From 16d7b89cb19ef5887e53da1d2ffc71665f42774f Mon Sep 17 00:00:00 2001 From: Tom Moulard Date: Thu, 24 Mar 2022 21:40:08 +0100 Subject: [PATCH 01/25] Fixing dependency to build doc --- docs/requirements.txt | 1 + 1 file changed, 1 insertion(+) diff --git a/docs/requirements.txt b/docs/requirements.txt index c9c00839c..25c7ff97f 100644 --- a/docs/requirements.txt +++ b/docs/requirements.txt @@ -4,3 +4,4 @@ mkdocs-bootswatch==1.0 mkdocs-traefiklabs>=100.0.7 markdown-include==0.5.1 mkdocs-exclude==1.0.2 +Jinja2==3.0.0 From c0b0f3f0f7b2977317c7b33a2c0213b1d0047cd0 Mon Sep 17 00:00:00 2001 From: Jean-Baptiste Doumenjou <925513+jbdoumenjou@users.noreply.github.com> Date: Fri, 25 Mar 2022 15:42:08 +0100 Subject: [PATCH 02/25] Fix hub tls documentation --- docs/content/traefik-hub/index.md | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/docs/content/traefik-hub/index.md b/docs/content/traefik-hub/index.md index a784f2c0b..d6fa92dfe 100644 --- a/docs/content/traefik-hub/index.md +++ b/docs/content/traefik-hub/index.md @@ -194,7 +194,7 @@ The TLS certificate for Traefik Proxy as a TLS client. ```yaml tab="File (YAML)" hub: tls: - ca: |- + cert: |- -----BEGIN CERTIFICATE----- MIIBcjCCARegAwIBAgIQaewCzGdRz5iNnjAiEoO5AzAKBggqhkjOPQQDAjASMRAw DgYDVQQKEwdBY21lIENvMCAXDTIyMDMyMTE2MTY0NFoYDzIxMjIwMjI1MTYxNjQ0 @@ -281,14 +281,15 @@ The `insecure` option is mutually exclusive with any other option. ```yaml tab="File (YAML)" hub: - insecure: true + tls: + insecure: true ``` ```toml tab="File (TOML)" -[hub] +[hub.tls] insecure = true ``` ```bash tab="CLI" ---hub.insecure=true +--hub.tls.insecure=true ``` From b6bfa905db9ba329b2e766c3aaafc1da232e4a45 Mon Sep 17 00:00:00 2001 From: Ludovic Fernandez Date: Mon, 28 Mar 2022 15:24:08 +0200 Subject: [PATCH 03/25] Fix slice parsing for plugins --- pkg/plugins/middlewares.go | 2 +- pkg/plugins/plugins.go | 24 +++++++++++++++ pkg/plugins/plugins_test.go | 60 +++++++++++++++++++++++++++++++++++++ pkg/plugins/providers.go | 2 +- 4 files changed, 86 insertions(+), 2 deletions(-) create mode 100644 pkg/plugins/plugins_test.go diff --git a/pkg/plugins/middlewares.go b/pkg/plugins/middlewares.go index 09edbc954..8e476cce3 100644 --- a/pkg/plugins/middlewares.go +++ b/pkg/plugins/middlewares.go @@ -86,7 +86,7 @@ func (p middlewareBuilder) createConfig(config map[string]interface{}) (reflect. vConfig := results[0] cfg := &mapstructure.DecoderConfig{ - DecodeHook: mapstructure.StringToSliceHookFunc(","), + DecodeHook: stringToSliceHookFunc, WeaklyTypedInput: true, Result: vConfig.Interface(), } diff --git a/pkg/plugins/plugins.go b/pkg/plugins/plugins.go index fdfb9fbce..63b513ae8 100644 --- a/pkg/plugins/plugins.go +++ b/pkg/plugins/plugins.go @@ -4,6 +4,7 @@ import ( "context" "errors" "fmt" + "reflect" "strings" "github.com/hashicorp/go-multierror" @@ -166,3 +167,26 @@ func checkLocalPluginManifest(descriptor LocalDescriptor) error { return errs.ErrorOrNil() } + +func stringToSliceHookFunc(f reflect.Kind, t reflect.Kind, data interface{}) (interface{}, error) { + if f != reflect.String || t != reflect.Slice { + return data, nil + } + + raw := data.(string) + if raw == "" { + return []string{}, nil + } + + if strings.Contains(raw, "║") { + values := strings.Split(raw, "║") + // Removes the first value if the slice has a length of 2 and a first value empty. + // It's a workaround to escape the parsing on `,`. + if len(values) == 2 && values[0] == "" { + return values[1:], nil + } + return values, nil + } + + return strings.Split(raw, ","), nil +} diff --git a/pkg/plugins/plugins_test.go b/pkg/plugins/plugins_test.go new file mode 100644 index 000000000..57d3d3235 --- /dev/null +++ b/pkg/plugins/plugins_test.go @@ -0,0 +1,60 @@ +package plugins + +import ( + "reflect" + "testing" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" +) + +func Test_stringToSliceHookFunc(t *testing.T) { + testCases := []struct { + desc string + data string + expected []string + }{ + { + desc: "without separator", + data: "abc", + expected: []string{"abc"}, + }, + { + desc: "with the file separator", + data: "a║b║c", + expected: []string{"a", "b", "c"}, + }, + { + desc: "with the label separator", + data: "a,b,c", + expected: []string{"a", "b", "c"}, + }, + { + desc: "with the file separator and values with commas", + data: "a,z║b,w║c,x,y", + expected: []string{"a,z", "b,w", "c,x,y"}, + }, + { + desc: "escaping workaround", + data: "║a,z", + expected: []string{"a,z"}, + }, + { + desc: "with the file separator and empty item", + data: "║a║z", + expected: []string{"", "a", "z"}, + }, + } + + for _, test := range testCases { + test := test + t.Run(test.desc, func(t *testing.T) { + t.Parallel() + + values, err := stringToSliceHookFunc(reflect.String, reflect.Slice, test.data) + require.NoError(t, err) + + assert.EqualValues(t, test.expected, values) + }) + } +} diff --git a/pkg/plugins/providers.go b/pkg/plugins/providers.go index abec8d1b8..ac9aa296f 100644 --- a/pkg/plugins/providers.go +++ b/pkg/plugins/providers.go @@ -93,7 +93,7 @@ func newProvider(builder providerBuilder, config map[string]interface{}, provide } cfg := &mapstructure.DecoderConfig{ - DecodeHook: mapstructure.StringToSliceHookFunc(","), + DecodeHook: stringToSliceHookFunc, WeaklyTypedInput: true, Result: vConfig.Interface(), } From 81f88dd9985d5342555f656299a08c3c7fcf4b4c Mon Sep 17 00:00:00 2001 From: Tom Moulard Date: Mon, 28 Mar 2022 16:22:10 +0200 Subject: [PATCH 04/25] Freeze python dependencies --- docs/requirements.txt | 46 +++++++++++++++++++++++++++++++++++++++---- 1 file changed, 42 insertions(+), 4 deletions(-) diff --git a/docs/requirements.txt b/docs/requirements.txt index 25c7ff97f..3c638f98c 100644 --- a/docs/requirements.txt +++ b/docs/requirements.txt @@ -1,7 +1,45 @@ mkdocs==1.2.2 -pymdown-extensions==7.0 -mkdocs-bootswatch==1.0 mkdocs-traefiklabs>=100.0.7 -markdown-include==0.5.1 -mkdocs-exclude==1.0.2 + +appdirs==1.4.4 +CacheControl==0.12.6 +certifi==2020.12.5 +chardet==4.0.0 +click==8.0.4 +colorama==0.4.4 +contextlib2==0.6.0 +distlib==0.3.1 +distro==1.5.0 +ghp-import==2.0.2 +html5lib==1.1 +idna==3.2 +importlib-metadata==4.11.3 Jinja2==3.0.0 +lockfile==0.12.2 +Markdown==3.3.6 +markdown-include==0.5.1 +MarkupSafe==2.1.1 +mergedeep==1.3.4 +mkdocs-bootswatch==1.0 +mkdocs-exclude==1.0.2 +mkdocs-material-extensions==1.0.3 +msgpack==1.0.2 +ordered-set==4.0.2 +packaging==20.9 +pep517==0.10.0 +progress==1.5 +Pygments==2.11.2 +pymdown-extensions==7.0 +pyparsing==2.4.7 +python-dateutil==2.8.2 +PyYAML==6.0 +pyyaml-env-tag==0.1 +requests==2.25.1 +retrying==1.3.3 +six==1.15.0 +toml==0.10.2 +urllib3==1.26.5 +watchdog==2.1.7 +webencodings==0.5.1 +zipp==3.7.0 + From e3adf93a7413684cfe4ab457b765fc10ce1b2bb2 Mon Sep 17 00:00:00 2001 From: Michael Date: Mon, 28 Mar 2022 17:36:07 +0200 Subject: [PATCH 05/25] fix: CI release --- .goreleaser.yml | 3 ++- .semaphore/semaphore.yml | 2 ++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/.goreleaser.yml b/.goreleaser.yml index 77186c309..b46259a56 100644 --- a/.goreleaser.yml +++ b/.goreleaser.yml @@ -12,7 +12,8 @@ builds: - CGO_ENABLED=0 ldflags: - -s -w -X github.com/traefik/traefik/v2/pkg/version.Version={{.Version}} -X github.com/traefik/traefik/v2/pkg/version.Codename={{.Env.CODENAME}} -X github.com/traefik/traefik/v2/pkg/version.BuildDate={{.Date}} - + flags: + - -trimpath goos: - linux - darwin diff --git a/.semaphore/semaphore.yml b/.semaphore/semaphore.yml index 65e89b9b2..593d162b9 100644 --- a/.semaphore/semaphore.yml +++ b/.semaphore/semaphore.yml @@ -73,6 +73,8 @@ blocks: - curl -sSL -o /tmp/gh_${GH_VERSION}_linux_amd64.tar.gz https://github.com/cli/cli/releases/download/v${GH_VERSION}/gh_${GH_VERSION}_linux_amd64.tar.gz - tar -zxvf /tmp/gh_${GH_VERSION}_linux_amd64.tar.gz -C /tmp - sudo mv /tmp/gh_${GH_VERSION}_linux_amd64/bin/gh /usr/local/bin/gh + - sudo rm -rf ~/.phpbrew ~/.kerl ~/.sbt ~/.nvm ~/.npm ~/.kiex /usr/lib/jvm /opt/az /opt/firefox # Remove unnecessary data. + - sudo service docker stop && sudo umount /var/lib/docker && sudo service docker start # Unmounts the docker disk and the whole system disk is usable. jobs: - name: Release commands: From 0f29e893f4b0f9b64634910e47abcf0caf92ea29 Mon Sep 17 00:00:00 2001 From: Romain Date: Mon, 28 Mar 2022 18:18:08 +0200 Subject: [PATCH 06/25] Return TLS unrecognized_name error when no certificate is available --- pkg/tls/tlsmanager.go | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/pkg/tls/tlsmanager.go b/pkg/tls/tlsmanager.go index 35ba50fac..50e809e8a 100644 --- a/pkg/tls/tlsmanager.go +++ b/pkg/tls/tlsmanager.go @@ -143,7 +143,18 @@ func (m *Manager) Get(storeName, configName string) (*tls.Config, error) { if isACMETLS(clientHello) { certificate := acmeTLSStore.GetBestCertificate(clientHello) if certificate == nil { - return nil, fmt.Errorf("no certificate for TLSALPN challenge: %s", domainToCheck) + log.WithoutContext().Debugf("TLS: no certificate for TLSALPN challenge: %s", domainToCheck) + // We want the user to eventually get the (alertUnrecognizedName) "unrecognized + // name" error. + // Unfortunately, if we returned an error here, since we can't use + // the unexported error (errNoCertificates) that our caller (config.getCertificate + // in crypto/tls) uses as a sentinel, it would report an (alertInternalError) + // "internal error" instead of an alertUnrecognizedName. + // Which is why we return no error, and we let the caller detect that there's + // actually no certificate, and fall back into the flow that will report + // the desired error. + // https://cs.opensource.google/go/go/+/dev.boringcrypto.go1.17:src/crypto/tls/common.go;l=1058 + return nil, nil } return certificate, nil @@ -155,7 +166,9 @@ func (m *Manager) Get(storeName, configName string) (*tls.Config, error) { } if sniStrict { - return nil, fmt.Errorf("strict SNI enabled - No certificate found for domain: %q, closing connection", domainToCheck) + log.WithoutContext().Debugf("TLS: strict SNI enabled - No certificate found for domain: %q, closing connection", domainToCheck) + // Same comment as above, as in the isACMETLS case. + return nil, nil } log.WithoutContext().Debugf("Serving default certificate for request: %q", domainToCheck) From 4b755dc58df61e9ca0ce23794a1cc6f4df464a68 Mon Sep 17 00:00:00 2001 From: Tom Moulard Date: Tue, 29 Mar 2022 15:00:09 +0200 Subject: [PATCH 07/25] Prepare release v2.6.3 --- CHANGELOG.md | 7 +++++++ script/gcg/traefik-bugfix.toml | 6 +++--- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b2ef6b140..2f16af8e1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,10 @@ +## [v2.6.3](https://github.com/traefik/traefik/tree/v2.6.3) (2022-03-28) +[All Commits](https://github.com/traefik/traefik/compare/v2.6.2...v2.6.3) + +**Bug fixes:** +- **[plugins]** Fix slice parsing for plugins ([#8886](https://github.com/traefik/traefik/pull/8886) by [ldez](https://github.com/ldez)) +- **[tls]** Return TLS unrecognized_name error when no certificate is available ([#8893](https://github.com/traefik/traefik/pull/8893) by [rtribotte](https://github.com/rtribotte)) + ## [v2.6.2](https://github.com/traefik/traefik/tree/v2.6.2) (2022-03-24) [All Commits](https://github.com/traefik/traefik/compare/v2.6.1...v2.6.2) diff --git a/script/gcg/traefik-bugfix.toml b/script/gcg/traefik-bugfix.toml index 299bc5f31..7ce934ea3 100644 --- a/script/gcg/traefik-bugfix.toml +++ b/script/gcg/traefik-bugfix.toml @@ -4,11 +4,11 @@ RepositoryName = "traefik" OutputType = "file" FileName = "traefik_changelog.md" -# example new bugfix v2.6.2 +# example new bugfix v2.6.3 CurrentRef = "v2.6" -PreviousRef = "v2.6.1" +PreviousRef = "v2.6.2" BaseBranch = "v2.6" -FutureCurrentRefName = "v2.6.2" +FutureCurrentRefName = "v2.6.3" ThresholdPreviousRef = 10 ThresholdCurrentRef = 10 From a49b537d9c3ddc96fb06394d7f351ed68ee13c74 Mon Sep 17 00:00:00 2001 From: Romain Date: Tue, 29 Mar 2022 17:00:09 +0200 Subject: [PATCH 08/25] Prepare release v2.7.0-rc2 --- CHANGELOG.md | 9 +++++++++ script/gcg/traefik-rc-new.toml | 10 +++++----- 2 files changed, 14 insertions(+), 5 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index df7f3e20b..d702c450f 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,12 @@ +## [v2.7.0-rc2](https://github.com/traefik/traefik/tree/v2.7.0-rc2) (2022-03-29) +[All Commits](https://github.com/traefik/traefik/compare/v2.7.0-rc1...v2.7.0-rc2) + +**Documentation:** +- **[hub]** Fix Traefik Hub TLS documentation ([#8883](https://github.com/traefik/traefik/pull/8883) by [jbdoumenjou](https://github.com/jbdoumenjou)) + +**Misc:** +- Merge current v2.6 into v2.7 ([#8899](https://github.com/traefik/traefik/pull/8899) by [rtribotte](https://github.com/rtribotte)) + ## [v2.6.3](https://github.com/traefik/traefik/tree/v2.6.3) (2022-03-28) [All Commits](https://github.com/traefik/traefik/compare/v2.6.2...v2.6.3) diff --git a/script/gcg/traefik-rc-new.toml b/script/gcg/traefik-rc-new.toml index 5c30da9c1..d2461a9d2 100644 --- a/script/gcg/traefik-rc-new.toml +++ b/script/gcg/traefik-rc-new.toml @@ -4,11 +4,11 @@ RepositoryName = "traefik" OutputType = "file" FileName = "traefik_changelog.md" -# example RC3 of v2.6.0 -CurrentRef = "v2.6" -PreviousRef = "v2.6.0-rc2" -BaseBranch = "v2.6" -FutureCurrentRefName = "v2.6.0-rc3" +# example RC2 of v2.7.0 +CurrentRef = "v2.7" +PreviousRef = "v2.7.0-rc1" +BaseBranch = "v2.7" +FutureCurrentRefName = "v2.7.0-rc2" ThresholdPreviousRef = 10 ThresholdCurrentRef = 10 From b22945e185d362e14058c8f33b7ac9fa74501016 Mon Sep 17 00:00:00 2001 From: Romain Date: Tue, 5 Apr 2022 15:54:07 +0200 Subject: [PATCH 09/25] Remove duplicate error logs --- pkg/provider/ecs/ecs.go | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/pkg/provider/ecs/ecs.go b/pkg/provider/ecs/ecs.go index 907a6a88a..13dafd8d8 100644 --- a/pkg/provider/ecs/ecs.go +++ b/pkg/provider/ecs/ecs.go @@ -263,8 +263,7 @@ func (p *Provider) listInstances(ctx context.Context, client *awsClient) ([]ecsI return !lastPage }) if err != nil { - logger.Error("Unable to list tasks") - return nil, err + return nil, fmt.Errorf("listing tasks: %w", err) } // Skip to the next cluster if there are no tasks found on @@ -370,7 +369,6 @@ func (p *Provider) listInstances(ctx context.Context, client *awsClient) ([]ecsI } func (p *Provider) lookupEc2Instances(ctx context.Context, client *awsClient, clusterName *string, ecsDatas map[string]*ecs.Task) (map[string]*ec2.Instance, error) { - logger := log.FromContext(ctx) instanceIds := make(map[string]string) ec2Instances := make(map[string]*ec2.Instance) @@ -389,8 +387,7 @@ func (p *Provider) lookupEc2Instances(ctx context.Context, client *awsClient, cl Cluster: clusterName, }) if err != nil { - logger.Errorf("Unable to describe container instances: %v", err) - return nil, err + return nil, fmt.Errorf("describing container instances: %w", err) } for _, container := range resp.ContainerInstances { @@ -418,8 +415,7 @@ func (p *Provider) lookupEc2Instances(ctx context.Context, client *awsClient, cl return !lastPage }) if err != nil { - logger.Errorf("Unable to describe instances: %v", err) - return nil, err + return nil, fmt.Errorf("describing instances: %w", err) } } } @@ -440,8 +436,7 @@ func (p *Provider) lookupTaskDefinitions(ctx context.Context, client *awsClient, TaskDefinition: task.TaskDefinitionArn, }) if err != nil { - logger.Errorf("Unable to describe task definition: %v", err) - return nil, err + return nil, fmt.Errorf("describing task definition: %w", err) } taskDef[arn] = resp.TaskDefinition From c9daf163889bb3f62042eabb4431be26b655fca1 Mon Sep 17 00:00:00 2001 From: Tom Moulard Date: Tue, 5 Apr 2022 17:18:07 +0200 Subject: [PATCH 10/25] Add .PHONY to Makefile targets --- Makefile | 58 ++++++++++++++++++++++++++++++++++++++++++++------------ 1 file changed, 46 insertions(+), 12 deletions(-) diff --git a/Makefile b/Makefile index da11074fe..55704b501 100644 --- a/Makefile +++ b/Makefile @@ -1,5 +1,3 @@ -.PHONY: all docs docs-serve - SRCS = $(shell git ls-files '*.go' | grep -v '^vendor/') TAG_NAME := $(shell git tag -l --contains HEAD) @@ -38,25 +36,34 @@ IN_DOCKER ?= true PLATFORM_URL := $(if $(PLATFORM_URL),$(PLATFORM_URL),"https://pilot.traefik.io") +.PHONY: default default: binary -## Build Dev Docker image -build-dev-image: dist - $(if $(IN_DOCKER),docker build $(DOCKER_BUILD_ARGS) -t "$(TRAEFIK_DEV_IMAGE)" -f build.Dockerfile .,) - -## Build Dev Docker image without cache -build-dev-image-no-cache: dist - docker build --no-cache -t "$(TRAEFIK_DEV_IMAGE)" -f build.Dockerfile . - ## Create the "dist" directory dist: mkdir -p dist +## Build Dev Docker image +.PHONY: build-dev-image +build-dev-image: dist +ifneq ("$(IN_DOCKER)", "") + docker build $(DOCKER_BUILD_ARGS) -t "$(TRAEFIK_DEV_IMAGE)" -f build.Dockerfile . +endif + +## Build Dev Docker image without cache +.PHONY: build-dev-image-no-cache +build-dev-image-no-cache: dist +ifneq ("$(IN_DOCKER)", "") + docker build $(DOCKER_BUILD_ARGS) --no-cache -t "$(TRAEFIK_DEV_IMAGE)" -f build.Dockerfile . +endif + ## Build WebUI Docker image +.PHONY: build-webui-image build-webui-image: docker build -t traefik-webui --build-arg ARG_PLATFORM_URL=$(PLATFORM_URL) -f webui/Dockerfile webui ## Clean WebUI static generated assets +.PHONY: clean-webui clean-webui: rm -r webui/static mkdir -p webui/static @@ -68,94 +75,119 @@ webui/static/index.html: docker run --rm -v "$$PWD/webui/static":'/src/webui/static' traefik-webui npm run build:nc docker run --rm -v "$$PWD/webui/static":'/src/webui/static' traefik-webui chown -R $(shell id -u):$(shell id -g) ./static +.PHONY: generate-webui generate-webui: webui/static/index.html ## Build the binary +.PHONY: binary binary: generate-webui build-dev-image $(if $(IN_DOCKER),$(DOCKER_RUN_TRAEFIK)) ./script/make.sh generate binary ## Build the linux binary locally +.PHONY: binary-debug binary-debug: generate-webui GOOS=linux ./script/make.sh binary ## Build the binary for the standard platforms (linux, darwin, windows) +.PHONY: crossbinary-default crossbinary-default: generate-webui build-dev-image $(DOCKER_RUN_TRAEFIK_NOTTY) ./script/make.sh generate crossbinary-default ## Build the binary for the standard platforms (linux, darwin, windows) in parallel +.PHONY: crossbinary-default-parallel crossbinary-default-parallel: $(MAKE) generate-webui $(MAKE) build-dev-image crossbinary-default ## Run the unit and integration tests +.PHONY: test test: build-dev-image -docker network create traefik-test-network --driver bridge --subnet 172.31.42.0/24 trap 'docker network rm traefik-test-network' EXIT; \ $(if $(IN_DOCKER),$(DOCKER_RUN_TRAEFIK_TEST),) ./script/make.sh generate test-unit binary test-integration ## Run the unit tests +.PHONY: test-unit test-unit: build-dev-image -docker network create traefik-test-network --driver bridge --subnet 172.31.42.0/24 trap 'docker network rm traefik-test-network' EXIT; \ $(if $(IN_DOCKER),$(DOCKER_RUN_TRAEFIK_TEST)) ./script/make.sh generate test-unit ## Run the integration tests +.PHONY: test-integration test-integration: build-dev-image -docker network create traefik-test-network --driver bridge --subnet 172.31.42.0/24 trap 'docker network rm traefik-test-network' EXIT; \ $(if $(IN_DOCKER),$(DOCKER_RUN_TRAEFIK_TEST),) ./script/make.sh generate binary test-integration ## Pull all images for integration tests +.PHONY: pull-images pull-images: - grep --no-filename -E '^\s+image:' ./integration/resources/compose/*.yml | awk '{print $$2}' | sort | uniq | xargs -P 6 -n 1 docker pull + grep --no-filename -E '^\s+image:' ./integration/resources/compose/*.yml \ + | awk '{print $$2}' \ + | sort \ + | uniq \ + | xargs -P 6 -n 1 docker pull ## Validate code and docs +.PHONY: validate-files validate-files: build-dev-image $(if $(IN_DOCKER),$(DOCKER_RUN_TRAEFIK)) ./script/make.sh generate validate-lint validate-misspell bash $(CURDIR)/script/validate-shell-script.sh ## Validate code, docs, and vendor +.PHONY: validate validate: build-dev-image $(if $(IN_DOCKER),$(DOCKER_RUN_TRAEFIK)) ./script/make.sh generate validate-lint validate-misspell validate-vendor bash $(CURDIR)/script/validate-shell-script.sh ## Clean up static directory and build a Docker Traefik image +.PHONY: build-image build-image: clean-webui binary docker build -t $(TRAEFIK_IMAGE) . -## Build a Docker Traefik image +## Build a Docker Traefik image without re-building the webui +.PHONY: build-image-dirty build-image-dirty: binary docker build -t $(TRAEFIK_IMAGE) . ## Locally build traefik for linux, then shove it an alpine image, with basic tools. +.PHONY: build-image-debug build-image-debug: binary-debug docker build -t $(TRAEFIK_IMAGE) -f debug.Dockerfile . ## Start a shell inside the build env +.PHONY: shell shell: build-dev-image $(DOCKER_RUN_TRAEFIK) /bin/bash ## Build documentation site +.PHONY: docs docs: make -C ./docs docs ## Serve the documentation site locally +.PHONY: docs-serve docs-serve: make -C ./docs docs-serve ## Pull image for doc building +.PHONY: docs-pull-images docs-pull-images: make -C ./docs docs-pull-images ## Generate CRD clientset and CRD manifests +.PHONY: generate-crd generate-crd: @$(CURDIR)/script/code-gen.sh ## Generate code from dynamic configuration https://github.com/traefik/genconf +.PHONY: generate-genconf generate-genconf: go run ./cmd/internal/gen/ ## Create packages for the release +.PHONY: release-packages release-packages: generate-webui build-dev-image rm -rf dist $(if $(IN_DOCKER),$(DOCKER_RUN_TRAEFIK_NOTTY)) goreleaser release --skip-publish --timeout="90m" @@ -169,9 +201,11 @@ release-packages: generate-webui build-dev-image $(if $(IN_DOCKER),$(DOCKER_RUN_TRAEFIK_NOTTY)) chown -R $(shell id -u):$(shell id -g) dist/ ## Format the Code +.PHONY: fmt fmt: gofmt -s -l -w $(SRCS) +.PHONY: run-dev run-dev: go generate GO111MODULE=on go build ./cmd/traefik From 0e532a3634a15e516134da723e4a945d1343d6e0 Mon Sep 17 00:00:00 2001 From: Ludovic Fernandez Date: Wed, 6 Apr 2022 11:06:08 +0200 Subject: [PATCH 11/25] Update dynamic and static configuration references --- .../dynamic-configuration/docker-labels.yml | 8 +- .../reference/dynamic-configuration/file.toml | 18 +- .../reference/dynamic-configuration/file.yaml | 320 +++++++++--------- .../reference/dynamic-configuration/kv-ref.md | 14 +- .../marathon-labels.json | 11 +- .../reference/static-configuration/file.toml | 74 ++-- .../reference/static-configuration/file.yaml | 152 +++++---- pkg/config/dynamic/tcp_middlewares.go | 2 +- 8 files changed, 320 insertions(+), 279 deletions(-) diff --git a/docs/content/reference/dynamic-configuration/docker-labels.yml b/docs/content/reference/dynamic-configuration/docker-labels.yml index ee2f33122..1bbfb0eee 100644 --- a/docs/content/reference/dynamic-configuration/docker-labels.yml +++ b/docs/content/reference/dynamic-configuration/docker-labels.yml @@ -56,6 +56,7 @@ - "traefik.http.middlewares.middleware10.headers.framedeny=true" - "traefik.http.middlewares.middleware10.headers.hostsproxyheaders=foobar, foobar" - "traefik.http.middlewares.middleware10.headers.isdevelopment=true" +- "traefik.http.middlewares.middleware10.headers.permissionspolicy=foobar" - "traefik.http.middlewares.middleware10.headers.publickey=foobar" - "traefik.http.middlewares.middleware10.headers.referrerpolicy=foobar" - "traefik.http.middlewares.middleware10.headers.sslforcehost=true" @@ -153,6 +154,7 @@ - "traefik.http.services.service01.loadbalancer.healthcheck.followredirects=true" - "traefik.http.services.service01.loadbalancer.passhostheader=true" - "traefik.http.services.service01.loadbalancer.responseforwarding.flushinterval=foobar" +- "traefik.http.services.service01.loadbalancer.serverstransport=foobar" - "traefik.http.services.service01.loadbalancer.sticky.cookie=true" - "traefik.http.services.service01.loadbalancer.sticky.cookie.httponly=true" - "traefik.http.services.service01.loadbalancer.sticky.cookie.name=foobar" @@ -160,8 +162,8 @@ - "traefik.http.services.service01.loadbalancer.sticky.cookie.secure=true" - "traefik.http.services.service01.loadbalancer.server.port=foobar" - "traefik.http.services.service01.loadbalancer.server.scheme=foobar" -- "traefik.http.services.service01.loadbalancer.serverstransport=foobar" -- "traefik.tcp.middlewares.middleware00.ipwhitelist.sourcerange=foobar, foobar" +- "traefik.tcp.middlewares.tcpmiddleware00.ipwhitelist.sourcerange=foobar, foobar" +- "traefik.tcp.middlewares.tcpmiddleware01.inflightconn.amount=42" - "traefik.tcp.routers.tcprouter0.entrypoints=foobar, foobar" - "traefik.tcp.routers.tcprouter0.middlewares=foobar, foobar" - "traefik.tcp.routers.tcprouter0.rule=foobar" @@ -186,9 +188,9 @@ - "traefik.tcp.routers.tcprouter1.tls.domains[1].sans=foobar, foobar" - "traefik.tcp.routers.tcprouter1.tls.options=foobar" - "traefik.tcp.routers.tcprouter1.tls.passthrough=true" +- "traefik.tcp.services.tcpservice01.loadbalancer.proxyprotocol.version=42" - "traefik.tcp.services.tcpservice01.loadbalancer.terminationdelay=42" - "traefik.tcp.services.tcpservice01.loadbalancer.server.port=foobar" -- "traefik.tcp.services.tcpservice01.loadbalancer.proxyprotocol.version=42" - "traefik.udp.routers.udprouter0.entrypoints=foobar, foobar" - "traefik.udp.routers.udprouter0.service=foobar" - "traefik.udp.routers.udprouter1.entrypoints=foobar, foobar" diff --git a/docs/content/reference/dynamic-configuration/file.toml b/docs/content/reference/dynamic-configuration/file.toml index 0aad383d6..d3e907b8c 100644 --- a/docs/content/reference/dynamic-configuration/file.toml +++ b/docs/content/reference/dynamic-configuration/file.toml @@ -180,6 +180,7 @@ publicKey = "foobar" referrerPolicy = "foobar" featurePolicy = "foobar" + permissionsPolicy = "foobar" isDevelopment = true [http.middlewares.Middleware10.headers.customRequestHeaders] name0 = "foobar" @@ -237,7 +238,7 @@ [http.middlewares.Middleware15] [http.middlewares.Middleware15.rateLimit] average = 42 - period = 42 + period = "42s" burst = 42 [http.middlewares.Middleware15.rateLimit.sourceCriterion] requestHeaderName = "foobar" @@ -265,7 +266,7 @@ [http.middlewares.Middleware20] [http.middlewares.Middleware20.retry] attempts = 42 - initialInterval = 42 + initialInterval = "42s" [http.middlewares.Middleware21] [http.middlewares.Middleware21.stripPrefix] prefixes = ["foobar", "foobar"] @@ -293,6 +294,8 @@ dialTimeout = "42s" responseHeaderTimeout = "42s" idleConnTimeout = "42s" + readIdleTimeout = "42s" + pingTimeout = "42s" [http.serversTransports.ServersTransport1] serverName = "foobar" insecureSkipVerify = true @@ -312,6 +315,8 @@ dialTimeout = "42s" responseHeaderTimeout = "42s" idleConnTimeout = "42s" + readIdleTimeout = "42s" + pingTimeout = "42s" [tcp] [tcp.routers] @@ -372,9 +377,12 @@ name = "foobar" weight = 42 [tcp.middlewares] - [tcp.middlewares.Middleware00] - [tcp.middlewares.Middleware00.ipWhiteList] - sourceRange = ["foobar", "foobar"] + [tcp.middlewares.TCPMiddleware00] + [tcp.middlewares.TCPMiddleware00.ipWhiteList] + sourceRange = ["foobar", "foobar"] + [tcp.middlewares.TCPMiddleware01] + [tcp.middlewares.TCPMiddleware01.inFlightConn] + amount = 42 [udp] [udp.routers] diff --git a/docs/content/reference/dynamic-configuration/file.yaml b/docs/content/reference/dynamic-configuration/file.yaml index 846e9ea2c..d0d7b6fa3 100644 --- a/docs/content/reference/dynamic-configuration/file.yaml +++ b/docs/content/reference/dynamic-configuration/file.yaml @@ -2,11 +2,11 @@ http: routers: Router0: entryPoints: - - foobar - - foobar + - foobar + - foobar middlewares: - - foobar - - foobar + - foobar + - foobar service: foobar rule: foobar priority: 42 @@ -14,21 +14,21 @@ http: options: foobar certResolver: foobar domains: - - main: foobar - sans: - - foobar - - foobar - - main: foobar - sans: - - foobar - - foobar + - main: foobar + sans: + - foobar + - foobar + - main: foobar + sans: + - foobar + - foobar Router1: entryPoints: - - foobar - - foobar + - foobar + - foobar middlewares: - - foobar - - foobar + - foobar + - foobar service: foobar rule: foobar priority: 42 @@ -36,14 +36,14 @@ http: options: foobar certResolver: foobar domains: - - main: foobar - sans: - - foobar - - foobar - - main: foobar - sans: - - foobar - - foobar + - main: foobar + sans: + - foobar + - foobar + - main: foobar + sans: + - foobar + - foobar services: Service01: loadBalancer: @@ -54,8 +54,8 @@ http: httpOnly: true sameSite: foobar servers: - - url: foobar - - url: foobar + - url: foobar + - url: foobar healthCheck: scheme: foobar path: foobar @@ -77,18 +77,18 @@ http: maxBodySize: 42 healthCheck: {} mirrors: - - name: foobar - percent: 42 - - name: foobar - percent: 42 + - name: foobar + percent: 42 + - name: foobar + percent: 42 Service03: weighted: healthCheck: {} services: - - name: foobar - weight: 42 - - name: foobar - weight: 42 + - name: foobar + weight: 42 + - name: foobar + weight: 42 sticky: cookie: name: foobar @@ -102,8 +102,8 @@ http: Middleware01: basicAuth: users: - - foobar - - foobar + - foobar + - foobar usersFile: foobar realm: foobar removeHeader: true @@ -118,16 +118,16 @@ http: Middleware03: chain: middlewares: - - foobar - - foobar + - foobar + - foobar Middleware04: circuitBreaker: expression: foobar Middleware05: compress: excludedContentTypes: - - foobar - - foobar + - foobar + - foobar minResponseBodyBytes: 42 Middleware06: contentType: @@ -135,8 +135,8 @@ http: Middleware07: digestAuth: users: - - foobar - - foobar + - foobar + - foobar usersFile: foobar removeHeader: true realm: foobar @@ -144,8 +144,8 @@ http: Middleware08: errors: status: - - foobar - - foobar + - foobar + - foobar service: foobar query: foobar Middleware09: @@ -159,12 +159,12 @@ http: insecureSkipVerify: true trustForwardHeader: true authResponseHeaders: - - foobar - - foobar + - foobar + - foobar authResponseHeadersRegex: foobar authRequestHeaders: - - foobar - - foobar + - foobar + - foobar Middleware10: headers: customRequestHeaders: @@ -175,28 +175,28 @@ http: name1: foobar accessControlAllowCredentials: true accessControlAllowHeaders: - - foobar - - foobar + - foobar + - foobar accessControlAllowMethods: - - foobar - - foobar + - foobar + - foobar accessControlAllowOriginList: - - foobar - - foobar + - foobar + - foobar accessControlAllowOriginListRegex: - - foobar - - foobar + - foobar + - foobar accessControlExposeHeaders: - - foobar - - foobar + - foobar + - foobar accessControlMaxAge: 42 addVaryHeader: true allowedHosts: - - foobar - - foobar + - foobar + - foobar hostsProxyHeaders: - - foobar - - foobar + - foobar + - foobar sslRedirect: true sslTemporaryRedirect: true sslHost: foobar @@ -217,17 +217,18 @@ http: publicKey: foobar referrerPolicy: foobar featurePolicy: foobar + permissionsPolicy: foobar isDevelopment: true Middleware11: ipWhiteList: sourceRange: - - foobar - - foobar + - foobar + - foobar ipStrategy: depth: 42 excludedIPs: - - foobar - - foobar + - foobar + - foobar Middleware12: inFlightReq: amount: 42 @@ -235,8 +236,8 @@ http: ipStrategy: depth: 42 excludedIPs: - - foobar - - foobar + - foobar + - foobar requestHeaderName: foobar requestHost: true Middleware13: @@ -271,14 +272,14 @@ http: Middleware15: rateLimit: average: 42 - period: 42 + period: 42s burst: 42 sourceCriterion: ipStrategy: depth: 42 excludedIPs: - - foobar - - foobar + - foobar + - foobar requestHeaderName: foobar requestHost: true Middleware16: @@ -301,64 +302,68 @@ http: Middleware20: retry: attempts: 42 - initialInterval: 42 + initialInterval: 42s Middleware21: stripPrefix: prefixes: - - foobar - - foobar + - foobar + - foobar forceSlash: true Middleware22: stripPrefixRegex: regex: - - foobar - - foobar + - foobar + - foobar serversTransports: ServersTransport0: serverName: foobar insecureSkipVerify: true rootCAs: - - foobar - - foobar + - foobar + - foobar certificates: - - certFile: foobar - keyFile: foobar - - certFile: foobar - keyFile: foobar + - certFile: foobar + keyFile: foobar + - certFile: foobar + keyFile: foobar maxIdleConnsPerHost: 42 forwardingTimeouts: dialTimeout: 42s responseHeaderTimeout: 42s idleConnTimeout: 42s + readIdleTimeout: 42s + pingTimeout: 42s disableHTTP2: true peerCertURI: foobar ServersTransport1: serverName: foobar insecureSkipVerify: true rootCAs: - - foobar - - foobar + - foobar + - foobar certificates: - - certFile: foobar - keyFile: foobar - - certFile: foobar - keyFile: foobar + - certFile: foobar + keyFile: foobar + - certFile: foobar + keyFile: foobar maxIdleConnsPerHost: 42 forwardingTimeouts: dialTimeout: 42s responseHeaderTimeout: 42s idleConnTimeout: 42s + readIdleTimeout: 42s + pingTimeout: 42s disableHTTP2: true peerCertURI: foobar tcp: routers: TCPRouter0: entryPoints: - - foobar - - foobar + - foobar + - foobar middlewares: - - foobar - - foobar + - foobar + - foobar service: foobar rule: foobar tls: @@ -366,21 +371,21 @@ tcp: options: foobar certResolver: foobar domains: - - main: foobar - sans: - - foobar - - foobar - - main: foobar - sans: - - foobar - - foobar + - main: foobar + sans: + - foobar + - foobar + - main: foobar + sans: + - foobar + - foobar TCPRouter1: entryPoints: - - foobar - - foobar + - foobar + - foobar middlewares: - - foobar - - foobar + - foobar + - foobar service: foobar rule: foobar tls: @@ -388,20 +393,14 @@ tcp: options: foobar certResolver: foobar domains: - - main: foobar - sans: - - foobar - - foobar - - main: foobar - sans: - - foobar - - foobar - middlewares: - Middleware00: - ipWhiteList: - sourceRange: - - foobar - - foobar + - main: foobar + sans: + - foobar + - foobar + - main: foobar + sans: + - foobar + - foobar services: TCPService01: loadBalancer: @@ -409,66 +408,75 @@ tcp: proxyProtocol: version: 42 servers: - - address: foobar - - address: foobar + - address: foobar + - address: foobar TCPService02: weighted: services: - - name: foobar - weight: 42 - - name: foobar - weight: 42 + - name: foobar + weight: 42 + - name: foobar + weight: 42 + middlewares: + TCPMiddleware00: + ipWhiteList: + sourceRange: + - foobar + - foobar + TCPMiddleware01: + inFlightConn: + amount: 42 udp: routers: UDPRouter0: entryPoints: - - foobar - - foobar + - foobar + - foobar service: foobar UDPRouter1: entryPoints: - - foobar - - foobar + - foobar + - foobar service: foobar services: UDPService01: loadBalancer: servers: - - address: foobar - - address: foobar + - address: foobar + - address: foobar UDPService02: weighted: services: - - name: foobar - weight: 42 - - name: foobar - weight: 42 + - name: foobar + weight: 42 + - name: foobar + weight: 42 tls: certificates: - - certFile: foobar - keyFile: foobar - stores: - - foobar - - foobar - - certFile: foobar - keyFile: foobar - stores: - - foobar - - foobar + - certFile: foobar + keyFile: foobar + stores: + - foobar + - foobar + - certFile: foobar + keyFile: foobar + stores: + - foobar + - foobar options: Options0: minVersion: foobar maxVersion: foobar cipherSuites: - - foobar - - foobar + - foobar + - foobar curvePreferences: - - foobar - - foobar + - foobar + - foobar clientAuth: caFiles: - - foobar - - foobar + - foobar + - foobar clientAuthType: foobar sniStrict: true preferServerCipherSuites: true @@ -479,15 +487,15 @@ tls: minVersion: foobar maxVersion: foobar cipherSuites: - - foobar - - foobar + - foobar + - foobar curvePreferences: - - foobar - - foobar + - foobar + - foobar clientAuth: caFiles: - - foobar - - foobar + - foobar + - foobar clientAuthType: foobar sniStrict: true preferServerCipherSuites: true diff --git a/docs/content/reference/dynamic-configuration/kv-ref.md b/docs/content/reference/dynamic-configuration/kv-ref.md index 0df01e697..ce6bada65 100644 --- a/docs/content/reference/dynamic-configuration/kv-ref.md +++ b/docs/content/reference/dynamic-configuration/kv-ref.md @@ -69,6 +69,7 @@ | `traefik/http/middlewares/Middleware10/headers/hostsProxyHeaders/0` | `foobar` | | `traefik/http/middlewares/Middleware10/headers/hostsProxyHeaders/1` | `foobar` | | `traefik/http/middlewares/Middleware10/headers/isDevelopment` | `true` | +| `traefik/http/middlewares/Middleware10/headers/permissionsPolicy` | `foobar` | | `traefik/http/middlewares/Middleware10/headers/publicKey` | `foobar` | | `traefik/http/middlewares/Middleware10/headers/referrerPolicy` | `foobar` | | `traefik/http/middlewares/Middleware10/headers/sslForceHost` | `true` | @@ -114,7 +115,7 @@ | `traefik/http/middlewares/Middleware14/plugin/PluginConf/foo` | `bar` | | `traefik/http/middlewares/Middleware15/rateLimit/average` | `42` | | `traefik/http/middlewares/Middleware15/rateLimit/burst` | `42` | -| `traefik/http/middlewares/Middleware15/rateLimit/period` | `42` | +| `traefik/http/middlewares/Middleware15/rateLimit/period` | `42s` | | `traefik/http/middlewares/Middleware15/rateLimit/sourceCriterion/ipStrategy/depth` | `42` | | `traefik/http/middlewares/Middleware15/rateLimit/sourceCriterion/ipStrategy/excludedIPs/0` | `foobar` | | `traefik/http/middlewares/Middleware15/rateLimit/sourceCriterion/ipStrategy/excludedIPs/1` | `foobar` | @@ -130,7 +131,7 @@ | `traefik/http/middlewares/Middleware19/replacePathRegex/regex` | `foobar` | | `traefik/http/middlewares/Middleware19/replacePathRegex/replacement` | `foobar` | | `traefik/http/middlewares/Middleware20/retry/attempts` | `42` | -| `traefik/http/middlewares/Middleware20/retry/initialInterval` | `42` | +| `traefik/http/middlewares/Middleware20/retry/initialInterval` | `42s` | | `traefik/http/middlewares/Middleware21/stripPrefix/forceSlash` | `true` | | `traefik/http/middlewares/Middleware21/stripPrefix/prefixes/0` | `foobar` | | `traefik/http/middlewares/Middleware21/stripPrefix/prefixes/1` | `foobar` | @@ -173,6 +174,8 @@ | `traefik/http/serversTransports/ServersTransport0/disableHTTP2` | `true` | | `traefik/http/serversTransports/ServersTransport0/forwardingTimeouts/dialTimeout` | `42s` | | `traefik/http/serversTransports/ServersTransport0/forwardingTimeouts/idleConnTimeout` | `42s` | +| `traefik/http/serversTransports/ServersTransport0/forwardingTimeouts/pingTimeout` | `42s` | +| `traefik/http/serversTransports/ServersTransport0/forwardingTimeouts/readIdleTimeout` | `42s` | | `traefik/http/serversTransports/ServersTransport0/forwardingTimeouts/responseHeaderTimeout` | `42s` | | `traefik/http/serversTransports/ServersTransport0/insecureSkipVerify` | `true` | | `traefik/http/serversTransports/ServersTransport0/maxIdleConnsPerHost` | `42` | @@ -187,6 +190,8 @@ | `traefik/http/serversTransports/ServersTransport1/disableHTTP2` | `true` | | `traefik/http/serversTransports/ServersTransport1/forwardingTimeouts/dialTimeout` | `42s` | | `traefik/http/serversTransports/ServersTransport1/forwardingTimeouts/idleConnTimeout` | `42s` | +| `traefik/http/serversTransports/ServersTransport1/forwardingTimeouts/pingTimeout` | `42s` | +| `traefik/http/serversTransports/ServersTransport1/forwardingTimeouts/readIdleTimeout` | `42s` | | `traefik/http/serversTransports/ServersTransport1/forwardingTimeouts/responseHeaderTimeout` | `42s` | | `traefik/http/serversTransports/ServersTransport1/insecureSkipVerify` | `true` | | `traefik/http/serversTransports/ServersTransport1/maxIdleConnsPerHost` | `42` | @@ -228,8 +233,9 @@ | `traefik/http/services/Service03/weighted/sticky/cookie/name` | `foobar` | | `traefik/http/services/Service03/weighted/sticky/cookie/sameSite` | `foobar` | | `traefik/http/services/Service03/weighted/sticky/cookie/secure` | `true` | -| `traefik/tcp/middlewares/Middleware00/ipWhiteList/sourceRange/0` | `foobar` | -| `traefik/tcp/middlewares/Middleware00/ipWhiteList/sourceRange/1` | `foobar` | +| `traefik/tcp/middlewares/TCPMiddleware00/ipWhiteList/sourceRange/0` | `foobar` | +| `traefik/tcp/middlewares/TCPMiddleware00/ipWhiteList/sourceRange/1` | `foobar` | +| `traefik/tcp/middlewares/TCPMiddleware01/inFlightConn/amount` | `42` | | `traefik/tcp/routers/TCPRouter0/entryPoints/0` | `foobar` | | `traefik/tcp/routers/TCPRouter0/entryPoints/1` | `foobar` | | `traefik/tcp/routers/TCPRouter0/middlewares/0` | `foobar` | diff --git a/docs/content/reference/dynamic-configuration/marathon-labels.json b/docs/content/reference/dynamic-configuration/marathon-labels.json index 58128731d..bde6068d4 100644 --- a/docs/content/reference/dynamic-configuration/marathon-labels.json +++ b/docs/content/reference/dynamic-configuration/marathon-labels.json @@ -24,9 +24,9 @@ "traefik.http.middlewares.middleware08.errors.service": "foobar", "traefik.http.middlewares.middleware08.errors.status": "foobar, foobar", "traefik.http.middlewares.middleware09.forwardauth.address": "foobar", +"traefik.http.middlewares.middleware09.forwardauth.authrequestheaders": "foobar, foobar", "traefik.http.middlewares.middleware09.forwardauth.authresponseheaders": "foobar, foobar", "traefik.http.middlewares.middleware09.forwardauth.authresponseheadersregex": "foobar", -"traefik.http.middlewares.middleware09.forwardauth.authrequestheaders": "foobar, foobar", "traefik.http.middlewares.middleware09.forwardauth.tls.ca": "foobar", "traefik.http.middlewares.middleware09.forwardauth.tls.caoptional": "true", "traefik.http.middlewares.middleware09.forwardauth.tls.cert": "foobar", @@ -56,6 +56,7 @@ "traefik.http.middlewares.middleware10.headers.framedeny": "true", "traefik.http.middlewares.middleware10.headers.hostsproxyheaders": "foobar, foobar", "traefik.http.middlewares.middleware10.headers.isdevelopment": "true", +"traefik.http.middlewares.middleware10.headers.permissionspolicy": "foobar", "traefik.http.middlewares.middleware10.headers.publickey": "foobar", "traefik.http.middlewares.middleware10.headers.referrerpolicy": "foobar", "traefik.http.middlewares.middleware10.headers.sslforcehost": "true", @@ -153,6 +154,7 @@ "traefik.http.services.service01.loadbalancer.healthcheck.followredirects": "true", "traefik.http.services.service01.loadbalancer.passhostheader": "true", "traefik.http.services.service01.loadbalancer.responseforwarding.flushinterval": "foobar", +"traefik.http.services.service01.loadbalancer.serverstransport": "foobar", "traefik.http.services.service01.loadbalancer.sticky.cookie": "true", "traefik.http.services.service01.loadbalancer.sticky.cookie.httponly": "true", "traefik.http.services.service01.loadbalancer.sticky.cookie.name": "foobar", @@ -160,8 +162,10 @@ "traefik.http.services.service01.loadbalancer.sticky.cookie.secure": "true", "traefik.http.services.service01.loadbalancer.server.port": "foobar", "traefik.http.services.service01.loadbalancer.server.scheme": "foobar", -"traefik.http.services.service01.loadbalancer.serverstransport": "foobar", +"traefik.tcp.middlewares.tcpmiddleware00.ipwhitelist.sourcerange": "foobar, foobar", +"traefik.tcp.middlewares.tcpmiddleware01.inflightconn.amount": "42", "traefik.tcp.routers.tcprouter0.entrypoints": "foobar, foobar", +"traefik.tcp.routers.tcprouter0.middlewares": "foobar, foobar", "traefik.tcp.routers.tcprouter0.rule": "foobar", "traefik.tcp.routers.tcprouter0.service": "foobar", "traefik.tcp.routers.tcprouter0.tls": "true", @@ -173,6 +177,7 @@ "traefik.tcp.routers.tcprouter0.tls.options": "foobar", "traefik.tcp.routers.tcprouter0.tls.passthrough": "true", "traefik.tcp.routers.tcprouter1.entrypoints": "foobar, foobar", +"traefik.tcp.routers.tcprouter1.middlewares": "foobar, foobar", "traefik.tcp.routers.tcprouter1.rule": "foobar", "traefik.tcp.routers.tcprouter1.service": "foobar", "traefik.tcp.routers.tcprouter1.tls": "true", @@ -183,8 +188,8 @@ "traefik.tcp.routers.tcprouter1.tls.domains[1].sans": "foobar, foobar", "traefik.tcp.routers.tcprouter1.tls.options": "foobar", "traefik.tcp.routers.tcprouter1.tls.passthrough": "true", -"traefik.tcp.services.tcpservice01.loadbalancer.terminationdelay": "42", "traefik.tcp.services.tcpservice01.loadbalancer.proxyprotocol.version": "42", +"traefik.tcp.services.tcpservice01.loadbalancer.terminationdelay": "42", "traefik.tcp.services.tcpservice01.loadbalancer.server.port": "foobar", "traefik.udp.routers.udprouter0.entrypoints": "foobar, foobar", "traefik.udp.routers.udprouter0.service": "foobar", diff --git a/docs/content/reference/static-configuration/file.toml b/docs/content/reference/static-configuration/file.toml index a995affa5..ae3216dae 100644 --- a/docs/content/reference/static-configuration/file.toml +++ b/docs/content/reference/static-configuration/file.toml @@ -7,31 +7,27 @@ rootCAs = ["foobar", "foobar"] maxIdleConnsPerHost = 42 [serversTransport.forwardingTimeouts] - dialTimeout = 42 - responseHeaderTimeout = 42 - idleConnTimeout = 42 + dialTimeout = "42s" + responseHeaderTimeout = "42s" + idleConnTimeout = "42s" [entryPoints] [entryPoints.EntryPoint0] address = "foobar" [entryPoints.EntryPoint0.transport] [entryPoints.EntryPoint0.transport.lifeCycle] - requestAcceptGraceTimeout = 42 - graceTimeOut = 42 + requestAcceptGraceTimeout = "42s" + graceTimeOut = "42s" [entryPoints.EntryPoint0.transport.respondingTimeouts] - readTimeout = 42 - writeTimeout = 42 - idleTimeout = 42 + readTimeout = "42s" + writeTimeout = "42s" + idleTimeout = "42s" [entryPoints.EntryPoint0.proxyProtocol] insecure = true trustedIPs = ["foobar", "foobar"] [entryPoints.EntryPoint0.forwardedHeaders] insecure = true trustedIPs = ["foobar", "foobar"] - [entryPoints.EntryPoint0.udp] - timeout = 42 - [entryPoints.EntryPoint0.http3] - advertisedPort = 42 [entryPoints.EntryPoint0.http] middlewares = ["foobar", "foobar"] [entryPoints.EntryPoint0.http.redirections] @@ -51,9 +47,13 @@ [[entryPoints.EntryPoint0.http.tls.domains]] main = "foobar" sans = ["foobar", "foobar"] + [entryPoints.EntryPoint0.http3] + advertisedPort = 42 + [entryPoints.EntryPoint0.udp] + timeout = "42s" [providers] - providersThrottleDuration = 42 + providersThrottleDuration = "42s" [providers.docker] constraints = "foobar" watch = true @@ -63,8 +63,8 @@ useBindPortIP = true swarmMode = true network = "foobar" - swarmModeRefreshSeconds = 42 - httpClientTimeout = 42 + swarmModeRefreshSeconds = "42s" + httpClientTimeout = "42s" [providers.docker.tls] ca = "foobar" caOptional = true @@ -84,10 +84,10 @@ defaultRule = "foobar" exposedByDefault = true dcosToken = "foobar" - dialerTimeout = 42 - responseHeaderTimeout = 42 - tlsHandshakeTimeout = 42 - keepAlive = 42 + dialerTimeout = "42s" + responseHeaderTimeout = "42s" + tlsHandshakeTimeout = "42s" + keepAlive = "42s" forceTaskHostname = true respectReadinessChecks = true [providers.marathon.tls] @@ -108,6 +108,7 @@ ingressClass = "foobar" throttleDuration = "42s" allowEmptyServices = true + allowExternalNameServices = true [providers.kubernetesIngress.ingressEndpoint] ip = "foobar" hostname = "foobar" @@ -118,16 +119,17 @@ certAuthFilePath = "foobar" namespaces = ["foobar", "foobar"] allowCrossNamespace = true + allowExternalNameServices = true labelSelector = "foobar" ingressClass = "foobar" - throttleDuration = 42 + throttleDuration = "42s" [providers.kubernetesGateway] endpoint = "foobar" token = "foobar" certAuthFilePath = "foobar" namespaces = ["foobar", "foobar"] labelSelector = "foobar" - throttleDuration = 42 + throttleDuration = "42s" [providers.rest] insecure = true [providers.rancher] @@ -142,19 +144,22 @@ [providers.consulCatalog] constraints = "foobar" prefix = "foobar" - refreshInterval = 42 + refreshInterval = "42s" requireConsistent = true stale = true cache = true exposedByDefault = true defaultRule = "foobar" + connectAware = true + connectByDefault = true + serviceName = "foobar" namespace = "foobar" [providers.consulCatalog.endpoint] address = "foobar" scheme = "foobar" datacenter = "foobar" token = "foobar" - endpointWaitTime = 42 + endpointWaitTime = "42s" [providers.consulCatalog.endpoint.tls] ca = "foobar" caOptional = true @@ -179,8 +184,8 @@ endpoints = ["foobar", "foobar"] username = "foobar" password = "foobar" - namespace = "foobar" token = "foobar" + namespace = "foobar" [providers.consul.tls] ca = "foobar" caOptional = true @@ -192,8 +197,8 @@ endpoints = ["foobar", "foobar"] username = "foobar" password = "foobar" - namespace = "foobar" token = "foobar" + namespace = "foobar" [providers.etcd.tls] ca = "foobar" caOptional = true @@ -205,8 +210,8 @@ endpoints = ["foobar", "foobar"] username = "foobar" password = "foobar" - namespace = "foobar" token = "foobar" + namespace = "foobar" [providers.zooKeeper.tls] ca = "foobar" caOptional = true @@ -218,8 +223,8 @@ endpoints = ["foobar", "foobar"] username = "foobar" password = "foobar" - namespace = "foobar" token = "foobar" + namespace = "foobar" [providers.redis.tls] ca = "foobar" caOptional = true @@ -228,8 +233,8 @@ insecureSkipVerify = true [providers.http] endpoint = "foobar" - pollInterval = 42 - pollTimeout = 42 + pollInterval = "42s" + pollTimeout = "42s" [providers.http.tls] ca = "foobar" caOptional = true @@ -298,7 +303,7 @@ [accessLog.filters] statusCodes = ["foobar", "foobar"] retryAttempts = true - minDuration = 42 + minDuration = "42s" [accessLog.fields] defaultMode = "foobar" [accessLog.fields.names] @@ -344,6 +349,7 @@ localAgentHost = "foobar" localAgentPort = 42 logLevel = "foobar" + enableAutoProfile = true [tracing.haystack] localAgentHost = "foobar" localAgentPort = 42 @@ -367,16 +373,16 @@ [certificatesResolvers.CertificateResolver0.acme] email = "foobar" caServer = "foobar" - certificatesDuration = 2160 preferredChain = "foobar" storage = "foobar" keyType = "foobar" + certificatesDuration = 42 [certificatesResolvers.CertificateResolver0.acme.eab] kid = "foobar" hmacEncoded = "foobar" [certificatesResolvers.CertificateResolver0.acme.dnsChallenge] provider = "foobar" - delayBeforeCheck = 42 + delayBeforeCheck = "42s" resolvers = ["foobar", "foobar"] disablePropagationCheck = true [certificatesResolvers.CertificateResolver0.acme.httpChallenge] @@ -386,16 +392,16 @@ [certificatesResolvers.CertificateResolver1.acme] email = "foobar" caServer = "foobar" - certificatesDuration = 2160 preferredChain = "foobar" storage = "foobar" keyType = "foobar" + certificatesDuration = 42 [certificatesResolvers.CertificateResolver1.acme.eab] kid = "foobar" hmacEncoded = "foobar" [certificatesResolvers.CertificateResolver1.acme.dnsChallenge] provider = "foobar" - delayBeforeCheck = 42 + delayBeforeCheck = "42s" resolvers = ["foobar", "foobar"] disablePropagationCheck = true [certificatesResolvers.CertificateResolver1.acme.httpChallenge] diff --git a/docs/content/reference/static-configuration/file.yaml b/docs/content/reference/static-configuration/file.yaml index c4e5c31ee..886ae5114 100644 --- a/docs/content/reference/static-configuration/file.yaml +++ b/docs/content/reference/static-configuration/file.yaml @@ -4,38 +4,34 @@ global: serversTransport: insecureSkipVerify: true rootCAs: - - foobar - - foobar + - foobar + - foobar maxIdleConnsPerHost: 42 forwardingTimeouts: - dialTimeout: 42 - responseHeaderTimeout: 42 - idleConnTimeout: 42 + dialTimeout: 42s + responseHeaderTimeout: 42s + idleConnTimeout: 42s entryPoints: EntryPoint0: address: foobar transport: lifeCycle: - requestAcceptGraceTimeout: 42 - graceTimeOut: 42 + requestAcceptGraceTimeout: 42s + graceTimeOut: 42s respondingTimeouts: - readTimeout: 42 - writeTimeout: 42 - idleTimeout: 42 + readTimeout: 42s + writeTimeout: 42s + idleTimeout: 42s proxyProtocol: insecure: true trustedIPs: - - foobar - - foobar + - foobar + - foobar forwardedHeaders: insecure: true trustedIPs: - - foobar - - foobar - http3: - advertisedPort: 42 - udp: - timeout: 42 + - foobar + - foobar http: redirections: entryPoint: @@ -44,22 +40,26 @@ entryPoints: permanent: true priority: 42 middlewares: - - foobar - - foobar + - foobar + - foobar tls: options: foobar certResolver: foobar domains: - - main: foobar - sans: - - foobar - - foobar - - main: foobar - sans: - - foobar - - foobar + - main: foobar + sans: + - foobar + - foobar + - main: foobar + sans: + - foobar + - foobar + http3: + advertisedPort: 42 + udp: + timeout: 42s providers: - providersThrottleDuration: 42 + providersThrottleDuration: 42s docker: constraints: foobar watch: true @@ -75,8 +75,8 @@ providers: useBindPortIP: true swarmMode: true network: foobar - swarmModeRefreshSeconds: 42 - httpClientTimeout: 42 + swarmModeRefreshSeconds: 42s + httpClientTimeout: 42s file: directory: foobar watch: true @@ -96,10 +96,10 @@ providers: cert: foobar key: foobar insecureSkipVerify: true - dialerTimeout: 42 - responseHeaderTimeout: 42 - tlsHandshakeTimeout: 42 - keepAlive: 42 + dialerTimeout: 42s + responseHeaderTimeout: 42s + tlsHandshakeTimeout: 42s + keepAlive: 42s forceTaskHostname: true basic: httpBasicAuthUser: foobar @@ -110,12 +110,13 @@ providers: token: foobar certAuthFilePath: foobar namespaces: - - foobar - - foobar + - foobar + - foobar labelSelector: foobar ingressClass: foobar throttleDuration: 42s allowEmptyServices: true + allowExternalNameServices: true ingressEndpoint: ip: foobar hostname: foobar @@ -125,9 +126,10 @@ providers: token: foobar certAuthFilePath: foobar namespaces: - - foobar - - foobar + - foobar + - foobar allowCrossNamespace: true + allowExternalNameServices: true labelSelector: foobar ingressClass: foobar throttleDuration: 42s @@ -136,8 +138,8 @@ providers: token: foobar certAuthFilePath: foobar namespaces: - - foobar - - foobar + - foobar + - foobar labelSelector: foobar throttleDuration: 42s rest: @@ -160,6 +162,9 @@ providers: cache: true exposedByDefault: true defaultRule: foobar + connectAware: true + connectByDefault: true + serviceName: foobar namespace: foobar endpoint: address: foobar @@ -182,8 +187,8 @@ providers: refreshSeconds: 42 defaultRule: foobar clusters: - - foobar - - foobar + - foobar + - foobar autoDiscoverClusters: true region: foobar accessKeyID: foobar @@ -191,12 +196,12 @@ providers: consul: rootKey: foobar endpoints: - - foobar - - foobar + - foobar + - foobar username: foobar password: foobar - namespace: foobar token: foobar + namespace: foobar tls: ca: foobar caOptional: true @@ -206,12 +211,12 @@ providers: etcd: rootKey: foobar endpoints: - - foobar - - foobar + - foobar + - foobar username: foobar password: foobar - namespace: foobar token: foobar + namespace: foobar tls: ca: foobar caOptional: true @@ -221,12 +226,12 @@ providers: zooKeeper: rootKey: foobar endpoints: - - foobar - - foobar + - foobar + - foobar username: foobar password: foobar - namespace: foobar token: foobar + namespace: foobar tls: ca: foobar caOptional: true @@ -236,12 +241,12 @@ providers: redis: rootKey: foobar endpoints: - - foobar - - foobar + - foobar + - foobar username: foobar password: foobar - namespace: foobar token: foobar + namespace: foobar tls: ca: foobar caOptional: true @@ -250,8 +255,8 @@ providers: insecureSkipVerify: true http: endpoint: foobar - pollInterval: 42 - pollTimeout: 42 + pollInterval: 42s + pollTimeout: 42s tls: ca: foobar caOptional: true @@ -268,8 +273,8 @@ api: metrics: prometheus: buckets: - - 42 - - 42 + - 42 + - 42 addEntryPointsLabels: true addRoutersLabels: true addServicesLabels: true @@ -277,14 +282,14 @@ metrics: manualRouting: true datadog: address: foobar - pushInterval: 42 + pushInterval: 42s addEntryPointsLabels: true addRoutersLabels: true addServicesLabels: true prefix: foobar statsD: address: foobar - pushInterval: 42 + pushInterval: 42s addEntryPointsLabels: true addRoutersLabels: true addServicesLabels: true @@ -292,7 +297,7 @@ metrics: influxDB: address: foobar protocol: foobar - pushInterval: 42 + pushInterval: 42s database: foobar retentionPolicy: foobar username: foobar @@ -315,10 +320,10 @@ accessLog: format: foobar filters: statusCodes: - - foobar - - foobar + - foobar + - foobar retryAttempts: true - minDuration: 42 + minDuration: 42s fields: defaultMode: foobar names: @@ -364,6 +369,7 @@ tracing: localAgentHost: foobar localAgentPort: 42 logLevel: foobar + enableAutoProfile: true haystack: localAgentHost: foobar localAgentPort: 42 @@ -385,7 +391,7 @@ certificatesResolvers: acme: email: foobar caServer: foobar - certificatesDuration: 2160 + certificatesDuration: 42 preferredChain: foobar storage: foobar keyType: foobar @@ -394,10 +400,10 @@ certificatesResolvers: hmacEncoded: foobar dnsChallenge: provider: foobar - delayBeforeCheck: 42 + delayBeforeCheck: 42s resolvers: - - foobar - - foobar + - foobar + - foobar disablePropagationCheck: true httpChallenge: entryPoint: foobar @@ -406,7 +412,7 @@ certificatesResolvers: acme: email: foobar caServer: foobar - certificatesDuration: 2160 + certificatesDuration: 42 preferredChain: foobar storage: foobar keyType: foobar @@ -415,10 +421,10 @@ certificatesResolvers: hmacEncoded: foobar dnsChallenge: provider: foobar - delayBeforeCheck: 42 + delayBeforeCheck: 42s resolvers: - - foobar - - foobar + - foobar + - foobar disablePropagationCheck: true httpChallenge: entryPoint: foobar diff --git a/pkg/config/dynamic/tcp_middlewares.go b/pkg/config/dynamic/tcp_middlewares.go index 1108319f5..57d313193 100644 --- a/pkg/config/dynamic/tcp_middlewares.go +++ b/pkg/config/dynamic/tcp_middlewares.go @@ -4,7 +4,7 @@ package dynamic // TCPMiddleware holds the TCPMiddleware configuration. type TCPMiddleware struct { - InFlightConn *TCPInFlightConn `json:"InFlightConn,omitempty" toml:"InFlightConn,omitempty" yaml:"InFlightConn,omitempty" export:"true"` + InFlightConn *TCPInFlightConn `json:"inFlightConn,omitempty" toml:"inFlightConn,omitempty" yaml:"inFlightConn,omitempty" export:"true"` IPWhiteList *TCPIPWhiteList `json:"ipWhiteList,omitempty" toml:"ipWhiteList,omitempty" yaml:"ipWhiteList,omitempty" export:"true"` } From a51851247e2ee7b80cc8e7f37576eed835b0c03e Mon Sep 17 00:00:00 2001 From: Ali Deishidi Date: Mon, 11 Apr 2022 17:22:09 +0200 Subject: [PATCH 12/25] Preflight requests are not forwarded to services --- docs/content/middlewares/http/headers.md | 2 ++ docs/scripts/verify.sh | 2 +- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/docs/content/middlewares/http/headers.md b/docs/content/middlewares/http/headers.md index b8dd29b5f..7699b33fb 100644 --- a/docs/content/middlewares/http/headers.md +++ b/docs/content/middlewares/http/headers.md @@ -201,6 +201,8 @@ http: CORS (Cross-Origin Resource Sharing) headers can be added and configured in a manner similar to the custom headers above. This functionality allows for more advanced security features to quickly be set. +If CORS headers are set, then the middleware does not pass preflight requests to any service, +instead the response will be generated and sent back to the client directly. ```yaml tab="Docker" labels: diff --git a/docs/scripts/verify.sh b/docs/scripts/verify.sh index 51cdf0742..0e63efdfa 100755 --- a/docs/scripts/verify.sh +++ b/docs/scripts/verify.sh @@ -22,7 +22,7 @@ find "${PATH_TO_SITE}" -type f -not -path "/app/site/theme/*" \ --alt_ignore="/traefikproxy-vertical-logo-color.svg/" \ --http_status_ignore="0,500,501,503" \ --file_ignore="/404.html/" \ - --url_ignore="/https://groups.google.com/a/traefik.io/forum/#!forum/security/,/localhost:/,/127.0.0.1:/,/fonts.gstatic.com/,/.minikube/,/github.com\/traefik\/traefik\/*edit*/,/github.com\/traefik\/traefik/,/doc.traefik.io/,/github\.com\/golang\/oauth2\/blob\/36a7019397c4c86cf59eeab3bc0d188bac444277\/.+/,/www.akamai.com/,/pilot.traefik.io\/profile/,/traefik.io/,/doc.traefik.io\/traefik-mesh/,/www.mkdocs.org/,/squidfunk.github.io/,/ietf.org/,/www.namesilo.com/,/www.youtube.com/,/www.linode.com/,/www.alibabacloud.com/,/www.cloudxns.net/,/www.vultr.com/,/vscale.io/" \ + --url_ignore="/https://groups.google.com/a/traefik.io/forum/#!forum/security/,/localhost:/,/127.0.0.1:/,/fonts.gstatic.com/,/.minikube/,/github.com\/traefik\/traefik\/*edit*/,/github.com\/traefik\/traefik/,/doc.traefik.io/,/github\.com\/golang\/oauth2\/blob\/36a7019397c4c86cf59eeab3bc0d188bac444277\/.+/,/www.akamai.com/,/pilot.traefik.io\/profile/,/traefik.io/,/doc.traefik.io\/traefik-mesh/,/www.mkdocs.org/,/squidfunk.github.io/,/ietf.org/,/www.namesilo.com/,/www.youtube.com/,/www.linode.com/,/www.alibabacloud.com/,/www.cloudxns.net/,/www.vultr.com/,/vscale.io/,/hetzner.com/" \ '{}' 1>/dev/null ## HTML-proofer options at https://github.com/gjtorikian/html-proofer#configuration From 2691ac1307396366154a50db8804763dd7266459 Mon Sep 17 00:00:00 2001 From: Tom Moulard Date: Fri, 15 Apr 2022 11:56:08 +0200 Subject: [PATCH 13/25] Add safe.directory to the build image --- Makefile | 8 ++++---- build.Dockerfile | 6 ++++++ docs/content/contributing/maintainers-guidelines.md | 2 +- docs/content/contributing/submitting-issues.md | 2 +- docs/scripts/verify.sh | 2 +- 5 files changed, 13 insertions(+), 7 deletions(-) diff --git a/Makefile b/Makefile index 55704b501..35e9f9158 100644 --- a/Makefile +++ b/Makefile @@ -47,14 +47,14 @@ dist: .PHONY: build-dev-image build-dev-image: dist ifneq ("$(IN_DOCKER)", "") - docker build $(DOCKER_BUILD_ARGS) -t "$(TRAEFIK_DEV_IMAGE)" -f build.Dockerfile . + docker build $(DOCKER_BUILD_ARGS) -t "$(TRAEFIK_DEV_IMAGE)" --build-arg HOST_PWD="$(PWD)" -f build.Dockerfile . endif ## Build Dev Docker image without cache .PHONY: build-dev-image-no-cache build-dev-image-no-cache: dist ifneq ("$(IN_DOCKER)", "") - docker build $(DOCKER_BUILD_ARGS) --no-cache -t "$(TRAEFIK_DEV_IMAGE)" -f build.Dockerfile . + docker build $(DOCKER_BUILD_ARGS) --no-cache -t "$(TRAEFIK_DEV_IMAGE)" --build-arg HOST_PWD="$(PWD)" -f build.Dockerfile . endif ## Build WebUI Docker image @@ -72,8 +72,8 @@ clean-webui: ## Generate WebUI webui/static/index.html: $(MAKE) build-webui-image - docker run --rm -v "$$PWD/webui/static":'/src/webui/static' traefik-webui npm run build:nc - docker run --rm -v "$$PWD/webui/static":'/src/webui/static' traefik-webui chown -R $(shell id -u):$(shell id -g) ./static + docker run --rm -v "$(PWD)/webui/static":'/src/webui/static' traefik-webui npm run build:nc + docker run --rm -v "$(PWD)/webui/static":'/src/webui/static' traefik-webui chown -R $(shell id -u):$(shell id -g) ./static .PHONY: generate-webui generate-webui: webui/static/index.html diff --git a/build.Dockerfile b/build.Dockerfile index ecd4430b8..4424e3603 100644 --- a/build.Dockerfile +++ b/build.Dockerfile @@ -23,6 +23,12 @@ RUN curl -sfL https://gist.githubusercontent.com/traefiker/6d7ac019c11d011e4f131 WORKDIR /go/src/github.com/traefik/traefik +# Because of CVE-2022-24765 (https://github.blog/2022-04-12-git-security-vulnerability-announced/), +# we configure git to allow the Traefik codebase path on the Host for docker in docker usages. +ARG HOST_PWD="" + +RUN git config --global --add safe.directory "${HOST_PWD}" + # Download go modules COPY go.mod . COPY go.sum . diff --git a/docs/content/contributing/maintainers-guidelines.md b/docs/content/contributing/maintainers-guidelines.md index 11ce90a4f..671eb11c7 100644 --- a/docs/content/contributing/maintainers-guidelines.md +++ b/docs/content/contributing/maintainers-guidelines.md @@ -25,7 +25,7 @@ We will be happy to answer any questions and explain all your doubts. Note: you do not have to meet all the listed requirements, but must have achieved several. -- Enabled [2FA](https://docs.github.com/en/github/authenticating-to-github/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication) on your Github account +- Enabled [2FA](https://docs.github.com/en/authentication/securing-your-account-with-two-factor-authentication-2fa/configuring-two-factor-authentication) on your GitHub account - The contributor has opened and successfully run medium to large PR’s in the past 6 months. - The contributor has participated in multiple code reviews of other PR’s, including those of other maintainers and contributors. diff --git a/docs/content/contributing/submitting-issues.md b/docs/content/contributing/submitting-issues.md index 512a06b53..8b8b6b20f 100644 --- a/docs/content/contributing/submitting-issues.md +++ b/docs/content/contributing/submitting-issues.md @@ -29,7 +29,7 @@ Explain us in which conditions you encountered the issue, what is your context. Remain as clear and concise as possible Take time to polish the format of your message so we'll enjoy reading it and working on it. -Help the readers focus on what matters, and help them understand the structure of your message (see the [Github Markdown Syntax](https://help.github.com/articles/github-flavored-markdown)). +Help the readers focus on what matters, and help them understand the structure of your message (see the [GitHub Markdown Syntax](https://docs.github.com/en/get-started/writing-on-github)). ## Feature Request diff --git a/docs/scripts/verify.sh b/docs/scripts/verify.sh index 0e63efdfa..99ca0083d 100755 --- a/docs/scripts/verify.sh +++ b/docs/scripts/verify.sh @@ -22,7 +22,7 @@ find "${PATH_TO_SITE}" -type f -not -path "/app/site/theme/*" \ --alt_ignore="/traefikproxy-vertical-logo-color.svg/" \ --http_status_ignore="0,500,501,503" \ --file_ignore="/404.html/" \ - --url_ignore="/https://groups.google.com/a/traefik.io/forum/#!forum/security/,/localhost:/,/127.0.0.1:/,/fonts.gstatic.com/,/.minikube/,/github.com\/traefik\/traefik\/*edit*/,/github.com\/traefik\/traefik/,/doc.traefik.io/,/github\.com\/golang\/oauth2\/blob\/36a7019397c4c86cf59eeab3bc0d188bac444277\/.+/,/www.akamai.com/,/pilot.traefik.io\/profile/,/traefik.io/,/doc.traefik.io\/traefik-mesh/,/www.mkdocs.org/,/squidfunk.github.io/,/ietf.org/,/www.namesilo.com/,/www.youtube.com/,/www.linode.com/,/www.alibabacloud.com/,/www.cloudxns.net/,/www.vultr.com/,/vscale.io/,/hetzner.com/" \ + --url_ignore="/https://groups.google.com/a/traefik.io/forum/#!forum/security/,/localhost:/,/127.0.0.1:/,/fonts.gstatic.com/,/.minikube/,/github.com\/traefik\/traefik\/*edit*/,/github.com\/traefik\/traefik/,/doc.traefik.io/,/github\.com\/golang\/oauth2\/blob\/36a7019397c4c86cf59eeab3bc0d188bac444277\/.+/,/www.akamai.com/,/pilot.traefik.io\/profile/,/traefik.io/,/doc.traefik.io\/traefik-mesh/,/www.mkdocs.org/,/squidfunk.github.io/,/ietf.org/,/www.namesilo.com/,/www.youtube.com/,/www.linode.com/,/www.alibabacloud.com/,/www.cloudxns.net/,/www.vultr.com/,/vscale.io/,/hetzner.com/,/docs.github.com/" \ '{}' 1>/dev/null ## HTML-proofer options at https://github.com/gjtorikian/html-proofer#configuration From 55cef21fbe81d5cac191f9c703f50bca38f530b6 Mon Sep 17 00:00:00 2001 From: Major Hayden Date: Fri, 15 Apr 2022 05:16:08 -0500 Subject: [PATCH 14/25] Move accessLog.fields example to TOML section --- docs/content/observability/access-logs.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/content/observability/access-logs.md b/docs/content/observability/access-logs.md index b43fde0c0..36e19b6d9 100644 --- a/docs/content/observability/access-logs.md +++ b/docs/content/observability/access-logs.md @@ -135,9 +135,6 @@ Each field can be set to: The `defaultMode` for `fields.headers` is `drop`. - [accessLog.fields] - defaultMode = "keep" - ```yaml tab="File (YAML)" # Limiting the Logs to Specific Fields accessLog: @@ -161,6 +158,9 @@ accessLog: filePath = "/path/to/access.log" format = "json" + [accessLog.fields] + defaultMode = "keep" + [accessLog.fields.names] "ClientUsername" = "drop" From 78822a80156bb1e5043fc2ef45f21f80d33555ee Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Aleks=20Vuji=C4=87?= Date: Fri, 15 Apr 2022 12:48:08 +0200 Subject: [PATCH 15/25] docs: add default mode for fields.names to access log --- docs/content/observability/access-logs.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/docs/content/observability/access-logs.md b/docs/content/observability/access-logs.md index 36e19b6d9..56387a30e 100644 --- a/docs/content/observability/access-logs.md +++ b/docs/content/observability/access-logs.md @@ -133,6 +133,8 @@ Each field can be set to: - `drop` to drop the value - `redact` to replace the value with "redacted" +The `defaultMode` for `fields.names` is `keep`. + The `defaultMode` for `fields.headers` is `drop`. ```yaml tab="File (YAML)" From 85b0a47fe82812150d687557ed0f87bcea27165e Mon Sep 17 00:00:00 2001 From: kahirokunn Date: Fri, 15 Apr 2022 20:52:08 +0900 Subject: [PATCH 16/25] docs: fix certificateRefs in dynamic configuration --- .../dynamic-configuration/kubernetes-gateway-resource.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/content/reference/dynamic-configuration/kubernetes-gateway-resource.yml b/docs/content/reference/dynamic-configuration/kubernetes-gateway-resource.yml index 74ebef030..55c394456 100644 --- a/docs/content/reference/dynamic-configuration/kubernetes-gateway-resource.yml +++ b/docs/content/reference/dynamic-configuration/kubernetes-gateway-resource.yml @@ -39,9 +39,9 @@ spec: port: 9443 hostname: example.com tls: - - certificateRefs: - - kind: Secret - name: mysecret + certificateRefs: + - kind: Secret + name: mysecret --- apiVersion: gateway.networking.k8s.io/v1alpha2 From ffdd693ff616290ee6f52f2bd27ca69ca532b012 Mon Sep 17 00:00:00 2001 From: Mathias Zeller <62462901+matoubidou@users.noreply.github.com> Date: Fri, 15 Apr 2022 15:12:08 +0200 Subject: [PATCH 17/25] codegen: fix for users with large uids --- script/codegen.Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/script/codegen.Dockerfile b/script/codegen.Dockerfile index 0fafcc942..7915cb798 100644 --- a/script/codegen.Dockerfile +++ b/script/codegen.Dockerfile @@ -3,7 +3,7 @@ FROM golang:1.17 ARG USER=$USER ARG UID=$UID ARG GID=$GID -RUN useradd -m ${USER} --uid=${UID} && echo "${USER}:" chpasswd +RUN useradd -l -m ${USER} --uid=${UID} && echo "${USER}:" chpasswd USER ${UID}:${GID} ARG KUBE_VERSION From 7c4bf602f048e35ac69de4140f6e3f9ea919a781 Mon Sep 17 00:00:00 2001 From: Ludovic Fernandez Date: Fri, 15 Apr 2022 15:44:08 +0200 Subject: [PATCH 18/25] Add title and description metadata to documentation pages --- docs/.markdownlint.json | 1 + docs/content/contributing/advocating.md | 5 +++++ docs/content/contributing/building-testing.md | 5 +++++ docs/content/contributing/data-collection.md | 5 +++++ docs/content/contributing/documentation.md | 5 +++++ docs/content/contributing/maintainers-guidelines.md | 5 +++++ docs/content/contributing/maintainers.md | 5 +++++ docs/content/contributing/submitting-issues.md | 5 +++++ docs/content/contributing/submitting-pull-requests.md | 5 +++++ docs/content/contributing/submitting-security-issues.md | 5 +++++ docs/content/contributing/thank-you.md | 5 +++++ docs/content/getting-started/concepts.md | 5 +++++ docs/content/getting-started/configuration-overview.md | 5 +++++ docs/content/getting-started/faq.md | 5 +++++ docs/content/getting-started/install-traefik.md | 5 +++++ docs/content/getting-started/quick-start.md | 5 +++++ docs/content/https/acme.md | 5 +++++ docs/content/https/overview.md | 5 +++++ docs/content/https/tls.md | 5 +++++ docs/content/index.md | 4 ++++ docs/content/middlewares/http/addprefix.md | 5 +++++ docs/content/middlewares/http/basicauth.md | 5 +++++ docs/content/middlewares/http/buffering.md | 5 +++++ docs/content/middlewares/http/chain.md | 5 +++++ docs/content/middlewares/http/circuitbreaker.md | 5 +++++ docs/content/middlewares/http/compress.md | 7 ++++++- docs/content/middlewares/http/contenttype.md | 5 +++++ docs/content/middlewares/http/digestauth.md | 5 +++++ docs/content/middlewares/http/errorpages.md | 5 +++++ docs/content/middlewares/http/forwardauth.md | 5 +++++ docs/content/middlewares/http/headers.md | 5 +++++ docs/content/middlewares/http/inflightreq.md | 5 +++++ docs/content/middlewares/http/ipwhitelist.md | 5 +++++ docs/content/middlewares/http/overview.md | 5 +++++ docs/content/middlewares/http/passtlsclientcert.md | 5 +++++ docs/content/middlewares/http/ratelimit.md | 5 +++++ docs/content/middlewares/http/redirectregex.md | 5 +++++ docs/content/middlewares/http/redirectscheme.md | 5 +++++ docs/content/middlewares/http/replacepath.md | 5 +++++ docs/content/middlewares/http/replacepathregex.md | 5 +++++ docs/content/middlewares/http/retry.md | 5 +++++ docs/content/middlewares/http/stripprefix.md | 5 +++++ docs/content/middlewares/http/stripprefixregex.md | 5 +++++ docs/content/middlewares/overview.md | 5 +++++ docs/content/middlewares/tcp/ipwhitelist.md | 5 +++++ docs/content/middlewares/tcp/overview.md | 5 +++++ docs/content/migration/v1-to-v2.md | 5 +++++ docs/content/migration/v2.md | 5 +++++ docs/content/observability/access-logs.md | 5 +++++ docs/content/observability/logs.md | 5 +++++ docs/content/observability/metrics/datadog.md | 5 +++++ docs/content/observability/metrics/influxdb.md | 5 +++++ docs/content/observability/metrics/overview.md | 5 +++++ docs/content/observability/metrics/prometheus.md | 5 +++++ docs/content/observability/metrics/statsd.md | 5 +++++ docs/content/observability/tracing/datadog.md | 5 +++++ docs/content/observability/tracing/elastic.md | 5 +++++ docs/content/observability/tracing/haystack.md | 5 +++++ docs/content/observability/tracing/instana.md | 5 +++++ docs/content/observability/tracing/jaeger.md | 5 +++++ docs/content/observability/tracing/overview.md | 5 +++++ docs/content/observability/tracing/zipkin.md | 5 +++++ docs/content/operations/api.md | 5 +++++ docs/content/operations/cli.md | 5 +++++ docs/content/operations/dashboard.md | 5 +++++ docs/content/operations/ping.md | 5 +++++ docs/content/plugins/index.md | 5 +++++ docs/content/providers/consul-catalog.md | 5 +++++ docs/content/providers/consul.md | 5 +++++ docs/content/providers/docker.md | 5 +++++ docs/content/providers/ecs.md | 5 +++++ docs/content/providers/etcd.md | 5 +++++ docs/content/providers/file.md | 5 +++++ docs/content/providers/http.md | 5 +++++ docs/content/providers/kubernetes-crd.md | 5 +++++ docs/content/providers/kubernetes-gateway.md | 5 +++++ docs/content/providers/kubernetes-ingress.md | 5 +++++ docs/content/providers/marathon.md | 5 +++++ docs/content/providers/overview.md | 5 +++++ docs/content/providers/rancher.md | 5 +++++ docs/content/providers/redis.md | 5 +++++ docs/content/providers/zookeeper.md | 5 +++++ .../reference/dynamic-configuration/consul-catalog.md | 5 +++++ docs/content/reference/dynamic-configuration/docker.md | 5 +++++ docs/content/reference/dynamic-configuration/ecs.md | 5 +++++ docs/content/reference/dynamic-configuration/file.md | 5 +++++ .../reference/dynamic-configuration/kubernetes-crd.md | 5 +++++ .../reference/dynamic-configuration/kubernetes-gateway.md | 5 +++++ docs/content/reference/dynamic-configuration/kv.md | 5 +++++ docs/content/reference/dynamic-configuration/marathon.md | 5 +++++ docs/content/reference/dynamic-configuration/rancher.md | 5 +++++ docs/content/reference/static-configuration/cli.md | 5 +++++ docs/content/reference/static-configuration/env.md | 5 +++++ docs/content/reference/static-configuration/file.md | 5 +++++ docs/content/reference/static-configuration/overview.md | 5 +++++ docs/content/routing/entrypoints.md | 5 +++++ docs/content/routing/overview.md | 5 +++++ docs/content/routing/providers/consul-catalog.md | 5 +++++ docs/content/routing/providers/docker.md | 5 +++++ docs/content/routing/providers/ecs.md | 5 +++++ docs/content/routing/providers/kubernetes-crd.md | 5 +++++ docs/content/routing/providers/kubernetes-gateway.md | 5 +++++ docs/content/routing/providers/kubernetes-ingress.md | 5 +++++ docs/content/routing/providers/kv.md | 5 +++++ docs/content/routing/providers/marathon.md | 5 +++++ docs/content/routing/providers/rancher.md | 5 +++++ docs/content/routing/routers/index.md | 5 +++++ docs/content/routing/services/index.md | 5 +++++ docs/content/user-guides/crd-acme/index.md | 5 +++++ docs/content/user-guides/docker-compose/acme-dns/index.md | 5 +++++ docs/content/user-guides/docker-compose/acme-http/index.md | 7 ++++++- docs/content/user-guides/docker-compose/acme-tls/index.md | 5 +++++ .../user-guides/docker-compose/basic-example/index.md | 5 +++++ docs/content/user-guides/grpc.md | 5 +++++ docs/content/user-guides/marathon.md | 5 +++++ docs/mkdocs.yml | 1 + 116 files changed, 573 insertions(+), 2 deletions(-) diff --git a/docs/.markdownlint.json b/docs/.markdownlint.json index 79b1ce5ec..1ca65f278 100644 --- a/docs/.markdownlint.json +++ b/docs/.markdownlint.json @@ -4,6 +4,7 @@ "MD009": false, "MD013": false, "MD024": false, + "MD025": false, "MD026": false, "MD033": false, "MD034": false, diff --git a/docs/content/contributing/advocating.md b/docs/content/contributing/advocating.md index 22083ee46..94870100e 100644 --- a/docs/content/contributing/advocating.md +++ b/docs/content/contributing/advocating.md @@ -1,3 +1,8 @@ +--- +title: "Traefik Advocation Documentation" +description: "There are many ways to contribute to Traefik Proxy. If you're talking about Traefik, let us know and we'll promote your enthusiasm!" +--- + # Advocating Spread the Love & Tell Us about It diff --git a/docs/content/contributing/building-testing.md b/docs/content/contributing/building-testing.md index 0a3a9bdce..8ad94dcc6 100644 --- a/docs/content/contributing/building-testing.md +++ b/docs/content/contributing/building-testing.md @@ -1,3 +1,8 @@ +--- +title: "Traefik Building & Testing Documentation" +description: "Compile and test your own Traefik Proxy! Learn how to build your own Traefik binary from the sources, and read the technical documentation." +--- + # Building and Testing Compile and Test Your Own Traefik! diff --git a/docs/content/contributing/data-collection.md b/docs/content/contributing/data-collection.md index c230a23e7..cb047d8fe 100644 --- a/docs/content/contributing/data-collection.md +++ b/docs/content/contributing/data-collection.md @@ -1,3 +1,8 @@ +--- +title: "Traefik Data Collection Documentation" +description: "To learn more about how Traefik is being used and improve it, we collect anonymous usage statistics from running instances. Read the technical documentation." +--- + # Data Collection Understanding How Traefik is Being Used diff --git a/docs/content/contributing/documentation.md b/docs/content/contributing/documentation.md index 7b735dd1d..ead44d0b3 100644 --- a/docs/content/contributing/documentation.md +++ b/docs/content/contributing/documentation.md @@ -1,3 +1,8 @@ +--- +title: "Traefik Contribution Documentation" +description: "Found something unclear in the Traefik Proxy documentation and want to give a try at explaining it better? Read the guide to building documentation." +--- + # Documentation Features Are Better When You Know How to Use Them diff --git a/docs/content/contributing/maintainers-guidelines.md b/docs/content/contributing/maintainers-guidelines.md index 671eb11c7..a22991807 100644 --- a/docs/content/contributing/maintainers-guidelines.md +++ b/docs/content/contributing/maintainers-guidelines.md @@ -1,3 +1,8 @@ +--- +title: "Traefik Maintainer's Guidelines Documentation" +description: "Interested in contributing more to the community and becoming a Traefik Proxy maintainer? Read the guide to becoming a part of the core team." +--- + # Maintainer's Guidelines ![Maintainer's Guidelines](../assets/img/maintainers-guidelines.png) diff --git a/docs/content/contributing/maintainers.md b/docs/content/contributing/maintainers.md index 3a595dffe..eee5ec69a 100644 --- a/docs/content/contributing/maintainers.md +++ b/docs/content/contributing/maintainers.md @@ -1,3 +1,8 @@ +--- +title: "Traefik Maintainers Documentation" +description: "Traefik Proxy is an open source software with a thriving community of contributors and maintainers. Read the list of maintainers on this page." +--- + # Maintainers ## The Team diff --git a/docs/content/contributing/submitting-issues.md b/docs/content/contributing/submitting-issues.md index 8b8b6b20f..6bcb42679 100644 --- a/docs/content/contributing/submitting-issues.md +++ b/docs/content/contributing/submitting-issues.md @@ -1,3 +1,8 @@ +--- +title: "Traefik Submitting Issues Documentation" +description: "Help us help you! Learn how to submit an issue, following the guidelines, so the Traefik Proxy team can help. Read the technical documentation." +--- + # Submitting Issues Help Us Help You! diff --git a/docs/content/contributing/submitting-pull-requests.md b/docs/content/contributing/submitting-pull-requests.md index 4bec80a78..835482189 100644 --- a/docs/content/contributing/submitting-pull-requests.md +++ b/docs/content/contributing/submitting-pull-requests.md @@ -1,3 +1,8 @@ +--- +title: "Traefik Pull Requests Documentation" +description: "Looking to contribute to Traefik Proxy? This guide will show you the guidelines for submitting a PR in our contributors guide repository." +--- + # Submitting Pull Requests A Quick Guide for Efficient Contributions diff --git a/docs/content/contributing/submitting-security-issues.md b/docs/content/contributing/submitting-security-issues.md index be3187ed1..71bbd7724 100644 --- a/docs/content/contributing/submitting-security-issues.md +++ b/docs/content/contributing/submitting-security-issues.md @@ -1,3 +1,8 @@ +--- +title: "Traefik Security Documentation" +description: "Security is a key part of Traefik Proxy. Read the technical documentation to learn about security advisories, CVE, and how to report a vulnerability." +--- + # Security ## Security Advisories diff --git a/docs/content/contributing/thank-you.md b/docs/content/contributing/thank-you.md index 55411ef4f..e5d7dda61 100644 --- a/docs/content/contributing/thank-you.md +++ b/docs/content/contributing/thank-you.md @@ -1,3 +1,8 @@ +--- +title: "Traefik Contribution Documentation" +description: "Thank you to all those who have contributed! Traefik Proxy is an open-source project that thrives with the support of our passionate community." +--- + # Thank You! _You_ Made It diff --git a/docs/content/getting-started/concepts.md b/docs/content/getting-started/concepts.md index 94baed8e5..fb5066927 100644 --- a/docs/content/getting-started/concepts.md +++ b/docs/content/getting-started/concepts.md @@ -1,3 +1,8 @@ +--- +title: "Traefik Concepts Documentation" +description: "Get started with Traefik Proxy. Read the technical documentation for an introduction into the key concepts behind our open source edge router." +--- + # Concepts Everything You Need to Know diff --git a/docs/content/getting-started/configuration-overview.md b/docs/content/getting-started/configuration-overview.md index a44c9a396..4f68bc9f8 100644 --- a/docs/content/getting-started/configuration-overview.md +++ b/docs/content/getting-started/configuration-overview.md @@ -1,3 +1,8 @@ +--- +title: "Traefik Configuration Documentation" +description: "Get started with Traefik Proxy. This page will introduce you to the dynamic routing and startup configurations. Read the technical documentation." +--- + # Configuration Introduction How the Magic Happens diff --git a/docs/content/getting-started/faq.md b/docs/content/getting-started/faq.md index 4bb9b2fec..087504452 100644 --- a/docs/content/getting-started/faq.md +++ b/docs/content/getting-started/faq.md @@ -1,3 +1,8 @@ +--- +title: "Traefik Getting Started FAQ" +description: "Check out our FAQ page for answers to commonly asked questions on getting started with Traefik Proxy. Read the technical documentation." +--- + # FAQ ## Why is Traefik Answering `XXX` HTTP Response Status Code? diff --git a/docs/content/getting-started/install-traefik.md b/docs/content/getting-started/install-traefik.md index 6a55f5d48..63791b002 100644 --- a/docs/content/getting-started/install-traefik.md +++ b/docs/content/getting-started/install-traefik.md @@ -1,3 +1,8 @@ +--- +title: "Traefik Installation Documentation" +description: "There are several flavors to choose from when installing Traefik Proxy. Get started with Traefik Proxy, and read the technical documentation." +--- + # Install Traefik You can install Traefik with the following flavors: diff --git a/docs/content/getting-started/quick-start.md b/docs/content/getting-started/quick-start.md index 61fe21299..b003f93fc 100644 --- a/docs/content/getting-started/quick-start.md +++ b/docs/content/getting-started/quick-start.md @@ -1,3 +1,8 @@ +--- +title: "Traefik Getting Started Quickly" +description: "Looking to get started with Traefik Proxy quickly? Read the technical documentation to learn a simple use case that leverages Docker." +--- + # Quick Start A Simple Use Case Using Docker diff --git a/docs/content/https/acme.md b/docs/content/https/acme.md index 6cd060aba..15ba25dcb 100644 --- a/docs/content/https/acme.md +++ b/docs/content/https/acme.md @@ -1,3 +1,8 @@ +--- +title: "Traefik Let's Encrypt Documentation" +description: "Learn how to configure Traefik Proxy to use an ACME provider like Let's Encrypt for automatic certificate generation. Read the technical documentation." +--- + # Let's Encrypt Automatic HTTPS diff --git a/docs/content/https/overview.md b/docs/content/https/overview.md index d03950388..26e147ca2 100644 --- a/docs/content/https/overview.md +++ b/docs/content/https/overview.md @@ -1,3 +1,8 @@ +--- +title: "Traefik Proxy HTTPS & TLS Overview |Traefik Docs" +description: "Traefik supports HTTPS & TLS, which concerns roughly two parts of the configuration: routers, and the TLS connection. Read the documentation to learn more." +--- + # HTTPS & TLS Overview diff --git a/docs/content/https/tls.md b/docs/content/https/tls.md index 43ecbeb06..f49d1f0e9 100644 --- a/docs/content/https/tls.md +++ b/docs/content/https/tls.md @@ -1,3 +1,8 @@ +--- +title: "Traefik TLS Documentation" +description: "Learn how to configure the transport layer security (TLS) connection in Traefik Proxy. Read the technical documentation." +--- + # TLS Transport Layer Security diff --git a/docs/content/index.md b/docs/content/index.md index 112b90df4..e03c5b656 100644 --- a/docs/content/index.md +++ b/docs/content/index.md @@ -1,3 +1,7 @@ +--- +title: "Traefik Proxy Documentation" +description: "Traefik Proxy, an open source Edge Router, auto-discovers configurations and supports major orchestrators, like Kubernetes. Read the technical documentation." +--- # Welcome diff --git a/docs/content/middlewares/http/addprefix.md b/docs/content/middlewares/http/addprefix.md index 5e888785c..9f909aa8f 100644 --- a/docs/content/middlewares/http/addprefix.md +++ b/docs/content/middlewares/http/addprefix.md @@ -1,3 +1,8 @@ +--- +title: "Traefik AddPrefix Documentation" +description: "Learn how to implement the HTTP AddPrefix middleware in Traefik Proxy to updates request paths before being forwarded. Read the technical documentation." +--- + # Add Prefix Prefixing the Path diff --git a/docs/content/middlewares/http/basicauth.md b/docs/content/middlewares/http/basicauth.md index a80886ced..c9ef0e212 100644 --- a/docs/content/middlewares/http/basicauth.md +++ b/docs/content/middlewares/http/basicauth.md @@ -1,3 +1,8 @@ +--- +title: "Traefik BasicAuth Documentation" +description: "The HTTP basic authentication (BasicAuth) middleware in Traefik Proxy restricts access to your Services to known users. Read the technical documentation." +--- + # BasicAuth Adding Basic Authentication diff --git a/docs/content/middlewares/http/buffering.md b/docs/content/middlewares/http/buffering.md index d2e67e24a..7610e2d81 100644 --- a/docs/content/middlewares/http/buffering.md +++ b/docs/content/middlewares/http/buffering.md @@ -1,3 +1,8 @@ +--- +title: "Traefik Buffering Documentation" +description: "The HTTP buffering middleware in Traefik Proxy limits the size of requests that can be forwarded to Services. Read the technical documentation." +--- + # Buffering How to Read the Request before Forwarding It diff --git a/docs/content/middlewares/http/chain.md b/docs/content/middlewares/http/chain.md index ff61d18ee..3fc06d26b 100644 --- a/docs/content/middlewares/http/chain.md +++ b/docs/content/middlewares/http/chain.md @@ -1,3 +1,8 @@ +--- +title: "Traefik Command Line Documentation" +description: "The HTTP chain middleware lets you define reusable combinations of other middleware, to reuse the same groups. Read the technical documentation." +--- + # Chain When One Isn't Enough diff --git a/docs/content/middlewares/http/circuitbreaker.md b/docs/content/middlewares/http/circuitbreaker.md index daa3c5a0c..d7282d672 100644 --- a/docs/content/middlewares/http/circuitbreaker.md +++ b/docs/content/middlewares/http/circuitbreaker.md @@ -1,3 +1,8 @@ +--- +title: "Traefik CircuitBreaker Documentation" +description: "The HTTP circuit breaker in Traefik Proxy prevents stacking requests to unhealthy Services, resulting in cascading failures. Read the technical documentation." +--- + # CircuitBreaker Don't Waste Time Calling Unhealthy Services diff --git a/docs/content/middlewares/http/compress.md b/docs/content/middlewares/http/compress.md index 95e1268b9..53c39ca62 100644 --- a/docs/content/middlewares/http/compress.md +++ b/docs/content/middlewares/http/compress.md @@ -1,3 +1,8 @@ +--- +title: "Traefik Compress Documentation" +description: "Traefik Proxy's HTTP middleware lets you compress responses before sending them to the client. Read the technical documentation." +--- + # Compress Compress Responses before Sending them to the Client @@ -173,4 +178,4 @@ http: [http.middlewares] [http.middlewares.test-compress.compress] minResponseBodyBytes = 1200 -``` \ No newline at end of file +``` diff --git a/docs/content/middlewares/http/contenttype.md b/docs/content/middlewares/http/contenttype.md index 2d738759c..252a3fda6 100644 --- a/docs/content/middlewares/http/contenttype.md +++ b/docs/content/middlewares/http/contenttype.md @@ -1,3 +1,8 @@ +--- +title: "Traefik ContentType Documentation" +description: "Traefik Proxy's HTTP middleware can automatically specify the content-type header if it has not been defined by the backend. Read the technical documentation." +--- + # ContentType Handling Content-Type auto-detection diff --git a/docs/content/middlewares/http/digestauth.md b/docs/content/middlewares/http/digestauth.md index 2a0904724..14e3982b5 100644 --- a/docs/content/middlewares/http/digestauth.md +++ b/docs/content/middlewares/http/digestauth.md @@ -1,3 +1,8 @@ +--- +title: "Traefik DigestAuth Documentation" +description: "Traefik Proxy's HTTP DigestAuth middleware restricts access to your services to known users. Read the technical documentation." +--- + # DigestAuth Adding Digest Authentication diff --git a/docs/content/middlewares/http/errorpages.md b/docs/content/middlewares/http/errorpages.md index b1751ca33..25d3e508d 100644 --- a/docs/content/middlewares/http/errorpages.md +++ b/docs/content/middlewares/http/errorpages.md @@ -1,3 +1,8 @@ +--- +title: "Traefik ErrorPage Documentation" +description: "In Traefik Proxy, the ErrorPage middleware returns custom pages according to configured ranges of HTTP Status codes. Read the technical documentation." +--- + # ErrorPage It Has Never Been Easier to Say That Something Went Wrong diff --git a/docs/content/middlewares/http/forwardauth.md b/docs/content/middlewares/http/forwardauth.md index 6c81076b2..0d2d566f5 100644 --- a/docs/content/middlewares/http/forwardauth.md +++ b/docs/content/middlewares/http/forwardauth.md @@ -1,3 +1,8 @@ +--- +title: "Traefik ForwardAuth Documentation" +description: "In Traefik Proxy, the HTTP ForwardAuth middleware delegates authentication to an external Service. Read the technical documentation." +--- + # ForwardAuth Using an External Service to Forward Authentication diff --git a/docs/content/middlewares/http/headers.md b/docs/content/middlewares/http/headers.md index 7699b33fb..95ea5c3dc 100644 --- a/docs/content/middlewares/http/headers.md +++ b/docs/content/middlewares/http/headers.md @@ -1,3 +1,8 @@ +--- +title: "Traefik Headers Documentation" +description: "In Traefik Proxy, the HTTP headers middleware manages the headers of requests and responses. Read the technical documentation." +--- + # Headers Managing Request/Response headers diff --git a/docs/content/middlewares/http/inflightreq.md b/docs/content/middlewares/http/inflightreq.md index f2f76a3cb..b3712b148 100644 --- a/docs/content/middlewares/http/inflightreq.md +++ b/docs/content/middlewares/http/inflightreq.md @@ -1,3 +1,8 @@ +--- +title: "Traefik InFlightReq Documentation" +description: "Traefik Proxy's HTTP middleware lets you limit the number of simultaneous in-flight requests. Read the technical documentation." +--- + # InFlightReq Limiting the Number of Simultaneous In-Flight Requests diff --git a/docs/content/middlewares/http/ipwhitelist.md b/docs/content/middlewares/http/ipwhitelist.md index 5718a6438..3817b54d5 100644 --- a/docs/content/middlewares/http/ipwhitelist.md +++ b/docs/content/middlewares/http/ipwhitelist.md @@ -1,3 +1,8 @@ +--- +title: "Traefik HTTP Middlewares IPWhiteList" +description: "Learn how to use IPWhiteList in HTTP middleware for limiting clients to specific IPs in Traefik Proxy. Read the technical documentation." +--- + # IPWhiteList Limiting Clients to Specific IPs diff --git a/docs/content/middlewares/http/overview.md b/docs/content/middlewares/http/overview.md index 65350dc3a..cd358371a 100644 --- a/docs/content/middlewares/http/overview.md +++ b/docs/content/middlewares/http/overview.md @@ -1,3 +1,8 @@ +--- +title: "Traefik Proxy HTTP Middleware Overview" +description: "Read the official Traefik Proxy documentation for an overview of the available HTTP middleware." +--- + # HTTP Middlewares Controlling connections diff --git a/docs/content/middlewares/http/passtlsclientcert.md b/docs/content/middlewares/http/passtlsclientcert.md index 41269f68a..e38391912 100644 --- a/docs/content/middlewares/http/passtlsclientcert.md +++ b/docs/content/middlewares/http/passtlsclientcert.md @@ -1,3 +1,8 @@ +--- +title: "Traefik PassTLSClientCert Documentation" +description: "In Traefik Proxy's HTTP middleware, the PassTLSClientCert adds selected data from passed client TLS certificates to headers. Read the technical documentation." +--- + # PassTLSClientCert Adding Client Certificates in a Header diff --git a/docs/content/middlewares/http/ratelimit.md b/docs/content/middlewares/http/ratelimit.md index 7c8a45906..8d62afd9c 100644 --- a/docs/content/middlewares/http/ratelimit.md +++ b/docs/content/middlewares/http/ratelimit.md @@ -1,3 +1,8 @@ +--- +title: "Traefik RateLimit Documentation" +description: "Traefik Proxy's HTTP RateLimit middleware ensures Services receive fair amounts of requests. Read the technical documentation." +--- + # RateLimit To Control the Number of Requests Going to a Service diff --git a/docs/content/middlewares/http/redirectregex.md b/docs/content/middlewares/http/redirectregex.md index fce7d5f07..97d2d83e6 100644 --- a/docs/content/middlewares/http/redirectregex.md +++ b/docs/content/middlewares/http/redirectregex.md @@ -1,3 +1,8 @@ +--- +title: "Traefik RedirectRegex Documentation" +description: "In Traefik Proxy's HTTP middleware, RedirectRegex redirecting clients to different locations. Read the technical documentation." +--- + # RedirectRegex Redirecting the Client to a Different Location diff --git a/docs/content/middlewares/http/redirectscheme.md b/docs/content/middlewares/http/redirectscheme.md index e53c98fbe..2d4520867 100644 --- a/docs/content/middlewares/http/redirectscheme.md +++ b/docs/content/middlewares/http/redirectscheme.md @@ -1,3 +1,8 @@ +--- +title: "Traefik RedirectScheme Documentation" +description: "In Traefik Proxy's HTTP middleware, RedirectScheme redirects clients to different schemes/ports. Read the technical documentation." +--- + # RedirectScheme Redirecting the Client to a Different Scheme/Port diff --git a/docs/content/middlewares/http/replacepath.md b/docs/content/middlewares/http/replacepath.md index 7da144f1e..0617508e9 100644 --- a/docs/content/middlewares/http/replacepath.md +++ b/docs/content/middlewares/http/replacepath.md @@ -1,3 +1,8 @@ +--- +title: "Traefik ReplacePath Documentation" +description: "In Traefik Proxy's HTTP middleware, ReplacePath updates paths before forwarding requests. Read the technical documentation." +--- + # ReplacePath Updating the Path Before Forwarding the Request diff --git a/docs/content/middlewares/http/replacepathregex.md b/docs/content/middlewares/http/replacepathregex.md index 9862a308b..b729a30ab 100644 --- a/docs/content/middlewares/http/replacepathregex.md +++ b/docs/content/middlewares/http/replacepathregex.md @@ -1,3 +1,8 @@ +--- +title: "Traefik ReplacePathRegex Documentation" +description: "In Traefik Proxy's HTTP middleware, ReplacePathRegex updates paths before forwarding requests, using a regex. Read the technical documentation." +--- + # ReplacePathRegex Updating the Path Before Forwarding the Request (Using a Regex) diff --git a/docs/content/middlewares/http/retry.md b/docs/content/middlewares/http/retry.md index d5ef43c95..956bdc498 100644 --- a/docs/content/middlewares/http/retry.md +++ b/docs/content/middlewares/http/retry.md @@ -1,3 +1,8 @@ +--- +title: "Traefik HTTP Retry Documentation" +description: "Configure Traefik Proxy's HTTP Retry middleware, so you can retry requests to a backend server until it succeeds. Read the technical documentation." +--- + # Retry Retrying until it Succeeds diff --git a/docs/content/middlewares/http/stripprefix.md b/docs/content/middlewares/http/stripprefix.md index fc55fb444..23288008b 100644 --- a/docs/content/middlewares/http/stripprefix.md +++ b/docs/content/middlewares/http/stripprefix.md @@ -1,3 +1,8 @@ +--- +title: "Traefik StripPrefix Documentation" +description: "In Traefik Proxy's HTTP middleware, StripPrefix removes prefixes from paths before forwarding requests. Read the technical documentation." +--- + # StripPrefix Removing Prefixes From the Path Before Forwarding the Request diff --git a/docs/content/middlewares/http/stripprefixregex.md b/docs/content/middlewares/http/stripprefixregex.md index 74bfebba9..d560a5d12 100644 --- a/docs/content/middlewares/http/stripprefixregex.md +++ b/docs/content/middlewares/http/stripprefixregex.md @@ -1,3 +1,8 @@ +--- +title: "Traefik StripPrefixRegex Documentation" +description: "In Traefik Proxy's HTTP middleware, StripPrefixRegex removes prefixes from paths before forwarding requests, using regex. Read the technical documentation." +--- + # StripPrefixRegex Removing Prefixes From the Path Before Forwarding the Request (Using a Regex) diff --git a/docs/content/middlewares/overview.md b/docs/content/middlewares/overview.md index e48e2cfe8..fad2221a6 100644 --- a/docs/content/middlewares/overview.md +++ b/docs/content/middlewares/overview.md @@ -1,3 +1,8 @@ +--- +title: "Traefik Proxy Middleware Overview" +description: "There are several available middleware in Traefik Proxy used to modify requests or headers, take charge of redirections, add authentication, and so on." +--- + # Middlewares Tweaking the Request diff --git a/docs/content/middlewares/tcp/ipwhitelist.md b/docs/content/middlewares/tcp/ipwhitelist.md index f8a613673..857d72bc7 100644 --- a/docs/content/middlewares/tcp/ipwhitelist.md +++ b/docs/content/middlewares/tcp/ipwhitelist.md @@ -1,3 +1,8 @@ +--- +title: "Traefik TCP Middlewares IPWhiteList" +description: "Learn how to use IPWhiteList in TCP middleware for limiting clients to specific IPs in Traefik Proxy. Read the technical documentation." +--- + # IPWhiteList Limiting Clients to Specific IPs diff --git a/docs/content/middlewares/tcp/overview.md b/docs/content/middlewares/tcp/overview.md index 8fc5f4919..682dbe0f0 100644 --- a/docs/content/middlewares/tcp/overview.md +++ b/docs/content/middlewares/tcp/overview.md @@ -1,3 +1,8 @@ +--- +title: "Traefik Proxy TCP Middleware Overview" +description: "Read the official Traefik Proxy documentation for an overview of the available TCP middleware." +--- + # TCP Middlewares Controlling connections diff --git a/docs/content/migration/v1-to-v2.md b/docs/content/migration/v1-to-v2.md index db447b055..2109fe8e3 100644 --- a/docs/content/migration/v1-to-v2.md +++ b/docs/content/migration/v1-to-v2.md @@ -1,3 +1,8 @@ +--- +title: "Traefik V2 Migration Documentation" +description: "Migrate from Traefik Proxy v1 to v2 and update all the necessary configurations to take advantage of all the improvements. Read the technical documentation." +--- + # Migration Guide: From v1 to v2 How to Migrate from Traefik v1 to Traefik v2. diff --git a/docs/content/migration/v2.md b/docs/content/migration/v2.md index 95b3b636a..fa5b87112 100644 --- a/docs/content/migration/v2.md +++ b/docs/content/migration/v2.md @@ -1,3 +1,8 @@ +--- +title: "Traefik Migration Documentation" +description: "Learn the steps needed to migrate to new Traefik Proxy v2 versions, i.e. v2.0 to v2.1 or v2.1 to v2.2. Read the technical documentation." +--- + # Migration: Steps needed between the versions ## v2.0 to v2.1 diff --git a/docs/content/observability/access-logs.md b/docs/content/observability/access-logs.md index 56387a30e..243c649d2 100644 --- a/docs/content/observability/access-logs.md +++ b/docs/content/observability/access-logs.md @@ -1,3 +1,8 @@ +--- +title: "Traefik Access Logs Documentation" +description: "Access logs are a key part of observability in Traefik Proxy. Read the technical documentation to learn their configurations, rotations, and time zones." +--- + # Access Logs Who Calls Whom? diff --git a/docs/content/observability/logs.md b/docs/content/observability/logs.md index 2c77dea39..e1beea2a5 100644 --- a/docs/content/observability/logs.md +++ b/docs/content/observability/logs.md @@ -1,3 +1,8 @@ +--- +title: "Traefik Logs Documentation" +description: "Logs are a key part of observability in Traefik Proxy. Read the technical documentation to learn their configurations, rotations, and time zones." +--- + # Logs Reading What's Happening diff --git a/docs/content/observability/metrics/datadog.md b/docs/content/observability/metrics/datadog.md index 326311293..00a5d6c9f 100644 --- a/docs/content/observability/metrics/datadog.md +++ b/docs/content/observability/metrics/datadog.md @@ -1,3 +1,8 @@ +--- +title: "Traefik Datadog Metrics Documentation" +description: "Traefik Proxy supports Datadog for backend metrics. Read the technical documentation to enable Datadog for observability." +--- + # Datadog To enable the Datadog: diff --git a/docs/content/observability/metrics/influxdb.md b/docs/content/observability/metrics/influxdb.md index 1cdc8d89e..0eb05e23c 100644 --- a/docs/content/observability/metrics/influxdb.md +++ b/docs/content/observability/metrics/influxdb.md @@ -1,3 +1,8 @@ +--- +title: "Traefik InfluxDB Documentation" +description: "Traefik supports several metrics backends, including InfluxDB. Learn how to implement it for observability in Traefik Proxy. Read the technical documentation." +--- + # InfluxDB To enable the InfluxDB: diff --git a/docs/content/observability/metrics/overview.md b/docs/content/observability/metrics/overview.md index 0d1eae97a..000adf352 100644 --- a/docs/content/observability/metrics/overview.md +++ b/docs/content/observability/metrics/overview.md @@ -1,3 +1,8 @@ +--- +title: "Traefik Metrics Overview" +description: "Traefik Proxy supports four metrics backend systems: Datadog, InfluxDB, Prometheus, and StatsD. Read the full documentation to get started." +--- + # Metrics Traefik supports 4 metrics backends: diff --git a/docs/content/observability/metrics/prometheus.md b/docs/content/observability/metrics/prometheus.md index 012f1be9b..da7f73773 100644 --- a/docs/content/observability/metrics/prometheus.md +++ b/docs/content/observability/metrics/prometheus.md @@ -1,3 +1,8 @@ +--- +title: "Traefik Prometheus Documentation" +description: "Traefik supports several metrics backends, including Prometheus. Learn how to implement it for observability in Traefik Proxy. Read the technical documentation." +--- + # Prometheus To enable the Prometheus: diff --git a/docs/content/observability/metrics/statsd.md b/docs/content/observability/metrics/statsd.md index cde0126b2..79472dd06 100644 --- a/docs/content/observability/metrics/statsd.md +++ b/docs/content/observability/metrics/statsd.md @@ -1,3 +1,8 @@ +--- +title: "Traefik StatsD Documentation" +description: "Traefik supports several metrics backends, including StatsD. Learn how to implement it for observability in Traefik Proxy. Read the technical documentation." +--- + # StatsD To enable the Statsd: diff --git a/docs/content/observability/tracing/datadog.md b/docs/content/observability/tracing/datadog.md index e325299d2..4aa448318 100644 --- a/docs/content/observability/tracing/datadog.md +++ b/docs/content/observability/tracing/datadog.md @@ -1,3 +1,8 @@ +--- +title: "Traefik Datadog Tracing Documentation" +description: "Traefik Proxy supports Datadog for tracing. Read the technical documentation to enable Datadog for observability." +--- + # Datadog To enable the Datadog tracer: diff --git a/docs/content/observability/tracing/elastic.md b/docs/content/observability/tracing/elastic.md index ad73b230c..0cb0dccee 100644 --- a/docs/content/observability/tracing/elastic.md +++ b/docs/content/observability/tracing/elastic.md @@ -1,3 +1,8 @@ +--- +title: "Traefik Elastic Documentation" +description: "Traefik supports several tracing backends, including Elastic. Learn how to implement it for observability in Traefik Proxy. Read the technical documentation." +--- + # Elastic To enable the Elastic tracer: diff --git a/docs/content/observability/tracing/haystack.md b/docs/content/observability/tracing/haystack.md index ebbbfa478..af9945ed7 100644 --- a/docs/content/observability/tracing/haystack.md +++ b/docs/content/observability/tracing/haystack.md @@ -1,3 +1,8 @@ +--- +title: "Traefik Haystack Documentation" +description: "Traefik supports several tracing backends, including Haystack. Learn how to implement it for observability in Traefik Proxy. Read the technical documentation." +--- + # Haystack To enable the Haystack tracer: diff --git a/docs/content/observability/tracing/instana.md b/docs/content/observability/tracing/instana.md index f53f64de5..914d9d3f4 100644 --- a/docs/content/observability/tracing/instana.md +++ b/docs/content/observability/tracing/instana.md @@ -1,3 +1,8 @@ +--- +title: "Traefik Instana Documentation" +description: "Traefik supports several tracing backends, including Instana. Learn how to implement it for observability in Traefik Proxy. Read the technical documentation." +--- + # Instana To enable the Instana tracer: diff --git a/docs/content/observability/tracing/jaeger.md b/docs/content/observability/tracing/jaeger.md index 67681f60a..d40ffed6d 100644 --- a/docs/content/observability/tracing/jaeger.md +++ b/docs/content/observability/tracing/jaeger.md @@ -1,3 +1,8 @@ +--- +title: "Traefik Jaeger Documentation" +description: "Traefik supports several tracing backends, including Jaeger. Learn how to implement it for observability in Traefik Proxy. Read the technical documentation." +--- + # Jaeger To enable the Jaeger tracer: diff --git a/docs/content/observability/tracing/overview.md b/docs/content/observability/tracing/overview.md index 17f6a522a..73504a140 100644 --- a/docs/content/observability/tracing/overview.md +++ b/docs/content/observability/tracing/overview.md @@ -1,3 +1,8 @@ +--- +title: "Traefik Tracing Overview" +description: "The Traefik Proxy tracing system allows developers to visualize call flows in their infrastructure. Read the full documentation." +--- + # Tracing Visualize the Requests Flow diff --git a/docs/content/observability/tracing/zipkin.md b/docs/content/observability/tracing/zipkin.md index 82d8cdfcd..146dae6e1 100644 --- a/docs/content/observability/tracing/zipkin.md +++ b/docs/content/observability/tracing/zipkin.md @@ -1,3 +1,8 @@ +--- +title: "Traefik Zipkin Documentation" +description: "Traefik supports several tracing backends, including Zipkin. Learn how to implement it for observability in Traefik Proxy. Read the technical documentation." +--- + # Zipkin To enable the Zipkin tracer: diff --git a/docs/content/operations/api.md b/docs/content/operations/api.md index bf3872274..3b30993a5 100644 --- a/docs/content/operations/api.md +++ b/docs/content/operations/api.md @@ -1,3 +1,8 @@ +--- +title: "Traefik API Documentation" +description: "Traefik Proxy exposes information through API handlers. Learn about the security, configuration, and endpoints of APIs. Read the technical documentation." +--- + # API Traefik exposes a number of information through an API handler, such as the configuration of all routers, services, middlewares, etc. diff --git a/docs/content/operations/cli.md b/docs/content/operations/cli.md index 35cb3a539..cf4257ae5 100644 --- a/docs/content/operations/cli.md +++ b/docs/content/operations/cli.md @@ -1,3 +1,8 @@ +--- +title: "Traefik CLI Documentation" +description: "Learn the basics of the Traefik Proxy command line interface (CLI). Read the technical documentation." +--- + # CLI The Traefik Command Line diff --git a/docs/content/operations/dashboard.md b/docs/content/operations/dashboard.md index 6ec1df1c4..a0f527c53 100644 --- a/docs/content/operations/dashboard.md +++ b/docs/content/operations/dashboard.md @@ -1,3 +1,8 @@ +--- +title: "Traefik Dashboard Documentation" +description: "The dashboard shows you the current active routes handled by Traefik Proxy in one central place. Read the technical documentation to learn its operations." +--- + # The Dashboard See What's Going On diff --git a/docs/content/operations/ping.md b/docs/content/operations/ping.md index cc187bb9f..3dc1de3d9 100644 --- a/docs/content/operations/ping.md +++ b/docs/content/operations/ping.md @@ -1,3 +1,8 @@ +--- +title: "Traefik Ping Documentation" +description: "In Traefik Proxy, Ping lets you check the health of your Traefik instances. Read the technical documentation for configuration examples and options." +--- + # Ping Checking the Health of Your Traefik Instances diff --git a/docs/content/plugins/index.md b/docs/content/plugins/index.md index ac3330dbe..f5062b21f 100644 --- a/docs/content/plugins/index.md +++ b/docs/content/plugins/index.md @@ -1,3 +1,8 @@ +--- +title: "Traefik Plugins Documentation" +description: "Learn how to connect Traefik Proxy with Pilot, a SaaS platform that offers features for metrics, alerts, and plugins. Read the technical documentation." +--- + # Plugins and Traefik Pilot Traefik Pilot is a software-as-a-service (SaaS) platform that connects to Traefik to extend its capabilities. diff --git a/docs/content/providers/consul-catalog.md b/docs/content/providers/consul-catalog.md index 35d0d600e..420daf790 100644 --- a/docs/content/providers/consul-catalog.md +++ b/docs/content/providers/consul-catalog.md @@ -1,3 +1,8 @@ +--- +title: "Consul Catalog Configuration Discovery" +description: "Learn how to use Consul Catalog as a provider for configuration discovery in Traefik Proxy. Read the technical documentation." +--- + # Traefik & Consul Catalog A Story of Tags, Services & Instances diff --git a/docs/content/providers/consul.md b/docs/content/providers/consul.md index 20dccd0a4..289991062 100644 --- a/docs/content/providers/consul.md +++ b/docs/content/providers/consul.md @@ -1,3 +1,8 @@ +--- +title: "Traefik Consul Documentation" +description: "Use Consul as a provider for configuration discovery in Traefik Proxy. Automate and store your configurations with Consul. Read the technical documentation." +--- + # Traefik & Consul A Story of KV store & Containers diff --git a/docs/content/providers/docker.md b/docs/content/providers/docker.md index c659af73f..9754aab8a 100644 --- a/docs/content/providers/docker.md +++ b/docs/content/providers/docker.md @@ -1,3 +1,8 @@ +--- +title: "Traefik Docker Documentation" +description: "Learn how to achieve configuration discovery in Traefik through Docker. Read the technical documentation." +--- + # Traefik & Docker A Story of Labels & Containers diff --git a/docs/content/providers/ecs.md b/docs/content/providers/ecs.md index 8a0531e31..282da12aa 100644 --- a/docs/content/providers/ecs.md +++ b/docs/content/providers/ecs.md @@ -1,3 +1,8 @@ +--- +title: "Traefik AWS ECS Documentation" +description: "Configuration discovery in Traefik is achieved through Providers. Read the technical documentation for leveraging AWS ECS in Traefik." +--- + # Traefik & AWS ECS A Story of Labels & Elastic Containers diff --git a/docs/content/providers/etcd.md b/docs/content/providers/etcd.md index d7c2e67b2..82909eedd 100644 --- a/docs/content/providers/etcd.md +++ b/docs/content/providers/etcd.md @@ -1,3 +1,8 @@ +--- +title: "Traefik Etcd Documentation" +description: "Use Etcd as a provider for configuration discovery in Traefik Proxy. Automate and store your configurations with Etcd. Read the technical documentation." +--- + # Traefik & Etcd A Story of KV store & Containers diff --git a/docs/content/providers/file.md b/docs/content/providers/file.md index 0d0c704e6..5283cdb25 100644 --- a/docs/content/providers/file.md +++ b/docs/content/providers/file.md @@ -1,3 +1,8 @@ +--- +title: "Traefik File Documentation" +description: "The file provider in Traefik Proxy lets you define the dynamic configuration in a YAML or TOML file. Read the technical documentation." +--- + # Traefik & File Good Old Configuration File diff --git a/docs/content/providers/http.md b/docs/content/providers/http.md index 4f2fd1f47..5868e7a4b 100644 --- a/docs/content/providers/http.md +++ b/docs/content/providers/http.md @@ -1,3 +1,8 @@ +--- +title: "Traefik HTTP Documentation" +description: "Provide your dynamic configuration via an HTTP(S) endpoint and let Traefik Proxy do the rest. Read the technical documentation." +--- + # Traefik & HTTP Provide your [dynamic configuration](./overview.md) via an HTTP(S) endpoint and let Traefik do the rest! diff --git a/docs/content/providers/kubernetes-crd.md b/docs/content/providers/kubernetes-crd.md index 6cf0d55fe..fbe8fcf1d 100644 --- a/docs/content/providers/kubernetes-crd.md +++ b/docs/content/providers/kubernetes-crd.md @@ -1,3 +1,8 @@ +--- +title: "Kubernetes IngressRoute & Traefik CRD" +description: "The Traefik team developed a Custom Resource Definition (CRD) for an IngressRoute type, to provide a better way to configure access to a Kubernetes cluster." +--- + # Traefik & Kubernetes The Kubernetes Ingress Controller, The Custom Resource Way. diff --git a/docs/content/providers/kubernetes-gateway.md b/docs/content/providers/kubernetes-gateway.md index d9cbe1d60..b6e411517 100644 --- a/docs/content/providers/kubernetes-gateway.md +++ b/docs/content/providers/kubernetes-gateway.md @@ -1,3 +1,8 @@ +--- +title: "Traefik Kubernetes Gateway API Documentation" +description: "Learn how to use the Kubernetes Gateway API as a provider for configuration discovery in Traefik Proxy. Read the technical documentation." +--- + # Traefik & Kubernetes with Gateway API The Kubernetes Gateway API, The Experimental Way. diff --git a/docs/content/providers/kubernetes-ingress.md b/docs/content/providers/kubernetes-ingress.md index 45af9bbf7..c490211ec 100644 --- a/docs/content/providers/kubernetes-ingress.md +++ b/docs/content/providers/kubernetes-ingress.md @@ -1,3 +1,8 @@ +--- +title: "Traefik Kubernetes Ingress Documentation" +description: "Understand the requirements, routing configuration, and how to set up Traefik Proxy as your Kubernetes Ingress Controller. Read the technical documentation." +--- + # Traefik & Kubernetes The Kubernetes Ingress Controller. diff --git a/docs/content/providers/marathon.md b/docs/content/providers/marathon.md index 51571ddb2..ec1490e1f 100644 --- a/docs/content/providers/marathon.md +++ b/docs/content/providers/marathon.md @@ -1,3 +1,8 @@ +--- +title: "Traefik Configuration for Marathon" +description: "Traefik Proxy can be configured to use Marathon as a provider. Read the technical documentation to learn how." +--- + # Traefik & Marathon Traefik can be configured to use Marathon as a provider. diff --git a/docs/content/providers/overview.md b/docs/content/providers/overview.md index d5413c8c3..0c6ec0d5d 100644 --- a/docs/content/providers/overview.md +++ b/docs/content/providers/overview.md @@ -1,3 +1,8 @@ +--- +title: "Traefik Configuration Discovery Overview" +description: "Configuration discovery in Traefik is achieved through Providers. The providers are infrastructure components. Read the documentation to learn more." +--- + # Overview Traefik's Many Friends diff --git a/docs/content/providers/rancher.md b/docs/content/providers/rancher.md index 210e4d9f1..b709a5329 100644 --- a/docs/content/providers/rancher.md +++ b/docs/content/providers/rancher.md @@ -1,3 +1,8 @@ +--- +title: ""Traefik Configuration Discovery: Rancher"" +description: "Read the official Traefik documentation to learn how to expose Rancher services by default in Traefik Proxy." +--- + # Traefik & Rancher A Story of Labels, Services & Containers diff --git a/docs/content/providers/redis.md b/docs/content/providers/redis.md index 46481957b..762d9aab6 100644 --- a/docs/content/providers/redis.md +++ b/docs/content/providers/redis.md @@ -1,3 +1,8 @@ +--- +title: "Traefik Redis Documentation" +description: "For configuration discovery in Traefik Proxy, you can store your configurations in Redis. Read the technical documentation." +--- + # Traefik & Redis A Story of KV store & Containers diff --git a/docs/content/providers/zookeeper.md b/docs/content/providers/zookeeper.md index cd47977de..8ebc94859 100644 --- a/docs/content/providers/zookeeper.md +++ b/docs/content/providers/zookeeper.md @@ -1,3 +1,8 @@ +--- +title: "Traefik ZooKeeper Documentation" +description: "For configuration discovery in Traefik Proxy, you can store your configurations in ZooKeeper. Read the technical documentation." +--- + # Traefik & ZooKeeper A Story of KV Store & Containers diff --git a/docs/content/reference/dynamic-configuration/consul-catalog.md b/docs/content/reference/dynamic-configuration/consul-catalog.md index fd3a41de4..534fd953a 100644 --- a/docs/content/reference/dynamic-configuration/consul-catalog.md +++ b/docs/content/reference/dynamic-configuration/consul-catalog.md @@ -1,3 +1,8 @@ +--- +title: "Traefik Consul Configuration Documentation" +description: "View the reference for performing dynamic configurations with Traefik Proxy and Consul Catalog. Read the technical documentation." +--- + # Consul Catalog Configuration Reference Dynamic configuration with Consul Catalog diff --git a/docs/content/reference/dynamic-configuration/docker.md b/docs/content/reference/dynamic-configuration/docker.md index dd6c4bce1..1d56559bb 100644 --- a/docs/content/reference/dynamic-configuration/docker.md +++ b/docs/content/reference/dynamic-configuration/docker.md @@ -1,3 +1,8 @@ +--- +title: "Traefik Docker Configuration Documentation" +description: "Reference dynamic configuration with Docker labels in Traefik Proxy. Read the technical documentation." +--- + # Docker Configuration Reference Dynamic configuration with Docker Labels diff --git a/docs/content/reference/dynamic-configuration/ecs.md b/docs/content/reference/dynamic-configuration/ecs.md index aac748b75..e32038f5a 100644 --- a/docs/content/reference/dynamic-configuration/ecs.md +++ b/docs/content/reference/dynamic-configuration/ecs.md @@ -1,3 +1,8 @@ +--- +title: "Traefik AWS ECS Configuration Documentation" +description: "Learn how to do dynamic configuration in Traefik Proxy with AWS ECS. Read the technical documentation." +--- + # ECS Configuration Reference Dynamic configuration with ECS provider diff --git a/docs/content/reference/dynamic-configuration/file.md b/docs/content/reference/dynamic-configuration/file.md index 49986c88f..eac9dc9a1 100644 --- a/docs/content/reference/dynamic-configuration/file.md +++ b/docs/content/reference/dynamic-configuration/file.md @@ -1,3 +1,8 @@ +--- +title: "Traefik File Dynamic Configuration" +description: "This guide will provide you with the YAML and TOML files for dynamic configuration in Traefik Proxy. Read the technical documentation." +--- + # File Configuration Reference Dynamic configuration with files diff --git a/docs/content/reference/dynamic-configuration/kubernetes-crd.md b/docs/content/reference/dynamic-configuration/kubernetes-crd.md index ccda41843..42720d17c 100644 --- a/docs/content/reference/dynamic-configuration/kubernetes-crd.md +++ b/docs/content/reference/dynamic-configuration/kubernetes-crd.md @@ -1,3 +1,8 @@ +--- +title: "Traefik Kubernetes CRD Documentation" +description: "Learn about the definitions, resources, and RBAC of dynamic configuration with Kubernetes CRD in Traefik Proxy. Read the technical documentation." +--- + # Kubernetes Configuration Reference Dynamic configuration with Kubernetes Custom Resource diff --git a/docs/content/reference/dynamic-configuration/kubernetes-gateway.md b/docs/content/reference/dynamic-configuration/kubernetes-gateway.md index 8b668b445..1c0d4ce04 100644 --- a/docs/content/reference/dynamic-configuration/kubernetes-gateway.md +++ b/docs/content/reference/dynamic-configuration/kubernetes-gateway.md @@ -1,3 +1,8 @@ +--- +title: "Traefik Kubernetes Routing" +description: "Reference the dynamic configuration with the Kubernetes Gateway provider in Traefik Proxy. Read the technical documentation." +--- + # Kubernetes Configuration Reference Dynamic configuration with Kubernetes Gateway provider. diff --git a/docs/content/reference/dynamic-configuration/kv.md b/docs/content/reference/dynamic-configuration/kv.md index 7c4d9c656..8db8415e5 100644 --- a/docs/content/reference/dynamic-configuration/kv.md +++ b/docs/content/reference/dynamic-configuration/kv.md @@ -1,3 +1,8 @@ +--- +title: "Traefik Dynamic Configuration with KV stores" +description: "Read the technical documentation to learn the Traefik Dynamic Configuration with KV stores." +--- + # KV Configuration Reference Dynamic configuration with KV stores. diff --git a/docs/content/reference/dynamic-configuration/marathon.md b/docs/content/reference/dynamic-configuration/marathon.md index 6d4e17c23..0e20679f8 100644 --- a/docs/content/reference/dynamic-configuration/marathon.md +++ b/docs/content/reference/dynamic-configuration/marathon.md @@ -1,3 +1,8 @@ +--- +title: "Dynamic Configuration with Marathon Labels" +description: "Traefik Proxy can be configured to use Marathon as a provider. Read the technical documentation on the Traefik dynamic configuration with Marathon Labels." +--- + # Marathon Configuration Reference Dynamic configuration with Marathon Labels diff --git a/docs/content/reference/dynamic-configuration/rancher.md b/docs/content/reference/dynamic-configuration/rancher.md index c6cd56736..c2762999d 100644 --- a/docs/content/reference/dynamic-configuration/rancher.md +++ b/docs/content/reference/dynamic-configuration/rancher.md @@ -1,3 +1,8 @@ +--- +title: "Traefik Dynamic Configuration with Rancher" +description: "Read the official Traefik documentation to learn more on dynamic configuration in Traefik Proxy with Rancher Labels." +--- + # Rancher Configuration Reference Dynamic configuration with Rancher Labels diff --git a/docs/content/reference/static-configuration/cli.md b/docs/content/reference/static-configuration/cli.md index 73319a30d..85179eade 100644 --- a/docs/content/reference/static-configuration/cli.md +++ b/docs/content/reference/static-configuration/cli.md @@ -1,3 +1,8 @@ +--- +title: "Traefik CLI Flags Documentation" +description: "Reference the CLI flags for static configuration in Traefik Proxy. Read the technical documentation." +--- + # Static Configuration: CLI --8<-- "content/reference/static-configuration/cli-ref.md" diff --git a/docs/content/reference/static-configuration/env.md b/docs/content/reference/static-configuration/env.md index 0885c93d0..e894850b2 100644 --- a/docs/content/reference/static-configuration/env.md +++ b/docs/content/reference/static-configuration/env.md @@ -1,3 +1,8 @@ +--- +title: "Traefik Environment Variables Documentation" +description: "Reference the environment variables for static configuration in Traefik Proxy. Read the technical documentation." +--- + # Static Configuration: Environment variables --8<-- "content/reference/static-configuration/env-ref.md" diff --git a/docs/content/reference/static-configuration/file.md b/docs/content/reference/static-configuration/file.md index 2ea52b8ae..c2f3174db 100644 --- a/docs/content/reference/static-configuration/file.md +++ b/docs/content/reference/static-configuration/file.md @@ -1,3 +1,8 @@ +--- +title: "Traefik File Static Configuration" +description: "Reference the YAML and TOML files for static configuration in Traefik Proxy. Read the technical documentation." +--- + # Static Configuration: File ```yml tab="YAML" diff --git a/docs/content/reference/static-configuration/overview.md b/docs/content/reference/static-configuration/overview.md index 57bf649d0..853ab0a97 100644 --- a/docs/content/reference/static-configuration/overview.md +++ b/docs/content/reference/static-configuration/overview.md @@ -1,3 +1,8 @@ +--- +title: "Traefik Static Configuration Overview" +description: "Read the official Traefik documentation to get started with static configuration in Traefik Proxy." +--- + # Static Configuration - [File](./file.md) diff --git a/docs/content/routing/entrypoints.md b/docs/content/routing/entrypoints.md index 2aa6b6faf..3ee9f9c6d 100644 --- a/docs/content/routing/entrypoints.md +++ b/docs/content/routing/entrypoints.md @@ -1,3 +1,8 @@ +--- +title: "Traefik EntryPoints Documentation" +description: "For routing and load balancing in Traefik Proxy, EntryPoints define which port will receive packets and whether in UDP or TCP. Read the technical documentation." +--- + # EntryPoints Opening Connections for Incoming Requests diff --git a/docs/content/routing/overview.md b/docs/content/routing/overview.md index 59b3e4a8c..ee3b61b84 100644 --- a/docs/content/routing/overview.md +++ b/docs/content/routing/overview.md @@ -1,3 +1,8 @@ +--- +title: "Routing & Load Balancing Overview |Traefik Docs" +description: "Read the official Traefik documentation to learn more on the Traefik Proxy architecture and the components that enable the routes to be created." +--- + # Overview What's Happening to the Requests? diff --git a/docs/content/routing/providers/consul-catalog.md b/docs/content/routing/providers/consul-catalog.md index 1431ad71c..35d1dffc6 100644 --- a/docs/content/routing/providers/consul-catalog.md +++ b/docs/content/routing/providers/consul-catalog.md @@ -1,3 +1,8 @@ +--- +title: "Traefik Consul Catalog Routing" +description: "Learn how to use Consul Catalog as a provider for routing configurations in Traefik Proxy. Read the technical documentation." +--- + # Traefik & Consul Catalog A Story of Tags, Services & Instances diff --git a/docs/content/routing/providers/docker.md b/docs/content/routing/providers/docker.md index 923c21237..17485c053 100644 --- a/docs/content/routing/providers/docker.md +++ b/docs/content/routing/providers/docker.md @@ -1,3 +1,8 @@ +--- +title: "Traefik Docker Routing Documentation" +description: "This guide will teach you how to attach labels to your containers, to route traffic and load balance with Traefik and Docker." +--- + # Traefik & Docker A Story of Labels & Containers diff --git a/docs/content/routing/providers/ecs.md b/docs/content/routing/providers/ecs.md index cfcb1af8c..3f030768d 100644 --- a/docs/content/routing/providers/ecs.md +++ b/docs/content/routing/providers/ecs.md @@ -1,3 +1,8 @@ +--- +title: "Traefik ECS Documentation" +description: "AWS ECS is a provider for routing and load balancing in Traefik Proxy. Read the technical documentation to get started." +--- + # Traefik & ECS A Story of Labels & Elastic Containers diff --git a/docs/content/routing/providers/kubernetes-crd.md b/docs/content/routing/providers/kubernetes-crd.md index 0eb1552b7..6b6a7b263 100644 --- a/docs/content/routing/providers/kubernetes-crd.md +++ b/docs/content/routing/providers/kubernetes-crd.md @@ -1,3 +1,8 @@ +--- +title: "Routing Configuration for Traefik CRD" +description: "Understand the routing configuration for the Kubernetes IngressRoute & Traefik CRD. Read the technical documentation." +--- + # Traefik & Kubernetes The Kubernetes Ingress Controller, The Custom Resource Way. diff --git a/docs/content/routing/providers/kubernetes-gateway.md b/docs/content/routing/providers/kubernetes-gateway.md index b679ba95b..bd000bbcc 100644 --- a/docs/content/routing/providers/kubernetes-gateway.md +++ b/docs/content/routing/providers/kubernetes-gateway.md @@ -1,3 +1,8 @@ +--- +title: "Traefik Kubernetes Gateway" +description: "The Kubernetes Gateway API can be used as a provider for routing and load balancing in Traefik Proxy. View examples in the technical documentation." +--- + # Traefik & Kubernetes The Kubernetes Gateway API, The Experimental Way. {: .subtitle } diff --git a/docs/content/routing/providers/kubernetes-ingress.md b/docs/content/routing/providers/kubernetes-ingress.md index 2a63dc8f6..39ccf4bb0 100644 --- a/docs/content/routing/providers/kubernetes-ingress.md +++ b/docs/content/routing/providers/kubernetes-ingress.md @@ -1,3 +1,8 @@ +--- +title: "Kubernetes Ingress Routing Configuration" +description: "Understand the routing configuration for the Kubernetes Ingress Controller and Traefik Proxy. Read the technical documentation." +--- + # Traefik & Kubernetes The Kubernetes Ingress Controller. diff --git a/docs/content/routing/providers/kv.md b/docs/content/routing/providers/kv.md index 34ca6d38f..be6c4d837 100644 --- a/docs/content/routing/providers/kv.md +++ b/docs/content/routing/providers/kv.md @@ -1,3 +1,8 @@ +--- +title: "Traefik Routing Configuration with KV stores" +description: "Read the technical documentation to learn the Traefik Routing Configuration with KV stores." +--- + # Traefik & KV Stores A Story of key & values diff --git a/docs/content/routing/providers/marathon.md b/docs/content/routing/providers/marathon.md index 5591981fb..a3b726cb6 100644 --- a/docs/content/routing/providers/marathon.md +++ b/docs/content/routing/providers/marathon.md @@ -1,3 +1,8 @@ +--- +title: "Traefik Routing Configuration for Marathon" +description: "Traefik Proxy can be configured to use Marathon as a provider. Read the technical documentation to understand the Traefik routing configuration for Marathon." +--- + # Traefik & Marathon Traefik can be configured to use Marathon as a provider. diff --git a/docs/content/routing/providers/rancher.md b/docs/content/routing/providers/rancher.md index 1a5aa0444..2ac3b37e8 100644 --- a/docs/content/routing/providers/rancher.md +++ b/docs/content/routing/providers/rancher.md @@ -1,3 +1,8 @@ +--- +title: "Routing & Load Balancing Providers: Rancher" +description: "Traefik Proxy creates a corresponding service and router for each Rancher Service. Read the full documentation to learn more." +--- + # Traefik & Rancher A Story of Labels, Services & Containers diff --git a/docs/content/routing/routers/index.md b/docs/content/routing/routers/index.md index 4abc03a06..5c92fef0f 100644 --- a/docs/content/routing/routers/index.md +++ b/docs/content/routing/routers/index.md @@ -1,3 +1,8 @@ +--- +title: "Traefik Routers Documentation" +description: "In Traefik Proxy, a router is in charge of connecting incoming requests to the Services that can handle them. Read the technical documentation." +--- + # Routers Connecting Requests to Services diff --git a/docs/content/routing/services/index.md b/docs/content/routing/services/index.md index 6b3d35701..168893297 100644 --- a/docs/content/routing/services/index.md +++ b/docs/content/routing/services/index.md @@ -1,3 +1,8 @@ +--- +title: "Traefik Services Documentation" +description: "Learn how to configure routing and load balancing in Traefik Proxy to reach Services, which handle incoming requests. Read the technical documentation." +--- + # Services Configuring How to Reach the Services diff --git a/docs/content/user-guides/crd-acme/index.md b/docs/content/user-guides/crd-acme/index.md index 04e63807b..91079bbd7 100644 --- a/docs/content/user-guides/crd-acme/index.md +++ b/docs/content/user-guides/crd-acme/index.md @@ -1,3 +1,8 @@ +--- +title: "Traefik CRD TLS Documentation" +description: "Learn how to use Traefik Proxy w/ an IngressRoute Custom Resource Definition (CRD) for Kubernetes, and TLS with Let's Encrypt. Read the technical documentation." +--- + # Traefik & CRD & Let's Encrypt Traefik with an IngressRoute Custom Resource Definition for Kubernetes, and TLS Through Let's Encrypt. diff --git a/docs/content/user-guides/docker-compose/acme-dns/index.md b/docs/content/user-guides/docker-compose/acme-dns/index.md index 2383234c2..59872c44e 100644 --- a/docs/content/user-guides/docker-compose/acme-dns/index.md +++ b/docs/content/user-guides/docker-compose/acme-dns/index.md @@ -1,3 +1,8 @@ +--- +title: "Traefik Docker DNS Challenge Documentation" +description: "Learn how to create a certificate with the Let's Encrypt DNS challenge to use HTTPS on a Service exposed with Traefik Proxy. Read the tehnical documentation." +--- + # Docker-compose with let's encrypt: DNS Challenge This guide aim to demonstrate how to create a certificate with the let's encrypt DNS challenge to use https on a simple service exposed with Traefik. diff --git a/docs/content/user-guides/docker-compose/acme-http/index.md b/docs/content/user-guides/docker-compose/acme-http/index.md index 8eb8864d7..7f8a05873 100644 --- a/docs/content/user-guides/docker-compose/acme-http/index.md +++ b/docs/content/user-guides/docker-compose/acme-http/index.md @@ -1,3 +1,8 @@ +--- +title: "Traefik Docker HTTP Challenge Documentation" +description: "Learn how to create a certificate with the Let's Encrypt HTTP challenge to use HTTPS on a Service exposed with Traefik Proxy. Read the technical documentation." +--- + # Docker-compose with let's encrypt : HTTP Challenge This guide aim to demonstrate how to create a certificate with the let's encrypt HTTP challenge to use https on a simple service exposed with Traefik. @@ -80,4 +85,4 @@ command: labels: # Uses the Host rule to define which certificate to issue - "traefik.http.routers.whoami.tls.certresolver=myresolver" -``` \ No newline at end of file +``` diff --git a/docs/content/user-guides/docker-compose/acme-tls/index.md b/docs/content/user-guides/docker-compose/acme-tls/index.md index d7aaecf23..3457b6ae1 100644 --- a/docs/content/user-guides/docker-compose/acme-tls/index.md +++ b/docs/content/user-guides/docker-compose/acme-tls/index.md @@ -1,3 +1,8 @@ +--- +title: "Traefik Docker TLS Challenge Documentation" +description: "Learn how to create a certificate with the Let's Encrypt TLS challenge to use HTTPS on a service exposed with Traefik Proxy. Read the technical documentation." +--- + # Docker-compose with let's encrypt: TLS Challenge This guide aim to demonstrate how to create a certificate with the let's encrypt TLS challenge to use https on a simple service exposed with Traefik. diff --git a/docs/content/user-guides/docker-compose/basic-example/index.md b/docs/content/user-guides/docker-compose/basic-example/index.md index aef9910e5..80f1a6a07 100644 --- a/docs/content/user-guides/docker-compose/basic-example/index.md +++ b/docs/content/user-guides/docker-compose/basic-example/index.md @@ -1,3 +1,8 @@ +--- +title: "Traefik Docker Documentation" +description: "This guide covers a basic docker-compose file exposing a simple service using the docker provider in Traefik Proxy. Read the technical documentation." +--- + # Docker-compose basic example In this section we quickly go over a basic docker-compose file exposing a simple service using the docker provider. diff --git a/docs/content/user-guides/grpc.md b/docs/content/user-guides/grpc.md index e60b3ed19..488008381 100644 --- a/docs/content/user-guides/grpc.md +++ b/docs/content/user-guides/grpc.md @@ -1,3 +1,8 @@ +--- +title: "Traefik Proxy gRPC Examples" +description: "This section of the Traefik Proxy documentation explains how to use Traefik as reverse proxy for gRPC applications." +--- + # gRPC Examples ## With HTTP (h2c) diff --git a/docs/content/user-guides/marathon.md b/docs/content/user-guides/marathon.md index bfd380048..2b374ca24 100644 --- a/docs/content/user-guides/marathon.md +++ b/docs/content/user-guides/marathon.md @@ -1,3 +1,8 @@ +--- +title: "Traefik Proxy and Marathon Integration Guide |Traefik Docs" +description: "This guide explains how to integrate Marathon and operate the cluster in a reliable way from the Traefik Proxy standpoint." +--- + # Marathon This guide explains how to integrate Marathon and operate the cluster in a reliable way from Traefik's standpoint. diff --git a/docs/mkdocs.yml b/docs/mkdocs.yml index dbf93a009..35a7b017b 100644 --- a/docs/mkdocs.yml +++ b/docs/mkdocs.yml @@ -42,6 +42,7 @@ plugins: # https://squidfunk.github.io/mkdocs-material/extensions/admonition/ # https://facelessuser.github.io/pymdown-extensions/ markdown_extensions: + - meta - attr_list - admonition - footnotes From ad3625bef305ad9eb200dabe831cb16cc9daf881 Mon Sep 17 00:00:00 2001 From: Tom Moulard Date: Fri, 15 Apr 2022 16:16:08 +0200 Subject: [PATCH 19/25] Improve documentation Makefile --- docs/Makefile | 41 +++++++++++-------- docs/check.Dockerfile | 12 +++--- docs/scripts/lint.sh | 8 ++-- docs/scripts/verify.sh | 20 ++++----- .../DONT-EDIT-FILES-IN-THIS-DIRECTORY.md | 2 +- 5 files changed, 47 insertions(+), 36 deletions(-) diff --git a/docs/Makefile b/docs/Makefile index 85546ac68..501cbdbad 100644 --- a/docs/Makefile +++ b/docs/Makefile @@ -1,4 +1,3 @@ - ####### # This Makefile contains all targets related to the documentation ####### @@ -16,41 +15,51 @@ DOCKER_RUN_DOC_MOUNTS := -v $(CURDIR):/mkdocs DOCKER_RUN_DOC_OPTS := --rm $(DOCKER_RUN_DOC_MOUNTS) -p $(DOCKER_RUN_DOC_PORT):8000 # Default: generates the documentation into $(SITE_DIR) +.PHONY: docs docs: docs-clean docs-image docs-lint docs-build docs-verify # Writer Mode: build and serve docs on http://localhost:8000 with livereload +.PHONY: docs-serve docs-serve: docs-image docker run $(DOCKER_RUN_DOC_OPTS) $(TRAEFIK_DOCS_BUILD_IMAGE) mkdocs serve ## Pull image for doc building +.PHONY: docs-pull-images docs-pull-images: - grep --no-filename -E '^FROM' ./*.Dockerfile | awk '{print $$2}' | sort | uniq | xargs -P 6 -n 1 docker pull + grep --no-filename -E '^FROM' ./*.Dockerfile \ + | awk '{print $$2}' \ + | sort \ + | uniq \ + | xargs -P 6 -n 1 docker pull # Utilities Targets for each step +.PHONY: docs-image docs-image: docker build -t $(TRAEFIK_DOCS_BUILD_IMAGE) -f docs.Dockerfile ./ +.PHONY: docs-build docs-build: docs-image docker run $(DOCKER_RUN_DOC_OPTS) $(TRAEFIK_DOCS_BUILD_IMAGE) sh -c "mkdocs build \ && chown -R $(shell id -u):$(shell id -g) ./site" +.PHONY: docs-verify docs-verify: docs-build - @if [ "$(DOCS_VERIFY_SKIP)" != "true" ]; then \ - docker build -t $(TRAEFIK_DOCS_CHECK_IMAGE) -f check.Dockerfile ./; \ - docker run --rm -v $(CURDIR):/app $(TRAEFIK_DOCS_CHECK_IMAGE) /verify.sh; \ - else \ - echo "DOCS_VERIFY_SKIP is true: no verification done."; \ - fi +ifneq ("$(DOCS_VERIFY_SKIP)", "true") + docker build -t $(TRAEFIK_DOCS_CHECK_IMAGE) -f check.Dockerfile ./ + docker run --rm -v $(CURDIR):/app $(TRAEFIK_DOCS_CHECK_IMAGE) /verify.sh +else + echo "DOCS_VERIFY_SKIP is true: no verification done." +endif +.PHONY: docs-lint docs-lint: - @if [ "$(DOCS_LINT_SKIP)" != "true" ]; then \ - docker build -t $(TRAEFIK_DOCS_CHECK_IMAGE) -f check.Dockerfile ./ && \ - docker run --rm -v $(CURDIR):/app $(TRAEFIK_DOCS_CHECK_IMAGE) /lint.sh; \ - else \ - echo "DOCS_LINT_SKIP is true: no linting done."; \ - fi +ifneq ("$(DOCS_LINT_SKIP)", "true") + docker build -t $(TRAEFIK_DOCS_CHECK_IMAGE) -f check.Dockerfile ./ + docker run --rm -v $(CURDIR):/app $(TRAEFIK_DOCS_CHECK_IMAGE) /lint.sh +else + echo "DOCS_LINT_SKIP is true: no linting done." +endif +.PHONY: docs-clean docs-clean: rm -rf $(SITE_DIR) - -.PHONY: all docs-verify docs docs-clean docs-build docs-lint diff --git a/docs/check.Dockerfile b/docs/check.Dockerfile index 53b914c66..92321d109 100644 --- a/docs/check.Dockerfile +++ b/docs/check.Dockerfile @@ -1,18 +1,20 @@ - FROM alpine:3.14 as alpine RUN apk --no-cache --no-progress add \ + build-base \ libcurl \ + libxml2-dev \ + libxslt-dev \ ruby \ ruby-bigdecimal \ + ruby-dev \ ruby-etc \ ruby-ffi \ ruby-json \ - ruby-nokogiri \ - ruby-dev \ - build-base + zlib-dev -RUN gem install html-proofer --version 3.19.0 --no-document -- --use-system-libraries +RUN gem install nokogiri --version 1.13.3 --no-document -- --use-system-libraries +RUN gem install html-proofer --version 3.19.3 --no-document -- --use-system-libraries # After Ruby, some NodeJS YAY! RUN apk --no-cache --no-progress add \ diff --git a/docs/scripts/lint.sh b/docs/scripts/lint.sh index 668af9178..a46066df8 100755 --- a/docs/scripts/lint.sh +++ b/docs/scripts/lint.sh @@ -12,15 +12,15 @@ echo "== Linting Markdown" # Uses the file ".markdownlint.json" for setup cd "${BASE_DIR}" || exit 1 -LINTER_EXCLUSIONS="$(find "${BASE_DIR}/content" -type f -name '.markdownlint.json')" \ +LINTER_EXCLUSIONS="$(find "${BASE_DIR}/content" -type f -name '.markdownlint.json')" GLOBAL_LINT_OPTIONS="--config ${BASE_DIR}/.markdownlint.json" # Lint the specific folders (containing linter specific rulesets) for LINTER_EXCLUSION in ${LINTER_EXCLUSIONS} do - markdownlint --config "${LINTER_EXCLUSION}" "$(dirname "${LINTER_EXCLUSION}")" || EXIT_CODE=1 - # Add folder to the ignore list for global lint - GLOBAL_LINT_OPTIONS="${GLOBAL_LINT_OPTIONS} --ignore=$(dirname "${LINTER_EXCLUSION}")" + markdownlint --config "${LINTER_EXCLUSION}" "$(dirname "${LINTER_EXCLUSION}")" || EXIT_CODE=1 + # Add folder to the ignore list for global lint + GLOBAL_LINT_OPTIONS="${GLOBAL_LINT_OPTIONS} --ignore=$(dirname "${LINTER_EXCLUSION}")" done # Lint all the content, excluding the previously done` diff --git a/docs/scripts/verify.sh b/docs/scripts/verify.sh index 99ca0083d..81584223d 100755 --- a/docs/scripts/verify.sh +++ b/docs/scripts/verify.sh @@ -4,7 +4,7 @@ PATH_TO_SITE="${1:-/app/site}" set -eu -[ -d "${PATH_TO_SITE}" ] +[ ! -d "${PATH_TO_SITE}" ] && echo "= Cannot check HTML content: no site asset found" && exit 1 NUMBER_OF_CPUS="$(grep -c processor /proc/cpuinfo)" @@ -14,16 +14,16 @@ echo "=== Checking HTML content..." # and pipe this to htmlproofer with parallel threads # (one htmlproofer per vCPU) find "${PATH_TO_SITE}" -type f -not -path "/app/site/theme/*" \ - -name "*.html" -print0 \ + -name "*.html" -print0 \ | xargs -0 -r -P "${NUMBER_OF_CPUS}" -I '{}' \ - htmlproofer \ - --check-html \ - --check_external_hash \ - --alt_ignore="/traefikproxy-vertical-logo-color.svg/" \ - --http_status_ignore="0,500,501,503" \ - --file_ignore="/404.html/" \ - --url_ignore="/https://groups.google.com/a/traefik.io/forum/#!forum/security/,/localhost:/,/127.0.0.1:/,/fonts.gstatic.com/,/.minikube/,/github.com\/traefik\/traefik\/*edit*/,/github.com\/traefik\/traefik/,/doc.traefik.io/,/github\.com\/golang\/oauth2\/blob\/36a7019397c4c86cf59eeab3bc0d188bac444277\/.+/,/www.akamai.com/,/pilot.traefik.io\/profile/,/traefik.io/,/doc.traefik.io\/traefik-mesh/,/www.mkdocs.org/,/squidfunk.github.io/,/ietf.org/,/www.namesilo.com/,/www.youtube.com/,/www.linode.com/,/www.alibabacloud.com/,/www.cloudxns.net/,/www.vultr.com/,/vscale.io/,/hetzner.com/,/docs.github.com/" \ - '{}' 1>/dev/null + htmlproofer \ + --check-html \ + --check_external_hash \ + --alt_ignore="/traefikproxy-vertical-logo-color.svg/" \ + --http_status_ignore="0,500,501,503" \ + --file_ignore="/404.html/" \ + --url_ignore="/https://groups.google.com/a/traefik.io/forum/#!forum/security/,/localhost:/,/127.0.0.1:/,/fonts.gstatic.com/,/.minikube/,/github.com\/traefik\/traefik\/*edit*/,/github.com\/traefik\/traefik/,/doc.traefik.io/,/github\.com\/golang\/oauth2\/blob\/36a7019397c4c86cf59eeab3bc0d188bac444277\/.+/,/www.akamai.com/,/pilot.traefik.io\/profile/,/traefik.io/,/doc.traefik.io\/traefik-mesh/,/www.mkdocs.org/,/squidfunk.github.io/,/ietf.org/,/www.namesilo.com/,/www.youtube.com/,/www.linode.com/,/www.alibabacloud.com/,/www.cloudxns.net/,/www.vultr.com/,/vscale.io/,/hetzner.com/,/docs.github.com/" \ + '{}' 1>/dev/null ## HTML-proofer options at https://github.com/gjtorikian/html-proofer#configuration echo "= Documentation checked successfully." diff --git a/webui/static/DONT-EDIT-FILES-IN-THIS-DIRECTORY.md b/webui/static/DONT-EDIT-FILES-IN-THIS-DIRECTORY.md index a0965fd38..03873182c 100644 --- a/webui/static/DONT-EDIT-FILES-IN-THIS-DIRECTORY.md +++ b/webui/static/DONT-EDIT-FILES-IN-THIS-DIRECTORY.md @@ -1 +1 @@ -For more information show `webui/readme.md` \ No newline at end of file +For more information show `webui/readme.md` From 232e2c1e7d61dae3fbad02217350d4981464ed5f Mon Sep 17 00:00:00 2001 From: Tom Moulard Date: Fri, 15 Apr 2022 17:24:08 +0200 Subject: [PATCH 20/25] Fix regexp handling in redirect middleware --- pkg/middlewares/redirect/redirect.go | 2 ++ pkg/middlewares/redirect/redirect_regex.go | 10 ++-------- pkg/middlewares/redirect/redirect_scheme.go | 12 ++++-------- 3 files changed, 8 insertions(+), 16 deletions(-) diff --git a/pkg/middlewares/redirect/redirect.go b/pkg/middlewares/redirect/redirect.go index d2783d1bc..e09611e37 100644 --- a/pkg/middlewares/redirect/redirect.go +++ b/pkg/middlewares/redirect/redirect.go @@ -15,6 +15,8 @@ const ( schemeHTTPS = "https" ) +var uriRegexp = regexp.MustCompile(`^(https?):\/\/(\[[\w:.]+\]|[\w\._-]+)?(:\d+)?(.*)$`) + type redirect struct { next http.Handler regex *regexp.Regexp diff --git a/pkg/middlewares/redirect/redirect_regex.go b/pkg/middlewares/redirect/redirect_regex.go index f26b5e3d4..bc4ae3843 100644 --- a/pkg/middlewares/redirect/redirect_regex.go +++ b/pkg/middlewares/redirect/redirect_regex.go @@ -3,7 +3,6 @@ package redirect import ( "context" "net/http" - "regexp" "strings" "github.com/traefik/traefik/v2/pkg/config/dynamic" @@ -11,9 +10,7 @@ import ( "github.com/traefik/traefik/v2/pkg/middlewares" ) -const ( - typeRegexName = "RedirectRegex" -) +const typeRegexName = "RedirectRegex" // NewRedirectRegex creates a redirect middleware. func NewRedirectRegex(ctx context.Context, next http.Handler, conf dynamic.RedirectRegex, name string) (http.Handler, error) { @@ -30,10 +27,7 @@ func rawURL(req *http.Request) string { port := "" uri := req.RequestURI - schemeRegex := `^(https?):\/\/(\[[\w:.]+\]|[\w\._-]+)?(:\d+)?(.*)$` - re, _ := regexp.Compile(schemeRegex) - if re.Match([]byte(req.RequestURI)) { - match := re.FindStringSubmatch(req.RequestURI) + if match := uriRegexp.FindStringSubmatch(req.RequestURI); len(match) > 0 { scheme = match[1] if len(match[2]) > 0 { diff --git a/pkg/middlewares/redirect/redirect_scheme.go b/pkg/middlewares/redirect/redirect_scheme.go index 36bcb25fd..00e30b8b4 100644 --- a/pkg/middlewares/redirect/redirect_scheme.go +++ b/pkg/middlewares/redirect/redirect_scheme.go @@ -5,7 +5,6 @@ import ( "errors" "net" "net/http" - "regexp" "strings" "github.com/traefik/traefik/v2/pkg/config/dynamic" @@ -14,8 +13,8 @@ import ( ) const ( - typeSchemeName = "RedirectScheme" - schemeRedirectRegex = `^(https?:\/\/)?(\[[\w:.]+\]|[\w\._-]+)?(:\d+)?(.*)$` + typeSchemeName = "RedirectScheme" + uriPattern = `^(https?:\/\/)?(\[[\w:.]+\]|[\w\._-]+)?(:\d+)?(.*)$` ) // NewRedirectScheme creates a new RedirectScheme middleware. @@ -33,7 +32,7 @@ func NewRedirectScheme(ctx context.Context, next http.Handler, conf dynamic.Redi port = ":" + conf.Port } - return newRedirect(next, schemeRedirectRegex, conf.Scheme+"://${2}"+port+"${4}", conf.Permanent, rawURLScheme, name) + return newRedirect(next, uriPattern, conf.Scheme+"://${2}"+port+"${4}", conf.Permanent, rawURLScheme, name) } func rawURLScheme(req *http.Request) string { @@ -46,10 +45,7 @@ func rawURLScheme(req *http.Request) string { } uri := req.RequestURI - schemeRegex := `^(https?):\/\/(\[[\w:.]+\]|[\w\._-]+)?(:\d+)?(.*)$` - re, _ := regexp.Compile(schemeRegex) - if re.Match([]byte(req.RequestURI)) { - match := re.FindStringSubmatch(req.RequestURI) + if match := uriRegexp.FindStringSubmatch(req.RequestURI); len(match) > 0 { scheme = match[1] if len(match[2]) > 0 { From 44621ad28c900d07986e257afd1641f2b9fae09c Mon Sep 17 00:00:00 2001 From: Romain Date: Tue, 19 Apr 2022 15:32:08 +0200 Subject: [PATCH 21/25] Fix default for buffering middleware Co-authored-by: Mathieu Lonjaret Co-authored-by: Kevin Pollet --- docs/content/middlewares/http/buffering.md | 14 +++- docs/scripts/verify.sh | 2 +- go.mod | 2 +- go.sum | 4 +- pkg/middlewares/buffering/buffering_test.go | 72 +++++++++++++++++++++ 5 files changed, 88 insertions(+), 6 deletions(-) create mode 100644 pkg/middlewares/buffering/buffering_test.go diff --git a/docs/content/middlewares/http/buffering.md b/docs/content/middlewares/http/buffering.md index 7610e2d81..f172faffa 100644 --- a/docs/content/middlewares/http/buffering.md +++ b/docs/content/middlewares/http/buffering.md @@ -72,9 +72,11 @@ http: ### `maxRequestBodyBytes` +_Optional, Default=0_ + The `maxRequestBodyBytes` option configures the maximum allowed body size for the request (in bytes). -If the request exceeds the allowed size, it is not forwarded to the service, and the client gets a `413 (Request Entity Too Large)` response. +If the request exceeds the allowed size, it is not forwarded to the service, and the client gets a `413` (Request Entity Too Large) response. ```yaml tab="Docker" labels: @@ -122,6 +124,8 @@ http: ### `memRequestBodyBytes` +_Optional, Default=1048576_ + You can configure a threshold (in bytes) from which the request will be buffered on disk instead of in memory with the `memRequestBodyBytes` option. ```yaml tab="Docker" @@ -170,9 +174,11 @@ http: ### `maxResponseBodyBytes` +_Optional, Default=0_ + The `maxResponseBodyBytes` option configures the maximum allowed response size from the service (in bytes). -If the response exceeds the allowed size, it is not forwarded to the client. The client gets a `413` (Request Entity Too Large) response instead. +If the response exceeds the allowed size, it is not forwarded to the client. The client gets a `500` (Internal Server Error) response instead. ```yaml tab="Docker" labels: @@ -220,6 +226,8 @@ http: ### `memResponseBodyBytes` +_Optional, Default=1048576_ + You can configure a threshold (in bytes) from which the response will be buffered on disk instead of in memory with the `memResponseBodyBytes` option. ```yaml tab="Docker" @@ -268,6 +276,8 @@ http: ### `retryExpression` +_Optional, Default=""_ + You can have the Buffering middleware replay the request using `retryExpression`. ??? example "Retries once in the case of a network error" diff --git a/docs/scripts/verify.sh b/docs/scripts/verify.sh index 81584223d..640572ec5 100755 --- a/docs/scripts/verify.sh +++ b/docs/scripts/verify.sh @@ -22,7 +22,7 @@ find "${PATH_TO_SITE}" -type f -not -path "/app/site/theme/*" \ --alt_ignore="/traefikproxy-vertical-logo-color.svg/" \ --http_status_ignore="0,500,501,503" \ --file_ignore="/404.html/" \ - --url_ignore="/https://groups.google.com/a/traefik.io/forum/#!forum/security/,/localhost:/,/127.0.0.1:/,/fonts.gstatic.com/,/.minikube/,/github.com\/traefik\/traefik\/*edit*/,/github.com\/traefik\/traefik/,/doc.traefik.io/,/github\.com\/golang\/oauth2\/blob\/36a7019397c4c86cf59eeab3bc0d188bac444277\/.+/,/www.akamai.com/,/pilot.traefik.io\/profile/,/traefik.io/,/doc.traefik.io\/traefik-mesh/,/www.mkdocs.org/,/squidfunk.github.io/,/ietf.org/,/www.namesilo.com/,/www.youtube.com/,/www.linode.com/,/www.alibabacloud.com/,/www.cloudxns.net/,/www.vultr.com/,/vscale.io/,/hetzner.com/,/docs.github.com/" \ + --url_ignore="/https://groups.google.com/a/traefik.io/forum/#!forum/security/,/localhost:/,/127.0.0.1:/,/fonts.gstatic.com/,/.minikube/,/github.com\/traefik\/traefik\/*edit*/,/github.com\/traefik\/traefik/,/doc.traefik.io/,/github\.com\/golang\/oauth2\/blob\/36a7019397c4c86cf59eeab3bc0d188bac444277\/.+/,/www.akamai.com/,/pilot.traefik.io\/profile/,/traefik.io/,/doc.traefik.io\/traefik-mesh/,/www.mkdocs.org/,/squidfunk.github.io/,/ietf.org/,/www.namesilo.com/,/www.youtube.com/,/www.linode.com/,/www.alibabacloud.com/,/www.cloudxns.net/,/www.vultr.com/,/vscale.io/,/hetzner.com/,/docs.github.com/,/njal.la/" \ '{}' 1>/dev/null ## HTML-proofer options at https://github.com/gjtorikian/html-proofer#configuration diff --git a/go.mod b/go.mod index ba442f80b..ffae61f86 100644 --- a/go.mod +++ b/go.mod @@ -95,7 +95,7 @@ replace ( github.com/go-check/check => github.com/containous/check v0.0.0-20170915194414-ca0bf163426a github.com/gorilla/mux => github.com/containous/mux v0.0.0-20220113180107-8ffa4f6d063c github.com/mailgun/minheap => github.com/containous/minheap v0.0.0-20190809180810-6e71eb837595 - github.com/mailgun/multibuf => github.com/containous/multibuf v0.0.0-20190809014333-8b6c9a7e6bba + github.com/mailgun/multibuf => github.com/containous/multibuf v0.0.0-20220419123348-2d0b12e116c6 ) // https://github.com/docker/compose/blob/e44222664abd07ce1d1fe6796d84d93cbc7468c3/go.mod#L131 diff --git a/go.sum b/go.sum index 90d60d4a6..9745085b3 100644 --- a/go.sum +++ b/go.sum @@ -426,8 +426,8 @@ github.com/containous/go-http-auth v0.4.1-0.20200324110947-a37a7636d23e h1:D+uTE github.com/containous/go-http-auth v0.4.1-0.20200324110947-a37a7636d23e/go.mod h1:s8kLgBQolDbsJOPVIGCEEv9zGAKUUf/685Gi0Qqg8z8= github.com/containous/minheap v0.0.0-20190809180810-6e71eb837595 h1:aPspFRO6b94To3gl4yTDOEtpjFwXI7V2W+z0JcNljQ4= github.com/containous/minheap v0.0.0-20190809180810-6e71eb837595/go.mod h1:+lHFbEasIiQVGzhVDVw/cn0ZaOzde2OwNncp1NhXV4c= -github.com/containous/multibuf v0.0.0-20190809014333-8b6c9a7e6bba h1:PhR03pep+5eO/9BSvCY9RyG8rjogB3uYS4X/WBYNTT8= -github.com/containous/multibuf v0.0.0-20190809014333-8b6c9a7e6bba/go.mod h1:zkWcASFUJEst6QwCrxLdkuw1gvaKqmflEipm+iecV5M= +github.com/containous/multibuf v0.0.0-20220419123348-2d0b12e116c6 h1:KzERnBo5Jn4RRKjo8hdDPS4llWjHlJtM6kfm4mRkIew= +github.com/containous/multibuf v0.0.0-20220419123348-2d0b12e116c6/go.mod h1:zkWcASFUJEst6QwCrxLdkuw1gvaKqmflEipm+iecV5M= github.com/containous/mux v0.0.0-20220113180107-8ffa4f6d063c h1:g6JvgTtfpS6AfhRjY87NZ0g39CrNDbdm8R+1CD85Cfo= github.com/containous/mux v0.0.0-20220113180107-8ffa4f6d063c/go.mod h1:z8WW7n06n8/1xF9Jl9WmuDeZuHAhfL+bwarNjsciwwg= github.com/coredns/coredns v1.1.2/go.mod h1:zASH/MVDgR6XZTbxvOnsZfffS+31vg6Ackf/wo1+AM0= diff --git a/pkg/middlewares/buffering/buffering_test.go b/pkg/middlewares/buffering/buffering_test.go new file mode 100644 index 000000000..22477785a --- /dev/null +++ b/pkg/middlewares/buffering/buffering_test.go @@ -0,0 +1,72 @@ +package buffering + +import ( + "bytes" + "context" + "math" + "math/rand" + "net/http" + "net/http/httptest" + "testing" + + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/require" + "github.com/traefik/traefik/v2/pkg/config/dynamic" +) + +func TestBuffering(t *testing.T) { + payload := make([]byte, math.MaxInt8) + rand.Read(payload) + + testCases := []struct { + desc string + config dynamic.Buffering + body []byte + expectedCode int + }{ + { + desc: "Unlimited response and request body size", + body: payload, + expectedCode: http.StatusOK, + }, + { + desc: "Limited request body size", + config: dynamic.Buffering{ + MaxRequestBodyBytes: 1, + }, + body: payload, + expectedCode: http.StatusRequestEntityTooLarge, + }, + { + desc: "Limited response body size", + config: dynamic.Buffering{ + MaxResponseBodyBytes: 1, + }, + body: payload, + expectedCode: http.StatusInternalServerError, + }, + } + + for _, test := range testCases { + test := test + t.Run(test.desc, func(t *testing.T) { + t.Parallel() + + next := http.HandlerFunc(func(rw http.ResponseWriter, req *http.Request) { + rw.WriteHeader(http.StatusOK) + _, err := rw.Write(test.body) + require.NoError(t, err) + }) + + buffMiddleware, err := New(context.Background(), next, test.config, "foo") + require.NoError(t, err) + + req := httptest.NewRequest(http.MethodPost, "http://localhost", bytes.NewBuffer(test.body)) + + recorder := httptest.NewRecorder() + buffMiddleware.ServeHTTP(recorder, req) + + assert.Equal(t, test.expectedCode, recorder.Code) + }) + } +} From 77b2a888196db9636d05339950847b3d39f4751d Mon Sep 17 00:00:00 2001 From: Kevin Pollet Date: Wed, 20 Apr 2022 14:20:08 +0200 Subject: [PATCH 22/25] Fix Traefik community links in GitHub templates --- .github/ISSUE_TEMPLATE.md | 2 +- .github/ISSUE_TEMPLATE/bug_report.yml | 4 ++-- .github/ISSUE_TEMPLATE/feature-request.yml | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/.github/ISSUE_TEMPLATE.md b/.github/ISSUE_TEMPLATE.md index 51e54094c..8d124b341 100644 --- a/.github/ISSUE_TEMPLATE.md +++ b/.github/ISSUE_TEMPLATE.md @@ -8,7 +8,7 @@ DO NOT FILE ISSUES FOR GENERAL SUPPORT QUESTIONS. The issue tracker is for reporting bugs and feature requests only. For end-user related support questions, please refer to one of the following: -- the Traefik community forum: https://community.containo.us/ +- the Traefik community forum: https://community.traefik.io/ --> diff --git a/.github/ISSUE_TEMPLATE/bug_report.yml b/.github/ISSUE_TEMPLATE/bug_report.yml index b81ede4f9..82f6dd462 100644 --- a/.github/ISSUE_TEMPLATE/bug_report.yml +++ b/.github/ISSUE_TEMPLATE/bug_report.yml @@ -7,7 +7,7 @@ body: label: Welcome! description: | The issue tracker is for reporting bugs and feature requests only. For end-user related support questions, please refer to one of the following: - - the Traefik community forum: https://community.containo.us/ + - the Traefik community forum: https://community.traefik.io/ The configurations between 1.X and 2.X are NOT compatible. Please have a look [here](https://doc.traefik.io/traefik/getting-started/configuration-overview/). @@ -15,7 +15,7 @@ body: options: - label: Yes, I've searched similar issues on [GitHub](https://github.com/traefik/traefik/issues) and didn't find any. required: true - - label: Yes, I've searched similar issues on the [Traefik community forum](https://community.containo.us) and didn't find any. + - label: Yes, I've searched similar issues on the [Traefik community forum](https://community.traefik.io) and didn't find any. required: true - type: textarea diff --git a/.github/ISSUE_TEMPLATE/feature-request.yml b/.github/ISSUE_TEMPLATE/feature-request.yml index bcea354ce..5a092594d 100644 --- a/.github/ISSUE_TEMPLATE/feature-request.yml +++ b/.github/ISSUE_TEMPLATE/feature-request.yml @@ -7,13 +7,13 @@ body: label: Welcome! description: | The issue tracker is for reporting bugs and feature requests only. For end-user related support questions, please refer to one of the following: - - the Traefik community forum: https://community.containo.us/ + - the Traefik community forum: https://community.traefik.io/ DO NOT FILE ISSUES FOR GENERAL SUPPORT QUESTIONS. options: - label: Yes, I've searched similar issues on [GitHub](https://github.com/traefik/traefik/issues) and didn't find any. required: true - - label: Yes, I've searched similar issues on the [Traefik community forum](https://community.containo.us) and didn't find any. + - label: Yes, I've searched similar issues on the [Traefik community forum](https://community.traefik.io) and didn't find any. required: true - type: textarea From a9fe3f98c5514bbc0eeca962231b0df5ea9f3897 Mon Sep 17 00:00:00 2001 From: Kevin Pollet Date: Wed, 20 Apr 2022 14:56:09 +0200 Subject: [PATCH 23/25] Update Yaegi to v0.11.3 --- go.mod | 2 +- go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/go.mod b/go.mod index ffae61f86..28be21c73 100644 --- a/go.mod +++ b/go.mod @@ -61,7 +61,7 @@ require ( github.com/stvp/go-udp-testing v0.0.0-20191102171040-06b61409b154 github.com/tinylib/msgp v1.0.2 // indirect github.com/traefik/paerser v0.1.5 - github.com/traefik/yaegi v0.11.2 + github.com/traefik/yaegi v0.11.3 github.com/uber/jaeger-client-go v2.29.1+incompatible github.com/uber/jaeger-lib v2.2.0+incompatible github.com/unrolled/render v1.0.2 diff --git a/go.sum b/go.sum index 9745085b3..4df6307e1 100644 --- a/go.sum +++ b/go.sum @@ -1652,8 +1652,8 @@ github.com/tonistiigi/vt100 v0.0.0-20190402012908-ad4c4a574305 h1:y/1cL5AL2oRcfz github.com/tonistiigi/vt100 v0.0.0-20190402012908-ad4c4a574305/go.mod h1:gXOLibKqQTRAVuVZ9gX7G9Ykky8ll8yb4slxsEMoY0c= github.com/traefik/paerser v0.1.5 h1:crit7KzQ9PUWGCYu+H2acwyr7ZKb3RQDSn6iJCtxBhE= github.com/traefik/paerser v0.1.5/go.mod h1:Fuwl9DWJfGpZPPwZY6djYIF0vhvzhLmCizn6P66UeLY= -github.com/traefik/yaegi v0.11.2 h1:zosveTf5iIa60fAeQpaH4719b+bnlgsOvO7Nb/OTMTo= -github.com/traefik/yaegi v0.11.2/go.mod h1:RuCwD8/wsX7b6KoQHOaIFUfuH3gQIK4KWnFFmJMw5VA= +github.com/traefik/yaegi v0.11.3 h1:TuuIc0TC4oaWkVngjVAKkFd4fH35B0B95DmbS76uqs8= +github.com/traefik/yaegi v0.11.3/go.mod h1:RuCwD8/wsX7b6KoQHOaIFUfuH3gQIK4KWnFFmJMw5VA= github.com/transip/gotransip/v6 v6.6.1 h1:nsCU1ErZS5G0FeOpgGXc4FsWvBff9GPswSMggsC4564= github.com/transip/gotransip/v6 v6.6.1/go.mod h1:pQZ36hWWRahCUXkFWlx9Hs711gLd8J4qdgLdRzmtY+g= github.com/tv42/httpunix v0.0.0-20150427012821-b75d8614f926 h1:G3dpKMzFDjgEh2q1Z7zUUtKa8ViPtH+ocF0bE0g00O8= From 0ecd85cc6698a12c7ff3af27fd02328a2b4a9aa3 Mon Sep 17 00:00:00 2001 From: mpl Date: Wed, 20 Apr 2022 16:42:09 +0200 Subject: [PATCH 24/25] Fix bug for when custom page is large enough Co-authored-by: Kevin Pollet --- pkg/middlewares/customerrors/custom_errors.go | 165 +++++++----------- .../customerrors/custom_errors_test.go | 6 +- 2 files changed, 65 insertions(+), 106 deletions(-) diff --git a/pkg/middlewares/customerrors/custom_errors.go b/pkg/middlewares/customerrors/custom_errors.go index a2c53935f..3cc0f494d 100644 --- a/pkg/middlewares/customerrors/custom_errors.go +++ b/pkg/middlewares/customerrors/custom_errors.go @@ -2,7 +2,6 @@ package customerrors import ( "bufio" - "bytes" "context" "fmt" "net" @@ -12,7 +11,6 @@ import ( "strings" "github.com/opentracing/opentracing-go/ext" - "github.com/sirupsen/logrus" "github.com/traefik/traefik/v2/pkg/config/dynamic" "github.com/traefik/traefik/v2/pkg/log" "github.com/traefik/traefik/v2/pkg/middlewares" @@ -23,7 +21,8 @@ import ( // Compile time validation that the response recorder implements http interfaces correctly. var ( - _ middlewares.Stateful = &responseRecorderWithCloseNotify{} + // TODO: maybe remove at least for codeModifierWithCloseNotify. + _ middlewares.Stateful = &codeModifierWithCloseNotify{} _ middlewares.Stateful = &codeCatcherWithCloseNotify{} ) @@ -88,44 +87,25 @@ func (c *customErrors) ServeHTTP(rw http.ResponseWriter, req *http.Request) { // check the recorder code against the configured http status code ranges code := catcher.getCode() - for _, block := range c.httpCodeRanges { - if code < block[0] || code > block[1] { - continue - } + logger.Debugf("Caught HTTP Status Code %d, returning error page", code) - logger.Debugf("Caught HTTP Status Code %d, returning error page", code) - - var query string - if len(c.backendQuery) > 0 { - query = "/" + strings.TrimPrefix(c.backendQuery, "/") - query = strings.ReplaceAll(query, "{status}", strconv.Itoa(code)) - } - - pageReq, err := newRequest("http://" + req.Host + query) - if err != nil { - logger.Error(err) - rw.WriteHeader(code) - _, err = fmt.Fprint(rw, http.StatusText(code)) - if err != nil { - http.Error(rw, err.Error(), http.StatusInternalServerError) - } - return - } - - recorderErrorPage := newResponseRecorder(ctx, rw) - utils.CopyHeaders(pageReq.Header, req.Header) - - c.backendHandler.ServeHTTP(recorderErrorPage, pageReq.WithContext(req.Context())) - - utils.CopyHeaders(rw.Header(), recorderErrorPage.Header()) - rw.WriteHeader(code) - - if _, err = rw.Write(recorderErrorPage.GetBody().Bytes()); err != nil { - logger.Error(err) - } + var query string + if len(c.backendQuery) > 0 { + query = "/" + strings.TrimPrefix(c.backendQuery, "/") + query = strings.ReplaceAll(query, "{status}", strconv.Itoa(code)) + } + pageReq, err := newRequest("http://" + req.Host + query) + if err != nil { + logger.Error(err) + http.Error(rw, http.StatusText(code), code) return } + + utils.CopyHeaders(pageReq.Header, req.Header) + + c.backendHandler.ServeHTTP(newCodeModifier(rw, code), + pageReq.WithContext(req.Context())) } func newRequest(baseURL string) (*http.Request, error) { @@ -269,106 +249,85 @@ func (cc *codeCatcher) Flush() { } } -type responseRecorder interface { +// codeModifier forwards a response back to the client, +// while enforcing a given response code. +type codeModifier interface { http.ResponseWriter - http.Flusher - GetCode() int - GetBody() *bytes.Buffer - IsStreamingResponseStarted() bool } -// newResponseRecorder returns an initialized responseRecorder. -func newResponseRecorder(ctx context.Context, rw http.ResponseWriter) responseRecorder { - recorder := &responseRecorderWithoutCloseNotify{ - HeaderMap: make(http.Header), - Body: new(bytes.Buffer), - Code: http.StatusOK, +// newCodeModifier returns a codeModifier that enforces the given code. +func newCodeModifier(rw http.ResponseWriter, code int) codeModifier { + codeMod := &codeModifierWithoutCloseNotify{ + headerMap: make(http.Header), + code: code, responseWriter: rw, - logger: log.FromContext(ctx), } if _, ok := rw.(http.CloseNotifier); ok { - return &responseRecorderWithCloseNotify{recorder} + return &codeModifierWithCloseNotify{codeMod} } - return recorder + return codeMod } -// responseRecorderWithoutCloseNotify is an implementation of http.ResponseWriter that -// records its mutations for later inspection. -type responseRecorderWithoutCloseNotify struct { - Code int // the HTTP response code from WriteHeader - HeaderMap http.Header // the HTTP response headers - Body *bytes.Buffer // if non-nil, the bytes.Buffer to append written data to +type codeModifierWithoutCloseNotify struct { + code int // the code enforced in the response. - responseWriter http.ResponseWriter - err error - streamingResponseStarted bool - logger logrus.FieldLogger + // headerSent is whether the headers have already been sent, + // either through Write or WriteHeader. + headerSent bool + headerMap http.Header // the HTTP response headers from the backend. + + responseWriter http.ResponseWriter } -type responseRecorderWithCloseNotify struct { - *responseRecorderWithoutCloseNotify +type codeModifierWithCloseNotify struct { + *codeModifierWithoutCloseNotify } // CloseNotify returns a channel that receives at most a // single value (true) when the client connection has gone away. -func (r *responseRecorderWithCloseNotify) CloseNotify() <-chan bool { +func (r *codeModifierWithCloseNotify) CloseNotify() <-chan bool { return r.responseWriter.(http.CloseNotifier).CloseNotify() } // Header returns the response headers. -func (r *responseRecorderWithoutCloseNotify) Header() http.Header { - if r.HeaderMap == nil { - r.HeaderMap = make(http.Header) +func (r *codeModifierWithoutCloseNotify) Header() http.Header { + if r.headerMap == nil { + r.headerMap = make(http.Header) } - return r.HeaderMap + return r.headerMap } -func (r *responseRecorderWithoutCloseNotify) GetCode() int { - return r.Code +// Write calls WriteHeader to send the enforced code, +// then writes the data directly to r.responseWriter. +func (r *codeModifierWithoutCloseNotify) Write(buf []byte) (int, error) { + r.WriteHeader(r.code) + return r.responseWriter.Write(buf) } -func (r *responseRecorderWithoutCloseNotify) GetBody() *bytes.Buffer { - return r.Body -} - -func (r *responseRecorderWithoutCloseNotify) IsStreamingResponseStarted() bool { - return r.streamingResponseStarted -} - -// Write always succeeds and writes to rw.Body, if not nil. -func (r *responseRecorderWithoutCloseNotify) Write(buf []byte) (int, error) { - if r.err != nil { - return 0, r.err +// WriteHeader sends the headers, with the enforced code (the code in argument +// is always ignored), if it hasn't already been done. +func (r *codeModifierWithoutCloseNotify) WriteHeader(_ int) { + if r.headerSent { + return } - return r.Body.Write(buf) -} -// WriteHeader sets rw.Code. -func (r *responseRecorderWithoutCloseNotify) WriteHeader(code int) { - r.Code = code + utils.CopyHeaders(r.responseWriter.Header(), r.Header()) + r.responseWriter.WriteHeader(r.code) + r.headerSent = true } // Hijack hijacks the connection. -func (r *responseRecorderWithoutCloseNotify) Hijack() (net.Conn, *bufio.ReadWriter, error) { - return r.responseWriter.(http.Hijacker).Hijack() +func (r *codeModifierWithoutCloseNotify) Hijack() (net.Conn, *bufio.ReadWriter, error) { + hijacker, ok := r.responseWriter.(http.Hijacker) + if !ok { + return nil, nil, fmt.Errorf("%T is not a http.Hijacker", r.responseWriter) + } + return hijacker.Hijack() } // Flush sends any buffered data to the client. -func (r *responseRecorderWithoutCloseNotify) Flush() { - if !r.streamingResponseStarted { - utils.CopyHeaders(r.responseWriter.Header(), r.Header()) - r.responseWriter.WriteHeader(r.Code) - r.streamingResponseStarted = true - } - - _, err := r.responseWriter.Write(r.Body.Bytes()) - if err != nil { - r.logger.Errorf("Error writing response in responseRecorder: %v", err) - r.err = err - } - r.Body.Reset() - +func (r *codeModifierWithoutCloseNotify) Flush() { if flusher, ok := r.responseWriter.(http.Flusher); ok { flusher.Flush() } diff --git a/pkg/middlewares/customerrors/custom_errors_test.go b/pkg/middlewares/customerrors/custom_errors_test.go index 1e263d686..7b0a060ec 100644 --- a/pkg/middlewares/customerrors/custom_errors_test.go +++ b/pkg/middlewares/customerrors/custom_errors_test.go @@ -180,12 +180,12 @@ func TestNewResponseRecorder(t *testing.T) { { desc: "Without Close Notify", rw: httptest.NewRecorder(), - expected: &responseRecorderWithoutCloseNotify{}, + expected: &codeModifierWithoutCloseNotify{}, }, { desc: "With Close Notify", rw: &mockRWCloseNotify{}, - expected: &responseRecorderWithCloseNotify{}, + expected: &codeModifierWithCloseNotify{}, }, } @@ -194,7 +194,7 @@ func TestNewResponseRecorder(t *testing.T) { t.Run(test.desc, func(t *testing.T) { t.Parallel() - rec := newResponseRecorder(context.Background(), test.rw) + rec := newCodeModifier(test.rw, 0) assert.IsType(t, rec, test.expected) }) } From 55addfefc85cab2314053cdb9040f57b0b142142 Mon Sep 17 00:00:00 2001 From: mpl Date: Thu, 21 Apr 2022 10:42:08 +0200 Subject: [PATCH 25/25] Re-add missing writeheader call in flush Co-authored-by: Kevin Pollet --- pkg/middlewares/customerrors/custom_errors.go | 28 ++++++------------- 1 file changed, 9 insertions(+), 19 deletions(-) diff --git a/pkg/middlewares/customerrors/custom_errors.go b/pkg/middlewares/customerrors/custom_errors.go index 3cc0f494d..8a4431e8d 100644 --- a/pkg/middlewares/customerrors/custom_errors.go +++ b/pkg/middlewares/customerrors/custom_errors.go @@ -138,7 +138,6 @@ type codeCatcher struct { headerMap http.Header code int httpCodeRanges types.HTTPCodeRanges - firstWrite bool caughtFilteredCode bool responseWriter http.ResponseWriter headersSent bool @@ -160,7 +159,6 @@ func newCodeCatcher(rw http.ResponseWriter, httpCodeRanges types.HTTPCodeRanges) code: http.StatusOK, // If backend does not call WriteHeader on us, we consider it's a 200. responseWriter: rw, httpCodeRanges: httpCodeRanges, - firstWrite: true, } if _, ok := rw.(http.CloseNotifier); ok { return &codeCatcherWithCloseNotify{catcher} @@ -187,22 +185,14 @@ func (cc *codeCatcher) isFilteredCode() bool { } func (cc *codeCatcher) Write(buf []byte) (int, error) { - if !cc.firstWrite { - if cc.caughtFilteredCode { - // We don't care about the contents of the response, - // since we want to serve the ones from the error page, - // so we just drop them. - return len(buf), nil - } - return cc.responseWriter.Write(buf) - } - cc.firstWrite = false - // If WriteHeader was already called from the caller, this is a NOOP. // Otherwise, cc.code is actually a 200 here. cc.WriteHeader(cc.code) if cc.caughtFilteredCode { + // We don't care about the contents of the response, + // since we want to serve the ones from the error page, + // so we just drop them. return len(buf), nil } return cc.responseWriter.Write(buf) @@ -217,14 +207,12 @@ func (cc *codeCatcher) WriteHeader(code int) { for _, block := range cc.httpCodeRanges { if cc.code >= block[0] && cc.code <= block[1] { cc.caughtFilteredCode = true - break + // it will be up to the caller to send the headers, + // so it is out of our hands now. + return } } - // it will be up to the other response recorder to send the headers, - // so it is out of our hands now. - if cc.caughtFilteredCode { - return - } + utils.CopyHeaders(cc.responseWriter.Header(), cc.Header()) cc.responseWriter.WriteHeader(cc.code) cc.headersSent = true @@ -328,6 +316,8 @@ func (r *codeModifierWithoutCloseNotify) Hijack() (net.Conn, *bufio.ReadWriter, // Flush sends any buffered data to the client. func (r *codeModifierWithoutCloseNotify) Flush() { + r.WriteHeader(r.code) + if flusher, ok := r.responseWriter.(http.Flusher); ok { flusher.Flush() }