baalajimaestro/traefik
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Merge v2.8 into master

Browse source
This commit is contained in:
romain 2022-09-13 17:17:58 +02:00
parent d531963f95 8ddc37d528
commit 693d5da1b9
44 changed files with 263 additions and 151 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

29
CHANGELOG.md
View file

@ -1,3 +1,32 @@
## [v2.8.5](https://github.com/traefik/traefik/tree/v2.8.5) (2022-09-13)
[All Commits](https://github.com/traefik/traefik/compare/v2.8.4...v2.8.5)
**Bug fixes:**
- **[plugins]** Update Yaegi to v0.14.2 ([#9327](https://github.com/traefik/traefik/pull/9327) by [kevinpollet](https://github.com/kevinpollet))
- **[server]** Fix IPv6 addr with square brackets ([#9313](https://github.com/traefik/traefik/pull/9313) by [moonlightwatch](https://github.com/moonlightwatch))
- **[webui,api]** Display default TLS options in the dashboard ([#9312](https://github.com/traefik/traefik/pull/9312) by [skwair](https://github.com/skwair))
**Documentation:**
- **[docker]** Add healthcheck timeout seconds to value ([#9306](https://github.com/traefik/traefik/pull/9306) by [fty4](https://github.com/fty4))
- Update deprecation notes about Pilot ([#9314](https://github.com/traefik/traefik/pull/9314) by [nmengin](https://github.com/nmengin))
- Added resources for businesses ([#9268](https://github.com/traefik/traefik/pull/9268) by [tomatokoolaid](https://github.com/tomatokoolaid))
## [v2.8.4](https://github.com/traefik/traefik/tree/v2.8.4) (2022-09-02)
[All Commits](https://github.com/traefik/traefik/compare/v2.8.3...v2.8.4)
**Bug fixes:**
- **[docker,docker/swarm]** Fix Docker provider mem leak on operation retries ([#9288](https://github.com/traefik/traefik/pull/9288) by [rtribotte](https://github.com/rtribotte))
- **[middleware]** Fix retry middleware on panic ([#9284](https://github.com/traefik/traefik/pull/9284) by [ldez](https://github.com/ldez))
- **[plugins]** Allow Traefik starting even if plugin service is unavailable ([#9287](https://github.com/traefik/traefik/pull/9287) by [ldez](https://github.com/ldez))
- chore: update paerser to v0.1.9 ([#9270](https://github.com/traefik/traefik/pull/9270) by [tomMoulard](https://github.com/tomMoulard))
**Documentation:**
- **[acme]** Fix infoblox acme provider documentation ([#9277](https://github.com/traefik/traefik/pull/9277) by [ldez](https://github.com/ldez))
- **[k8s/crd]** Fix serversTransport CRD documentation ([#9283](https://github.com/traefik/traefik/pull/9283) by [cuishuang](https://github.com/cuishuang))
- **[k8s/crd]** Fix k8s for example for rootCAs serversTransport ([#9274](https://github.com/traefik/traefik/pull/9274) by [ben-krieger](https://github.com/ben-krieger))
- **[k8s]** Add missing networking apiGroup in Kubernetes RBACs examples and references ([#9295](https://github.com/traefik/traefik/pull/9295) by [fibsifan](https://github.com/fibsifan))
- Update deprecation notes about Pilot ([#9300](https://github.com/traefik/traefik/pull/9300) by [nmengin](https://github.com/nmengin))
## [v2.8.3](https://github.com/traefik/traefik/tree/v2.8.3) (2022-08-12)
[All Commits](https://github.com/traefik/traefik/compare/v2.8.2...v2.8.3)

6
cmd/traefik/traefik.go
View file

@ -226,12 +226,16 @@ func setupServer(staticConfiguration *static.Configuration) (*server.Server, err
pluginBuilder, err := createPluginBuilder(staticConfiguration)
if err != nil {
return nil, err
log.WithoutContext().WithError(err).Error("Plugins are disabled because an error has occurred.")
}
// Providers plugins
for name, conf := range staticConfiguration.Providers.Plugin {
if pluginBuilder == nil {
break
}
p, err := pluginBuilder.BuildProvider(name, conf)
if err != nil {
return nil, fmt.Errorf("plugin: failed to build provider: %w", err)

4
docs/content/deprecation/features.md
View file

@ -14,12 +14,12 @@ This page is maintained and updated periodically to reflect our roadmap and any
### Pilot Dashboard (Metrics)
Metrics will continue to function normally up to 2.8, when they will be disabled.
In 2.9, the Pilot platform and all Traefik integration code will be permanently removed.
In 3.0, the Pilot platform and all Traefik integration code will be permanently removed.
### Pilot Plugins
Starting on 2.7 the pilot token will not be a requirement anymore.
At 2.9, a new plugin catalog home should be available, decoupled from pilot.
Since 2.8, a [new plugin catalog](https://plugins.traefik.io) is available, decoupled from pilot.
### Consul Enterprise Namespace

2
docs/content/getting-started/concepts.md
View file

@ -39,3 +39,5 @@ You no longer need to create and synchronize configuration files cluttered with
!!! question "How does Traefik discover the services?"
Traefik is able to use your cluster API to discover the services and read the attached information. In Traefik, these connectors are called [providers](../providers/overview.md) because they _provide_ the configuration to Traefik. To learn more about them, read the [provider overview](../providers/overview.md) section.
{!traefik-for-business-applications.md!}

15
docs/content/getting-started/configuration-overview.md
View file

@ -94,17 +94,4 @@ All the configuration options are documented in their related section.
You can browse the available features in the menu, the [providers](../providers/overview.md), or the [routing section](../routing/overview.md) to see them in action.
!!! question "Using Traefik for Business Applications?"
If you are using Traefik for commercial applications,
consider the [Enterprise Edition](https://traefik.io/traefik-enterprise/).
You can use it as your:
- [Kubernetes Ingress Controller](https://traefik.io/solutions/kubernetes-ingress/)
- [Load Balancer](https://traefik.io/solutions/docker-swarm-ingress/)
- [API Gateway](https://traefik.io/solutions/api-gateway/)
Traefik Enterprise enables centralized access management,
distributed Let's Encrypt,
and other advanced capabilities.
Learn more in [this 15-minute technical walkthrough](https://info.traefik.io/watch-traefikee-demo).
{!traefik-for-business-applications.md!}

15
docs/content/getting-started/install-traefik.md
View file

@ -179,17 +179,4 @@ And run it:
All the details are available in the [Contributing Guide](../contributing/building-testing.md)
!!! question "Using Traefik for Business Applications?"
If you are using Traefik for commercial applications,
consider the [Enterprise Edition](https://traefik.io/traefik-enterprise/).
You can use it as your:
- [Kubernetes Ingress Controller](https://traefik.io/solutions/kubernetes-ingress/)
- [Load Balancer](https://traefik.io/solutions/docker-swarm-ingress/)
- [API Gateway](https://traefik.io/solutions/api-gateway/)
Traefik Enterprise enables centralized access management,
distributed Let's Encrypt,
and other advanced capabilities.
Learn more in [this 15-minute technical walkthrough](https://info.traefik.io/watch-traefikee-demo).
{!traefik-for-business-applications.md!}

1
docs/content/getting-started/quick-start-with-kubernetes.md
View file

@ -53,6 +53,7 @@ rules:
- watch
- apiGroups:
- extensions
- networking.k8s.io
resources:
- ingresses/status
verbs:

15
docs/content/getting-started/quick-start.md
View file

@ -116,17 +116,4 @@ IP: 172.27.0.4
Now that you have a basic understanding of how Traefik can automatically create the routes to your services and load balance them, it is time to dive into [the documentation](/) and let Traefik work for you!
!!! question "Using Traefik for Business Applications?"
If you are using Traefik for commercial applications,
consider the [Enterprise Edition](https://traefik.io/traefik-enterprise/).
You can use it as your:
- [Kubernetes Ingress Controller](https://traefik.io/solutions/kubernetes-ingress/)
- [Load Balancer](https://traefik.io/solutions/docker-swarm-ingress/)
- [API Gateway](https://traefik.io/solutions/api-gateway/)
Traefik Enterprise enables centralized access management,
distributed Let's Encrypt,
and other advanced capabilities.
Learn more in [this 15-minute technical walkthrough](https://info.traefik.io/watch-traefikee-demo).
{!traefik-for-business-applications.md!}

19
docs/content/https/acme.md
View file

@ -661,23 +661,10 @@ certificatesResolvers:
If Let's Encrypt is not reachable, the following certificates will apply:
1. Previously generated ACME certificates (before downtime)
1. Expired ACME certificates
1. Provided certificates
2. Expired ACME certificates
3. Provided certificates
!!! important
For new (sub)domains which need Let's Encrypt authentication, the default Traefik certificate will be used until Traefik is restarted.
!!! question "Using Traefik for Business Applications?"
If you are using Traefik for commercial applications,
consider the [Enterprise Edition](https://traefik.io/traefik-enterprise/).
You can use it as your:
- [Kubernetes Ingress Controller](https://traefik.io/solutions/kubernetes-ingress/)
- [Load Balancer](https://traefik.io/solutions/docker-swarm-ingress/)
- [API Gateway](https://traefik.io/solutions/api-gateway/)
Traefik Enterprise enables centralized access management,
distributed Let's Encrypt,
and other advanced capabilities.
Learn more in [this 15-minute technical walkthrough](https://info.traefik.io/watch-traefikee-demo).
{!traefik-for-business-applications.md!}

2
docs/content/https/overview.md
View file

@ -19,3 +19,5 @@ The next sections of this documentation explain how to configure the TLS connect
That is to say, how to obtain [TLS certificates](./tls.md#certificates-definition):
either through a definition in the dynamic configuration, or through [Let's Encrypt](./acme.md) (ACME).
And how to configure [TLS options](./tls.md#tls-options), and [certificates stores](./tls.md#certificates-stores).
{!traefik-for-business-applications.md!}

2
docs/content/https/tls.md
View file

@ -490,3 +490,5 @@ spec:
- secretCA
clientAuthType: RequireAndVerifyClientCert
```
{!traefik-for-business-applications.md!}

4
docs/content/includes/.markdownlint.json Normal file
View file

@ -0,0 +1,4 @@
{
"extends": "../../.markdownlint.json",
"MD041": false
}

16
docs/content/includes/traefik-for-business-applications.md Normal file
View file

@ -0,0 +1,16 @@
---
!!! question "Using Traefik for Business Applications?"
If you are using Traefik for commercial applications,
consider the [Enterprise Edition](https://traefik.io/traefik-enterprise/).
You can use it as your:
- [Kubernetes Ingress Controller](https://traefik.io/solutions/kubernetes-ingress/)
- [Docker Swarm Ingress Controller](https://traefik.io/solutions/docker-swarm-ingress/)
- [API Gateway](https://traefik.io/solutions/api-gateway/)
Traefik Enterprise enables centralized access management,
distributed Let's Encrypt,
and other advanced capabilities.
Learn more in [this 15-minute technical walkthrough](https://info.traefik.io/watch-traefikee-demo).

2
docs/content/middlewares/http/headers.md
View file

@ -469,3 +469,5 @@ The `permissionsPolicy` allows sites to control browser features.
Set `isDevelopment` to `true` when developing to mitigate the unwanted effects of the `AllowedHosts`, SSL, and STS options.
Usually testing takes place using HTTP, not HTTPS, and on `localhost`, not your production domain.
If you would like your development environment to mimic production with complete Host blocking, SSL redirects, and STS headers, leave this as `false`.
{!traefik-for-business-applications.md!}

2
docs/content/middlewares/http/overview.md
View file

@ -157,3 +157,5 @@ http:
## Community Middlewares
Please take a look at the community-contributed plugins in the [plugin catalog](https://pilot.traefik.io/plugins).
{!traefik-for-business-applications.md!}

2
docs/content/middlewares/overview.md
View file

@ -129,3 +129,5 @@ http:
A list of HTTP middlewares can be found [here](http/overview.md).
A list of TCP middlewares can be found [here](tcp/overview.md).
{!traefik-for-business-applications.md!}

4
docs/content/migration/v2.md
View file

@ -50,6 +50,7 @@ rules:
- watch
- apiGroups:
- extensions
- networking.k8s.io
resources:
- ingresses
verbs:
@ -58,6 +59,7 @@ rules:
- watch
- apiGroups:
- extensions
- networking.k8s.io
resources:
- ingresses/status
verbs:
@ -147,6 +149,7 @@ rules:
- watch
- apiGroups:
- extensions
- networking.k8s.io
resources:
- ingresses
verbs:
@ -155,6 +158,7 @@ rules:
- watch
- apiGroups:
- extensions
- networking.k8s.io
resources:
- ingresses/status
verbs:

2
docs/content/operations/dashboard.md
View file

@ -128,3 +128,5 @@ api:
You can now access the dashboard on the port `8080` of the Traefik instance,
at the following URL: `http://<Traefik IP>:8080/dashboard/` (trailing slash is mandatory).
{!traefik-for-business-applications.md!}

15
docs/content/providers/docker.md
View file

@ -750,17 +750,4 @@ providers:
--providers.docker.allowEmptyServices=true
```
!!! question "Using Traefik for Business Applications?"
If you are using Traefik for commercial applications,
consider the [Enterprise Edition](https://traefik.io/traefik-enterprise/).
You can use it as your:
- [Kubernetes Ingress Controller](https://traefik.io/solutions/kubernetes-ingress/)
- [Load Balancer](https://traefik.io/solutions/docker-swarm-ingress/)
- [API Gateway](https://traefik.io/solutions/api-gateway/)
Traefik Enterprise enables centralized access management,
distributed Let's Encrypt,
and other advanced capabilities.
Learn more in [this 15-minute technical walkthrough](https://info.traefik.io/watch-traefikee-demo).
{!traefik-for-business-applications.md!}

2
docs/content/providers/file.md
View file

@ -291,3 +291,5 @@ To illustrate, it is possible to easily define multiple routers, services, and T
# ...
{{ end }}
```
{!traefik-for-business-applications.md!}

2
docs/content/providers/kubernetes-crd.md
View file

@ -344,3 +344,5 @@ providers:
## Full Example
For additional information, refer to the [full example](../user-guides/crd-acme/index.md) with Let's Encrypt.
{!traefik-for-business-applications.md!}

15
docs/content/providers/kubernetes-ingress.md
View file

@ -502,17 +502,4 @@ providers:
To learn more about the various aspects of the Ingress specification that Traefik supports,
many examples of Ingresses definitions are located in the test [examples](https://github.com/traefik/traefik/tree/v2.8/pkg/provider/kubernetes/ingress/fixtures) of the Traefik repository.
!!! question "Using Traefik for Business Applications?"
If you are using Traefik for commercial applications,
consider the [Enterprise Edition](https://traefik.io/traefik-enterprise/).
You can use it as your:
- [Kubernetes Ingress Controller](https://traefik.io/solutions/kubernetes-ingress/)
- [Load Balancer](https://traefik.io/solutions/docker-swarm-ingress/)
- [API Gateway](https://traefik.io/solutions/api-gateway/)
Traefik Enterprise enables centralized access management,
distributed Let's Encrypt,
and other advanced capabilities.
Learn more in [this 15-minute technical walkthrough](https://info.traefik.io/watch-traefikee-demo).
{!traefik-for-business-applications.md!}

2
docs/content/providers/overview.md
View file

@ -230,3 +230,5 @@ List of providers that support constraints:
- [Kubernetes CRD](./kubernetes-crd.md#labelselector)
- [Kubernetes Ingress](./kubernetes-ingress.md#labelselector)
- [Kubernetes Gateway](./kubernetes-gateway.md#labelselector)
{!traefik-for-business-applications.md!}

1
docs/content/reference/dynamic-configuration/kubernetes-crd-rbac.yml
View file

@ -26,6 +26,7 @@ rules:
- watch
- apiGroups:
- extensions
- networking.k8s.io
resources:
- ingresses/status
verbs:

15
docs/content/routing/entrypoints.md
View file

@ -968,17 +968,4 @@ entrypoints.foo.address=:8000/udp
entrypoints.foo.udp.timeout=10s
```
!!! question "Using Traefik for Business Applications?"
If you are using Traefik for commercial applications,
consider the [Enterprise Edition](https://traefik.io/traefik-enterprise/).
You can use it as your:
- [Kubernetes Ingress Controller](https://traefik.io/solutions/kubernetes-ingress/)
- [Load Balancer](https://traefik.io/solutions/docker-swarm-ingress/)
- [API Gateway](https://traefik.io/solutions/api-gateway/)
Traefik Enterprise enables centralized access management,
distributed Let's Encrypt,
and other advanced capabilities.
Learn more in [this 15-minute technical walkthrough](https://info.traefik.io/watch-traefikee-demo).
{!traefik-for-business-applications.md!}

2
docs/content/routing/overview.md
View file

@ -406,3 +406,5 @@ serversTransport:
## Static configuration
--serversTransport.forwardingTimeouts.idleConnTimeout=1s
```
{!traefik-for-business-applications.md!}

2
docs/content/routing/providers/docker.md
View file

@ -368,7 +368,7 @@ you'd add the label `traefik.http.services.<name-of-your-choice>.loadbalancer.pa
See [health check](../services/index.md#health-check) for more information.
```yaml
- "traefik.http.services.myservice.loadbalancer.healthcheck.timeout=10"
- "traefik.http.services.myservice.loadbalancer.healthcheck.timeout=10s"
```
??? info "`traefik.http.services.<service_name>.loadbalancer.healthcheck.followredirects`"

2
docs/content/routing/providers/kubernetes-crd.md
View file

@ -1782,3 +1782,5 @@ If the ServersTransport CRD is defined in another provider the cross-provider fo
## Further
Also see the [full example](../../user-guides/crd-acme/index.md) with Let's Encrypt.
{!traefik-for-business-applications.md!}

5
docs/content/routing/providers/kubernetes-ingress.md
View file

@ -47,6 +47,7 @@ which in turn will create the resulting routers, services, handlers, etc.
- watch
- apiGroups:
- extensions
- networking.k8s.io
resources:
- ingresses/status
verbs:
@ -438,6 +439,7 @@ This way, any Ingress attached to this Entrypoint will have TLS termination by d
- watch
- apiGroups:
- extensions
- networking.k8s.io
resources:
- ingresses/status
verbs:
@ -645,6 +647,7 @@ For more options, please refer to the available [annotations](#on-ingress).
- watch
- apiGroups:
- extensions
- networking.k8s.io
resources:
- ingresses/status
verbs:
@ -944,3 +947,5 @@ This will allow users to create a "default router" that will match all unmatched
to avoid this global ingress from satisfying requests that could match other ingresses.
To do this, use the `traefik.ingress.kubernetes.io/router.priority` annotation (as seen in [Annotations on Ingress](#on-ingress)) on your ingresses accordingly.
{!traefik-for-business-applications.md!}

15
docs/content/routing/routers/index.md
View file

@ -1330,17 +1330,4 @@ Services are the target for the router.
!!! important "UDP routers can only target UDP services (and not HTTP or TCP services)."
!!! question "Using Traefik for Business Applications?"
If you are using Traefik for commercial applications,
consider the [Enterprise Edition](https://traefik.io/traefik-enterprise/).
You can use it as your:
- [Kubernetes Ingress Controller](https://traefik.io/solutions/kubernetes-ingress/)
- [Load Balancer](https://traefik.io/solutions/docker-swarm-ingress/)
- [API Gateway](https://traefik.io/solutions/api-gateway/)
Traefik Enterprise enables centralized access management,
distributed Let's Encrypt,
and other advanced capabilities.
Learn more in [this 15-minute technical walkthrough](https://info.traefik.io/watch-traefikee-demo).
{!traefik-for-business-applications.md!}

15
docs/content/routing/services/index.md
View file

@ -1647,17 +1647,4 @@ udp:
address = "private-ip-server-2:8080/"
```
!!! question "Using Traefik for Business Applications?"
If you are using Traefik for commercial applications,
consider the [Enterprise Edition](https://traefik.io/traefik-enterprise/).
You can use it as your:
- [Kubernetes Ingress Controller](https://traefik.io/solutions/kubernetes-ingress/)
- [Load Balancer](https://traefik.io/solutions/docker-swarm-ingress/)
- [API Gateway](https://traefik.io/solutions/api-gateway/)
Traefik Enterprise enables centralized access management,
distributed Let's Encrypt,
and other advanced capabilities.
Learn more in [this 15-minute technical walkthrough](https://info.traefik.io/watch-traefikee-demo).
{!traefik-for-business-applications.md!}

2
docs/content/user-guides/docker-compose/basic-example/index.md
View file

@ -93,3 +93,5 @@ whoami:
# Allow request only from the predefined entry point named "web"
- "traefik.http.routers.whoami.entrypoints=web"
```
{!traefik-for-business-applications.md!}

6
docs/mkdocs.yml
View file

@ -55,9 +55,9 @@ markdown_extensions:
- pymdownx.tasklist
- pymdownx.snippets:
check_paths: true
# - markdown_include.include:
# base_path: content/includes/
# encoding: utf-8
- markdown_include.include:
base_path: content/includes/
encoding: utf-8
- toc:
permalink: true

2
go.mod
View file

@ -60,7 +60,7 @@ require (
github.com/stretchr/testify v1.8.0
github.com/stvp/go-udp-testing v0.0.0-20191102171040-06b61409b154
github.com/traefik/paerser v0.1.9
github.com/traefik/yaegi v0.14.1
github.com/traefik/yaegi v0.14.2
github.com/uber/jaeger-client-go v2.30.0+incompatible
github.com/uber/jaeger-lib v2.2.0+incompatible
github.com/unrolled/render v1.0.2

4
go.sum
View file

@ -1915,8 +1915,8 @@ github.com/tonistiigi/vt100 v0.0.0-20190402012908-ad4c4a574305 h1:y/1cL5AL2oRcfz
github.com/tonistiigi/vt100 v0.0.0-20190402012908-ad4c4a574305/go.mod h1:gXOLibKqQTRAVuVZ9gX7G9Ykky8ll8yb4slxsEMoY0c=
github.com/traefik/paerser v0.1.9 h1:x5hZafOt/yogLvr6upoSOYIAn2nh2GsnLb236MOzd4I=
github.com/traefik/paerser v0.1.9/go.mod h1:Dk3Bfz6Zyj13/S8pJyRdx/FNvXlsVRVbtp0UK4ZSiA0=
github.com/traefik/yaegi v0.14.1 h1:t0ssyzeZCWTFGd/JnVuDxH/slMQfYg+2CDD4dLW/rU0=
github.com/traefik/yaegi v0.14.1/go.mod h1:AVRxhaI2G+nUsaM1zyktzwXn69G3t/AuTDrCiTds9p0=
github.com/traefik/yaegi v0.14.2 h1:9t9xepIfar6BrYdwJHGc+XRKo6qFoJCl6Z46N3hUtUw=
github.com/traefik/yaegi v0.14.2/go.mod h1:AVRxhaI2G+nUsaM1zyktzwXn69G3t/AuTDrCiTds9p0=
github.com/transip/gotransip/v6 v6.6.1 h1:nsCU1ErZS5G0FeOpgGXc4FsWvBff9GPswSMggsC4564=
github.com/transip/gotransip/v6 v6.6.1/go.mod h1:pQZ36hWWRahCUXkFWlx9Hs711gLd8J4qdgLdRzmtY+g=
github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926 h1:G3dpKMzFDjgEh2q1Z7zUUtKa8ViPtH+ocF0bE0g00O8=

5
pkg/api/handler_http.go
View file

@ -11,6 +11,7 @@ import (
"github.com/gorilla/mux"
"github.com/traefik/traefik/v2/pkg/config/runtime"
"github.com/traefik/traefik/v2/pkg/log"
"github.com/traefik/traefik/v2/pkg/tls"
)
type routerRepresentation struct {
@ -20,6 +21,10 @@ type routerRepresentation struct {
}
func newRouterRepresentation(name string, rt *runtime.RouterInfo) routerRepresentation {
if rt.TLS != nil && rt.TLS.Options == "" {
rt.TLS.Options = tls.DefaultTLSConfigName
}
return routerRepresentation{
RouterInfo: rt,
Name: name,

47
pkg/api/handler_http_test.go
View file

@ -223,6 +223,52 @@ func TestHandler_HTTP(t *testing.T) {
jsonFile: "testdata/router-bar.json",
},
},
{
desc: "one router by id, implicitly using default TLS options",
path: "/api/http/routers/baz@myprovider",
conf: runtime.Configuration{
Routers: map[string]*runtime.RouterInfo{
"baz@myprovider": {
Router: &dynamic.Router{
EntryPoints: []string{"web"},
Service: "foo-service@myprovider",
Rule: "Host(`foo.baz`)",
Middlewares: []string{"auth", "addPrefixTest@anotherprovider"},
TLS: &dynamic.RouterTLSConfig{},
},
Status: "enabled",
},
},
},
expected: expected{
statusCode: http.StatusOK,
jsonFile: "testdata/router-baz-default-tls-options.json",
},
},
{
desc: "one router by id, using specific TLS options",
path: "/api/http/routers/baz@myprovider",
conf: runtime.Configuration{
Routers: map[string]*runtime.RouterInfo{
"baz@myprovider": {
Router: &dynamic.Router{
EntryPoints: []string{"web"},
Service: "foo-service@myprovider",
Rule: "Host(`foo.baz`)",
Middlewares: []string{"auth", "addPrefixTest@anotherprovider"},
TLS: &dynamic.RouterTLSConfig{
Options: "myTLS",
},
},
Status: "enabled",
},
},
},
expected: expected{
statusCode: http.StatusOK,
jsonFile: "testdata/router-baz-custom-tls-options.json",
},
},
{
desc: "one router by id, that does not exist",
path: "/api/http/routers/foo@myprovider",
@ -811,6 +857,7 @@ func TestHandler_HTTP(t *testing.T) {
// To lazily initialize the Statuses.
rtConf.PopulateUsedBy()
rtConf.GetRoutersByEntryPoints(context.Background(), []string{"web"}, false)
rtConf.GetRoutersByEntryPoints(context.Background(), []string{"web"}, true)
handler := New(static.Configuration{API: &static.API{}, Global: &static.Global{}}, rtConf)
server := httptest.NewServer(handler.createRouter())

20
pkg/api/testdata/router-baz-custom-tls-options.json vendored Normal file
View file

@ -0,0 +1,20 @@
{
"entryPoints": [
"web"
],
"middlewares": [
"auth",
"addPrefixTest@anotherprovider"
],
"name": "baz@myprovider",
"provider": "myprovider",
"rule": "Host(`foo.baz`)",
"service": "foo-service@myprovider",
"tls": {
"options": "myTLS"
},
"status": "enabled",
"using": [
"web"
]
}

20
pkg/api/testdata/router-baz-default-tls-options.json vendored Normal file
View file

@ -0,0 +1,20 @@
{
"entryPoints": [
"web"
],
"middlewares": [
"auth",
"addPrefixTest@anotherprovider"
],
"name": "baz@myprovider",
"provider": "myprovider",
"rule": "Host(`foo.baz`)",
"service": "foo-service@myprovider",
"tls": {
"options": "default"
},
"status": "enabled",
"using": [
"web"
]
}

5
pkg/middlewares/requestdecorator/request_decorator.go
View file

@ -49,11 +49,16 @@ func (r *RequestDecorator) ServeHTTP(rw http.ResponseWriter, req *http.Request,
func parseHost(addr string) string {
if !strings.Contains(addr, ":") {
// IPv4 without port or empty address
return addr
}
// IPv4 with port or IPv6
host, _, err := net.SplitHostPort(addr)
if err != nil {
if addr[0] == '[' && addr[len(addr)-1] == ']' {
return addr[1 : len(addr)-1]
}
return addr
}
return host

42
pkg/middlewares/requestdecorator/request_decorator_test.go
View file

@ -104,7 +104,7 @@ func TestRequestFlattening(t *testing.T) {
}
}
func TestRequestHostParseHost(t *testing.T) {
func Test_parseHost(t *testing.T) {
testCases := []struct {
desc string
host string
@ -130,6 +130,46 @@ func TestRequestHostParseHost(t *testing.T) {
host: "127.0.0.1:",
expected: "127.0.0.1",
},
{
desc: "host with : and without port",
host: "fe80::215:5dff:fe20:cd6a",
expected: "fe80::215:5dff:fe20:cd6a",
},
{
desc: "IPv6 host with : and with port",
host: "[fe80::215:5dff:fe20:cd6a]:123",
expected: "fe80::215:5dff:fe20:cd6a",
},
{
desc: "IPv6 host with : and without port",
host: "[fe80::215:5dff:fe20:cd6a]:",
expected: "fe80::215:5dff:fe20:cd6a",
},
{
desc: "IPv6 host without : and without port",
host: "[fe80::215:5dff:fe20:cd6a]",
expected: "fe80::215:5dff:fe20:cd6a",
},
{
desc: "invalid IPv6: missing [",
host: "fe80::215:5dff:fe20:cd6a]",
expected: "fe80::215:5dff:fe20:cd6a]",
},
{
desc: "invalid IPv6: missing ]",
host: "[fe80::215:5dff:fe20:cd6a",
expected: "[fe80::215:5dff:fe20:cd6a",
},
{
desc: "empty address",
host: "",
expected: "",
},
{
desc: "only :",
host: ":",
expected: "",
},
}
for _, test := range testCases {

17
pkg/plugins/client.go
View file

@ -164,7 +164,12 @@ func (c *Client) Download(ctx context.Context, pName, pVersion string) (string,
defer func() { _ = resp.Body.Close() }()
if resp.StatusCode == http.StatusOK {
switch resp.StatusCode {
case http.StatusNotModified:
// noop
return hash, nil
case http.StatusOK:
err = os.MkdirAll(filepath.Dir(filename), 0o755)
if err != nil {
return "", fmt.Errorf("failed to create directory: %w", err)
@ -189,15 +194,11 @@ func (c *Client) Download(ctx context.Context, pName, pVersion string) (string,
}
return hash, nil
}
if resp.StatusCode == http.StatusNotModified {
// noop
return hash, nil
default:
data, _ := io.ReadAll(resp.Body)
return "", fmt.Errorf("error: %d: %s", resp.StatusCode, string(data))
}
data, _ := io.ReadAll(resp.Body)
return "", fmt.Errorf("error: %d: %s", resp.StatusCode, string(data))
}
// Check checks the plugin archive integrity.

3
pkg/server/middleware/middlewares.go
View file

@ -5,6 +5,7 @@ import (
"errors"
"fmt"
"net/http"
"reflect"
"strings"
"github.com/containous/alice"
@ -340,7 +341,7 @@ func (b *Builder) buildConstructor(ctx context.Context, middlewareName string) (
}
// Plugin
if config.Plugin != nil {
if config.Plugin != nil && !reflect.ValueOf(b.pluginBuilder).IsNil() { // Using "reflect" because "b.pluginBuilder" is an interface.
if middleware != nil {
return nil, badConf
}

6
script/gcg/traefik-bugfix.toml
View file

@ -4,11 +4,11 @@ RepositoryName = "traefik"
OutputType = "file"
FileName = "traefik_changelog.md"
# example new bugfix v2.8.3
# example new bugfix v2.8.5
CurrentRef = "v2.8"
PreviousRef = "v2.8.2"
PreviousRef = "v2.8.4"
BaseBranch = "v2.8"
FutureCurrentRefName = "v2.8.3"
FutureCurrentRefName = "v2.8.5"
ThresholdPreviousRef = 10
ThresholdCurrentRef = 10