefik/traefik/pull/7387) by [mmatur](https://github.com/mmatur))
 - **[acme]** acme: Fix race condition in LocalStore during saving. ([#7355](https://github.com/traefik/traefik/pull/7355) by [walkline](https://github.com/walkline))
 - **[plugins]** fix: update Yaegi to v0.9.4 ([#7426](https://github.com/traefik/traefik/pull/7426) by [ldez](https://github.com/ldez))
 - **[udp]** fix: udp json struct tag ([#7375](https://github.com/traefik/traefik/pull/7375) by [mschneider82](https://github.com/mschneider82))
 **Documentation:**
 - **[consulcatalog]** fix: Consul Catalog address documentation. ([#7429](https://github.com/traefik/traefik/pull/7429) by [ldez](https://github.com/ldez))
 - **[middleware]** Moving Provider Namespace documentation topic to Configuration Discovery section ([#7423](https://github.com/traefik/traefik/pull/7423) by [AndrewSav](https://github.com/AndrewSav))
 - **[pilot]** fix: pilot static configuration documentation ([#7399](https://github.com/traefik/traefik/pull/7399) by [jbdoumenjou](https://github.com/jbdoumenjou))
 - **[plugins]** Revise Traefik Pilot documentation section ([#7427](https://github.com/traefik/traefik/pull/7427) by [PCM2](https://github.com/PCM2))
 - **[tls]** Adding details about the default TLS options to the documentation ([#7422](https://github.com/traefik/traefik/pull/7422) by [AndrewSav](https://github.com/AndrewSav))
 - doc: add YAML sample. ([#7397](https://github.com/traefik/traefik/pull/7397) by [ldez](https://github.com/ldez))
 - Fix containous links in readme ([#7394](https://github.com/traefik/traefik/pull/7394) by [kevinpollet](https://github.com/kevinpollet))
 - Fix broken logo ([#7390](https://github.com/traefik/traefik/pull/7390) by [Bencey](https://github.com/Bencey))
 ## [v2.3.1](https://github.com/traefik/traefik/tree/v2.3.1) (2020-09-28)
 [All Commits](https://github.com/traefik/traefik/compare/v2.3.0...v2.3.1)
--- a/docs/content/assets/styles/product-switcher.css
+++ b/docs/content/assets/styles/product-switcher.css
@ -20,5 +20,5 @@
 .product-switcher .nav-dropdown-menu--products .nav-dropdown-menu-wrapper {
  width: auto;
-  height: auto;
+  height: 335px;
 }
--- a/docs/content/contributing/maintainers.md
+++ b/docs/content/contributing/maintainers.md
@ -11,75 +11,20 @@
 * Ludovic Fernandez [@ldez](https://github.com/ldez)
 * Julien Salleyron [@juliens](https://github.com/juliens)
 * Nicolas Mengin [@nmengin](https://github.com/nmengin)
-* Marco Jantke [@marco-jantke](https://github.com/marco-jantke)
+* Marco Jantke [@mjantke](https://github.com/mjeri)
 * Michaël Matur [@mmatur](https://github.com/mmatur)
 * Gérald Croës [@geraldcroes](https://github.com/geraldcroes)
 * Jean-Baptiste Doumenjou [@jbdoumenjou](https://github.com/jbdoumenjou)
 * Mathieu Lonjaret [@mpl](https://github.com/mpl)
 * Romain Tribotté [@rtribotte](https://github.com/rtribotte)
-## Contributions Daily Meeting
+## Issue Triage
-* 3 Maintainers should attend to a Contributions Daily Meeting where we sort and label new issues ([is:issue label:status/0-needs-triage](https://github.com/traefik/traefik/issues?utf8=%E2%9C%93&q=is%3Aissue+label%3Astatus%2F0-needs-triage+)), and review every Pull Requests
+Issues and PRs are triaged daily and the process for triaging may be found under [triaging issues](https://github.com/traefik/contributors-guide/blob/master/issue_triage.md) in our [contributors guide repository](https://github.com/traefik/contributors-guide).
 * Every pull request should be checked during the Contributions Daily Meeting
    * Even if it’s already assigned
    * Even PR labelled with `contributor/waiting-for-corrections` or `contributor/waiting-for-feedback`
 * Issues labeled with `priority/P0` and `priority/P1` should be assigned.
 * Modifying an issue or a pull request (labels, assignees, milestone) is only possible:
    * During the Contributions Daily Meeting
    * By an assigned maintainer
    * In case of emergency, if a change proposal is approved by 2 other maintainers (on Slack, Discord, Discourse, etc)
 ## PR review process:
-* The status `needs-design-review` is only used in complex/heavy/tricky PRs.
+The process for reviewing PRs may be found under [review guidelines](https://github.com/traefik/contributors-guide/blob/master/review_guidelines.md) in our contributors guide repository.
 * From `1` to `2`: 1 comment that says “design LGTM” (by a senior maintainer).
 * From `2` to `3`: 3 LGTM approvals by any maintainer.
 * If needed, a specific maintainer familiar with a particular domain can be requested for the review.
 * If a PR has been implemented in pair programming, one peer's LGTM goes into the review for free
 * Amending someone else's pull request is authorized only in emergency, if a rebase is needed, or if the initial contributor is silent
 We use [PRM](https://github.com/ldez/prm) to manage locally pull requests.
 ## Bots
 ### [Myrmica Lobicornis](https://github.com/traefik/lobicornis/)
 Update and Merge Pull Request.
 The maintainer giving the final LGTM must add the `status/3-needs-merge` label to trigger the merge bot.
 By default, a squash-rebase merge will be carried out.
 To preserve commits, add `bot/merge-method-rebase` before `status/3-needs-merge`.
 The status `status/4-merge-in-progress` is only used by the bot.
 If the bot is not able to perform the merge, the label `bot/need-human-merge` is added.  
 In such a situation, solve the conflicts/CI/... and then remove the label `bot/need-human-merge`.
 To prevent the bot from automatically merging a PR, add the label `bot/no-merge`.
 The label `bot/light-review` decreases the number of required LGTM from 3 to 1.
 This label is used when:
 * Updating the vendors from previously reviewed PRs
 * Merging branches into the master
 * Preparing the release
 ### [Myrmica Bibikoffi](https://github.com/traefik/bibikoffi/)
 * closes stale issues [cron]
    * use some criterion as number of days between creation, last update, labels, ...
 ### [Myrmica Aloba](https://github.com/traefik/aloba)
 Manage GitHub labels.
 * Add labels on new PR [GitHub WebHook]
 * Add milestone to a new PR based on a branch version (1.4, 1.3, ...) [GitHub WebHook]
 * Add and remove `contributor/waiting-for-corrections` label when a review request changes [GitHub WebHook]
 * Weekly report of PR status on Slack (CaptainPR) [cron]
 ## Labels
--- a/docs/content/contributing/submitting-pull-requests.md
+++ b/docs/content/contributing/submitting-pull-requests.md
@ -5,41 +5,5 @@ A Quick Guide for Efficient Contributions
 So you've decided to improve Traefik? 
 Thank You! 
 Now the last step is to submit your Pull Request in a way that makes sure it gets the attention it deserves.
-Let's go through the classic pitfalls to make sure everything is right. 
+Please review the [guidelines on creating PRs](https://github.com/traefik/contributors-guide/blob/master/pr_guidelines.md) for Traefik in our [contributors guide repository](https://github.com/traefik/contributors-guide).
 ## Title
 The title must be short and descriptive. (~60 characters)
 ## Description
 Follow the [pull request template](https://github.com/traefik/traefik/blob/master/.github/PULL_REQUEST_TEMPLATE.md) as much as possible.
 Explain the conditions which led you to write this PR: give us context.
 The context should lead to something, an idea or a problem that you’re facing.
 Remain clear and concise.
 Take time to polish the format of your message so we'll enjoy reading it and working on it.
 Help the readers focus on what matters, and help them understand the structure of your message (see the [Github Markdown Syntax](https://help.github.com/articles/github-flavored-markdown)).
 ## PR Content
 - Make it small.
 - One feature per Pull Request.
 - Write useful descriptions and titles.
 - Avoid re-formatting code that is not on the path of your PR.
 - Make sure the [code builds](building-testing.md).
 - Make sure [all tests pass](building-testing.md).
 - Add tests.
 - Address review comments in terms of additional commits (and don't amend/squash existing ones unless the PR is trivial).
 !!! note "Third-Party Dependencies"
    If a PR involves changes to third-party dependencies, the commits pertaining to the vendor folder and the manifest/lock file(s) should be committed separated.
 !!! tip "10 Tips for Better Pull Requests"
    We enjoyed this article, maybe you will too! [10 tips for better pull requests](https://blog.ploeh.dk/2015/01/15/10-tips-for-better-pull-requests/).
--- a/docs/content/https/tls.md
+++ b/docs/content/https/tls.md
@ -134,14 +134,23 @@ If no default certificate is provided, Traefik generates and uses a self-signed
 The TLS options allow one to configure some parameters of the TLS connection.
 !!! important "'default' TLS Option"
    The `default` option is special.
    When no tls options are specified in a tls router, the `default` option is used.  
    When specifying the `default` option explicitly, make sure not to specify provider namespace as the `default` option does not have one.  
    Conversely, for cross-provider references, for example, when referencing the file provider from a docker label,
    you must specify the provider namespace, for example:  
    `traefik.http.routers.myrouter.tls.options=myoptions@file`
 !!! important "TLSOptions in Kubernetes"
    When using the TLSOptions-CRD in Kubernetes, one might setup a default set of options that,
-    if not explicitly overwritten, should apply to all ingresses. To achieve that, you'll have to
+    if not explicitly overwritten, should apply to all ingresses.  
-    create a TLSOptions CR with the name `default`. There may exist only one TLSOption with the 
+    To achieve that, you'll have to create a TLSOptions CR with the name `default`.
-    name `default` (across all namespaces) - otherwise they will be dropped.  
+    There may exist only one TLSOption with the name `default` (across all namespaces) - otherwise they will be dropped.  
-    To explicitly use a different TLSOption (and using the Kubernetes Ingress resources) you'll 
+    To explicitly use a different TLSOption (and using the Kubernetes Ingress resources)
-    have to add an annotation to the Ingress in the following form:
+    you'll have to add an annotation to the Ingress in the following form:
    `traefik.ingress.kubernetes.io/router.tls.options: <resource-namespace>-<resource-name>@kubernetescrd`
 ### Minimum TLS Version
--- a/docs/content/middlewares/overview.md
+++ b/docs/content/middlewares/overview.md
@ -11,6 +11,11 @@ There are several available middleware in Traefik, some can modify the request,
 Pieces of middleware can be combined in chains to fit every scenario.
 !!! warning "Provider Namespace"
    Be aware of the concept of Providers Namespace described in the [Configuration Discovery](../providers/overview.md#provider-namespace) section. 
    It also applies to Middlewares.
 ## Configuration Example
 ```yaml tab="Docker"
@ -128,106 +133,6 @@ http:
          - url: "http://127.0.0.1:80"
 ```
 ## Provider Namespace
 When you declare a middleware, it lives in its provider's namespace.
 For example, if you declare a middleware using a Docker label, under the hoods, it will reside in the docker provider namespace.
 If you use multiple providers and wish to reference a middleware declared in another provider
 (aka referencing a cross-provider middleware),
 then you'll have to append to the middleware name, the `@` separator, followed by the provider name.
 ```text
 <resource-name>@<provider-name>
 ```
 !!! important "Kubernetes Namespace"
    As Kubernetes also has its own notion of namespace, one should not confuse the "provider namespace"
    with the "kubernetes namespace" of a resource when in the context of a cross-provider usage.
    In this case, since the definition of the middleware is not in kubernetes,
    specifying a "kubernetes namespace" when referring to the resource does not make any sense,
    and therefore this specification would be ignored even if present.
    On the other hand, if you declare the middleware as a Custom Resource in Kubernetes and use the 
    non-crd Ingress objects, you'll have to add the kubernetes namespace of the middleware to the 
    annotation like this `<middleware-namespace>-<middleware-name>@kubernetescrd`.
 !!! abstract "Referencing a Middleware from Another Provider"
    Declaring the add-foo-prefix in the file provider.
    ```toml tab="File (TOML)"
    [http.middlewares]
      [http.middlewares.add-foo-prefix.addPrefix]
        prefix = "/foo"
    ```
    ```yaml tab="File (YAML)"
    http:
      middlewares:
        add-foo-prefix:
          addPrefix:
            prefix: "/foo"
    ```
    Using the add-foo-prefix middleware from other providers:
    ```yaml tab="Docker"
    your-container: #
      image: your-docker-image
      labels:
        # Attach add-foo-prefix@file middleware (declared in file)
        - "traefik.http.routers.my-container.middlewares=add-foo-prefix@file"
    ```
    ```yaml tab="Kubernetes Ingress Route"
    apiVersion: traefik.containo.us/v1alpha1
    kind: IngressRoute
    metadata:
      name: ingressroutestripprefix
    spec:
      entryPoints:
        - web
      routes:
        - match: Host(`example.com`)
          kind: Rule
          services:
            - name: whoami
              port: 80
          middlewares:
            - name: add-foo-prefix@file
            # namespace: bar
            # A namespace specification such as above is ignored
            # when the cross-provider syntax is used.
    ```
    ```yaml tab="Kubernetes Ingress"
    apiVersion: traefik.containo.us/v1alpha1
    kind: Middleware
    metadata:
      name: stripprefix
      namespace: appspace
    spec:
      stripPrefix:
        prefixes:
          - /stripit
    ---
    apiVersion: networking.k8s.io/v1
    kind: Ingress
    metadata:
      name: ingress
      namespace: appspace
      annotations:
        # referencing a middleware from Kubernetes CRD provider: 
        # <middleware-namespace>-<middleware-name>@kubernetescrd
        "traefik.ingress.kubernetes.io/router.middlewares": appspace-stripprefix@kubernetescrd
    spec:
      # ... regular ingress definition
    ```
 ## Available Middlewares
 | Middleware                                | Purpose                                           | Area                        |
--- a/docs/content/observability/access-logs.md
+++ b/docs/content/observability/access-logs.md
@ -74,7 +74,7 @@ The available filters are:
 - `statusCodes`, to limit the access logs to requests with a status codes in the specified range
 - `retryAttempts`, to keep the access logs when at least one retry has happened
- `minDuration`, to keep access logs when requests take longer than the specified duration
+- `minDuration`, to keep access logs when requests take longer than the specified duration (provided in seconds or as a valid duration format, see [time.ParseDuration](https://golang.org/pkg/time/#ParseDuration))
 ```toml tab="File (TOML)"
 # Configuring Multiple Filters
@ -198,7 +198,7 @@ accessLog:
    | `RequestScheme`         | The HTTP scheme requested `http` or `https`.                                                                                                                        |
    | `RequestLine`           | `RequestMethod` + `RequestPath` + `RequestProtocol`                                                                                                                 |
    | `RequestContentSize`    | The number of bytes in the request entity (a.k.a. body) sent by the client.                                                                                         |
-    | `OriginDuration`        | The time taken by the origin server ('upstream') to return its response.                                                                                            |
+    | `OriginDuration`        | The time taken (in nanoseconds) by the origin server ('upstream') to return its response.                                                                                            |
    | `OriginContentSize`     | The content length specified by the origin server, or 0 if unspecified.                                                                                             |
    | `OriginStatus`          | The HTTP status code returned by the origin server. If the request was handled by this Traefik instance (e.g. with a redirect), then this value will be absent.     |
    | `OriginStatusLine`      | `OriginStatus` + Status code explanation                                                                                                                            |
@ -207,7 +207,7 @@ accessLog:
    | `DownstreamContentSize` | The number of bytes in the response entity returned to the client. This is in addition to the "Content-Length" header, which may be present in the origin response. |
    | `RequestCount`          | The number of requests received since the Traefik instance started.                                                                                                 |
    | `GzipRatio`             | The response body compression ratio achieved.                                                                                                                       |
-    | `Overhead`              | The processing time overhead caused by Traefik.                                                                                                                     |
+    | `Overhead`              | The processing time overhead (in nanoseconds) caused by Traefik.                                                                                                                     |
    | `RetryAttempts`         | The amount of attempts the request was retried.                                                                                                                     |
 ## Log Rotation
--- a/docs/content/plugins/index.md
+++ b/docs/content/plugins/index.md
@ -0,0 +1,49 @@
 # Plugins and Traefik Pilot
 Traefik Pilot is a software-as-a-service (SaaS) platform that connects to Traefik to extend its capabilities.
 It offers a number of features to enhance observability and control of Traefik through a global control plane and dashboard, including:
 * Metrics for network activity of Traefik proxies and groups of proxies
 * Alerts for service health issues and security vulnerabilities
 * Plugins that extend the functionality of Traefik
 !!! important "Learn More About Traefik Pilot"
    This section is intended only as a brief overview for Traefik users who are not familiar with Traefik Pilot. 
    To explore all that Traefik Pilot has to offer, please consult the [Traefik Pilot Documentation](https://doc.traefik.io/traefik-pilot/)
 !!! Note "Prerequisites"
    Traefik Pilot is compatible with Traefik Proxy 2.3 or later.
 ## Connecting to Traefik Pilot
 To connect your Traefik proxies to Traefik Pilot, login or create an account at the [Traefik Pilot homepage](https://pilot.traefik.io) and choose **Register New Traefik Instance**.
 To complete the connection, Traefik Pilot will issue a token that must be added to your Traefik static configuration, according to the instructions provided by the Traefik Pilot dashboard.
 For more information, consult the [Quick Start Guide](https://doc.traefik.io/traefik-pilot/connecting/)
 Health and security alerts for registered Traefik instances can be enabled from the Preferences in your [Traefik Pilot Profile](https://pilot.traefik.io/profile).
 ## Plugins
 Plugins are available to any Traefik proxies that are connected to Traefik Pilot.
 They are a powerful feature for extending Traefik with custom features and behaviors.
 You can browse community-contributed plugins from the catalog in the [Traefik Pilot Dashboard](https://pilot.traefik.io/plugins).
 To add a new plugin to a Traefik instance, you must modify that instance's static configuration.
 The code to be added is provided for you when you choose **Install the Plugin** from the Traefik Pilot dashboard.
 To learn more about Traefik plugins, consult the [documentation](https://doc.traefik.io/traefik-pilot/plugins/overview/).
 !!! danger "Experimental Features"
    Plugins can potentially modify the behavior of Traefik in unforeseen ways.
    Exercise caution when adding new plugins to production Traefik instances.
 ## Build Your Own Plugins
 Traefik users can create their own plugins and contribute them to the Traefik Pilot catalog to share them with the community.
 Traefik plugins are loaded dynamically. 
 They need not be compiled, and no complex toolchain is necessary to build them. 
 The experience of implementing a Traefik plugin is comparable to writing a web browser extension.
 To learn more and see code for example Traefik plugins, please see the [developer documentation](https://doc.traefik.io/traefik-pilot/plugins/plugin-dev/).
--- a/docs/content/plugins/overview.md
+++ b/docs/content/plugins/overview.md
@ -1,38 +0,0 @@
 # Plugins and Traefik Pilot
 Overview
 {: .subtitle}
 Traefik Pilot is a software-as-a-service (SaaS) platform that connects to Traefik to extend its capabilities.
 It does this through *plugins*, which are dynamically loaded components that enable new features.
 For example, Traefik plugins can add features to modify requests or headers, issue redirects, add authentication, and so on, providing similar functionality to Traefik [middlewares](https://doc.traefik.io/traefik/middlewares/overview/).
 Traefik Pilot can also monitor connected Traefik instances and issue alerts when one is not responding, or when it is subject to security vulnerabilities.
 !!! note "Availability"
    Plugins are available for Traefik v2.3.0-rc1 and later.
 !!! danger "Experimental Features"
    Plugins can potentially modify the behavior of Traefik in unforeseen ways.
    Exercise caution when adding new plugins to production Traefik instances.
 ## Connecting to Traefik Pilot
 Plugins are available when a Traefik instance is connected to Traefik Pilot.
 To register a new instance and begin working with plugins, login or create an account at the [Traefik Pilot homepage](https://pilot.traefik.io) and choose **Register New Instance**.
 To complete the connection, Traefik Pilot will issue a token that must be added to your Traefik static configuration by following the instructions provided.
 !!! note "Enabling Alerts" 
    Health and security alerts for registered Traefik instances can be enabled from the Preferences in your [Traefik Pilot Profile](https://pilot.traefik.io/profile).
 ## Creating Plugins
 Traefik users can create their own plugins and contribute them to the Traefik Pilot catalog to share them with the community.
 Plugins are written in [Go](https://golang.org/) and their code is executed by an [embedded Go interpreter](https://github.com/traefik/yaegi).
 There is no need to compile binaries and all plugins are 100% cross-platform.
 To learn more and see code for example Traefik plugins, please see the [developer documentation](https://github.com/traefik/plugindemo).
--- a/docs/content/plugins/using-plugins.md
+++ b/docs/content/plugins/using-plugins.md
@ -1,122 +0,0 @@
 # Using Plugins
 Plugins are available to any instance of Traefik v2.3 or later that is [registered](overview.md#connecting-to-traefik-pilot) with Traefik Pilot.
 Plugins are hosted on GitHub, but you can browse plugins to add to your registered Traefik instances from the Traefik Pilot UI.
 !!! danger "Experimental Features"
    Plugins can potentially modify the behavior of Traefik in unforeseen ways.
    Exercise caution when adding new plugins to production Traefik instances.
 ## Add a Plugin
 To add a new plugin to a Traefik instance, you must modify that instance's static configuration.
 The code to be added is provided by the Traefik Pilot UI when you choose **Install the Plugin**.
 In the example below, we add the [`blockpath`](http://github.com/traefik/plugin-blockpath) and [`rewritebody`](https://github.com/traefik/plugin-rewritebody) plugins:
 ```toml tab="File (TOML)"
 [entryPoints]
  [entryPoints.web]
    address = ":80"
 [pilot]
  token = "xxxxxxxxx"
 [experimental.plugins]
  [experimental.plugins.block]
    modulename = "github.com/traefik/plugin-blockpath"
    version = "v0.2.0"
  [experimental.plugins.rewrite]
    modulename = "github.com/traefik/plugin-rewritebody"
    version = "v0.3.0"
 ```
 ```yaml tab="File (YAML)"
 entryPoints:
  web:
    address: :80
 pilot:
    token: xxxxxxxxx
 experimental:
  plugins:
    block:
      modulename: github.com/traefik/plugin-blockpath
      version: v0.2.0
    rewrite:
      modulename: github.com/traefik/plugin-rewritebody
      version: v0.3.0
 ```
 ```bash tab="CLI"
 --entryPoints.web.address=:80
 --pilot.token=xxxxxxxxx
 --experimental.plugins.block.modulename=github.com/traefik/plugin-blockpath
 --experimental.plugins.block.version=v0.2.0
 --experimental.plugins.rewrite.modulename=github.com/traefik/plugin-rewritebody
 --experimental.plugins.rewrite.version=v0.3.0
 ```
 ## Configuring Plugins
 Some plugins will need to be configured by adding a dynamic configuration.
 For the `bodyrewrite` plugin, for example:
 ```yaml tab="Docker"
 labels:
  - "traefik.http.middlewares.my-rewritebody.plugin.rewrite.rewrites[0].regex=example"
  - "traefik.http.middlewares.my-rewritebody.plugin.rewrite.rewrites[0].replacement=test"
 ```
 ```yaml tab="Kubernetes"
 apiVersion: traefik.containo.us/v1alpha1
 kind: Middleware
 metadata:
  name: my-rewritebody
 spec:
  plugin:
    rewrite:
      rewrites:
        - regex: example
          replacement: test
 ```
 ```yaml tab="Consul Catalog"
 - "traefik.http.middlewares.my-rewritebody.plugin.rewrite.rewrites[0].regex=example"
 - "traefik.http.middlewares.my-rewritebody.plugin.rewrite.rewrites[0].replacement=test"
 ```
 ```json tab="Marathon"
 "labels": {
  "traefik.http.middlewares.my-rewritebody.plugin.rewrite.rewrites[0].regex": "example",
  "traefik.http.middlewares.my-rewritebody.plugin.rewrite.rewrites[0].replacement": "test"
 }
 ```
 ```yaml tab="Rancher"
 labels:
  - "traefik.http.middlewares.my-rewritebody.plugin.rewrite.rewrites[0].regex=example"
  - "traefik.http.middlewares.my-rewritebody.plugin.rewrite.rewrites[0].replacement=test"
 ```
 ```toml tab="File (TOML)"
 [http.middlewares]
   [http.middlewares.my-rewritebody.plugin.rewrite]
    lastModified = true
    [[http.middlewares.my-rewritebody.plugin.rewrite.rewrites]]
       regex = "example"
      replacement = "test"
 ```
 ```yaml tab="File (YAML)"
 http:
  middlewares:
    my-rewritebody:
      plugin:
        rewrite:
          rewrites:
            - regex: example
              replacement: test
 ```
--- a/docs/content/providers/consul-catalog.md
+++ b/docs/content/providers/consul-catalog.md
@ -164,12 +164,12 @@ Defines the Consul server endpoint.
 #### `address`
-_Optional, Default="http://127.0.0.1:8500"_
+_Optional, Default="127.0.0.1:8500"_
 ```toml tab="File (TOML)"
 [providers.consulCatalog]
  [providers.consulCatalog.endpoint]
-    address = "http://127.0.0.1:8500"
+    address = "127.0.0.1:8500"
    # ...
 ```
@ -177,12 +177,12 @@ _Optional, Default="http://127.0.0.1:8500"_
 providers:
  consulCatalog:
    endpoint:
-      address: http://127.0.0.1:8500
+      address: 127.0.0.1:8500
    # ...
 ```
 ```bash tab="CLI"
--providers.consulcatalog.endpoint.address=http://127.0.0.1:8500
+--providers.consulcatalog.endpoint.address=127.0.0.1:8500
 # ...
 ```
--- a/docs/content/providers/docker.md
+++ b/docs/content/providers/docker.md
@ -144,8 +144,8 @@ You can specify which Docker API Endpoint to use with the directive [`endpoint`]
    Accessing the Docker API without any restriction is a security concern:
    If Traefik is attacked, then the attacker might get access to the underlying host.
    {: #security-note }
-    
+
-    As explained in the Docker documentation: ([Docker Daemon Attack Surface page](https://docs.docker.com/engine/security/security/#docker-daemon-attack-surface)):
+    As explained in the Docker documentation: ([Docker Daemon Attack Surface page](https://docs.docker.com/engine/security/#docker-daemon-attack-surface)):
    !!! quote
        [...] only **trusted** users should be allowed to control your Docker daemon [...]
--- a/docs/content/providers/overview.md
+++ b/docs/content/providers/overview.md
@ -22,6 +22,106 @@ Even if each provider is different, we can categorize them in four groups:
 - Annotation based (a separate object, with annotations, defines the characteristics of the container)
 - File based (the good old configuration file)
 ## Provider Namespace
 When you declare certain objects, in Traefik dynamic configuration,
 such as middleware, service, TLS options or servers transport, they live in its provider's namespace.
 For example, if you declare a middleware using a Docker label, under the hoods, it will reside in the docker provider namespace.
 If you use multiple providers and wish to reference such an object declared in another provider 
 (aka referencing a cross-provider object, e.g. middleware), then you'll have to append the `@` separator, 
 followed by the provider name to the object name.
 ```text
 <resource-name>@<provider-name>
 ```
 !!! important "Kubernetes Namespace"
    As Kubernetes also has its own notion of namespace,
    one should not confuse the "provider namespace" with the "kubernetes namespace" of a resource when in the context of a cross-provider usage.  
    In this case, since the definition of a traefik dynamic configuration object is not in kubernetes,
    specifying a "kubernetes namespace" when referring to the resource does not make any sense,
    and therefore this specification would be ignored even if present.  
    On the other hand, if you, say, declare a middleware as a Custom Resource in Kubernetes and use the non-crd Ingress objects,
    you'll have to add the Kubernetes namespace of the middleware to the annotation like this `<middleware-namespace>-<middleware-name>@kubernetescrd`.
 !!! abstract "Referencing a Traefik dynamic configuration object from Another Provider"
    Declaring the add-foo-prefix in the file provider.
    ```toml tab="File (TOML)"
    [http.middlewares]
      [http.middlewares.add-foo-prefix.addPrefix]
        prefix = "/foo"
    ```
    ```yaml tab="File (YAML)"
    http:
      middlewares:
        add-foo-prefix:
          addPrefix:
            prefix: "/foo"
    ```
    Using the add-foo-prefix middleware from other providers:
    ```yaml tab="Docker"
    your-container: #
      image: your-docker-image
      labels:
        # Attach add-foo-prefix@file middleware (declared in file)
        - "traefik.http.routers.my-container.middlewares=add-foo-prefix@file"
    ```
    ```yaml tab="Kubernetes Ingress Route"
    apiVersion: traefik.containo.us/v1alpha1
    kind: IngressRoute
    metadata:
      name: ingressroutestripprefix
    spec:
      entryPoints:
        - web
      routes:
        - match: Host(`example.com`)
          kind: Rule
          services:
            - name: whoami
              port: 80
          middlewares:
            - name: add-foo-prefix@file
            # namespace: bar
            # A namespace specification such as above is ignored
            # when the cross-provider syntax is used.
    ```
    ```yaml tab="Kubernetes Ingress"
    apiVersion: traefik.containo.us/v1alpha1
    kind: Middleware
    metadata:
      name: stripprefix
      namespace: appspace
    spec:
      stripPrefix:
        prefixes:
          - /stripit
    ---
    apiVersion: networking.k8s.io/v1
    kind: Ingress
    metadata:
      name: ingress
      namespace: appspace
      annotations:
        # referencing a middleware from Kubernetes CRD provider: 
        # <middleware-namespace>-<middleware-name>@kubernetescrd
        "traefik.ingress.kubernetes.io/router.middlewares": appspace-stripprefix@kubernetescrd
    spec:
      # ... regular ingress definition
    ```
 ## Supported Providers 
 Below is the list of the currently supported providers in Traefik. 
--- a/docs/content/reference/static-configuration/cli-ref.md
+++ b/docs/content/reference/static-configuration/cli-ref.md
@ -340,7 +340,7 @@ Constraints is an expression that Traefik matches against the container's labels
 Default rule. (Default: ```Host(`{{ normalize .Name }}`)```)
 `--providers.consulcatalog.endpoint.address`:  
-The address of the Consul server (Default: ```http://127.0.0.1:8500```)
+The address of the Consul server (Default: ```127.0.0.1:8500```)
 `--providers.consulcatalog.endpoint.datacenter`:  
 Data center to use. If not provided, the default agent data center is used
--- a/docs/content/reference/static-configuration/env-ref.md
+++ b/docs/content/reference/static-configuration/env-ref.md
@ -313,7 +313,7 @@ Constraints is an expression that Traefik matches against the container's labels
 Default rule. (Default: ```Host(`{{ normalize .Name }}`)```)
 `TRAEFIK_PROVIDERS_CONSULCATALOG_ENDPOINT_ADDRESS`:  
-The address of the Consul server (Default: ```http://127.0.0.1:8500```)
+The address of the Consul server (Default: ```127.0.0.1:8500```)
 `TRAEFIK_PROVIDERS_CONSULCATALOG_ENDPOINT_DATACENTER`:  
 Data center to use. If not provided, the default agent data center is used
--- a/docs/content/routing/entrypoints.md
+++ b/docs/content/routing/entrypoints.md
@ -212,8 +212,8 @@ If both TCP and UDP are wanted for the same port, two entryPoints definitions ar
    ```
    ```bash tab="CLI"
-    entrypoints.specificIPv4.address=192.168.2.7:8888
+    --entrypoints.specificIPv4.address=192.168.2.7:8888
-    entrypoints.specificIPv6.address=[2001:db8::1]:8888
+    --entrypoints.specificIPv6.address=[2001:db8::1]:8888
    ```
    Full details for how to specify `address` can be found in [net.Listen](https://golang.org/pkg/net/#Listen) (and [net.Dial](https://golang.org/pkg/net/#Dial)) of the doc for go.
@ -745,8 +745,8 @@ entryPoints:
 ```
 ```bash tab="CLI"
-entrypoints.websecure.address=:443
+--entrypoints.websecure.address=:443
-entrypoints.websecure.http.middlewares=auth@file,strip@file
+--entrypoints.websecure.http.middlewares=auth@file,strip@file
 ```
 ### TLS
@ -792,13 +792,13 @@ entryPoints:
 ```
 ```bash tab="CLI"
-entrypoints.websecure.address=:443
+--entrypoints.websecure.address=:443
-entrypoints.websecure.http.tls.options=foobar
+--entrypoints.websecure.http.tls.options=foobar
-entrypoints.websecure.http.tls.certResolver=leresolver
+--entrypoints.websecure.http.tls.certResolver=leresolver
-entrypoints.websecure.http.tls.domains[0].main=example.com
+--entrypoints.websecure.http.tls.domains[0].main=example.com
-entrypoints.websecure.http.tls.domains[0].sans=foo.example.com,bar.example.com
+--entrypoints.websecure.http.tls.domains[0].sans=foo.example.com,bar.example.com
-entrypoints.websecure.http.tls.domains[1].main=test.com
+--entrypoints.websecure.http.tls.domains[1].main=test.com
-entrypoints.websecure.http.tls.domains[1].sans=foo.test.com,bar.test.com
+--entrypoints.websecure.http.tls.domains[1].sans=foo.test.com,bar.test.com
 ```
 ??? example "Let's Encrypt"
@ -821,6 +821,6 @@ entrypoints.websecure.http.tls.domains[1].sans=foo.test.com,bar.test.com
    ```
    ```bash tab="CLI"
-    entrypoints.websecure.address=:443
+    --entrypoints.websecure.address=:443
-    entrypoints.websecure.http.tls.certResolver=leresolver
+    --entrypoints.websecure.http.tls.certResolver=leresolver
    ```
--- a/docs/content/routing/overview.md
+++ b/docs/content/routing/overview.md
@ -228,6 +228,7 @@ http:
            to-whoami-tcp:
              service: whoami-tcp
              rule: HostSNI(`whoami-tcp.example.com`)
              tls: {}
          services:
            whoami-tcp:
--- a/docs/content/routing/providers/kubernetes-ingress.md
+++ b/docs/content/routing/providers/kubernetes-ingress.md
@ -114,16 +114,11 @@ which in turn will create the resulting routers, services, handlers, etc.
            - name: traefik
              image: traefik:v2.3
              args:
                - --log.level=DEBUG
                - --api
                - --api.insecure
                - --entrypoints.web.address=:80
                - --providers.kubernetesingress
              ports:
                - name: web
                  containerPort: 80
                - name: admin
                  containerPort: 8080
    ---
    apiVersion: v1
@ -139,10 +134,6 @@ which in turn will create the resulting routers, services, handlers, etc.
          port: 80
          name: web
          targetPort: 80
        - protocol: TCP
          port: 8080
          name: admin
          targetPort: 8080
    ```
    ```yaml tab="Whoami"
@ -340,27 +331,379 @@ Please see [this documentation](https://kubernetes.io/docs/concepts/services-net
 ## TLS
-### Communication Between Traefik and Pods
+### Enabling TLS via HTTP Options on Entrypoint
-Traefik automatically requests endpoint information based on the service provided in the ingress spec.
+TLS can be enabled through the [HTTP options](../entrypoints.md#tls) of an Entrypoint:
 Although Traefik will connect directly to the endpoints (pods),
 it still checks the service port to see if TLS communication is required.
-There are 3 ways to configure Traefik to use https to communicate with pods:
+```bash tab="CLI"
 # Static configuration
 --entrypoints.websecure.address=:443
 --entrypoints.websecure.http.tls
 ```
-1. If the service port defined in the ingress spec is `443` (note that you can still use `targetPort` to use a different port on your pod).
+```toml tab="File (TOML)"
-1. If the service port defined in the ingress spec has a name that starts with https (such as `https-api`, `https-web` or just `https`).
+# Static configuration
-1. If the ingress spec includes the annotation `traefik.ingress.kubernetes.io/service.serversscheme: https`.
+[entryPoints.websecure]
  address = ":443"
-If either of those configuration options exist, then the backend communication protocol is assumed to be TLS,
+    [entryPoints.websecure.http.tls]
-and will connect via TLS automatically.
+```
-!!! info
+```yaml tab="File (YAML)"
 # Static configuration
 entryPoints:
  websecure:
    address: ':443'
    http:
      tls: {}
 ```
 This way, any Ingress attached to this Entrypoint will have TLS termination by default.
 ??? example "Configuring Kubernetes Ingress Controller with TLS on Entrypoint"
-    Please note that by enabling TLS communication between traefik and your pods,
+    ```yaml tab="RBAC"
-    you will have to have trusted certificates that have the proper trust chain and IP subject name.
+    ---
-    If this is not an option, you may need to skip TLS certificate verification.
+    kind: ClusterRole
-    See the [insecureSkipVerify](../../routing/overview.md#insecureskipverify) setting for more details.
+    apiVersion: rbac.authorization.k8s.io/v1beta1
    metadata:
      name: traefik-ingress-controller
    rules:
      - apiGroups:
          - ""
        resources:
          - services
          - endpoints
          - secrets
        verbs:
          - get
          - list
          - watch
      - apiGroups:
          - extensions
          - networking.k8s.io
        resources:
          - ingresses
          - ingressclasses
        verbs:
          - get
          - list
          - watch
      - apiGroups:
          - extensions
        resources:
          - ingresses/status
        verbs:
          - update
    ---
    kind: ClusterRoleBinding
    apiVersion: rbac.authorization.k8s.io/v1beta1
    metadata:
      name: traefik-ingress-controller
    roleRef:
      apiGroup: rbac.authorization.k8s.io
      kind: ClusterRole
      name: traefik-ingress-controller
    subjects:
      - kind: ServiceAccount
        name: traefik-ingress-controller
        namespace: default
    ```
    ```yaml tab="Ingress"
    kind: Ingress
    apiVersion: networking.k8s.io/v1beta1
    metadata:
      name: myingress
      annotations:
        traefik.ingress.kubernetes.io/router.entrypoints: websecure
    spec:
      rules:
        - host: example.com
          http:
            paths:
              - path: /bar
                backend:
                  serviceName: whoami
                  servicePort: 80
              - path: /foo
                backend:
                  serviceName: whoami
                  servicePort: 80
    ```
    ```yaml tab="Traefik"
    apiVersion: v1
    kind: ServiceAccount
    metadata:
      name: traefik-ingress-controller
    ---
    kind: Deployment
    apiVersion: apps/v1
    metadata:
      name: traefik
      labels:
        app: traefik
    spec:
      replicas: 1
      selector:
        matchLabels:
          app: traefik
      template:
        metadata:
          labels:
            app: traefik
        spec:
          serviceAccountName: traefik-ingress-controller
          containers:
            - name: traefik
              image: traefik:v2.3
              args:
                - --entrypoints.websecure.address=:443
                - --entrypoints.websecure.http.tls
                - --providers.kubernetesingress
              ports:
                - name: websecure
                  containerPort: 443
    ---
    apiVersion: v1
    kind: Service
    metadata:
      name: traefik
    spec:
      type: LoadBalancer
      selector:
        app: traefik
      ports:
        - protocol: TCP
          port: 443
          name: websecure
          targetPort: 443
    ```
    ```yaml tab="Whoami"
    kind: Deployment
    apiVersion: apps/v1
    metadata:
      name: whoami
      labels:
        app: traefiklabs
        name: whoami
    spec:
      replicas: 2
      selector:
        matchLabels:
          app: traefiklabs
          task: whoami
      template:
        metadata:
          labels:
            app: traefiklabs
            task: whoami
        spec:
          containers:
            - name: whoami
              image: traefik/whoami
              ports:
                - containerPort: 80
    ---
    apiVersion: v1
    kind: Service
    metadata:
      name: whoami
    spec:
      ports:
        - name: http
          port: 80
      selector:
        app: traefiklabs
        task: whoami
    ```
 ### Enabling TLS via Annotations
 To enable TLS on the underlying router created from an Ingress, one should configure it through annotations:
 ```yaml
 traefik.ingress.kubernetes.io/router.tls: "true"
 ```
 For more options, please refer to the available [annotations](#on-ingress).
 ??? example "Configuring Kubernetes Ingress Controller with TLS"
    ```yaml tab="RBAC"
    ---
    kind: ClusterRole
    apiVersion: rbac.authorization.k8s.io/v1beta1
    metadata:
      name: traefik-ingress-controller
    rules:
      - apiGroups:
          - ""
        resources:
          - services
          - endpoints
          - secrets
        verbs:
          - get
          - list
          - watch
      - apiGroups:
          - extensions
          - networking.k8s.io
        resources:
          - ingresses
          - ingressclasses
        verbs:
          - get
          - list
          - watch
      - apiGroups:
          - extensions
        resources:
          - ingresses/status
        verbs:
          - update
    ---
    kind: ClusterRoleBinding
    apiVersion: rbac.authorization.k8s.io/v1beta1
    metadata:
      name: traefik-ingress-controller
    roleRef:
      apiGroup: rbac.authorization.k8s.io
      kind: ClusterRole
      name: traefik-ingress-controller
    subjects:
      - kind: ServiceAccount
        name: traefik-ingress-controller
        namespace: default
    ```
    ```yaml tab="Ingress"
    kind: Ingress
    apiVersion: networking.k8s.io/v1beta1
    metadata:
      name: myingress
      annotations:
        traefik.ingress.kubernetes.io/router.entrypoints: websecure
        traefik.ingress.kubernetes.io/router.tls: true
    spec:
      rules:
        - host: example.com
          http:
            paths:
              - path: /bar
                backend:
                  serviceName: whoami
                  servicePort: 80
              - path: /foo
                backend:
                  serviceName: whoami
                  servicePort: 80
    ```
    ```yaml tab="Traefik"
    apiVersion: v1
    kind: ServiceAccount
    metadata:
      name: traefik-ingress-controller
    ---
    kind: Deployment
    apiVersion: apps/v1
    metadata:
      name: traefik
      labels:
        app: traefik
    spec:
      replicas: 1
      selector:
        matchLabels:
          app: traefik
      template:
        metadata:
          labels:
            app: traefik
        spec:
          serviceAccountName: traefik-ingress-controller
          containers:
            - name: traefik
              image: traefik:v2.3
              args:
                - --entrypoints.websecure.address=:443
                - --providers.kubernetesingress
              ports:
                - name: websecure
                  containerPort: 443
    ---
    apiVersion: v1
    kind: Service
    metadata:
      name: traefik
    spec:
      type: LoadBalancer
      selector:
        app: traefik
      ports:
        - protocol: TCP
          port: 443
          name: websecure
          targetPort: 443
    ```
    ```yaml tab="Whoami"
    kind: Deployment
    apiVersion: apps/v1
    metadata:
      name: whoami
      labels:
        app: traefiklabs
        name: whoami
    spec:
      replicas: 2
      selector:
        matchLabels:
          app: traefiklabs
          task: whoami
      template:
        metadata:
          labels:
            app: traefiklabs
            task: whoami
        spec:
          containers:
            - name: whoami
              image: traefik/whoami
              ports:
                - containerPort: 80
    ---
    apiVersion: v1
    kind: Service
    metadata:
      name: whoami
    spec:
      ports:
        - name: http
          port: 80
      selector:
        app: traefiklabs
        task: whoami
    ```
 ### Certificates Management
@ -382,7 +725,9 @@ and will connect via TLS automatically.
            backend:
              serviceName: service1
              servicePort: 80
-    
+      # Only selects which certificate(s) should be loaded from the secret, in order to terminate TLS.
      # Doesn't enable TLS for that ingress (hence for the underlying router).
      # Please see the TLS annotations on ingress made for that purpose.
      tls:
      - secretName: supersecret
    ```
@ -405,6 +750,28 @@ TLS certificates can be managed in Secrets objects.
    Only TLS certificates provided by users can be stored in Kubernetes Secrets.
    [Let's Encrypt](../../https/acme.md) certificates cannot be managed in Kubernetes Secrets yet.
 ### Communication Between Traefik and Pods
 Traefik automatically requests endpoint information based on the service provided in the ingress spec.
 Although Traefik will connect directly to the endpoints (pods),
 it still checks the service port to see if TLS communication is required.
 There are 3 ways to configure Traefik to use https to communicate with pods:
 1. If the service port defined in the ingress spec is `443` (note that you can still use `targetPort` to use a different port on your pod).
 1. If the service port defined in the ingress spec has a name that starts with https (such as `https-api`, `https-web` or just `https`).
 1. If the ingress spec includes the annotation `traefik.ingress.kubernetes.io/service.serversscheme: https`.
 If either of those configuration options exist, then the backend communication protocol is assumed to be TLS,
 and will connect via TLS automatically.
 !!! info
    Please note that by enabling TLS communication between traefik and your pods,
    you will have to have trusted certificates that have the proper trust chain and IP subject name.
    If this is not an option, you may need to skip TLS certificate verification.
    See the [insecureSkipVerify](../../routing/overview.md#insecureskipverify) setting for more details.
 ## Global Default Backend Ingresses
 Ingresses can be created that look like the following:
--- a/docs/mkdocs.yml
+++ b/docs/mkdocs.yml
@ -133,9 +133,7 @@ nav:
      - 'Retry': 'middlewares/retry.md'
      - 'StripPrefix': 'middlewares/stripprefix.md'
      - 'StripPrefixRegex': 'middlewares/stripprefixregex.md'
-  - 'Plugins & Traefik Pilot':
+  - 'Plugins & Traefik Pilot': 'plugins/index.md'
      - 'Overview': 'plugins/overview.md'
      - 'Using Plugins': 'plugins/using-plugins.md'
  - 'Operations':
      - 'CLI': 'operations/cli.md'
      - 'Dashboard' : 'operations/dashboard.md'
--- a/docs/theme/partials/product-switcher.html
+++ b/docs/theme/partials/product-switcher.html
@ -43,6 +43,18 @@
            </a>
          </div>
          <div class="dm-item">
            <div class="dmi-image pilot">
              <img src="{{ 'assets/images/traefik-pilot-logo.svg' | url }}" alt="Traefik Pilot Documentation" />
            </div>
            <a class="dmi-details" href="https://doc.traefik.io/traefik-pilot/">
              <div class="dmi-title">Traefik Pilot</div>
              <div class="dmi-description">
                Monitor and Manage your Traefik Instances
              </div>
            </a>
          </div>
        </div>
      </div>
    </div>
--- a/go.mod
+++ b/go.mod
@ -72,7 +72,7 @@ require (
 	github.com/stvp/go-udp-testing v0.0.0-20191102171040-06b61409b154
 	github.com/tinylib/msgp v1.0.2 // indirect
 	github.com/traefik/paerser v0.1.0
-	github.com/traefik/yaegi v0.9.0
+	github.com/traefik/yaegi v0.9.4
 	github.com/uber/jaeger-client-go v2.25.0+incompatible
 	github.com/uber/jaeger-lib v2.2.0+incompatible
 	github.com/unrolled/render v1.0.2
--- a/go.sum
+++ b/go.sum
@ -788,8 +788,8 @@ github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5 h1:LnC5Kc
 github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
 github.com/traefik/paerser v0.1.0 h1:B4v1tbvd8YnHsA7spwHKEWJoGrRP+2jYpIozsCMHhl0=
 github.com/traefik/paerser v0.1.0/go.mod h1:yYnAgdEC2wJH5CgG75qGWC8SsFDEapg09o9RrA6FfrE=
-github.com/traefik/yaegi v0.9.0 h1:v9of1gq/5gR/XeohnboeCNGSJnw1CqiYf6xyBwQSNqI=
+github.com/traefik/yaegi v0.9.4 h1:ZyxSsvpzZTTTbvE2ODjRkOvq6kYT3dIZDqUfCZJYDtw=
-github.com/traefik/yaegi v0.9.0/go.mod h1:FAYnRlZyuVlEkvnkHq3bvJ1lW5be6XuwgLdkYgYG6Lk=
+github.com/traefik/yaegi v0.9.4/go.mod h1:FAYnRlZyuVlEkvnkHq3bvJ1lW5be6XuwgLdkYgYG6Lk=
 github.com/transip/gotransip/v6 v6.2.0 h1:0Z+qVsyeiQdWfcAUeJyF0IEKAPvhJwwpwPi2WGtBIiE=
 github.com/transip/gotransip/v6 v6.2.0/go.mod h1:pQZ36hWWRahCUXkFWlx9Hs711gLd8J4qdgLdRzmtY+g=
 github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926/go.mod h1:9ESjWnEqriFuLhtthL60Sar/7RFoluCcXsuvEwTV5KM=
--- a/pkg/middlewares/accesslog/logger_formatters_test.go
+++ b/pkg/middlewares/accesslog/logger_formatters_test.go
@ -83,8 +83,8 @@ func TestCommonLogFormatter_Format(t *testing.T) {
 		},
 	}
-	// Set timezone to Alaska to have a constant behavior
+	// Set timezone to Etc/GMT+9 to have a constant behavior
-	os.Setenv("TZ", "US/Alaska")
+	os.Setenv("TZ", "Etc/GMT+9")
 	for _, test := range testCases {
 		test := test
--- a/pkg/provider/consulcatalog/consul_catalog.go
+++ b/pkg/provider/consulcatalog/consul_catalog.go
@ -66,7 +66,7 @@ type EndpointConfig struct {
 // SetDefaults sets the default values.
 func (c *EndpointConfig) SetDefaults() {
-	c.Address = "http://127.0.0.1:8500"
+	c.Address = "127.0.0.1:8500"
 }
 // EndpointHTTPAuthConfig holds configurations of the authentication.
--- a/script/gcg/traefik-bugfix.toml
+++ b/script/gcg/traefik-bugfix.toml
@ -4,11 +4,11 @@ RepositoryName = "traefik"
 OutputType = "file"
 FileName = "traefik_changelog.md"
-# example new bugfix v2.3.1
+# example new bugfix v2.3.2
 CurrentRef = "v2.3"
-PreviousRef = "v2.3.0"
+PreviousRef = "v2.3.1"
 BaseBranch = "v2.3"
-FutureCurrentRefName = "v2.3.1"
+FutureCurrentRefName = "v2.3.2"
 ThresholdPreviousRef = 10
 ThresholdCurrentRef = 10